Re: [Samba] ldbsearch/kerberos issue
On 19/04/13 12:06, Geoff Crompton wrote: Samba 4.0.5, Debian 6.0 I can successfully perform an ldbsearch on the Samba ldb by specifying the -U parameter: snip and while I can kinit successfully, as this klist shows: snip I cannot use the resulting ticket to connect: snip Anyone know what's going on? This email may look familiar, Steve reported the same issue last July, https://lists.samba.org/archive/samba/2012-July/168315.html. This isn't the problem that Zach was talking about in https://lists.samba.org/archive/samba/2012-November/169941.html, as I'm not using an IP address in the url. Someone contacted me offlist with a very helpful suggestion. Kerberos can't cope with a 'localhost' domain name. So the following search works with kerberos authentication: $ /usr/local/samba/bin/ldbsearch -H ldap://dc01.testad2.trinity.unimelb.edu.au -k yes 'CN=IT' Cheers, Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] user both missing and present
On 17/04/13 13:46, Geoff Crompton wrote: I'm trying the classicupgrade, and it is crashing out: snip I've found that the user -42545 does not exist in my samba3 as a user, but somehow does exist as a member of the -1231 group. I'm using the ldapsam passdb backend, and I don't understand how this situation has occurred. In my LDAP directory the -42545 user looks just like some of my other users (who don't trigger this problem). What should I do next? I found that my ldap server was limiting the number of objects returned to searches. The script didn't get details for the -42545 user when asking about all users, which explains my problem. Once I set that to 'unlimited' I got past this problem. I've made a note on https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO#Notes_about_migrating_from_LDAP_backend for other people to watch out for that. I wonder if the C library code behind the call to s3db.search_users(0) in the upgrade_from_samba3() method of python/samba/upgrade.py should handle an LDAP server telling it the error condition that it's search has been limited (and then the python adaption could throw that up as an exception). I've created bug 9808 ( https://bugzilla.samba.org/show_bug.cgi?id=9808 ) along those lines. Cheers, Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ldbsearch/kerberos issue
Samba 4.0.5, Debian 6.0 I can successfully perform an ldbsearch on the Samba ldb by specifying the -U parameter: geoffc@test-dc03: ~ $ /usr/local/samba/bin/ldbsearch -H ldap://localhost -U geoffc 'CN=IT' objectClass Password for [STAFF\geoffc]: # record 1 dn: CN=IT,CN=Users,DC=testad2,DC=trinity,DC=unimelb,DC=edu,DC=au objectClass: top objectClass: posixGroup objectClass: group snip and while I can kinit successfully, as this klist shows: geoffc@test-dc03: ~ $ klist Ticket cache: FILE:/tmp/krb5cc_12823 Default principal: geo...@testad2.trinity.unimelb.edu.au Valid starting ExpiresService principal 04/19/13 10:35:28 04/19/13 20:35:28 krbtgt/testad2.trinity.unimelb.edu...@testad2.trinity.unimelb.edu.au renew until 04/20/13 10:35:24 04/19/13 10:35:32 04/19/13 20:35:28 ldap/dc01.testad2.trinity.unimelb.edu...@testad2.trinity.unimelb.edu.au I cannot use the resulting ticket to connect: geoffc@test-dc03: ~ $ /usr/local/samba/bin/ldbsearch -H ldap://localhost -k yes 'CN=IT' Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://localhost' with backend 'ldap': (null) Failed to connect to ldap://localhost - (null) Anyone know what's going on? This email may look familiar, Steve reported the same issue last July, https://lists.samba.org/archive/samba/2012-July/168315.html. This isn't the problem that Zach was talking about in https://lists.samba.org/archive/samba/2012-November/169941.html, as I'm not using an IP address in the url. Cheers, Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] user both missing and present
I'm trying the classicupgrade, and it is crashing out: ERROR(class 'samba.provision.ProvisioningError'): uncaught exception - ProvisioningError: Could not add member 'S-1-5-21-305843216-174882882- 1673945419-42545' to group 'S-1-5-21-305843216-174882882-1673945419- 1231' as either group or user record doesn't exist: Unable to find GUID for DN File /usr/local/samba/lib/python2.6/site- packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site- packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py, line 919, in upgrade_from_samba3 add_users_to_group(result.samdb, g, groupmembers[str(g.sid)], logger) File /usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py, line 316, in add_users_to_group raise ProvisioningError(Could not add member '%s' to group '%s' as either group or user record doesn't exist: %s % (member_sid, group.sid, emsg)) I've found that the user -42545 does not exist in my samba3 as a user, but somehow does exist as a member of the -1231 group. I'm using the ldapsam passdb backend, and I don't understand how this situation has occurred. In my LDAP directory the -42545 user looks just like some of my other users (who don't trigger this problem). What should I do next? Cheers, Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] python scripting samba
Can someone point me to some documentation on scripting samba user and group management from python? I'd much rather not do this via calls out to samba-tool, and if I could do this remotely (via LDAP like calls) I'd be even happier. Cheers, Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tests failing on Debian Squeeze
On 14/04/13 06:48, Matthieu Patou wrote: On 04/12/2013 05:11 PM, Geoff Crompton wrote: FAILED (318 failures, 7 errors and 0 unexpected successes in 431 testsuites) A summary with detailed information can be found in: ./st/summary ERROR: test failed with exit code 1 make: *** [test] Error 1 How important is it for all the tests to pass? Should I just press on with a 'sudo make install'? No it's ok but in the same time if you could file a bug for each failing test so that we can start to have a look at fixing them. Hi Matthieu, Thanks for your response. The summary suggests there are over 300 failed tests. Do you really want over 300 bug submissions? If so, I'll have to work out how to automate that (maybe with https://github.com/LegNeato/bztools). What kind of extra information is useful along with these bug reports? I'm assuming on each one you'd want the relevant section of the ./st/summary file, and mention the environment it was run in (distribution, installed packages and their versions). Is there a script in the samba tree to extract from the system this summary? Cheers, Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tests failing on Debian Squeeze
On 15/04/13 04:59, Andrew Bartlett wrote: How important is it for all the tests to pass? Should I just press on with a 'sudo make install'? It's not good, but without seeing them it's rather hard to say more than that. Our tests are highly inter-dependent, so this is probably one or two tests that really go awry, and 300 tests that fail because the server process they run against has died. Andrew Bartlett I've submitted bug 9793, https://bugzilla.samba.org/show_bug.cgi?id=9793 so you can have a look at the test results. Cheers, Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] file share necessary?
