Re: [Samba] Debian Package Updates
On 8 August 2013 01:11, Andrew Bartlett abart...@samba.org wrote: On Wed, 2013-08-07 at 17:58 +0100, Dominic Evans wrote: So the new packages have now made it into experimental http://packages.qa.debian.org/s/samba/news/20130806T230018Z.html However, it isn't obvious what the upgrade step(s) should be from an existing `samba4` install to these packages. They don't appear to have specified Conflicts/Replaces with the samba4 packages, and it appears like a `sudo apt-get install -t experimental samba` would be partially installing alongside the existing samba4 binaries? We do have conflicts/Replaces set, and when the bulk of the packaging work was done this was tested upgrading from both. From here, the best approach would be to tell us what errors you get, and we can add some more as required. I think perhaps I was just a little too early, and the full set of packages hadn't made it onto my debian archive mirror yet, so the upgrade was a partial one. When I try again this morning I correctly see: The following packages will be REMOVED: samba4 samba4-clients samba4-common-bin The following NEW packages will be installed: libnetapi0 libsmbd0 samba samba-tools The following packages will be upgraded: libnih-dbus1 libnih1 libsamba-hostconfig0 libsamba-util0 libsmbclient libwbclient0 locales python-samba samba-common smbclient -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Debian Package Updates
On 5 August 2013 01:28, Andrew Bartlett abart...@samba.org wrote: On Fri, 2013-08-02 at 14:41 +0100, Dominic Evans wrote: The debian package of samba4 is still sitting at 4.0.3 in experimental. Please could someone (Andrew?) upload an updated package now that we are up to 4.0.7? http://packages.qa.debian.org/s/samba4.html We have toiled mightily, and have new experimental packages. They are stuck in the NEW queue, and have been for a month: http://ftp-master.debian.org/new.html (This is because we have additional package names, as part of the merge with the 'samba' package). So the new packages have now made it into experimental http://packages.qa.debian.org/s/samba/news/20130806T230018Z.html However, it isn't obvious what the upgrade step(s) should be from an existing `samba4` install to these packages. They don't appear to have specified Conflicts/Replaces with the samba4 packages, and it appears like a `sudo apt-get install -t experimental samba` would be partially installing alongside the existing samba4 binaries? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Debian Package Updates
On 5 August 2013 01:28, Andrew Bartlett abart...@samba.org wrote: On Fri, 2013-08-02 at 14:41 +0100, Dominic Evans wrote: The debian package of samba4 is still sitting at 4.0.3 in experimental. Please could someone (Andrew?) upload an updated package now that we are up to 4.0.7? http://packages.qa.debian.org/s/samba4.html We have toiled mightily, and have new experimental packages. They are stuck in the NEW queue, and have been for a month: http://ftp-master.debian.org/new.html (This is because we have additional package names, as part of the merge with the 'samba' package). Once that's in, I expect a 4.0.7 will follow shortly. Wonderful news. Thanks very much Andrew. I look forward to testing. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Debian Package Updates
The debian package of samba4 is still sitting at 4.0.3 in experimental. Please could someone (Andrew?) upload an updated package now that we are up to 4.0.7? http://packages.qa.debian.org/s/samba4.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba_upgradeprovision and msDS-SupportedEncryptionTypes / msDS-NcType
On 22 February 2013 11:48, Andrew Bartlett abart...@samba.org wrote: Indeed, if the domain originally came from windows, then upgradeprovision should NOT be run. Indeed, I would have hoped that the tool would detect this and would not attempt an upgrade, but clearly this fails. Ah. It might be worth adding something in the release notes to make this clear. I imagine a lot of new Samba4 users have migrated from Windows Server DCs and similarly may not have realised that upgradeprovision isn't a generic version-to-version migration step. A backup was made before the upgradeprovision process, and I hope you tool your own backup. Please revert to one of these backups, file a bug along these lines and do not use this tool until I can add more safety checks. I did take my own backup beforehand. However, my domain does appear to be running perfectly fine at the moment. I've not had any issues from users. We did initially lose some manually added DNS entries, but these were easy to add back in. The rest of the DNS was re-populated by the computers themselves anyway. We don't really use the domain for anything much beyond allowing users to logon to any machine in the network with their individual username+password, and allowing Administrators full remote access to the machines as well. So I'm happy to just continue with it in the current state and see how it goes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba_upgradeprovision and msDS-SupportedEncryptionTypes / msDS-NcType
