Re: [Samba] samba4 rfc2307 practice and confuse
Hi, I thought that we should avoid using nscd with winbind ? Has it changed with samba4 ? I'm still wondering which has the best performance for a file server between winbind, sssd and nslcd.. Cheers From : http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html /Do not under any circumstances run //|nscd|//on any system on which //|winbindd|//is running. // // //If //|nscd|//is running on the UNIX/Linux system, then even though NSSWITCH is correctly configured, it will not be possible to resolve domain users and groups for file and directory controls. / Le 16/04/2013 15:34, Björn JACKE a écrit : On 2013-04-15 at 20:51 +0200 Gémes Géza sent off: 1. Caching (lot better than nscd) actually I recommend running nscd when you have winbind running because nscd caches it's stuff more efficient and it can prevent winbind to go crazy if you have a lot of nsswitch operations like when you run rsync for example. Cheers Björn Eric PEYREMORTE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 rfc2307 practice and confuse
Le 15/04/2013 11:31, steve a écrit : On 15/04/13 11:07, d tbsky wrote: so you mean with samba 4 as DC and samba 3.x as winbind client, you can get correct rfc2307 gidnumber(and working getent group)? Yes. To get the rfc2307 info out from the directory you can use winbind, nslcd or sssd on the client. If you want to get all of the rfc2307 attributes on the DC, your choice is narrowed down to the latter two. As Geza posted earlier, winbind can only manage uidNumber and gidNumber. With a windows 2012 server and a samba 4.0.5 member i managed to get homedirectory and loginshell from AD with idmap backend = ad and rfc2307 Just had to fill unixhomedirectory and loginshell in aduc. I've put our nslcd method here: http://linuxcostablanca.blogspot.com.es/2013/04/ubuntu-client-for-samba4.html Will post the sssd solution sometime today. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] sssd getent problem with Samba 4.0
Le 14/04/2013 17:37, steve a écrit : ve even got getent group to list not only the gidNumber, but group members too:) I'll test an Ubuntu client tomorrow, but it's looking good. Maybe I'll put some doco together. Steve Don't you need enumerate = true in sssd.conf ? Just an idea -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Internal LDAP explanation
Hi there ! I've read many documentation today but i can't understand samba 4 internal ldap server. I'm currently using samba3 with openldap backend. I'm considering using samba4 as my new domain controller in ADS mode. I have few questions : - Can i connect to the new ldap server from a remote machine ( ldapsearch on port 389 ) ? If no why ? - So, can i connect pam for linux users to this internal ldap, and can i still continue to use this ldap server for both windows / linux auth ? - Shall i use ldapsam:tdb://something ? - Can we have posix attributes like userPassword in there ? - I've read that we do not need to have linux user account for samba user account : it's not mandatory isn't it ? I sorry, i've read all i can but can find a clear explanation on that... Cheers -- *Eric PEYREMORTE* /Technicien informatique - IUT de Valence/ ? 04.75.41.88.37 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smbclient php extension
Hi there, I know it's not the good place to ask but don't know where to... It would be great to have a compiled native php smbclient extension. Several people, including owncloud, still use Victor M. Varela, php library (which use exec smbclient) to access smb files. This is not optimized, and not usable if you disable escapeshellargs on your system. There was a project to build a native extension but it doesn't implement everything and hasn't changed for years : https://github.com/eduardok/libsmbclient-php If someone had the skills to build it, it would be very useful for the community. Unfortunately, i'm really bad in c programming.. Eric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] bind failed on port 445 socket_addr = 0.0.0.0.
