[Samba] wbinfo -u fails in Samba-3.0.4 on Samba PDC/BDC
Dear list, Do any of you use the latest(3.0.4) as a Samba PDC(with OpenLDAP) on Linux ? If yes, have you encountered the following problem ? The setup is a PDC with an LDAP server running locally which is accessed directly and through nsswitch/PAM. A member server is providing shares to clients. When looking up domain users (wbinfo -u) from a member server(Solaris 8, OpenLDAP 2.1.25) there are no problems. When looking up users on the PDC and on the BDC, it fails (Error looking up domain users). The log.winbindd states problems with socket read errors. When running "wbinfo -m" we only get "BUILTIN". When running "wbinfo -g" we get: BUILTIN+System Operators BUILTIN+Replicators BUILTIN+Guests BUILTIN+Power Users BUILTIN+Print Operators BUILTIN+Administrators BUILTIN+Account Operators BUILTIN+Backup Operators BUILTIN+Users The PDC is running Mandrake 9(2.4.19-16mdk, OpenLDAP 2.0.25) and the BDC is running RedHat 7.3(2.4.18-3, OpenLDAP 2.0.27) and works without problems in other regards. Have tried a similar PDC/BDC configuration on Mandrake 10 as well with same results. The problem was first discovered in Samba 3.0.2(currently 3.0.4) and searching the mailing lists does not reveal anything that equals our situation. Samba config options are: ./configure -with-acl-support -with-libiconv Things checked: There are no firewall rules. Different socket options tried. Custom compiled and vendor compiled binaries tried. LDAP entries commented out with no affect. Guess on cause: The LDAP lookup is messing up a socket used for local host communication. Failing lookup [2004/05/24 12:53:25, 6] nsswitch/winbindd.c:new_connection(343) accepted socket 16 [2004/05/24 12:53:25, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 1824 bytes. Need 0 more for a full request. [2004/05/24 12:53:25, 10] nsswitch/winbindd.c:process_request(308) process_request: request fn INTERFACE_VERSION [2004/05/24 12:53:25, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261 ) [ 7076]: request interface version [2004/05/24 12:53:25, 10] nsswitch/winbindd.c:client_write(512) client_write: wrote 1300 bytes. [2004/05/24 12:53:25, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 1824 bytes. Need 0 more for a full request. [2004/05/24 12:53:25, 10] nsswitch/winbindd.c:process_request(308) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2004/05/24 12:53:25, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [ 7076]: request location of privileged pipe [2004/05/24 12:53:25, 10] nsswitch/winbindd.c:client_write(512) client_write: wrote 1300 bytes. [2004/05/24 12:53:25, 10] nsswitch/winbindd.c:client_write(557) client_write: need to write 47 extra data bytes. [2004/05/24 12:53:25, 10] nsswitch/winbindd.c:client_write(512) client_write: wrote 47 bytes. [2004/05/24 12:53:25, 10] nsswitch/winbindd.c:client_write(546) client_write: client_write: complete response written. [2004/05/24 12:53:25, 6] nsswitch/winbindd.c:new_connection(343) accepted socket 17 [2004/05/24 12:53:25, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 0 bytes. Need 1824 more for a full request. [2004/05/24 12:53:25, 5] nsswitch/winbindd.c:winbind_client_read(465) read failed on sock 16, pid 7076: EOF [2004/05/24 12:53:25, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 1824 bytes. Need 0 more for a full request. [2004/05/24 12:53:25, 10] nsswitch/winbindd.c:process_request(308) process_request: request fn LIST_USERS [2004/05/24 12:53:25, 3] nsswitch/winbindd_user.c:winbindd_list_users(592) [ 7076]: list users [2004/05/24 12:53:25, 10] nsswitch/winbindd.c:client_write(512) client_write: wrote 1300 bytes. [2004/05/24 12:53:25, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 0 bytes. Need 1824 more for a full request. [2004/05/24 12:53:25, 5] nsswitch/winbindd.c:winbind_client_read(465) read failed on sock 17, pid 7076: EOF Working lookup [2004/05/24 13:19:05, 6] nsswitch/winbindd.c:new_connection(343) accepted socket 19 [2004/05/24 13:19:05, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 1824 bytes. Need 0 more for a full request. [2004/05/24 13:19:05, 10] nsswitch/winbindd.c:process_request(308) process_request: request fn INTERFACE_VERSION [2004/05/24 13:19:05, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261 ) [27482]: request interface version [2004/05/24 13:19:05, 10] nsswitch/winbindd.c:client_write(512) client_write: wrote 1300 bytes. [2004/05/24 13:19:05, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 1824 bytes. Need 0 more for a full request. [2004/05/24 13:19:05, 10] nsswitch/winbindd.c:process_request(308) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2004/05/24 13:19:05, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [27482]: request location of privileged pipe [2004/05/24 13:19:05, 10] nsswitch/winbindd.c:client_write(512) client_w
RE: [Samba] Winbind problem?
Hi Derek, I reported this as bug number 1383, but it turned out to be correct behaviour. The error message sounds as if something is wrong, but it just says that there are no domain users and domain group, since all users and groups are LOCAL to the PDC. If you have a trusted doamin to this PDC you will be able to see these... Please look in the description of bug report 1383 for more detail. Regards, Hans. https://bugzilla.samba.org/show_bug.cgi?id=1383 -Original Message- From: Derek Harkness [mailto:[EMAIL PROTECTED] Sent: 4. juni 2004 09:22 To: [EMAIL PROTECTED] Subject: [Samba] Winbind problem? I've got a Samba PDC and a Samba domain member server. I successfully joined the domain, started winbind and run the wbinfo -p; wbinfo -t tests, both succeeded. But if I do a winbind -g I only get BUILDIN/group and if I do a wbinfo -u I get "Error looking up domain users". But ntlm_auth succeeds. So I'm a little confused. At this point this is a minor issue since authentication is working, I was just wondering why I can't list domain users and groups. Setup details PDC is running Samba 2.2.8a on Solaris Member server is running Samba 3.0.4 on Debian linux. Thanks, Derek "This world is a comedy to those who think and a tragedy to those who feel." ** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify the system manager at [EMAIL PROTECTED] This e-mail and its contents do not constitute and shall not be considered as a financial commitment of Maersk Olie og Gas AS and its affiliates. Maersk Olie og Gas AS expressly disclaims any responsibility as to the accuracy and use of this e-mail and its contents. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] problem with all capitals 8.3 filenames
Dear list, After having upgraded from Samba-2.2.8a to Samba-3.0.4 I have problems getting "short preserve case = Yes" to work properly for filenames having only capital letters when seen from NT-4.0 explorer. A mixture of lettercase filenames and all lowercase work fine. What I see is the following: UNIX: Windows-NT: -- ALLB !=Allb ALLB.DIR !=Allb.dir ALLB.TXT !=Allb.txt ALLBIGXX!=Allbigxx ALLBIGXX.DIR !=Allbigxx.dir ALLBIGXX.TXT !=Allbigxx.txt alls =alls alls.dir =alls.dir alls.txt =alls.txt allsmall =allsmall allsmall.dir =allsmall.dir allsmall.txt =allsmall.txt AlTbIgSm =AlTbIgSm AlTbIgSm.DiR=AlTbIgSm.DiR AlTbIgSm.TxT=AlTbIgSm.TxT AlTbS.dIr =AlTbS.dIr AlTbS.tXt =AlTbS.tXt aLtSb.tXt =aLtSb.tXt aLtSmBiG =aLtSmBiG aLtSmBiG.dIr=aLtSmBiG.dIr aLtSmBiG.tXt=aLtSmBiG.tXt ONESMALl =ONESMALl ONESMALL.TXt=ONESMALL.TXt oNESMALL.DIR= oNESMALL.DIR TBt.tXT =TBt.tXT TWobYTwo =TWobYTwo TWobYTwo.DIr =TWobYTwo.DIr TWobYTwo.TXt =TWobYTwo.TXt Explorer on windows-XP and windows-2000 seems to show the filenames correctly ! Also if I do a "DIR" command in a command window on windows-NT4.0 the filenames are shown correctly ! Explorer on windows-NT4.0 showns correct filenames on Samba-2.2.8a. The relevant Samba configuration options are: display charset = LOCALE dos charset = CP850 unix charset = ISO-8859-1 mangle case = Yes preserve case = Yes short preserve case = Yes I have tried the following options as well, but getting the same results: # unix charset = UTF-8 # unix charset = LOCALE # unix charset = ASCII Samba has been configured like this: ./configure -with-acl-support -with-libiconv and it is built and running on a Solaris-8 box. I have the following 2 lines at the top in the startup script: LD_PRELOAD=/usr/local/lib/libiconv_plug.so export LD_PRELOAD QUESTIONS: 1. Have any of you seen similar behaviour ? 2. Is it a bug in Samba or libiconv ? 3. or is it windows-NT4.0 explorer that fails to communicate with Samba-3.0.4 properly ? 4. any work-arounds ? Any help would be appreciated - thanks in advance. Cheers, Hans. ** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify the system manager at [EMAIL PROTECTED] This e-mail and its contents do not constitute and shall not be considered as a financial commitment of Maersk Olie og Gas AS and its affiliates. Maersk Olie og Gas AS expressly disclaims any responsibility as to the accuracy and use of this e-mail and its contents. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbstatus hangs after upgrade from 2.2.8a to 3.0.6
Dear list, I have just upgraded our main Samba server from version 2.2.8a to 3.0.6. It seems to be working fine except for 2 things: 1. when I use smbstatus(or swat/status) only some of the connections are listed and then smbstatus hangs forever(swat comes back after a while, but only with some of the connections) Have any of you experienced something similar ? How can I debug smbstatus ? 2. Some users working in a trusted domain cannot access a share which they used to in version 2.2.8a and smbstatus doesn't show these users like they used to with "DOMAIN\user", but only as "user" or nobody. The trust seems to be OK. The error in the log file is: "No such file or directory", but the path to the directory is correct(and hasn't been changed sine the upgrade). Have any of you experienced this behaviour ? The domain controllers are NT boxes. We trust 3 other domains. "wbinfo -m" shows these domains. Thanks in advance for any feedback. Regards, Hans. ** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify the system manager at [EMAIL PROTECTED] This e-mail and its contents do not constitute and shall not be considered as a financial commitment of Maersk Olie og Gas AS and its affiliates. Maersk Olie og Gas AS expressly disclaims any responsibility as to the accuracy and use of this e-mail and its contents. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Interdomain trust to Windows 2003 native mode domain ?
Dear list and Samba Team, It says in the Samba Howto, that it "should" be possible to trust a Windows 2000 domain, but it needs more testing. Have any of you made this work ? I ask because we implemented our Samba/LDAP-3 domain during the week-end and had to rool back since we couldn't get the user validation to a trusted Windows 2003 native domain to work. Samba team, If this feature is not fully functional and you are interested, we can provide tcpdump and level 10 data if we make another try. Kind regards, Hans Randgaard. ** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify the system manager at [EMAIL PROTECTED] This e-mail and its contents do not constitute and shall not be considered as a financial commitment of Maersk Olie og Gas AS and its affiliates. Maersk Olie og Gas AS expressly disclaims any responsibility as to the accuracy and use of this e-mail and its contents. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Is there a limit in the number of users in a NT group used by winbind ?