Originally I had a Win 2003 DC. I added a samba 4.0.0 DC to the domain, allow full replication to take place and then transferred all the roles to the samba 4.0.0 dc. Finally I removed the Windows DC from the domain. Everything has been working well. Today I upgraded from samba 4.0.0 to 4.0.3 and ran samba_upgradeprovision --full. Initially this was failing in update_present throwing an exception when attempting to modify msDS-NcType and msDS-SupportedEncryptionTypes attributes which didn't exist. I was able to get the upgradeprovision to run to completion by removing these from the deltas i.e., delta.remove('msDS-SupportedEncryptionTypes') delta.remove('msDS-NcType') Everything seems to be up-and-running again at 4.0.3, so it went well. However, if these attributes are missing - a) shouldn't I get these attributes added? b) why don't these show up as missing attributes on the samba-tool dbcheck? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4: internal DNS orphaned dnsNode objects with no dnsRecord
I was having some problems with certain entries in my internal DNS server refusing to be updated via nsupdate. The updates would always be rejected. After investigating further I noticed that this seemed to correspond with dnsNode entries in the sam.ldb that didn't actually contain a dnsRecord attribute. i.e., the records found by this search: $ sudo ldbsearch -H /var/lib/samba/private/sam.ldb '((objectClass=dnsNode)(!(dnsRecord=*)))' Are there any risks associated with doing an ldbmodify to delete all of these entries? How might they have come about? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4: no --use-ntvfs option on samba-tool ntacl sysvolcheck
In samba-tool, sysvolreset has options for either --use-ntvfs or --use-s3fs to set the permissions appropriately However, sysvolcheck does not have the same capability, and always attempts to verify in s3 vfs. Is this a known limitation in Samba 4.0.0 ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA 4 acting as Domain Server- Is Exchange 2010 capable of being installed?
On 11 January 2013 05:02, Matthew Gear matthewj.g...@gmail.com wrote: I am attempting to install an Exchange 2010 deployment for integrated UM testing. As I attempted to extend the schema of the SAMBA 4 AD (setup /ps), the setup program came back and reported the following: The Domain Controller 'smb4.homelab.int' is running the 4.0.0 version of the operating system. Minimal requested version is 5.2 (3790) Service Pack 1. Is it possible to install Exchange 2010 in a Samba4 Active Directory environment ? Hmm. You could experiment with setting the 'server string' variable in smb.conf to something like Windows Server 2003 R2 5.2 and seeing if the Exchange deployment is parsing server string or some other attribute in the samba publication. I don't believe there are currently any other options in smb.conf for masquerading Samba server type from UNIX to an arbitrary Windows. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4: Replication of DNS data from one AD server to another
Hi, As per the Samba 4.0.0 release notes: Replication of DNS data from one AD server to another may not work. The DNS data used by the internal DNS server and bind9_dlz is stored in an application partition in our directory. The replication of this partition is not yet reliable. I have noticed in the process of my migration tests that changes for a particular hostname entry in the master DNS server (running on a Win 2003 DC) are not getting propagated through to the secondary DC running on Samba 4. The secondary server never seems to add an entry for this particular hostname, despite deletion and recreation on the master DNS server. New additions with different hostnames do get replicated across correctly; it just appears to be a problem with this one hostname. I'm assuming that the secondary DC somehow has a corrupt DNS entry for this hostname. Is is possible to purge all the DNS entries on the secondary controller and force it to do a clean recreate from the master DC? Alternatively, can I use ldbedit/ldbsearch to try and clear any erroneous data for the single hostname? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 Internal DNS CNAME entries
I am currently in the progress of testing the replacement of a Windows 2003 DC with a Samba4-based one. In the DNS of old Windows DC we had CNAME entries to alias www.domain.com to serverX.domain.com and ftp.domain.com to serverY.domain.com. This is working and can be tested successfully with dig The CNAME entries were correctly replicated across to the internal DNS server on the new Samba4 DC after it joined the domain, but querying that server for www.domain.com through dig returns no results. However, samba-tool dns query localhost does correctly show the CNAME entry as present. Does the internal DNS server of samba4 not yet support CNAME lookups? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Internal DNS CNAME entries
On 4 January 2013 15:14, Dominic Evans oldma...@gmail.com wrote: Does the internal DNS server of samba4 not yet support CNAME lookups? Another interesting thing I noted is that dns recursion also doesn't appear to be working for this lookup. i.e., $ dig @127.0.0.1 www.google.com +norecurse \ returns no results $ dig @127.0.0.1 www.google.com \ correctly returns a result (seemingly showing that the dns forwarder configured in smb.conf is working) However, $ dig @127.0.0.1 www.domain.com \ returns no results and displays the warning ;; WARNING: recursion requested but not available -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: ldapcmp incorrectly reporting some attributes as missing on secondary controller
On 28 December 2012 05:43, Andrew Bartlett abart...@samba.org wrote: $ sudo samba-tool ldapcmp ldap://windowsdc.exampledn.com ldap://samba4dc.exampledn.com domain --base='CN=ExampleFirstName ExampleSecondName,OU=OU,DC=exampledn,DC=com' --base2='CN=ExampleFirstName ExampleSecondName,OU=OU,DC=exampledn,DC=com' What username did you use (administrator or another user) to authenticate in this case? We have an outstanding issue where the read ACL is applied incorrectly for non-administrator users, and I need to understand why that is. Ah you are correct. In the ldapcmp case I had authenticated as a regular user, but in the ldapsearch I had authenticated as administrator. If I modify my ldapcmp command to authenticate as the administrator the comparison passes successfully with all attributes being found in both DCs. So as you presumed it appears to be a minor discrepancy between the attributes that a Windows DC hides from non-Administrators, and those that a Samba4 DC hides. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4: ldapcmp incorrectly reporting some attributes as missing on secondary controller
Hi, I have a domain with a single Windows 2003 DC running. Today I created a Samba4 DC (using 4.0.0 release) and asked it to join the existing domain as an additional controller. Replication of both the objects and dns entries appears to be working well, and the usual tests of adding a user to one and confirming it is available in the other is similarly working. However, the `ldapcmp` tool claims there are numerous discrepancies in the replicated data between the two ldap directories. Note the 'attributes found only in' list in the example comparison for a specific user in the directory: $ sudo samba-tool ldapcmp ldap://windowsdc.exampledn.com ldap://samba4dc.exampledn.com domain --base='CN=ExampleFirstName ExampleSecondName,OU=OU,DC=exampledn,DC=com' --base2='CN=ExampleFirstName ExampleSecondName,OU=OU,DC=exampledn,DC=com' * Comparing [DOMAIN] context... * Objects to be compared: 1 Comparing: 'CN=ExampleFirstName ExampleSecondName,OU=OU,DC=exampledn,DC=com' [ldap://windowsdc.exampledn.com] 'CN=ExampleFirstName ExampleSecondName,OU=OU,DC=exampledn,DC=com' [ldap://samba4dc.exampledn.com] Attributes found only in ldap://windowsdc.exampledn.com: instanceType whenCreated pwdLastSet accountExpires userAccountControl FAILED * Result for [DOMAIN]: FAILURE SUMMARY - Attributes found only in ldap://windowsdc.exampledn.com: pwdLastSet whenCreated instanceType userAccountControl accountExpires ERROR: Compare failed: -1 However, using `ldapsearch` to query the directories of both domain controllers directly, shows that these five attributes all appear to exist in both? In addition, the diff of the two queries seems to indicated some missing attributes and differing values on the samba4 domaincontroller that are not mentioned/caught by the ldapcmp tool? --- /tmp/ldapsearch-windowsdc 2012-12-27 18:42:30.193281974 +0100 +++ /tmp/ldapsearch-samba4dc2012-12-27 18:42:30.233278605 +0100 @@ -1,34 +1,29 @@ dn: CN=ExampleFirstName ExampleSecondName,OU=OU,DC=exampledn,DC=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: ExampleFirstName ExampleSecondName sn: ExampleSecondName givenName: ExampleFirstName distinguishedName: CN=ExampleFirstName ExampleSecondName,OU=OU,DC=exampledn,DC=com instanceType: 4 whenCreated: 20100401152917.0Z whenChanged: 20100401152918.0Z displayName: ExampleFirstName ExampleSecondName -uSNCreated: 236996493 -uSNChanged: 236996516 +uSNCreated: 3171 +uSNChanged: 3171 name: ExampleFirstName ExampleSecondName objectGUID:: 2io6fCOdmUW5yeebD85hAA== userAccountControl: 66048 -badPwdCount: 0 codePage: 0 countryCode: 0 -badPasswordTime: 13001017344375 -lastLogoff: 0 -lastLogon: 130010708699218750 pwdLastSet: 129146093579687500 primaryGroupID: 513 objectSid:: AQUAAAUVdPiuHDqU7zAoMuUqaAoAAA== accountExpires: 9223372036854775807 -logonCount: 7781 sAMAccountName: examplesecondname.examplefirstname sAMAccountType: 805306368 userPrincipalName: examplesecondname.examplefirstn...@exampledn.com objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=exampledn,DC=com Should I be concerned by any of this? Cheers, Dominic -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba