Re: [Samba] using samba 4 as plugin replacement for samba 3
Hi Daniel, so... is there a list what options to change? I've already seen the Wiki page with the minimal working configuration, but is there more information available? thanks, christian > -Ursprüngliche Nachricht- > Von: samba-boun...@lists.samba.org > [mailto:samba-boun...@lists.samba.org] Im Auftrag von Daniel Müller > Gesendet: Montag, 14. Oktober 2013 08:23 > An: 'Klaus Hartnegg'; samba@lists.samba.org > Betreff: Re: [Samba] using samba 4 as plugin replacement for samba 3 > > THIS WILL NOT WORK: can I simply give samba 4 a copy of the > old smb.conf > file? > > --- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: muel...@tropenklinik.de > Internet: www.tropenklinik.de > --- > > -Ursprüngliche Nachricht- > Von: samba-boun...@lists.samba.org > [mailto:samba-boun...@lists.samba.org] Im > Auftrag von Klaus Hartnegg > Gesendet: Freitag, 11. Oktober 2013 17:01 > An: samba@lists.samba.org > Betreff: [Samba] using samba 4 as plugin replacement for samba 3 > > Hi, > > when I don't want to switch to Active Directory, but don't > want to be stuck > on version 3.6 either, can I simply give samba 4 a copy of > the old smb.conf > file? > > Will it be able to store all windows acl's in extended > attributes, or is > this improvement only available in combination with letting > it run as active > directory domain controller? > > thanks, > Klaus > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] adding samba4 member to samba4 domain
I'm having some problems I don't quite understand adding a samba4 member to a samba4 domain. The member joins without problems, but no one can login. I'm guessing it might be an idmap problem (well, see below for more details) - the login server is several times updated, and started using alpha16 I think, but does not have any idmap backend configuration at all... Could I add that, or would I be better off to vampire (or what the current term is) the domain to a new server? It seems the problem is somewhere around this (I tried to narrow it down...) wbinfo -u lists all users, but wbinfo -i cht returns failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND log.winbindd contains a lot of lines like this: > [2013/08/25 14:29:58.711728, 3] > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send) > getpwnam cht > [2013/08/25 14:29:58.711953, 5] > ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv) > Could not convert sid S-1-5-21-466883475-2610210983-3635716683-1109: > NT_STATUS_NONE_MAPPED Below is the log from smbd when trying to login > [2013/08/25 14:24:49.477867, 5] > ../auth/gensec/gensec_start.c:647(gensec_start_mech) > Starting GENSEC submechanism gse_krb5 > [2013/08/25 14:24:49.708516, 4] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2013/08/25 14:24:49.709158, 3] > ../auth/kerberos/kerberos_pac.c:386(kerberos_decode_pac) > Found account name from PAC: cht [Christian Huldt] > [2013/08/25 14:24:49.709254, 3] > ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info) > Kerberos ticket principal name is [cht@ARKITEKT.MSG83] > [2013/08/25 14:24:49.709332, 5] > ../source3/lib/username.c:181(Get_Pwnam_alloc) > Finding user ARKITEKT\cht > [2013/08/25 14:24:49.709380, 5] > ../source3/lib/username.c:120(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is arkitekt\cht > [2013/08/25 14:24:49.711047, 5] > ../source3/lib/username.c:128(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as given is ARKITEKT\cht > [2013/08/25 14:24:49.711741, 5] > ../source3/lib/username.c:141(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is ARKITEKT\CHT > [2013/08/25 14:24:49.712416, 5] > ../source3/lib/username.c:153(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in arkitekt\cht > [2013/08/25 14:24:49.712480, 5] > ../source3/lib/username.c:159(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [ARKITEKT\cht]! > [2013/08/25 14:24:49.712528, 5] > ../source3/lib/username.c:181(Get_Pwnam_alloc) > Finding user cht > [2013/08/25 14:24:49.712571, 5] > ../source3/lib/username.c:120(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is cht > [2013/08/25 14:24:49.713126, 5] > ../source3/lib/username.c:141(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is CHT > [2013/08/25 14:24:49.713820, 5] > ../source3/lib/username.c:153(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in cht > [2013/08/25 14:24:49.713909, 5] > ../source3/lib/username.c:159(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [cht]! > [2013/08/25 14:24:49.714155, 1] > ../source3/auth/user_krb5.c:164(get_user_from_kerberos_info) > Username ARKITEKT\cht is invalid on this system > [2013/08/25 14:24:49.714246, 1] > ../source3/auth/auth_generic.c:97(auth3_generate_session_info_pac) > Failed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Sernet Samba-4 Howto for Centos 6.4
Hi, that's pretty easy: simply add the sernet.repo (https://download.sernet.de/pub/samba/3.6/centos/6/sernet-samba.repo) to your /etc/yum.repos.d/ and run a "yum install samba3". The packages from SerNet are built that (clever) way to replace the original CentOS packages without problems. As far as I remember, the only thing to be done afterwards is enabling the services. br, christian > -Ursprüngliche Nachricht- > Von: samba-boun...@lists.samba.org > [mailto:samba-boun...@lists.samba.org] Im Auftrag von > schmero...@gmail.com > Gesendet: Dienstag, 02. Juli 2013 13:23 > An: samba@lists.samba.org > Betreff: [Samba] Sernet Samba-4 Howto for Centos 6.4 > > I have registered at https://portal.enterprisesamba.com, but > am unclear > regarding which packages to install for a fully functioning samba4 > installation, or if there are prerequisites such as krb5. I > am starting > with a minimal install of Centos 6.4. > > I can make some reasonably educated guesses, but don't want to miss > something important. > > Anyone know if there is a step by step howto for installing samba4 on > Centos using the Sernet repository? > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] One of our users cannot connect to Samba-shares
Hi all, we here have a user that got a new Windows 7 client (before he had Windows XP) and now is no longer able to connect to our Samba shares. Testing his client with another account has proven that the client is not the problem, other user can connect. Also testing the user on another (Windows 7) client gave the result that the user is not allowed to access. Running Samba with different log levels (up to 99 :)) first show only a simple "[2013/04/22 13:10:18.503496, 1, pid=13437, effective(0, 0), real(0, 0)] smbd/sesssetup.c:332(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!" Increasing the debug level then gave: [2013/04/22 14:18:28.769410, 10, pid=23552, effective(0, 0), real(0, 0)] smbd/sesssetup.c:1150(check_spnego_blob_complete) check_spnego_blob_complete: needed_len = 21149, pblob->length = 16460 [2013/04/22 14:18:28.769454, 3, pid=23552, effective(0, 0), real(0, 0)] smbd/error.c:80(error_packet_set) error packet at smbd/sesssetup.c(1317) cmd=115 (SMBsesssetupX) NT_STATUS_MORE_PROCESSING_REQUIRED . [2013/04/22 14:18:28.800264, 10, pid=23552, effective(0, 0), real(0, 0)] smbd/sesssetup.c:1053(check_spnego_blob_complete) check_spnego_blob_complete: pad->partial_data.length = 16460, pad->needed_len = 4689, copy_len = 16460, pblob->length = 16460, . [2013/04/22 14:18:28.800603, 3, pid=23552, effective(0, 0), real(0, 0)] smbd/sesssetup.c:806(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 21071 [2013/04/22 14:18:28.801778, 3, pid=23552, effective(0, 0), real(0, 0)] libads/kerberos_verify.c:391(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error ASN.1 structure is missing a required field [2013/04/22 14:18:28.801969, 3, pid=23552, effective(0, 0), real(0, 0)] libads/kerberos_verify.c:391(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [1] failed to decrypt with error ASN.1 structure is missing a required field [2013/04/22 14:18:28.802129, 3, pid=23552, effective(0, 0), real(0, 0)] libads/kerberos_verify.c:391(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [3] failed to decrypt with error ASN.1 structure is missing a required field [2013/04/22 14:18:28.802179, 3, pid=23552, effective(0, 0), real(0, 0)] libads/kerberos_verify.c:589(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (ASN.1 structure is missing a required field) [2013/04/22 14:18:28.802221, 10, pid=23552, effective(0, 0), real(0, 0)] libads/kerberos_verify.c:598(ads_verify_ticket) ads_verify_ticket: returning error NT_STATUS_LOGON_FAILURE [2013/04/22 14:18:28.802284, 1, pid=23552, effective(0, 0), real(0, 0)] smbd/sesssetup.c:332(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! So where is the problem with this special user? Why is it's "spnego-information" that large (21149 bytes!!) ? Any idea what we can do further? (our problem is that we have very restricted access to the active directory...) Thanks a lot, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 migration from dead SBS 2003
Hello, I have successfully joined a SBS 2003 (SRVACMPDC01) domain with two additional Samba 4 DCs (SAMBA4PDC and SAMBA4DEDI, currently both 4.0.4-GIT-9899851). Everything worked fine: DNS / AD replication etc. The windows server was still responsible for DNS / DHCP / all FSMO roles. Now the original SBS 2003 crashed and refuses to start again (long story). In order to get a temporary workaround going I did... - point all clients to the SAMBA DNS servers only - get a DCHP Server running on one SAMBA4PDC and forced all clients to reboot - seize all FSMO roles to SAMBA4PDC (naming role failed. See Bug 9461) - Add allow dns updates to dns conf. - Edit server services in smb.conf to: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns (which originally has been empty after joining) But I currently strugle with some issues: 1. Overall network seems completely broken. Countless connection interrupts / timeouts. Strange IP conflicts on clients. 2 . We use the internal DNS server on both Samba machines, but it does not do any dynamic updates (nslookup for client computers still points to the IPs which had been assigned by the no longer running SBS). 3. AD replication stopped completely (see samba-tool drs showrepl output below) 4. DNS lookups for LDAP / Kerberos still deliver the old SBS entry and in addition the other Samba machine: samba4pdc:~$ host -t SRV _ldap._tcp.office.local _ldap._tcp.office.local has SRV record 0 100 389 srvacmpdc01.office.local. _ldap._tcp.office.local has SRV record 0 100 389 samba4dedi.office.local. 5. User login on Windows desktops can take up to 10 minutes Any help is highly appreciated, as this is not a lab testing environment. Nevertheless, many thanks to the Samba developers - without Samba we would not have the possibility to still allow user to log into their accounts and offer them basic filesharing. Best Regards Chris = samba-tool drs showrepl output: Standardname-des-ersten-Standorts\SAMBA4PDC DSA Options: 0x0001 DSA object GUID: 3cc2f4b8-9f6d-4d80-863c-208053444982 DSA invocationId: 3dafab35-13c4-496a-8543-5b2ed86caa23 INBOUND NEIGHBORS DC=ForestDnsZones,DC=office,DC=local Standardname-des-ersten-Standorts\SRVACMPDC01 via RPC DSA object GUID: 805e09e9-375f-498a-a842-d7d20f174f8b Last attempt @ Sun Mar 10 15:38:24 2013 CET failed, result 1232 (WERR_HOST_UNREACHABLE) 4283 consecutive failure(s). Last success @ Sat Feb 23 12:19:57 2013 CET DC=DomainDnsZones,DC=office,DC=local Standardname-des-ersten-Standorts\SRVACMPDC01 via RPC DSA object GUID: 805e09e9-375f-498a-a842-d7d20f174f8b Last attempt @ Sun Mar 10 15:38:27 2013 CET failed, result 1232 (WERR_HOST_UNREACHABLE) 4283 consecutive failure(s). Last success @ Sat Feb 23 12:19:57 2013 CET OUTBOUND NEIGHBORS KCC CONNECTION OBJECTS Connection -- Connection name: 7653ea37-51ff-41e3-88a2-e5263b205169 Enabled: TRUE Server DNS name : SAMBA4DEDI.office.local Server DN name : CN=NTDS Settings,CN=SAMBA4DEDI,CN=Servers,CN=Standardname- des-ersten-Standorts,CN=Sites,CN=Configuration,DC=office,DC=local TransportType: RPC options: 0x0001 Warning: No NC replicated for Connection! Connection -- Connection name: 170a1e3b-c722-49cd-a0cd-70c73dcc9fdd Enabled: TRUE Server DNS name : SRVACMPDC01.office.local Server DN name : CN=NTDS Settings,CN=SRVACMPDC01,CN=Servers,CN=Standardname- des-ersten-Standorts,CN=Sites,CN=Configuration,DC=office,DC=local TransportType: RPC options: 0x0001 Warning: No NC replicated for Connection! = samba_dnsupdate --verbose --all-names IPs: ['192.168.180.5'] Calling nsupdate for A office.local 192.168.180.5 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: office.local. 900 IN A 192.168.180.5 ; Communication with 192.168.180.8#53 failed: operation canceled could not find enclosing zone Failed nsupdate: 1 Calling nsupdate for A samba4pdc.office.local 192.168.180.5 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: samba4pdc.office.local. 900 IN A 192.168.180.5 ... = testparm -v Load smb config files from /usr/local/samba/etc/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[netlogon]" Processing section "[sysvol]" Processing section "[printers]"
Re: [Samba] rsync'ing samba shares
Hi Greg, the answer to your question can be quite complex, depending on your needs and your setup. If we are sticking with file-syncing than you can use robocopy as well as rsync. It depends on the amount of data hat needs to be synced, how often you want to sync, how can the DCs reach each other, ... If you link your DCs together via a separate sync-only network, I would prefer rsync. That way you do not interfere with the regular network. Anyway, syncing by rsync/ robocopy has the drawback that it is always lagging behind. If both machines are in the same network consider using a distributed filesystem/ block device that syncs the data between the nodes on the fly. Cheers, Christian Gregory Sloop schrieb: >I know this has come up a bit in the past, but consider this >situation: > >Two Samba4 DC's - and I want to "mirror" the data shares to the >"backup" DC in case we lose the primary DC and it's file shares. > >[A cheap, dirty, poor-mans semi-CTDB. How did you ever guess that Red >Green was helping me?!] > >The easiest way is probably rsync'ing the data. > >However, will that include all the ACL's and extra data associated >with the files. I understand that to a disk on part of the DC, it >might not. But on the second DC, all the relevant users, AD group etc >do all exist. > >So, is using rsync in such a situation reasonable/workable, or should >we use some windows based utility - say robocopy to handle this? > >TIA >-Greg > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba Dipl.-Ing. Christian Rost [T.I.S.P.] roCon - Informationstechnologie Ulmenstraße 45 44534 Lünen fon: +49 (0) 2306 910 658 fax: +49 (0) 2306 910 664 url: http://www.rocon-it.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 389 Directory Server (LDAP) and SAMBA
Hi Dorian, samba and ldap don't need to be on the same machine, but most setups use it this way. In smb.conf you have to specify your passdb backend like passdb backend = ldapsam:ldap:/// or better passdb backend = ldapsam:ldaps:/// to transmit the queries over TLS/ SSL. In addition to samba, you need to setup your OS itself, to authenticate against LDAP (see nsswitch, pam). With samba 3.x you need to add additional objectlasses and attributes to your ldap based user/ group profiles. See [http://www.samba.org/samba/docs/man/Samba3-HOWTO/passdb.html] for more details. If the Windows RID and Linux UID/ GID are stored in your user/ group profiles, you don't need winbind and idmap. You only need winbind/ idmap if you're authenticating Linux against samba or a Windows host, but that's not what you want to do. ## Additional Information: http://www.samba.org/samba/docs/man/Samba3-HOWTO/ http://www.samba.org/samba/docs/man/Samba3-HOWTO/samba-bdc.html#id2566941 http://www.samba.org/samba/docs/man/Samba3-HOWTO/passdb.html#id2593073 http://www.samba.org/samba/docs/man/Samba3-HOWTO/passdb.html Cheers, Christian === Dipl.-Ing. Christian Rost [T.I.S.P.] roCon - Informationstechnologie Ulmenstraße 45 44534 Lünen fon: +49 (0) 2306 910 658 fax: +49 (0) 2306 910 664 url: http://www.rocon-it.de Dorian Preston <dpres...@remindermedia.com> wrote Subject: [Samba] 389 Directory Server (LDAP) and SAMBA Date: 12.02.2013 23:09 >I have: > >*389 Directory Server (v1.2) with about 100+ current and active users. >*Separate SAMBA server that I would like to use LDAP credentials to >authenticate with. > >Found guides for using LDAP credentials with SAMBA here: >http://directory.fedoraproject.org/wiki/Howto:Samba >http://sangacollins.wordpress.com/posts/directory-server/ > > > >What I have been able to do: > >Added the samba schema information (61samba.ldif) into my 389 directory >server. > >Used the configure.pl script to configure smbldap-tools for my 389 >Directory server. > >Ran smbldap-populate to add the basic Windows user setup for SAMBA. > > >Issues: > >It seems that all of the SAMBA/LDAP guides expect SAMBA and LDAP to be on >the same server. > >Don't really understand how I am supposed to add the SAMBA schema >information to my current LDAP users so they can be authenticated via >SAMBA. > >One of the guides says alot about enabling winbind and authconfig. Don't >know if this is needed. > > >Questions: > >Is there any up to date documentation for using 389 Directory Server as an >LDAP Authentication Backend for SAMBA? > >Is there a process (read. I unfortunately can't just delete/add user >accounts with SAMBA info) for adding SAMBA information into my existing >LDAP accounts? > >Do I need to do anything using authconfig? > > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Core dump trying to join domain on FreeBSD
* Andrew Bartlett wrote: The error certainly does seem to be coming from Heimdal - that error string only exists in Heimdal, not in Samba. I thought so, too, but I hoped there might have been other instances of this in connection with Samba. If you can run it under valgrind, we might get more of a hint as to why there is invalid memory (I can't think of any other reason why this might fail - a checksum doesn't really fail like this even in 'failure' modes). The attached log is from valgrind without any options. I find it interesting that valgrind produces a valid backtrace, but even the core dump it wrote shows only as garbage in gdb. As usually happens to me, I found a workaround immediately after asking for help, so this is not as terribly important to me anymore as it was yesterday. I had the problem in an x86 environment; it turns out that it works fine on an amd64 system. Anyway, thanks a lot for your help, and if you want to look into this further, I will be glad to provide any information you want. -- Christian ==99579== Memcheck, a memory error detector ==99579== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al. ==99579== Using Valgrind-3.8.0 and LibVEX; rerun with -h for copyright info ==99579== Command: net ads join -U administra...@xxxmyrealmx.xx ==99579== Parent PID: 74522 ==99579== ==99579== Conditional jump or move depends on uninitialised value(s) ==99579==at 0x14D4A73: _tdb_store (in /usr/local/lib/libtdb.so.1) ==99579==by 0x14D50ED: tdb_store (in /usr/local/lib/libtdb.so.1) ==99579==by 0x3D6F81: db_tdb_store (in /usr/local/bin/net) ==99579==by 0x3F5A25: dbwrap_store_action (in /usr/local/bin/net) ==99579==by 0x3F50F0: dbwrap_trans_do (in /usr/local/bin/net) ==99579==by 0x3F522A: dbwrap_trans_store (in /usr/local/bin/net) ==99579==by 0x2EF5FC: secrets_store (in /usr/local/bin/net) ==99579==by 0x2F0FA0: secrets_store_domain_sid (in /usr/local/bin/net) ==99579==by 0x66FC05: libnet_DomainJoin (in /usr/local/bin/net) ==99579==by 0x670471: libnet_Join (in /usr/local/bin/net) ==99579==by 0x1ACB93: net_ads_join (in /usr/local/bin/net) ==99579==by 0x1DE1D7: net_run_function (in /usr/local/bin/net) ==99579== ==99579== Conditional jump or move depends on uninitialised value(s) ==99579==at 0x14D4A7D: _tdb_store (in /usr/local/lib/libtdb.so.1) ==99579==by 0x14D50ED: tdb_store (in /usr/local/lib/libtdb.so.1) ==99579==by 0x3D6F81: db_tdb_store (in /usr/local/bin/net) ==99579==by 0x3F5A25: dbwrap_store_action (in /usr/local/bin/net) ==99579==by 0x3F50F0: dbwrap_trans_do (in /usr/local/bin/net) ==99579==by 0x3F522A: dbwrap_trans_store (in /usr/local/bin/net) ==99579==by 0x2EF5FC: secrets_store (in /usr/local/bin/net) ==99579==by 0x2F0FA0: secrets_store_domain_sid (in /usr/local/bin/net) ==99579==by 0x66FC05: libnet_DomainJoin (in /usr/local/bin/net) ==99579==by 0x670471: libnet_Join (in /usr/local/bin/net) ==99579==by 0x1ACB93: net_ads_join (in /usr/local/bin/net) ==99579==by 0x1DE1D7: net_run_function (in /usr/local/bin/net) ==99579== ==99579== ==99579== Process terminating with default action of signal 6 (SIGABRT): dumping core ==99579==at 0x15FA2FF: __sys_kill (in /lib/libc.so.7) ==99579==by 0x15F909B: abort (in /lib/libc.so.7) ==99579==by 0x11BA9FD: krb5_abortx (in /usr/local/lib/libkrb5.so.26) ==99579==by 0x1181E53: SHA1_checksum (in /usr/local/lib/libkrb5.so.26) ==99579==by 0x118295C: _krb5_internal_hmac (in /usr/local/lib/libkrb5.so.26) ==99579==by 0x1182A72: _krb5_SP_HMAC_SHA1_checksum (in /usr/local/lib/libkrb5.so.26) ==99579==by 0x118496B: create_checksum (in /usr/local/lib/libkrb5.so.26) ==99579==by 0x1184F93: krb5_encrypt_ivec (in /usr/local/lib/libkrb5.so.26) ==99579==by 0x118540F: krb5_encrypt (in /usr/local/lib/libkrb5.so.26) ==99579==by 0x118548C: krb5_encrypt_EncryptedData (in /usr/local/lib/libkrb5.so.26) ==99579==by 0x11950B2: add_enc_ts_padata (in /usr/local/lib/libkrb5.so.26) ==99579==by 0x1196098: krb5_init_creds_step (in /usr/local/lib/libkrb5.so.26) ==99579== ==99579== HEAP SUMMARY: ==99579== in use at exit: 172,298 bytes in 1,082 blocks ==99579== total heap usage: 29,953 allocs, 28,871 frees, 4,528,138 bytes allocated ==99579== ==99579== LEAK SUMMARY: ==99579==definitely lost: 79 bytes in 3 blocks ==99579==indirectly lost: 75 bytes in 1 blocks ==99579== possibly lost: 19,768 bytes in 194 blocks ==99579==still reachable: 152,376 bytes in 884 blocks ==99579== suppressed: 0 bytes in 0 blocks ==99579== Rerun with --leak-check=full to see details of leaked memory ==99579== ==99579== For counts of detected and suppressed errors, rerun with: -v ==99579== Use --track-origins=yes to see where uninitialised values come from ==99579== ERROR SUMMARY: 45 errors from 2 contexts (suppressed: 0 from 0) -- To unsubscribe from this list go to the f
Re: [Samba] Organization of Users in Samba4
Hi Andrew, you can create the user in another OU if you want: samba-tool user add User3 passw3rd --userou=OrgUnit --userou=USEROU Alternative location (without domainDN counterpart) to default CN=Users in which new user object will be created Regards, Christian -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andrew Martin Gesendet: Donnerstag, 24. Januar 2013 00:21 An: samba@lists.samba.org Betreff: [Samba] Organization of Users in Samba4 Hello, I am working on migrating from OpenLDAP using the inetOrgPerson schema to Samba4. I would like to continue to provide backwards compatibility with our existing authentication service. In OpenLDAP, users are all contained inside the People organizational unit and referenced by uid, for example: dn: uid=myuser,ou=People,dc=example,dc=com When using samba-tool to add a user, it places the user inside of the Users cn, and references the user via its cn entry rather than via uid: dn: cn=myuser,cn=Users,dc=example,dc=com Is there any Samba4 or AD reason why I need to use cn=myuser,cn=Users,dc=example,dc=com for users, or can I import them to uid=username,ou=People,dc=example,dc=com and use this organizational structure instead? Thanks, Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 AD delegation to read userPassword attribute
PERFECT! It works!!! Thank you very much!!!
Best regards, Christian
-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Achim Gottinger
Gesendet: Dienstag, 15. Januar 2013 21:42
An: samba@lists.samba.org
Betreff: Re: [Samba] Samba4 AD delegation to read userPassword attribute
Am 15.01.2013 20:02, schrieb Christian Hailer:
> Hi Achim,
>
> thank you for this information! Unfortunately it doesn't work in my
> environment, the userPassword attribute still can't be read by the "ldap"
> user...
> I tried to bind with the domain administrator account, there it doesn't work
> too.
>
> Would it be possible for you to post your dovecot.conf, dovecot-ldap.conf and
> smb.conf files? Maybe I made a mistake somewhere...
I use different configs for passdb and userdb for Dovecot. Dovecot stores all
mail's as user vmail.vmail(999:999) in /var/lib/vmail/[username]/mail here so
you might have to modify the user_attrs mappings.
With these separate config for userdb and passdb, auth_bind works for passdb
and pass_attrs are not necessary.
dovecot-ldap.conf
passdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap-passdb.conf.ext
}
userdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
}
dovecot-ldap-passdb.conf.ext
---
hosts = localhost
auth_bind = yes
auth_bind_userdn = cn=%u,cn=Users,dc=example,dc=de
ldap_version = 3
base = cn=Users,dc=example,dc=de
pass_filter = (&(objectClass=person)(cn=%u)(mail=*))
---
dovecot-ldap-userdb.conf.ext
---
hosts = localhost
dn = cn=ldap,cn=Users,dc=example,dc=de
dnpass = password
ldap_version = 3
base = cn=Users,dc=example,dc=de
user_attrs =
=uid=999,=gid=999,=home=/var/lib/vmail/%u,=mail=/var/lib/vmail/%u/mail
user_filter = (&(objectClass=person)(cn=%u)(mail=*))
# Attributes and filter to get a list of all users
iterate_attrs = cn=user
iterate_filter = (objectClass=person)
---
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 AD delegation to read userPassword attribute
Originalnachricht Betreff: Re: [Samba] Samba4 AD delegation to read userPassword attribute Von: Christian Hailer An: Achim Gottinger Cc: Hi Achim, thank you for this information! Unfortunately it doesn't work in my environment, the userPassword attribute still can't be read by the "ldap" user... I tried to bind with the domain administrator account, there it doesn't work too. Would it be possible for you to post your dovecot.conf, dovecot-ldap.conf and smb.conf files? Maybe I made a mistake somewhere... Thanks in advance, Christian Achim Gottinger schrieb: Running the environment you described (beside openchange). I guess you need acl:read=false in your smb.conf. achim~ Am 14.01.2013 23:29, schrieb Christian Hailer: > Hello Samba group, > > I ran into a problem concerning Dovecot LDAP authentication to the Samba4 > Active Directory. > > Background: I want to install a Openchange+Samba4 environment using Sogo, > Dovecot and Postfix. I didn't want to use openldap as described in the > Openchange documentation, why should I use 2 LDAP databases? > > Fedora 17, latest updates applied > Samba: Version 4.1.0pre1-GIT-813bd03 > dovecot-2.1.10-4.fc17.i686 > > At first I tried to use the auth_bind method of Dovecot, but very soon I > realized (via tcpdump) that you first have to authenticate to Samba4: > > ... > searchResDone > resultCode: operationsError (1) > matchedDN: > Operation unavailable without authentication > ... > > I defined the properties in dovecot-ldap.conf like this: > > --- > uris = ldaps://192.168.0.1:636 > dn = cn=ldap,ou=USER,dc=example,dc=de > dnpass = somepassword > > base = dc=example,dc=de > scope = subtree > deref = never > > user_attrs = sAMAccountName=uid,primaryGroupID=gid > user_filter = (sAMAccountName=%u) > > pass_attrs = mail=user,userPassword=password > pass_filter = (sAMAccountName=%u) > --- > > So trying to authenticate to Dovecot with a telnet connection > >> telnet localhost 143 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > STARTTLS AUTH=PLAIN] Dovecot ready. > 1 login someuser somepassword > > results in the error message "result: mail=someu...@example.de; userPassword > missing" > > A tcpdump shows the following searchRequest: > > --- > Lightweight Directory Access Protocol >LDAPMessage searchRequest(2) "dc=example,dc=de" wholeSubtree >... >Filter: (sAMAccountName=someuser) > filter: equalityMatch (3) > equalityMatch > attributeDesc: sAMAccountName > assertionValue: someuser >attributes: 2 items > AttributeDescription: mail > AttributeDescription: userPassword > --- > > As a result I get: > > --- > Lightweight Directory Access Protocol >LDAPMessage searchResEntry(2) "CN=someuser, OU=USER,DC=example,DC=de" [1 > result] >... >searchResEntry > objectName: CN=someuser, OU=USER,DC=example,DC=de > attributes: 1 item >PartialAttributeList item mail > type: mail > vals: 1 item >AttributeValue: someu...@exchange.de > --- > > So unfortunately the "userPassword" attribute is missing. Now, I remembered > the "Control Delegation Wizard" from Microsoft AD where you have to delegate > permission to read all user properties to a user account in order to be able > to authenticate i.e. pam_ldap users on a linux server. > > I delegated the appropriate permissions to the "ldap" user used in > dovecot-ldap.conf above, but the behaviour did not change, the "userPassword" > attribute won't be delivered to the "ldap" user. > > Is anybody out there who ran into the same problem? > > Best regards, Christian > > > > > > > > > > > > > > > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 AD delegation to read userPassword attribute
Hello Samba group, I ran into a problem concerning Dovecot LDAP authentication to the Samba4 Active Directory. Background: I want to install a Openchange+Samba4 environment using Sogo, Dovecot and Postfix. I didn't want to use openldap as described in the Openchange documentation, why should I use 2 LDAP databases? Fedora 17, latest updates applied Samba: Version 4.1.0pre1-GIT-813bd03 dovecot-2.1.10-4.fc17.i686 At first I tried to use the auth_bind method of Dovecot, but very soon I realized (via tcpdump) that you first have to authenticate to Samba4: ... searchResDone resultCode: operationsError (1) matchedDN: Operation unavailable without authentication ... I defined the properties in dovecot-ldap.conf like this: --- uris = ldaps://192.168.0.1:636 dn = cn=ldap,ou=USER,dc=example,dc=de dnpass = somepassword base = dc=example,dc=de scope = subtree deref = never user_attrs = sAMAccountName=uid,primaryGroupID=gid user_filter = (sAMAccountName=%u) pass_attrs = mail=user,userPassword=password pass_filter = (sAMAccountName=%u) --- So trying to authenticate to Dovecot with a telnet connection >telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. 1 login someuser somepassword results in the error message "result: mail=someu...@example.de; userPassword missing" A tcpdump shows the following searchRequest: --- Lightweight Directory Access Protocol LDAPMessage searchRequest(2) "dc=example,dc=de" wholeSubtree ... Filter: (sAMAccountName=someuser) filter: equalityMatch (3) equalityMatch attributeDesc: sAMAccountName assertionValue: someuser attributes: 2 items AttributeDescription: mail AttributeDescription: userPassword --- As a result I get: --- Lightweight Directory Access Protocol LDAPMessage searchResEntry(2) "CN=someuser, OU=USER,DC=example,DC=de" [1 result] ... searchResEntry objectName: CN=someuser, OU=USER,DC=example,DC=de attributes: 1 item PartialAttributeList item mail type: mail vals: 1 item AttributeValue: someu...@exchange.de --- So unfortunately the "userPassword" attribute is missing. Now, I remembered the "Control Delegation Wizard" from Microsoft AD where you have to delegate permission to read all user properties to a user account in order to be able to authenticate i.e. pam_ldap users on a linux server. I delegated the appropriate permissions to the "ldap" user used in dovecot-ldap.conf above, but the behaviour did not change, the "userPassword" attribute won't be delivered to the "ldap" user. Is anybody out there who ran into the same problem? Best regards, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 on AIX with XLC
On 01/11/2013 06:04 PM, Benjamin Huntsman wrote: 1. What can be done about the libraries not getting copied? Is this a bug in my build, or in the build system? I can see this as well on my AIX6.1 system. So it's probably an issue with the build system. 2. Do I need to move certain ones of them to other subdirectories in the lib directory? No, the buildsystem should have copied them there as well. 3. If I tracked down the ones below and copied them by hand, might there be others still that I missed? Once the problem with the buildsystem gets sorted out, you wouldn't have to care. Please open a bug so we can track this problem. 4. With all the subdirectories under lib, am I going to have to define a pretty complicated LD_LIBRARY_PATH to get this to run? No, the binaries should be linked against those libraries with absolute paths. You might only need to set LD_LIBRARY_PATH for libs like libtalloc and libtdb that are supposed to be installed under a standard library path like /usr/lib/. The private libs will be installed somewhere else, but still be found due to the absolute linking. 5. Is there a way I can build the whole thing static from the Python-based build system? I didn't see an option for that with ./configure --help. Not with the waf buildsystem. If you are only interested in the file/print serving part, you can give the old buildsystem in source3 a try instead. Cheers, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 on AIX with XLC
On 01/10/2013 12:18 AM, Benjamin Huntsman wrote: There may be others, but by copying those into /opt/samba-4.0.0/lib, I was able to get my compiled smbd to at least spit out the following message: bash-3.2# /opt/samba-4.0.0/sbin/smbd -b exec(): 0509-036 Cannot load program /opt/samba-4.0.0/sbin/smbd because of the following errors: rtld: 0712-001 Symbol aixacl_to_smbacl was referenced from module /opt/samba-4.0.0/lib/private/libsmbd_base.so(), but a runtime definition of the symbol was not found. rtld: 0712-001 Symbol aixacl_smb_to_aixacl was referenced from module /opt/samba-4.0.0/lib/private/libsmbd_base.so(), but a runtime definition of the symbol was not found. bash-3.2# So looks like I'm still missing aixacl_to_smbacl and aixacl_smb_to_aixacl. Any idea where I'd get those, and why they're not being found? Those should have been linked into smbd directly as configure on AIX adds vfs_aixacl to the list of modules to be compiled statically. Would you mind opening a bug on https://bugzilla.samba.org for tracking? Cheers, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Core dump trying to join domain on FreeBSD
* Christian Ullrich wrote: * Andrew Bartlett wrote: The error certainly does seem to be coming from Heimdal - that error string only exists in Heimdal, not in Samba. I thought so, too, but I hoped there might have been other instances of this in connection with Samba. If you can run it under valgrind, we might get more of a hint as to why there is invalid memory (I can't think of any other reason why this might fail - a checksum doesn't really fail like this even in 'failure' modes). The attached log is from valgrind without any options. I find it interesting that valgrind produces a valid backtrace, but even the core dump it wrote shows only as garbage in gdb. As usually happens to me, I found a workaround immediately after asking for help, so this is not as terribly important to me anymore as it was yesterday. I had the problem in an x86 environment; it turns out that it works fine on an amd64 system. Not so. It fails just the same when Samba is built against the FreeBSD port version of Heimdal (1.5.2) rather than the version in the base system (1.1.0 iirc). I will ask for help from the Heimdal people next. -- Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Core dump trying to join domain on FreeBSD
Hello all, I have been trying for a while now to join a FreeBSD machine to an existing AD domain, using Samba 3.6. What happens is this: [root@infra1 ~]# net ads join -U Administrator@MY.REALM Enter Administrator@MY.REALM's password: net: sha1 checksum failed Abort trap: 6 (Speicherabzug geschrieben) I can see the newly created computer object in AD, and it does not make a difference when I create it manually before trying the join. kinit works (but contrary to documentation, "net ads join" does not automatically use the kinit'ed user for authentication). Samba is version 3.6.9, Kerberos is heimdal 1.5.2. I have the exact same problem on both FreeBSD 8 and 9. I suspect this is actually caused by some setting on the DC, but I cannot figure out which. The last lines in the output of net -d 5 ads join -U Administrator@MY.REALM are: rpc_api_pipe: host dc2.my.domain rpc_read_send: data_to_read: 32 sitename_fetch: Returning sitename for MY.REALM: "MySiteName" name dc2.my.domain#20 found. ads_try_connect: sending CLDAP request to xxx.yyy.zzz.12 (realm: my.domain) Successfully contacted LDAP server xxx.yyy.zzz.12 Connected to LDAP server dc2.my.domain time offset is 0 seconds Found SASL mechanism GSS-SPNEGO ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore net: sha1 checksum failed I have tried getting a backtrace, but I only get garbage from both the core dump and when I run the program in gdb directly. If anyone could give me a hint how to get a meaningful backtrace, I would very much appreciate it. I have already built Samba, heimdal and the system libc with debug symbols, but the only effect was that, instead of 20 lines of backtrace with unlikely addresses, now I get only three followed by "Error accessing memory, bad address". -- Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How can I show only the shares that user have access to in SAMBA
Hi Simon, as far as I know, you can't hide shares with user specific settings. It is not implemented wether in Windows nor in Samba. The only way is to hide the share for all users by adding the "$" at the end of the share name - like [kmplan$]. To limit access to the share you need to set share and corresponding filesystem permissions. Cheers, Christian simon ben schrieb: >Dear All, > >I have implemented samba to right now in test environment to be >implemented in production as samba file server > >so far its working grt > >but I have one issue > >i have right now one share and want only the users who have access to >the share to see it >and the others should not > >when I log into the user who has no access I see the share and when i >double click it ask me for username and password > >googling arround this issuse is solved by using the below in smb.conf >file > hide dot files = yes >hide unreadable = yes >in the share definition section. > >but its still visible > >security is set as user > >here the part of my smb.conf >-- >[kmplan] > writeable = yes > path = /opt/network/testplan > write list = @localgrp > revalidate = yes > hide unreadable = yes > hide dot files = yes > comment = masterplan testing directory > valid users = @localgrp >----- > >is there anything i need to set in smb.conf >appreciate your help and advice > > >regards > >simon -- Dipl.-Ing. Christian Rost roCon - Informationstechnologie Ulmenstraße 45 44534 Lünen Fon: +49 2306 910 658 Fax: +48 2306 910 664 URL: www.rocon-it.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3.6.6: cluster support not available: support for SCHEDULE_FOR_DELETION control missing
Quoting David Touzeau (da...@touzeau.eu): > Dear, i cannot compile the latest build with cluster support: > > I have tried the debian repository Any reason for not using the Debian packages? If you're using Debian stable (squeeze), we have backports of packages that are in Debian testing. As of now, they're still 3.6.5 as we first need the 3.6.6 packages to enter Debian testing before we can backport them. It's however only a matter of days : the 3.6.6 packages should enter testing as of July 8th and I'll upload backported packages immediately to backports.debian.org. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 often creates new user profiles
Marc, thank you for your reply. On Thu, 17 May 2012 18:38:05 + "Cain, Marc" wrote: > There are many causes for this behavior. In Windows 7 the typical > reason is a service or process has locked a resource in the profile > and is not releasing it at logoff. Try looking in the profile to see > what files/folders may be being left on the drive. Where do I see files being left? Is there another method besides psexec and procmon? Can I compare the server directory and client directory when the user is logged out? - Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 often creates new user profiles
On Sun, 13 May 2012 09:33:02 -0700 Jorell wrote: > Do you have ACL enabled on the partition? No, there aren't ACLs enabled. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 often creates new user profiles
On Sat, 12 May 2012 17:47:02 +0200 Christian Meier wrote: > Windows 7 clients often create new roaming profiles for existing > users for no identifiable reason. Windows XP isn't affected. Some reasons for this behavior I googled: 1. insufficient permissions for profile-folder 2. "trust relationship between this workstation and the primary domain failed." --> dis-join and rejoin the workstation 3. .bak is appended in registry at HKEY_LOCAL_MACHINE\Software\Microsoft \Windows NT\CurrentVersion\ProfileList. Remove the other SIDs and the ".bak" extension. 4. do not use roaming profiles. (But there are other problems with folder redirection [1].) [1] http://wiki.samba.org/index.php/Samba_&_Windows_Profiles#Folder_Redirection -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 often creates new user profiles
On Sat, 12 May 2012 22:12:00 +0200 steve wrote: > win7 seems unable to load the profile from the server if the > hive at NTUSER.DAT has been changed, e.g. even simply moved from one > place to another. We didn't move them. > One workaround we use is to put the profile in the > home folder of the user. Then it always seem to work. That's an idea. Maybe we'll try that. Are there any other ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 often creates new user profiles
On Sat, 12 May 2012 12:57:13 -0700 Jorell wrote: > When Windows 7 creates the new profile is it creating %USERNAME%.V2? Windows 7 creates %USERNAME%.V2, but I'm not sure about the name of the newly created profiles. I guess .000... is appended. - Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 often creates new user profiles
Hi, we're using Samba 3.5.6 (Debian). Windows 7 clients often create new roaming profiles for existing users for no identifiable reason. Windows XP isn't affected. Is this a known problem? - Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] cannot set gpfs:sharemodes to yes
On 05/11/2012 12:39 PM, Zdenek SMetana wrote: I'm trying to set up samba share exporting gpfs filesystem and I strugle with setting sharemode to yes. Samba is 3.6.5, gpfs version is 3.2.1-29 (the latest available for 3.2 branch). Everything works fine when sharemode is set to no, but I'd rather insist to switch it to yes. That's what man page says: I am not sure if Samba 3.6 and GPFS 3.2 were tested together recently as 3.2 is even out of support by IBM. But the share modes code has been in Samba for a long while now, so it should work and it does with more recent GPFS versions. Did you see that problem on earlier GPFS 3.2 PTF releases? Maybe something has changed on the GPFS side. But as 3.2 is out of service, there won't be future updates to it I am afraid. You could still create GPFS traces and ask IBM support why GPFS rejects that request. Once the cause is known, we might be able to work around in Samba. no - do not propagate sharemodes across all GPFS nodes. This should only be used if the GPFS file system is exclusively exported by Samba. Access by local unix application or NFS exports could lead to corrupted files. Sharemodes are less important for data integrity than gpfs:leases, but there are still necessary to get full protection. [2012/05/11 11:29:41.979668, 10] modules/gpfs.c:77(set_gpfs_sharemode) am=20089, allow=1, sa=3, deny=0 [2012/05/11 11:29:41.979722, 10] modules/gpfs.c:87(set_gpfs_sharemode) gpfs_set_share failed: Operation not permitted - why it goes whong here?? [2012/05/11 11:29:41.979836, 10] modules/gpfs.c:68(set_gpfs_sharemode) special case am=no_access:0 [2012/05/11 11:29:41.979879, 10] modules/gpfs.c:77(set_gpfs_sharemode) am=0, allow=0, sa=0, deny=0 [2012/05/11 11:29:41.979927, 10] modules/gpfs.c:87(set_gpfs_sharemode) gpfs_set_share failed: Operation not permitted [2012/05/11 11:29:41.979971, 10] Yes, those are are definitely related to the problem you are seeing. Regards, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Configuration of idmap_ldap "No backend defined"
Hi, your security concerns are welcome. Well I didn't use LDAP based idmap yet, but "multiple entries returned" could be a result of your duplicate settings for "idmap config" - one with the asterisk and the second with MYDOMAIN. Please read the docs to determine which of the entries is necessary. Cheers, Christian Jon Theil Nielsen schrieb: >Hi and thanks, > >The base dn is not as shown. Might be some kind of paranoia... >I changed the smb.conf as suggested. Did not change any other file. Now >my >log shows: > >[2012/04/14 20:29:36.891125, 2] >lib/smbldap.c:1018(smbldap_open_connection) > smbldap_open_connection: connection opened >[2012/04/14 20:29:36.901600, 0] >winbindd/idmap_ldap.c:192(verify_idpool) > Multiple entries returned from (objectclass=sambaUnixIdPool) (base == >dc=example,dc=com) >[2012/04/14 20:29:36.901919, 1] >winbindd/idmap_ldap.c:516(idmap_ldap_db_init) > idmap_ldap_db_init: failed to verify ID pool (NT_STATUS_UNSUCCESSFUL) >[2012/04/14 20:29:36.903646, 5] >winbindd/idmap_ldap.c:421(idmap_ldap_close_destructor) > The connection to the LDAP server was closed >[2012/04/14 20:29:36.904039, 1] >winbindd/idmap.c:249(idmap_init_domain) > idmap initialization returned NT_STATUS_UNSUCCESSFUL > >Regards, >Jon > >On 14 April 2012 20:14, Christian Rost >wrote: > >> Hi, >> >> please check your ldap configuration in your smb.conf file. At first >> verify that your base-dn is really "dc=example,dc=com". Than remove >> "cn=Manager" from each option that contains "base_dn". >> >> As usual, make sure that your LDAP server is set up correctly and >that >> everthing works fine. Than you can connect samba to your LDAP. >> >> Cheers, >> >> Christian >> >> Jon Theil Nielsen schrieb: >> >> >Hi list, >> > >> >I can't make idmap talk to my LDAP server. And I haven't found an >> >updated >> >howto. >> > >> >Some entries from log.windbindd-imap: >> >[2012/04/13 20:05:40.500475, 5] >> >winbindd/idmap.c:153(smb_register_idmap) >> > Successfully added idmap backend 'ldap' >> >[2012/04/13 20:05:40.501112, 5] >> >winbindd/idmap.c:153(smb_register_idmap) >> > Successfully added idmap backend 'tdb' >> >[2012/04/13 20:05:40.501318, 5] >> >winbindd/idmap.c:153(smb_register_idmap) >> > Successfully added idmap backend 'passdb' >> >[2012/04/13 20:05:40.501516, 5] >> >winbindd/idmap.c:153(smb_register_idmap) >> > Successfully added idmap backend 'nss' >> >[2012/04/13 20:05:40.540035, 2] >> >lib/smbldap.c:1018(smbldap_open_connection) >> > smbldap_open_connection: connection opened >> >[2012/04/13 20:05:40.550305, 2] >> >passdb/pdb_ldap.c:2427(init_group_from_ldap) >> > init_group_from_ldap: Entry found for group: 515 >> >[2012/04/13 20:05:40.592075, 1] >> >winbindd/idmap.c:288(idmap_init_named_domain) >> > no backend defined for idmap config MYDOMAIN >> >[2012/04/13 20:06:23.606655, 2] >> >passdb/pdb_ldap.c:2427(init_group_from_ldap) >> > init_group_from_ldap: Entry found for group: 548 >> >[2012/04/13 20:06:23.629123, 2] >> >passdb/pdb_ldap.c:2427(init_group_from_ldap) >> > init_group_from_ldap: Entry found for group: 1006 >> >[2012/04/13 20:06:23.632141, 1] >> >winbindd/idmap.c:288(idmap_init_named_domain) >> > no backend defined for idmap config MYDOMAIN >> >[2012/04/13 20:06:23.637118, 2] >> >passdb/pdb_ldap.c:2427(init_group_from_ldap) >> > init_group_from_ldap: Entry found for group: 1005 >> >[2012/04/13 20:06:23.640003, 1] >> >winbindd/idmap.c:288(idmap_init_named_domain) >> > no backend defined for idmap config MYDOMAIN >> >[2012/04/13 20:06:23.653837, 1] >> >winbindd/idmap.c:288(idmap_init_named_domain) >> > no backend defined for idmap config MYDOMAIN >> >[2012/04/13 20:06:33.287504, 1] >> >winbindd/idmap.c:288(idmap_init_named_domain) >> > no backend defined for idmap config MYDOMAIN >> >[2012/04/13 20:06:33.287723, 1] >> >winbindd/idmap.c:288(idmap_init_named_domain) >> > no backend defined for idmap config BUILTIN >> >[2012/04/13 20:06:38.048645, 1] >> >winbindd/idmap.c:288(idmap_init_named_domain) >> > no backend defined for idmap config MYDOMAIN >> > >> >Part of my smb.conf: >> >[global] >> >ldap admin dn = cn=Manager,dc=example,dc=com >>
Re: [Samba] Configuration of idmap_ldap "No backend defined"
Hi, please check your ldap configuration in your smb.conf file. At first verify that your base-dn is really "dc=example,dc=com". Than remove "cn=Manager" from each option that contains "base_dn". As usual, make sure that your LDAP server is set up correctly and that everthing works fine. Than you can connect samba to your LDAP. Cheers, Christian Jon Theil Nielsen schrieb: >Hi list, > >I can't make idmap talk to my LDAP server. And I haven't found an >updated >howto. > >Some entries from log.windbindd-imap: >[2012/04/13 20:05:40.500475, 5] >winbindd/idmap.c:153(smb_register_idmap) > Successfully added idmap backend 'ldap' >[2012/04/13 20:05:40.501112, 5] >winbindd/idmap.c:153(smb_register_idmap) > Successfully added idmap backend 'tdb' >[2012/04/13 20:05:40.501318, 5] >winbindd/idmap.c:153(smb_register_idmap) > Successfully added idmap backend 'passdb' >[2012/04/13 20:05:40.501516, 5] >winbindd/idmap.c:153(smb_register_idmap) > Successfully added idmap backend 'nss' >[2012/04/13 20:05:40.540035, 2] >lib/smbldap.c:1018(smbldap_open_connection) > smbldap_open_connection: connection opened >[2012/04/13 20:05:40.550305, 2] >passdb/pdb_ldap.c:2427(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 515 >[2012/04/13 20:05:40.592075, 1] >winbindd/idmap.c:288(idmap_init_named_domain) > no backend defined for idmap config MYDOMAIN >[2012/04/13 20:06:23.606655, 2] >passdb/pdb_ldap.c:2427(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 548 >[2012/04/13 20:06:23.629123, 2] >passdb/pdb_ldap.c:2427(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 1006 >[2012/04/13 20:06:23.632141, 1] >winbindd/idmap.c:288(idmap_init_named_domain) > no backend defined for idmap config MYDOMAIN >[2012/04/13 20:06:23.637118, 2] >passdb/pdb_ldap.c:2427(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 1005 >[2012/04/13 20:06:23.640003, 1] >winbindd/idmap.c:288(idmap_init_named_domain) > no backend defined for idmap config MYDOMAIN >[2012/04/13 20:06:23.653837, 1] >winbindd/idmap.c:288(idmap_init_named_domain) > no backend defined for idmap config MYDOMAIN >[2012/04/13 20:06:33.287504, 1] >winbindd/idmap.c:288(idmap_init_named_domain) > no backend defined for idmap config MYDOMAIN >[2012/04/13 20:06:33.287723, 1] >winbindd/idmap.c:288(idmap_init_named_domain) > no backend defined for idmap config BUILTIN >[2012/04/13 20:06:38.048645, 1] >winbindd/idmap.c:288(idmap_init_named_domain) > no backend defined for idmap config MYDOMAIN > >Part of my smb.conf: >[global] >ldap admin dn = cn=Manager,dc=example,dc=com >ldap delete dn = Yes >ldap group suffix = ou=Groups >ldap idmap suffix = ou=Idmap >ldap machine suffix = ou=Computers >ldap passwd sync = yes >ldap suffix = dc=example,dc=com >ldap user suffix = ou=People >ldap debug level = 1 >idmap config *:backend = ldap >idmap config *:readonly = no >idmap config *:range = 1000-199 >idmap config *:ldap_url=ldap://localhost >idmap config *:ldap_base_dn = cn=Manager,dc=example,dc=com >idmap config MYDOMAIN:backend = ldap >idmap config MYDOMAIN:readonly = no >idmap config MYDOMAIN:range = 1000-199 >idmap config MYDOMAIN:ldap_url=ldap://localhost >idmap config MYDOMAIN:ldap_base_dn = cn=Manager,dc=example,dc=com >idmap config MYDOMAIN:ldap_user_dn = >cn=admin,ou=Idmap,dc=example,dc=com > >I'm running samba 3.6.3 on FreeBSD 9.0-RELEASE and my LDAP server seems >to >work otherwise. At least, I can do user authentication this way. > >Of course, I can provide much more information from the logs and the >configuration files. I just don't know where to start. And any help >would >be much appreciated. > >Best regards, >Jon Theil Nielsen >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba -- Dipl.-Ing. Christian Rost roCon - Informationstechnologie Ulmenstraße 45 44534 Lünen Fon: +49 2306 910 658 Fax: +48 2306 910 664 URL: www.rocon-it.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems ldap authentication for Samba 3.5.11-2-1
Hi rlvcosta, the official samba howto provides all the information you are looking for. IMHO the LDAP user profile is incomplete, because necessary attributes are missing. So check out the howto and search for LDAP and/ or go to the section concerning Domain Backup. Cheers Christian Von meinem iPod gesendet Am 28.04.2012 um 04:53 schrieb rlvcosta : > Samba team, > > I'm having some problems to have a client Windows XP, I believe all systems > could have the same issue, using Ldap authentication with Samba. > > This is a native OpenFiler configuration with a local LDAP server for Samba > shares. The problem is that sharing is never authenticated where my > suspicious is about sambaSID. > > Basically I create a test user called "rlvcosta". This user was created into > LDAP as : > > dn: uid=rlvcosta,ou=People,dc=flores,dc=com > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: sambaSamAccount > homeDirectory: /dev/null > loginShell: /bin/false > cn: rlvcosta > givenName: rlvcosta > sn: rlvcosta > uid: rlvcosta > uidNumber: 500 > gidNumber: 9126 > sambaSID: S-1-5-21-1299536883-3844537390-917088389-1001 > > This appears to be ok. Although when I put a tcpdumo trace I see: > > Lightweight Directory Access Protocol > LDAPMessage searchRequest(161) "dc=flores,dc=com" wholeSubtree > messageID: 161 > protocolOp: searchRequest (3) > searchRequest > baseObject: dc=flores,dc=com > scope: wholeSubtree (2) > derefAliases: neverDerefAliases (0) > sizeLimit: 0 > timeLimit: 15 > typesOnly: False > Filter: > (&(sambaSID=S-1-5-21-1299536883-3844537390-917088389-513)(objectclass=sambaSamAccount)) > filter: and (0) > and: > (&(sambaSID=S-1-5-21-1299536883-3844537390-917088389-513)(objectclass=sambaSamAccount)) > and: 2 items > Filter: > (sambaSID=S-1-5-21-1299536883-3844537390-917088389-513) > and item: equalityMatch (3) > equalityMatch > attributeDesc: sambaSID > assertionValue: > S-1-5-21-1299536883-3844537390-917088389-513 > Filter: (objectclass=sambaSamAccount) > and item: equalityMatch (3) > equalityMatch > attributeDesc: objectclass > assertionValue: sambaSamAccount > attributes: 38 items > AttributeDescription: uid > AttributeDescription: uidNumber > AttributeDescription: gidNumber > AttributeDescription: homeDirectory > AttributeDescription: sambaPwdLastSet > AttributeDescription: sambaPwdCanChange > AttributeDescription: sambaPwdMustChange > AttributeDescription: sambaLogonTime > AttributeDescription: sambaLogoffTime > AttributeDescription: sambaKickoffTime > AttributeDescription: cn > AttributeDescription: sn > AttributeDescription: displayName > AttributeDescription: sambaHomeDrive > AttributeDescription: sambaHomePath > AttributeDescription: sambaLogonScript > AttributeDescription: sambaProfilePath > AttributeDescription: description > AttributeDescription: sambaUserWorkstations > AttributeDescription: sambaSID > AttributeDescription: sambaPrimaryGroupSID > AttributeDescription: sambaLMPassword > AttributeDescription: sambaNTPassword > AttributeDescription: sambaDomainName > AttributeDescription: objectClass > AttributeDescription: sambaAcctFlags > AttributeDescription: sambaMungedDial > AttributeDescription: sambaBadPasswordCount > AttributeDescription: sambaBadPasswordTime > AttributeDescription: sambaPasswordHistory > AttributeDescription: modifyTimestamp > AttributeDescription: sambaLogonHours > AttributeDescription: modifyTimestamp > AttributeDescription: uidNumber > AttributeDescription: gidNumber > AttributeDescription: homeDirectory > AttributeDescription: loginShell > AttributeDescription: gecos > > See that by Ldap DB the rlvcosta sambaSID is supposed to be > S-1-5-21-1299536883-3844537390-917088389-1001. But the search made from > Samba use the sufix 513, unless 1001. Samba receives appropriately the > request from client but looks like it doesn't map correctly the search to > LDAP server. > > I could not understand by the tcpdump trace the dynamic from Samba > authentication with LDAP. The LDAP has the correct structure but the search > from Samba doesn't create the correct sambaSID. > > My understand would be that Samba search the sambaSID prefix, like below, > and then suffix with user. But not sure how it does it or if there is abug > in Samba. > > dn: sambaDomainName=CACTO,dc=flores,dc=com > sambaDomainName: CACTO > sambaSID: S-1-5-21-1299536883-3844537390-917088389 > sambaAlgorithmicRidBase: 1000 > objectClass: sambaDomain > > Do you have any comments? Is there any documentation about detailed ldap > authentication used by Samba? > > In the end
Re: [Samba] NFS quotas on Solaris 10
On 26.04.2012 22:08, Gaiseric Vandal wrote: > I have one share on my samba server which is on top of an autofs mount > point. This is solaris 10 with bundled samba 3.5.10 and zfs. It also > shows 0 free space. I had the same problem with samba 3.4.x compiled > from source code. I think this is just a fundamental Samba issue that > you won't easily solve. > > Most Windows applications won't have an issue with this. Adobe Acrobat > will. Might be. But it wasn't an issue until the update. My Win7 clients can't copy files onto shares anymore, since then. Error message says not enough disk space. I had to rebuild Samba without quota support as a workaround. Which now makes it show wrong sizes for those who actually have a userquota. I even tried cooking up my own 'get quota command', but that doesn't seem to be used for NFS quotas. Regards, Christian Manal > On 04/26/12 10:24, Christian Manal wrote: >> On 26.04.2012 16:07, Gaiseric Vandal wrote: >>> Are these autofs mounts? >>> >>> Are the nfs v4 mounts - I think Solaris 10 will automatically default >>> to NFS v4 when mounting from another Solaris 10 server. >> Yes to both. >> >> >>> Can you run "smbd -b" on the new and old version and see if the new >>> build omits any crucial modules? >> See attachments. >> >> >> Regards, >> Christian Manal >> >> >>> On 04/26/12 06:07, Christian Manal wrote: >>>> Hi list, >>>> >>>> I'm running Samba 3.6.4 on Solaris 10 x86. Underlying filesystem is ZFS. >>>> >>>> Since updating from 3.6.0, free space on NFS mounted ZFS filesystem, >>>> without a userquota set for the user, is always reported zero. 'quota >>>> -v' and the perl module 'Quota' both report no quota for such file systems. >>>> >>>> (Un)setting (ref)quota for those filesystems doesn't change anything. >>>> >>>> Any idea how to fix this behavior? A level 10 log of the quota stuff is >>>> attached. >>>> >>>> >>>> Regards, >>>> Christian Manal > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NFS quotas on Solaris 10
On 26.04.2012 16:07, Gaiseric Vandal wrote: > Are these autofs mounts? > > Are the nfs v4 mounts - I think Solaris 10 will automatically default > to NFS v4 when mounting from another Solaris 10 server. Yes to both. > Can you run "smbd -b" on the new and old version and see if the new > build omits any crucial modules? See attachments. Regards, Christian Manal > On 04/26/12 06:07, Christian Manal wrote: >> Hi list, >> >> I'm running Samba 3.6.4 on Solaris 10 x86. Underlying filesystem is ZFS. >> >> Since updating from 3.6.0, free space on NFS mounted ZFS filesystem, >> without a userquota set for the user, is always reported zero. 'quota >> -v' and the perl module 'Quota' both report no quota for such file systems. >> >> (Un)setting (ref)quota for those filesystems doesn't change anything. >> >> Any idea how to fix this behavior? A level 10 log of the quota stuff is >> attached. >> >> >> Regards, >> Christian Manal > Build environment: Built by:root@sambaserver Built on:Wed Apr 11 13:09:04 MEST 2012 Built using: gcc Build host: SunOS sambaserver 5.10 Generic_147441-13 i86pc i386 i86pc Solaris SRCDIR: /services/src/samba-3.6.4/source3 BUILDDIR:/services/src/samba-3.6.4/source3 Paths: SBINDIR: /services/samba/sbin BINDIR: /services/samba/bin SWATDIR: /services/samba/swat CONFIGFILE: /services/samba/etc/smb.conf LOGFILEBASE: /services/samba/var LMHOSTSFILE: /services/samba/etc/lmhosts LIBDIR: /services/samba/lib MODULESDIR: /services/samba/lib SHLIBEXT: so LOCKDIR: /services/samba/var/locks STATEDIR: /services/samba/var/locks CACHEDIR: /services/samba/var/locks PIDDIR: /services/samba/var/locks SMB_PASSWD_FILE: /services/samba/private/smbpasswd PRIVATE_DIR: /services/samba/private NCALRPCDIR: /services/samba/var/ncalrpc NMBDSOCKETDIR: /services/samba/var/nmbd System Headers: HAVE_SYS_ACL_H HAVE_SYS_FCNTL_H HAVE_SYS_FILE_H HAVE_SYS_FILIO_H HAVE_SYS_IOCTL_H HAVE_SYS_IPC_H HAVE_SYS_MMAN_H HAVE_SYS_MOUNT_H HAVE_SYS_PARAM_H HAVE_SYS_PRIV_H HAVE_SYS_RESOURCE_H HAVE_SYS_SELECT_H HAVE_SYS_SHM_H HAVE_SYS_SOCKET_H HAVE_SYS_SOCKIO_H HAVE_SYS_STATFS_H HAVE_SYS_STATVFS_H HAVE_SYS_STAT_H HAVE_SYS_SYSCALL_H HAVE_SYS_SYSLOG_H HAVE_SYS_SYSMACROS_H HAVE_SYS_TERMIO_H HAVE_SYS_TIME_H HAVE_SYS_TYPES_H HAVE_SYS_UIO_H HAVE_SYS_UNISTD_H HAVE_SYS_UN_H HAVE_SYS_VFS_H HAVE_SYS_WAIT_H Headers: HAVE_AIO_H HAVE_ALLOCA_H HAVE_ARPA_INET_H HAVE_COM_ERR_H HAVE_CRYPT_H HAVE_CTYPE_H HAVE_CUPS_CUPS_H HAVE_CUPS_LANGUAGE_H HAVE_DIRENT_H HAVE_DLFCN_H HAVE_FCNTL_H HAVE_FLOAT_H HAVE_FNMATCH_H HAVE_GETOPT_H HAVE_GLOB_H HAVE_GRP_H HAVE_GSSAPI_GSSAPI_EXT_H HAVE_GSSAPI_GSSAPI_GENERIC_H HAVE_GSSAPI_GSSAPI_H HAVE_GSSAPI_H HAVE_KRB5_H HAVE_KRB5_LOCATE_PLUGIN_H HAVE_LANGINFO_H HAVE_LASTLOG_H HAVE_LBER_H HAVE_LDAP_H HAVE_LIBINTL_H HAVE_LIMITS_H HAVE_LOCALE_H HAVE_MEMORY_H HAVE_NETDB_H HAVE_NETINET_IN_H HAVE_NETINET_IN_SYSTM_H HAVE_NETINET_IP_H HAVE_NETINET_TCP_H HAVE_NET_IF_H HAVE_NSSWITCH_H HAVE_NSS_COMMON_H HAVE_POLL_H HAVE_PTHREAD_H HAVE_PWD_H HAVE_READLINE_HISTORY_H HAVE_READLINE_READLINE_H HAVE_RPCSVC_NIS_H HAVE_RPCSVC_YPCLNT_H HAVE_RPCSVC_YP_PROT_H HAVE_RPC_NETTYPE_H HAVE_RPC_RPC_H HAVE_SETJMP_H HAVE_SHADOW_H HAVE_STDARG_H HAVE_STDBOOL_H HAVE_STDINT_H HAVE_STDIO_H HAVE_STDLIB_H HAVE_STRINGS_H HAVE_STRING_H HAVE_STROPTS_H HAVE_SYSLOG_H HAVE_TERMIOS_H HAVE_TERMIO_H HAVE_TIME_H HAVE_UNISTD_H HAVE_UTIME_H HAVE_UUID_UUID_H HAVE_ZLIB_H UTMP Options: HAVE_GETUTMPX HAVE_UTMPX_H HAVE_UTMP_H HAVE_UT_UT_EXIT HAVE_UT_UT_ID HAVE_UT_UT_NAME HAVE_UT_UT_PID HAVE_UT_UT_TIME HAVE_UT_UT_TYPE HAVE_UT_UT_USER PUTUTLINE_RETURNS_UTMP WITH_UTMP HAVE_* Defines: HAVE_ADDRTYPE_IN_KRB5_ADDRESS HAVE_AP_OPTS_USE_SUBKEY HAVE_ASPRINTF HAVE_ATEXIT HAVE_ATTROPEN HAVE_BER_SCANF HAVE_BER_SOCKBUF_ADD_IO HAVE_BINDTEXTDOMAIN HAVE_BLKCNT_T HAVE_BLKSIZE_T HAVE_BOOL HAVE_BZERO HAVE_CHMOD HAVE_CHOWN HAVE_CHROOT HAVE_CLOCK_GETTIME HAVE_CLOCK_MONOTONIC HAVE_CLOCK_PROCESS_CPUTIME_ID HAVE_CLOCK_REALTIME HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS HAVE_CONNECT HAVE_CREAT64 HAVE_CRYPT HAVE_CUPS HAVE_DECL_ASPRINTF HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE HAVE_DECL_KRB5_GET_CREDENTIALS_FOR_USER HAVE_DECL_RL_EVENT_HOOK HAVE_DECL_SNPRINTF HAVE_DECL_VASPRINTF HAVE_DECL_VSNPRINTF HAVE_DGETTEXT HAVE_DIRENT_D_OFF HAVE_DLCLOSE HAVE_DLERROR HAVE_DLOPEN HAVE_DLSYM HAVE_DUP2 HAVE_ENCTYPE_ARCFOUR_HMAC HAVE_ENDNETGRENT
[Samba] NFS quotas on Solaris 10
Hi list, I'm running Samba 3.6.4 on Solaris 10 x86. Underlying filesystem is ZFS. Since updating from 3.6.0, free space on NFS mounted ZFS filesystem, without a userquota set for the user, is always reported zero. 'quota -v' and the perl module 'Quota' both report no quota for such file systems. (Un)setting (ref)quota for those filesystems doesn't change anything. Any idea how to fix this behavior? A level 10 log of the quota stuff is attached. Regards, Christian Manal With userquota@moenoel=20g [2012/04/26 11:57:24.310364, 5] smbd/quotas.c:820(disk_quotas) disk_quotas: testing "/home/moenoel" devno=4b81f9a [2012/04/26 11:57:24.310439, 5] smbd/quotas.c:871(disk_quotas) disk_quotas: looking for mountpath (NFS) "nfsserver:/export/home/staff/moenoel" [2012/04/26 11:57:24.310478, 5] smbd/quotas.c:683(nfs_quotas) nfs_quotas: looking for mount on "nfsserver" [2012/04/26 11:57:24.310511, 5] smbd/quotas.c:684(nfs_quotas) nfs_quotas: of path "nfsserver:/export/home/staff/moenoel" [2012/04/26 11:57:24.310546, 5] smbd/quotas.c:689(nfs_quotas) nfs_quotas: Asking for host "nfsserver" rpcprog "100011" rpcvers "1" network "udp" [2012/04/26 11:57:24.311246, 9] smbd/quotas.c:697(nfs_quotas) nfs_quotas: auth_success [2012/04/26 11:57:24.311821, 9] smbd/quotas.c:720(nfs_quotas) nfs_quotas: Good quota data [2012/04/26 11:57:24.311860, 10] smbd/quotas.c:744(nfs_quotas) nfs_quotas: Let`s look at D a bit closer... status "1" bsize "512" active? "1" bhard "41943040" bsoft "41943040" curb "15737250" [2012/04/26 11:57:24.311919, 5] smbd/quotas.c:766(nfs_quotas) nfs_quotas: For path "/export/home/staff/moenoel" returning bsize 512, dfree 26205790, dsize 41943040 [2012/04/26 11:57:24.311964, 10] smbd/quotas.c:769(nfs_quotas) nfs_quotas: End of nfs_quotas With userquota@moenoel=none [2012/04/26 11:58:11.230325, 5] smbd/quotas.c:820(disk_quotas) disk_quotas: testing "/home/moenoel" devno=4b81f9a [2012/04/26 11:58:11.230406, 5] smbd/quotas.c:871(disk_quotas) disk_quotas: looking for mountpath (NFS) "nfsserver:/export/home/staff/moenoel" [2012/04/26 11:58:11.230445, 5] smbd/quotas.c:683(nfs_quotas) nfs_quotas: looking for mount on "nfsserver" [2012/04/26 11:58:11.230479, 5] smbd/quotas.c:684(nfs_quotas) nfs_quotas: of path "nfsserver:/export/home/staff/moenoel" [2012/04/26 11:58:11.230512, 5] smbd/quotas.c:689(nfs_quotas) nfs_quotas: Asking for host "nfsserver" rpcprog "100011" rpcvers "1" network "udp" [2012/04/26 11:58:11.231271, 9] smbd/quotas.c:697(nfs_quotas) nfs_quotas: auth_success [2012/04/26 11:58:11.232309, 9] smbd/quotas.c:720(nfs_quotas) nfs_quotas: Good quota data [2012/04/26 11:58:11.232361, 10] smbd/quotas.c:744(nfs_quotas) nfs_quotas: Let`s look at D a bit closer... status "1" bsize "512" active? "1" bhard "0" bsoft "0" curb "15737300" [2012/04/26 11:58:11.232424, 5] smbd/quotas.c:766(nfs_quotas) nfs_quotas: For path "/export/home/staff/moenoel" returning bsize 512, dfree 0, dsize 15737300 [2012/04/26 11:58:11.232471, 10] smbd/quotas.c:769(nfs_quotas) nfs_quotas: End of nfs_quotas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Synchronizing multiple samba servers
>Is it possible to use rsync instead? i saw that there is a -u option. > What you need is a bidirectional file-sync. Even it can be improvised with rsync, unison is the better choice. Unison is based on rsync and syncs files in both directions automatically, and to be on the safe side, it can be set to resolve conflicts manually. Cheers, Christian === Dipl.-Ing. Christian Rost roCon - Informationstechnologie Ulmenstraße 45 44534 Lünen fon: +49 (0) 2306 910 658 fax: +49 (0) 2306 910 664 url: http://www.rocon-it.de Janantha Marasinghe <jananth...@gmail.com> wrote Subject: Re: [Samba] Synchronizing multiple samba servers Date: 25.04.2012 10:15 >Is it possible to use rsync instead? i saw that there is a -u option. > >On Tue, Apr 24, 2012 at 6:36 PM, Janantha Marasinghe >wrote: > >> Thanks a lot all . i will look into unison >> >> >> >> On 4/24/2012 1:43 PM, ciradhb.forw...@laposte.net wrote: >> >> Hi, >> >> Maybe you could have a look to Unison which is a tool like rsync but in >> bidirectionnal way . >> http://www.cis.upenn.edu/~bcpierce/unison/index.html >> >> Henri >> >> >> >> >> >> > -Message d'origine- >> >> > De : samba-boun...@lists.samba.org >[mailto:samba-boun...@lists.samba.org] >> De la part de Janantha Marasinghe >> >> > Envoyé : mardi 24 avril 2012 07:20 >> >> > À : samba@lists.samba.org >> >> > Objet : [Samba] Synchronizing multiple samba servers >> >> > >> >> > Hi. >> >> > >> >> > I have two servers located in two different time zones. I want to know >> if there is a way to keep the shares synchronized. Right now >> >> > what i thought is to run rsync from Server A to Server B . However the >> issue is say Server B has a new version of the file in server A and >> >> > that should not be overwritten but should be copied back to server A. >> How to go about this? >> >> > >> >> > Regards >> >> > Janantha >> >> > -- >> >> > To unsubscribe from this list go to the following URL and read the >> >> > instructions: https://lists.samba.org/mailman/options/samba >> >> >> >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrading from 3.2 to 3.5
Hi, I'm going to migrate from SAMBA 3.2 to 3.5 (Debian Lenny -> Squeeze). The server is an AD member and uses ACLs. Are there any preliminary steps to make the upgrade as smooth as possible? What kind of problems could I expect? Best Regards, Christian -- ______ Christian Reischl Fraunhofer Institut für Verfahrenstechnik und Verpackung Giggenhauser Str. 35 85354 Freising Telefon: 08161 491-704 mailto:christian.reis...@ivv.fraunhofer.de http://www.ivv.fraunhofer.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 segfaults on guest authentication
On 12.04.2012 12:18, Volker Lendecke wrote: > On Thu, Apr 12, 2012 at 11:41:14AM +0200, Christian Manal wrote: >> On 12.04.2012 11:38, Volker Lendecke wrote: >>> On Thu, Apr 12, 2012 at 10:52:48AM +0200, Christian Manal wrote: >>>> Hi, >>>> >>>> I recently updated to Samba 3.6.4 from 3.6.0 (on Solaris 10 x86). Since >>>> then, passwordless guest authentication makes smbd crash with a segfault. >>>> >>>> I run the following command to test if the Samba server is available via >>>> Nagios: >>>> >>>>smbclient -U guest -N -L smb-serv >>>> >>>> Since the update, it returns with: >>>> >>>> session setup failed: NT_STATUS_PIPE_BROKEN > > Does the attached patch help? > > Volker > Looks good. Thank you! Regards, Christian Manal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 segfaults on guest authentication
On 12.04.2012 11:38, Volker Lendecke wrote:
> On Thu, Apr 12, 2012 at 10:52:48AM +0200, Christian Manal wrote:
>> Hi,
>>
>> I recently updated to Samba 3.6.4 from 3.6.0 (on Solaris 10 x86). Since
>> then, passwordless guest authentication makes smbd crash with a segfault.
>>
>> I run the following command to test if the Samba server is available via
>> Nagios:
>>
>>smbclient -U guest -N -L smb-serv
>>
>> Since the update, it returns with:
>>
>> session setup failed: NT_STATUS_PIPE_BROKEN
>>
>>
>> Server side level 10 log and a stacktrace of the resulting coredump are
>> attached. Any help with this would be appreciated.
>
> Sorry, but I do not see the level 10 log.
>
> Volker
>
Hmm, seems like it got swallowed somewhere along the way. The attachment
is there in my outgoing mail folder.
Second try.
Regards,
Christian Manal
[2012/04/12 10:41:18.762778, 6] param/loadparm.c:7490(lp_file_list_changed)
lp_file_list_changed()
file /services/samba/etc/smb.conf -> /services/samba/etc/smb.conf last
mod_time: Thu Apr 12 10:41:12 2012
[2012/04/12 10:41:18.762908, 5] auth/auth_util.c:110(make_user_info_map)
Mapping user [WORKGROUP]\[guest] from workstation [CLIENT]
[2012/04/12 10:41:18.762969, 5] auth/auth_util.c:131(make_user_info_map)
Mapped domain from [WORKGROUP] to [SMB-SERV] for user [guest] from
workstation [CLIENT]
[2012/04/12 10:41:18.763007, 5] auth/user_info.c:59(make_user_info)
attempting to make a user_info for guest (guest)
[2012/04/12 10:41:18.763042, 5] auth/user_info.c:70(make_user_info)
making strings for guest's user_info struct
[2012/04/12 10:41:18.763079, 5] auth/user_info.c:87(make_user_info)
making blobs for guest's user_info struct
[2012/04/12 10:41:18.763115, 10] auth/user_info.c:123(make_user_info)
made a user_info for guest (guest)
[2012/04/12 10:41:18.763149, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user
[WORKGROUP]\[guest]@[CLIENT] with the new password interface
[2012/04/12 10:41:18.763186, 3] auth/auth.c:222(check_ntlm_password)
check_ntlm_password: mapped user is: [SMB-SERV]\[guest]@[CLIENT]
[2012/04/12 10:41:18.763221, 10] auth/auth.c:231(check_ntlm_password)
check_ntlm_password: auth_context challenge created by NTLMSSP callback
(NTLM2)
[2012/04/12 10:41:18.763256, 10] auth/auth.c:233(check_ntlm_password)
challenge is:
[2012/04/12 10:41:18.763289, 5] ../lib/util/util.c:415(dump_data)
[] D2 C1 61 CD 4E BB 7A 50..a.N.zP
[2012/04/12 10:41:18.763364, 10] auth/auth_builtin.c:44(check_guest_security)
Check auth for: [guest]
[2012/04/12 10:41:18.763398, 10] auth/auth.c:259(check_ntlm_password)
check_ntlm_password: guest had nothing to say
[2012/04/12 10:41:18.763443, 10] auth/auth_sam.c:75(auth_samstrict_auth)
Check auth for: [guest]
[2012/04/12 10:41:18.763478, 8] lib/util.c:1521(is_myname)
is_myname("SMB-SERV") returns 1
[2012/04/12 10:41:18.763516, 4] smbd/sec_ctx.c:214(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2012/04/12 10:41:18.763566, 4] smbd/uid.c:460(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2012/04/12 10:41:18.763602, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2012/04/12 10:41:18.763636, 5]
../libcli/security/security_token.c:53(security_token_debug)
Security token: (NULL)
[2012/04/12 10:41:18.763671, 5] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2012/04/12 10:41:18.763806, 5] lib/smbldap.c:1439(smbldap_search_ext)
smbldap_search_ext: base => [dc=example,dc=com], filter =>
[(&(uid=guest)(objectclass=sambaSamAccount))], scope => [2]
[2012/04/12 10:41:18.764930, 5] lib/smbldap.c:1341(smbldap_close)
The connection to the LDAP server was closed
[2012/04/12 10:41:18.764998, 10] lib/smbldap.c:819(smb_ldap_setup_conn)
smb_ldap_setup_connection: ldap://ldap.example.com/
[2012/04/12 10:41:18.788259, 3] lib/smbldap.c:803(smb_ldap_start_tls)
StartTLS issued: using a TLS connection
[2012/04/12 10:41:18.788373, 2] lib/smbldap.c:1018(smbldap_open_connection)
smbldap_open_connection: connection opened
[2012/04/12 10:41:18.788411, 10] lib/smbldap.c:1194(smbldap_connect_system)
ldap_connect_system: Binding to ldap server ldap://ldap.example.com/ as
"cn=samba,dc=example,dc=com"
[2012/04/12 10:41:18.789588, 3] lib/smbldap.c:1240(smbldap_connect_system)
ldap_connect_system: successful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
[2012/04/12 10:41:18.789653, 4] lib/smbldap.c:1319(smbldap_open)
The LDAP server is successfully connected
[2012/04/12 10:41:18.791015, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam)
ldapsam_getsampwnam: Unable to locate us
[Samba] Samba 3.6.4 segfaults on guest authentication
Hi, I recently updated to Samba 3.6.4 from 3.6.0 (on Solaris 10 x86). Since then, passwordless guest authentication makes smbd crash with a segfault. I run the following command to test if the Samba server is available via Nagios: smbclient -U guest -N -L smb-serv Since the update, it returns with: session setup failed: NT_STATUS_PIPE_BROKEN Server side level 10 log and a stacktrace of the resulting coredump are attached. Any help with this would be appreciated. Regards, Christian Manal core 'core' of 15868: /services/samba/sbin/smbd -D fe90bb17 _lwp_kill (1, 6) + 7 fe8b365f raise(6) + 1f fe892961 abort(6, 0, 8a7afc7, 8a7afeb, 8b41f1c, 8a7a122) + cd 084f7168 (8a7dbf6, 3dfc, 0, 8a7adb8, 0, 8046014) 085094b4 log_stack_trace (8a7adb8, 0, 8a7ada9, 8a7b005, fe97e000, fe3d2a00) 084f6a3a sig_fault (b, 0, 80460a0, fe8f5ac3, 8046058, fe8f5ac3) 084f6a4b sig_fault (b, 0, 80460f8) + 11 fe908e9f __sighndlr (b, 0, 80460f8, 84f6a3a) + f fe8feb7f call_user_handler (b, 0, 80460f8) + 22b fe8fecc0 sigacthandler (b, 0, 80460f8) + 7c --- called from signal handler with signal 11 (SIGSEGV) --- fe8863dc strlen (891dc3b, 80471b4, 80470b0, 0) + c fe8e4953 vsnprintf (80470f0, 80, 891dc08, 80471b4) + 73 fe8e0d60 vasprintf (8047190, 891dc08, 80471b4, 2, 0, 80471b4) + 34 084f62b1 dbgtext (891dc08, 8b68f60, 0, 891e0cf, 891dba3, 100) + 3e 080f60b4 register_existing_vuid (8b64de0, 64, 0, 8b69a58, 0, 80473a4) + 1fd 081330f9 reply_sesssetup_and_X (8bad0e8, 1, 8bad058, 5c, 27, 0) + 15b5 081792f6 switch_message (73, 8bad0e8, 5c, 0, 0, 0) + 686 0817947f construct_reply (8b64de0, 0, 5c, 0, 0, 0) + 17b 081797b2 process_smb (8b64de0, 8bad058, 5c, 0, 0, 0) + 1ed 0817aaac smbd_server_connection_read_handler (8b64de0, 19, 3b, f300d, 8b64e2c, 8b64e2c) + 218 0817ab1f smbd_server_connection_handler (8b64d68, 8b92e48, 1, 8b64de0, 0, 8bab4c8) + 68 0851c991 run_events_poll (8b64d68, 1, 8ba4d28, 2, 8047810, fea2c230) + 630 08178835 smbd_server_connection_loop_once (8047874, 8b64de0, 19, 1, 817aab7, 8b64de0) + 115 0817d273 smbd_process (8b64de0, , 9cf1f71a, 584cec60, 33, 9cf1f71a) + c72 0890dd7f smbd_accept_connection (8b64d68, 8ba7c38, 1, 8ba7660, 0, 8047e14) + 416 0851c991 run_events_poll (8b64d68, 1, 8b6c098, 5, 8047bf4, 84dc1ac) + 630 0851cc1f s3_event_loop_once (8b64d68, 8b30e50, 8b647c0, 85222b1, 8ba4960, 8b41f1c) + 14e 0851dbcc _tevent_loop_once (8b64d68, 8b30e50, 8b30e25, 8b3149d, 0, 8b31485) + dd 0890eaa1 smbd_parent_loop (8bad990, 8b31485, 0, 8b31401, , 2e0b57be) + 85 0890fc1f main (80d9c60, 2, 8047e98) + 1106 080d9c60 _start (2, 8047f24, 8047f3e, 0, 8047f41, 8047f59) + 80 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMBLDAP PROBLEM
Am 2012-03-27 15:08, schrieb Leonam Silva: Hello All, I'm having trouble using smbldap, users that i created can't login . Only when I add the them into system (through adduser) I can log in with them, the problem is because I also need to create / home and set permissions but can not because the system does not recognize the group Domain Users (513). I do not understand how this happened as another opportunity to achieve this integration success. sorry no idea with this smbldap :( but this "home-dir" create stuff could be done via pam here on a SLE_11 it is: /etc/pam.d/common-session-pc session requiredpam_limits.so session requiredpam_unix2.so session optionalpam_umask.so # added for winbind session sufficient pam_winbind.so # added for AD Integration session optionalpam_mkhomedir.so silent Cheers -- Christian - Please do not 'CC' me on list mails. Just reply to the list :) Der ultimative shop für Sportbekleidung und Zubehör http://www.sc24.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbd crashes repeatedly
On 02/29/2012 04:52 AM, steen.l.me...@ibsen.dk wrote: Samba 3.6.3 on arch linux x86_64 member of an NT4 domain with winbindd Clients' shares become temporary unavailable after unsuccessful open of files. Happens after server has run for some time. I'm unsure if some configuration error could be involved (have researched for some hours) or it is a bug-file candidate? Please file a bug listing exact version information, configuration and ideally a level 10 log leading up to the crash. Cheers, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Coredump when trying to mount share on Linux
On 03/01/2012 09:00 AM, Dylan Semler wrote: Sorry, can anyone provide direction for debugging this? Is it common for samba to crash like this or does the crash imply a configuration error? Is there a simpler setup that I should start with for testing? Is this not the correct place for troubleshooting questions like this? Maybe it makes more sense to report that crash in Bugzilla together with the Samba version being used. Tracking bugs over mailinglist is less efficient than in a bugtracking system. Cheers, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5 to 3.6
On 02/23/2012 11:38 AM, marco.schaer...@proteomics.com wrote: [2012/02/23 09:32:21.669389, 1] auth/server_info.c:391(samu_to_SamInfo3) The primary group domain sid(S-1-5-21-463168302-511420122-2937072671-513) does not match the domain sid(S-1-5-21-706331994-863180292-319919955) for mos(S-1-5-21-706331994-863180292-319919955-5019) [2012/02/23 09:32:21.669528, 0] auth/check_samsec.c:491(check_sam_security) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' The entries for the domain and the users/groups are inconsistent. Newer Samba versions added some more consistency checks. So the primary group has domain SID S-1-5-21-463168302-511420122-2937072671 while user "mos" has domain SID of S-1-5-21-706331994-863180292-319919955 The domain SIDs need to be in sync to pass the semantical checks in Samba. Cheers, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0.0 w/AD Support on AIX 6.1 - Error w/Authentication
On 02/14/2012 04:20 PM, ejp wrote: [2012/02/13 11:48:43, 2] lib/interface.c:341(add_interface) added interface en4 ip=159.3.99.56 bcast=159.3.99.191 netmask= [2012/02/13 11:48:43, 2] nmbd/nmbd.c:280(reload_interfaces) Found new interface 159.3.99.56 [2012/02/13 11:48:43, 0] lib/util_sock.c:664(open_socket_in) bind failed on port 137 socket_addr = 159.3.99.191. Error = Can't assign requested address Interface 159.3.99.191 is not a defined or valid addr for us. Where is that coming from? Can't ping it and nslookup fails. 159.3.99.191 is detected as broadcast address of en4 with 159.3.99.56. Maybe the broadcast address is not correctly configured for the NIC? Please check your network settings. # ifconfig -a en4: flags=1e080863,480 inet 159.3.99.56 netmask 0xff00 broadcast 159.3.99.255 tcp_sendspace 262144 tcp_recvspace 262144 rfc1323 1 It's not using the broadcast address defined, 159.3.99.255. Is it calculating the .191 addr somehow? Either way it's not using the right one. netmask= is not populated either. Perhaps a bug? Seems that either AIX does not report it correctly to Samba or Samba is making a mistake parsing the infos from AIX. What you could try to do is specifying the interfaces explicitly in smb.conf including the netmask, e.g. bind interfaces only = yes interfaces = 159.3.99.56/24 Cheers, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nmbd process and winbindd process can't start in multi network interface environement
On 02/09/2012 06:14 AM, Huang, Hai Qing SLC CIT CMP SHA wrote: Hello, Our OS is AIX 6100-06-05-1115 and SAMBA version is 3.3.12.0 We have two network interfaces with different IPs. Now we restrict SAMBA active in onf of the interface. SWAT and smbd can start. But nmbd and winbindd processes can't start. And there is below warning info in log.nmbd and log.winbindd. Please give your suggestions and thx. pekwj42a-> # cat /usr/lib/smb.conf # Samba config file created using SWAT # from UNKNOWN (140.231.210.142) # Date: 2012/02/09 12:45:34 [global] interfaces = eth6 Try en6 instead of eth6. Cheers, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0.0 w/AD Support on AIX 6.1 - Error w/Authentication
On 02/13/2012 06:08 PM, ejp wrote: It no longer fails on my workstation ID:-) It says "not permitted to access this share (ep)". I'm missing permissions somewhere? [ep] comment = restricted access path = /home/epluskwa create mask = 0775 valid users = epluskwa,root read only = no You defined ep to only be accessible for epluskwa and root, but you connected as CITNET\ed pluskwa. This does not match and so access to the share is denied I also noticed in my nmbd.log that it was growing very quickly with the following messages: [...] [2012/02/13 11:48:43, 2] lib/interface.c:341(add_interface) added interface en4 ip=159.3.99.56 bcast=159.3.99.191 netmask= [2012/02/13 11:48:43, 2] nmbd/nmbd.c:280(reload_interfaces) Found new interface 159.3.99.56 [2012/02/13 11:48:43, 0] lib/util_sock.c:664(open_socket_in) bind failed on port 137 socket_addr = 159.3.99.191. Error = Can't assign requested address Interface 159.3.99.191 is not a defined or valid addr for us. Where is that coming from? Can't ping it and nslookup fails. 159.3.99.191 is detected as broadcast address of en4 with 159.3.99.56. Maybe the broadcast address is not correctly configured for the NIC? Please check your network settings. Cheers, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0.0 w/AD Support on AIX 6.1 - Error w/Authentication
idmap config CITNET:default = yes idmap config CITNET:backend = ad idmap config CITNET:range = 0-5 idmap config *:range = 0-5 idmap config *:backend = ad idmap config LIVAIXDSSIT01:range = 0-5 idmap config LIVAIXDSSIT01:backend = ad idmap config CIT:range = 0-5 idmap config CIT:backend = ad The ranges have to be distinct for every domain and when using backend = ad, you also need to have SFU attributes set in AD. If you do not need NFS client interop (by reading the uid/gid values to be used from AD), you could use the idmap_tdb or idmap_autorid modules that autogenerate the IDs on the box. e.g. reduce the above lines to just: idmap config *:range = 5-9 idmap config *:backend = tdb Cheers, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 - question about DNS
I'm completely new to Samba4, so sorry if this question is stupid :)) We probably will setup a Samba4-AD in the near future and it currently came to the question whether Samba4 can also work with a "remote" DNS-server (DNS-server not on Samba4-server). We plan to use some ready appliance for DNS and DHCP. Thanks, christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] idmap config doesn't allow range to be changed?
Hi, On 01/16/2012 12:52 AM, Jason Haar wrote: Anyway, I edited smb.conf so that idmap config * : range = 1-9 idmap config * : backend = tdb ...but when I run "testparm -sv|grep idmap" I still see idmap config * : range = 1-2 Maybe you have * edited the wrong file (/usr/local/lib/smb.conf vs /etc/samba/smb.conf) or * have multiple instances of the same lines in the config or * a line include = registry in smb.conf and the registry values still have the previous values * another include statement that points to a file with the previous values Cheers, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP password store
Hi Tom, On 01/18/2012 08:57 PM, Tom Harvey wrote: I have an openLDAP backend on my Samba installation, and it's using the LDAP attribute sambaNTPassword to store the NT hashed password for the users. This is allowing for windows users to auth against the PDC and linux users are authenticating through the samba PAM module Now, I want to use this openLDAP backend for a GoogleApps SSO service and this expects to find the password as a SHA hashed password in the LDAP entry userPassword So, I'd like samba to take it's auth from this password field or else we will end up with out of sync passwords; one for some services and one for others. Setting ldap passwd sync = yes would at least make sure the LDAP password is synchronized with the Windows passwords when the passwords are changed via Samba. But it will not update the Samba passwords when the unix password is changed via LDAP. Cheers, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file_mode and dir_mode options ignored
> >> Hi there. I'm using samba3x-3.5.4-0.83.el5_7.2 on CentOS release 5.7 > >> x86_64 to mount a Terastation filesystem. The "file_mode" and > >> "dir_mode" options to mount.cifs seem to be ignored; I > >> systematically get a "drwxrwxrwx" permission, no matter what values > >> I provide for these options: > > >Try noperm option instead of file_mode and dir_mode. > > Hi Motonobu, > > thanks for your answer. However noperm doesn't seem to do what I need. > I want to restrict access on the CentOS system to the "backuppc" user > exclusively. The only way I've been able to do that up to now is to put > the mountpoint in a restricted subdirectory. It kind of works but it's > not optimal. > > Do you have an idea what the problem here is? Is it related to the > Terastation itself? Hi again, sorry to repost but does anyone have an idea what's going on here? Is this a bug with Samba, or with the SAN? Should I file a but entry? Thanks for your help, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file_mode and dir_mode options ignored
>> Hi there. I'm using samba3x-3.5.4-0.83.el5_7.2 on CentOS release 5.7 >> x86_64 to mount a Terastation filesystem. The "file_mode" and >> "dir_mode" options to mount.cifs seem to be ignored; I >> systematically get a "drwxrwxrwx" permission, no matter what values >> I provide for these options: >Try noperm option instead of file_mode and dir_mode. Hi Motonobu, thanks for your answer. However noperm doesn't seem to do what I need. I want to restrict access on the CentOS system to the "backuppc" user exclusively. The only way I've been able to do that up to now is to put the mountpoint in a restricted subdirectory. It kind of works but it's not optimal. Do you have an idea what the problem here is? Is it related to the Terastation itself? Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] file_mode and dir_mode options ignored
Hi there. I'm using samba3x-3.5.4-0.83.el5_7.2 on CentOS release 5.7 x86_64 to mount a Terastation filesystem. The "file_mode" and "dir_mode" options to mount.cifs seem to be ignored; I systematically get a "drwxrwxrwx" permission, no matter what values I provide for these options: # mount.cifs //terastation/Backup /bkp/BackupPC/ -o credentials=/etc/samba/terastation.cred, uid=backuppc,gid=backuppc,file_mode=0640,dir_mode=0750 # ls -la /bkp drwxr-x--- 3 root backuppc 4096 Oct 18 11:23 . drwxr-xr-x 24 root root 4096 Oct 17 12:30 .. drwxrwxrwx 7 backuppc backuppc0 Oct 5 17:59 BackupPC What gives? Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ctdb issues
Hi Lydia, Lydia wrote on 10/07/2011 01:21:14 PM: > it turns out that ctdb does not require kexec-tools. So with and without > kexec-tool the errors are clocking > > >> 2011/10/04 12:35:37.933801 [ 1779]: basename: missing operand > >> 2011/10/04 12:35:37.933850 [ 1779]: Try `basename --help' for > >> more information. > >> 2011/10/04 12:35:48.332844 [ 1779]: basename: missing operand > >> 2011/10/04 12:35:48.332900 [ 1779]: Try `basename --help' for > >> more information. The CTDB scripts only use basename in one script, 10.interface. # grep basename /etc/ctdb/events.d/* /etc/ctdb/events.d/10.interface:[ "$(basename $(readlink /sys/class/net/$IFACE/device/driver) 2>/dev/null)" = virtio_net ] || Maybe you have specified an interface name in the public_addresses file that does not exist on the host and so the command above fails? Maybe the version of CTDB you are running contains even more basename calls in the scripts. So please check them and see which of these is failing. You can run eventscripts manually in the following way: CTDB_BASE=/etc/ctdb/ /etc/ctdb/events.d/10.interface monitor Maybe this helps locating the script that triggers the messages. Cheers, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 104, Issue 24
Quoting Bruno CAPELETO (bruno.capel...@free.fr): > I tested with the Win7Pro64bits : same as before with the following : > > apt-cache policy samba > samba: > Installé : 2:3.5.11~dfsg-1~bpo60+1 > Candidat : 2:3.5.11~dfsg-1~bpo60+1 > Table de version : > *** 2:3.5.11~dfsg-1~bpo60+1 0 Hmm, well, then I can't unfortunately do much more for you...:-( Désolé -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: Re: problems joining Windows 2003 Domain
anyone? Original-Nachricht Betreff: Re: [Samba] problems joining Windows 2003 Domain Datum: Fri, 19 Aug 2011 12:13:59 +0200 Von: Marc-Christian Petersen An: TAKAHASHI Motonobu CC: samba@lists.samba.org so how do I connect an LDAP on udp port WITH samba? Am 13.08.2011 um 10:14:49 Uhr schrieb Marc-Christian Petersen : > Hi TAKAHASHI, > >> [2011/08/12 11:17:44.272472, 10] libsmb/dsgetdcname.c:859(process_dc_dns) >> LDAP ping to ad2.blub.local >> [2011/08/12 11:17:44.273248, 2] libads/cldap.c:97(ads_cldap_netlogon) >> cldap_netlogon() failed: NT_STATUS_NOT_FOUND >> [2011/08/12 11:17:44.273738, 10] libsmb/dsgetdcname.c:859(process_dc_dns) >> LDAP ping to ad3.blub.local >> [2011/08/12 11:17:44.275965, 2] libads/cldap.c:97(ads_cldap_netlogon) >> cldap_netlogon() failed: NT_STATUS_NOT_FOUND >> [2011/08/12 11:17:44.276005, 10] libsmb/dsgetdcname.c:859(process_dc_dns) >> LDAP ping to ad1.blub.local >> [2011/08/12 11:17:44.276496, 2] libads/cldap.c:97(ads_cldap_netlogon) >> cldap_netlogon() failed: NT_STATUS_NOT_FOUND >> - >> >> Can you connect to those DCs' 389/udp from Samba? > > hmm and how do I do that? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 104, Issue 24
Quoting Bruno CAPELETO (bruno.capel...@free.fr): > > apt-cache policy samba cups > cups: > Installé : 1.4.4-7 > Candidat : 1.4.4-7 > Table de version : > *** 1.4.4-7 0 > 500 http://ftp.fr.debian.org/debian/ squeeze/main i386 Packages > 100 /var/lib/dpkg/status > samba: > Installé : 2:3.5.6~dfsg-3squeeze5 > Candidat : 2:3.5.6~dfsg-3squeeze5 OK, these are official and latest packages for squeeze. There are possibilities that some fixes between 3.5.6 and 3.5.11 add better support for some printing functionalities. In case you're in the position of doing this, I can suggest testing the backported 3.5.11 version (packages from Debian unstable, recompiled for squeeze): http://packages.debian.org/search?keywords=samba&searchon=names§ion=all&suite=squeeze-backports -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] What is the recommend method to give users local admin access?
Quoting Aniruddha (mailingdotl...@gmail.com): > What is the recommend method with a samba pdc to give users local > administrator access to their workstations? In Samba4 / Active Directory I Give them a local account with admin access? But not give that to their regular account? Seriously, don't give people habits of working with admin access to Windows machines. Really. If you really want to do this...and reinstall Windows clients every 6 months, then create a domain group (something like "ShootSelfInFoot") and put this global group in the "Administrators" local group on each client. Using "Domain Admins" is IMHO a wrong idea as this gives them more power than just having admin access to the local machines. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Sharing network printer drivers with Windows 7 Pro clients does not work
Quoting Bruno CAPELETO (bruno.capel...@free.fr): > Dear all, > > This is the tested config : > - debian squeeze 32bits (samba 3.5.6 / cups 1.4.4) Which package version? I (as maintainer of samba packages in Debian) backported a few changes from further 3.5 versions, some of which related to 64-bit printing, so the package version is important, here. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problems joining Windows 2003 Domain
so how do I connect an LDAP on udp port WITH samba? Am 13.08.2011 um 10:14:49 Uhr schrieb Marc-Christian Petersen : > Hi TAKAHASHI, > >> [2011/08/12 11:17:44.272472, 10] libsmb/dsgetdcname.c:859(process_dc_dns) >> LDAP ping to ad2.blub.local >> [2011/08/12 11:17:44.273248, 2] libads/cldap.c:97(ads_cldap_netlogon) >> cldap_netlogon() failed: NT_STATUS_NOT_FOUND >> [2011/08/12 11:17:44.273738, 10] libsmb/dsgetdcname.c:859(process_dc_dns) >> LDAP ping to ad3.blub.local >> [2011/08/12 11:17:44.275965, 2] libads/cldap.c:97(ads_cldap_netlogon) >> cldap_netlogon() failed: NT_STATUS_NOT_FOUND >> [2011/08/12 11:17:44.276005, 10] libsmb/dsgetdcname.c:859(process_dc_dns) >> LDAP ping to ad1.blub.local >> [2011/08/12 11:17:44.276496, 2] libads/cldap.c:97(ads_cldap_netlogon) >> cldap_netlogon() failed: NT_STATUS_NOT_FOUND >> - >> >> Can you connect to those DCs' 389/udp from Samba? > > hmm and how do I do that? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3.6: "autorid" has no domain order
Benedikt wrote on 08/16/2011 11:04:57 AM: > > i try to create a samba server for more then one trusted domain. > > I know there were some issues with samba 3.5, and in the internet i > > always read, i should use samba 3.4. > > > > So i wanted to give 3.6 a chance. > > > > I first tried autorid with a config like this: > > > > winbind enum users = yes > > winbind enum groups = yes > > > > idmap backend = autorid > > idmap gid = 10-149 > > idmap gid = 10-149 > > allow trusted domains = yes > > > > It works fine. And Domain A starts in the 20 and Domain B with > > 30. But my problem is, i have two different samba Servers that > > should get the same uid and gid. > > On the second Server Domain B also starts with 30 but domain A > > starts with 400. So there is no correct mapping between these two > > servers. It is, because the main Domain of the second server is B and > > not A like in the first server. > > > > Is there a way to tell autorid a order of domains? like: "idmap autorid > > domains = A, B" no, there isn't a way to do this currently. I planned to eventually release a tool which allows you to derive a static configuration based on idmap_rid out of the values in the autorid database. Looks like you attempted to do this manually: > > winbind enum users = yes > > winbind enum groups = yes > > allow trusted domains = yes > > > > idmap config A : backend = rid > > idmap config A : range = 10 - 19 > > idmap config A : base_rid= 1000 > > > > idmap config B : backend = rid > > idmap config B : range= 20 - 29 > > idmap config B : base_rid = 1000 But to use the same mappings as autorid on the first server, you need to set base_rid to 0 on the second server. > if i delete all the "idmap config * " parts it won't work again. > > But also if it does work i need trusted domain support. > the only config that realy works right now, is the new "autorid". Did you try net cache flush to clear previous mappings with different configurations from the caches? > LogLevel10 shows no errors at all. Can you put the logs somewhere for download or send them over? log.winbindd-idmap would be of most interest. Regards, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problems joining Windows 2003 Domain
Hi TAKAHASHI, > [2011/08/12 11:17:44.272472, 10] libsmb/dsgetdcname.c:859(process_dc_dns) > LDAP ping to ad2.blub.local > [2011/08/12 11:17:44.273248, 2] libads/cldap.c:97(ads_cldap_netlogon) > cldap_netlogon() failed: NT_STATUS_NOT_FOUND > [2011/08/12 11:17:44.273738, 10] libsmb/dsgetdcname.c:859(process_dc_dns) > LDAP ping to ad3.blub.local > [2011/08/12 11:17:44.275965, 2] libads/cldap.c:97(ads_cldap_netlogon) > cldap_netlogon() failed: NT_STATUS_NOT_FOUND > [2011/08/12 11:17:44.276005, 10] libsmb/dsgetdcname.c:859(process_dc_dns) > LDAP ping to ad1.blub.local > [2011/08/12 11:17:44.276496, 2] libads/cldap.c:97(ads_cldap_netlogon) > cldap_netlogon() failed: NT_STATUS_NOT_FOUND > - > > Can you connect to those DCs' 389/udp from Samba? hmm and how do I do that? -- Kind regards Marc-Christian Petersen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] problems joining Windows 2003 Domain
Hi all,
I have some problems joining an AD Domain hosted by some Windows 2003 DCs.
Tried with v3.5.11 from Debian Unstable, v3.5.6 from Debian Squeeze
and v3.2.5 from Debian Lenny, all showed the same problem.
please find attached log generated from
net ads join -U Administrator -d 99
I always get: Failed to join domain: failed to find DC for domain BLUB.LOCAL
DNS entries are OK, forward, reverse, all are fine and correct.
ldapsearch works, kinit works, smbclient -k works.
The only difference from other Active Directories where I can join successfully
is that the DCs from that customer are using:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"NT4Emulator"=dword:0001
and on Windows Clients they have to use:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"NeutralizeNT4Emulator"=dword:0001
to be able to join to the domain BLUB.LOCAL
is there any equiv parameter for Samba?
net rpc join just works.
Thanks in advance.
--
Kind regards
Marc-Christian Petersen
[2011/08/12 11:17:44, 5] lib/debug.c:405(debug_dump_status)
INFO: Current debug levels:
all: True/99
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
registry: False/0
[2011/08/12 11:17:44, 3] param/loadparm.c:9169(lp_load_ex)
lp_load_ex: refreshing parameters
[2011/08/12 11:17:44, 3] param/loadparm.c:4939(init_globals)
Initialising global parameters
[2011/08/12 11:17:44, 2] param/loadparm.c:4798(max_open_files)
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
[2011/08/12 11:17:44.269828, 3] ../lib/util/params.c:550(pm_process)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2011/08/12 11:17:44.269859, 3] param/loadparm.c:7853(do_section)
Processing section "[global]"
doing parameter workgroup = BLUB.NB
doing parameter realm = BLUB.LOCAL
doing parameter server string = %h server
doing parameter dns proxy = no
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter syslog = 0
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter security = ads
doing parameter encrypt passwords = true
doing parameter passdb backend = tdbsam
doing parameter obey pam restrictions = yes
doing parameter unix password sync = yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
doing parameter pam password change = yes
doing parameter domain logons = no
doing parameter domain master = no
doing parameter idmap uid = 7-100
doing parameter idmap gid = 7-100
doing parameter template homedir = /home/%U
doing parameter template shell = /bin/bash
doing parameter winbind use default domain = yes
doing parameter winbind refresh tickets = yes
[2011/08/12 11:17:44.270225, 4] param/loadparm.c:9204(lp_load_ex)
pm_process() returned Yes
[2011/08/12 11:17:44.270245, 7] param/loadparm.c:9410(lp_servicenumber)
lp_servicenumber: couldn't find homes
[2011/08/12 11:17:44.270259, 10] param/loadparm.c:8414(set_server_role)
set_server_role: role = ROLE_DOMAIN_MEMBER
[2011/08/12 11:17:44.270273, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UCS-2LE
[2011/08/12 11:17:44.270283, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UCS-2LE
[2011/08/12 11:17:44.270291, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UTF-16LE
[2011/08/12 11:17:44.270302, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UTF-16LE
[2011/08/12 11:17:44.270311, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UCS-2BE
[2011/08/12 11:17:44.270318, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UCS-2BE
[2011/08/12 11:17:44.270326, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UTF-16BE
[2011/08/12 11:17:44.270334, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UTF-16BE
[2011/08/12 11:17:44.270341, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UTF8
[2011/08/12 11:17:44.270349, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UTF8
[2011/08/12 11:17:44.270356, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UTF-8
[2011/08/12 11:17:44.270364, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UTF-8
[2011/08/12 11:17:44.270371, 5] lib/icon
Re: [Samba] how to upgrade to samba 3.6.0
Quoting alex wallis (alexwallis...@googlemail.com): > Hi list. > I am a complete newbie to samba and not particularly experienced with linux, > can someone please tell me how do I upgrade to samba 3.6.0? > I have managed to upgrade from the default samba 3.4 that the ubuntu > repositories provide to samba 3.5, but obviously would like to run > the latest version I am just not sure what repository I need to add ^^ why? > etc. > I am running a version of ubuntu lucid 64 bit, and so will be > upgrading with the apt-get program. Well, I have no idea what are plans for Ubuntu (you don't tell what version you're usingsounds like 8.04) but I don't think there will be official upgrades to 3.6 in that version of the distro. So, you're either on your own rolling out your own packages or local buildsor play russian roulette by using a random repository from random people who backport packages:-) Or you can just continue using the quite rock solid version you have right now. My own servers are running 3.5 versions (most often Debian backports or Debian official packages as they're all Debian "squeeze") and plans to go to 3.6 are not meant for the immediate future. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba winbindd: "Invalid request size received" problem
Moshe wrote on 08/06/2011 05:07:00 AM: > I am trying to resolve Windows host names (aka Netbios names, aka > "UNC names) from a Linux box. > I have added "dns wins" to the "hosts" line at the nsswitch > configuration file: /etc/nsswitch.conf, and installed samba 3.2.2 > and ran winbindd -D". [...] > More info: I am running a Linux system whose kernel version is: "2. > 6.12.6-arm1". It's a D-Link DNS-323 NAS box with an ARM processor. > I have stopped and restarted winbindd. I gave it a quick test and such a setup works with Samba 3.6. You should try to upgrade to a newer Samba version anyway as 3.2 is quite old. Maybe you can find binary packages that you can install on the box instead of having to compile your own ones. Regards, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 on debian squeeze
Quoting Christian PERRIER (bubu...@debian.org): > I suspect that samba4 uploaded yesterday by Jelmer in experimental > will solve this, but this package introduces new binary packages and > is therefore waiting in the NEW queue, for being processed by Debian > ftpmasters (any source package introducing binaries goes this way). It has been ACCEPTed today. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 on debian squeeze
Quoting John G. Heim (jh...@math.wisc.edu): > I'd prefer to install from debian packages because that will make > the upgrade to samba4 seameless once samba4 is in the stable > repository. If I install from a tarball, its probably not going to > install stuff where debian likes it. But I figure that even a > package from experimental will install most stuff where it belongs > in debian. I've installed packages from experimental & unstable on > systems running debian stable before but this time it doesn't work. > Blow is my sources.list and a screen cap of the output from the > apt-get attempt: This mostly shows that samba4 from experimental requires several packages that are not in > The following packages have unmet dependencies: > samba4 : Depends: libdcerpc0 but it is not going to be installed > Depends: libgensec0 but it is not going to be installed > Depends: libldb0 but it is not installable *that* is the problem. samba4 packages are linked against libldb0 which is not installable. See http://packages.qa.debian.org/s/samba4.html I suspect that samba4 uploaded yesterday by Jelmer in experimental will solve this, but this package introduces new binary packages and is therefore waiting in the NEW queue, for being processed by Debian ftpmasters (any source package introducing binaries goes this way). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] locking.tdb size
Hi, I'm running samba-3.5.6 (Debian/stable, PowerPC) on a small LAN (really small, 1 Mac client, 1 Windows client) serving 3 shares (1 ro, 2 rw) to both of them and I noticed that /var/run/samba/locking.tdb sometimes grows to several megabytes in size. My /var/run is a tmpfs mountpoint, 10MB in total. locking.tdb is currently 4MB in size, sometimes it grew even bigger and one time even exceeded 10MB, IIRC. While 10MB are not much, this has been far more than needed for years now. I cannot say when I noticed that locking.tdb grew bigger than usual; maybe(!) it started to act like that after the upgrade from Debian/lenny to squeeze (samba-3.2.5 to samba-3.5.6), but I cannot say for sure. I've found older posts with similar topics[0] and in [1] (from 2009) it was stated that: > 2mb is small, it *will* grow larger than this. Putting these files on > tmpfs is not a good idea. I keep monitoring the size of my locking.tdb for some time now and most of the time its size is about 60 or 200KB. Only sometimes it grows to MB ranges. The test in [1] was not able to reproduce the issue, so I still don't know what would make locking.tdb growing like this. Looking into locking.tdb via strings(1) reveals a lot of entries that are not active any more, as the client who was accessing these files is no longer online. smbstatus -L shows only a few (less than ten) locked files. Right now, smbstatus -L shows only 3 locked files, yet locking.tdb is still ~4MB and not shrinking. Does anybody have an idea what to make of this? Thanks, Christian. [0] http://lists.samba.org/archive/samba/2003-October/075116.html [1] http://lists.samba.org/archive/samba/2009-February/146638.html -- BOFH excuse #333: A plumber is needed, the network drain is clogged -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Interdomain Trusts & winbind
Quoting j...@hytronix.com (j...@hytronix.com): > Suggestions anyone? I can post whatever portions of an smb.conf that > might be helpful of course. Upgrade samba? 3.0.29 is really old and issues with supplemental groups ar emaybe not surprising. I doubt that anyone can really bring some support for versions below latest 3.4 or 3.5, now. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] filesystem of choice?
Quoting Linda W (sa...@tlinx.org): > I regret misinforming anyone. I don't think you did..:-) You mentioned xfs as a very well supported FS and we later were reminded that its support was developed by Jeremy. I think this is compliant with "XFS is very well supported and one can rely on this code"... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: getent group fails - fixed
Quoting Dermot (paik...@googlemail.com): > Perhaps I am not understanding you correctly because that runs counter > my experience. The settings in my /etc/ldap/ldap.conf were correct > whereas the ones in /etc/libnss-ldap.conf were not. It was the search > filters from libnss-ldap.conf that were being used when I did `getent > group`. I think your telling me that getent is tied to the nss > framework so would use that config because that's what I told > nsswitch.conf to do. I would have thought, but I am no expert, that > samba would have used the config from smb.conf and that ldapsearch > (and anything else that didn't have hooks else where) would use > /etc/ldap/ldap.conf. Please note that Debian has *two* packages for nss-ldap: mykerinos:/home/cperrier# apt-cache search nss ldap naming service libnss-ldap - NSS module for using LDAP as a naming service libnss-ldapd - NSS module for using LDAP as a naming service IIRC (but you probably want to check this), the latter is more actively maintained than the former. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6.0rc2 in Debian experimental
Less than 12 hours after its release, I have the pleasure to announce that the Debian experimental archive now carries packages for samba 3.6.0rc2 (please leave some time to autobuilders for packages for all architectures to be built, though). Instead of re-explaining how the Debian experimental archive is working, please allow me to point to a quite complete Wiki page about it: http://wiki.debian.org/DebianExperimental 3.6.* packages will remain in Debian experimental until the release of the final version of 3.6.0. Then, packages will be uploaded to Debian unstable, thus targeting the next Debian version (and indirectly flowing to Ubuntu, of course). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Disk free space, quotas and GPFS
Jonathan wrote on 06/07/2011 05:10:43 PM: > In order to get robust and frankly usable quotas we are making extensive > use of filesets (think directory quotas and you won't go far wrong). > Basically every share is in a fileset of it's own including all the > users home directories. All the filesets have a quota attached to them. > > What I would like is to have the disk size and usage reported by windows > to be quota limit and usage for the fileset, rather than for the entire > file system as at over 100TB it is somewhat misleading. You can use mmchfs --filesetdf to get what you are looking for. Diskfree lookups will then see the remaining quota in the fileset instead of the free space in the whole filesystem. You'll need GPFS 3.3 or later for this flag to be available. Regards, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Disk free space, quotas and GPFS
Jeremy wrote on 06/07/2011 07:11:03 PM: > > I am guessing that standard quota calls don't work on GPFS file systems. > > Probably true. If you know how GPFS reports quotas we can > add the code for a later release. We have quota hooks in > the Samba VFS, so we could add this to the gpfs vfs module. Correct, standard linux quota syscalls do not work with GPFS. GPFS has a special function for quotas in its library. I already have this on my list of further improvements for vfs_gpfs to exploit this call and make quota support work. Regards, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] idmap backend = tdb2 is broken in Ubuntu / Debian
Quoting Christian PERRIER (bubu...@debian.org): > The fix has been committed in the Debian package SVN. It will reach > Debian unstable, then Ubuntu, when we upload a new release. A new package fixing this was uploaded in Debian unstable on Sunday June 5th. Package version is 2:3.5.8~dfsg-5. For Ubuntu, a resync with Debian unstable should fix the problem in the currently developed version "whatever funky name it might have" (I can't cope with Ubuntu release names!). A fix is probably needed for Ubuntu 11.04. I think that the diff between Debian 2:3.5.8~dfsg-4 and -5 should be OK. I'm not sure whether the problem is also in the current Ubuntu LTS. I'm awaiting for the Debian release managers approval for a fix to be uploaded for Debian stable. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] idmap backend = tdb2 is broken in Ubuntu / Debian
Quoting Dave Lawrence (d...@daftdroid.com): > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > The tdb2 backend for idmap is broken in Ubuntu and presumably debian. > > As reported here > https://bugs.launchpad.net/bugs/789097 > > Careful how you read it, the quoted patch is the source of the bug, NOT > the fix. Thanks for pointing this out (I actually missed the BR in LP, even though I receive these bug reports). Brynnen Owen mentioned this to us, recently, indeed. The fix has been committed in the Debian package SVN. It will reach Debian unstable, then Ubuntu, when we upload a new release. Given that the fix is trivial but has important consequences for anybody wanting to use the TDB2 backend, I'll ask for permission to upload a fix in squeeze too. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] building from source on Ubuntu - header file locations
Quoting alexander.gardi...@canterbury.ac.uk (alexander.gardi...@canterbury.ac.uk): > Hello. > > I have successfully built and installed samba from source under Ubuntu > Desktop 10.10, but can't find the location of the source header files for > compiling a special VFS that I'd like to use. > > Can anybody point me in the right direction/give any pointers. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561917 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571635 In short: there is no -dev package because it has to be supported upstream first (particularly upstream deciding what interfaces are considered "supported" and not internal). So, ATM, to rebuild VFS modules, you're on your own and the guarantee that they won't break later on is low. The above bugs should indeed be reported in Bugzilla so that upstream samba developers can bring their input but that needs to be done by someone who is able to explain things and understand answers, which I'm not..:-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba vs Linux file permissions
Quoting John Maher (j...@chem.umass.edu): > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hello, > > I cannot find anything in the documentation or mailing list that > addresses this oddity. > > I've installed Samba Version 3.4.7 on Ubuntu Server 10.04, and I'm > utterly confused by samba's behavior regarding permissions. > > Users on the server have home directories in /home/chemgroup/username. > (chemgroup is actually a symlink to another volume mounted at > /labs/chemgroup.) Permissions on /lab/chemgroup are: How about looking in logfiles (first with log level to 3)? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.6.0rc1 in Debian experimental
I have the pleasure to announce that the Debian experimental archive now carries packages for samba 3.6.0rc1. This happened 53 hours and 26 minutes after Karolin announced the availability of this new version..:-) Instead of re-explaining how the Debian experimental archive is working, please allow me to point to a quite complete Wiki page about it: http://wiki.debian.org/DebianExperimental 3.6.* packages will remain in Debian experimental until the release of the final version of 3.6.0. Then, packages will be uploaded to Debian unstable, thus targeting the next Debian version (and indirectly flowing to Ubuntu, of course). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error in Configuring CTDB, Winbind and AD
Harshavardhana wrote on 05/10/2011 09:57:06 PM: > [2011/05/10 15:40:54.147924, 1] > winbindd/idmap_ad.c:651(idmap_ad_sids_to_unixids) > Could not get unix ID > [2011/05/10 15:54:41.509152, 1] > winbindd/idmap_ad.c:651(idmap_ad_sids_to_unixids) > Could not get unix ID >idmap config WINHPC : backend = ad >idmap config WINHPC : readonly = yes >idmap config WINHPC : schema_mode = rfc2307 >idmap config WINHPC : range = 1000-40 >idmap uid = 1000-40 >idmap gid = 1000-40 This indicates that you have invalid values in your SFU attributes in AD. If a user wants to connect with the ad backend in place, the user must have a uid and the Windows primary group also needs to have a gid defined in the UNIX Attributes tab. Besides that, you should not use overlapping ranges for idmap uid and the domain specific range. For WINHPC, you should limit the range to the numbers that you are planning to use in AD and then use another disjunct range for idmap uid. e.g. idmap config WINHPC : range = 1000-4 idmap uid = 5-40 idmap gid = 5-40 Regards, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Intermittent "Delayed Write Failed" when writing to Office 2007's "Recent Files" index.dat on a network share
Andrew Chadwick wrote on 05/10/2011 03:17:55 PM:
> The dialog in full:
>
> > Application popup: Windows - Delayed Write Failed : Windows was
> > unable to save all the data for the file
> > \windows\settings\appdata\Microsoft\Office\Recent\index.dat. The data
> > has been lost. This error may be caused by a failure of your computer
> > hardware or network connection. Please try to save this file
> > elsewhere.
>
> it presents in our system logs as
>
> > Apr 18 10:46:27 revdnsXXX pcX NT: {Delayed Write
> > Failed} Windows was unable to save all the data for the file
> > \Device\LanmanRedirector. The data has been lost. This error may be
> > caused by a failure of your computer hardware or network connection.
> > Please try to save this file elsewhere.
>
> (together with a message about the associated )
I have seen this message after smbd has crashed on the server side
or smbd did not reply to a request by the CIFS client for a while and the
client then forcefully disconnected.
Maybe you can check for smbd crashes in the logs and if it is somehow
reproducible then gather smbd debug logs showing the last few minutes
before
the message had shown up.
Regards,
Christian
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.6.0pre3 in Debian experimental
Direct from SambaXP 2011, I have the pleasure to announce that the Debian experimental archive now carries packages for samba 3.6.0pre3. (actually, they were uploaded 1 hour ago and need tomake their way to mirror and they have to be picked by Debian autobuilder, particularly if you want packages for architectures other than i386) Instead of re-explaining how the Debian experimental archive is working, please allow me to point to a quite complete Wiki page about it: http://wiki.debian.org/DebianExperimental 3.6.* packages will remain in Debian experimental until the release of the final version of 3.6.0. Then, packages will be uploaded to Debian unstable, thus targeting the next Debian version (and indirectly flowing to Ubuntu, of course). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind is not taking default domain
Quoting Marco Huang (marco.hu...@auckland.ac.nz): > We are using sernet-samba-3.5.8-27, but I've tried samba/winbind packages > from debian squeeze, same result, and the problem appears on centos5.5 as > well. We've been running these file servers for quite a long time, not sure > if there's any recent update on windows AD related which requires some > additional changes on smb.conf. See the trick that the bug submitter posted in the Debian bug (putting "winbind separator" *after* "winbind use default domain" in smb.conf. That may help in your case, toomaybe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind is not taking default domain
Quoting Marco Huang (marco.hu...@auckland.ac.nz): > Hi, > > We have been running samba file server about 2 years without this problem. > The problem appeared at the same time on our debian and centos servers. Not > sure if it's related to any updates on our windows AD servers. This seems to be Debian bug #617449, which I forwarded upstream as #7999. I write "seems" as the bug submitter in Debian was using "winbind separator" and you aren't. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Logon scripts not executed when NT4 trusted domain users log in a S3-controlled domain
Quoting Christian PERRIER (bubu...@debian.org): > - I get a notice that the domain paassword is expired. I can either > change it or ignore the warning, but: This was bug #7066. Fixed in 3.5.8. > - the DomB user logon script is not executed This seems to be bug #6356 though my client is a Windows XP machine (not Win7). This is really a showstopper for me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Logon scripts not executed when NT4 trusted domain users log in a S3-controlled domain
I'm currently building a Samba3-based domain (DomA) that has a trust relationship with an existing production NT4 domain (DomB). DomA uses an LDAP backend. The LDAP server is local on the PDC and is dedicated to such use. DomA runs Samba 3.5.6 on Debian 6.0. DomB is an old-timer: NT4 domain that's running for ages. The trust relationship has been established: DomA trusts DomB. Clients (Windows XP workstations) can join DomA flawlessly. Machine accounts are properly created in the LDAP backend. A DomB user can open a session on client workstations...however: - I get a notice that the domain paassword is expired. I can either change it or ignore the warning, but: - the DomB user logon script is not executed - the DomB user home directory is not connected (users in DomB have their home set to \\someserver\login) Of course, everything is working as expected when DomB users open a session on a DomB client: no password expiration warning, logon script executed. I actually see no sign of abnormal behaviour in samba logs on the PDC. Indeed, once the user is authenticated, nothing shows up in the logs. Would you people have suggestions about places where I could investigate such problem? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Debian users: which samba bugs fixed in 3.5.8 would you like to see fixed in Debian 6.0 "squeeze"?
Hello, I'm one of the maintainers of samba packages in Debian. As of now, Debian squeeze provides samba 3.5.6. As per Debian policy wrt updates in the "stable" releases of the distribution, providing 3.5.8 (and later) is not an option we'll be considering for future updates. The policy of our release team is indeed more conservative than the policy of the Samba Team (no offense intended, of course). *Still, we have the opportunity to cherrypick some fixes when they deal with "important"issues. So, I would like to give you, users of Debian packages, an opportunity to voice your needs.* Please mention what you would like to see fixed in further updates. Please focus on the following: - the bug is fixed in 3.5.8 - a clear upstream bug exists for that issue. Please point the Bugzilla bug number. Mentioning the upstream commit ID will be appreciated. - the issue should fit the definition of an "important" bug in Debian: "a bug which has a major effect on the usability of a package,without rendering it completely unusable to everyone.". - Of course, fixing "grave" bugs is also OK! (grave: "makes the package in question unusable or mostly so, or causes data loss, or introduces a security hole allowing access to the accounts of users who use the package"). The following fixes are already in the pipeline: - Upstream bug 7567: printing from Windows 7 fails with 0x03e6. Closes: #617429 - Upstream bug 6727: printer device settings not saved for normal domain users. Closes: #611177 - Upstream bug : winbind leaks gids with idmap ldap backend Closes: #613624 - Upstream bug 7880: rpcclient deldriver does not remove drivers from all architectures. Also, this version already includes the fix for CVE-2011-0719 that motivated the release of 3.5.7. Permission to our release team has been asked for these. The first two already got an approval. I have good hopes for the latter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available
Quoting Eckert, Robert D (eck...@indiana.edu): > Greetings, > > Can I go directly from 3.4.7 to the new 3.5.8 without installing > any intermediate versions? Or is there a different route I should > follow? You certainly can upgrade from 3.4.7 to 3.5.8. As usual with Samba, it's very hard to say whether you'll experience behavioral changes or not (I prefer using this than "regressions"), because local setups may vary strongly (and, very often, some setups exist to circumvent past samba bugsand, somtimes, the upgrade may "break" them in apparence). So, I would say: as always in such case, some care has to be taken if your samba setup is critical but that's anyway good practice in IT, isn't it? :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Printer drivers installation: files are not deleted
Quoting Thomas Stegbauer (tho...@stegbauer.info): > Hi Laurent, > > i cant imagine it is a permission problem. > The driver upload runs as root and i added root > > Also i added root with > net rpc rights grant "cake\domadm" SePrintOperatorPrivilege -U cake/root > > replaced cake with my domain-name. > > Also i find a driver which i can upload > HP Color Laserjet 2800 (PS) from Windows XP 32 > But if Using a driver from Utax (or the appropriate Version from Kyocera) i > get the permission error. > > Using a fresh installed Windows for printer driver extraction is imho no long > term solution ;) FWIW, on the setup described by Laurent (we both work in the same organization), we finally decided to go back to the method we've always been using : load drivers from Windows clients. We more and more only have HP printers and we're indeed using only one driver: the HP Universal Printing driver (actually, it's more 2-3 different drivers on each samba print spooler but that's much better than a big mess of dozens of drivers that mutually overwrite files). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind use default domain = Yes -> doesn't work since upgrade
Quoting markus hansen (hansenmar...@gmx.de): > Hi List, > > I Upgraded my samba Installation from 3.3.8 (centos packages) to 3.5.8 > (sernet packages). Now logging in does not work without providing the domain > any more - before the upgrade it worked. Does someone knows what has changed > in 3.5.8? See bug #7999. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Map multiple NT users to the same Unix user with tdbsam
Hi! I have an NTFS partition on an USB HDD mounted with uid=1000, gid=1000. Several users should be able to backup to that partition via Samba shares. They should be able to log in each with their own user/pass. I'd rather not have a separate unix account (/etc/passwd) for each of them (plus that runs into trouble with the uid==gid==1000 problem on the NTFS partition; I'd rather not set the whole NTFS disk world-writeable to circumvent that). And I'd really like to avoid ldap, sticking with tdbsam. What I wish I could do was having multiple user/password combinations on the Windows side and map them all to one user on the unix side. username map looked like the solution, but isn't; quoting the documentation: "... for user or share mode security, the username map is applied prior to validating the user credentials." Thus AIUI all the users would be required to share a password (that of the user they are mapped to). The only other thing I can think of is using share level security, and giving every user one share he can use. Seems possible but suboptimal. Having something like username map, but with it being applied after credential validation would exactly solve my problem (if smbpasswd let me create users absent from /etc/passwd). Is there any way to achieve something like this? Anyone got another solution for my scenario? Cheers, Christian PS: running Samba 3.5.6 on Debian Squeeze Linux on i386, currently security=user PPS: please CC me as I'm not on the list -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available
Quoting Karolin Seeger (ksee...@samba.org): > Release Announcements > = > > Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to > address CVE-2011-0719. Debian addressed these in security updates: - 2:3.2.5-4lenny14 for Debian "lenny" - 2:3.5.6~dfsg-3squeeze1 for Debian "squeeze" Please note that the latter is indeed samba 3.5.7 as the difference between 3.5.6 and 3.5.7 is only the security fix. I opened the discussion with the Debian security team to decide whether, in the future, we could be allowed to use the official upstream version number (to avoid misunderstandings, from our users, about the "vulnerability" of our packages. I use this opportunity to thank the Samba Team for their quick and efficient communication with 'vendors' about this issue, that allowed us to publish these security updates the very same day the issue was officially unveiled. Specifically, even though the 3.2 branch isn't officially supported security-wise by the Samba Team, we got ready-to-apply patches for 3.2 and these were a great help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.7 release date is...
Quoting Miguel Medalha (miguelmeda...@sapo.pt): > On the Samba wiki page "Samba3 Release Planning", the following is stated: > > "Thursday, February 2011 - Planned release date for Samba 3.5.7" > > Which of the February Thursdays will it be? 10, 17 or 24? > > The quoted page resides here: > > http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.5 AFAICT, from Karolin's mails to -technical, the planned date is Thursday 10th. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] understanding users mapping
Hi, as usual there are several ways to accomplish what you're looking for. This is what I prefer - "netgroups and granting rights", because 1) username map = /etc/samba/smbusers (linking users to root) IMHO the really old style for those who don't know a better way. You shouldn't grant admin-rights this way. 2) admin users = frank Somehow better than 1) but also a short-term solution you shouldn't use. 3) messing up with my netgroups and granting rights IMHO it's not "messing with" but the only way to grant user-rights and priviliges. It's more complex and you need to think about it ini advance, but it's a propper long-term solution. Check out the official samba-howto - chapter 15/16: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html Cheers, Christian === Dipl.-Ing. Christian Rost roCon - Informationstechnologie Ulmenstraße 45 44534 Lünen fon: +49 (0) 2306 910 658 fax: +49 (0) 2306 910 664 url: http://www.rocon-it.de Helmut Hullen wrote Subject: Re: [Samba] understanding users mapping Date: 03.02.2011 13:56 >Hallo, fdelval, > >Du meintest am 03.02.11 zum Thema Re: [Samba] understanding users mapping: > >> now i have like 3 ways of achieving what i want. > >> 1) username map = /etc/samba/smbusers (linking users to root) > >> 2) admin users = frank > >> 3) messing up with my netgroups and granting rights > > >> Which one should i use? > >I prefer "admin users" in the "smb.conf". Don't know wether it is the >best of all possible solutions. > >Viele Gruesse! >Helmut >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ubuntu doesn't daemonize smbd
Quoting Chris Smith (smb...@chrissmith.org): > OK, not exactly a samba issue but maybe the Ubuntu maintainer reads > this list and can provide some input. There is not exactly such thing as "the Ubuntu maintainer". As far as I can tell (with my Debian package maintainer hat), samba packages in Ubuntu are taken unchanged from Debian and very few Ubuntu-specific changes are made (the upstart-related change being one as Debian doesn't use upstart by default). This is monitored by Ubuntu server team, also with Steve Langasek (my co-maintainer for samba in Debian...and Canonical employee, though he's working on different things for Ubuntu). I just forwarded your mail to Steve and I think he'll make sure this reaches the right folks in Ubuntu server team. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ubuntu doesn't daemonize smbd
Quoting Chris Smith (smb...@chrissmith.org): > And I have seen reported instances of Samba issues on Ubuntu being > resolved by avoiding the distro packages and compiling from source. Hmmm, could be interesting to learn about which ones. Since 2-3 years, we made great efforts in Debian to avoid changing the behaviour of samba in our packages wrt upstream behaviour. Several code patches have been discussed with upstream, often integrated and sometimes abandoned. As a consequence, I would say that I don't see reasons for the behaviour of samba in Debian or Ubuntu packages to be different from samba compiled from sources. Of course, assuming you're comparing the same upstream version. So, if there are such issues, the packagers might be highly interested to learn about them (the best being bug reports in the distro's bug tracker). I think the same also stands for packages in rpm-based distros. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VPN/WAN Domain members
Hi, the problem you're describing is common to such setups. IMHO the following will help you in your setup: 1. raise the VPN timeouts This should prevent your VPN to go offline. 2. install a PDC/ BDC in each location Distribute distribute domain specific information to all locations, so you don't rely so heavily on your VPN. The samba-howto gives you information about the setup (Chapter 5. Backup Domain Control -> LDAP Configuration Notes). For this setup you need a Linux-box in each location. Depending on the needed performance/ size of your locations/ ... , it can range from something like a "Buffalo WZR-HP-G300NH with OpenWRT" up to a small server. Cheers, Christian === Dipl.-Ing. Christian Rost roCon - Informationstechnologie Ulmenstraße 45 44534 Lünen fon: +49 (0) 2306 910 658 fax: +49 (0) 2306 910 664 url: http://www.rocon-it.de ray klassen wrote Subject: [Samba] VPN/WAN Domain members Date: 24.11.2010 18:15 >I have about 60 PC's running windows XP behind vpn routers in different >locations. I find that they lose connection or sync (or whatever the right >word >is) to the domain periodically, probably when the vpn shuts down due to >low >demand. The result is that any domain user not already in the local >password >hash cache cannot log in and any local share with domain permissions on it >will >not allow the a domain account access if the pc is not rebooted. Is there >any >way to force windows to resync without a reboot or to make XP more fault >tolerant to slower connections to the samba domain? > >Thanks in advance. etc... > > > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Issues with default ACLs in created objects not including parent's owner: old bug or setup issue?
I have recurrent issue with ACLs on a server that's running samba 3.2.15 (this is a Debian lenny server and we're not ready, yet, to upgrade it...we just upgraded samba from 3.2.5 to 3.2.15+security fixes). If a "foo" directory, owned by "joe", has "joe and "jim" authorized to write to it through the filesystem's ACLs (and both in "foo" default ACL), and "joe" create a "bar" subdir in this directory.then "joe" himself is not added to the default ACL of "foo/bar". He can still write to "bar" (as he's the directory owner)but any file or dir created by *jim* in foo/bar will not have write access for "joe". I seem to remember this was an issue fixedsomewhere along 3.4 or 3.5 development cycles. However, I couldn't find any relevant bug report. Probably because my life is not driven by Bugzilla and I'm not good searching with it. So, would anyone remember about this being a bug.or could that be a local setup issue and some mysterious stanza missing in our setup? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbindd completely stopped responding
I have a samba3 server (ubuntu, 3.4.7) joined to a samba4 that has been working very nicely but today I got errors: net ads testjoin says the join is OK, but wbinfo -t says checking the trust secret via RPC calls failed Could not check secret and winbind logs on that machine (samba3) says: lsa_lookupsids call failed with NT_STATUS_NO_MEMORY - retrying... However, another samba3 machine that not really used works just fine... I finally found two stuck winbind processes on the failing samba3 machine, after killing them and restarting winbind everthing was working perfectly again, but I would like to understand the problem better. What would cause winbindd to completely stop responding after running just fine for days? Christian Huldt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.6 Available for Download
> This is the latest stable release of Samba 3.5. It has just been uploaded to Debian unstable. Thanks to the strict release policy of the Samba Team (only well identified bugfixes allowed in the stable version releases), this updated got pre-approved by the Debian release team. So, it means that even if Debian is now deeply frozen, in preparation for the release of Debian 6.0 "squeeze", samba 3.5.6 will be in that release. Not that many upstream software get such exceptions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA replies SAM LOGON request from different ip alias
68.16.6 192.168.17.25 DNS Standard query response A 192.168.16.33 20 29.808240 192.168.17.25 192.168.16.33 ICMP Echo (ping) request 21 29.809174 192.168.16.33 192.168.17.25 ICMP Echo (ping) reply 22 29.820861 192.168.17.25 192.168.16.33 SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE 23 29.822494 192.168.16.33 192.168.17.25 SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED 24 29.822896 192.168.17.25 192.168.16.33 SMB Session Setup AndX Request, NTLMSSP_AUTH, User: MYDOMAIN\root 25 29.833134 192.168.16.33 192.168.17.25 SMB Session Setup AndX Response 26 29.833843 192.168.17.25 192.168.16.33 SMB Tree Connect AndX Request, Path: \\SERVER3\IPC$ 27 29.835794 192.168.16.33 192.168.17.25 SMB Tree Connect AndX Response 28 29.843879 192.168.17.25 192.168.16.33 SMB NT Create AndX Request, FID: 0x4a4e, Path: \lsarpc 29 29.845124 192.168.16.33 192.168.17.25 SMB NT Create AndX Response, FID: 0x4a4e 30 29.853859 192.168.17.25 192.168.16.33 DCERPC Bind: call_id: 1 LSA V0.0 31 29.854438 192.168.16.33 192.168.17.25 SMB Write AndX Response, FID: 0x4a4e, 72 bytes 32 29.858426 192.168.16.33 192.168.17.25 DCERPC Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 33 29.860222 192.168.17.25 192.168.16.33 LSA LsarOpenPolicy2 request, \\SERVER3 r...@server1# lsof -nPi4 | grep mbd | grep -v ESTABLISHED smbd 5301 root 22u IPv413507 0t0 TCP 192.168.16.31:445 (LISTEN) smbd 5301 root 23u IPv413508 0t0 TCP 192.168.16.31:139 (LISTEN) nmbd 5309 root9u IPv413472 0t0 UDP *:137 nmbd 5309 root 10u IPv413473 0t0 UDP *:138 nmbd 5309 root 11u IPv413477 0t0 UDP 192.168.16.31:137 nmbd 5309 root 12u IPv413478 0t0 UDP 192.168.16.31:138 r...@server2# lsof -nPi4 | grep mbd | grep -v ESTABLISHED smbd 29514 root 42u IPv4 58325208 0t0 TCP 192.168.16.38:445 (LISTEN) smbd 29514 root 43u IPv4 58325209 0t0 TCP 192.168.16.38:139 (LISTEN) smbd 29514 root 54u IPv4 58325220 0t0 TCP 192.168.16.32:445 (LISTEN) smbd 29514 root 55u IPv4 58325221 0t0 TCP 192.168.16.32:139 (LISTEN) nmbd 29520 root9u IPv4 58325118 0t0 UDP *:137 nmbd 29520 root 10u IPv4 58325119 0t0 UDP *:138 nmbd 29520 root 31u IPv4 58325159 0t0 UDP 192.168.16.38:137 nmbd 29520 root 32u IPv4 58325160 0t0 UDP 192.168.16.38:138 nmbd 29520 root 43u IPv4 58325171 0t0 UDP 192.168.16.32:137 nmbd 29520 root 44u IPv4 58325172 0t0 UDP 192.168.16.32:138 Best regards Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Status of samba packages in Debian
a in Debian. Please don't hesitate to discuss issues and wishes in mailing lists on samba.org, we try to be watching out things there...at least /me..:-) In name of the packaging team for samba and related packages in Debian (Noèl Köthe, Steve Langasek, Mathieu Parent, Christian Perrier, Jelmer Vernooij). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 on a Samba 3.2.5 Domain
Quoting Rodolfo Barbosa (barbosa.rodo...@lunarconsultoria.com.br): > Guys, > > Does the Windows 7 work with a Samba 3.2.5? If it does, > where can I find a documentation about it? The mention of 3.2.5 makes me think you might be using Debian lenny..:-) In such case, you probably want to use backported packages for samba for Win7 support. http://backports.debian.org/ will give you the needed instructions. Please note that we currently have Samba 3.4.8 there, that's still affected by the latest security notice (CVE-2010-3069). I am preparing a backport of samba 3.5.5 as this is the version we now have in Debian squeeze. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