First of all, I would like to thank everyone in the Samba Team for an outstanding tool. I have setup Samba 2.2.4 on a Solaris-8 server using winbind and ACL. (config file at the end). It works quite well, but I have a problem with certain global NT groups in a trusted domain. I can do both: "wbinfo -u" and "wbinfo -g" to get all users and groups in all the domains. "getent passwd" also works OK, but "getent group" ONLY returns the UNIX groups. winbind is added to /etc/nsswitch.conf for both passwd and group. One of the global NT groups that gives problems has 1949 members. If I add this group to the ACL of a file using the NT-explorer(NT-4.0) and do "getfacl" on Solaris, it hangs when it reaches this particular group. The same happens if I do "getent group ". My questions are: 1. Is there a limit in how many users winbind can handle inside NT groups. 2. Can it be a timeout problem, since the trusted domain inwhich the group is located, acts much slower than our primary domain ? 3. Have any of you seen similar behaviour ? Thanks in advance. Best regards, Hans. Hans Randgaard Phone: +45 3363 4002 smb.conf: - [global] workgroup = WG1 netbios name = SAMBA01 security = DOMAIN interfaces = ge0 1.0.0.0/255.0.0.0 2.1.1.0/255.255.255.0 3.1.0.0/255.255.0.0 wins server = 1.1.1.1 encrypt passwords = Yes password server = dc01, dc02 username map = /usr/local/samba/lib/users.map admin users = WG1+testuser log file = /usr/local/samba/var/log.%m max log size = 100 deadtime = 180 character set = ISO8859-1 local master = No valid chars = ø:Ø winbind uid = 1-2 winbind gid = 1-2 winbind separator = + winbind cache time = 3600 [share1] comment = testshare 1 path = /test1 read only = No browsable = Yes [share2] path = /test2 browseable = Yes - ** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify the system manager at [EMAIL PROTECTED] This e-mail and its contents do not constitute and shall not be considered as a financial commitment of Maersk Olie og Gas AS and its affiliates. Maersk Olie og Gas AS expressly disclaims any responsibility as to the accuracy and use of this e-mail and its contents. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] problem with Too many open files
Hi Samba community, Last year we upgraded from version 3.0.10 to 3.0.20b and at the same time switch from NT-domain controller membership to AD membership. After this upgrade we began to experience that drives sometimes were not mapped. We saw this both on our Citrix servers and on our XP PCs. A couple of weeks back we then moved to 3.0.21b in the hope that this misbehaviour would disappear, but in fact it didn't. I noticed that we see the error message: "Too many open files" each time drives are not mapped. In the log files I can see that it has happened even when we ran version 3.0.10. We run Samba on Solaris and have previously increased both "rlim_fd_cur" and "rlim_fd_max" to 1024. Do we need to increase these values further ? If I do "plimit " it says: resourcecurrent maximum time(seconds)unlimited unlimited file(blocks) unlimited unlimited data(kbytes) unlimited unlimited stack(kbytes) 8192unlimited coredump(blocks) unlimited unlimited nofiles(descriptors) 10020 10020 vmemory(kbytes)unlimited unlimited I have tried increasing "nofiles" to 20040 without any success :-( Here are some examples of the full error messages from the logs: [2005/04/21 08:45:36, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(204) startsmbfilepwent_internal: unable to open file /usr/local/samba/private/smbpasswd. Error was: Too many open files [2005/04/21 08:45:36, 0] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1326) Unable to open passdb database. another example: [2006/01/26 08:19:06, 0] lib/debug.c:reopen_logs(591) Unable to open new log file /usr/local/samba/var/log.pcped250: Too many open files Have any of you experienced the same and if yes what did you do to get Samba to behave ? It is as if files are not closed... Any help would be appreciated ! Kind regards, Hans. PS. below is an extract of smb.conf(testparm -v) parameters(excluding all the shares: LOTS) Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] dos charset = CP850 unix charset = ISO-8859-1 display charset = LOCALE workgroup = CPHOIL realm = REALM.NET netbios name = PCDISK01 netbios aliases = pcdisk, pcdisk-1, pcdisk-2, pcdisk-3, pcdisk-4, pcdisk-5, pcdisk-6, pcdisk-7, pcdisk-8, pcdisk-9, pcdisk-10, pcdisk-11, pcdisk-12, pcdisk-13, pcdisk-14, pcdisk-15, pcdisk-16, pcdisk-17, pcdisk-18, pcdisk-19, pcdisk-20, pcdisk-21, pcdisk-22, pcdisk-23, pcdisk-24, pcdisk-25, pcdisk-26, pcdisk-27, pcdisk-28, pcdisk-29, pcdisk-30 netbios scope = server string = Samba 3.0.21b interfaces = ge0, 89.0.0.0/255.0.0.0, 192.168.89.0/255.255.255.0, 10.65.0.0/255.255.0.0, 40.0.0.0/255.0.0.0, 127.0.0.1 bind interfaces only = No security = ADS auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes hosts equiv = map to guest = Never null passwords = No obey pam restrictions = No password server = * smb passwd file = /usr/local/samba/private/smbpasswd private dir = /usr/local/samba/private passdb backend = smbpasswd algorithmic rid base = 1000 root directory = guest account = nobody enable privileges = No pam password change = No passwd program = passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No passwd chat timeout = 2 check password script = username map = /usr/local/samba/lib/users.map password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = Yes ntlm auth = Yes client NTLMv2 auth = No client lanman auth = Yes client plaintext auth = Yes preload modules = use kerberos keytab = No log level = 1 printdrivers:10 syslog = 1 syslog only = No log file = /usr/local/samba/var/log.%m max log size = 100 debug timestamp = Yes debug hires timestamp = No debug pid = No debug uid = No smb ports = 445 139 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes disable netbios = No reset on zero vc = No acl compatibility = defer sharing violations = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = wins bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extension
[Samba] RE: problem with Too many open files(REASON FOUND)
Hi again, For what it is worth, we found out that MS Outlook on Citrix now and then opens thousands(17-18000) of references(filehandles) to the same PAB(Personal Address Book) files and then give up these references again after a while !? This was what made Samba chooke. We will now remove all PAB access from Outlook. Sorry for wasting Samba mailing list bandwidth ;-) Kind regards, Hans. From: Hans B. Randgaard Sent: 12. februar 2006 22:10 To: 'samba@lists.samba.org' Subject: problem with Too many open files Hi Samba community, Last year we upgraded from version 3.0.10 to 3.0.20b and at the same time switch from NT-domain controller membership to AD membership. After this upgrade we began to experience that drives sometimes were not mapped. We saw this both on our Citrix servers and on our XP PCs. A couple of weeks back we then moved to 3.0.21b in the hope that this misbehaviour would disappear, but in fact it didn't. I noticed that we see the error message: "Too many open files" each time drives are not mapped. In the log files I can see that it has happened even when we ran version 3.0.10. We run Samba on Solaris and have previously increased both "rlim_fd_cur" and "rlim_fd_max" to 1024. Do we need to increase these values further ? If I do "plimit " it says: resourcecurrent maximum time(seconds)unlimited unlimited file(blocks) unlimited unlimited data(kbytes) unlimited unlimited stack(kbytes) 8192unlimited coredump(blocks) unlimited unlimited nofiles(descriptors) 10020 10020 vmemory(kbytes)unlimited unlimited I have tried increasing "nofiles" to 20040 without any success :-( Here are some examples of the full error messages from the logs: [2005/04/21 08:45:36, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(204) startsmbfilepwent_internal: unable to open file /usr/local/samba/private/smbpasswd. Error was: Too many open files [2005/04/21 08:45:36, 0] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1326) Unable to open passdb database. another example: [2006/01/26 08:19:06, 0] lib/debug.c:reopen_logs(591) Unable to open new log file /usr/local/samba/var/log.pcped250: Too many open files Have any of you experienced the same and if yes what did you do to get Samba to behave ? It is as if files are not closed... Any help would be appreciated ! Kind regards, Hans. PS. below is an extract of smb.conf(testparm -v) parameters(excluding all the shares: LOTS) ** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify the system manager at [EMAIL PROTECTED] This e-mail and its contents do not constitute and shall not be considered as a financial commitment of Maersk Olie og Gas AS and its affiliates. Maersk Olie og Gas AS expressly disclaims any responsibility as to the accuracy and use of this e-mail and its contents. ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] help, we are running out of idmap uids
Dear Samba experts, Initially we set up winbind to the following: idmap uid = 1-2 thinking that 1 uids were sufficient for the number of users we would get. We also have defined our UNIX users from 20001 onwards. However, now I can see that our latest windows(idmap uid) users has uid 19123 and this troubles me. Since I cannot just "extend" the range to be say 1-3 because of our UNIX UIDs, I would like to ask if it is possible to define 2 ranges like: idmap uid = 1-2,3-4 I noticed that winbind will not automatically remove UIDs not used. For instance when a windows user is deleted. Is there a way to do this manually ? And will winbind then use the "unused" UIDs ? Kind regards, Hans. ** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify the system manager at [EMAIL PROTECTED] This e-mail and its contents do not constitute and shall not be considered as a financial commitment of Maersk Olie og Gas AS and its affiliates. Maersk Olie og Gas AS expressly disclaims any responsibility as to the accuracy and use of this e-mail and its contents. ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] recommendations to procedure when changing domain controller IP-addresses ?
Dear list, We have a samba client server running Samba 3.0.21b(+ MIT kerberos 1.4.1) on Solaris against 2 Windows-2003 AD domain controllers. Have any of you tried changing the IP-addresses of the domain controllers while letting the samba client server continue to run ? Do you have any experiences that you would like to share ? Is it necessary to rejoin the domain ? Will kerberos be confused ? Any recommendations ? Kind regards, Hans. ** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify the system manager at [EMAIL PROTECTED] This e-mail and its contents do not constitute and shall not be considered as a financial commitment of Maersk Olie og Gas AS and its affiliates. Maersk Olie og Gas AS expressly disclaims any responsibility as to the accuracy and use of this e-mail and its contents. ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] idmap syntax transition from 3.0.20 to 3.0.25 ?
Dear Samba people, I am going to upgrade a Samba domain member server, which is a member of an AD domain. Its Windows user-ids and group-ids are stored on 2 Open-LDAP servers. I have look in the mailinglists and in the docs, but have not found any good examples of how to change the old syntax into the new(in 3.0.25). Is there a place where I can find some examples ? Our old idmap config lines looks like this: ldap admin dn = cn=Manager,dc=cph,dc=maerskoil,dc=com ldap idmap suffix = ou=Idmap ldap suffix = dc=cph,dc=maerskoil,dc=com idmap backend = "ldap:ldap://ldap03 ldap://ldap04"; idmap uid = 1-20 idmap gid = 1-2 winbind separator = + Thanks very much in advance for any hints. cheers, Hans. ** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify the system manager at [EMAIL PROTECTED] ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] idmap syntax transition from 3.0.20 to 3.0.25 ?
Oops, I guess I didn't try hard enough, sorry ! Just what I needed, thanks ! I looked in the old man location /usr/local/samba/man, but yes, found it in /usr/local/samba/share/man. Thanks Jerry, for your endless patience ! Cheers, Hans. > -Original Message- > From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] > Sent: 10. juli 2007 17:29 > To: Hans B. Randgaard > Cc: samba@lists.samba.org > Subject: Re: [Samba] idmap syntax transition from 3.0.20 to 3.0.25 ? > > -BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hans B. Randgaard wrote: > > Dear Samba people, > > > > I am going to upgrade a Samba domain member server, which > is a member > > of an AD domain. Its Windows user-ids and group-ids are stored on 2 > > Open-LDAP servers. > > > > I have look in the mailinglists and in the docs, but have not found > > any good examples of how to change the old syntax into the new(in > > 3.0.25). > > > > Is there a place where I can find some examples ? > > Have you tried `man idmap_ldap` ? > > > > > > > cheers, jerry > = > Samba--- http://www.samba.org > Centeris --- http://www.centeris.com > "What man is a man who does not make the world better?" --Balian > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFGk6WmIR7qMdg1EfYRAhZYAKCWLb5cj424Y95W4fqGHbaHNmL2JwCcC7Ut > cwGGUOgn11Wb3xFsqAU3ICg= > =LclJ > -END PGP SIGNATURE- > ** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify the system manager at [EMAIL PROTECTED] ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba & Terminal Services / Citrix
Hi Brad, As it seems that nobody answered your quiry yet, here you have some feedback... We have used Samba with both windows-NT and Terminal servers(Citrix) for over a year now. It works just fine :-) Concerning the Terminal servers and Samba we have only been bothered with the following 2 problems: - we had to increase the constant MAX_CONNECTIONS in smbd/conn.c since the total number of drives being mapped from the Terminal server was higher than 128(default). We chose 1024 instead which gave us a reasonable margin. - originally we used %U and %G to point to the users login path and for our PDF generator. However, we had to give up using these "variables", since the user and group IDs were cached somewhere, resulting in user and group mixups on the Samba server. Even though it is a late answer(I subscribe to the digest version of the mailinglist), I hope you can use it. Regards, Hans. > Message: 38 > Date: Fri, 16 May 2003 14:59:02 -0400 > From: "Portelance, Brad" <[EMAIL PROTECTED]> > Subject: [Samba] Samba & Terminal Services / Citrix > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain > > Hello! > > I have heard that there is a problem with using Samba along > with Windows > Terminal Services and that it's related to session IDs with > multiple users > coming from one server. > > I'm in the process of moving to Windows Server 2003 using > Citrix and hoping > to be able to revive our samba use. > > Has anyone had any success with using samba in a Terminal > Server / Citrix > environment? > > Thanks in advance for any information! > > Brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] security bug or misconfiguration ?
Dear list, We are experiencing users unexpectedly accessing each others files. It happens when they try to access files that are called the same and which is located in an equal file structure under their login drive. Two other conditions need to be fulfilled: one of the users needs to have the file locked and both users needs to be logged into the same Citrix server(windows-2000). For instance if userA uses Outlook to open a PST file located here: L:\user.pst and userB tries to open L:\user.pst, it fails for userB even though the file L:\user.pst are different files since L: is the login drive for the user. The login drive is defined in smb.conf as: [user$] comment = Users home directory (L:) path = /pcstorage/%G/users/%U read only = No inherit permissions = Yes create mask = 0600 directory mask = 0700 "user$" is referred to in the user profile on the NT PDC(\\pcserver\user$). %G resolves to the primary UNIX group that the user belongs to and %U resolves to the UNIX user ID. The file structure on the UNIX server is layed out as this: /storage1/department1/users/user1 /storage1/department1/users/user2 /storage1/department1/users/user3 . . /storage1/department2/users/user1 /storage1/department2/users/user2 /storage1/department2/users/user3 etc. This setup has been working fine for some time now, but suddenly we found out that some files in the users personal area were overwritten by other users. The Outlook example above will not overwrite, but is an easy test to prove the described functionality. The question is: Is this a bug or is our Samba setup misconfigured ? We run Samba-2.2.5 with ACL support and winbind on Solaris-8. Below is our smb.conf file: [global] workgroup = DOMAIN1 netbios name = storage1 netbios aliases = pcstorage interfaces = ge0 79.0.0.0/255.0.0.0 193.167.89.0/255.255.255.0 security = DOMAIN encrypt passwords = Yes password server = dc01, dc02, mailsrv wins server = 79.17.7.1 # # User that have all rights on all shares regardless of the permissions: # admin users = DOMAIN1+hbr,DOMAIN1+rbh log file = /usr/local/samba/var/log.%m max log size = 100 local master = No deadtime = 180 username map = /usr/local/samba/lib/users.map # separate domain and username with '+', like DOMAIN+username winbind separator = + winbind cache time = 3600 # use uids from 1 to 2 for domain users winbind uid = 1-2 # use gids from 1 to 2 for domain groups winbind gid = 1-2 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes client code page = 850 character set = ISO8859-1 valid chars = ø:Ø [user$] comment = Users home directory (L:) path = /pcstorage/%G/users/%U read only = No inherit permissions = Yes create mask = 0600 directory mask = 0700 . . . Rest of the drives... I hope some of you have been in the same situation or can tell me what is wrong. Thanks very much in advance. Kind regards, Hans. ** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify the system manager at [EMAIL PROTECTED] This e-mail and its contents do not constitute and shall not be considered as a financial commitment of Maersk Olie og Gas AS and its affiliates. Maersk Olie og Gas AS expressly disclaims any responsibility as to the accuracy and use of this e-mail and its contents. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Hiting a limit to the number of connections
Hi, Users on our Citrix server ran into the same problem. The limit is hardcoded in the source and is 128 from 2.2.3a and onwards. I don't know what it is in 2.2.1, but probably the same. The solution is in the mailarchive somewhere. You have to change the constant: MAX_CONNECTIONS in source/smbd/conn.c Kind Regards, Hans. > From: Neil Swallow <[EMAIL PROTECTED]> > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Date: Tue, 29 Oct 2002 09:57:33 - > Subject: [Samba] Hiting a limit to the number of connections > > I am running Irix 6.5.12 and samba version 2.2.1 and am getting the > following error message when trying to log onto a windows > machine that has a > samba mount mapped. > > System error 71 has occurred. > > No more connections can be made to this remote computer at > this time because > there are already as many connections as the computer can accept. > > Any help would be appreciated as I am a newbie where samba is > concerned > > Thanks Neil ** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify the system manager at [EMAIL PROTECTED] This e-mail and its contents do not constitute and shall not be considered as a financial commitment of Maersk Olie og Gas AS and its affiliates. Maersk Olie og Gas AS expressly disclaims any responsibility as to the accuracy and use of this e-mail and its contents. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
