Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100%
-Original Message- From: Rowland Penny Sent: Sunday, September 30, 2012 5:49 PM To: samba@lists.samba.org Subject: Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100% On 30/09/12 16:36, David Touzeau wrote: I have created a ticket on bugtrack https://bugzilla.samba.org/show_bug.cgi?id=9226 -Original Message- From: Rowland Penny Sent: Saturday, September 29, 2012 10:21 PM To: samba@lists.samba.org Subject: Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100% On 29/09/12 20:31, David Touzeau wrote: nsswitch as been changed to passwd: files ldap winbind group: files ldap winbind shadow: files ldap winbind But lsass.exe still run at 100% cpu and winbind still want to parse the full AD I think i will create a ticket on the tracker because we have removed winbind from the nsswitch: passwd: files ldap group: files ldap shadow: files ldap and lsass.exe still run at 100% When stopping winbindd lsass.exe is down to 0% From: Heather Choi Sent: Saturday, September 29, 2012 4:26 PM To: David Touzeau Cc: mario.codeni...@gmail.com ; samba@lists.samba.org Subject: Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100% manpages of nssswitch: compat support `+/-' in the ``passwd'' and ``group'' databases. If this is present, it must be the only source for that entry. Database Default source list group compat group_compat nis hosts files dns netgroup files [notfound=return] nis passwd compat passwd_compat nis On 09/29/2012 05:03 AM, David Touzeau wrote: Thanks Heather Choi But in my nsswitch i have passwd: compat ldap winbind group: compat ldap winbind shadow: compat ldap winbind As compat is and advanced files method... So my nsswitch is compatible with your suggest...? -Original Message- From: Heather Choi Sent: Saturday, September 29, 2012 4:52 AM To: mario.codeni...@gmail.com Cc: samba@lists.samba.org Subject: Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100% You definitely should have files placed *before* winbind of passwd, group and shadow, like: passwd: files winbind shadow: files winbind group: files winbind Otherwise, you will be hitting AD a whole ton for localized users and definitely root with services running. On 09/27/2012 02:00 AM, David Touzeau wrote: Dear I have connected samba 3.6.8 to my Active Directory in the lsass.exe run to 100% When stopping winbind the lsass.exe CPU is down to 0% When set winbindd to debug mode, it seems it try to scan the root user every time. I would to know how to ban nsswitch to query winbindd for system internal users such has root, apache. Here it is my nsswitch.conf : # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. bind_policy soft passwd: compat ldap winbind group: compat ldap winbind shadow: compat ldap winbind hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns networks: files protocols: db files services: db files ethers: db files rpc:db files netmasks: files netgroup: files nis publickey: files bootparams: files aliases:files automount: ldap files Attached file is the winbindd debug mode: Hi, you say that you have connected samba 3.6.8 to your Active Directory, How? and where does ldap come into it. If you join a samba 3.6 machine to Active Directory, you only need winbind to be added to nsswitch.conf Rowland Hi again, now that I have seen your smb.conf on the bug link you posted, try removing the ldap entries from /etc/nsswitch.conf , you do not need them, you are not using ldap. Rowland hi Removing LDAP did not change any behavior... david -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100%
I have created a ticket on bugtrack https://bugzilla.samba.org/show_bug.cgi?id=9226 -Original Message- From: Rowland Penny Sent: Saturday, September 29, 2012 10:21 PM To: samba@lists.samba.org Subject: Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100% On 29/09/12 20:31, David Touzeau wrote: nsswitch as been changed to passwd: files ldap winbind group: files ldap winbind shadow: files ldap winbind But lsass.exe still run at 100% cpu and winbind still want to parse the full AD I think i will create a ticket on the tracker because we have removed winbind from the nsswitch: passwd: files ldap group: files ldap shadow: files ldap and lsass.exe still run at 100% When stopping winbindd lsass.exe is down to 0% From: Heather Choi Sent: Saturday, September 29, 2012 4:26 PM To: David Touzeau Cc: mario.codeni...@gmail.com ; samba@lists.samba.org Subject: Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100% manpages of nssswitch: compat support `+/-' in the ``passwd'' and ``group'' databases. If this is present, it must be the only source for that entry. Database Default source list group compat group_compat nis hosts files dns netgroup files [notfound=return] nis passwd compat passwd_compat nis On 09/29/2012 05:03 AM, David Touzeau wrote: Thanks Heather Choi But in my nsswitch i have passwd: compat ldap winbind group: compat ldap winbind shadow: compat ldap winbind As compat is and advanced files method... So my nsswitch is compatible with your suggest...? -Original Message- From: Heather Choi Sent: Saturday, September 29, 2012 4:52 AM To: mario.codeni...@gmail.com Cc: samba@lists.samba.org Subject: Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100% You definitely should have files placed *before* winbind of passwd, group and shadow, like: passwd: files winbind shadow: files winbind group: files winbind Otherwise, you will be hitting AD a whole ton for localized users and definitely root with services running. On 09/27/2012 02:00 AM, David Touzeau wrote: Dear I have connected samba 3.6.8 to my Active Directory in the lsass.exe run to 100% When stopping winbind the lsass.exe CPU is down to 0% When set winbindd to debug mode, it seems it try to scan the root user every time. I would to know how to ban nsswitch to query winbindd for system internal users such has root, apache. Here it is my nsswitch.conf : # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. bind_policy soft passwd: compat ldap winbind group: compat ldap winbind shadow: compat ldap winbind hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns networks: files protocols: db files services: db files ethers: db files rpc:db files netmasks: files netgroup: files nis publickey: files bootparams: files aliases:files automount: ldap files Attached file is the winbindd debug mode: Hi, you say that you have connected samba 3.6.8 to your Active Directory, How? and where does ldap come into it. If you join a samba 3.6 machine to Active Directory, you only need winbind to be added to nsswitch.conf Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100%
Thanks Heather Choi But in my nsswitch i have passwd: compat ldap winbind group: compat ldap winbind shadow: compat ldap winbind As compat is and advanced files method... So my nsswitch is compatible with your suggest...? -Original Message- From: Heather Choi Sent: Saturday, September 29, 2012 4:52 AM To: mario.codeni...@gmail.com Cc: samba@lists.samba.org Subject: Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100% You definitely should have files placed *before* winbind of passwd, group and shadow, like: passwd: files winbind shadow: files winbind group: files winbind Otherwise, you will be hitting AD a whole ton for localized users and definitely root with services running. On 09/27/2012 02:00 AM, David Touzeau wrote: Dear I have connected samba 3.6.8 to my Active Directory in the lsass.exe run to 100% When stopping winbind the lsass.exe CPU is down to 0% When set winbindd to debug mode, it seems it try to scan the root user every time. I would to know how to ban nsswitch to query winbindd for system internal users such has root, apache. Here it is my nsswitch.conf : # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. bind_policy soft passwd: compat ldap winbind group: compat ldap winbind shadow: compat ldap winbind hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns networks: files protocols: db files services: db files ethers: db files rpc:db files netmasks: files netgroup: files nis publickey: files bootparams: files aliases:files automount: ldap files Attached file is the winbindd debug mode: -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100%
nsswitch as been changed to passwd: files ldap winbind group: files ldap winbind shadow: files ldap winbind But lsass.exe still run at 100% cpu and winbind still want to parse the full AD I think i will create a ticket on the tracker because we have removed winbind from the nsswitch: passwd: files ldap group: files ldap shadow: files ldap and lsass.exe still run at 100% When stopping winbindd lsass.exe is down to 0% From: Heather Choi Sent: Saturday, September 29, 2012 4:26 PM To: David Touzeau Cc: mario.codeni...@gmail.com ; samba@lists.samba.org Subject: Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100% manpages of nssswitch: compat support `+/-' in the ``passwd'' and ``group'' databases. If this is present, it must be the only source for that entry. Database Default source list group compat group_compat nis hosts files dns netgroup files [notfound=return] nis passwd compat passwd_compat nis On 09/29/2012 05:03 AM, David Touzeau wrote: Thanks Heather Choi But in my nsswitch i have passwd: compat ldap winbind group: compat ldap winbind shadow: compat ldap winbind As compat is and advanced files method... So my nsswitch is compatible with your suggest...? -Original Message- From: Heather Choi Sent: Saturday, September 29, 2012 4:52 AM To: mario.codeni...@gmail.com Cc: samba@lists.samba.org Subject: Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100% You definitely should have files placed *before* winbind of passwd, group and shadow, like: passwd: files winbind shadow: files winbind group: files winbind Otherwise, you will be hitting AD a whole ton for localized users and definitely root with services running. On 09/27/2012 02:00 AM, David Touzeau wrote: Dear I have connected samba 3.6.8 to my Active Directory in the lsass.exe run to 100% When stopping winbind the lsass.exe CPU is down to 0% When set winbindd to debug mode, it seems it try to scan the root user every time. I would to know how to ban nsswitch to query winbindd for system internal users such has root, apache. Here it is my nsswitch.conf : # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. bind_policy soft passwd: compat ldap winbind group: compat ldap winbind shadow: compat ldap winbind hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns networks: files protocols: db files services: db files ethers: db files rpc:db files netmasks: files netgroup: files nis publickey: files bootparams: files aliases:files automount: ldap files Attached file is the winbindd debug mode: -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100%
On 27 September 2012 09:00, David Touzeau da...@touzeau.eu wrote: Dear I have connected samba 3.6.8 to my Active Directory in the lsass.exe run to 100% When stopping winbind the lsass.exe CPU is down to 0% When set winbindd to debug mode, it seems it try to scan the root user every time. I would to know how to ban nsswitch to query winbindd for system internal users such has root, apache. Here it is my nsswitch.conf : # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. bind_policy soft passwd: compat ldap winbind group: compat ldap winbind shadow: compat ldap winbind hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns networks: files protocols: db files services: db files ethers: db files rpc:db files netmasks: files netgroup: files nis publickey: files bootparams: files aliases:files automount: ldap files Attached file is the winbindd debug mode: The list strips attachments. Try pasting it inline if not too large. Otherwise, put it on pastebin and send the link. -- Michael Wood esiot...@gmail.com -Original Message- From: Michael Wood Sent: Friday, September 28, 2012 9:34 AM To: David Touzeau Cc: samba@lists.samba.org Subject: Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100% Thanks Michael Here it is the link of the debug log: http://www.artica.fr/temporary/samba-list/log.winbindd David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100%
Dear I have connected samba 3.6.8 to my Active Directory in the lsass.exe run to 100% When stopping winbind the lsass.exe CPU is down to 0% When set winbindd to debug mode, it seems it try to scan the root user every time. I would to know how to ban nsswitch to query winbindd for system internal users such has root, apache. Here it is my nsswitch.conf : # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. bind_policy soft passwd: compat ldap winbind group: compat ldap winbind shadow: compat ldap winbind hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns networks: files protocols: db files services: db files ethers: db files rpc:db files netmasks: files netgroup: files nis publickey: files bootparams: files aliases:files automount: ldap files Attached file is the winbindd debug mode: -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.6.6: cluster support not available: support for SCHEDULE_FOR_DELETION control missing
Dear, i cannot compile the latest build with cluster support: I have tried the debian repository I have tried by compiling the ctdb-1.0.112-12 via the rsync explained in the wiki I have tried by compiling the ctdb-1.0.114.5 available here : http://ftp.sernet.de/pub/ctdb/1.0.114/src/ctdb-1.0.114.5.tar.gz The samba package still refuse to compile when enable the cluster support: checking cluster support... yes configure: checking whether cluster support is available checking for ctdb.h... yes checking for ctdb_private.h... yes checking for CTDB_CONTROL_TRANS3_COMMIT declaration... yes checking for CTDB_CONTROL_SCHEDULE_FOR_DELETION declaration... no configure: error: cluster support not available: support for SCHEDULE_FOR_DELETION control missing Is there any tips to fix this issue ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba: 3.6.5 lib/fault.c:47(fault_report) smd crash
Dear I'm facing issues when using Samba on PDC mode + LDAP installed on i386 Debian 6 Is there a way to resolve it ? Jun 14 11:02:31 fileserver32 smbd[1115]: [2012/06/14 11:02:31.644224, 0] lib/fault.c:47(fault_report) Jun 14 11:02:31 fileserver32 smbd[1115]: === Jun 14 11:02:31 fileserver32 smbd[1115]: [2012/06/14 11:02:31.645554, 0] lib/fault.c:48(fault_report) Jun 14 11:02:31 fileserver32 smbd[1115]: INTERNAL ERROR: Signal 11 in pid 1115 (3.6.5) Jun 14 11:02:31 fileserver32 smbd[1115]: Please read the Trouble-Shooting section of the Samba3-HOWTO Jun 14 11:02:31 fileserver32 smbd[1115]: [2012/06/14 11:02:31.645778, 0] lib/fault.c:50(fault_report) Jun 14 11:02:31 fileserver32 smbd[1115]: Jun 14 11:02:31 fileserver32 smbd[1115]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf Jun 14 11:02:31 fileserver32 smbd[1115]: [2012/06/14 11:02:31.645986, 0] lib/fault.c:51(fault_report) Jun 14 11:02:31 fileserver32 smbd[1115]: === Jun 14 11:02:31 fileserver32 smbd[1115]: [2012/06/14 11:02:31.646127, 0] lib/util.c:1117(smb_panic) Jun 14 11:02:31 fileserver32 smbd[1115]: PANIC (pid 1115): internal error Jun 14 11:02:32 fileserver32 smbd[1141]: [2012/06/14 11:02:32.108305, 0] lib/fault.c:47(fault_report) Jun 14 11:02:32 fileserver32 smbd[1141]: === Jun 14 11:02:32 fileserver32 smbd[1141]: [2012/06/14 11:02:32.108483, 0] lib/fault.c:48(fault_report) Jun 14 11:02:32 fileserver32 smbd[1141]: INTERNAL ERROR: Signal 11 in pid 1141 (3.6.5) Jun 14 11:02:32 fileserver32 smbd[1141]: Please read the Trouble-Shooting section of the Samba3-HOWTO Jun 14 11:02:32 fileserver32 smbd[1141]: [2012/06/14 11:02:32.108540, 0] lib/fault.c:50(fault_report) Jun 14 11:02:32 fileserver32 smbd[1141]: Jun 14 11:02:32 fileserver32 smbd[1141]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf Jun 14 11:02:32 fileserver32 smbd[1141]: [2012/06/14 11:02:32.108592, 0] lib/fault.c:51(fault_report) Jun 14 11:02:32 fileserver32 smbd[1141]: === Jun 14 11:02:32 fileserver32 smbd[1141]: [2012/06/14 11:02:32.108631, 0] lib/util.c:1117(smb_panic) Jun 14 11:02:32 fileserver32 smbd[1141]: PANIC (pid 1141): internal error Configuration file: [global] workgroup = COMPANY netbios name = pdc1 server string = %h server disable netbios =no strict allocate = No strict locking = Auto sync always = No getwd cache = Yes max protocol = NT1 name resolve order =host lmhosts wins bcast dns proxy = No wins support = No min protocol = NT1 syslog = 3 log level = 10 log file = /var/log/samba/log.%m debug timestamp = yes # Enable symbolics links --- follow symlinks = yes wide links = yes unix extensions = no usershare allow guests = no usershare max shares = 100 usershare owner only = true usershare path=/var/lib/samba/usershares/data #Guest access guest account = nobody map to guest = Bad Password template homedir = /home/%U template shell = /bin/bash enable privileges = yes domain master = yes local master = yes preferred master = yes domain logons = yes os level = 40 ldap passwd sync = no #WINBINDD *** allow trusted domains = Yes winbind use default domain = No winbind enum users = Yes winbind enum groups = Yes password server=* encrypt passwords = Yes winbind separator = / winbind uid = 1-2 winbind gid = 1-2 winbind enum users = Yes winbind enum groups = Yes winbind rpc only= No security = user printing = bsd # VISTA/Windows7 compatibility # ACLs settings nt acl support=yes map acl inherit=yes acl check permissions=yes inherit permissions=no inherit acls=no acl map full control=yes dos filemode=yes force unknown acl user = no # LDAP settings As 3.6 or above = 0--- ldap delete dn = no passdb backend = ldapsam:ldap://127.0.0.1:389 #scripts --- add machine script = /usr/share/artica-postfix/bin/artica-install --samba-add-computer %u ldap admin dn = cn=Manager,dc=my-domain,dc=com ldap suffix = dc=my-domain,dc=com ldap group suffix = dc=organizations ldap user suffix = dc=organizations ldap machine suffix = ou=Computer,dc=samba,dc=organizations ldap
Re: [Samba] Samba: 3.6.5 lib/fault.c:47(fault_report) smd crash
With more investigation, i have see this error Server exit (multiple negprot's are not permitted) before crash init msg_type=0x81 msg_flags=0x0 got smb length of 133 got message type 0x0 of len 0x85 Transaction 8 of length 137 (0 toread) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [0010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [0020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [0030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [0040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [0050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [0060] 32 00 2. switch message SMBnegprot (pid 28591) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Yielding connection to Locking key AF6F Allocated locked data 0x0x90d1a48 Unlocking key AF6F Server exit (multiple negprot's are not permitted) Terminated Le 14/06/2012 11:06, David Touzeau a écrit : Dear I'm facing issues when using Samba on PDC mode + LDAP installed on i386 Debian 6 Is there a way to resolve it ? Jun 14 11:02:31 fileserver32 smbd[1115]: [2012/06/14 11:02:31.644224, 0] lib/fault.c:47(fault_report) Jun 14 11:02:31 fileserver32 smbd[1115]: === Jun 14 11:02:31 fileserver32 smbd[1115]: [2012/06/14 11:02:31.645554, 0] lib/fault.c:48(fault_report) Jun 14 11:02:31 fileserver32 smbd[1115]: INTERNAL ERROR: Signal 11 in pid 1115 (3.6.5) Jun 14 11:02:31 fileserver32 smbd[1115]: Please read the Trouble-Shooting section of the Samba3-HOWTO Jun 14 11:02:31 fileserver32 smbd[1115]: [2012/06/14 11:02:31.645778, 0] lib/fault.c:50(fault_report) Jun 14 11:02:31 fileserver32 smbd[1115]: Jun 14 11:02:31 fileserver32 smbd[1115]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf Jun 14 11:02:31 fileserver32 smbd[1115]: [2012/06/14 11:02:31.645986, 0] lib/fault.c:51(fault_report) Jun 14 11:02:31 fileserver32 smbd[1115]: === Jun 14 11:02:31 fileserver32 smbd[1115]: [2012/06/14 11:02:31.646127, 0] lib/util.c:1117(smb_panic) Jun 14 11:02:31 fileserver32 smbd[1115]: PANIC (pid 1115): internal error Jun 14 11:02:32 fileserver32 smbd[1141]: [2012/06/14 11:02:32.108305, 0] lib/fault.c:47(fault_report) Jun 14 11:02:32 fileserver32 smbd[1141]: === Jun 14 11:02:32 fileserver32 smbd[1141]: [2012/06/14 11:02:32.108483, 0] lib/fault.c:48(fault_report) Jun 14 11:02:32 fileserver32 smbd[1141]: INTERNAL ERROR: Signal 11 in pid 1141 (3.6.5) Jun 14 11:02:32 fileserver32 smbd[1141]: Please read the Trouble-Shooting section of the Samba3-HOWTO Jun 14 11:02:32 fileserver32 smbd[1141]: [2012/06/14 11:02:32.108540, 0] lib/fault.c:50(fault_report) Jun 14 11:02:32 fileserver32 smbd[1141]: Jun 14 11:02:32 fileserver32 smbd[1141]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf Jun 14 11:02:32 fileserver32 smbd[1141]: [2012/06/14 11:02:32.108592, 0] lib/fault.c:51(fault_report) Jun 14 11:02:32 fileserver32 smbd[1141]: === Jun 14 11:02:32 fileserver32 smbd[1141]: [2012/06/14 11:02:32.108631, 0] lib/util.c:1117(smb_panic) Jun 14 11:02:32 fileserver32 smbd[1141]: PANIC (pid 1141): internal error Configuration file: [global] workgroup = COMPANY netbios name = pdc1 server string = %h server disable netbios =no strict allocate = No strict locking = Auto sync always = No getwd cache = Yes max protocol = NT1 name resolve order =host lmhosts wins bcast dns proxy = No wins support = No min protocol = NT1 syslog = 3 log level = 10 log file = /var/log/samba/log.%m debug timestamp = yes # Enable symbolics links --- follow symlinks = yes wide links = yes unix extensions = no usershare allow guests = no usershare max shares = 100 usershare owner only = true usershare path=/var/lib/samba/usershares/data #Guest access guest account = nobody map to guest = Bad Password template homedir = /home/%U template shell = /bin/bash enable
[Samba] upgrade to 3.6.0 Could not fetch our SID - did we join?
Dear I have upgraded from 3.5.11 to 3.6.0 in old version, Server was connected to an Active Directory and no problems occurs. when restarting winbind : Sep 19 01:17:34 onesys-samba winbindd[4818]: [2011/09/19 01:17:34.326691, 0] winbindd/winbindd_util.c:635(init_domain_list) Sep 19 01:17:34 onesys-samba winbindd[4818]: Could not fetch our SID - did we join? Sep 19 01:17:34 onesys-samba winbindd[4818]: [2011/09/19 01:17:34.326753, 0] winbindd/winbindd.c:1105(winbindd_register_handlers) Sep 19 01:17:34 onesys-samba winbindd[4818]: unable to initialize domain list But when doing root@onesys-samba:~# net ads info LDAP server: 172.25.154.147 LDAP server name: USGFRAD006.USGPeopleFR.int Realm: USGPEOPLEFR.INT Bind Path: dc=USGPEOPLEFR,dc=INT LDAP port: 389 Server time: lun., 19 sept. 2011 01:15:00 CEST KDC server: 172.25.154.147 Server time offset: -118 root@onesys-samba:~# net ads status display Active Directoy information. root@onesys-samba:~# net rpc info Unable to find a suitable server for domain USGPEOPLEFR here it is the smb.conf [global] workgroup = USGPEOPLEFR netbios name = onesys-samba server string = %h server disable netbios =no strict locking = Auto sync always = No getwd cache = Yes max protocol = NT1 name resolve order =host lmhosts wins bcast dns proxy = No wins support = Yes wins hook = /usr/bin/php5 /usr/share/artica-postfix/exec.samba.wins.php min protocol = NT1 remote announce = 10.7.61.255/USGPEOPLEFR syslog = 3 log level = 10 log file = /var/log/samba/log.%m debug timestamp = yes follow symlinks = yes wide links = yes unix extensions = no usershare allow guests = no usershare max shares = 100 usershare owner only = true usershare path=/var/lib/samba/usershares/data guest account = nobody map to guest = Bad Password template homedir = /home/%U template shell = /bin/false enable privileges = yes os level = 40 ldap passwd sync = no #WINBINDD *** security = ADS realm = USGPEOPLEFR.INT idmap config USGPEOPLEFR:backend= rid idmap config USGPEOPLEFR:read only= yes idmap config USGPEOPLEFR:range = 10 - 19 idmap config USGPEOPLEFR:base_rid = 0 idmap gid = 7 - 9 idmap uid = 7 - 9 encrypt passwords = Yes client ntlmv2 auth = Yes client lanman auth = No winbind normalize names = Yes winbind separator = / winbind use default domain = No winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes winbind nss info = rfc2307 winbind reconnect delay = 30 winbind offline logon = true winbind cache time = 1800 winbind refresh tickets = true kerberos method = system keytab allow trusted domains = Yes server signing = auto client signing = auto lm announce = No ntlm auth = No lanman auth = No preferred master = No printing = bsd nt acl support=yes map acl inherit=yes acl check permissions=yes inherit permissions=no inherit acls=yes acl map full control=yes dos filemode=yes force unknown acl user = no ldap delete dn = no passdb backend = ldapsam:ldap://127.0.0.1:389 ldap admin dn = cn=admin,dc=usgpeoplefr,dc=int ldap suffix = dc=usgpeoplefr,dc=int ldap group suffix = dc=organizations ldap user suffix = dc=organizations ldap machine suffix = ou=Computer,dc=samba,dc=organizations ldap delete dn = yes ldap ssl = off ldap idmap suffix = ou=idmap,dc=samba,dc=organizations,dc=usgpeoplefr,dc=int logon path = logon home = logon drive = socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 case sensitive = No default case = lower preserve case = yes short preserve case = yes wins support = Yes time server = yes msdfs root = no host msdfs = no Some piece of winbind logs tdb_validate (validation child): calling tdb_validate_child [2011/09/19 01:17:34.291428, 10] lib/tdb_validate.c:68(tdb_validate_child) tdb_validate_child: tdb /var/lib/samba/winbindd_cache.tdb freelist has 1 entries [2011/09/19 01:17:34.291479, 10] winbindd/winbindd_cache.c:3979(validate_cache_version) validate_cache_version: WINBINDD_CACHE_VERSION ok [2011/09/19 01:17:34.291532, 10] winbindd/winbindd_cache.c:3938(validate_trustdomcache) validate_trustdomcache: TRUSTDOMCACHE/USGPEOPLEFR ok Don't trust me, I am a DUMMY!
[Samba] 3.5.6: Unable to list group from AD and Strange behavior
Dear I have connected Samba 3.5.6 to an Active Directory server this active Directory store about 1500 users Winbind is unable to retrieve users and failed to retrieve group list. The strange thing is Winbind found 775042106 users when trying to query groups!! How can i solve the issue ? wbinfo --all-domains BUILTIN ONESYS-SAMBA USGPEOPLEFR ASP SMARTPEOPLE USGMCFR USGPEOPLEAT USGPEOPLEBE USGPEOPLECH USGPEOPLEDE USGPEOPLEIT USGPEOPLELU USGPEOPLEPL wbinfo --domain-info USGPEOPLEFR Name : USGPEOPLEFR Alt_Name : USGPeopleFR.int SID : S-1-5-21-2550146075-3584545-4036094147 Active Directory : Yes Native: Yes Primary : Yes wbinfo --domain USGPEOPLEFR -u == /var/log/samba/log.winbindd == [2011/09/13 10:13:10.627159, 6] winbindd/winbindd.c:768(new_connection) accepted socket 24 [2011/09/13 10:13:10.627242, 10] winbindd/winbindd.c:620(process_request) process_request: request fn INTERFACE_VERSION [2011/09/13 10:13:10.627257, 3] winbindd/winbindd_misc.c:352(winbindd_interface_version) [28857]: request interface version [2011/09/13 10:13:10.627282, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[28857:INTERFACE_VERSION]: deliverd response to client [2011/09/13 10:13:10.627352, 10] winbindd/winbindd.c:620(process_request) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2011/09/13 10:13:10.627379, 3] winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir) [28857]: request location of privileged pipe [2011/09/13 10:13:10.627415, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[28857:WINBINDD_PRIV_PIPE_DIR]: deliverd response to client [2011/09/13 10:13:10.627498, 6] winbindd/winbindd.c:816(winbind_client_request_read) closing socket 24, client exited [2011/09/13 10:13:10.627540, 6] winbindd/winbindd.c:768(new_connection) accepted socket 24 [2011/09/13 10:13:10.627574, 10] winbindd/winbindd.c:593(process_request) process_request: Handling async request 28857:LIST_USERS [2011/09/13 10:13:10.627590, 3] winbindd/winbindd_list_users.c:58(winbindd_list_users_send) list_users USGPEOPLEFR [2011/09/13 10:13:10.627620, 10] winbindd/winbindd_cache.c:4674(wcache_fetch_ndr) Entry has wrong sequence number: 33481252 [2011/09/13 10:13:10.627657, 10] winbindd/winbindd_list_users.c:128(winbindd_list_users_done) Domain USGPEOPLEFR returned 774910266 users [2011/09/13 10:13:10.627670, 10] winbindd/winbindd_list_users.c:134(winbindd_list_users_done) List_users for domain USGPEOPLEFR failed [2011/09/13 10:13:10.627682, 10] winbindd/winbindd.c:655(wb_request_done) wb_request_done[28857:LIST_USERS]: NT_STATUS_OK [2011/09/13 10:13:10.627708, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[28857:LIST_USERS]: deliverd response to client [2011/09/13 10:13:10.627778, 6] winbindd/winbindd.c:816(winbind_client_request_read) closing socket 24, client exited wbinfo --domain USGPEOPLEFR -g == /var/log/samba/log.winbindd == [2011/09/13 10:19:42.555210, 6] winbindd/winbindd.c:768(new_connection) accepted socket 24 [2011/09/13 10:19:42.555294, 10] winbindd/winbindd.c:620(process_request) process_request: request fn INTERFACE_VERSION [2011/09/13 10:19:42.555310, 3] winbindd/winbindd_misc.c:352(winbindd_interface_version) [ 1915]: request interface version [2011/09/13 10:19:42.555340, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[1915:INTERFACE_VERSION]: deliverd response to client [2011/09/13 10:19:42.555416, 10] winbindd/winbindd.c:620(process_request) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2011/09/13 10:19:42.555443, 3] winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir) [ 1915]: request location of privileged pipe [2011/09/13 10:19:42.555484, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[1915:WINBINDD_PRIV_PIPE_DIR]: deliverd response to client [2011/09/13 10:19:42.73, 6] winbindd/winbindd.c:816(winbind_client_request_read) closing socket 24, client exited [2011/09/13 10:19:42.555616, 6] winbindd/winbindd.c:768(new_connection) accepted socket 24 [2011/09/13 10:19:42.555651, 10] winbindd/winbindd.c:593(process_request) process_request: Handling async request 1915:LIST_GROUPS [2011/09/13 10:19:42.555667, 3] winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send) list_groups USGPEOPLEFR [2011/09/13 10:19:42.555729, 10] winbindd/winbindd_cache.c:4674(wcache_fetch_ndr) Entry has wrong sequence number: 33477448 [2011/09/13 10:19:42.555762, 10] winbindd/winbindd_list_groups.c:128(winbindd_list_groups_done) strange ??? Domain USGPEOPLEFR returned 775042106 users [2011/09/13 10:19:42.555776, 10] winbindd/winbindd_list_groups.c:134(winbindd_list_groups_done) *** failed ! list_groups for domain USGPEOPLEFR failed [2011/09/13 10:19:42.555789, 10]
[Samba] 3.5.6: Unable to list group from AD and Strange behavior
Dear I have connected Samba 3.5.6 to an Active Directory server this active Directory store about 1500 users Winbind is unable to retrieve users and failed to retrieve group list. The strange thing is Winbind found 775042106 users when trying to query groups!! How can i solve the issue ? wbinfo --all-domains BUILTIN ONESYS-SAMBA USGPEOPLEFR ASP SMARTPEOPLE USGMCFR USGPEOPLEAT USGPEOPLEBE USGPEOPLECH USGPEOPLEDE USGPEOPLEIT USGPEOPLELU USGPEOPLEPL wbinfo --domain-info USGPEOPLEFR Name : USGPEOPLEFR Alt_Name : USGPeopleFR.int SID : S-1-5-21-2550146075-3584545-4036094147 Active Directory : Yes Native: Yes Primary : Yes wbinfo --domain USGPEOPLEFR -u == /var/log/samba/log.winbindd == [2011/09/13 10:13:10.627159, 6] winbindd/winbindd.c:768(new_connection) accepted socket 24 [2011/09/13 10:13:10.627242, 10] winbindd/winbindd.c:620(process_request) process_request: request fn INTERFACE_VERSION [2011/09/13 10:13:10.627257, 3] winbindd/winbindd_misc.c:352(winbindd_interface_version) [28857]: request interface version [2011/09/13 10:13:10.627282, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[28857:INTERFACE_VERSION]: deliverd response to client [2011/09/13 10:13:10.627352, 10] winbindd/winbindd.c:620(process_request) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2011/09/13 10:13:10.627379, 3] winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir) [28857]: request location of privileged pipe [2011/09/13 10:13:10.627415, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[28857:WINBINDD_PRIV_PIPE_DIR]: deliverd response to client [2011/09/13 10:13:10.627498, 6] winbindd/winbindd.c:816(winbind_client_request_read) closing socket 24, client exited [2011/09/13 10:13:10.627540, 6] winbindd/winbindd.c:768(new_connection) accepted socket 24 [2011/09/13 10:13:10.627574, 10] winbindd/winbindd.c:593(process_request) process_request: Handling async request 28857:LIST_USERS [2011/09/13 10:13:10.627590, 3] winbindd/winbindd_list_users.c:58(winbindd_list_users_send) list_users USGPEOPLEFR [2011/09/13 10:13:10.627620, 10] winbindd/winbindd_cache.c:4674(wcache_fetch_ndr) Entry has wrong sequence number: 33481252 [2011/09/13 10:13:10.627657, 10] winbindd/winbindd_list_users.c:128(winbindd_list_users_done) Domain USGPEOPLEFR returned 774910266 users [2011/09/13 10:13:10.627670, 10] winbindd/winbindd_list_users.c:134(winbindd_list_users_done) List_users for domain USGPEOPLEFR failed [2011/09/13 10:13:10.627682, 10] winbindd/winbindd.c:655(wb_request_done) wb_request_done[28857:LIST_USERS]: NT_STATUS_OK [2011/09/13 10:13:10.627708, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[28857:LIST_USERS]: deliverd response to client [2011/09/13 10:13:10.627778, 6] winbindd/winbindd.c:816(winbind_client_request_read) closing socket 24, client exited wbinfo --domain USGPEOPLEFR -g == /var/log/samba/log.winbindd == [2011/09/13 10:19:42.555210, 6] winbindd/winbindd.c:768(new_connection) accepted socket 24 [2011/09/13 10:19:42.555294, 10] winbindd/winbindd.c:620(process_request) process_request: request fn INTERFACE_VERSION [2011/09/13 10:19:42.555310, 3] winbindd/winbindd_misc.c:352(winbindd_interface_version) [ 1915]: request interface version [2011/09/13 10:19:42.555340, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[1915:INTERFACE_VERSION]: deliverd response to client [2011/09/13 10:19:42.555416, 10] winbindd/winbindd.c:620(process_request) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2011/09/13 10:19:42.555443, 3] winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir) [ 1915]: request location of privileged pipe [2011/09/13 10:19:42.555484, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[1915:WINBINDD_PRIV_PIPE_DIR]: deliverd response to client [2011/09/13 10:19:42.73, 6] winbindd/winbindd.c:816(winbind_client_request_read) closing socket 24, client exited [2011/09/13 10:19:42.555616, 6] winbindd/winbindd.c:768(new_connection) accepted socket 24 [2011/09/13 10:19:42.555651, 10] winbindd/winbindd.c:593(process_request) process_request: Handling async request 1915:LIST_GROUPS [2011/09/13 10:19:42.555667, 3] winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send) list_groups USGPEOPLEFR [2011/09/13 10:19:42.555729, 10] winbindd/winbindd_cache.c:4674(wcache_fetch_ndr) Entry has wrong sequence number: 33477448 [2011/09/13 10:19:42.555762, 10] winbindd/winbindd_list_groups.c:128(winbindd_list_groups_done) strange ??? Domain USGPEOPLEFR returned 775042106 users [2011/09/13 10:19:42.555776, 10] winbindd/winbindd_list_groups.c:134(winbindd_list_groups_done) *** failed ! list_groups for domain USGPEOPLEFR failed [2011/09/13 10:19:42.555789, 10]
[Samba] 3.5.6 : WINBINDD: cli_negprot failed: NT_STATUS_ACCESS_DENIED with Active Directory
Dear Have connected SAMBA to an Active Directory server The getent did not show any user and winbindd claim : [2011/09/07 11:33:29.417355, 1] libsmb/cliconnect.c:1769(cli_negprot_done) cli_negprot: SMB signing is mandatory and the server doesn't support it. [2011/09/07 11:33:29.417444, 1] winbindd/winbindd_cm.c:856(cm_prepare_connection) cli_negprot failed: NT_STATUS_ACCESS_DENIED [2011/09/07 11:33:29.696520, 1] libsmb/cliconnect.c:1769(cli_negprot_done) cli_negprot: SMB signing is mandatory and the server doesn't support it. [2011/09/07 11:33:29.696599, 1] winbindd/winbindd_cm.c:856(cm_prepare_connection) cli_negprot failed: NT_STATUS_ACCESS_DENIED [2011/09/07 11:33:30.068625, 1] libsmb/cliconnect.c:1769(cli_negprot_done) cli_negprot: SMB signing is mandatory and the server doesn't support it. [2011/09/07 11:33:30.068706, 1] winbindd/winbindd_cm.c:856(cm_prepare_connection) cli_negprot failed: NT_STATUS_ACCESS_DENIED How can i fix this issue ? here it is the smb.conf [global] workgroup = USGPEOPLEFR netbios name = onesys-samba server string = %h server disable netbios =no strict allocate = No strict locking = Auto sync always = No getwd cache = Yes max protocol = NT1 name resolve order =host lmhosts wins bcast dns proxy = No wins support = Yes min protocol = NT1 remote announce = 10.7.61.255/USGPEOPLEFR syslog = 3 log level = 1 log file = /var/log/samba/log.%m debug timestamp = yes follow symlinks = yes wide links = yes unix extensions = no usershare allow guests = no usershare max shares = 100 usershare owner only = true usershare path=/var/lib/samba/usershares/data guest account = nobody map to guest = Bad Password template homedir = /home/%U template shell = /bin/false enable privileges = yes os level = 40 ldap passwd sync = no security = ADS realm = USGPEOPLEFR.INT idmap config USGPEOPLEFR:backend= rid idmap config USGPEOPLEFR:read only= yes idmap config USGPEOPLEFR:range = 10 - 19 idmap config USGPEOPLEFR:base_rid = 0 idmap gid = 7 - 9 idmap uid = 7 - 9 encrypt passwords = Yes client ntlmv2 auth = Yes client lanman auth = No winbind normalize names = Yes winbind separator = / winbind use default domain = No winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes winbind nss info = rfc2307 winbind offline logon = true winbind cache time = 5 winbind refresh tickets = true kerberos method = system keytab allow trusted domains = Yes server signing = mandatory client signing = mandatory lm announce = No ntlm auth = No lanman auth = No preferred master = No printing = bsd nt acl support=yes map acl inherit=yes acl check permissions=yes inherit permissions=no inherit acls=yes acl map full control=yes dos filemode=yes force unknown acl user = no # LDAP settings --- ldap delete dn = no passdb backend = ldapsam:ldap://127.0.0.1:389 ldap admin dn = cn=admin,dc=usgpeoplefr,dc=int ldap suffix = dc=usgpeoplefr,dc=int ldap group suffix = dc=organizations ldap user suffix = dc=organizations ldap machine suffix = ou=Computer,dc=samba,dc=organizations ldap delete dn = yes ldap ssl = off ldap idmap suffix = ou=idmap,dc=samba,dc=organizations,dc=usgpeoplefr,dc=int logon path = logon home = logon drive = socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 case sensitive = No default case = lower preserve case = yes short preserve case = yes wins support = Yes time server = yes msdfs root = no host msdfs = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 3.5.6 : WINBINDD: cli_negprot failed: NT_STATUS_ACCESS_DENIED with Active Directory
Le mercredi 07 septembre 2011 à 13:33 -0500, Dale Schroeder a écrit : On 09/07/2011 4:45 AM, David Touzeau wrote: Dear Have connected SAMBA to an Active Directory server The getent did not show any user and winbindd claim : [2011/09/07 11:33:29.417355, 1] libsmb/cliconnect.c:1769(cli_negprot_done) cli_negprot: SMB signing is mandatory and the server doesn't support it. [2011/09/07 11:33:29.417444, 1] winbindd/winbindd_cm.c:856(cm_prepare_connection) cli_negprot failed: NT_STATUS_ACCESS_DENIED [2011/09/07 11:33:29.696520, 1] libsmb/cliconnect.c:1769(cli_negprot_done) cli_negprot: SMB signing is mandatory and the server doesn't support it. [2011/09/07 11:33:29.696599, 1] winbindd/winbindd_cm.c:856(cm_prepare_connection) cli_negprot failed: NT_STATUS_ACCESS_DENIED [2011/09/07 11:33:30.068625, 1] libsmb/cliconnect.c:1769(cli_negprot_done) cli_negprot: SMB signing is mandatory and the server doesn't support it. [2011/09/07 11:33:30.068706, 1] winbindd/winbindd_cm.c:856(cm_prepare_connection) cli_negprot failed: NT_STATUS_ACCESS_DENIED How can i fix this issue ? If I'm reading this error message correctly, you either need to turn on server signing on the AD machine, or turn off server signing on the Samba machine. server signing = Disabled Dale here it is the smb.conf [global] workgroup = USGPEOPLEFR netbios name = onesys-samba server string = %h server disable netbios =no strict allocate = No strict locking = Auto sync always = No getwd cache = Yes max protocol = NT1 name resolve order =host lmhosts wins bcast dns proxy = No wins support = Yes min protocol = NT1 remote announce = 10.7.61.255/USGPEOPLEFR syslog = 3 log level = 1 log file = /var/log/samba/log.%m debug timestamp = yes follow symlinks = yes wide links = yes unix extensions = no usershare allow guests = no usershare max shares = 100 usershare owner only = true usershare path=/var/lib/samba/usershares/data guest account = nobody map to guest = Bad Password template homedir = /home/%U template shell = /bin/false enable privileges = yes os level = 40 ldap passwd sync = no security = ADS realm = USGPEOPLEFR.INT idmap config USGPEOPLEFR:backend= rid idmap config USGPEOPLEFR:read only= yes idmap config USGPEOPLEFR:range = 10 - 19 idmap config USGPEOPLEFR:base_rid = 0 idmap gid = 7 - 9 idmap uid = 7 - 9 encrypt passwords = Yes client ntlmv2 auth = Yes client lanman auth = No winbind normalize names = Yes winbind separator = / winbind use default domain = No winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes winbind nss info = rfc2307 winbind offline logon = true winbind cache time = 5 winbind refresh tickets = true kerberos method = system keytab allow trusted domains = Yes server signing = mandatory client signing = mandatory lm announce = No ntlm auth = No lanman auth = No preferred master = No printing = bsd nt acl support=yes map acl inherit=yes acl check permissions=yes inherit permissions=no inherit acls=yes acl map full control=yes dos filemode=yes force unknown acl user = no # LDAP settings --- ldap delete dn = no passdb backend = ldapsam:ldap://127.0.0.1:389 ldap admin dn = cn=admin,dc=usgpeoplefr,dc=int ldap suffix = dc=usgpeoplefr,dc=int ldap group suffix = dc=organizations ldap user suffix = dc=organizations ldap machine suffix = ou=Computer,dc=samba,dc=organizations ldap delete dn = yes ldap ssl = off ldap idmap suffix = ou=idmap,dc=samba,dc=organizations,dc=usgpeoplefr,dc=int logon path = logon home = logon drive = socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 case sensitive = No default case = lower preserve case = yes short preserve case = yes wins support = Yes time server = yes msdfs root = no host msdfs = no Thanks I set it to server signing = auto and it's working like charm !! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
Le jeudi 18 août 2011 à 13:26 +0200, Benedikt Schindler a écrit : Am 18.08.2011 06:07, schrieb John H Terpstra: On 08/17/2011 02:05 PM, David Touzeau wrote: I think this new version is not really ready for production... There is so many strange things... Or misunderstanding whats going wrong I respect that some may be experiencing difficulties with deployment of Samba 3.6.0. I have been using 3.6.0 in its various pre-release forms (and now the stable release) for many months without a single problem. I have deployed it in some very complex as well as some simple configurations - all without any issues. The purpose of this response is to point out that Samba 3.6.0 is perhaps not as not really ready for production use readers of this list may interpret from these reports. Cheers, John T. Le lundi 15 août 2011 à 14:07 -0700, Linda W a écrit : ` Peacock,Josh wrote: I am also experiencing the same problems. I am running 3.6 on AIX 6.1. I do have a 3.5.8 installation running without problem (I understand some major changes have happened.) I took the smb.conf from my 3.5.8 install and changed appropriately for 3.6 (At least as far as I catell). Yeah, I still have this error even after downgrading to 3.5.10 -- I think 3.6 corrupted my userdb or changed the format... I suppose I need to allocate a new one and start from scratch to fix it... But lots of problems related to looking up the domain, the PDC and some users. I did try to report it, but since I wasn't certain what was going on and just had a bunch of random symptoms, I got ignored. But I did warn them that other users would likely have problems and should be warned... That was ignored too.. I had the same error until today. It works for me with base_rid = 0 TRY: idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range = 6-5000 idmap config MYDOMAIN : base_rid = 0 -- Benedikt i have set idmap config MYDOMAIN : backend = ad Is there any difference using idmap config MYDOMAIN : backend = rid instead idmap config MYDOMAIN : backend = ad When using Active Directory ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
Le vendredi 19 août 2011 à 06:51 -0500, John H Terpstra a écrit : On 08/19/2011 03:54 AM, David Touzeau wrote: Le jeudi 18 août 2011 à 13:26 +0200, Benedikt Schindler a écrit : Am 18.08.2011 06:07, schrieb John H Terpstra: On 08/17/2011 02:05 PM, David Touzeau wrote: I think this new version is not really ready for production... There is so many strange things... Or misunderstanding whats going wrong I respect that some may be experiencing difficulties with deployment of Samba 3.6.0. I have been using 3.6.0 in its various pre-release forms (and now the stable release) for many months without a single problem. I have deployed it in some very complex as well as some simple configurations - all without any issues. The purpose of this response is to point out that Samba 3.6.0 is perhaps not as not really ready for production use readers of this list may interpret from these reports. Cheers, John T. Le lundi 15 août 2011 à 14:07 -0700, Linda W a écrit : ` Peacock,Josh wrote: I am also experiencing the same problems. I am running 3.6 on AIX 6.1. I do have a 3.5.8 installation running without problem (I understand some major changes have happened.) I took the smb.conf from my 3.5.8 install and changed appropriately for 3.6 (At least as far as I catell). Yeah, I still have this error even after downgrading to 3.5.10 -- I think 3.6 corrupted my userdb or changed the format... I suppose I need to allocate a new one and start from scratch to fix it... But lots of problems related to looking up the domain, the PDC and some users. I did try to report it, but since I wasn't certain what was going on and just had a bunch of random symptoms, I got ignored. But I did warn them that other users would likely have problems and should be warned... That was ignored too.. I had the same error until today. It works for me with base_rid = 0 TRY: idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range = 6-5000 idmap config MYDOMAIN : base_rid = 0 -- Benedikt i have set idmap config MYDOMAIN : backend = ad Is there any difference using idmap config MYDOMAIN : backend = rid instead idmap config MYDOMAIN : backend = ad When using Active Directory ? Check the man pages (man idmap_rid) and (man idmap_ad): The RID method generates the uid/gid from the RID. As a result all users in Active Directory can access the Samba server. The AD method requires the use of the RFC2307bis extensions to the Active Directory schema and that you populate the uid and gid in with valid values using the Active Directory Users and Group management tool. If you have not populated the RFC2307bis uid/gid values the user will not be able to access the Samba server. Using the AD method the systems administrator has control over which users can and cannot access the Samba server/s. - John T. Good !! And what method did you suggest for better compatibilities and your experiences...? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
Le vendredi 19 août 2011 à 06:51 -0500, John H Terpstra a écrit : On 08/19/2011 03:54 AM, David Touzeau wrote: Le jeudi 18 août 2011 à 13:26 +0200, Benedikt Schindler a écrit : Am 18.08.2011 06:07, schrieb John H Terpstra: On 08/17/2011 02:05 PM, David Touzeau wrote: I think this new version is not really ready for production... There is so many strange things... Or misunderstanding whats going wrong I respect that some may be experiencing difficulties with deployment of Samba 3.6.0. I have been using 3.6.0 in its various pre-release forms (and now the stable release) for many months without a single problem. I have deployed it in some very complex as well as some simple configurations - all without any issues. The purpose of this response is to point out that Samba 3.6.0 is perhaps not as not really ready for production use readers of this list may interpret from these reports. Cheers, John T. Le lundi 15 août 2011 à 14:07 -0700, Linda W a écrit : ` Peacock,Josh wrote: I am also experiencing the same problems. I am running 3.6 on AIX 6.1. I do have a 3.5.8 installation running without problem (I understand some major changes have happened.) I took the smb.conf from my 3.5.8 install and changed appropriately for 3.6 (At least as far as I catell). Yeah, I still have this error even after downgrading to 3.5.10 -- I think 3.6 corrupted my userdb or changed the format... I suppose I need to allocate a new one and start from scratch to fix it... But lots of problems related to looking up the domain, the PDC and some users. I did try to report it, but since I wasn't certain what was going on and just had a bunch of random symptoms, I got ignored. But I did warn them that other users would likely have problems and should be warned... That was ignored too.. I had the same error until today. It works for me with base_rid = 0 TRY: idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range = 6-5000 idmap config MYDOMAIN : base_rid = 0 -- Benedikt i have set idmap config MYDOMAIN : backend = ad Is there any difference using idmap config MYDOMAIN : backend = rid instead idmap config MYDOMAIN : backend = ad When using Active Directory ? Check the man pages (man idmap_rid) and (man idmap_ad): The RID method generates the uid/gid from the RID. As a result all users in Active Directory can access the Samba server. The AD method requires the use of the RFC2307bis extensions to the Active Directory schema and that you populate the uid and gid in with valid values using the Active Directory Users and Group management tool. If you have not populated the RFC2307bis uid/gid values the user will not be able to access the Samba server. Using the AD method the systems administrator has control over which users can and cannot access the Samba server/s. - John T. This is very strange I have changed my settings according your example has follow security = ADS realm = MAISON.TOUZEAU.BIZ idmap config MAISON:backend = rid idmap config MAISON:read only = yes idmap config MAISON:range = 6-5000 idmap config MAISON:base_rid = 0 idmap config * : backend = tdb idmap config * : range = 100-199 client use spnego = No client use spnego principal = No encrypt passwords = Yes client ntlmv2 auth = Yes client lanman auth = No winbind normalize names = Yes winbind separator = / winbind use default domain = No winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes winbind nss info = rfc2307 winbind offline logon = true winbind cache time = 5 winbind refresh tickets = true kerberos method = system keytab allow trusted domains = Yes server signing = mandatory client signing = mandatory lm announce = No ntlm auth = No lanman auth = No preferred master = No The winbindd allows to have correct informations #wbinfo -t checking the trust secret for domain MAISON via RPC calls succeeded #wbinfo -n MAISON/Administrateur S-1-5-21-3790408397-595478388-2982168515-500 SID_USER (1) #wbinfo -s S-1-5-21-3790408397-595478388-2982168515-500 MAISON/Administrateur 1 #wbinfo -S S-1-5-21-3790408397-595478388-2982168515-500 60500 Bet getent did not see any Active directoy users Any tips on this ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] 3.5.11: active directory: getent did not see users
Dear I thank there is misconfiguration here, did anybody help me ? have Could not convert sid issue wbinfo -t checking the trust secret for domain AD2003 via RPC calls succeeded root@nas03:~# wbinfo -n AD2003/gch S-1-5-21-1430701326-2212591448-2995707960-1119 SID_USER (1) root@nas03:~# wbinfo -s S-1-5-21-1430701326-2212591448-2995707960-1119 AD2003/gch 1 root@nas03:~# wbinfo -S S-1-5-21-1430701326-2212591448-2995707960-1119 Could not convert sid S-1-5-21-1430701326-2212591448-2995707960-1119 to uid here its is the configuration [global] workgroup = AD2003 netbios name = nas03 server string = %h server disable netbios =no name resolve order =host lmhosts wins bcast dns proxy = No wins support = No min protocol = NT1 syslog = 3 log level = 1 log file = /var/log/samba/log.%m debug timestamp = yes # Enable symbolics links --- follow symlinks = yes wide links = yes unix extensions = no usershare allow guests = no usershare max shares = 100 usershare owner only = true usershare path=/var/lib/samba/usershares/data #Guest access guest account = nobody map to guest = Bad Password template homedir = /home/%U template shell = /bin/false enable privileges = yes os level = 40 ldap passwd sync = no #WINBINDD *** security = ADS realm = AD2003.GUIDTZ.LOCAL idmap config AD2003:backend = ad idmap config AD2003:readonly = yes idmap config AD2003:schema_mode = rfc2307 idmap config AD2003:range = 1000-99 idmap gid = 16777216-33554431 idmap uid = 16777216-33554431 client use spnego = Yes encrypt passwords = Yes client ntlmv2 auth = Yes client lanman auth = No winbind normalize names = Yes winbind separator = / winbind use default domain = No winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes winbind nss info = rfc2307 winbind offline logon = true winbind cache time = 5 winbind refresh tickets = true kerberos method = system keytab allow trusted domains = Yes server signing = mandatory client signing = mandatory lm announce = No ntlm auth = No lanman auth = No preferred master = No printing = bsd # VISTA/Windows7 compatibility # ACLs settings nt acl support=yes map acl inherit=yes acl check permissions=yes inherit permissions=no inherit acls=no acl map full control=yes dos filemode=yes force unknown acl user = no # LDAP settings --- ldap delete dn = no passdb backend = ldapsam:ldap://127.0.0.1:389 #scripts --- add machine script = /usr/share/artica-postfix/bin/artica-install --samba-add-computer %u ldap admin dn = cn=admin,dc=my-domain,dc=com ldap suffix = dc=my-domain,dc=com ldap group suffix = dc=organizations ldap user suffix = dc=organizations ldap machine suffix = ou=Computer,dc=samba,dc=organizations ldap delete dn = yes ldap ssl = off ldap idmap suffix = ou=idmap,dc=samba,dc=organizations,dc=my-domain,dc=com logon path = logon home = logon drive = socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 case sensitive = No default case = lower preserve case = yes short preserve case = yes #character set = iso8859-1 #domain admin group = @admin wins support = Yes #hosts allow = 192.168.0. 127. time server = yes #MDFS parameters msdfs root = no host msdfs = no # Shared Folders lists --- [Partage001] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Define LDAP anonymous connection
Dear My OpenLDAP server is installed on the same Samba computer. I have made an LDAP ACL that allow writing/reading from 127.0.0.1 IP address. And a would like to not define any credential in Samba. It seems that samba force to require a connexion DN but in my case it is not necessary... How can i force samba to connect to the local LDAP server without any credential ? Bets regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
I think this new version is not really ready for production... There is so many strange things... Or misunderstanding whats going wrong Le lundi 15 août 2011 à 14:07 -0700, Linda W a écrit : ` Peacock,Josh wrote: I am also experiencing the same problems. I am running 3.6 on AIX 6.1. I do have a 3.5.8 installation running without problem (I understand some major changes have happened.) I took the smb.conf from my 3.5.8 install and changed appropriately for 3.6 (At least as far as I catell). Yeah, I still have this error even after downgrading to 3.5.10 -- I think 3.6 corrupted my userdb or changed the format... I suppose I need to allocate a new one and start from scratch to fix it... But lots of problems related to looking up the domain, the PDC and some users. I did try to report it, but since I wasn't certain what was going on and just had a bunch of random symptoms, I got ignored. But I did warn them that other users would likely have problems and should be warned... That was ignored too.. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
Le lundi 15 août 2011 à 15:11 +0200, Michael Adam a écrit : Hi David, David Touzeau wrote: Le vendredi 12 août 2011 à 12:25 +0200, Michael Wood a écrit : Hi On 12 August 2011 10:23, David Touzeau da...@touzeau.eu wrote: Dear all I have upgraded my Samba from 3.5.x to a newest 3.6.0 version. My Samba is connected to an Active Directory 2008 R2 the getent passwd did not display any ActiveDirectoy Domains users. ... I think there is a misconfiguration in my setup but did not find any solution: Where i'm wrong ? [global] ... idmap config TOUZEAU:backend = ad idmap config TOUZEAU:readonly = yes idmap config TOUZEAU:schema_mode = rfc2307 idmap config * : range = 16777216-33554431 The way idmap works was changed with 3.6.0. I don't know if the above is wrong, but perhaps it is something to consider. e.g. I don't know if readonly is supported. I've seen mention of read only, but not in the idmap_ad code. But maybe I missed it. Also, the idmap_ad documentation implies that you need something like this: idmap config * : backend = tdb idmap config * : range = 100-199 idmap config TOUZEAU : backend = ad idmap config TOUZEAU : range = 1000-99 idmap config TOUZEAU : schema_mode = rfc2307 I am not sure if the above is relevant to you :) but I hope it helps. Many thanks Michael i have changed values but it has no effect and the issue still alive... But the remarks by Michael were correct. You need to give the configuration for the ad backend (domain TOUZEAU) a range, otherwise it won't work. The readonly parameter will be ignored for the ad backend. (And for those backends that support it, the correct spelling is read only.) With the above config changes, you should narrow the source of problems down as detailed here: https://bugzilla.samba.org/show_bug.cgi?id=8371#c5 You should then post the level 10 logs of the most specific failing command here, so we can debug further. Cheers - Michael For anybody here it is some relevant winbindd debug informations Adding 0 DC's from auto lookup [2011/08/12 10:39:31.945022, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for TOUZEAU.HOME: Default-First-Site-Name [2011/08/12 10:39:31.945047, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20 (sitename Default-First-Site-Name) [2011/08/12 10:39:31.945076, 5] libsmb/namecache.c:165(namecache_fetch) name WIN-RSF60G6AS1L.touzeau.home#20 found. [2011/08/12 10:39:31.945124, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain touzeau.home server 192.168.1.150 [2011/08/12 10:39:31.945151, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2011/08/12 10:39:31.945172, 4] libsmb/namequery.c:2601(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2011/08/12 10:39:31.945193, 4] libsmb/namequery.c:2602(get_dc_list) get_dc_list: 192.168.1.150:389 [2011/08/12 10:39:31.945216, 10] libads/kerberos.c:825(get_kdc_ip_string) get_kdc_ip_string: Returning kdc = 192.168.1.150 [2011/08/12 10:39:31.945304, 5] libads/kerberos.c:948(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/smb_krb5/krb5.conf.TOUZEAU with realm TOUZEAU.HOME KDC list = kdc = 192.168.1.150 [2011/08/12 10:39:31.945347, 4] libsmb/namequery_dc.c:148(ads_dc_name) ads_dc_name: using server='WIN-RSF60G6AS1L.TOUZEAU.HOME' IP=192.168.1.150 [2011/08/12 10:39:31.945376, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for touzeau.home: Default-First-Site-Name [2011/08/12 10:39:31.945398, 8] libsmb/namequery.c:2652(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name touzeau.home (sitename Default-First-Site-Name) using [ads] [2011/08/12 10:39:31.945432, 5] libsmb/namequery.c:194(saf_fetch) saf_fetch: Returning WIN-RSF60G6AS1L.touzeau.home for touzeau.home domain [2011/08/12 10:39:31.945458, 3] libsmb/namequery.c:2461(get_dc_list) get_dc_list: preferred server list: WIN-RSF60G6AS1L.touzeau.home, * [2011/08/12 10:39:31.945481, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up touzeau.home#1c (sitename Default-First-Site-Name) [2011/08/12 10:39:31.945507, 5] libsmb/namecache.c:160(namecache_fetch) no entry for touzeau.home#1C found. [2011/08/12 10:39:31.945531, 5] libsmb/namequery.c:1869(resolve_ads) resolve_ads: Attempting to resolve DCs for touzeau.home using DNS [2011/08
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
Le lundi 15 août 2011 à 15:11 +0200, Michael Adam a écrit : Hi David, David Touzeau wrote: Le vendredi 12 août 2011 à 12:25 +0200, Michael Wood a écrit : Hi On 12 August 2011 10:23, David Touzeau da...@touzeau.eu wrote: Dear all I have upgraded my Samba from 3.5.x to a newest 3.6.0 version. My Samba is connected to an Active Directory 2008 R2 the getent passwd did not display any ActiveDirectoy Domains users. ... I think there is a misconfiguration in my setup but did not find any solution: Where i'm wrong ? [global] ... idmap config TOUZEAU:backend = ad idmap config TOUZEAU:readonly = yes idmap config TOUZEAU:schema_mode = rfc2307 idmap config * : range = 16777216-33554431 The way idmap works was changed with 3.6.0. I don't know if the above is wrong, but perhaps it is something to consider. e.g. I don't know if readonly is supported. I've seen mention of read only, but not in the idmap_ad code. But maybe I missed it. Also, the idmap_ad documentation implies that you need something like this: idmap config * : backend = tdb idmap config * : range = 100-199 idmap config TOUZEAU : backend = ad idmap config TOUZEAU : range = 1000-99 idmap config TOUZEAU : schema_mode = rfc2307 I am not sure if the above is relevant to you :) but I hope it helps. Many thanks Michael i have changed values but it has no effect and the issue still alive... But the remarks by Michael were correct. You need to give the configuration for the ad backend (domain TOUZEAU) a range, otherwise it won't work. The readonly parameter will be ignored for the ad backend. (And for those backends that support it, the correct spelling is read only.) With the above config changes, you should narrow the source of problems down as detailed here: https://bugzilla.samba.org/show_bug.cgi?id=8371#c5 You should then post the level 10 logs of the most specific failing command here, so we can debug further. Cheers - Michael For anybody here it is some relevant winbindd debug informations Adding 0 DC's from auto lookup [2011/08/12 10:39:31.945022, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for TOUZEAU.HOME: Default-First-Site-Name [2011/08/12 10:39:31.945047, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20 (sitename Default-First-Site-Name) [2011/08/12 10:39:31.945076, 5] libsmb/namecache.c:165(namecache_fetch) name WIN-RSF60G6AS1L.touzeau.home#20 found. [2011/08/12 10:39:31.945124, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain touzeau.home server 192.168.1.150 [2011/08/12 10:39:31.945151, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2011/08/12 10:39:31.945172, 4] libsmb/namequery.c:2601(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2011/08/12 10:39:31.945193, 4] libsmb/namequery.c:2602(get_dc_list) get_dc_list: 192.168.1.150:389 [2011/08/12 10:39:31.945216, 10] libads/kerberos.c:825(get_kdc_ip_string) get_kdc_ip_string: Returning kdc = 192.168.1.150 [2011/08/12 10:39:31.945304, 5] libads/kerberos.c:948(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/smb_krb5/krb5.conf.TOUZEAU with realm TOUZEAU.HOME KDC list = kdc = 192.168.1.150 [2011/08/12 10:39:31.945347, 4] libsmb/namequery_dc.c:148(ads_dc_name) ads_dc_name: using server='WIN-RSF60G6AS1L.TOUZEAU.HOME' IP=192.168.1.150 [2011/08/12 10:39:31.945376, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for touzeau.home: Default-First-Site-Name [2011/08/12 10:39:31.945398, 8] libsmb/namequery.c:2652(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name touzeau.home (sitename Default-First-Site-Name) using [ads] [2011/08/12 10:39:31.945432, 5] libsmb/namequery.c:194(saf_fetch) saf_fetch: Returning WIN-RSF60G6AS1L.touzeau.home for touzeau.home domain [2011/08/12 10:39:31.945458, 3] libsmb/namequery.c:2461(get_dc_list) get_dc_list: preferred server list: WIN-RSF60G6AS1L.touzeau.home, * [2011/08/12 10:39:31.945481, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up touzeau.home#1c (sitename Default-First-Site-Name) [2011/08/12 10:39:31.945507, 5] libsmb/namecache.c:160(namecache_fetch) no entry for touzeau.home#1C found. [2011/08/12 10:39:31.945531, 5] libsmb/namequery.c:1869(resolve_ads) resolve_ads: Attempting to resolve DCs for touzeau.home using DNS [2011/08
[Samba] Samba 3.6.0: unable to list Active Directoy users
Dear all I have upgraded my Samba from 3.5.x to a newest 3.6.0 version. My Samba is connected to an Active Directory 2008 R2 the getent passwd did not display any ActiveDirectoy Domains users. the net ads group display correctly the ActiveDirectory groups : net ads group Administrateurs Utilisateurs Invités Opérateurs d’impression Opérateurs de sauvegarde Duplicateurs Utilisateurs du Bureau à distance Opérateurs de configuration réseau Utilisateurs de l’Analyseur de performances Utilisateurs du journal de performances Utilisateurs du modèle COM distribué IIS_IUSRS Opérateurs de chiffrement Lecteurs des journaux d’événements Accès DCOM service de certificats Ordinateurs du domaine I think there is a misconfiguration in my setup but did not find any solution: Where i'm wrong ? [global] workgroup = TOUZEAU netbios name = bdc2 server string = %h server disable netbios =no max protocol = SMB2 name resolve order =host lmhosts wins bcast dns proxy = No wins support = No min protocol = NT1 syslog = 3 log level = 10 log file = /var/log/samba/log.%m debug timestamp = yes # Enable symbolics links --- follow symlinks = yes wide links = yes unix extensions = no usershare allow guests = no usershare max shares = 100 usershare owner only = true usershare path=/var/lib/samba/usershares/data #Guest access guest account = nobody map to guest = Bad Password template homedir = /home/%U template shell = /bin/false enable privileges = yes os level = 40 ldap passwd sync = no #WINBINDD *** security = ADS realm = TOUZEAU.HOME idmap config TOUZEAU:backend = ad idmap config TOUZEAU:readonly = yes idmap config TOUZEAU:schema_mode = rfc2307 idmap config * : range = 16777216-33554431 client use spnego = No client use spnego principal = No encrypt passwords = Yes client ntlmv2 auth = Yes client lanman auth = No winbind normalize names = Yes winbind separator = / winbind use default domain = No winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes winbind nss info = rfc2307 winbind offline logon = true winbind cache time = 5 winbind refresh tickets = true kerberos method = system keytab allow trusted domains = Yes server signing = mandatory client signing = mandatory lm announce = No ntlm auth = No lanman auth = No preferred master = No printing = bsd # VISTA/Windows7 compatibility # ACLs settings nt acl support=yes map acl inherit=yes acl check permissions=yes inherit permissions=no inherit acls=no acl map full control=yes dos filemode=yes force unknown acl user = no # LDAP settings --- ldap delete dn = no passdb backend = ldapsam:ldap://127.0.0.1:389 ldap admin dn = cn=Manager,dc=my-domain,dc=com ldap suffix = dc=my-domain,dc=com ldap group suffix = dc=organizations ldap user suffix = dc=organizations ldap machine suffix = ou=Computer,dc=samba,dc=organizations ldap delete dn = yes ldap ssl = off ldap idmap suffix = ou=idmap,dc=samba,dc=organizations,dc=my-domain,dc=com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users
Le vendredi 12 août 2011 à 12:25 +0200, Michael Wood a écrit : Hi On 12 August 2011 10:23, David Touzeau da...@touzeau.eu wrote: Dear all I have upgraded my Samba from 3.5.x to a newest 3.6.0 version. My Samba is connected to an Active Directory 2008 R2 the getent passwd did not display any ActiveDirectoy Domains users. the net ads group display correctly the ActiveDirectory groups : net ads group Administrateurs Utilisateurs Invités Opérateurs d’impression Opérateurs de sauvegarde Duplicateurs Utilisateurs du Bureau à distance Opérateurs de configuration réseau Utilisateurs de l’Analyseur de performances Utilisateurs du journal de performances Utilisateurs du modèle COM distribué IIS_IUSRS Opérateurs de chiffrement Lecteurs des journaux d’événements Accès DCOM service de certificats Ordinateurs du domaine I think there is a misconfiguration in my setup but did not find any solution: Where i'm wrong ? [global] workgroup = TOUZEAU netbios name = bdc2 server string = %h server disable netbios =no max protocol = SMB2 name resolve order =host lmhosts wins bcast dns proxy = No wins support = No min protocol = NT1 syslog = 3 log level = 10 log file = /var/log/samba/log.%m debug timestamp = yes # Enable symbolics links --- follow symlinks = yes wide links = yes unix extensions = no usershare allow guests = no usershare max shares = 100 usershare owner only = true usershare path=/var/lib/samba/usershares/data #Guest access guest account = nobody map to guest = Bad Password template homedir = /home/%U template shell = /bin/false enable privileges = yes os level = 40 ldap passwd sync = no #WINBINDD *** security = ADS realm = TOUZEAU.HOME idmap config TOUZEAU:backend = ad idmap config TOUZEAU:readonly = yes idmap config TOUZEAU:schema_mode = rfc2307 idmap config * : range = 16777216-33554431 The way idmap works was changed with 3.6.0. I don't know if the above is wrong, but perhaps it is something to consider. e.g. I don't know if readonly is supported. I've seen mention of read only, but not in the idmap_ad code. But maybe I missed it. Also, the idmap_ad documentation implies that you need something like this: idmap config * : backend = tdb idmap config * : range = 100-199 idmap config TOUZEAU : backend = ad idmap config TOUZEAU : range = 1000-99 idmap config TOUZEAU : schema_mode = rfc2307 I am not sure if the above is relevant to you :) but I hope it helps. Many thanks Michael i have changed values but it has no effect and the issue still alive... For anybody here it is some relevant winbindd debug informations Adding 0 DC's from auto lookup [2011/08/12 10:39:31.945022, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for TOUZEAU.HOME: Default-First-Site-Name [2011/08/12 10:39:31.945047, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20 (sitename Default-First-Site-Name) [2011/08/12 10:39:31.945076, 5] libsmb/namecache.c:165(namecache_fetch) name WIN-RSF60G6AS1L.touzeau.home#20 found. [2011/08/12 10:39:31.945124, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain touzeau.home server 192.168.1.150 [2011/08/12 10:39:31.945151, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2011/08/12 10:39:31.945172, 4] libsmb/namequery.c:2601(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2011/08/12 10:39:31.945193, 4] libsmb/namequery.c:2602(get_dc_list) get_dc_list: 192.168.1.150:389 [2011/08/12 10:39:31.945216, 10] libads/kerberos.c:825(get_kdc_ip_string) get_kdc_ip_string: Returning kdc = 192.168.1.150 [2011/08/12 10:39:31.945304, 5] libads/kerberos.c:948(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/smb_krb5/krb5.conf.TOUZEAU with realm TOUZEAU.HOME KDC list = kdc = 192.168.1.150 [2011/08/12 10:39:31.945347, 4] libsmb/namequery_dc.c:148(ads_dc_name) ads_dc_name: using server='WIN-RSF60G6AS1L.TOUZEAU.HOME' IP=192.168.1.150 [2011/08/12 10:39:31.945376, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for touzeau.home: Default-First-Site-Name [2011/08/12 10:39:31.945398, 8] libsmb/namequery.c:2652(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name touzeau.home (sitename Default-First
[Samba] help: id user : non existant user using Active Directory connexion ( NT_STATUS_OBJECT_NAME_NOT_FOUND)
Dear i have connected Samba 3.5.6 with an Active Directory 2008 R2 When i try to get the uid number of an Active Directory user on the linux box: * root@bdc2:~# id angelique id: angelique : utilisateur inexistant (means non existent user) * The winbindd debug claim NT_STATUS_OBJECT_NAME_NOT_FOUND and NT_STATUS_INVALID_PARAMETER but the Active Directry is correcly linked. Where i'm wrong ? *** Winbind debug output : trusted_domains(ads): Searching trusted domain list of TOUZEAU and storing trust flags for domain touzeau.home [2011/08/04 14:23:45.166249, 10] winbindd/winbindd_cache.c:4397(wcache_tdc_add_domain) wcache_tdc_add_domain: Adding domain TOUZEAU (touzeau.home), SID S-1-5-21-3487440176-1554673074-2687830590, flags = 0x1d, attributes = 0x0, type = 0x2 [2011/08/04 14:23:45.166273, 10] winbindd/winbindd_cache.c:4121(add_wbdomain_to_tdc_array) add_wbdomain_to_tdc_array: Found existing record for TOUZEAU [2011/08/04 14:23:45.166284, 10] winbindd/winbindd_cache.c:4206(pack_tdc_domains) pack_tdc_domains: Packing 3 trusted domains [2011/08/04 14:23:45.166298, 10] winbindd/winbindd_cache.c:4225(pack_tdc_domains) pack_tdc_domains: Packing domain BUILTIN () [2011/08/04 14:23:45.166309, 10] winbindd/winbindd_cache.c:4225(pack_tdc_domains) pack_tdc_domains: Packing domain BDC2 () [2011/08/04 14:23:45.166319, 10] winbindd/winbindd_cache.c:4225(pack_tdc_domains) pack_tdc_domains: Packing domain TOUZEAU (touzeau.home) [2011/08/04 14:23:45.166337, 4] winbindd/winbindd_dual.c:1532(fork_domain_child) Finished processing child request 20 [2011/08/04 14:23:45.166347, 10] winbindd/winbindd_dual.c:1548(fork_domain_child) Writing 3560 bytes to parent [2011/08/04 14:23:45.166363, 10] lib/events.c:182(get_timed_events_timeout) timed_events_timeout: 2909/510746 [2011/08/04 14:23:47.371126, 10] winbindd/winbindd.c:593(process_request) process_request: Handling async request 2302:GETPWNAM [2011/08/04 14:23:47.371158, 3] winbindd/winbindd_getpwnam.c:55(winbindd_getpwnam_send) getpwnam angelique [2011/08/04 14:23:47.371187, 10] winbindd/winbindd_cache.c:451(fetch_cache_seqnum) fetch_cache_seqnum: timeout [TOUZEAU][33401 @ 1312460590] [2011/08/04 14:23:47.371200, 3] winbindd/winbindd_ads.c:1206(sequence_number) ads: fetch sequence_number for TOUZEAU [2011/08/04 14:23:47.371210, 10] winbindd/winbindd_ads.c:46(ads_cached_connection) ads_cached_connection [2011/08/04 14:23:47.371220, 7] winbindd/winbindd_ads.c:59(ads_cached_connection) Current tickets expire in 35422 seconds (at 1312496049, time is now 1312460627) [2011/08/04 14:23:47.371726, 5] libads/ldap_utils.c:64(ads_do_search_retry_internal) Search for (objectclass=*) in gave 1 replies [2011/08/04 14:23:47.371770, 10] winbindd/winbindd_cache.c:494(wcache_store_seqnum) wcache_store_seqnum: success [TOUZEAU][33401 @ 1312460627] [2011/08/04 14:23:47.371784, 10] winbindd/winbindd_cache.c:581(refresh_sequence_number) refresh_sequence_number: TOUZEAU seq number is now 33401 [2011/08/04 14:23:47.371799, 10] winbindd/idmap_ad.c:71(ad_idmap_cached_connection_internal) ad_idmap_cached_connection: called for domain 'TOUZEAU' [2011/08/04 14:23:47.371810, 7] winbindd/idmap_ad.c:86(ad_idmap_cached_connection_internal) Current tickets expire in 35451 seconds (at 1312496078, time is now 1312460627) [2011/08/04 14:23:47.380451, 5] libads/ldap_utils.c:64(ads_do_search_retry_internal) Search for (uid=angelique) in dc=TOUZEAU,dc=HOME gave 0 replies [2011/08/04 14:23:47.380476, 5] winbindd/winbindd_cache.c:1206(resolve_alias_to_username) resolve_alias_to_username: backend query returned NT_STATUS_OBJECT_NAME_NOT_FOUND [2011/08/04 14:23:47.380497, 5] winbindd/winbindd_getpwnam.c:68(winbindd_getpwnam_send) Could not parse domain user: angelique [2011/08/04 14:23:47.380515, 5] winbindd/winbindd_getpwnam.c:138(winbindd_getpwnam_recv) Could not convert sid S-0-0: NT_STATUS_INVALID_PARAMETER [2011/08/04 14:23:47.380528, 10] winbindd/winbindd.c:655(wb_request_done) wb_request_done[2302:GETPWNAM]: NT_STATUS_INVALID_PARAMETER [2011/08/04 14:23:47.380552, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[2302:GETPWNAM]: deliverd response to client [2011/08/04 14:23:50.163136, 10] lib/events.c:131(run_events) Running timed event rescan_trusted_domains 0x7f88fb21c7c0 [2011/08/04 14:23:50.163284, 4] winbindd/winbindd_dual.c:1524(fork_domain_child) child daemon request 20 [2011/08/04 14:23:50.166642, 10] winbindd/winbindd_dual.c:479(child_process_request) child_process_request: request fn LIST_TRUSTDOM [2011/08/04 14:23:50.16, 3] winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains) [15477]: list trusted domains [2011/08/04 14:23:50.166684, 10] winbindd/winbindd_cache.c:2780(trusted_domains) trusted_domains: [Cached] - doing backend query for info
[Samba] Scannedonly: Unable to compile on Samba v3.5.8 [scannedonly.so] Error 1
Dear I'm trying to compile scannedonly 0.21 on samba v3.5.8 on Ubuntu 8.10 i386 But i receive errors. Can anybody help me... checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for a BSD-compatible install... /usr/bin/install -c checking how to run the C preprocessor... gcc -E checking for grep that handles long lines and -e... /bin/grep checking for egrep... /bin/grep -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking fcntl.h usability... yes checking fcntl.h presence... yes checking for fcntl.h... yes checking netinet/in.h usability... yes checking netinet/in.h presence... yes checking for netinet/in.h... yes checking for stdlib.h... (cached) yes checking for string.h... (cached) yes checking sys/socket.h usability... yes checking sys/socket.h presence... yes checking for sys/socket.h... yes checking sys/time.h usability... yes checking sys/time.h presence... yes checking for sys/time.h... yes checking syslog.h usability... yes checking syslog.h presence... yes checking for syslog.h... yes checking for unistd.h... (cached) yes checking for gettimeofday... yes checking for memset... yes checking for socket... yes checking for strdup... yes checking for strerror... yes checking for strrchr... yes checking for strndup... yes checking for send... yes checking for gethostbyname... yes checking for cl_scanfile in -lclamav... yes checking clamav.h usability... yes checking clamav.h presence... yes checking for clamav.h... yes checking pthread.h usability... yes checking pthread.h presence... yes checking for pthread.h... yes checking for socket in -lsocket... no checking for gethostbyname in -lnsl... yes checking for maxratio field in cl_limits struct... no checking for cl_init in -lclamav... yes Build scannedonlyd_clamav ... yes checking talloc.h usability... yes checking talloc.h presence... yes checking for talloc.h... yes checking for _talloc_free in -ltalloc... yes testing for /usr/local/share/samba/samba-3.5.8/source3/lib/tdb/include/tdb.h samba 3.4 detected Build samba vfs module scannedonly.so ... yes configure: creating ./config.status syntax error. Last token seen: u Garbled time config.status: creating Makefile config.status: creating src/Makefile config.status: creating man/Makefile config.status: creating src/config.h make[1]: Entering directory `/tmp/artica/install/sources/scannedonly/scannedonly-0.21/man' gzip -9 scannedonly_prescan.8 scannedonly_prescan.8.gz gzip -9 scannedonlyd_clamav.8 scannedonlyd_clamav.8.gz make[1]: Leaving directory `/tmp/artica/install/sources/scannedonly/scannedonly-0.21/man' make[1]: Entering directory `/tmp/artica/install/sources/scannedonly/scannedonly-0.21/src' gcc -g -O2 -Wall -pipe -c -o scannedonly_prescan.o scannedonly_prescan.c gcc -lclamav -lnsl -ltalloc -o scannedonly_prescan scannedonly_prescan.o gcc -g -O2 -Wall -pipe -c -o scannedonlyd_clamav.o scannedonlyd_clamav.c scannedonlyd_clamav.c: In function ‘push_to_queue’: scannedonlyd_clamav.c:123: warning: implicit declaration of function ‘strdup’ scannedonlyd_clamav.c:123: warning: incompatible implicit declaration of built-in function ‘strdup’ scannedonlyd_clamav.c: In function ‘handle_file_warning’: scannedonlyd_clamav.c:455: warning: implicit declaration of function ‘snprintf’ scannedonlyd_clamav.c:455: warning: incompatible implicit declaration of built-in function ‘snprintf’ scannedonlyd_clamav.c: In function ‘main’: scannedonlyd_clamav.c:1040: warning: incompatible implicit declaration of built-in function ‘strdup’ scannedonlyd_clamav.c:1145: warning: incompatible implicit declaration of built-in function ‘strdup’ gcc -lclamav -lnsl -ltalloc -o scannedonlyd_clamav scannedonlyd_clamav.o gcc -g -O2 -Wall -pipe -fpic -c -o vfs_scannedonly.o vfs_scannedonly.c -I /usr/local/share/samba/samba-3.5.8/source3 -I /usr/local/share/samba/samba-3.5.8/source3/../ -I /usr/local/share/samba/samba-3.5.8/source3/include -I /usr/local/share/samba/samba-3.5.8/source3/../lib/replace -I /usr/local/share/samba/samba-3.5.8/source3/opt -I /usr/local/share/samba/samba-3.5.8/source3/librpc -I /usr/local/share/samba/samba-3.5.8/source3/../lib/tdb/include/ -I /usr/local/share/samba/samba-3.5.8/source3/../lib/talloc/ -I /usr/local/share/samba/samba-3.5.8/source3/../lib/popt/ -I /usr/local/share/samba/samba-3.5.8/source3/../lib/tevent/ vfs_scannedonly.c:414:53: error: macro SMB_VFS_NEXT_STAT passed 3
[Samba] Winbindd where to use it ? in which environnement ?
Dear I need help about know what is the real necessary to use Winbindd daemon ? After reading many wikis it seems that you need to use Winbindd only when you need to connect samba to any Microsoft Windows NT domains such has NT4 PDC or Active Directory. Is it true that you did not need winbindd when you want Samba act has a Primary Domain Controller ? Best regards and thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbindd where to use it ? in which environnement ?
Many thanks gaiseric This help me.. Le vendredi 25 mars 2011 à 16:34 -0400, Gaiseric Vandal a écrit : gaiseric.vandal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unable to connect to CUPS server localhost:631 - Connection refused
Thanks ! Le dimanche 20 février 2011 à 10:55 +0900, TAKAHASHI Motonobu a écrit : 2011/2/19 David Touzeau da...@touzeau.eu: Dear Samba try to connexct to cups but cups is not loaded on the server and i did not want to use printer sharing on the server but it still wants connect on cups ? Why ? is there any option to add in order to disable completely using cups CUPS is chosen as printing system if Samba was compiled with --enable-cups and detects CUPS. To avoid these CUPS messages, set: printing = bsd and touch /etc/printcap (if you do not have /etc/printcap file). --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] lp_bool(): value is NULL or empty!
Dear I'm using samba 3.5.6 + PDC and connected to LDAP directory In log level 1 there is many entries like this : Feb 18 18:24:54 samba smbd[5285]: lp_bool(): value is NULL or empty! Feb 18 18:27:15 samba smbd[6817]: [2011/02/18 18:27:15.371644, 0] param/loadparm.c:5856(lp_bool) Feb 18 18:27:15 samba smbd[6817]: lp_bool(): value is NULL or empty! Feb 18 18:27:32 samba net: [2011/02/18 18:27:32.614951, 0] param/loadparm.c:5856(lp_bool) Feb 18 18:27:32 samba net: lp_bool(): value is NULL or empty! Feb 18 18:27:34 samba monit[7329]: Reinitializing monit daemon Feb 18 18:27:34 samba monit[2278]: Awakened by the SIGHUP signal Feb 18 18:27:34 samba monit[2278]: Reinitializing monit - Control file '/etc/monit/monitrc' Feb 18 18:27:34 samba monit[2278]: Shutting down monit HTTP server Feb 18 18:27:34 samba smbd[7355]: [2011/02/18 18:27:34.223191, 0] param/loadparm.c:5856(lp_bool) Feb 18 18:27:34 samba smbd[7355]: lp_bool(): value is NULL or empty! Feb 18 18:27:36 samba smbd[7443]: [2011/02/18 18:27:36.186491, 0] param/loadparm.c:5856(lp_bool) Feb 18 18:27:36 samba smbd[7443]: lp_bool(): value is NULL or empty! Feb 18 18:27:51 samba smbd[7513]: [2011/02/18 18:27:51.036557, 0] param/loadparm.c:5856(lp_bool) Feb 18 18:27:51 samba smbd[7513]: lp_bool(): value is NULL or empty! Feb 18 18:27:51 samba smbd[7518]: [2011/02/18 18:27:51.787199, 0] param/loadparm.c:5856(lp_bool) Feb 18 18:27:51 samba smbd[7518]: lp_bool(): value is NULL or empty! Feb 18 18:27:57 samba smbd[7543]: [2011/02/18 18:27:57.187745, 0] param/loadparm.c:5856(lp_bool) Feb 18 18:27:57 samba smbd[7543]: lp_bool(): value is NULL or empty! What does it means ?, which parameter must set ? Best regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
Dear I'm using samba 3.5.6 + PDC and connected to LDAP directory In log level 1 there is many entries like this : Feb 18 18:28:00 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Feb 18 18:28:00 samba smbd[3094]: [2011/02/18 18:28:00.255872, 1] smbd/service.c:678(make_connection_snum) Feb 18 18:28:00 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Feb 18 18:28:00 samba smbd[3094]: [2011/02/18 18:28:00.260807, 1] smbd/service.c:678(make_connection_snum) Feb 18 18:28:00 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Feb 18 18:28:00 samba smbd[3094]: [2011/02/18 18:28:00.265887, 1] smbd/service.c:678(make_connection_snum) Feb 18 18:28:00 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Feb 18 18:28:00 samba smbd[3094]: [2011/02/18 18:28:00.304593, 1] smbd/service.c:678(make_connection_snum) Feb 18 18:28:00 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Feb 18 18:28:00 samba smbd[3094]: [2011/02/18 18:28:00.352915, 1] smbd/service.c:678(make_connection_snum) Feb 18 18:28:00 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Feb 18 18:28:01 samba smbd[3094]: [2011/02/18 18:28:01.396574, 1] smbd/service.c:678(make_connection_snum) Feb 18 18:28:01 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Feb 18 18:28:01 samba smbd[3094]: [2011/02/18 18:28:01.444569, 1] smbd/service.c:678(make_connection_snum) Feb 18 18:28:01 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Feb 18 18:28:01 samba smbd[3094]: [2011/02/18 18:28:01.492564, 1] smbd/service.c:678(make_connection_snum) Feb 18 18:28:01 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Feb 18 18:28:01 samba smbd[3094]: [2011/02/18 18:28:01.540553, 1] smbd/service.c:678(make_connection_snum) Feb 18 18:28:01 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Feb 18 18:28:01 samba smbd[3094]: [2011/02/18 18:28:01.588568, 1] smbd/service.c:678(make_connection_snum) Feb 18 18:28:01 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Feb 18 18:28:01 samba smbd[3094]: [2011/02/18 18:28:01.609657, 1] smbd/service.c:678(make_connection_snum) Feb 18 18:28:01 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Feb 18 18:28:03 samba smbd[3094]: [2011/02/18 18:28:03.005670, 1] smbd/service.c:678(make_connection_snum) Feb 18 18:28:03 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Feb 18 18:28:03 samba smbd[3094]: [2011/02/18 18:28:03.011218, 1] smbd/service.c:678(make_connection_snum) Feb 18 18:28:03 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Feb 18 18:28:03 samba smbd[3094]: [2011/02/18 18:28:03.017388, 1] smbd/service.c:678(make_connection_snum) Feb 18 18:28:03 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Feb 18 18:28:03 samba smbd[3094]: [2011/02/18 18:28:03.025927, 1] smbd/service.c:678(make_connection_snum) Feb 18 18:28:03 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Feb 18 18:28:03 samba smbd[3094]: [2011/02/18 18:28:03.034651, 1] smbd/service.c:678(make_connection_snum) Feb 18 18:28:03 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Feb 18 18:28:03 samba smbd[3094]: [2011/02/18 18:28:03.039645, 1] smbd/service.c:678(make_connection_snum) Feb 18 18:28:03 samba smbd[3094]: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED How to fix this error ? Here it is the samba configuration : [global] workgroup=locate netbios name=samba server string=%h server (Samba, Ubuntu) disable netbios=no remote announce=192.168.0.255/LOCATE name resolve order=wins bcast hosts dns proxy=No syslog=3 log level=1 log file=/var/log/samba/log.%m debug timestamp=yes follow symlinks=yes wide links=yes unix extensions=no usershare allow guests=no usershare max shares=100 usershare owner only=true usershare path=/var/lib/samba/usershares/data guest account=nobody map to guest=Bad Password security=user enable privileges=yes domain master=yes local master=yes preferred master=yes domain logons=yes os level=40 ldap passwd sync=no winbind use default domain=yes winbind enum users=yes winbind enum groups=yes password server=* encrypt passwords=true winbind separator=+ winbind uid=1-2 winbind gid=1-2 client lanman auth=yes client ntlmv2 auth=yes nt acl support=yes map acl inherit=yes acl check permissions=yes inherit permissions=yes inherit acls=yes acl map full control=yes force unknown acl user=no ldap delete dn=yes passdb backend=ldapsam:ldap://192.168.200.4:389 ldap admin dn=cn=Manager,dc=my-domain,dc=com ldap suffix=dc=my-domain,dc=com ldap group suffix=dc=organizations ldap user