Hi, I've just upgraded an old samba 3.0.23 on an old Fedora Core 5 to samba 3.5.4 using an rpm built from the source. Everything works fine, but when i start the server i get some error messages(see below). Before i start the server there is no connection (tested with lsof and fuser) on the 139 and 445 ports, smbd or nmbd aren't running. With the old version i never had this message. I suppose it means nmbd ans smbd won't connect to the all addresses interface (0.0.0.0). What can i check to fix this ? [2010/09/07 00:44:57.390890, 2] lib/util_sock.c:875(open_socket_in) bind failed on port 445 socket_addr = 0.0.0.0. Error = Address already in use [2010/09/07 00:44:57.391590, 0] smbd/server.c:500(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address already in use. [2010/09/07 00:44:57.391754, 2] lib/util_sock.c:875(open_socket_in) bind failed on port 139 socket_addr = 0.0.0.0. Error = Address already in use. [2010/09/07 00:44:57.391819, 0] smbd/server.c:500(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address already in use. Here is my global section of smb.conf : [global] dos charset = 850 workgroup = ADMINISTRATIF server string = Serveur Samba Administratif passdb backend = ldapsam:ldap://172.30.1.10/ username map = /etc/samba/smbusers log file = /var/log/samba/%m.log max log size = 500 name resolve order = host wins bcast time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -x %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = logon.bat logon path = \\brezeme\profiles\%a\%U logon drive = g: logon home = \\brezeme\%U domain logons = Yes os level = 75 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=Manager,dc=iut-valence,dc=fr ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = ou=Adminprofs,dc=iut-valence,dc=fr ldap ssl = no ldap user suffix = ou=Users passdb expand explicit = Yes idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 admin users = root, peyremor, chechat, renaudet, bernardi create mask = 0640 directory mask = 0750 cups options = raw hide files = /config/Desktop/../ veto oplock files = /*.mdb/*.ldb/*.mbx/*.toc/*.cwk/*.CWK/*.sss/*.dat/*. msf/*.db/ -- Eric PEYREMORTE Technicien informatique - IUT de Valence Tel : 04.75.41.88.37 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] bind failed on port 445 socket_addr = 0.0.0.0.
Hi, I've just upgraded an old samba 3.0.23 on an old Fedora Core 5 to samba 3.5.4 using an rpm built from the source. Everything works fine, but when i start the server i get some error messages(see below). Before i start the server there is no connection (tested with lsof and fuser) on the 139 and 445 ports, smbd or nmbd aren't running. With the old version i never had this message. I suppose it means nmbd ans smbd won't connect to the all addresses interface (0.0.0.0). What can i check to fix this ? [2010/09/07 00:44:57.390890, 2] lib/util_sock.c:875(open_socket_in) bind failed on port 445 socket_addr = 0.0.0.0. Error = Address already in use [2010/09/07 00:44:57.391590, 0] smbd/server.c:500(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address already in use. [2010/09/07 00:44:57.391754, 2] lib/util_sock.c:875(open_socket_in) bind failed on port 139 socket_addr = 0.0.0.0. Error = Address already in use. [2010/09/07 00:44:57.391819, 0] smbd/server.c:500(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address already in use. Here is my global section of smb.conf : [global] dos charset = 850 workgroup = ADMINISTRATIF server string = Serveur Samba Administratif passdb backend = ldapsam:ldap://172.30.1.10/ username map = /etc/samba/smbusers log file = /var/log/samba/%m.log max log size = 500 name resolve order = host wins bcast time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -x %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = logon.bat logon path = \\brezeme\profiles\%a\%U logon drive = g: logon home = \\brezeme\%U domain logons = Yes os level = 75 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=Manager,dc=iut-valence,dc=fr ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = ou=Adminprofs,dc=iut-valence,dc=fr ldap ssl = no ldap user suffix = ou=Users passdb expand explicit = Yes idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 admin users = root, peyremor, chechat, renaudet, bernardi create mask = 0640 directory mask = 0750 cups options = raw hide files = /config/Desktop/../ veto oplock files = /*.mdb/*.ldb/*.mbx/*.toc/*.cwk/*.CWK/*.sss/*.dat/*. msf/*.db/ -- Eric PEYREMORTE Technicien informatique - IUT de Valence Tel : 04.75.41.88.37 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] bind failed on port 445 socket_addr = 0.0.0.0.
Yes i double, triple check, that's why i post here :-) I 've just tried to add these two lines : interfaces = 127.0.0.1 172.30.1.30 bind interfaces only = yes The error message doesn't display anymore, but i think nmbd do not listen on the 0.0.0.0 interface with this parameters. Le 07/09/2010 16:47, John Drescher a écrit : On Tue, Sep 7, 2010 at 10:45 AM, Eric PEYREMORTE eric.peyremo...@iut-valence.fr wrote: Hi, I've just upgraded an old samba 3.0.23 on an old Fedora Core 5 to samba 3.5.4 using an rpm built from the source. Everything works fine, but when i start the server i get some error messages(see below). Before i start the server there is no connection (tested with lsof and fuser) on the 139 and 445 ports, smbd or nmbd aren't running. With the old version i never had this message. I suppose it means nmbd ans smbd won't connect to the all addresses interface (0.0.0.0). What can i check to fix this ? [2010/09/07 00:44:57.390890, 2] lib/util_sock.c:875(open_socket_in) bind failed on port 445 socket_addr = 0.0.0.0. Error = Address already in use [2010/09/07 00:44:57.391590, 0] smbd/server.c:500(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address already in use. [2010/09/07 00:44:57.391754, 2] lib/util_sock.c:875(open_socket_in) bind failed on port 139 socket_addr = 0.0.0.0. Error = Address already in use. [2010/09/07 00:44:57.391819, 0] smbd/server.c:500(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address already in use. Are you sure the old samba version is not still running. John -- Eric PEYREMORTE Technicien informatique - IUT de Valence Tel : 04.75.41.88.37 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Wins, browsing, browse.dat and wins.dat
Hi, I have troubles understanding wins and network browsing functionnality. I have a samba server(pdc) on a different subnet than my clients. The server smb.conf has wins support = Yes, the client are configured to use the wins server. In the wins.dat, i can see all the computers. In the browse.dat i have only computers/servers that are in the same subnet. When i try to browse the network via network neighborbood i only see the computers that are in the same subnet ( the same that are in the browse.dat ) I've read the howto about wins, but can't understand how my computers can be visible in the network neighborhood... I thought that setting a wins server would be the solution but i think i'm wrong. Could someone helped me ? ( I googled all the day for that ...) Thanks, Eric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Wins, browsing, browse.dat and wins.dat
Yes, it has been configured via dhcp, and ipconfig shows primary wins server : 172.30.1.30 Why browse.dat doesn't load values from wins ? In my case it seems to do some broadcast for discovery. I thought the nmbd would get values from the wins for the network browsing. Eric John H Terpstra a écrit : On 11/16/2009 08:21 AM, Eric PEYREMORTE wrote: Hi, I have troubles understanding wins and network browsing functionnality. I have a samba server(pdc) on a different subnet than my clients. The server smb.conf has wins support = Yes, the client are configured to use the wins server. In the wins.dat, i can see all the computers. In the browse.dat i have only computers/servers that are in the same subnet. When i try to browse the network via network neighborbood i only see the computers that are in the same subnet ( the same that are in the browse.dat ) I've read the howto about wins, but can't understand how my computers can be visible in the network neighborhood... I thought that setting a wins server would be the solution but i think i'm wrong. Could someone helped me ? ( I googled all the day for that ...) Thanks, Eric Have you configured ALL you MS Windows clients TCP/IP settings to use the Samba WINS server? The Samba3-HOWTO has a fairly detailed chapter on network browsing. What part of it does not make sense? http://www.samba.org/samba/docs/Samba3-HOWTO.pdf - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] how to know if kernel supports oplocks
Hi, I've read that i should put kernel support = no in smb.conf if my kernel doesn't support oplocks. But i can't find how to know if my kernel support it. I'm running a fedora core 4. If i compile the kernel manually, which option should i enable ?(i can't find a oplocks option) Eric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] nss_ldap: reconnected to LDAP server ldap://172.26.1.10 after 1 attempt
Hi, I had this message repeting many times in my logs: nss_ldap: reconnected to LDAP server ldap://172.26.1.10 after 1 attempt I've search everywhere on the web but the only response i had was : - network problem - slapd misconfiguration or poor slapd performance I finally noticed that i put idletimeout 30 in slapd.conf. I didn't think it came from that because i find this parameter in the official samba how-to. Yesterday i changed it to 3700(superior to nss pam timeout) and now i don't have this message anymore in my logs ! Hope it could help someone else ! Eric PEYREMORTE IUT Valence -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap_open: cannot access LDAP when not root..
Hi, I often have theses messages on my two samba 3.0.25a servers. What does it mean ? Eric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Repost: Can't follow DFS link
You should really try with the latest samba release. Several DFS changes have been made from 3.0.24 to 3.0.25. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Big bug with vfs recycle causing bugs and frequent Delayed write failure
Hi, I'm running samba 3.0.22 with 2000 and xp clients. Before upgrading to 3.0.22, i had vfs recycle module running like a charm. But since i upgraded, i have several errors delayed write failure on every systems 2000 and XP(every 10 seconds), and netscape 7 can't start anymore! In fact, it seems to have a problem with its lock file.So i tried veto oplocks = *.lock but still doesn't run. Removing all recycle options in the smb.conf fix the problem. Here is my smb.conf recycle params : #vfs object = recycle #recycle:repository = ../../../recycle/%U #recycle:versions=yes #recycle:touch_mtime = true #recycle:maxsize= 4000 #recycle:exclude= cookies.* ~$* quotas bookmarks* prefs.js.moztmp XUL.mfl lmos.dat OWNER.LOK cheers, Eric PEYREMORTE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] creating new file or folder does not appear until hitting refresh
Hi, I noticed that when right clicking and choosing to creater new folder, this one doesn't appear until pressing F5. My users are not very happy at all with this behaviour. I would like to fix it but i'm not sure about what i'm doing. I would like to change the //|change notify timeout|// but i don't understand exatcly what it does... What if i set it to 0 ? There is the fam change notify attribute, but i don't understand how to use it. Does it run with Fedora ? thanks //|//|// -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] VARIABLE SUBSTITUTIONS with LDAP
Hi everyone, I would like to understand why variable substitutions don't expand from ldap anymore. Jerry Carter answered me that it is due to conflicts with client side environnement variable. But these substitutions are done on the server side, so what's the problem with client side ??? It was a great feature, i don't know why a so practical thing has been removed. It would be also nice to specify in the smb.conf.man in the variable substitution chapter. cheers, eric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] %a substitution broken ????
Hi there, I have a strange problem with my profiles. They aren't saved in /profiles/WinXP but in /profiles/%a instead I have a sambaProfilePath: \\stperay\profiles\%a\dgenthia in my ldap and it always ran with samba 3.0.20. I also have logon path = \\stperay\profiles\%a\%U in my smb.conf as in the old smb.conf. Is the %a feature broken ? Thanks ;-) Eric PEYREMORTE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] home directories on two server
Hi, I have one samba PDC(3.0.12) with openldap. I have many users and i would like to do some load balancing : I would like to use the ldap directive sambahomepath to map some users [homes] to an other samba server in the same domain : i have server A (PDC) with ldap, and server B(domain member, security=domain, password server = server_A). In ldap, user1 has sambahomepath = \\server_a\user1 and user2 has sambahomepath=\\server_b\user2. But when i try to connect as user2 in the domain, samba search my home on server_a and i get an error :-( Does anyone knows how to do to get it work ? Regards, Eric PEYREMORTE Tch Info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] word 97, windows 2000 bug ?
When opening a word 97 file on a network drive it creates a ~$ file, but on exit the temporary doesn't disappear. If i access the file by network neighbouhood the problem doesn't occur anymore...Strange no? I tried with all win 2000 services packs, and i use samba 2.2.7 on redhat 8.0. Any idea? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba