Re: [Samba] samba high availability
Ryan Suarez wrote: Greetings, We're running samba 3.0.21a with cups on debian to serve printing and automatic driver download to XP clients. I'm looking into setting up a Linux-HA printing system with heartbeat in active/passive mode. Sorry, i'm new to this. From what I read, if a failure is detected on one node the other will take over and startup it's samba services. My question is how do I keep the samba print queues,drivers, etc. synced between the two machines? Can I use NFS to store the samba installation and mount it on both machines? Or use rsync? what files/directories need to be kept in sync? much appreciated, Ryan That all depends on how you want to do it. You can share a SCSI array and use a STONITH device to really kill the other node before mounting it on the backup server. Or you can just keep things up to date with regularly scheduled rsyncs. Or NFS. Since you only mention printing, I'd recommend not using the shared SCSI and pick from either NFS or rsync. I use rsync, because I don't need instant updates across both servers as I only use samba as a print server. As for the heartbeat stuff, I ended up just using the existing ethernet connections for heartbeat transmission. I have a logical IP set up on both machines for the samba service to use, and then I wrote a script that a failed heartbeat calls when a node failure is detected that brings up that interface and starts samba. I can probably provide you with more technical details if need be. -- David Schlenk Operating Systems Analyst Bethel University [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba HA on two nodes
On Nov 21, 2005, at 5:42 AM, HENRY Vincent wrote: Is anybody succeed to run a configuration on a two node clusters with Samba installed on each machine? I compiled two versions on different directories (/usr/local/samba1 and samba2). At this point, I can run 2 samba's on one node in case of failure but problems are on Active Directory authentication for the Fallback node. Yes, I am, but it does not do file sharing, just printing. What I did was set up a logical IP on both machines and if the fallback node detected that the other node's primary IP went down, it would turn on that interface and start samba. Not exactly the most perfect setup but it seems to work pretty well. I use regularly scheduled rsyncs to keep the various tdbs and printer drivers in sync. For file serving you'd probably want to add a stonith device and then have both machines attached to a scsi array. There's still that array being the single point of failure, but it's better than nothing. David Schlenk Operating Systems Analyst Bethel University [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RESOLVED--Re: [Samba] Print Share Problem
On May 20, 2005, at 4:08 PM, John H Terpstra wrote: The only time it is necessary to specify the printer configuration in detail is where you want to restrict certain printers from use. Just to share something I do with the greater community: My samba machine receives it's CUPS printers from the printers that our main CUPS servers broadcast, so when the machine first boots it takes a couple minutes for the list of printers to fully populate. This obviously causes samba to not advertise all the printers after a reboot until you restart the service after the list is fully populated a couple minutes after boot. I resolved this by putting each printer explicitly in the smb.conf file. Granted, having a 900 line smb.conf file is kind of obnoxious, but the silver lining is has actually made my life easier since I can make changes/restrictions to specific queues now. -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mirrored samba servers.
On Thu, 2005-04-28 at 08:17 -0400, Richmond Dyes wrote: > I have a customer that is using 250 gig drives for his business data. I > have been using rsync to keep mirror copies of his data on a second > machine. In the last 3 months I have lost 2 of four drives, the last > one being the system drive. I have been doing a manual switchover. Each > time rsync runs, I copy my samba conf files, passwd, shadow and group > files from etc. Has anyone setup a HA configuration for samba servers > on separate machines. If so, where can I get information for this kind > of setup? > http://thorin.xp.bethel.edu:7080/blojsom/blog/schdav/ Keep in mind that my requirements probably don't match yours. I don't do any file sharing (other than printer drivers), so you'll probably want to look into a SCSI RAID (probably RAID5) system that's shared between the machines, and get yourself some stonith devices so you don't corrupt your filesystems. Also some linked files might be unavailable to the general internet - email me off list if you want them and I'll make them available somewhere public. I haven't put this setup into production yet but it seems to work pretty well in the tests I've done. -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] enable-cups in spec file
It appears that --enable-cups made it into the Redhat srpm. Neat. I've been adding that one line to it forever, and did it again this time without checking for its presence, thus causing the compile to fail. Thought I'd let the world know in case someone else did something equally foolish and got confused with config.sub errored out. -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Copying printer drivers across many servers
I've been largely able to do this by copying everything in the /var/lib/samba directory, then removing all the tdb's in /var/lib/samba/printing. (/var/lib might be something else depending on your OS/config). You'd do this after installing the samba packages but before joining a domain and starting the service. You'll also need to copy all the printer drivers, which I put in /usr/share/samba/printers, but that would depend on your print$ definition. Doing it this way seems to work for about 95% of the printer drivers we use, YMMV. On Mar 7, 2005, at 5:06 AM, David Landgren wrote: List, I am deploying a number of Samba servers across a WAN. To date I have manually uploaded printer drivers from an XP client to the Samba server. But it's slow, and I systematically upload the same drivers over and over again. I'm not quite sure of the recipe, but I'm sure there must be a way of replicating all the drivers, from a central point, out to the remote servers. Copying the files is simple enough, but how do I make the various .tdb files contain the right records? Has anyone done something like this before? Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdf printing queue never empties out
3.0.11 and deleting the printing/*.tdb files seemed to fix that behavior for many people on the list, including myself. Does this happen on regular queues or just the pdf queues? On Feb 15, 2005, at 2:15 PM, Kevin Fenzi wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings. I'm seeing an odd problem with 3.0.10 and 3.0.11 here. We have some pdf printers defined: [Accounting pdf printer] printer admin = "DOMAIN+Domain Users" browseable = yes path = /pdfdropbox/Accounting printable = yes writeable = no print command = /usr/bin/preprintpdf %s -r lpq command = lprm command = The /usr/bin/preprintpdf just passes the job on: #! /bin/sh OUTDIR=/pdfdropbox /usr/bin/printpdf -dCompatibilityLevel=1.4 "$1" rm $1 The /usr/bin/printpdf converts the file to a pdf with ghostscript. With 3.0.7 everything worked fine. Jobs could be printed, the pdf's showed up and the queue was fine. With 3.0.10 or 3.0.11, the pdf's show up fine, but the queue never shows the jobs as completed. They continue to show up in the queue until samba is restarted. Note that the spool files are removed fine, so it's some internal samba state thats still reporting the jobs in the queue. With debug = 10, We see in the logs: [2005/02/11 18:01:53, 0] tdb/tdbutil.c:tdb_log(725) tdb(/var/lib/samba/printing/IT pdf printer.tdb): tdb_lock failed on list 1717 ltype=1 (Bad file descriptor) [2005/02/11 18:01:53, 0] tdb/tdbutil.c:tdb_log(725) tdb(/var/lib/samba/printing/IT pdf printer.tdb): tdb_lock failed on list 480 ltype=1 (Bad file descriptor) [2005/02/11 18:01:53, 0] printing/printing.c:print_queue_update_internal(1201) print_queue_update: failed to store MSG_PENDING flag for [IT pdf printer]! We have tried removing the tdb files and restarting, but that seems to have no effect. Any ideas? Happy to provide any further information. kevin -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/> iD4DBQFCElhM3imCezTjY0ERAp24AJ0SaWj6IBi3KszYfzFcRxvTE1EJfgCXaRKF 3W3bOtB8OoSmk8u/KYZ8YQ== =a1/M -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Best practices for long-running Samba server
On Jan 25, 2005, at 7:37 AM, Misty Stanley-Jones wrote:
Because our systems typically have uptimes measured
in months rather than days, and it is difficult for me to restart Samba
except as a scheduled task (which I'm afraid to do because there are
users
who come in earlier than I do in the AM and users that work later than
me in
the PM, and I don't want them having to call me at home :D ),
I restart my samba/cups services at 4:00AM every morning, using the
following really, really aggressive script.
#!/usr/bin/perl
system("/sbin/service smb stop");
sleep(3);
system("killall -9 smbd");
sleep(3);
system("killall -9 nmbd");
sleep(3);
system("/sbin/service cups stop");
sleep(3);
system("killall -9 cupsd");
sleep(3);
system("/sbin/service cups start");
sleep(15);
system("/sbin/service smb start");
Never had a problem with things not restarting OK, and I've had this
scheduled nightly for months. In my experience, samba and cups will
crash at some point, so I'd rather do this in attempts to avoid middle
of the day type outages, but not everyone has the luxury of little to
no users active at 4:00AM, so YMMV.
--
David Schlenk
Operating Systems Analyst
Bethel University
Saint Paul, Minnesota
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] memory issues with samba 3.0.10
On Jan 26, 2005, at 11:27 AM, Gerald (Jerry) Carter wrote: top reports a VSZ number (process' total amount of virtual memory allocated) for each process. What does that say? It was under a MB for the process that was pegged, and I didn't get a chance to check for the total of all the other smbd processes before I "fixed" things. I'll check next time it happens. -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] memory issues with samba 3.0.10
On Jan 26, 2005, at 10:46 AM, Adam Tauno Williams wrote: Our central print server runs 3.0.10 and several times a day one of the smbd processes starts to grow. We simply keep an eye on it and can kill -9 the offender, the rest of the smbd processes seem oblivious to the event and trundle along happily. We've seen these babies get as big as 989Mb (the average smbd seems about 70Mb), and if we don't kill them the server eventually goes into swap frenzy which can eat-up the CPU. Perhaps you're seeing the same thing? Not so much. It's the main smbd process, the one running as root. Killing it makes the rest of them not work anymore. I stopped samba, moved the old tdb's back to /var/lib/samba/printing and it seems to be working better at this point. I'm not sure if the tdb's had anything to do with it or not, although they all have old file modification dates on them, probably from before I was using 3.0.10 (so, 3.0.9 or more likely 3.0.5 created them). On Jan 26, 2005, at 10:37 AM, Gerald (Jerry) Carter wrote: Your subject metions memory usage, but your mail talks about CPU usage. Which is it I'm not terribly familiar with how load is calculated, or exactly what top's CPU% means, but I guess I figured that the memory usage thing might have been causing the CPU usage, but perhaps I was thinking too hard. -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] memory issues with samba 3.0.10
I'm still having problems with that memory issue using 3.0.10 with v.2 of the printing patch + the one line patch from Jerome Borsboom. My production server has completely frozen a couple times in the past couple weeks, and did so again this morning. This time before restarting samba I removed the tdb files in /var/lib/samba/printing/* as Jerry mentioned this might help the queue not clearing problem. What exactly does this cause samba to do? It froze up completely again after about an hour, and now the load is petering between 1 and 2, with smbd taking up between 95 and 99% of the CPU constantly. I backed up the old tdb's, should I maybe go back to those? -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [[ CD Server ]]
On Jan 25, 2005, at 8:39 AM, Chris McKeever wrote: there was a great howto somewhere that I can not seem to find at the moment - http://www.linuxjournal.com/article/5639 Looks like registration required, but it's worth it. Great article. -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Lingering WinXP SP2 issues
OK, after more testing: The "A policy is in effect on your computer which prevents you from connecting to this print queue. Please contact your system administrator." message does indeed show up if a queue's driver has not been loaded by a local admin in the past. This is normal, this is expected. What I'm experiencing is that occasionally, on a random queue, different every time, some users (that are not local admins) get that message, along with a few other errors saying "The application failed to initialize properly (0xc01d). Click on OK to terminate the application." for something called SUBINACL.EXE. The queue would still open, but printing wasn't reliable. I talked to our windows admin about it and he couldn't think of why that was happening, or if they would be related. It is interesting that this only occurs when the machine's account is in an OU that has a lot of group policies applied to it, so it probably has more to do with that than samba. We've run into some other policies that do bad things with SP2 applied (like reboot loops). -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Lingering WinXP SP2 issues
On Jan 13, 2005, at 12:11 PM, Paul Gienger wrote: from connecting to this print queue. Please contact your system administrator." on a select few queues. This occurs only on WXP SP2 machines You didn't have this issue before SP2? AFAIK, you should see this all the time (SP2 or not, even w/2000) when a non-admin user connects, provided the printer hasn't been installed already as by someone with admin. Nope. Worked fine, prior. I will play around with that and see if I can get a pattern though. It does only affect certain drivers, so maybe it wasn't supposed to be working before and now correctly isn't working. --- On Jan 13, 2005, at 12:18 PM, Misty Stanley-Jones wrote: On Thursday 13 January 2005 13:11, Paul Gienger wrote: Has anyone else had this behavior? Any fixes (deleting tdb files perhaps)? It's a client side issue, no server changes would fix it aside from making the user a member of Domain Admins, thereby giving local admin. That's most likely not what you REALLY want to do though. It would be solved by using [PRINT$] share and storing all your printer drivers on the server. A normal user will be able to connect to a network printer but won't be able to install any drivers. The only users of mine who have to be administrator are the ones who need to use a printer which will not store its drivers on the server. I do this already. Used to work great. :) -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Lingering WinXP SP2 issues
After apparently flawed testing, we rolled out SP2 for XP this week as samba seemed to be able to handle printing acceptably in recent versions. Once we rolled it out, we started getting reports of many users receiving the error :A policy is in effect on your computer which prevents you from connecting to this print queue. Please contact your system administrator." on a select few queues. This occurs only on WXP SP2 machines when the user has less-than-admin rights on the local machine. Users with local admin priviledges seem to have jobs disappear occasionally, but otherwise behave normally. Has anyone else had this behavior? Any fixes (deleting tdb files perhaps)? -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinXP print problem
On Jan 13, 2005, at 3:32 AM, Jean Lee wrote: Hello, I am using samba to acces a printer on my Linux server from Windows XP Home SP2 clients. It was working very well until yesterday evening. Since yesterday, I can print from the server (with cups) but I can't print from the Windows clients. And all the shared folders are still OK. There is only printing from Windows clients which doesn't work. We changed nothing on the server neither on the client side. When I try to print a test page from Windows, I get the following error: Unable to create a print task I tried the following things : Uninstall then reinstall printer from the windows client Uninstall then reinstall printer from the server reboot the server I always have the problem Here is a part of my /etc/smb.conf [printers] comment = All Printers valid users = user gp pm cm path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print public = no writable = no printable = yes I don't know where to search. I tried Ethereal but it is to complex for me. Does anybody experienced this problem ? If no, where and what can I start to search ? THank you for any help, Jean Lee Did you happen to install the latest round of patches from Microsoft on Tuesday? -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with Samba 3.0.9
On Jan 11, 2005, at 8:43 AM, Taylor, Marc wrote: Hello, I am running Samba on RHAS 3 Update 4 which has presumably the latest patched version of 3.0.9: samba-3.0.9-1.3E.2. I am using this machine as a print server and I am finding that jobs seem to hang around in the printer share even after they have printed. I saw reference to this in another post and according to rhn.com, this version of samba should have the patch that should have fixed this problem. If you need me to post more, I will but I wanted to see if anyone else running Samba on this platform is experiencing this as well. Thanks. This is a problem through 3.0.10 at least, and possibly 3.0.11pre1 as well. There was a small patch sent to the list yesterday that may help, along with the printing patch from Jerry at http://www.samba.org/~jerry/patches/post-3.0.10/ YMMV. -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Spool queue issue winxp and samba-3.0.x
On Jan 10, 2005, at 2:42 AM, Samba List Unetix wrote: On Friday 07 January 2005 18:40, Gerald (Jerry) Carter wrote: Samba List Unetix wrote: | Hai, | | Lately I am encountering a weird issue with spool queue | under winxp and samba+cups. try the printing patch at http://www.samba.org/~jerry/patches/post-3.0.10/ I've got one report that its will correct the problem and one that the problem still exists. YMMV. Thanx for the rapid answer , I'm actually using 3.0.11pre1 now , and the problem still exists, is this patch in the .11pre1 version or should it be applied still? I deployed 3.0.10 with printing patch v2 on Friday night and although it did seem to operate correctly when I sent jobs to it right after the upgrade, it is not working properly now and is leaving jobs in the queue. Are people finding success with the additional release_print_db call Jerome Borsboom mentioned? -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] new printing patch for 3.0.10
I have tested the new printing patch for 3.0.10 found at http://www.samba.org/~jerry/patches/post-3.0.10/ in my test environment (i386 arch running redhat 9 with cups 1.1.20) and have found that it fixes the queue not clearing bug. Clients I tested with include Win98SE, Win2k SP4, WinXP SP1 and WinXP SP2. For anyone who uses rh9 and cups 1.1.20, and wants to use my rpms, you can get them here: http://www.mathcs.bethel.edu/~schdav/ -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.11pre1 Available for Download
On Jan 5, 2005, at 1:19 PM, Gerald Carter wrote: Common bugs fixed in 3.0.11pre1 include: ~ o Numerous printing bugs bugs including memory ~bloating on large/busy print servers. I can confirm that the job clearing bug present in unpatched 3.0.9/3.0.10 is gone from 3.0.11pre1 tested with 98, 2k and XP clients. I've got a new 3.0.10 package compiled with the new printing patch, results of tests tomorrow. -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Cups interaction
On Jan 5, 2005, at 1:32 PM, Misty Stanley-Jones wrote: While trying to solve my printer problem, I have come up with another question that Google is not helping me with. What happens to a print job after Samba submits it to Cups? Is it 'finished' even though Cups is still printing it? Is that why my users aren't seeing their print jobs, because Cups has already snatched them and Samba assumes they are done? I would much rather if the user could see the print job through its whole life, and could cancel it if they wanted to (if it was 1000 pages long and they realized that someone had put stationery in the printer for instance)? This level of things is not covered in the docs to the best that I can find. :( Even beyond the "was cups support compiled in" question, it is possible to not see jobs for their entire life in the samba queue: If the cups server you are using in conjunction with samba sends jobs directly to the printer, then the job should remain in the samba queue for the life of the job. If however you have separate cups server(s) that actually send jobs to printers and a local copy of cups on the samba box that just sends the jobs to the other cups server(s), then the job will only remain in the samba queue for the (short) amount of time it takes your local cups server to send the job to other cups servers, since all samba knows . [This setup allows you to have redundant/load balancing cups servers.] I believe you can specify a non-local cups server in the 3.x series of samba, but I don't remember the corresponding smb.conf parameters off-hand. [And doing this would make redundant/load balancing not work, unless you wanted to go round-robin DNS style, but that isn't quite the same thing.] -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] time for a poll -- does anyone use the testprns tool ?
I didn't know it existed, and now that I do, I don't think I'd ever use it. (For those unfamiliar with it, it merely checks to see if the printer you specify has a valid entry in /etc/printcap [or another printcap file]). On Dec 23, 2004, at 1:11 PM, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mostly for print server admins: I am considering marking testprns as deprecated (or just remove it). It doesn't seem to be that useful anymore. Does anyone use it on a regular basis and would therefore be distraught if it were gone in a future 3.0.x release ? cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song"--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFByxh9IR7qMdg1EfYRAlijAJ0Wqe6qCTP+HAZ5Zs9Fp8KJH5vd3QCfREqK qivp49gJVWCZZ8Lu6tEusaM= =g68q -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CAN-2004-1154 : Integer overflow could lead to remote code execution in Samba 2.x, 3.0.x <= 3.0.9
Today's security patch doesn't work if you also want to use the printing patch for 3.0.9 mentioned recently on this list. Build error: Linking bin/smbd printing/printing.o(.text+0x2d4b): In function `print_queue_update': printing/printing.c:1421: undefined reference to `smb_xmalloc' collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 This is patching with the printing patch first, followed by the security patch, using the %patch macros of rpm. I'll try the other way around, but it takes awhile on my slow test box, so I thought I'd see if anyone had any success building with both patches. On Dec 16, 2004, at 6:17 AM, Gerald Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 == == == Subject: Possible remote code execution == CVE ID#: CAN-2004-1154 == == Versions:Samba 2.x & 3.0.x <= 3.0.9 == == Summary: A potential integer overflow when == unmarshalling specific MS-RPC requests == from clients could lead to heap == corruption and remote code execution. == == === Description === Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges. Successful remote exploitation allows an attacker to gain root privileges on a vulnerable system. In order to exploit this vulnerability an attacker must possess credentials that allow access to a share on the Samba server. Unsuccessful exploitation attempts will cause the process serving the request to crash with signal 11, and may leave evidence of an attack in logs. == Patch Availability == A patch for Samba 3.0.9 (samba-3.0.9-CAN-2004-1154.patch) can be downloaded from http://www.samba.org/samba/ftp/patches/security/ The patch has been signed with the "Samba Distribution Verification Key" (ID F17F9772). = Protecting Unpatched Servers = The Samba Team always encourages users to run the latest stable release as a defense against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. === Credits === This security issue was reported to Samba developers by iDEFENSE Labs. The vulnerability was discovered by Greg MacManus, iDEFENSE Labs. == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBwXzdIR7qMdg1EfYRAvnVAKCgJxELPsRo2oIwBcUq+wKNkjB3BwCgzn5l 3PtHselUE/u/xxC7PRYpxyA= =8JRM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.9 doesn't remove printjobs ?
The patch doesn't fix this problem, but rather fixes a memory usage problem. I don't believe it has anything to do with XP SP2. On Dec 14, 2004, at 12:13 PM, Ryan Novosielski wrote: Refer to some older messages -- there's a printing patch. HOWEVER, I am also told that this is related to an XP SP2 bug. Do you have SP2? _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$&| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Tue, 14 Dec 2004 [EMAIL PROTECTED] wrote: Hello! I'm using samba with CUPS printing (with raw passthru) for a long time now and it worked very well. But after upgrading my samba installation from 3.0.2 to 3.0.9, the printjobs (sent from XP Workstations) aren't removed from the joblist anymore. Means: the job is printed correctly, but opening the printqueue on the XP machine still contains the job (not only mine, but jobs from every user who sent one). When I now delete them manually, they're gone. Since I can't find any remaining SMB or CUPS spool-files, (thought about missing access rights for deletion) I don't know what to look for. The only error message I found is: tdb(/var/lib/samba/printing/Kyocera7000.tdb): rec_read bad magic 0xd9fee666 at offset=26084 in /var/log/samba/smbd (but I got this message sometimes before the upgrade too ...) Thanks for some hints on that (2) problem(s) Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.9 doesn't remove printjobs ?
I've experienced this as well. I emailed Jerry off-list and he is working on it. On Dec 14, 2004, at 11:24 AM, [EMAIL PROTECTED] wrote: Hello! I'm using samba with CUPS printing (with raw passthru) for a long time now and it worked very well. But after upgrading my samba installation from 3.0.2 to 3.0.9, the printjobs (sent from XP Workstations) aren't removed from the joblist anymore. Means: the job is printed correctly, but opening the printqueue on the XP machine still contains the job (not only mine, but jobs from every user who sent one). When I now delete them manually, they're gone. Since I can't find any remaining SMB or CUPS spool-files, (thought about missing access rights for deletion) I don't know what to look for. The only error message I found is: tdb(/var/lib/samba/printing/Kyocera7000.tdb): rec_read bad magic 0xd9fee666 at offset=26084 in /var/log/samba/smbd (but I got this message sometimes before the upgrade too ...) Thanks for some hints on that (2) problem(s) Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