[Samba] getpeername failed. Error was Transport endpoint is not connected
I'm using samba 3.5.6 + PDC and connected to LDAP directory In log level 1 there is many entries like this : Feb 18 18:13:42 samba smbd[21646]: getpeername failed. Error was Transport endpoint is not connected Feb 18 18:13:42 samba smbd[21646]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Is it a problem ? or just an informative event ? Feb 18 18:13:42 samba smbd[21646]: [2011/02/18 18:13:42.423085, 2] lib/interface.c:340(add_interface) Feb 18 18:13:42 samba smbd[21646]: added interface eth0 ip=fe80::250:56ff:fe97:3374%eth0 bcast=fe80:::::%eth0 netmask=::::: Feb 18 18:13:42 samba smbd[21646]: [2011/02/18 18:13:42.423232, 2] lib/interface.c:340(add_interface) Feb 18 18:13:42 samba smbd[21646]: added interface eth0 ip=192.168.200.2 bcast=192.168.200.255 netmask=255.255.255.0 Feb 18 18:13:42 samba smbd[21646]: [2011/02/18 18:13:42.424046, 2] smbd/reply.c:554(reply_special) Feb 18 18:13:42 samba smbd[21646]: netbios connect: name1=SAMBA 0x20 name2=PC2009-03 0x0 Feb 18 18:13:42 samba smbd[21646]: [2011/02/18 18:13:42.424135, 2] smbd/reply.c:565(reply_special) Feb 18 18:13:42 samba smbd[21646]: netbios connect: local=samba remote=pc2009-03, name type = 0 Feb 18 18:13:42 samba smbd[21646]: [2011/02/18 18:13:42.424320, 0] lib/util_sock.c:675(write_data) Feb 18 18:13:42 samba smbd[21646]: [2011/02/18 18:13:42.424352, 0] lib/util_sock.c:1432(get_peer_addr_internal) Feb 18 18:13:42 samba smbd[21646]: getpeername failed. Error was Transport endpoint is not connected Feb 18 18:13:42 samba smbd[21646]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Feb 18 18:13:42 samba smbd[21646]: [2011/02/18 18:13:42.425301, 0] smbd/process.c:79(srv_send_smb) Feb 18 18:13:42 samba smbd[21646]: Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Feb 18 18:13:42 samba smbd[21647]: [2011/02/18 18:13:42.427012, 2] printing/print_cups.c:550(cups_async_callback) Feb 18 18:13:42 samba smbd[21647]: cups_async_callback: failed to read a new printer list Feb 18 18:13:42 samba smbd[21647]: [2011/02/18 18:13:42.427239, 2] lib/interface.c:340(add_interface) Feb 18 18:13:42 samba smbd[21647]: added interface eth0 ip=fe80::250:56ff:fe97:3374%eth0 bcast=fe80:::::%eth0 netmask=::::: Feb 18 18:13:42 samba smbd[21647]: [2011/02/18 18:13:42.427480, 2] lib/interface.c:340(add_interface) Feb 18 18:13:42 samba smbd[21647]: added interface eth0 ip=192.168.200.2 bcast=192.168.200.255 netmask=255.255.255.0 Feb 18 18:13:43 samba smbd[21647]: [2011/02/18 18:13:43.886294, 2] smbd/sesssetup.c:1391(setup_new_vc_session) Feb 18 18:13:43 samba smbd[21647]: setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] load_usershare_shares: is not owned by root or does not have the sticky bit 't'
Dear I encounter this error on Samba 3.0.28a, i would like to know how to fix it, The file is owned by root, i don't understand whats going wrong... smbd[15232]: [2011/02/18 16:32:22, 0] param/loadparm.c:load_usershare_shares(4878) Feb 18 16:32:22 virtualbox smbd[15232]: load_usershare_shares: directory /var/lib/samba/usershares/data is not owned by root or does not have the sticky bit 't' set or is writable by anyone. ~# stat /var/lib/samba/usershares/data File: `/var/lib/samba/usershares/data' Size: 0 Blocks: 0 IO Block: 4096 regular empty file Device: fe01h/65025dInode: 10388624Links: 1 Access: (0644/-rw-r--r--) Uid: (0/root) Gid: (0/root) Access: 2010-04-16 18:32:00.0 +0200 Modify: 2010-04-16 18:32:00.0 +0200 Change: 2010-04-16 18:32:00.0 +0200 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] lp_bool(): value is NULL or empty!
Le vendredi 18 février 2011 à 15:45 +0100, Volker Lendecke a écrit : On Fri, Feb 18, 2011 at 03:32:37PM +0100, David Touzeau wrote: Dear I'm using samba 3.5.6 + PDC and connected to LDAP directory In log level 1 there is many entries like this : Please post your smb.conf. You seem to have a parameter not set correctly. With best regards, Volker Lendecke Thanks Volker to answer me ! here it is the main configuration file : [global] workgroup=locate netbios name=samba server string=%h server (Samba, Ubuntu) disable netbios=no remote announce=192.168.0.255/LOCATE name resolve order=wins bcast hosts dns proxy=No syslog=3 log level=1 log file=/var/log/samba/log.%m debug timestamp=yes follow symlinks=yes wide links=yes unix extensions=no usershare allow guests=no usershare max shares=100 usershare owner only=true usershare path=/var/lib/samba/usershares/data guest account=nobody map to guest=Bad Password security=user enable privileges=yes domain master=yes local master=yes preferred master=yes domain logons=yes os level=40 ldap passwd sync=no winbind use default domain=yes winbind enum users=yes winbind enum groups=yes password server=* encrypt passwords=true winbind separator=+ winbind uid=1-2 winbind gid=1-2 client lanman auth=yes client ntlmv2 auth=yes nt acl support=yes map acl inherit=yes acl check permissions=yes inherit permissions=yes inherit acls=yes acl map full control=yes force unknown acl user=no ldap delete dn=yes passdb backend=ldapsam:ldap://192.168.200.4:389 ldap admin dn=cn=Manager,dc=my-domain,dc=com ldap suffix=dc=my-domain,dc=com ldap group suffix=dc=organizations ldap user suffix=dc=organizations ldap machine suffix=ou=Computer,dc=samba,dc=organizations ldap idmap suffix=ou=idmap,dc=samba,dc=organizations,dc=my-domain,dc=com ldapsam:trusted=yes ldapsam:editposix=yes template homedir=/home/%U template shell=/bin/false idmap backend=ldap:ldap://192.168.200.4:389 idmap uid=1000-199 idmap gid=1000-199 idmap config locate:backend=ldap idmap config locate:readonly=no idmap config locate:default=yes idmap config locate:ldap_base_dn=ou=idmap,dc=samba,dc=organizations,dc=my-domain,dc=com idmap config locate:ldap_user_dn=cn=Manager,dc=my-domain,dc=com idmap config locate:ldap_url=ldap://192.168.200.4:389 idmap config locate:range=1000-199 idmap alloc backend=ldap idmap alloc config:ldap_base_dn=ou=idmap,dc=samba,dc=organizations,dc=my-domain,dc=com idmap alloc config:ldap_user_dn=cn=Manager,dc=my-domain,dc=com idmap alloc config:ldap_url=ldap://192.168.200.4:389 idmap alloc config:range=1000-199 ldap ssl=off logon path= logon home= logon drive= socket options=TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 case sensitive=No default case=lower preserve case=yes short preserve case=yes wins support=Yes time server=yes msdfs root=no host msdfs=no [tmp] path=/tmp create mask=0660 directory mask=0770 browsable=yes public=yes writable=yes comment= hide unreadable=yes vfs object=full_audit full_audit:prefix=%u|%I|%m|%S|%P full_audit:success=rename unlink pwrite write full_audit:failure=none full_audit:facility=LOCAL7 full_audit:priority=NOTICE [locate] path=/data/locate create mask=0660 directory mask=0770 browsable=yes writable=yes public=no comment= hide unreadable=yes hide unwriteable files=no inherit permissions=no acl check permissions=yes map acl inherit=yes acl group control=yes nt acl support=yes inherit acls=yes write list=@locate_group read list=@locate_group valid users=@locate_group vfs object=full_audit full_audit:prefix=%u|%I|%m|%S|%P full_audit:success=rename unlink pwrite write full_audit:failure=none full_audit:facility=LOCAL7 full_audit:priority=NOTICE [ged] path=/data/ged create mask=0660 directory mask=0770 browsable=yes public=yes writable=yes comment= hide unreadable=no hide unwriteable files=no inherit permissions=no acl check permissions=yes map acl inherit=yes acl group control=yes nt acl support=yes inherit acls=yes write list=@locate_group read list=@locate_group valid users=@locate_group vfs object=full_audit full_audit:prefix=%u|%I|%m|%S|%P full_audit:success=rename unlink pwrite write full_audit:failure=none full_audit:facility=LOCAL7 full_audit:priority=NOTICE [netlogon] path=/home/netlogon/ writable=No browseable=No write list=root [homes] comment=Personnal Folder browseable=No writeable=Yes vfs object=full_audit full_audit:prefix=%u|%I|%m|%S|%P full_audit:success=rename unlink pwrite write full_audit:failure=none full_audit:facility=LOCAL7 full_audit:priority=NOTICE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] load_usershare_shares: is not owned by root or does not have the sticky bit 't'
Le vendredi 18 février 2011 à 15:42 +, Geoff Winkless a écrit : On 18 February 2011 15:36, David Touzeau da...@touzeau.eu wrote: The file is owned by root, i don't understand whats going wrong... ... directory /var/lib/samba/usershares/data is not owned by root or does not have the sticky bit 't' set ... File: `/var/lib/samba/usershares/data' Access: (0644/-rw-r--r--) Uid: (0/root) Gid: (0/root) Sticky bit (t) is not set. man chmod Geoff Many thanks Geoff a chmod 1644 /var/lib/samba/usershares/data do the trick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] lp_bool(): value is NULL or empty!
lanman auth = yes client ntlmv2 auth = yes #ACLs settings nt acl support=yes map acl inherit=yes acl check permissions=yes inherit permissions=no inherit acls=no acl map full control=yes force unknown acl user = no # LDAP settings --- ldap delete dn = no passdb backend = ldapsam:ldap://127.0.0.1:389 #scripts --- add machine script = /usr/share/artica-postfix/bin/artica-install --samba-add-computer %u ldap admin dn = cn=admin,dc=touzeau,dc=biz,dc=touzeau,dc=biz ldap suffix = dc=touzeau,dc=biz,dc=touzeau,dc=biz ldap group suffix = dc=organizations ldap user suffix = dc=organizations ldap machine suffix = ou=Computer,dc=samba,dc=organizations ldap idmap suffix = ou=idmap,dc=samba,dc=organizations,dc=touzeau,dc=biz,dc=touzeau,dc=biz ldap delete dn = yes encrypt passwords = true #Samba and the Editposix/Trusted Ldapsam extension ldapsam:trusted=yes ldapsam:editposix=yes idmap backend = ldap:ldap://127.0.0.1:389 idmap uid = 1000-199 idmap gid = 1000-199 idmap config GSX:backend = ldap idmap config GSX:readonly = no idmap config GSX:default = yes idmap config GSX:ldap_base_dn = ou=idmap,dc=samba,dc=organizations,dc=touzeau,dc=biz,dc=touzeau,dc=biz idmap config GSX:ldap_user_dn = cn=admin,dc=touzeau,dc=biz,dc=touzeau,dc=biz idmap config GSX:ldap_url = ldap://127.0.0.1:389 idmap config GSX:range = 1000-199 idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=idmap,dc=samba,dc=organizations,dc=touzeau,dc=biz,dc=touzeau,dc=biz idmap alloc config:ldap_user_dn = cn=admin,dc=touzeau,dc=biz,dc=touzeau,dc=biz idmap alloc config:ldap_url = ldap://127.0.0.1:389 idmap alloc config:range = 1000-199 ldap ssl = off logon path = logon home = logon drive = socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 case sensitive = No default case = lower preserve case = yes short preserve case = yes #character set = iso8859-1 #domain admin group = @admin dns proxy = No wins support = Yes #hosts allow = 192.168.0. 127. time server = yes #MDFS parameters msdfs root = no host msdfs = no # Shared Folders lists --- [dropbox] path = /home/dropbox create mask = 0660 directory mask = 0770 browsable = yes public = yes writable = yes comment = hide unreadable = yes hide unwriteable files = yes inherit permissions = no acl check permissions = yes map acl inherit = yes acl group control = yes nt acl support = yes inherit acls = no [complete] path = /home/sabnzbdplus/downloads/complete create mask = 0660 directory mask = 0770 [netlogon] path = /home/netlogon/ writable = No browseable = No write list = root [homes] comment = Personnal Folder browseable = No writeable = Yes Le vendredi 18 février 2011 à 16:50 +0100, Volker Lendecke a écrit : On Fri, Feb 18, 2011 at 04:37:06PM +0100, David Touzeau wrote: Le vendredi 18 février 2011 à 15:45 +0100, Volker Lendecke a écrit : On Fri, Feb 18, 2011 at 03:32:37PM +0100, David Touzeau wrote: Dear I'm using samba 3.5.6 + PDC and connected to LDAP directory In log level 1 there is many entries like this : Please post your smb.conf. You seem to have a parameter not set correctly. With best regards, Volker Lendecke Thanks Volker to answer me ! here it is the main configuration file : That look okay. It loads fine here without warning (assuming the accidential line breaks don't exist in your file). There must be something else going on. Is this really the only smb.conf file that you have? With best regards, Volker Lendecke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] lp_bool(): value is NULL or empty! [FIXED]
Le vendredi 18 février 2011 à 17:36 +0100, Volker Lendecke a écrit : On Fri, Feb 18, 2011 at 05:13:42PM +0100, David Touzeau wrote: Here it is the configuration file : Ok, this is a different configuration file than you sent last time. Which one is the one you are seeing problems with? This one or the one you sent the first time? This is a bit confusing. [global] workgroup = GSX netbios name = gsx4 server string = %h server disable netbios =no remote announce = 192.168.128.255/GSX 192.168.1.255/GSX 10.8.0.255/GSX 192.168.77.255/GSX name resolve order =host lmhosts wins bcast dns proxy = If I was you, I would try to put some value into the dns proxy = line, such as for example dns proxy = no or dns proxy = yes, depending on what setting you need in your configuration. With best regards, Volker Lendecke Your the best error disappears...!! many thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Unable to connect to CUPS server localhost:631 - Connection refused
Dear Samba try to connexct to cups but cups is not loaded on the server and i did not want to use printer sharing on the server but it still wants connect on cups ? Why ? is there any option to add in order to disable completely using cups Feb 18 17:39:01 virtualbox smbd[27907]: Processing section [homes] Feb 18 17:39:01 virtualbox smbd[27907]: [2011/02/18 17:39:01, 0] printing/print_cups.c:cups_connect(69) Feb 18 17:39:01 virtualbox smbd[27907]: Unable to connect to CUPS server localhost:631 - Connection refused Feb 18 17:39:01 virtualbox smbd[27907]: [2011/02/18 17:39:01, 0] printing/print_cups.c:cups_connect(69) Feb 18 17:39:01 virtualbox smbd[27907]: Unable to connect to CUPS server localhost:631 - Connection refused Feb 18 17:39:01 virtualbox smbd[27907]: [2011/02/18 17:39:01, 2] lib/interface.c:add_interface(81) [global] workgroup = GSX netbios name = gsx4 server string = %h server disable netbios =no remote announce = 192.168.128.255/GSX 192.168.1.255/GSX 10.8.0.255/GSX 192.168.77.255/GSX name resolve order =host lmhosts wins bcast dns proxy = No syslog = 3 log level = 10 log file = /var/log/samba/log.%m debug timestamp = yes # Enable symbolics links --- follow symlinks = yes wide links = yes unix extensions = no usershare allow guests = no usershare max shares = 100 usershare owner only = true usershare path=/var/lib/samba/usershares/data #Guest access guest account = nobody map to guest = Bad Password template homedir = /home/%U template shell = /bin/false # Controler ?? --- security = user enable privileges = yes domain master = yes local master = yes preferred master = yes domain logons = yes os level = 40 ldap passwd sync = no # WINBINDD (1)--- winbind use default domain = yes winbind enum users = yes winbind enum groups = yes password server=* encrypt passwords = yes winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes #VISTA/Windows7 compatibility client lanman auth = yes client ntlmv2 auth = yes #ACLs settings nt acl support=yes map acl inherit=yes acl check permissions=yes inherit permissions=no inherit acls=no acl map full control=yes dos filemode=yes force unknown acl user = no # LDAP settings --- ldap delete dn = no passdb backend = ldapsam:ldap://127.0.0.1:389 #scripts --- add machine script = /usr/share/artica-postfix/bin/artica-install --samba-add-computer %u ldap admin dn = cn=admin,dc=touzeau,dc=biz,dc=touzeau,dc=biz ldap suffix = dc=touzeau,dc=biz,dc=touzeau,dc=biz ldap group suffix = dc=organizations ldap user suffix = dc=organizations ldap machine suffix = ou=Computer,dc=samba,dc=organizations ldap idmap suffix = ou=idmap,dc=samba,dc=organizations,dc=touzeau,dc=biz,dc=touzeau,dc=biz ldap delete dn = yes encrypt passwords = true #Samba and the Editposix/Trusted Ldapsam extension ldapsam:trusted=yes ldapsam:editposix=yes idmap backend = ldap:ldap://127.0.0.1:389 idmap uid = 1000-199 idmap gid = 1000-199 idmap config GSX:backend = ldap idmap config GSX:readonly = no idmap config GSX:default = yes idmap config GSX:ldap_base_dn = ou=idmap,dc=samba,dc=organizations,dc=touzeau,dc=biz,dc=touzeau,dc=biz idmap config GSX:ldap_user_dn = cn=admin,dc=touzeau,dc=biz,dc=touzeau,dc=biz idmap config GSX:ldap_url = ldap://127.0.0.1:389 idmap config GSX:range = 1000-199 idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=idmap,dc=samba,dc=organizations,dc=touzeau,dc=biz,dc=touzeau,dc=biz idmap alloc config:ldap_user_dn = cn=admin,dc=touzeau,dc=biz,dc=touzeau,dc=biz idmap alloc config:ldap_url = ldap://127.0.0.1:389 idmap alloc config:range = 1000-199 ldap ssl = off logon path = logon home = logon drive = socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 case sensitive = No default case = lower preserve case = yes short preserve case = yes #character set = iso8859-1 #domain admin group = @admin wins support = Yes #hosts allow = 192.168.0. 127. time server = yes #MDFS parameters msdfs root = no host msdfs = no # Shared Folders lists --- [dropbox] path = /home/dropbox create mask = 0660 directory mask = 0770 browsable = yes public = yes writable = yes comment = hide unreadable = yes hide unwriteable files = yes inherit permissions = no acl check permissions = yes map acl inherit = yes acl group control = yes nt acl support = yes inherit acls = no [complete] path = /home/sabnzbdplus/downloads/complete create mask = 0660 directory mask = 0770 [netlogon] path = /home/netlogon/ writable = No browseable = No write list = root [homes] comment = Personnal Folder browseable = No writeable = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User submitted job
Take a look here http://www.greyhole.net/ Le vendredi 18 février 2011 à 16:52 -0500, Gary Dale a écrit : On 18/02/11 08:49 AM, Robert Moskowitz wrote: Is there a way for a user to run a job on the server? In particular, I want to implement a 'one click' backup using rsync. An icon on the desktop would do something (in a batch script maybe or some canned program) that would run a job under their ID that would rsync their home directory to a backup directory. For Linux clients, you could store the home directories on a network share that you back up. If you must use local home directories, add a logout script to rsync to a network share. It doesn't matter which machine (client or server) runs it because the network will be the bottleneck, not the processor. If you are talking about Windows clients, simply implement roaming profiles. You get a sync'd copy on the server. I echo Jeff Ross's warning to not leave backups to the users. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Multiple LDAP backends with different search base
Dear I would like Samba query multiple LDAP backend servers According documentation passdb backend = ldapsam:ldap://192.168.1.60/ ldap://192.168.1.61/ ldap://192.168.1.62/; Will do the trick but i have different settings according ldap suffix,ldap group suffix and ldap admin dn How to define different suffix and LDAP admin dn for all LDAP backends ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] HOWTO give rights access using computer name ?
Dear I have a 3.5.4 Samba sever and some specifics shared folders used for robots (backup, mails etc...) Passwords, users should be changed regulary and this require to change the code in shell scripts for mounting remote shares. I would like to specify access rights by computers name in some shares section in the smb.conf . Is it possible to do that ? currently i user a public share but it is not really a good solution bets regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] valid users by computer name
Dear I would like to give access to a samba shared folder by giving a computer name without request a password. is it possible to do that : [SHARE] path=/tmp valid users=computer1,computer2 best regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to change the home shared name
Dear When you add an user, by default Samba share the home directory with the logon user name user : john shared has john Is it possible to change this share like user: john shared as MyDocuments ? best regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to change the home shared name
You means that ? [homes] comment=Personnal Folder browseable=No writeable=Yes [Mydocument] path=/home/john writable=yes browseable=No write list=john On 13/08/2010 02:06, Jeremy Allison wrote: On Fri, Aug 13, 2010 at 01:46:50AM +0200, David Touzeau wrote: Dear When you add an user, by default Samba share the home directory with the logon user name user : john shared has john Is it possible to change this share like user: john shared as MyDocuments ? Only by adding an additional share with that name that points to the same underlying path on the filesystem. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba + openldap + phpldapadmin
Alejandro Rodriguez Luna wrote: Hi all, i just installed a new samba server with openldap, my question is, do i need to put the $ character after de name of the machine under the machines group? -- Alejandro Rodriguez Luna Web: http://www.alexluna.org E-mail: el_alexl...@yahoo.com.mx MSN: el_alexl...@yahoo.com.mx GTalk: alexl...@gmail.com Movil: 044-311-112-86-41 -- ¡Obtén la mejor experiencia en la web! Descarga gratis el nuevo Internet Explorer 8. http://downloads.yahoo.com/ieak8/?l=e1 yes you need to put this caracter, take a look on Active Directory using phpldapadmin ,you will see the same. PS : If you search front-end using Samba+openLDAP take a look here http://www.artica.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Ignoring unknown parameter idmap domains
Dear according this wiki http://wiki.samba.org/index.php/Ldapsam_Editposix i have enable EditPosix extension but i receive this error Ignoring unknown parameter idmap domains How can i fix it ? Here it is my smb.conf : [global] workgroup = MSHOME netbios name = PC-DTOUZEAU server string = %h server disable netbios =no syslog = 3 log level = 10 log file = /var/log/samba/log.%m debug timestamp = yes # Controler ?? --- security = user enable privileges = yes domain master = no local master = yes preferred master = no domain logons = no os level = 40 printer admin = root,administrator,@Administrators,@lpadmin ldap passwd sync = no # LDAP settings --- ldap admin dn = cn=Manager,dc=my-domain,dc=com ldap suffix = dc=my-domain,dc=com ldap group suffix = ou=groups,dc=samba,dc=organizations ldap user suffix = ou=users,dc=samba,dc=organizations ldap machine suffix = ou=Computer,dc=samba,dc=organizations #Samba and the Editposix/Trusted Ldapsam extension ldap idmap suffix = ou=idmap,dc=samba,dc=organizations ldap delete dn = yes encrypt passwords = true passdb backend = ldapsam ldapsam:trusted=yes ldapsam:editposix=yes idmap domains = MSHOME idmap config MSHOME:backend = ldap idmap config MSHOME:readonly = no idmap config MSHOME:default = yes idmap config MSHOME:ldap_base_dn = ou=idmap,dc=samba,dc=organizations,dc=my-domain,dc=com idmap config MSHOME:ldap_user_dn = cn=Manager,dc=my-domain,dc=com idmap config MSHOME:ldap_url = ldap://localhost idmap config MSHOME:range = 2-50 idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=idmap,dc=samba,dc=organizations,dc=my-domain,dc=com idmap alloc config:ldap_user_dn = cn=Manager,dc=my-domain,dc=com idmap alloc config:ldap_url = ldap://localhost idmap alloc config:range = 2-50 ldap ssl = no logon path = \\%L\profile\%U logon drive = P: logon home = \\%L\%U logon script = script.bat socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 case sensitive = No default case = lower preserve case = yes short preserve case = yes #character set = iso8859-1 #domain admin group = @admin dns proxy = No wins support = Yes #hosts allow = 192.168.0. 127. winbind use default domain = yes winbind enum users = yes winbind enum groups = yes nt acl support = Yes msdfs root = Yes time server = yes host msdfs = yes # Shared Folders lists --- [printers] comment = Printers browseable = yes path = /tmp printable = yes public = yes guest ok = yes writable = no create mode = 0700 [print$] comment = Printers drivers path = /etc/samba/printer_drivers browseable = yes guest ok = no read only = yes write list = root,administrator,@Administrators,@lpadmin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Ignoring unknown parameter idmap domains
Dear according this wiki http://wiki.samba.org/index.php/Ldapsam_Editposix i have enable EditPosix extension but i receive this error Ignoring unknown parameter idmap domains How can i fix it ? Here it is my smb.conf : [global] workgroup = MSHOME netbios name = PC-DTOUZEAU server string = %h server disable netbios =no syslog = 3 log level = 10 log file = /var/log/samba/log.%m debug timestamp = yes # Controler ?? --- security = user enable privileges = yes domain master = no local master = yes preferred master = no domain logons = no os level = 40 printer admin = root,administrator,@Administrators,@lpadmin ldap passwd sync = no # LDAP settings --- ldap admin dn = cn=Manager,dc=my-domain,dc=com ldap suffix = dc=my-domain,dc=com ldap group suffix = ou=groups,dc=samba,dc=organizations ldap user suffix = ou=users,dc=samba,dc=organizations ldap machine suffix = ou=Computer,dc=samba,dc=organizations #Samba and the Editposix/Trusted Ldapsam extension ldap idmap suffix = ou=idmap,dc=samba,dc=organizations ldap delete dn = yes encrypt passwords = true passdb backend = ldapsam ldapsam:trusted=yes ldapsam:editposix=yes idmap domains = MSHOME idmap config MSHOME:backend = ldap idmap config MSHOME:readonly = no idmap config MSHOME:default = yes idmap config MSHOME:ldap_base_dn = ou=idmap,dc=samba,dc=organizations,dc=my-domain,dc=com idmap config MSHOME:ldap_user_dn = cn=Manager,dc=my-domain,dc=com idmap config MSHOME:ldap_url = ldap://localhost idmap config MSHOME:range = 2-50 idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=idmap,dc=samba,dc=organizations,dc=my-domain,dc=com idmap alloc config:ldap_user_dn = cn=Manager,dc=my-domain,dc=com idmap alloc config:ldap_url = ldap://localhost idmap alloc config:range = 2-50 ldap ssl = no logon path = \\%L\profile\%U logon drive = P: logon home = \\%L\%U logon script = script.bat socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 case sensitive = No default case = lower preserve case = yes short preserve case = yes #character set = iso8859-1 #domain admin group = @admin dns proxy = No wins support = Yes #hosts allow = 192.168.0. 127. winbind use default domain = yes winbind enum users = yes winbind enum groups = yes nt acl support = Yes msdfs root = Yes time server = yes host msdfs = yes # Shared Folders lists --- [printers] comment = Printers browseable = yes path = /tmp printable = yes public = yes guest ok = yes writable = no create mode = 0700 [print$] comment = Printers drivers path = /etc/samba/printer_drivers browseable = yes guest ok = no read only = yes write list = root,administrator,@Administrators,@lpadmin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Ignoring unknown parameter idmap domains
Le mardi 01 septembre 2009 à 14:46 +0200, Karolin Seeger a écrit : Hi David, On Tue, Sep 01, 2009 at 02:22:29PM +0200, David Touzeau wrote: according this wiki http://wiki.samba.org/index.php/Ldapsam_Editposix i have enable EditPosix extension but i receive this error Ignoring unknown parameter idmap domains How can i fix it ? idmap domains has been removed in Samba 3.3.0. More information are available in the release notes http://www.samba.org/samba/history/samba-3.3.0.html. As the idmap configuration depends on your version, please see the smb.conf and idmap manpages (e.g. man idmap_tdb) for more information. If there are any questions left, please post again and provide the Samba version. You are right, the Wiki should be updated soon. Thanks for the hint! Cheers, Karolin Good ! Many thanks Karolin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [samba4][LDAP]: memberOf: attribute type undefined
Dear i'm trying to run samba4 on a debian lenny with LDAP backend when execute slapd -f /etc/samba/ldap/slapd.conf -h ldapi://%2Fetc%2Fsamba%2Fldap% 2Fldapi -d4294967295 the slapd server crash with this output : dnPrettyNormal: cn=samba-admin,cn=samba, cn=samba-admin,cn=samba line 57 (refint_attributes nonSecurityMemberBL nonSecurityMember msDS-NonMembersBL msDS-NonMembers directReports manager bridgeheadServerListBL bridgeheadTransportList msDS-ObjectReferenceBL msDS-ObjectReference msCOM-UserLink msCOM-UserPartitionSetLink msDs-masteredBy msDS-hasMasterNCs siteObjectBL siteObject queryPolicyBL queryPolicyObject masteredBy hasMasterNCs managedObjects managedBy serverReferenceBL serverReference memberOf member) /etc/samba/ldap/slapd.conf: line 57: refint_attributes memberOf: attribute type undefined lt-slapd destroy: freeing system resources. slapd stopped. Howto fix it ? best regards. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