On https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Setup_a_basic_File_Share the instructions says For the server to be useful you, will need to update it to have at least one share What do you need a file share for the server to be useful? Isn't a domain controller 'useful' to authenticate machines and users even if it doesn't have a file share? I would have thought that this step would be optional, like the NTP step just above it. Cheers, Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file share necessary?
On 15/04/13 14:07, Marc Muehlfeld wrote: Am 15.04.2013 04:23, schrieb Geoff Crompton: On https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Setup_a_basic_File_Share the instructions says For the server to be useful you, will need to update it to have at least one share What do you need a file share for the server to be useful? Isn't a domain controller 'useful' to authenticate machines and users even if it doesn't have a file share? I would have thought that this step would be optional, like the NTP step just above it. The DC need at least a sysvol and netlogon share. Regards, Marc That makes sense. If you've followed the HOWTO (as I just have) you probably already have sysvol and netlogon shares. Does anyone mind if I mark the 'Setup a basic File Share' as optional, and add some notes that the sysvol and netlogon shares are needed for a domain controller, but users should feel free to add their own if they desire? Cheers, Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] tests failing on Debian Squeeze
Hi, I'm trying to get samba4 4.0.5 tarball to run on a Debian Squeeze Virtual Machine. I've done a local build, and I've included the --enable-debug --enable-selftest switches. I've done a 'make test', and I get told there are quite a lot of failures. It ends by saying: FAILED (318 failures, 7 errors and 0 unexpected successes in 431 testsuites) A summary with detailed information can be found in: ./st/summary ERROR: test failed with exit code 1 make: *** [test] Error 1 How important is it for all the tests to pass? Should I just press on with a 'sudo make install'? Cheers, Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] whats normal for samba loging amount
Hi, I'm running the Debian samba 3.0.10-1 package. I have 'log level = 0'. However my logcheck is showing a lot of noise from samba. Are the following messages normal, or do we have a misconfiguration? (We don't seem to have any problems accessing the shared samba shares): Mar 31 12:13:31 sd01 nmbd[3150]: [2005/03/31 12:13:31, 0] nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(488) Mar 31 12:13:31 sd01 nmbd[3150]: get_domain_master_name_node_status_fail: Mar 31 12:13:31 sd01 nmbd[3150]: Cannot get workgroup name. Mar 31 12:25:36 sd01 smbd[14299]: [2005/03/31 12:25:36, 0] lib/util_sock.c:get_peer_addr(1000) Mar 31 12:25:36 sd01 smbd[14299]: [2005/03/31 12:25:36, 0] lib/util_sock.c:get_peer_addr(1000) Mar 31 12:25:36 sd01 smbd[14299]: [2005/03/31 12:25:36, 0] lib/util_sock.c:write_socket_data(430) Mar 31 12:25:36 sd01 smbd[14299]: [2005/03/31 12:25:36, 0] lib/util_sock.c:write_socket(455) Mar 31 12:25:36 sd01 smbd[14299]: write_socket: Error writing 4 bytes to socket 24: ERRNO = Connection reset by peer Mar 31 12:25:36 sd01 smbd[14299]: [2005/03/31 12:25:36, 0] lib/util_sock.c:send_smb(647) Mar 31 12:25:36 sd01 smbd[14299]: Error writing 4 bytes to client. -1. (Connection reset by peer) Mar 31 12:28:32 sd01 nmbd[3150]: [2005/03/31 12:28:32, 0] nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(488) Mar 31 12:28:32 sd01 nmbd[3150]: get_domain_master_name_node_status_fail: Mar 31 12:28:32 sd01 nmbd[3150]: Cannot get workgroup name. Mar 31 12:48:32 sd01 smbd[12738]: [2005/03/31 12:48:32, 0] smbd/connection.c:register_message_flags(220) Mar 31 12:48:34 sd01 smbd[12738]: [2005/03/31 12:48:34, 0] smbd/connection.c:register_message_flags(220) Thanks for any comments -- Geoff Crompton Debian System Administrator Strategic Data +61 3 9340 9000 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba