[Samba] Joining samba4 as a DC to Windows Server 2012 active directory
Hello all,
I am attempting to join samba4 to my current domain which is controlled by
a Windows 2012 Active Directory Server. When following the instructions on
the official WIKI:
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
I am able to do a kinit administrator, which then gives me a ticket which I
can see via klist.
The problem is that once I run the command:
# bin/samba-tool domain join samba.example.com DC -Uadministrator
--realm=samba.example.com
It does not work. I get the following error:
DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567,
'WERR_DS_INCOMPATIBLE_VERSION')
Could this be because of the version of AD? I can't find much
around compatibility of this version of Windows. Any help is greatly
appreciated.
Here is the full debug:
1. ./samba-tool domain join example.com DC -Uadministrator --realm=
example.com
2. Finding a writeable DC for domain 'example.com'
3. Found DC dc01.example.com
4. Password for [WORKGROUP\administrator]:
5. workgroup is EXAMPLE
6. realm is example.com
7. checking sAMAccountName
8. Deleted CN=DC02,CN=Computers,DC=example,DC=com
9. Adding CN=DC02,OU=Domain Controllers,DC=example,DC=com
10. Adding
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
11. Adding CN=NTDS
Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
12. DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567,
'WERR_DS_INCOMPATIBLE_VERSION')
13. Join failed - cleaning up
14. checking sAMAccountName
15. Deleted CN=DC02,OU=Domain Controllers,DC=example,DC=com
16. Deleted
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
17. ERROR(runtime): uncaught exception - DsAddEntry failed
18. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
19. return self.run(*args, **kwargs)
20. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 552, in run
21. machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend)
22. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 1104,
in join_DC
23. ctx.do_join()
24. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 1007,
in do_join
25. ctx.join_add_objects()
26. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 525,
in join_add_objects
27. ctx.join_add_ntdsdsa()
28. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 458,
in join_add_ntdsdsa
29. ctx.DsAddEntry([rec])
30. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 421,
in DsAddEntry
31. raise RuntimeError("DsAddEntry failed")
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Following symlinks
On 12/14/2012 11:12 PM, James Pifer wrote: I'm struggling with following symlinks with samba on the recent versions. I cannot use mount -bind as I've seen others suggest. This is for my mythtv backend, so I'm using the rename script to create nice names for the recordings. Anyway, I can map the drive from Windows XP and Windows 7, and see symlinked files, but I cannot open or copy them as I used to be able to do. My system is opensuse 12.2. My smb.conf looks like: [global] unix extensions = no workgroup = WORKGROUP printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: usershare allow guests = No wins server = wins support = No [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = Yes inherit acls = Yes follow symlinks = Yes wide links = Yes Thanks, James ... Can anyone help me here? Thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Following symlinks
I'm struggling with following symlinks with samba on the recent versions. I cannot use mount -bind as I've seen others suggest. This is for my mythtv backend, so I'm using the rename script to create nice names for the recordings. Anyway, I can map the drive from Windows XP and Windows 7, and see symlinked files, but I cannot open or copy them as I used to be able to do. My system is opensuse 12.2. My smb.conf looks like: [global] unix extensions = no workgroup = WORKGROUP printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: usershare allow guests = No wins server = wins support = No [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = Yes inherit acls = Yes follow symlinks = Yes wide links = Yes Thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] IIS authentication
It might be nice to add a debug line somewhere in auth/pass_check.c around
the if ((!*password) && !lp_null_passwords()) check indicating a reason for
the failure, or maybe a config option around DEBUG(100, ("checking
user=[%s] pass=[%s]\n", user, password)); instead of a precompiler #define
On Mon, Oct 8, 2012 at 4:11 PM, James Devine wrote:
> I found the problem, it appears IIS is sending an empty password
>
>
> On Mon, Oct 8, 2012 at 1:36 PM, James Devine wrote:
>
>> I have setup samba to share a local filesystem with the following config:
>>
>> [global]
>>
>> smb ports = 139
>> workgroup = WORKGROUP
>> server string = %h server (Samba, Ubuntu)
>> dns proxy = no
>> log level = 255
>> debug timestamp = yes
>> log file = /var/log/samba/log.%m
>> max log size = 1000
>> syslog = 1
>> panic action = /usr/share/samba/panic-action %d
>> encrypt passwords = no
>> security = user
>> obey pam restrictions = yes
>> usershare allow guests = no
>> load printers = no
>> show add printer wizard = no
>> printcap name = /dev/null
>> disable spoolss = yes
>>
>> [web]
>> path = /isp/web/
>> read only = no
>> guest ok = no
>> browseable = yes
>> create mask = 0600
>> directory mask = 0700
>>
>>
>>
>> I also have a windows machine to import it. If I import in windows
>> explorer it works fine and the logs show:
>>
>> [2012/10/08 13:18:34.638730, 3] auth/auth.c:216(check_ntlm_password)
>> check_ntlm_password: Checking password for unmapped user
>> [WIN-K7GH3RR6OCJ]\[1641]@[win-k7gh3rr6ocj] with the new password interface
>> [2012/10/08 13:18:34.638739, 3] auth/auth.c:219(check_ntlm_password)
>> check_ntlm_password: mapped user is:
>> [DEV-WEB1]\[1641]@[win-k7gh3rr6ocj]
>> [2012/10/08 13:18:34.638747, 10] auth/auth.c:228(check_ntlm_password)
>> check_ntlm_password: auth_context challenge created by random
>> [2012/10/08 13:18:34.638754, 10] auth/auth.c:230(check_ntlm_password)
>> challenge is:
>> [2012/10/08 13:18:34.638760, 5] ../lib/util/util.c:278(_dump_data)
>> [] 62 C8 5D A5 AD CA DD 2Cb.],
>> [2012/10/08 13:18:34.638774, 10] auth/auth.c:256(check_ntlm_password)
>> check_ntlm_password: guest had nothing to say
>> [2012/10/08 13:18:34.638783, 3] smbd/sec_ctx.c:210(push_sec_ctx)
>> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>> [2012/10/08 13:18:34.638793, 3] smbd/uid.c:429(push_conn_ctx)
>> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>> [2012/10/08 13:18:34.638801, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>> [2012/10/08 13:18:34.638808, 5]
>> auth/token_util.c:525(debug_nt_user_token)
>> NT user token: (NULL)
>> [2012/10/08 13:18:34.638815, 5]
>> auth/token_util.c:551(debug_unix_user_token)
>> UNIX token of user 0
>> Primary group is 0 and contains 0 supplementary groups
>> [2012/10/08 13:18:34.638828, 5] lib/username.c:133(Get_Pwnam_alloc)
>> Finding user 1641
>> [2012/10/08 13:18:34.638836, 5] lib/username.c:77(Get_Pwnam_internals)
>> Trying _Get_Pwnam(), username as lowercase is 1641
>> [2012/10/08 13:18:34.859941, 5] lib/username.c:110(Get_Pwnam_internals)
>> Get_Pwnam_internals did find user [1641]!
>> [2012/10/08 13:18:34.859987, 4] auth/pass_check.c:679(pass_check)
>> pass_check: Checking (PAM) password for user 1641 (l=1)
>> [2012/10/08 13:18:34.860010, 4] auth/pampass.c:472(smb_pam_start)
>> smb_pam_start: PAM: Init user: 1641
>> [2012/10/08 13:18:34.862743, 4] auth/pampass.c:489(smb_pam_start)
>> smb_pam_start: PAM: setting rhost to: 64.251.188.225
>> [2012/10/08 13:18:34.862764, 4] auth/pampass.c:498(smb_pam_start)
>> smb_pam_start: PAM: setting tty
>> [2012/10/08 13:18:34.862772, 4] auth/pampass.c:506(smb_pam_start)
>> smb_pam_start: PAM: Init passed for user: 1641
>> [2012/10/08 13:18:34.862779, 4] auth/pampass.c:523(smb_pam_auth)
>> smb_pam_auth: PAM: Authenticate User: 1641
>> [2012/10/08 13:18:34.862862, 4] auth/pampass.c:545(smb_pam_auth)
>> smb_pam_auth: PAM: User 1641 Authenticated OK
>> [2012/10/08 13:18:34.862874, 4] auth/pampass.c:564(smb_pam_account)
>>
>>
>>
>>
>> But when I try to access a webpage through IIS which is also configured
>> to access this network share it fails and I see this in the logs:
>>
>> [2012/10/08 13:16:09.600154, 3] auth/auth.c:216(check_ntlm_password)
>> check_ntlm_password: Checking password for unmapped user
>> [WIN-K7GH3RR6OCJ]\[1641]@
Re: [Samba] IIS authentication
I found the problem, it appears IIS is sending an empty password On Mon, Oct 8, 2012 at 1:36 PM, James Devine wrote: > I have setup samba to share a local filesystem with the following config: > > [global] > > smb ports = 139 > workgroup = WORKGROUP > server string = %h server (Samba, Ubuntu) > dns proxy = no > log level = 255 > debug timestamp = yes > log file = /var/log/samba/log.%m > max log size = 1000 > syslog = 1 > panic action = /usr/share/samba/panic-action %d > encrypt passwords = no > security = user > obey pam restrictions = yes > usershare allow guests = no > load printers = no > show add printer wizard = no > printcap name = /dev/null > disable spoolss = yes > > [web] > path = /isp/web/ > read only = no > guest ok = no > browseable = yes > create mask = 0600 > directory mask = 0700 > > > > I also have a windows machine to import it. If I import in windows > explorer it works fine and the logs show: > > [2012/10/08 13:18:34.638730, 3] auth/auth.c:216(check_ntlm_password) > check_ntlm_password: Checking password for unmapped user > [WIN-K7GH3RR6OCJ]\[1641]@[win-k7gh3rr6ocj] with the new password interface > [2012/10/08 13:18:34.638739, 3] auth/auth.c:219(check_ntlm_password) > check_ntlm_password: mapped user is: [DEV-WEB1]\[1641]@[win-k7gh3rr6ocj] > [2012/10/08 13:18:34.638747, 10] auth/auth.c:228(check_ntlm_password) > check_ntlm_password: auth_context challenge created by random > [2012/10/08 13:18:34.638754, 10] auth/auth.c:230(check_ntlm_password) > challenge is: > [2012/10/08 13:18:34.638760, 5] ../lib/util/util.c:278(_dump_data) > [] 62 C8 5D A5 AD CA DD 2Cb.], > [2012/10/08 13:18:34.638774, 10] auth/auth.c:256(check_ntlm_password) > check_ntlm_password: guest had nothing to say > [2012/10/08 13:18:34.638783, 3] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2012/10/08 13:18:34.638793, 3] smbd/uid.c:429(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2012/10/08 13:18:34.638801, 3] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2012/10/08 13:18:34.638808, 5] auth/token_util.c:525(debug_nt_user_token) > NT user token: (NULL) > [2012/10/08 13:18:34.638815, 5] > auth/token_util.c:551(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups > [2012/10/08 13:18:34.638828, 5] lib/username.c:133(Get_Pwnam_alloc) > Finding user 1641 > [2012/10/08 13:18:34.638836, 5] lib/username.c:77(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is 1641 > [2012/10/08 13:18:34.859941, 5] lib/username.c:110(Get_Pwnam_internals) > Get_Pwnam_internals did find user [1641]! > [2012/10/08 13:18:34.859987, 4] auth/pass_check.c:679(pass_check) > pass_check: Checking (PAM) password for user 1641 (l=1) > [2012/10/08 13:18:34.860010, 4] auth/pampass.c:472(smb_pam_start) > smb_pam_start: PAM: Init user: 1641 > [2012/10/08 13:18:34.862743, 4] auth/pampass.c:489(smb_pam_start) > smb_pam_start: PAM: setting rhost to: 64.251.188.225 > [2012/10/08 13:18:34.862764, 4] auth/pampass.c:498(smb_pam_start) > smb_pam_start: PAM: setting tty > [2012/10/08 13:18:34.862772, 4] auth/pampass.c:506(smb_pam_start) > smb_pam_start: PAM: Init passed for user: 1641 > [2012/10/08 13:18:34.862779, 4] auth/pampass.c:523(smb_pam_auth) > smb_pam_auth: PAM: Authenticate User: 1641 > [2012/10/08 13:18:34.862862, 4] auth/pampass.c:545(smb_pam_auth) > smb_pam_auth: PAM: User 1641 Authenticated OK > [2012/10/08 13:18:34.862874, 4] auth/pampass.c:564(smb_pam_account) > > > > > But when I try to access a webpage through IIS which is also configured to > access this network share it fails and I see this in the logs: > > [2012/10/08 13:16:09.600154, 3] auth/auth.c:216(check_ntlm_password) > check_ntlm_password: Checking password for unmapped user > [WIN-K7GH3RR6OCJ]\[1641]@[win-k7gh3rr6ocj] with the new password interface > [2012/10/08 13:16:09.600163, 3] auth/auth.c:219(check_ntlm_password) > check_ntlm_password: mapped user is: [DEV-WEB1]\[1641]@[win-k7gh3rr6ocj] > [2012/10/08 13:16:09.600170, 10] auth/auth.c:228(check_ntlm_password) > check_ntlm_password: auth_context challenge created by random > [2012/10/08 13:16:09.600177, 10] auth/auth.c:230(check_ntlm_password) > challenge is: > [2012/10/08 13:16:09.600184, 5] ../lib/util/util.c:278(_dump_data) > [] D9 C9 AA F1 93 54 39 AD.T9. > [2012/10/08 13:16:09.600197, 10] auth/auth.c:256(check_ntlm_password) > check_ntlm_password: guest had nothing to say > [2012/10/08 13:16:09.600211, 3] smbd/sec_ctx.c:2
[Samba] IIS authentication
I have setup samba to share a local filesystem with the following config: [global] smb ports = 139 workgroup = WORKGROUP server string = %h server (Samba, Ubuntu) dns proxy = no log level = 255 debug timestamp = yes log file = /var/log/samba/log.%m max log size = 1000 syslog = 1 panic action = /usr/share/samba/panic-action %d encrypt passwords = no security = user obey pam restrictions = yes usershare allow guests = no load printers = no show add printer wizard = no printcap name = /dev/null disable spoolss = yes [web] path = /isp/web/ read only = no guest ok = no browseable = yes create mask = 0600 directory mask = 0700 I also have a windows machine to import it. If I import in windows explorer it works fine and the logs show: [2012/10/08 13:18:34.638730, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [WIN-K7GH3RR6OCJ]\[1641]@[win-k7gh3rr6ocj] with the new password interface [2012/10/08 13:18:34.638739, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [DEV-WEB1]\[1641]@[win-k7gh3rr6ocj] [2012/10/08 13:18:34.638747, 10] auth/auth.c:228(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2012/10/08 13:18:34.638754, 10] auth/auth.c:230(check_ntlm_password) challenge is: [2012/10/08 13:18:34.638760, 5] ../lib/util/util.c:278(_dump_data) [] 62 C8 5D A5 AD CA DD 2Cb.], [2012/10/08 13:18:34.638774, 10] auth/auth.c:256(check_ntlm_password) check_ntlm_password: guest had nothing to say [2012/10/08 13:18:34.638783, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/10/08 13:18:34.638793, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/10/08 13:18:34.638801, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/10/08 13:18:34.638808, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2012/10/08 13:18:34.638815, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/10/08 13:18:34.638828, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user 1641 [2012/10/08 13:18:34.638836, 5] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is 1641 [2012/10/08 13:18:34.859941, 5] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals did find user [1641]! [2012/10/08 13:18:34.859987, 4] auth/pass_check.c:679(pass_check) pass_check: Checking (PAM) password for user 1641 (l=1) [2012/10/08 13:18:34.860010, 4] auth/pampass.c:472(smb_pam_start) smb_pam_start: PAM: Init user: 1641 [2012/10/08 13:18:34.862743, 4] auth/pampass.c:489(smb_pam_start) smb_pam_start: PAM: setting rhost to: 64.251.188.225 [2012/10/08 13:18:34.862764, 4] auth/pampass.c:498(smb_pam_start) smb_pam_start: PAM: setting tty [2012/10/08 13:18:34.862772, 4] auth/pampass.c:506(smb_pam_start) smb_pam_start: PAM: Init passed for user: 1641 [2012/10/08 13:18:34.862779, 4] auth/pampass.c:523(smb_pam_auth) smb_pam_auth: PAM: Authenticate User: 1641 [2012/10/08 13:18:34.862862, 4] auth/pampass.c:545(smb_pam_auth) smb_pam_auth: PAM: User 1641 Authenticated OK [2012/10/08 13:18:34.862874, 4] auth/pampass.c:564(smb_pam_account) But when I try to access a webpage through IIS which is also configured to access this network share it fails and I see this in the logs: [2012/10/08 13:16:09.600154, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [WIN-K7GH3RR6OCJ]\[1641]@[win-k7gh3rr6ocj] with the new password interface [2012/10/08 13:16:09.600163, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [DEV-WEB1]\[1641]@[win-k7gh3rr6ocj] [2012/10/08 13:16:09.600170, 10] auth/auth.c:228(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2012/10/08 13:16:09.600177, 10] auth/auth.c:230(check_ntlm_password) challenge is: [2012/10/08 13:16:09.600184, 5] ../lib/util/util.c:278(_dump_data) [] D9 C9 AA F1 93 54 39 AD.T9. [2012/10/08 13:16:09.600197, 10] auth/auth.c:256(check_ntlm_password) check_ntlm_password: guest had nothing to say [2012/10/08 13:16:09.600211, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/10/08 13:16:09.600219, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/10/08 13:16:09.600227, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/10/08 13:16:09.600234, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2012/10/08 13:16:09.600240, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/10/08 13:16:09.600254, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user
[Samba] Samba 4 rc1 installation attempts
All going fine with new RC1, however one suggestion I would make for the new configure scripts which are much more helpful than the old style ones, would be to put more of a warning about ACL support being needed to successfully provision an domain - or make it a configure failure if this is not found? Maybe with an option to pass to configure to allow overriding the error??? . I was aware of the requirement, but have just managed somehow to build it without ACL installed on an old test machine which has taken a good hour to build samba! Many thanks for all the work, and hopefully going to get samba 4 into a semi production environment this weekend as the admins domain controller. If all goes well I may well role it out to a wider enviroment later on. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows and nfs4 acls
Anyway, it seems that on openSUSE, the default for any nfs command is the highest available number. Meaning that even if you specify nfs3, the mount is still nfs4. You have to specifically tell it in /etc/sysconfig/nfs. Not an easy one to spot. ~~~ Hello, In /etc/fstab I use 'nfsvers=3' to force nfs 3 mounts. For example; hostname:/nfs3/share_name /mnt/share_namenfs nfsvers=3,tcp 0 0 That worked for me. Best regards, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] openldap authentication
I have an existing openldap schema which is handling mail, web and ftp services right now. I am trying to get a windows machine talking to the same filesystem as apache on linux via samba and read/write using the correct uid/gid. I was trying to shy away from using pam_ldap as there is no need to tie the user in ldap directly to the filesystem. The problem is it looks like the samba ldap module requires a specific ldap schema to function, whereas currently I map needed functionality to the ldap schema as depicted below # fxmul...@nsab.us, gwis dn: cn=fxmul...@nsab.us,dc=gwis objectClass: top objectClass: person objectClass: posixAccount accountid: 65534 uidNumber: 65534 gidNumber: 65534 active: 1 cn: fxmul...@nsab.us loginShell: /usr/sbin/nologin sn: nsab.us wenable: 1 wpass: testpass whome: /www/nsab.us/nsab.us/fx/fxmulder I don't suppose there is a similar way to map attributes with samba? Thanks, James Devine -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] wbinfo --ping can't find winbind?
I have compiled 3.5.12 from source on CentOS 5.7. I am using krb5.conf, smb.conf files that have worked with other 3.5.x installs of Samba (at least in terms of wbinfo working) but now I am not able to get any data from winbind. The server is running and the logs don't report any errors. I had done several 'make uninstall' while compiling/recompiling with different options. Could the problem somehow be related? [root@sambatest samba]# bin/wbinfo -u Error looking up domain users [root@sambatest samba]# bin/wbinfo --ping Ping to winbindd failed could not ping winbindd! [root@sambatest samba]# ps -ef | grep winbin root 3743 1 0 10:19 ?00:00:00 sbin/winbindd -D root 3744 3743 0 10:19 ?00:00:00 sbin/winbindd -D root 3838 3709 0 10:42 pts/000:00:00 grep winbin [root@sambatest samba]# tail var/log.winbindd [2011/11/10 10:19:35, 0] winbindd/winbindd.c:1102(main) winbindd version 3.5.12 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 [2011/11/10 10:19:35.733572, 0] winbindd/winbindd_cache.c:3076(initialize_winbindd_cache) initialize_winbindd_cache: clearing cache and re-creating with version number 1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Issue with compile of 3.5.12 -- krb related
= I was missing the KRB5 line so I installed krb5-devel (centos 5.7) and then re-configured. During the make command I now get the following error: cifs.upcall.c:(.text+0x360): undefined reference to `smb_krb5_principal_get_realm' cifs.upcall.c:(.text+0x3d3): undefined reference to `smb_krb5_unparse_name' collect2: ld returned 1 exit status make: *** [bin/cifs.upcall] Error 1 I first installed every krb5 package I could find (didn't fix the compile errors) and then I tried disabling this cifsupcall feature but then got the same errors using testparm. So maybe this feature is required for the 'ads' option and 'realm' parameter. Arg -- does this indicate my krb5 libraries are too old and missing some new function? Did you make clean? Doh! That fixed it =o) Fixed the errors from testparm, though now wbinfo doesn't work... [root@sambatest samba]# bin/wbinfo -u Error looking up domain users Grrr. Will have to mess around with it more later Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Issue with compile of 3.5.12 -- krb related
After compiling samba 3.5.12 from source on CentOS 5.7, I test the configuration with 'testparm lib/smb.conf' and I get the following output WARNING: Ignoring invalid value 'ADS' for parameter 'security' Unknown parameter encountered: "realm" Ignoring unknown parameter "realm" I figured this might be due to a compile problem and I re-checked the HOWTO pdf and saw that I needed to find the following in include/config.h #define HAVE_KRB5 1 #define HAVE_LDAP 1 I was missing the KRB5 line so I installed krb5-devel (centos 5.7) and then re-configured. During the make command I now get the following error: cifs.upcall.c:(.text+0x360): undefined reference to `smb_krb5_principal_get_realm' cifs.upcall.c:(.text+0x3d3): undefined reference to `smb_krb5_unparse_name' collect2: ld returned 1 exit status make: *** [bin/cifs.upcall] Error 1 I first installed every krb5 package I could find (didn't fix the compile errors) and then I tried disabling this cifsupcall feature but then got the same errors using testparm. So maybe this feature is required for the 'ads' option and 'realm' parameter. Arg -- does this indicate my krb5 libraries are too old and missing some new function? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent passwd not returning users/groups
Yes, definitely On 11/8/2011 10:55 AM, Eddy Sturg wrote: Does nsswitch.conf have winbind listed? On Mon, Nov 7, 2011 at 11:09 AM, James Chase <mailto:ja...@chasecomputers.net>> wrote: I tried a second install of CentOS with X, thinking perhaps the GUI setup might do something that I was missing in terms of getting samba connected to active directory. However I still can't get this to work (now wbinfo doesn't seem to work either) in CentOS. I also tried Fedora 14. Then I tried a Ubuntu 11 install and followed their instructions from the wiki: https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto And it worked! I tried to apply the same settings to CentOS setup but I still get no output from 'getent passwd'. Ubuntu is running version 3.5.11 while CentoS is 3.5.4. Think my best bet is building from source and trying 3.5.11 or 3.5.12 on CentOS? Are there any critical flags that need to be set during the configuration to make sure samba will work with active directory/winbind? James I'm trying to get my CentOS 5.6 machine setup as a Active Directory Domain Member with Windows 2008 level domain and samba 3.5. I haven't tried this before. I can successfully join the domain and return users using 'wbinfo -u' and groups with 'wbinfo -g' but when I try 'getent passwd' I only get the local users. I'm not sure what element that indicates is failing in the process. I'm not confident in my pam.d/ setup since different guides show different methods of setting this up. The /etc/nsswitch.conf file has been edited to include winbind as a source for passwd/shadow/group. The only insightful error message I see in the samba logs is this (repeated over and over in all the logs) but I haven't found the solution. Is this the cause of my problems? How do I disable spinlocks? I'm using a prebuilt package from sernet [2011/11/01 16:46:19.979981, 1] lib/util_tdb.c:385(tdb_log) tdb(unnamed): tdb_open_ex: spinlocks no longer supported Here is my samba configuration dumped from smbtest: [root@sambatest ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section "[test]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = SHAMOFFICE realm = SHAMBHALA-OFFICE.LOCAL interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = ADS printcap name = cups idmap backend = ad idmap uid = 1-2 idmap gid = 3-4 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config SHAMOFFICE : schema_mode = rfc2307 idmap config SHAMOFFICE : range = 4000-5000 idmap config SHAMOFFICE : backend = ad idmap config * : range = 2000-3000 idmap config * : backend = tdb [test] comment = Directory for storing pictures by jims users path = /local/test read only = No guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent passwd not returning users/groups
I tried a second install of CentOS with X, thinking perhaps the GUI setup might do something that I was missing in terms of getting samba connected to active directory. However I still can't get this to work (now wbinfo doesn't seem to work either) in CentOS. I also tried Fedora 14. Then I tried a Ubuntu 11 install and followed their instructions from the wiki: https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto And it worked! I tried to apply the same settings to CentOS setup but I still get no output from 'getent passwd'. Ubuntu is running version 3.5.11 while CentoS is 3.5.4. Think my best bet is building from source and trying 3.5.11 or 3.5.12 on CentOS? Are there any critical flags that need to be set during the configuration to make sure samba will work with active directory/winbind? James I'm trying to get my CentOS 5.6 machine setup as a Active Directory Domain Member with Windows 2008 level domain and samba 3.5. I haven't tried this before. I can successfully join the domain and return users using 'wbinfo -u' and groups with 'wbinfo -g' but when I try 'getent passwd' I only get the local users. I'm not sure what element that indicates is failing in the process. I'm not confident in my pam.d/ setup since different guides show different methods of setting this up. The /etc/nsswitch.conf file has been edited to include winbind as a source for passwd/shadow/group. The only insightful error message I see in the samba logs is this (repeated over and over in all the logs) but I haven't found the solution. Is this the cause of my problems? How do I disable spinlocks? I'm using a prebuilt package from sernet [2011/11/01 16:46:19.979981, 1] lib/util_tdb.c:385(tdb_log) tdb(unnamed): tdb_open_ex: spinlocks no longer supported Here is my samba configuration dumped from smbtest: [root@sambatest ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section "[test]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = SHAMOFFICE realm = SHAMBHALA-OFFICE.LOCAL interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = ADS printcap name = cups idmap backend = ad idmap uid = 1-2 idmap gid = 3-4 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config SHAMOFFICE : schema_mode = rfc2307 idmap config SHAMOFFICE : range = 4000-5000 idmap config SHAMOFFICE : backend = ad idmap config * : range = 2000-3000 idmap config * : backend = tdb [test] comment = Directory for storing pictures by jims users path = /local/test read only = No guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] getent passwd not returning users/groups
I'm trying to get my CentOS 5.6 machine setup as a Active Directory Domain Member with Windows 2008 level domain and samba 3.5. I haven't tried this before. I can successfully join the domain and return users using 'wbinfo -u' and groups with 'wbinfo -g' but when I try 'getent passwd' I only get the local users. I'm not sure what element that indicates is failing in the process. I'm not confident in my pam.d/ setup since different guides show different methods of setting this up. The /etc/nsswitch.conf file has been edited to include winbind as a source for passwd/shadow/group. The only insightful error message I see in the samba logs is this (repeated over and over in all the logs) but I haven't found the solution. Is this the cause of my problems? How do I disable spinlocks? I'm using a prebuilt package from sernet [2011/11/01 16:46:19.979981, 1] lib/util_tdb.c:385(tdb_log) tdb(unnamed): tdb_open_ex: spinlocks no longer supported Here is my samba configuration dumped from smbtest: [root@sambatest ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section "[test]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = SHAMOFFICE realm = SHAMBHALA-OFFICE.LOCAL interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = ADS printcap name = cups idmap backend = ad idmap uid = 1-2 idmap gid = 3-4 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config SHAMOFFICE : schema_mode = rfc2307 idmap config SHAMOFFICE : range = 4000-5000 idmap config SHAMOFFICE : backend = ad idmap config * : range = 2000-3000 idmap config * : backend = tdb [test] comment = Directory for storing pictures by jims users path = /local/test read only = No guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba on freebsd - permissions issue
> I get the same results when mounting the share from Linux using > these two different commands; > > mount -t cifs //bsd-host/test2 /mnt/test2 > > and, > > mount -t cifs -o file_mode=0777,dir_mode=0777 //bsd-host/test2 /mnt/test2 try, $ mount -t cifs -o noperm //bsd-host/test2 /mnt/test2 "noperm" means disabling access control using client side's permission. --- Thank you, Takahashi, for your reply. I remounted the share with the 'noperm' option and the files permission when creating a file remain the same. -rw-r--r-- 1 nobody nobody 0 Sep 8 10:31 ztest.13.txt I wonder why the host server is ignoring the Samba directive for setting the file permission. Best regards, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba on freebsd - permissions issue
Hello, I have Samba set up on FreeBSD with a share for guests. I don't need or want any authentication for this share. [test2] path = /data/test2 read only = No create mask = 0777 guest ok = Yes The file permission on the host directory was set to 2777 and nobody:nobody. When a windows machine writes to the dir the permissions look fine. For example, -rwxrw-rw- 1 nobody nobody 0 Sep 7 13:38 New Text Document.txt However, if a Linux machine mounts the share and any user other than root writes to it the perm's are different and you get a permissions error; $ touch ztest.1.txt touch: cannot touch `ztest.1.txt': Permission denied Interestingly, regardless of the error, the file is created; -rw-r--r-- 1 nobody nobody 0 Sep 7 16:15 ztest.1.txt If the user opens the file to write to it, it is opened in read-only. I get the same results when mounting the share from Linux using these two different commands; mount -t cifs //bsd-host/test2 /mnt/test2 and, mount -t cifs -o file_mode=0777,dir_mode=0777 //bsd-host/test2 /mnt/test2 Any suggestions on how I can fix this? Thank you in advance, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] trusted domain authentication not working
I have a samba member server setup for AD domain X.Y.net, this domain only holds computer objects. Domain Y.net contains all of the user accounts. Domain X.Y.net trusts domain Y.net one way only. The server is working and if I connect as a domain X.Y.net user I can connect ok. If I try as a domain Y.net user I cannot connect. The server does not seem to authenticating users from the trusted domain. If I run wbinfo -m I can see domain Y.net listed, but wbinfo -u does not list users for the Y.net domain. Kinit seems to work. Any help appreciated James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory member server
Hi Steven,
Thanks for the feedback. I made some changes based on your config files and
was still able to add the client to the domain using a local domain admin
account. However, I am still unable to connect to the server from a windows
machine and authenticate using an account from either domain. Wbinfo -u does
not seem to list users from our authentication domain which may be the cause of
the problem.
Just to update I am running Debian (Lenny) for the server.
Thanks
James
> -Original Message-
> From: Steven Schlegel [mailto:steven.schlegel1...@googlemail.com]
> Sent: 14 June 2011 17:37
> To: James Osbourn
> Subject: Re: [Samba] Active Directory member server
>
> Hi James,
>
> maybe the following configuration (examples) helps you out.
>
> I have the following packages installed:
> rpm -qa | grep -e samba -e krb5* | sort
> =>
> output:
> krb5-auth-dialog-0.7-1
> krb5-devel-1.6.1-36.el5
> krb5-libs-1.6.1-36.el5
> krb5-libs-1.6.1-36.el5
> krb5-workstation-1.6.1-36.el5
> ldb-tools-3.4.9-42.el5
> libwbclient0-3.4.9-42.el5
> libwbclient-devel-3.4.9-42.el5
> libsmbclient0-3.4.9-42.el5
> libsmbclient-devel-3.4.9-42.el5
> pam_krb5-2.2.14-10
> pam_krb5-2.2.14-10
> samba3-3.4.9-42.el5
> samba-cifsmount-3.4.9-42.el5
> samba3-client-3.4.9-42.el5
> samba3-doc-3.4.9-42.el5
> samba3-utils-3.4.9-42.el5
> samba3-winbind-3.4.9-42.el5
>
>
> My krb5.conf looks like this:
>
> [logging]
> default = FILE:/var/log/kerberos/krb5libs.log
> kdc = FILE:/var/log/kerberos/krb5kdc.log
> admin_server = FILE:/var/log/kerberos/kadmind.log
>
> [libdefaults]
> default_realm = WIREDBRAIN.LCL
> dns_lookup_realm = true
> dns_lookup_kdc = true
> ticket_lifetime = 600
> forwardable = true
> proxiable = true
> default_keytab_name = FILE:/etc/krb5.keytab
>
> [realms]
> WIREDBRAIN.LCL = {
> kdc = dchh01.wiredbrain.lcl
> master_kdc = dchh01.wiredbrain.lcl
> admin_server = dchh01.wiredbrain.lcl
> #default_domain = WIREDBRAIN.LCL
> }
> TRIPEDBRAIN.LCL = {
> kdc = rootdc01.tripedbrain.lcl
> }
>
> [domain_realm]
> .wiredbrain.lcl = WIREDBRAIN.LCL
> wiredbrain.lcl = WIREDBRAIN.LCL
> .tripedbrain.lcl = TRIPEDBRAIN.LCL
> tripedbrain.lcl = TRIPEDBRAIN.LCL
>
> [login]
> krb4_convert = true
> krb4_get_tickets = true
>
> [appdefaults]
> pam = {
>debug = false
>ticket_lifetime = 36000
>renew_lifetime = 36000
>forwardable = true
>krb4_convert = true
> }
>
> And my smb.conf looks like this:
>
> [global]
> workgroup = WIREDBRAIN
> realm = WIREDBRAIN.LCL
> password server = *
> preferred master = no
> server string = Linux AD Member-Server
> security = ads
> encrypt passwords = yes
> local master = no
> log level = 1
> log file = /var/log/samba/%m
> max log size = 50
> #printcap name = cups
> #printcap = cups
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind nested groups = Yes
> winbind separator = "\""\"
> winbind refresh tickets = yes
> winbind offline logon = true
> winbind trusted domains only = no
> map untrusted to domain = Yes
> allow trusted domains = yes
> obey pam restrictions = no
> idmap backend = tdb
> idmap uid = 1-60
> idmap gid = 1-60
> passdb backend = tdbsam
> ;template primary group = "domain users"
> template shell = /bin/bash
> winbind nss info = rfc2307
> client use spnego = yes
> client ntlmv2 auth = yes
> restrict anonymous = 2
>
> As you can see I have two domains in my environment, named as
> WIREDBRAIN.LCL and TRIPEDBRAIN.LCL.
> Between those domains, an interdomain-trust has been created.
>
> After your configurations you need to initiate the net ads join command:
> net ads join -U Administrator
>
> and if this was successfull you need to create a kerberos keytab:
> net ads keytab create
>
> Now you can test your setup with the following commands:
> wbinfo -u -> should give you a list of all users in your domains wbinfo -g ->
> same like wbinfo -u (for groups)
>
>
> For my environment, I also need to edit the nsswitch.conf:
> passwd: files winbind
> shadow: files winbind
> group: files winbind
>
>
> Try kinit and smbclient to see if kerberos works and of course with samba.
>
> Best regards,
>
> Steven
>
>
> 2011/6/14 James Osbourn :
> > I am trying to setup samba as a Windows front end to a CUPS print
> server. We seem to be having some problems getting the server registered
> in
[Samba] Active Directory member server
I am trying to setup samba as a Windows front end to a CUPS print server. We
seem to be having some problems getting the server registered in the domain and
for users to be able to connect to the server. Our problems seems to stem from
the fact that we add our machines to one domain which has a one way trust to a
different domain which is where all of the user account reside and
authentication is handled. I was able to get the net adc join command to work
by using the primary domain administrator credentials.
Any help on getting the correct runes into my smb.conf and krb5.conf files
greatly appreciated. My krb5.conf file is as follows
[libdefaults]
default_realm = X.NET
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
A.X.NET = {
kdc = dc01.a.x.net
kdc = dc02.a.x.net
admin_server = dc02.a.x.net
}
[domain_realm]
.a.x.net = A.X.NET
My smb.conf file is as follows
[global]
workgroup = A
realm = a.x.net
security = ADS
encrypt passwords = yes
Many Thanks
James
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions confusion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/20/2011 09:42 AM, TAKAHASHI Motonobu wrote: >>> Is there a way to have the actual, real, local permissions shown to >>> remote hosts? > > No, CIFS essentially do not have the semantics of "permission". > Because it is natively used to share Windows file system, which does > not have the semantics. > > The permissions of mounted shares are created by client CIFS module > internally and vanished when umounted. > > This is not the limitation of Samba or CIFS module but of CIFS > protocol. > > Use NFS instead. > Thank you. - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2vr6EACgkQzTcr8Prq0ZOs7wCdHMqTwZcX5JhNrkhe+q0IIlAs 99IAnAxChWslO3rFLUb+0W5xsbocQpjX =fJub -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tarmode exclude not working?
On 4/20/2011 7:48 PM, Jeremy Allison wrote: On Sun, Apr 17, 2011 at 11:44:25AM -0400, James Morris wrote: I am trying to backup a windows7 machine with smbclient. I would like to exclude the "medSchool" directory. However, using the command: /usr/bin/smbclient server1\\D -U user -E -d 1 -c tarmode\ full -TcrX - /medSchool/\* medSchool \medSchool \\medSchool\\> /dev/null no exclusion occurs (w/>/dev/null there for testing purposes). As you can see I've tried every which way I could think of to exclude this directory. Any help would be greatly appreciated. What Samba version ? Thank you for the reply jeremy: samba: Installed: 2:3.5.8~dfsg-1ubuntu2 Candidate: 2:3.5.8~dfsg-1ubuntu2 Version table: *** 2:3.5.8~dfsg-1ubuntu2 0 500http://us.archive.ubuntu.com/ubuntu/ natty/main amd64 Packages 100 /var/lib/dpkg/status -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions confusion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/11/2011 01:13 PM, James Moe wrote: > Hello, > samba Version 3.5.4-5.3.1-2489-SUSE-SL11.3 > > I do not understand why the file permissions of mounted shares are > different when the share is viewed locally and when viewed remotely. > > [...] > Is there a way to have the actual, real, local permissions shown to > remote hosts? > And to have the ability to change the permissions remotely? > No one?!? - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2vB/AACgkQzTcr8Prq0ZN7wwCfcTq0AYxjzHmuyethR+sThwPA yx8AoI6f5XhalQRnMtR8ZkOZpvJ7iss8 =LZng -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] tarmode exclude not working?
I am trying to backup a windows7 machine with smbclient. I would like to exclude the "medSchool" directory. However, using the command: /usr/bin/smbclient server1\\D -U user -E -d 1 -c tarmode\ full -TcrX - /medSchool/\* medSchool \medSchool \\medSchool\\ > /dev/null no exclusion occurs (w/ >/dev/null there for testing purposes). As you can see I've tried every which way I could think of to exclude this directory. Any help would be greatly appreciated. thanks, jack -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba/backuppc error: NT_STATUS_CONNECTION_RESET
I am getting the following error from backuppc when trying to backup a windows7 machine from my ubuntu machine(though I believe this error comes directly from samba): [CODE][ skipped 44618 lines ] Error reading file \medSchool\body\dissectionimages\practice.pptx : NT_STATUS_CONNECTION_RESET Didn't get entire file. size=272456645, nread=126584640[/CODE] The backup occurs fine for *hours* but eventually I get this NT_STATUS_CONNECTION_RESET error. I have purged and reinstalled samba/backuppc, I have removed my wins setup (not sure if that's relevant), and I have checked permissions. As I said it seems to work fine for a while, but then stops. This seems to be a problem with the windows machine, but I'm not completely sure. What would cause the connection to reset after working so long. Thanks jack -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba/backuppc error: NT_STATUS_CONNECTION_RESET
I am getting the following error from backuppc when trying to backup a windows7 machine from my ubuntu machine(though I believe this error comes directly from samba): [CODE][ skipped 44618 lines ] Error reading file \medSchool\body\dissectionimages\practice.pptx : NT_STATUS_CONNECTION_RESET Didn't get entire file. size=272456645, nread=126584640[/CODE] The backup occurs fine for *hours* but eventually I get this NT_STATUS_CONNECTION_RESET error. I have purged and reinstalled samba/backuppc, I have removed my wins setup (not sure if that's relevant), and I have checked permissions. As I said it seems to work fine for a while, but then stops. This seems to be a problem with the windows machine, but I'm not completely sure. What would cause the connection to reset after working so long. Thanks TSC -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba/backuppc error: NT_STATUS_CONNECTION_RESET
I am getting the following error from backuppc when trying to backup a windows7 machine from my ubuntu machine(though I believe this error comes directly from samba): [CODE][ skipped 44618 lines ] Error reading file \medSchool\body\dissectionimages\practice.pptx : NT_STATUS_CONNECTION_RESET Didn't get entire file. size=272456645, nread=126584640[/CODE] The backup occurs fine for *hours* but eventually I get this NT_STATUS_CONNECTION_RESET error. I have purged and reinstalled samba/backuppc, I have removed my wins setup (not sure if that's relevant), and I have checked permissions. As I said it seems to work fine for a while, but then stops. This I this is a problem with the windows machine, but I'm not completely sure. What would cause the connection to reset after working so long. Thanks jack -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions confusion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/11/2011 01:13 PM, James Moe wrote: > samba Version 3.5.4-5.3.1-2489-SUSE-SL11.3 > > I do not understand why the file permissions of mounted shares are > different when the share is viewed locally and when viewed remotely. > [...] > Is there a way to have the actual, real, local permissions shown to > remote hosts? > And to have the ability to change the permissions remotely? > Either this is profoundly obvious or very obscure. :-( Can anyone recommend resources that discuss this issue? - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2l4OcACgkQzTcr8Prq0ZPawgCgsJqhPWnEJeq2u5b6zGLIgXEH M4YAoIpRx1pC9N0Eagxoy1vInUhR3Amj =4Vzf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] File permissions confusion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, samba Version 3.5.4-5.3.1-2489-SUSE-SL11.3 I do not understand why the file permissions of mounted shares are different when the share is viewed locally and when viewed remotely. When I initially created a share, for instance with "//sma-nas-01/photos/v cifs credentials=/home/sma-user4/.smb/.smbpw,uid=jmoe,gid=users" in , a long directory listing (ls -l) show ALL permissions as "775", regardless of the actual permissions as displayed locally. This was not good, showing everything as executable. I then added "file_mode=0664,dir_mode=0775" to the mount options and got reasonable settings for the permissions. They, however, are not the true settings. Again samba has masked over reality. Using "chmod" to alter the file permissions does not work. The action is simply ignored. Is there a way to have the actual, real, local permissions shown to remote hosts? And to have the ability to change the permissions remotely? - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2jYNYACgkQzTcr8Prq0ZMDbACfRIOQTy0Gt3erz+ZeGiHpjbag XeIAnA3yvV4RFVx01ZSIkXLKDOiSUV+t =J5BS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] What are these samba errors about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/10/2011 04:27 PM, James Moe wrote: > > These message have started appearing the system logs and /var/log/warn> since Mar 2, 2011. They seem to occur about every 13 > minutes (780 seconds). What could it mean? Is it serious? > > [ sample log entries ] > Mar 9 20:15:50 sma-station14l smbd[3711]: [2011/03/09 20:15:50.196387, > 0] smbd/server.c:281(remove_child_pid) > Mar 9 20:15:50 sma-station14l smbd[3711]: Could not find child 10046 - > ignoring > Mar 9 20:28:50 sma-station14l smbd[3711]: [2011/03/09 20:28:50.885876, > 0] smbd/server.c:281(remove_child_pid) > Mar 9 20:28:50 sma-station14l smbd[3711]: Could not find child 10326 - > ignoring > [ end ] > Huh! No one knows. - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1+X60ACgkQzTcr8Prq0ZMCKwCgtTbzKqv44gRmMFKHe9+LRyDw Vt0AnRLajhAiZQawH3moISw1pcxFZ5M+ =kCx1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba file share slowdown
The thought was that the dos workstations would be unhappy with ntfs. I may well have been wrong there. I found the key bit. For a share with multiple stations sharing dbf files using CA clipper 5.2 as the program language, optlocks need to be off. The part about clipper and dbf files may not be a specific part of my problem, multiple stations attempting to share read/write acess certainly is. We have half a dozen or so dbf files that are heavily shared between perhaps 30 workstations. Setting oplocks off made a huge difference. The online help seems to suggest the opposite-- that oplocks would be a positive influence on multiple access useage, the chapter in the docs that I finally found that explains it wasn't easy to find. I didn't find it till someone else suggested this fix. When I searched with that question in mind I found it. Thanks for your help, overall samba is a very good thing. Jim Hurlburt Yakima, WA On 3/11/11, Jeremy Allison wrote: > On Tue, Mar 08, 2011 at 10:41:19AM -0800, James Hurlburt wrote: >> Jeremy: >> Looks like I may have made a mistake attaching the file. >> Here is my smb.conf in the email. >> >> If both trys actually worked, please ignore one. > > The only strange thing I can see is: > > fstype = FAT > > in your share definitions. Why are you setting that ? > > Jeremy. > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] What are these samba errors about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 opensuse v11.3 linux 2.6.34.7-0.7-desktop x86_64 samba Version 3.5.4-5.3.1-2489-SUSE-SL11.3 These message have started appearing the system logs since Mar 2, 2011. They seem to occur about every 13 minutes (780 seconds). What could it mean? Is it serious? - [ sample log entries ] Mar 9 20:15:50 sma-station14l smbd[3711]: [2011/03/09 20:15:50.196387, 0] smbd/server.c:281(remove_child_pid) Mar 9 20:15:50 sma-station14l smbd[3711]: Could not find child 10046 - ignoring Mar 9 20:28:50 sma-station14l smbd[3711]: [2011/03/09 20:28:50.885876, 0] smbd/server.c:281(remove_child_pid) Mar 9 20:28:50 sma-station14l smbd[3711]: Could not find child 10326 - ignoring - [ end ] - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk15XmAACgkQzTcr8Prq0ZNZZwCeK6WZVoDHv/28y15ZuLgPFAYI R1cAniIVut9y85gKW8Klq5wipN06kVF7 =7Xyf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba file share slowdown
Jeremy: Looks like I may have made a mistake attaching the file. Here is my smb.conf in the email. If both trys actually worked, please ignore one. Jim # Samba config file created using SWAT # from UNKNOWN (10.23.0.118) # Date: 2011/03/07 12:24:08 [global] workgroup = ATRIUM-DW server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes lanman auth = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 deadtime = 15 dns proxy = No default service = global usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No browsable = No [print$] comment = All Printers path = /var/spool/samba valid users = @users admin users = @admin read only = No create mask = 0700 guest ok = Yes browseable = No browsable = No [bestbilt] path = /atrium/bestbilt valid users = @users admin users = @admin force group = users read only = No create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 strict locking = No fstype = FAT [vol1] path = /atrium/vol1 valid users = @users admin users = @admin force group = users read only = No create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 fstype = FAT [programs] path = /atrium/programs valid users = @users admin users = @admin force group = users read only = No create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 fstype = FAT [testjim] path = /atrium/testjim valid users = @computer admin users = @admin force group = computer read only = No create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 [accounting] path = /atrium/accounting valid users = @accounting admin users = @admin force group = accounting read only = No create mask = 0660 force create mode = 0660 directory mask = 0770 force directory mode = 0770 [homes] comment = home directories valid users = %S admin users = @admin read only = No browseable = No browsable = No fstype = FAT [computer] path = /atrium/secure/COMPUTER valid users = @computer admin users = @admin force group = computer read only = No create mask = 0660 force create mode = 0660 directory mask = 0770 force directory mode = 0770 [testprinter2] printable = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba] file share slowdown
Jeremy: Attached is the working smb.conf, created with swat. Thanks for your attention, Jim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] file share slowdown
Sirs: We are a Vinyl window manufacturing plant in central Washington State, USA. We have been running linux with samba for file and print services for eight or ten years now. Much of our production software is in house, and built on CA clipper 5.2, using dbf files as the primary data store. The clipper dbf file format supports both record locking and file locking along with shared file access. This worked very well on Novell netware and was working ok on samba 3.0.23. We had a samba server running for several years. I believe it was 6.06 with samba 3.0.23 although I'm no longer certain of either of those two versions. We have about six stations running dos 6.22 and four running windows 98. They are part of production machines, and changing the operating system is not an option. I had managed to tweak the samba config file so that file sharing wasn't a big problem, the system was responsive and running fairly smoothly. We have numerous clients running winXP with no obvious problems. We are, and have been running the Samba server with User validation. We are part of a windows domain, but haven't figured out a way to have the dos machines login as domain members. The xp stations use the domain for authentication, then we maintain a parallel set of logins on the linux box and samba file server. Again, this was working OK, pre crash. A month or so ago, we lost two hard drives on the file server and had to do a rebuild. I had tried to update the samba version a time or two in the interem and failed. I couldn't get the dos machines to connect to samba and access the necessary data files. One gentleman on the samba list said that this was a problem with lanman protocol, and aparently fixed it. Samba 3.4.7 allows logins file access without any problems. The current problem is that shared clipper files are very slow. It appears as if record locking instead of file locking isn't being recognized by Samba. When production is going, 20 second delays for file access are common. This was not true six weeks ago before the server crash. I have studied on the smb.conf file at great length, trying several variations without sucess. Any advice or hints of what to study now would be most welcome, Jim Hurlburt Atrium Windows and Doors Northwest. Yakima, WA USA The global portion plus the mains share of the smb.conf file in verbose mode. *** # Samba config file created using SWAT # from UNKNOWN (10.23.0.118) # Date: 2011/03/07 15:23:58 [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = ATRIUM-DW realm = netbios name = BBI-SAM-1-SRV netbios aliases = netbios scope = server string = %h server (Samba, Ubuntu) interfaces = bind interfaces only = No security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes map to guest = Bad User null passwords = No obey pam restrictions = Yes password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = tdbsam algorithmic rid base = 1000 root directory = guest account = nobody enable privileges = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . passwd chat debug = No passwd chat timeout = 2 check password script = username map = password level = 0 username level = 0 unix password sync = Yes restrict anonymous = 0 lanman auth = Yes ntlm auth = Yes client NTLMv2 auth = No client lanman auth = No client plaintext auth = No preload modules = dedicated keytab file = kerberos method = default map untrusted to domain = No log level = 0 syslog = 0 syslog only = No log file = /var/log/samba/log.%m max log size = 1000 debug timestamp = Yes debug prefix timestamp = No debug hires timestamp = No debug pid = No debug uid = No debug class = No enable core files = Yes smb ports = 445 139 large readwrite = Yes max protocol = NT1 min protocol = CORE min receivefile size = 0 read raw = Yes write raw = Yes disable netbios = No reset on zero vc = No acl compatibility = auto defer sharing violations = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name res
[Samba] Default file permissions for Mac OSX
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, samba Version 3.5.4-5.1.2-2426-SUSE-SL11.3 We have recently transferred our file services from one host to another. The old host was an OS/2 server. OS/2 is basically a single user OS; the file (and directory) permissions were mostly irrelevant. The new server is linux OS, opensuse 11.3 distribution. It, of course, has more to say about file permissions. The problem I am seeing is that Windows XP clients that have mounted a share on the new server save files with permissions 0755. This is rather odd; I would have thought 0644. (A PDF with an executable mode is not very useful.) Nevertheless, because the group permission is read-only, other users cannot access the files. 0755 looks like a typical directory permission. I would prefer to have the default file permission be 0664. Is there a setting in the server's samba configuration to define the default file permissions? We have a iMac running OSX 10.6. - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1CbHwACgkQzTcr8Prq0ZOhsgCfZSZ9vfMpIDleYQw6akrF1J/C raAAni/fVK3HsYUtZ7PTqt+yQL3ZiVd+ =Uc1v -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Question on how to get Samba to use larger pread/write calls.
On 17 January 2011 08:14, Chris Duffy wrote: > We are testing Samba 3 (and 4) on Fedora Core 13, > 10Gbit connection with a Mac OS 10.6.4 system > as the client. We will be adding some Windows > machines sooner or later with 10Gbit interfaces. > > We are seeing 100-150MBytes/sec read or write > performance between the Mac and the FC13 system > over 10Gbit interface but it should be capable of > 400-500MBytes/sec. We have a local raid > on the FC13 system that runs 1GByte/sec locally > using an Areca 1880-ix-16 raid card (6Gbit version). > It has 16 fast Hitachi disks in a Raid5 format > using xfs filesystem. > > The problem here is that samba is poking the Areca > at 128KByte I/O's on preads and writes, i.e. > shown to us using strace on the smbd daemons > that are running. Using vmstat/iostat/sar utilities, > we see 100% utilization of the Areca card because the > average wait time is real high and the average > queue length to it is also high..too many > small I/O's. > This is not the case if I run "fio" or "dd" locally > to/from the Areca's raid using 1-4MByte I/O's. > I see fast I/O... > > I do not see any way to increase the size of Samba's > pread/write's in the smb.conf documentation. I > am sure it may be just a matter of getting the source > code and making some changes to allow larger > sized IO's butand of course I suppose Windows > clients may complain but > > I remember that back in the old Irix days with the > group of engineers in Australia I worked with, > we had Samba screaming fast but not sure if they > tweaked the version of Samba on Irix to do this. Hi Chris :) IIRC, we used a carefully tweaked read ahead module to make sure that I/Os were hitting the disks properly aligned and of reasonable size. http://www.samba.org/samba/docs/man/manpages-3/vfs_readahead.8.html > > Can you guys come up with a way for us to allow > the reads/writes to/from the disks to be tunable > up to say 4MB in size? > > Thx > chris duffy > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot list shares on a host
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, linux 2.6.34.7-0.7-desktop x86_64 smbclient 3.5.4-5.1.2-2426-SUSE-SL11.3 I issue this command: smbclient -L SMA-STN14L -U jmoe I get: Connection to SMA-STN14L failed (Error NT_STATUS_BAD_NETWORK_NAME) In [globals] section: workgroup = SOHNEN-MOE netbios name = SMA-STN14L Adding the -I option made no difference. The firewall port is open. There is nothing in . There is nothing in . So, what's the message about a bad name? - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0vavcACgkQzTcr8Prq0ZNSYACeP94q7ydYsQkYHB8wwvIx5gdT 8u8An13z19s3MgUeOjpwhyhPWtZS6mAi =2a+T -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Connecting an iMac to os/2
On 11 January 2011 12:07, James Moe wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hello, > I have an iMac v10.6. I'd like to get it to connect to an old os/2 > server, v4.5 fp3. > Using smbutils on the iMac: > > $ smbutil -v view //sma-server1.sma.com > smbutil: server connection failed: RPC struct is bad > > Can anyone suggest what changes may be made that will correct this > error? Is it even possible? I don't think that the Mac OS X client will support a server that old. You could file a bug at bugreporter.apple.com, but I'm pretty confident that's what they'll tell you. Sorry. > > - -- > James Moe > moe dot james at sohnen-moe dot com > 520.743.3936 > -BEGIN PGP SIGNATURE- > Version: GnuPG v2.0.15 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk0suJ4ACgkQzTcr8Prq0ZPJ7wCeMTU56gbcigWb1gsjR57AxkGm > ycEAoLKKbbvi1plOlr/7EEHJV7KYg+79 > =ls/L > -END PGP SIGNATURE- > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Connecting an iMac to os/2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/11/2011 01:07 PM, James Moe wrote: > Hello, > I have an iMac v10.6. I'd like to get it to connect to an old os/2 > server, v4.5 fp3. > I should note that linux, Windows and (of course) os/2 can mount and access the server shares without a problem. Only the Mac is being difficult. - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0s2xYACgkQzTcr8Prq0ZM/mgCfTyk4fm/AB38/NCqgXyW3rdbZ XhkAnAojbbBifvhqumcd3zj6TcKFNk4a =5Ywr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Connecting an iMac to os/2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I have an iMac v10.6. I'd like to get it to connect to an old os/2 server, v4.5 fp3. Using smbutils on the iMac: $ smbutil -v view //sma-server1.sma.com smbutil: server connection failed: RPC struct is bad Can anyone suggest what changes may be made that will correct this error? Is it even possible? - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0suJ4ACgkQzTcr8Prq0ZPJ7wCeMTU56gbcigWb1gsjR57AxkGm ycEAoLKKbbvi1plOlr/7EEHJV7KYg+79 =ls/L -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] NT_STATUS_PASSWORD_MUST_CHANGE looping
Hi, We have an Ubuntu 10.10 server running Samba 3.5.4 with OpenLDAP 2.4.23 and we have a small problem where every time a user logs onto a workstation they are asked to change their password. Once they enter a new password and confirm it, it asks them again and again and again. The only way to fix this (which isn't a fix) is to use the smbldap-passwd tool to reset their password. But then it happens again the next day. Here is a sample LDAP entry for my user: 32 uid=JMills,ou=Users,dc=neubau,dc=com,dc=au objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: James Mills sn: Mills givenName: James uid: JMills uidNumber: 1066 gidNumber: 513 homeDirectory: /export/data/home/JMills loginShell: /bin/bash gecos: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 displayName: James Mills sambaSID: S-1-5-21-3626674478-1586681162-2521339854-3132 sambaPrimaryGroupSID: S-1-5-21-3626674478-1586681162-2521339854-513 sambaHomeDrive: H: sambaNTPassword: x sambaPwdMustChange: 1290993110 shadowLastChange: 14942 shadowMax: 0 sambaHomePath: \\ALPHA\JMills sambaLogonScript: \\ALPHA\netlogon\netlogon.bat sambaProfilePath: \\ALPHA\profiles\JMills sambaPwdCanChange: 1 sambaPasswordHistory: sambaPwdLastSet: 129590 sambaAcctFlags: [U ] I'm not quite sure what's going on or how we've misconfigured this but any help solving this would be very appreciated. Here is out smb.conf pasted as well: http://paste.pocoo.org/show/298311/ Thank you, cheers James -- -- James Mills -- -- "Problems are solved by method" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getting error with setfacl
Still can't get setfacl to get group or user info from the AD (Windows 2003) Somewhere is the magic to get setfacl to see the AD groups and users. Found the problem and the solution. On the Windows AD the Unix attributes for the groups were not enabled and once enabled setfacl worked. Many thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getting error with setfacl
The key tool is nsswitch. Winbind may or may not be necessary, depending on your precise set up. It's the nsswitch libraries and configuration file which tell Linux where to fetch user and group information. ~ Hello Bruce, Still can't get setfacl to get group or user info from the AD (Windows 2003) I have the following in nsswitch.conf; passwd: compat ldap group: files ldap hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files dns services: files ldap protocols: files rpc:files ethers: files netmasks: files netgroup: files ldap publickey: files bootparams: files automount: files nis aliases:files ldap passwd_compat: ldap And the linux box is joined to the domain; # net ads testjoin Join is OK I can get details from 'wbinfo' fmt-mwr:~ # wbinfo -g DOMAIN+pg_out_test Somewhere is the magic to get setfacl to see the AD groups and users. Many thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getting error with setfacl
- Original Message - From: "Bruce Richardson" To: samba@lists.samba.org Sent: Wednesday, November 3, 2010 6:31:44 PM GMT -08:00 US/Canada Pacific Subject: Re: [Samba] getting error with setfacl On Wed, Nov 03, 2010 at 05:05:28PM -0700, James D. Parra wrote: > Well it does if you're using winbindd to map DOMAIN\\groupname > to a group on the box :-). > ~ > > Thank you Jeremy. What is the best way to do that? The key tool is nsswitch. Winbind may or may not be necessary, depending on your precise set up. It's the nsswitch libraries and configuration file which tell Linux where to fetch user and group information. If your domain stores its user list in the tdb files on your PDC, then your only option is to use winbind (and the nss_winbind library) to provide user and group information to nsswitch. However, if you are using an LDAP directory as the data backend for your domain, you could use nss_ldap instead, and pull the information straight from LDAP. That's what I do, for several reasons, of which the best two are: 1. It allows me to have a consistent nsswitch configuration across all servers, whether or not they are running Samba, and have domain users able to access services consistently. 2. It simplifies the Samba configuration on servers which are domain members. You have this choice both if your domain controllers are LDAP-backed Samba ones (as mine are), or Windows Active Directory servers - all you have to do is make sure your AD servers have the extension to their schema to support POSIX user/group information. Given the choice, I would always go for the direct LDAP route, with users and groups that have intrinsic, permanent UIDs and GIDs; it's less fragile. I'll happily create those users and groups via Samba/Winbind on the PDC (love the whole "idmap alloc" and ldmapsam:editposix combination), but once they're in the LDAP directory, they're permanent, and available to anything that speaks LDAP. ~ Thank you Bruce. I am using ldap on the Samba server joined to an AD domain. Could you point me to a URL for instructions on setup nss_ldap to use the groups on the AD. Many thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getting error with setfacl
On Wed, Nov 03, 2010 at 11:25:44PM +, Miguel Medalha wrote: > > >I have joined the Linux server (Suse 11.2) to the Windows domain (win2003) > >and users can login to the server using their window's domain credentials. > >Also can view all of the domain groups using 'wbinfo -g', however when I try > >to set the acls on a local dir' I get the follow error; > > > >#setfacl -m g:DOMAIN\\groupname:r /tmp/testacl > >setfacl: Option -m: Invalid argument near character 3 > > The setfacl tool knows nothing about Windos domains, hence the error > you see. Well it does if you're using winbindd to map DOMAIN\\groupname to a group on the box :-). ~~~~~ Thank you Jeremy. What is the best way to do that? Many thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] getting error with setfacl
Hello, I have joined the Linux server (Suse 11.2) to the Windows domain (win2003) and users can login to the server using their window's domain credentials. Also can view all of the domain groups using 'wbinfo -g', however when I try to set the acls on a local dir' I get the follow error; #setfacl -m g:DOMAIN\\groupname:r /tmp/testacl setfacl: Option -m: Invalid argument near character 3 The same error occurs if I use a domain user, although I can add a local Linux user or group. What am I overlooking? Many thanks on advance. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] macmini samba
On 24 August 2010 15:09, larry wrote: > Hi, > > > > Did anyone know the samba daemon,config file and the installation path on > MAC OS 10.6? $ smbd -b Built by:r...@ghosttown.apple.com Built on:Thu May 6 17:48:29 PDT 2010 Built using: /usr/bin/cc Build host: Darwin ghosttown.apple.com 10.0 Darwin Kernel Version 10.0.0: Fri Jul 31 22:46:25 PDT 2009; root:xnu-1456.1.25~1/RELEASE_X86_64 x86_64 SRCDIR: /SourceCache/samba/samba-235.4/samba/source BUILDDIR:/var/tmp/samba/samba-235.4~1/x86_64 Paths: SBINDIR: /usr/sbin BINDIR: /usr/bin SWATDIR: /usr/swat CONFIGFILE: /private/etc/smb.conf LOGFILEBASE: /private/var/log/samba LMHOSTSFILE: /private/etc/lmhosts LIBDIR: /usr/lib/samba SHLIBEXT: dylib LOCKDIR: /private/var/samba PIDDIR: /private/var/run SMB_PASSWD_FILE: /private/var/db/samba/smbpasswd PRIVATE_DIR: /private/var/db/samba > > > > I have a problem that the windows users can only access shares on MAC by > computer name. > > > > But need input user name and password by IP address. > > > > > > > > Thanks > > > > Larry > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb mount as root, access as non-root. Changed behaviour between samba 3.0.x and 3.4.x?
On Fri, 2010-07-16 at 20:21 +0100, Seb James wrote:
> On Fri, 2010-07-16 at 17:02 +0100, Seb James wrote:
> > Hi List,
> >
> > I have an appliance ("the client") which mounts a CIFS share from a
> > Samba server - the Samba server usually runs on an Ubuntu system.
> >
> > Within the client, the root user executes a mount command like this:
> >
> > mount.cifs \\UBUNTUSERVER\archive /tmp/Default \
> > -o noserverino,user='someuser',pass='somepassword',uid='50',gid='7'
> >
> > That uid/gid pair belongs to the "lp" user on the client.
> >
> > Once the share is mounted, a process belonging to another user (lp in
> > this case) writes data into the share.
> >
> > When I use Ubuntu 8.04 for the samba server, which ships with Samba
> > 3.0.28, this works.
> >
> > On Ubuntu 10.04 which contains Samba 3.4.7, I am unable to write to the
> > share as the "lp" user (though root - the original share-mounter - is
> > able to).
> >
> > I'm struggling to find what might have changed (a security improvement?,
> > an alteration of a default option?), and whether I can work around this
> > change?
>
> As a follow up to my first message, here is the samba log (level 3)
> output from the Ubuntu 10.04 server when the "lp" owned process tries to
> write data to the share:
>
> [2010/07/16 17:07:45, 3] smbd/process.c:1273(switch_message)
> switch message SMBtrans2 (pid 4037) conn 0x7ffed1cb3730
> [2010/07/16 17:07:45, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
> [2010/07/16 17:07:45, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo)
> call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 263
> [2010/07/16 17:07:45, 3] smbd/vfs.c:865(check_reduced_name)
> reduce_name [statusprintout_Jul1610_170745.prn] [/var/spool/ShareArchive]
> [2010/07/16 17:07:45, 3] smbd/vfs.c:974(check_reduced_name)
> reduce_name: statusprintout_Jul1610_170745.prn reduced to
> /var/spool/ShareArchive/statusprintout_Jul1610_170745.prn
> [2010/07/16 17:07:45, 3] smbd/trans2.c:4050(call_trans2qfilepathinfo)
> call_trans2qfilepathinfo: SMB_VFS_STAT of statusprintout_Jul1610_170745.prn
> failed (No such file or directory)
> [2010/07/16 17:07:45, 3] smbd/error.c:153(reply_unix_error)
> unix_error_packet: error string = No such file or directory
> [2010/07/16 17:07:45, 3] smbd/error.c:60(error_packet_set)
> error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2)
> NT_STATUS_OBJECT_NAME_NOT_FOUND
> [2010/07/16 17:07:45, 3] smbd/process.c:1459(process_smb)
> Transaction 328 of length 78 (0 toread)
> [2010/07/16 17:07:45, 3] smbd/process.c:1273(switch_message)
> switch message SMBtrans2 (pid 4037) conn 0x7ffed1cb25f0
> [2010/07/16 17:07:45, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
> [2010/07/16 17:07:45, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo)
> call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 263
> [2010/07/16 17:07:45, 3] smbd/vfs.c:865(check_reduced_name)
> reduce_name [.] [/var/spool/ShareInput2]
> [2010/07/16 17:07:45, 3] smbd/vfs.c:974(check_reduced_name)
> reduce_name: . reduced to /var/spool/ShareInput2
> [2010/07/16 17:07:45, 3] smbd/trans2.c:4070(call_trans2qfilepathinfo)
> call_trans2qfilepathinfo . (fnum = -1) level=263 call=5 total_data=0
> [2010/07/16 17:07:45, 3] smbd/process.c:1459(process_smb)
A further update. I just created a new Ubuntu8.04 virtual machine
install, set it up, and found that in fact, it too fails to allow the
"lp" user to write to the share which was created by the root user. I am
therefore now considering how my original Ubuntu 8.04 install/samba
setup is different from a default install.
Sorry if I wasted anyone's time.
Seb James
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb mount as root, access as non-root. Changed behaviour between samba 3.0.x and 3.4.x?
On Fri, 2010-07-16 at 17:02 +0100, Seb James wrote:
> Hi List,
>
> I have an appliance ("the client") which mounts a CIFS share from a
> Samba server - the Samba server usually runs on an Ubuntu system.
>
> Within the client, the root user executes a mount command like this:
>
> mount.cifs \\UBUNTUSERVER\archive /tmp/Default \
> -o noserverino,user='someuser',pass='somepassword',uid='50',gid='7'
>
> That uid/gid pair belongs to the "lp" user on the client.
>
> Once the share is mounted, a process belonging to another user (lp in
> this case) writes data into the share.
>
> When I use Ubuntu 8.04 for the samba server, which ships with Samba
> 3.0.28, this works.
>
> On Ubuntu 10.04 which contains Samba 3.4.7, I am unable to write to the
> share as the "lp" user (though root - the original share-mounter - is
> able to).
>
> I'm struggling to find what might have changed (a security improvement?,
> an alteration of a default option?), and whether I can work around this
> change?
As a follow up to my first message, here is the samba log (level 3)
output from the Ubuntu 10.04 server when the "lp" owned process tries to
write data to the share:
[2010/07/16 17:07:45, 3] smbd/process.c:1273(switch_message)
switch message SMBtrans2 (pid 4037) conn 0x7ffed1cb3730
[2010/07/16 17:07:45, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
[2010/07/16 17:07:45, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo)
call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 263
[2010/07/16 17:07:45, 3] smbd/vfs.c:865(check_reduced_name)
reduce_name [statusprintout_Jul1610_170745.prn] [/var/spool/ShareArchive]
[2010/07/16 17:07:45, 3] smbd/vfs.c:974(check_reduced_name)
reduce_name: statusprintout_Jul1610_170745.prn reduced to
/var/spool/ShareArchive/statusprintout_Jul1610_170745.prn
[2010/07/16 17:07:45, 3] smbd/trans2.c:4050(call_trans2qfilepathinfo)
call_trans2qfilepathinfo: SMB_VFS_STAT of statusprintout_Jul1610_170745.prn
failed (No such file or directory)
[2010/07/16 17:07:45, 3] smbd/error.c:153(reply_unix_error)
unix_error_packet: error string = No such file or directory
[2010/07/16 17:07:45, 3] smbd/error.c:60(error_packet_set)
error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2)
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2010/07/16 17:07:45, 3] smbd/process.c:1459(process_smb)
Transaction 328 of length 78 (0 toread)
[2010/07/16 17:07:45, 3] smbd/process.c:1273(switch_message)
switch message SMBtrans2 (pid 4037) conn 0x7ffed1cb25f0
[2010/07/16 17:07:45, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
[2010/07/16 17:07:45, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo)
call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 263
[2010/07/16 17:07:45, 3] smbd/vfs.c:865(check_reduced_name)
reduce_name [.] [/var/spool/ShareInput2]
[2010/07/16 17:07:45, 3] smbd/vfs.c:974(check_reduced_name)
reduce_name: . reduced to /var/spool/ShareInput2
[2010/07/16 17:07:45, 3] smbd/trans2.c:4070(call_trans2qfilepathinfo)
call_trans2qfilepathinfo . (fnum = -1) level=263 call=5 total_data=0
[2010/07/16 17:07:45, 3] smbd/process.c:1459(process_smb)
regards,
Seb James
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] smb mount as root, access as non-root. Changed behaviour between samba 3.0.x and 3.4.x?
Hi List,
I have an appliance ("the client") which mounts a CIFS share from a
Samba server - the Samba server usually runs on an Ubuntu system.
Within the client, the root user executes a mount command like this:
mount.cifs \\UBUNTUSERVER\archive /tmp/Default \
-o noserverino,user='someuser',pass='somepassword',uid='50',gid='7'
That uid/gid pair belongs to the "lp" user on the client.
Once the share is mounted, a process belonging to another user (lp in
this case) writes data into the share.
When I use Ubuntu 8.04 for the samba server, which ships with Samba
3.0.28, this works.
On Ubuntu 10.04 which contains Samba 3.4.7, I am unable to write to the
share as the "lp" user (though root - the original share-mounter - is
able to).
I'm struggling to find what might have changed (a security improvement?,
an alteration of a default option?), and whether I can work around this
change?
Can anyone offer any suggestions?
regards,
Seb James
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
Original Message From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Michael Lyon Sent: Wednesday, June 30, 2010 6:37 AM To: t...@tms3.com Cc: samba@lists.samba.org Subject: Re: [Samba] Can Map shares but cannot write > Heh, I made myself the owner, and still can't create a file. > > [r...@vm-stusrv test]# getfacl /home/share/students/ > getfacl: Removing leading '/' from absolute path names > # file: home/share/students/ > # owner: mlyon > # group: students > user::rwx > group::rwx > group:students:rwx > mask::rwx > other::rwx > > Mike > Try using the default flag for setfacl. I always have this problem with setfacl: $ setfacl -m g:students:rwx foo doesn't work, but I have better luck with $ setfacl -d -m g:students:rwx foo I don't know why, it seems like it should work with the first setup but it rarely does for me. And if THAT doesn't work, I connect to the share as an admin Windows user (administrator in your case) and set the ACLs using Windows Explorer. James Zuelow Network Specialist City and Borough of Juneau MIS (907) 586-0236 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: smbd will not start
On 9 April 2010 16:21, James Cort wrote: > On 9 April 2010 16:14, Volker Lendecke wrote: > >> On Fri, Apr 09, 2010 at 10:11:26AM -0500, Bill Purcell wrote: >> > > >> > == >> > [10:05:44] ~$ dpkg -l | egrep "samba|libwb" >> > ii libwbclient0 2:3.4.7~dfsg-1 >> Samba winbind client library >> > ii samba 2:3.2.5-4lenny9 >> a LanManager-like file and printer server for Unix >> > ii samba-common 2:3.2.5-4lenny9 >> Samba common files used by both the server and the client >> > == >> > >> > Should these two version be the same? Is there any easy way with dpkg >> > or apt to make this happen? If not, I assume I will have to build >> > from source? Is there a decent tutorial on this, including a list of >> > dependencies? >> >> Ok, you do have a problem. The libwbclient version must >> match the rest of Samba. Not sure how to solve this, I'm not >> an aptitude wizard. >> > > I think you may have installed 3.4.7~dfsg-1 from backports - either install > every Samba package from backports or none of them. > > apt-get remove libwbclient0 ; apt-get install libwbclient0 should do the > job, assuming your /etc/apt/sources.list is appropriate for Debian Stable. > Sending again because I forgot to ensure the list was copied in. GOS Networks Limited, 1 Friary, Temple Quay, Bristol, BS1 6EA, UK. Registered company number: 6917663 The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing GOS Networks agreement. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Performance issues: have eliminated disk and network as cause
Just been told the config file didn't appear in the email as it went out (even though it certainly appears in the copy I've got), so I'm attaching inline this time. Oh, BTW: it's version 3.4.7 on Debian Lenny, installed from backports. [global] workgroup = U4EATECH netbios name = tiamat enable privileges = yes server string = Primary Domain Controller %v security = user local master = no os level = 33 domain master = no preferred master = no encrypt passwords = true null passwords = no hide unreadable = yes hide dot files = yes obey pam restrictions = Yes unix password sync = Yes remote browse sync = 172.30.20.109 172.30.20.130 172.27.0.6 enhanced browsing = yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = "Changing UNIX and samba passwords for*\nNew password*" %n\n "*Retype new password*" %n\n" ldap passwd sync = Yes log level = 0 syslog = 1 log file = /var/log/samba/log.%m max log size = 1000 read raw = yes write raw = yes kernel oplocks = yes max xmit = 65535 dead time = 15 use sendfile = yes socket options = TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY getwd cache = yes mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon path = logon home = \\atlas\%U logon drive = H: domain logons = Yes wins server = 172.30.20.109 #name resolve order = hosts bcast name resolve order = wins lmhosts hosts bcast dns proxy = yes time server = yes passdb backend = ldapsam:"ldap://ldap.u4eatech.com/ ldap:// ldap-slave.u4eatech.com" ldap admin dn = cn=smbadmin,dc=u4eatech,dc=com ldap suffix = dc=u4eatech,dc=com ldap group suffix = ou=Group ldap user suffix = ou=People ldap machine suffix = ou=Hosts ldap idmap suffix = ou=People ldap ssl = no add user script = /usr/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" load printers = no create mask = 0640 directory mask = 0750 nt acl support = Yes guest account = nobody dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd #show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no [netlogon] path = /home/samba/netlogon guest ok = yes browseable = No read only = no [wpkg] path = /home/samba/wpkg read only = yes guest ok = yes browseable = no [homes] comment = Home Directories browseable = yes writable = yes oplocks = yes GOS Networks Limited, 1 Friary, Temple Quay, Bristol, BS1 6EA, UK. Registered company number: 6917663 The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing GOS Networks agreement. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Performance issues: have eliminated disk and network as cause
Hi, I'm not entirely happy with the performance I'm seeing using Samba, and I wonder if anyone can shine any light. The server is a Dell PowerEdge 2950 with hardware RAID10, 4GB RAM and a quad-core Intel Xeon processor. It's not live yet, so there's no load from other tasks. I've already eliminated the RAID (able to sustain 130-140MB/s for reads/writes) and the network (GigE, tar | nc to this server and untar'd at the other end sustains 8-900Mbps) as bottlenecks, which leaves me dealing with Samba. Samba is peaking at around 280Mbps (reading and writing a single 500MB file) and normal performance (which I have benchmarked with a 350MB directory containing about 1,000 files of various sizes up to 2MB) is closer to 90-100Mbps (write), 117Mbps (read). This is with a Windows XP client, using smbmount from a Linux client is not appreciably faster. Obviously there's going to be a much larger overhead associated with SMB versus netcat, but 3.5-8 times slower? I have attached my smb.conf (though I have removed most of the shares for brevity's sake), in the hope that someone can help. James. GOS Networks Limited, 1 Friary, Temple Quay, Bristol, BS1 6EA, UK. Registered company number: 6917663 The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing GOS Networks agreement. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Provision script fails with Samba4 (latest git version)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, I'm trying to get samba4 to provision with the latest git version. My provision command looks like so: # ./setup/provision --realm=TEST.DOMAIN --domain=DOMAIN --adminpass=pass - --server-role='domain controller' --ldap-backend-type=openldap - --slapd-path=/usr/sbin/slapd I get the following output from the command: hdb_db_open: database "cn=Schema,cn=Configuration,dc=test,dc=domain": db_open(/usr/local/samba4/private/ldap/db/schema/id2entry.bdb) failed: No such file or directory (2). backend_startup_one (type=hdb, suffix="cn=Schema,cn=Configuration,dc=test,dc=domain"): bi_db_open failed! (2) slap_startup failed (test would succeed using the -u switch) Failed to bind - LDAP client internal error: NT_STATUS_UNEXPECTED_NETWORK_ERROR Failed to connect to 'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi' Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=test,DC=domain pdc_fsmo_init: no domain object present: (skip loading of domain details) Traceback (most recent call last): File "./setup/provision", line 244, in nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode,useeadb=eadb) File "bin/python/samba/provision.py", line 1301, in provision dom_for_fun_level=dom_for_fun_level) File "bin/python/samba/provision.py", line 945, in setup_samdb "SAMBA_VERSION_STRING": version File "bin/python/samba/provision.py", line 260, in setup_modify_ldif ldb.modify_ldif(data) File "bin/python/samba/__init__.py", line 261, in modify_ldif self.modify(msg, controls) _ldb.LdbError: (1, 'LDAP client internal error: NT_STATUS_INTERNAL_ERROR') A transaction is still active in ldb context [0x42f1450] on /usr/local/samba4/private/secrets.ldb Any one with any ideas on where I progress from here with this? I seem to have come to a road block. Thanks for any help you can provide. - -- James Ray. Computing Services (http://pub.tsn.dk/how-to-quote.php) Queen Mary, University of London -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktxLvgACgkQcGHKt+AwrtjkZgCgjmqOJ5GH/Myi/siTlx+1hbNE m3IAniZmq2vxv98P8OxMcunlWj6jTnFS =GNAH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] IPv6 name resolution problem
On 2/5/2010 1:50 PM, Ernesto Silva wrote: > Hi, I'm trying to set up a small network over IPv6. It will have IPv4 too > but the dhcp server may not work and Ubuntu (9.04) automatically configure a > .local domain IPv6 addresses, so I must run the samba server and clients > over IPv6. > <<--snip-->> > > ping6 -Ieth0 ipv6_server_address works fine > smbclient -L ::1 works fine > smbclient -L ipv6_client_address works fine > smbclient -L client_name.local fails with NT_STATUS_BAD_NETWORK_NAME > > smbclient -L ipv6_server_address fails with NT_STATUS_INVALID_HANDLE > smbclient -L server_name.local fails with NT_STATUS_BAD_NETWORK_NAME > > As I mentioned both client and server IPv6 addresses are in local scope: > fe80:0:0:0:x:x:x:x/64 > > I'm also using avahi-daemon with IPv6 enabled and my nsswitch.conf host's > line is: > > hosts: files mdns_minimal [NOTFOUND=return] mdns dns > > An strace reveals this: RESOLVE-HOSTNAME-IPV4, but not IPV6 apparently. > > Any ideas? > Best regards, > Ernesto. Check your /etc/hosts file. You may have an old IPv4 dotted address there. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Sirs: I have a Ubuntu 6.06 samba 3.0.22 file server running on linux. I am attempting to update the file server to ubuntu 8.10, samba 3.2.3. I have been attempting this, intermittently, for some time which is why 8.10. I have 10 MSDOS (mostly 6.22) workstations as a part of the network. The ones that have to run, control production machinery on the plant floor. Updating the operating system on those machines is effectivly impossible. There are some of them that run software that I control, most of them use vendor supplied software to control the older machines. They are using lanman 2.2 as the client software. (I have many xp workstations, they work fine with both systems. I can map drives, read and save and run the same dos exe files that the dos stations are failing on. Print stuff...) On the old server, the dos stations can log in and use network resources. Thus far, I have failed to make them work on the new server. The relevant parts of the smb.conf files for the servers are -- The 3.0.22 server. This one is the production server and the dos stations work. # Samba config file created using SWAT # from 10.23.0.118 (10.23.0.118) # Date: 2010/01/29 09:46:06 [global] workgroup = ATRIUM-DW server string = Samba passwd program = /usr/bin/passwd %u unix password sync = Yes change notify timeout = 30 deadtime = 30 printcap name = CUPS disable spoolss = Yes show add printer wizard = No ldap ssl = no case sensitive = No [bestbilt] comment = Mapped as U: path = /atrium/bestbilt valid users = @users force group = users read only = No create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 oplocks = No level2 oplocks = No strict locking = No *** The 3.2.3 server # Samba config file created using SWAT # from UNKNOWN () # Date: 2010/02/02 13:20:51 [global] workgroup = ATRIUM-DW guest account = bbijimhur lanman auth = Yes ldap ssl = no [bestbilt] comment = working production data path = /atrium/bestbilt username = bbijimhur valid users = @users force group = users read only = No guest ok = Yes [dosbbilt] comment = win94 for dos workstations path = /atrium/bestbilt read only = No guest ok = Yes This smb.conf file is the best one I have been able to create for the dos stations. With it, I can log in and map the drive. net use u: \\bbi-sam-2-srv\bestbilt I can do directory listings and change directory to u:\win94 When I attempt to run a dos program (tracking.exe) I get the following u:\win94\> Tracking NET805: NETWORK DEVICE NO LONGER EXISTS READING DRIVE U Abort, Retry, Fail? f Access denied. I have much the same error if I put the executable on the local drive and attempt to use shared .dbf data files from the server. I can connect to the old server with the same box. It takes a few minutes to change all the config files for lanman, but it works. On the old server, I can login, map the drives and run executables and use the dbf data files. It seems to me as if there is some configuration flag where the default has from 3.0 to 3.2 that I can't find. I did a detailed view of both config files from swat and ran a dif on them. I was unable to identify a place that could be changed that would allow the dos machines to utilize the samba file server. I am willing to use either different client software on the dos stations, or update the samba setup to a different version. I like ubuntu, but am not wedded to it. However, the dos stations must stay, even if I must maintain a server with 3.0 on it to keep them running. Any ideas? I am more that willing to RTFM, but have exausted my ideas of which FM and which part of it to read. Hints in this matter would be welcome. Hints on which config option in smb.conf would be even more welcome. Thanks in advance, Jim Hurlburt Atrium Windows and Doors Northwest. Yakima, WA USA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file attributes (ACL's) lost
> I have an iSCSI mount that I disconnected from during a reboot and > after remounting it all the ACL's are missing. Using 'll' shows no > extended file attributes and 'getfacl' on the dir' shows that the > previous attributes are now missing. Restarting smb, nmb, & winbind > didn't restore them either. > I don't think there is any backup of the posix acls anywhere in samba. > > Is there a way to restore the attributes? Not sure how they were lost > in the fist place. > Did you mount your filesystem with the appropriate acl options. Do you have acls enabled in your kernel? ~ Thank you, John. That was the problem; I mounted it with ext3 default instead of ext3 acl,user_xattr. All is well. Best, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] file attributes (ACL's) lost
Hello, I have an iSCSI mount that I disconnected from during a reboot and after remounting it all the ACL's are missing. Using 'll' shows no extended file attributes and 'getfacl' on the dir' shows that the previous attributes are now missing. Restarting smb, nmb, & winbind didn't restore them either. Is there a way to restore the attributes? Not sure how they were lost in the fist place. Many thanks in advance. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Recycle VFS + Gnome Trash
Hi, We have hard mounted samba shares (via pam_mount) at login including the user home dir. We have tried setting up the recycle VFS module which works fine when we delete a file from the share on the command line. But when we delete a file in gnome via the gui, it puts it in the users ~/.local/share/Trash folder and samba does not see this happening on the share maybe as its a move file technically from one share to another? So our problem is that we have two trash locations happening dependant on what the user does and what app they are using. Is there anyway to work around and at least say have a common point for the trash... or at the very least get samba to save a copy via recycle vfs? Thanks for any help. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC directory permission fail (Bino Oetomo)
Bino, The permissions should be 770 for directories. They need execute privileges for directories to be able to get access to the directories. You should be able to set the files for 660 though I don't believe it will keep windows from executing a file. With 'force' before 'create mask' or 'directory mask' allows you to set bits. You should have 'create mask 660' to force files (other than directories) to not allow setting of the execute bit. And directories should usually be 'force directory mask 770' with maybe a 'directory mask 770' before this to prevent anyone allowing a directory to be read/writeable by everyone. James -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of samba-requ...@lists.samba.org Sent: Wednesday, January 06, 2010 2:00 PM To: samba@lists.samba.org Subject: samba Digest, Vol 85, Issue 6 -- Message: 1 Date: Wed, 06 Jan 2010 08:51:33 +0700 From: Bino Oetomo To: ?? Cc: samba@lists.samba.org Subject: Re: [Samba] PDC directory permission fail Message-ID: <4b43eca5.1010...@indoakses-online.com> Content-Type: text/plain; charset=KOI8-R; format=flowed Dear Serg and All ?? wrote: > Hello, Bino! > > >> I use webmin to do the samba PDC configuration >> > IMHO, insuffisient > Agree ... I did some direct edit to conf file >> [warehouse] >> comment = Files of warehouse >> writeable = yes >> path = /hdd2/samba/groupfiles/warehouse >> >> when I create that share via webmin i use option : >> a. mode : 775 >> b. Create user : Root >> c. Create Group : warehouse. >> >> 4. From my XP station , I login to that domain with user name "wh01", >> the results is : >> a. Successfull login >> b. wh01 can create a file in the home directory (/home/wh01) >> > > >> But, wh01 can not write file to share "warehouse" >> > Which permission to the new file? May be 644? :) > IMHO, user have right to write directory, but have not right to write file. > Look man smb.conf for "force create mode", "force directory mode" or http://wiki.samba.org/index.php/Frequently_Asked_Questions#inherit_permi ssions > > Thankyou for your enlightment I read that documentation, but I don't want uuser to be able to execute things in directory So I chage the share to : [warehouse] create mode = 660 path = /hdd2/samba/groupfiles/warehouse directory mode = 660 force group = warehouse (and the dircory is auto created with user:group as root:warehouse) Still the user with group "warehouse" can not access (event just "open") the directory so I try to delete the share ... manualy remove the dir , and re create the share (and dir) with : [warehouse] create mode = 760 path = /hdd2/samba/groupfiles/warehouse directory mode = 760 force group = warehouse Still the user with group "warehouse" can not access (event just "open") the directory Again, I try to delete the share ... manualy remove the dir , and re create the share (and dir) with : [warehouse] create mode = 770 path = /hdd2/samba/groupfiles/warehouse directory mode = 770 force group = warehouse And ... voila ... the user can access (read-write) into the shares ... But it'll means that the user can also "execute" somethings inside directory ... right ? Why we need the "execute" bit in directory permission just to let the user to "read and write only" ? Just fyi, my system is based on : ++ Ubuntu Jaunty ++ Samba 3.32 Sincerely -bino- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
2009/12/16 Anton Starikov : > > On Dec 16, 2009, at 9:45 PM, James Peach wrote: > >> 2009/12/16 Anton Starikov : >>> One question. >>> >>> The fact that client ignore ACL capabilities of server, it is also normal >>> for current smbfs implementation? >> >> Even in 10.5, the smbfs client does not ignore the filesystem ACL >> support attribute. > > With unix extensions enabled? > > Then I don't understand. Where is the problem. > > On server side I see > > smbd_audit: antst|xxx|antst|sys_acl_get_file|ok|. > smbd_audit: antst|xxx|antst|sys_acl_get_file|ok|. > smbd_audit: antst|xxx|antst|sys_acl_get_entry|ok| > smbd_audit: antst|xxx|antst|sys_acl_free_acl|ok| > smbd_audit: antst|xxx|antst|sys_acl_free_acl|ok| > smbd_audit: antst|xxx|antst|get_nt_acl|ok|. > > > a file: > > # getfacl /home/antst/tt1 > getfacl: Removing leading '/' from absolute path names > # file: home/antst/tt1 > # owner: antst > # group: cmsusers > user::rw- > user:mohand:rwx > group::r-- > mask::rwx > other::--- > > And on client side: > > ls -le /tmp/qq1/tt1 > -rw-r- 1 antst cmsusers 0 Dec 16 20:19 /tmp/qq1/tt1 > > > And if I try to set ACL from OSX I get > $ chmod +a "mohand allow write" /tmp/qq1/tt1 > chmod: Failed to set ACL on file '/tmp/qq1/tt1': Operation not supported > > Looking into the source code of client (thanks for link) I see that > CIFS_UNIX_POSIX_ACLS_CAP is not referenced in the sources (except header > file, where it is defined). Although it can mean nothing and you can use > somewhere in the code just numerical value. It doesn't use unix ACLs, it uses SMB ACLs. -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
2009/12/16 Anton Starikov : > One question. > > The fact that client ignore ACL capabilities of server, it is also normal for > current smbfs implementation? Even in 10.5, the smbfs client does not ignore the filesystem ACL support attribute. > > On Dec 16, 2009, at 9:28 PM, James Peach wrote: > >> 2009/12/16 Jeremy Allison : >>> On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote: >>>> And although it creates directory, it doesn't copy contents, because it >>>> stops process of copying directory after this error. If I repeat filesync, >>>> the contents of directory will be copid (cause directory is already here). >>>> >>>> So, it looks exactly the same. >>>> If so, then problem in chflags(). >>>> I expect that samba on linux is compiled without support for chflags, >>>> obviously. >>>> >>>> I presume that settings "unix extensions = no" would probably fix this, >>>> but it has a drawback, because then you loose native unix things like >>>> symlinks etc. >>>> >>>> Which is, at least in our case is not possible, cause shares accessed by >>>> both, mac and linux clients over NFS (the same clients on different hosts) >>>> and symlinks are heavily used. >>>> >>>> I think, OSX client, when it sees that server supports "unix extensions", >>>> expects that on other side is OSX server with samba which supports chflags. >>>> >>>> So, if we don't discuss rewrite of OSX cifs FS, then only solution is to >>>> "emulate" chflags support on samba side (or convert flags to XFS/ETX3 >>>> attrs somehow) >>> >>> Hmmm. Looks like a client bug then, in that they don't cope with an >>> error on chflags set. What error is the Samba server returning here ? >>> >>> George, what errors can the MacOSX client cope with and continue ? >> >> FileSync wants to create accurate copies of files, including all their >> metadata. We just pass the error up the stack. The current code does >> not look too closely at the unix capabilities, we should be looking >> at the flags mask in the UNIX_INFO2 response and handling the case >> where the server doesn't understand any flags. >> >> Please file a bug at http://bugreporter.apple.com and attach the >> packet trace. This will help us to make a case to fix this in an >> update. >> >> -- >> James Peach | jor...@gmail.com > > -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
2009/12/16 Anton Starikov : > > On Dec 16, 2009, at 7:08 PM, Jeremy Allison wrote: > >> On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote: >>> And although it creates directory, it doesn't copy contents, because it >>> stops process of copying directory after this error. If I repeat filesync, >>> the contents of directory will be copid (cause directory is already here). >>> >>> So, it looks exactly the same. >>> If so, then problem in chflags(). >>> I expect that samba on linux is compiled without support for chflags, >>> obviously. >>> >>> I presume that settings "unix extensions = no" would probably fix this, but >>> it has a drawback, because then you loose native unix things like symlinks >>> etc. >>> >>> Which is, at least in our case is not possible, cause shares accessed by >>> both, mac and linux clients over NFS (the same clients on different hosts) >>> and symlinks are heavily used. >>> >>> I think, OSX client, when it sees that server supports "unix extensions", >>> expects that on other side is OSX server with samba which supports chflags. >>> >>> So, if we don't discuss rewrite of OSX cifs FS, then only solution is to >>> "emulate" chflags support on samba side (or convert flags to XFS/ETX3 attrs >>> somehow) >> >> Hmmm. Looks like a client bug then, in that they don't cope with an >> error on chflags set. What error is the Samba server returning here ? > > Of course it is client error. But it is much easy to add "dirty hack" to > samba on server that fooling around bunch of clients. > Does Apple opensource their implementation of smbfs? http://www.opensource.apple.com/source/smb/smb-348.7/ -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
2009/12/16 Jeremy Allison : > On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote: >> And although it creates directory, it doesn't copy contents, because it >> stops process of copying directory after this error. If I repeat filesync, >> the contents of directory will be copid (cause directory is already here). >> >> So, it looks exactly the same. >> If so, then problem in chflags(). >> I expect that samba on linux is compiled without support for chflags, >> obviously. >> >> I presume that settings "unix extensions = no" would probably fix this, but >> it has a drawback, because then you loose native unix things like symlinks >> etc. >> >> Which is, at least in our case is not possible, cause shares accessed by >> both, mac and linux clients over NFS (the same clients on different hosts) >> and symlinks are heavily used. >> >> I think, OSX client, when it sees that server supports "unix extensions", >> expects that on other side is OSX server with samba which supports chflags. >> >> So, if we don't discuss rewrite of OSX cifs FS, then only solution is to >> "emulate" chflags support on samba side (or convert flags to XFS/ETX3 attrs >> somehow) > > Hmmm. Looks like a client bug then, in that they don't cope with an > error on chflags set. What error is the Samba server returning here ? > > George, what errors can the MacOSX client cope with and continue ? FileSync wants to create accurate copies of files, including all their metadata. We just pass the error up the stack. The current code does not look too closely at the unix capabilities, we should be looking at the flags mask in the UNIX_INFO2 response and handling the case where the server doesn't understand any flags. Please file a bug at http://bugreporter.apple.com and attach the packet trace. This will help us to make a case to fix this in an update. -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UID - high need to lower it for a test user - active directory auth
- Original Message - From: "Michael Wood" To: "James Kosin" Cc: "KJS" ; Sent: Friday, October 23, 2009 3:38 AM Subject: Re: [Samba] UID - high need to lower it for a test user - active directory auth <<-- snip -->> What sort of problem are you having? The higher UID for non-local users is normal and shouldn't be touched in most cases. This is to keep the local UIDs different significantly from the ones that are not local. The only problem you may be having would be if you have a huge number of local users. In which case you would have to determine if it would be better to create all local account for everyone on the domain to keep from having problems. But, I seriously doubt this is the problem. If it's a wild goose chase it's my fault. He is having trouble with some commercial software when run by domain users instead of local users. The differences between them as far as I could tell are: The local users all have UIDs and primary group IDs << 65536. The domain users all have UIDs and primary group IDs >> 65536. Also, the primary group name of the domain users is "Domain Users". i.e. it has a space in it. Since traditionally UIDs and GIDs were 16 bit numbers, I thought it was possible that this commercial software somehow did not like the large UIDs/GIDs. Perhaps it would be easier to test a local user with a high UID and primary group ID to see if that also does not work. Which applications? I do know Microsoft Office products usually have some fine tuning when run with or without domain logins. Other than that; we would need more specifics to answer your problem... 1) You said the application being run was having problems, what error messages or problems? Try to be as complete as possible. 2) Name the application if possible? Microsoft Excel, etc. 3) If a custom application, what type of access is giving the problem? Database, text file, binary file, permissions, etc. 4) Is the problem random or only with users on the domain as oppose to the local machine accounts? The local machine accounts may have special permissions to access more features of the system. If the special application is taking advantage of these features it may not like the domain users. 5) Calm down... James Kosin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UID - high need to lower it for a test user - active directory auth
- Original Message - From: "KJS" Newsgroups: linux.samba Sent: Thursday, October 22, 2009 9:00 AM Subject: Re: [Samba] UID - high need to lower it for a test user - active directory auth Hi Guys, I am having some problems with Active Directory users using a bit of software on our server, my AD users are authing via Winbind this works fine and the only difference I can see between a local user and an AD user is the fact the AD user has a MUCH higher UID, how can I create a user with a low UID to test this? I don't want to change them all yet as it might not be this that is causing the problem. Many Thanks, KJS What sort of problem are you having? The higher UID for non-local users is normal and shouldn't be touched in most cases. This is to keep the local UIDs different significantly from the ones that are not local. The only problem you may be having would be if you have a huge number of local users. In which case you would have to determine if it would be better to create all local account for everyone on the domain to keep from having problems. But, I seriously doubt this is the problem. James K. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nss_winbind / offline logon
James Zuelow Network Specialist City and Borough of Juneau MIS (907)586-0236 > -Original Message- > From: samba-boun...@lists.samba.org > [mailto:samba-boun...@lists.samba.org] On Behalf Of Petteri Heinonen > Sent: Friday, 16 October, 2009 03:37 > To: samba@lists.samba.org > Subject: [Samba] nss_winbind / offline logon > > Hello list users, > > I have been struggling to make my AD integrated Debian Lenny > box to work fluently also when network connectivity is down. > What I would like to achieve: > > 1) When no network available, local user should still work normally > 2) If possible, AD located users should still be able to > login if they have previously logged in successfully (cached login) > > Number 2 is more like optional, but number 1 would be very > much needed. However, it seems that winbind somehow blocks > login process for local accounts too if it is not able to get > network connection to AD during system boot. These are the > relevant lines in my nsswitch.conf: > > passwd: files winbind > group: files winbind > shadow: files > > Now, I would think that with this configuration, that no > matter what is the status of winbindd daemon, local users > like root should be able to login. But that is not the case > here. The login hangs for about 5 minutes, and after that it > succeeds. If I remove winbind from nsswitch.conf or configure > init system so that winbindd is not started up during boot, > then logins for local accounts go through normally. > > a) make nsswitch understand that I do not want it to query > anything from winbind if user is found from local files > b) make winbind even somehow responsive also upon the > situation where it has to start up without network connection > > Any help or pointers would be greatly appreciated. > So for goal number 1, local user logins (hopefully without a 5 minute pause) I would check your PAM configuration. The first thing to look at is make sure that pam_winbind.so is set up as sufficient, and not required. If it is sufficient and your pam is set up like this: auth sufficient pam_winbind.so auth sufficient pam_unix.so use_first_pass What happens if you swap places, so that pam_unix comes before pam_winbind? I no longer have a system set up for AD account logins, so I can't test. This is from memory when I had a laptop (Debian Lenny even) that would do AD account logins, but it would always allow local account logins when the network was disconnected without a long pause. HTH! James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Adding a AD Group to a Unix user account
Hi Guys, First of all I can do the following: "usermod -g GID bobby" and it adds the group to the user account fine (GID being the actual number value not the name). but if i don't use -g it fails to work, I want to ADD the group "Domain Users" to "bobbys" account, so I tried: "usermod -a -G GID bobby" but it doesnt not appear to do anything... Anyone got any ideas? Many Thanks! James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind idmap question
> -Original Message- > From: samba-boun...@lists.samba.org > [mailto:samba-boun...@lists.samba.org] On Behalf Of Christian > Sent: Thursday, 17 September, 2009 10:01 > To: samba > Subject: [Samba] winbind idmap question > > Hi, > > how do I tell winbind to use "UserId" from AD, and not doing > own mapping > of ID's ? > AD is win2003 R2 Std with sfu. > > What I did/tried: > current (this did not work): > > # winbind separator = \ > winbind use default domain = Yes > winbind nested groups = Yes > # winbind cache time = 600 > template shell = /bin/bash > # template homedir = /home/%D/%U > template homedir = /home/%U > idmap uid = 1-2 > idmap gid = 1-2 > winbind enum groups = Yes > winbind enum users = Yes > security = domain > # security = ads > # Where do we get our user information from? > password server = srv-001.domain.local > > tried (did not work, too, and is very slow finding users): >winbind use default domain = Yes >winbind nested groups = Yes >winbind nss info = rfc2307 > >idmap domains = DOMAIN > >idmap config DOMAIN:backend = ad >idmap config DOMAIN:default = Yes >idmap config DOMAIN:range = 1 - 1 >idmap config DOMAIN:schema_mode = rfc2307 > security = domain > # security = ads > # Where do we get our user information from? > password server = srv-001.domain.local > > samba version is 3.2.7 > > Thanks for your ideas > Kind Regards > Chris >From Samba version 3.2.5 (Debian Lenny) and 3.3.6 (Lenny backports). This >config works for me in both versions, so I'm confident it will work in 3.2.7: idmap domains = YOUR_DOMAIN idmap config YOUR_DOMAIN:backend = rid idmap config YOUR_DOMAIN:base_rid = 0 idmap config YOUR_DOMAIN:range = 1 - 4 We have a Server 2003 native forest/domain not 2003 R2, and we do not have sfu deployed. So the environment is a little different. James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.4.0 upgrade on Suse 11.1
Hello, I want to upgrade samba 3.3.4 on SuSE 11.1 to 3.4. Has anyone encountered and problems with the new release, for example, authenticating against a windows AD? Thanks in advance, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permission problem with mac os x client
2009/7/16 Udo Mueller : > Hi all, > > Server: Debian 5.0 with samba 3.2.5 > Client: Current Mac OS X > > Wanted: files with 0760, directories with 2770 > > Config: create mask = 760 > directory mask = 770 > force create mode = 760 > force directory mode = 2770 > > Problem: files created with 644 or 764 or 600 > directories created with 2700 or 0770 or 0700 > > My setup works just perfect with Windows Clients. > > Anyone knows why this doesnt work with mac os x? try "unix extensions = no" -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4-alpha 6 on Ubuntu Jaunty
First let me say thanks to the Samba team for all time and effort you have put forward. Now I do not have a problem per se but am going to be testing some of the Alpha versions with respect to Ubuntu. I am interested in testing policies in particular but before I go through and do that I am curious about the dynamic dns and dhcp. I have always found DHCP to be a pain to set up in Linux and as I work in a predominantly Windows environment (did sneek in a Linux boxen for virtual machines), I can tell you that MSoft's version of DHCP is quite easy to work with. Are there any plans to tie the DNS and DHCP as part of the provisioning process? That in and of itself would be fairly important to win administrators. Thanks again. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE: Samba with ADS
> -Original Message- > From: > samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba.org > [mailto:samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba > .org] On Behalf Of McGranahan, Jamen > Sent: Monday, 15 June, 2009 07:50 > To: samba@lists.samba.org > Subject: [Samba] Samba with ADS > > Environment: Sun Solaris 9 sparc > Software: Samba-3.3.3, KRB5-1.6.3, OpenLDAP-2.4.11 > Problem: > Am trying to create shares with Samba so that users can map > to folders on this server using Active Directory. I am > successful in creating a Kerberos ticket; I can join the > domain; and wbinfo -u and -g give me users in the AD. > However, getent passwd only gives me a list of users on the > server and not in the AD. The winbindd.log file has a lot of > these lines: --8<-- snip -->8-- > > If you have any advice and/or guidance, I would greatly > appreciate it. Thank you! > The getent passwd trouble may be a red herring. If you do not have these lines in smb.conf Winbind enum users = Yes Winbind enum groups = Yes Then wbinfo -u will work, but getent passwd will not. Generally you want to leave enumumerating users and groups turned off (the default) on larger domains. In my experience having them turned on can delay share access, restart times, etc. However enumerating users and groups so that getent passwd works is not necessary for shares to work correctly or users to map drives in AD. (At least this is true for Debian, I don't know about Solaris.) James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrading from NT to AD
On Jun 10, 2009, at 9:24 PM, Edward Ned Harvey wrote: Could someone point me toward documentation on the impact to Samba of upgrading from an NT domain to Active Directory? I've found docs on Samba with NT domains and docs on Samba with AD, but not so much on the upgrade process. I'd like to know exactly what I'm doing before I do anything that could cut my Windows users off from the file servers. Whether it's as easy as "do the upgrade and your Samba servers will automatically make the transition", or I have to set up Kerberos and make changes to smb.conf, I want to be sure I know all the steps involved. I don't know any such documentation (and good luck to you finding it) - I would think maybe you'll find something going from 2003 to 2008 ... but from NT to AD ... phew doggy... It's something that I'm sure enough people have done at this point that documentation must exist somewhere. Even if it's old, it's not like NT has changed in years. Anyway - I do have some advice for you. Find some way to attach a new hard drive to the windows server. Boot from something like centos cd1 in rescue mode. Use dd to backup the OS hard drive to a file on the new HD. If the OS hard drive is software mirrored, make separate dd's for each of the 2 hard drives. That way, you're free to do what you need to do, and you always have a safetynet. Thanks for the advice. I'm going to be retiring the old NT server during this process and replacing it with a new system. I'm planning to use a third system as a swing server to help me get the upgrade done. I'll shut down the PDC, promote the BDC and upgrade it, then bring up the new PDC as a BDC (essentially), promote it and shut down the swing box. There shouldn't be any cruft left over from NT on my new PDC, and if something goes wrong in the process, I can bring up the old PDC and be back up and running quickly. I'll be doing a dd backup anyway, because it's always better to be safe than sorry. Assuming you're using Kerberos, my expectation is that you don't need to do anything at all on the samba server. But don't hold me to it. How about if I'm not currently using Kerberos? Thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrading from NT to AD
Hi Samba users, Could someone point me toward documentation on the impact to Samba of upgrading from an NT domain to Active Directory? I've found docs on Samba with NT domains and docs on Samba with AD, but not so much on the upgrade process. I'd like to know exactly what I'm doing before I do anything that could cut my Windows users off from the file servers. Whether it's as easy as "do the upgrade and your Samba servers will automatically make the transition", or I have to set up Kerberos and make changes to smb.conf, I want to be sure I know all the steps involved. Thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] authenticate Linux users to AD on Windows 2003R2
Hello, I have enough details on how to have Linux users authenticate to a 2003r2 AD, but I need help getting their home dir's to automatically mount to a windows share. Any details would be greatly appreciated. Many thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] NTFS Attributes
> -Original Message- > From: > samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba.org > [mailto:samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba > .org] On Behalf Of Wikked one > Sent: Friday, 08 May, 2009 01:52 > To: m...@campbell-lange.net; volker.lende...@sernet.de > Cc: samba@lists.samba.org > Subject: RE: [Samba] NTFS Attributes > > > Hi Mark, >I think this is what you're looking for? > http://www.debianhelp.co.uk/acl.htm > http://aisalen.wordpress.com/2007/08/10/acls-on-samba/ > > > This will allow you to emulate most NTFS attributes with your back up. > > Not really Samba related, but possibly an important point for Samba admins on Debian who like to backup ACL information. Note that the debianhelp article refers to the "star" package. For some reason star isn't available in Lenny. But both the Etch and Sid package install just fine. (Sid is a newer version, and hopefully filters down into backports at some point.) James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Using kerberos authentication without AD
Here's the scenario we often run into; we have machines with multiple user accounts, which all authenticate to our kerberos servers. Depending on the group, these accounts could be local, nis, ldap, etc. They often want to provide samba services, but binding the machine to AD isn't always feasible, so they have to manually create the samba users and password database. Is there any way for samba to use our kerberos servers directly for authentication, without having an AD domain controller as the middleman, and without using plaintext authentication? Thanks -jim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Time capsule and "bad smb"
2009/4/21 Pietro Battiston : > Il giorno lun, 16/02/2009 alle 23.03 -0800, Jeremy Allison ha scritto: >> On Mon, Feb 16, 2009 at 09:42:48PM -0800, James Peach wrote: >> > >> > Volker's suggestion is the best. >> > >> > Pietro should to <http://developer.apple.com/bugreporter/> and log a >> > bug against the TIme Capsule. It would be best to attach a packet >> > trace to the bug. Follow the instructions here: >> > >> > <http://wiki.samba.org/index.php/Capture_Packets> >> >> Boo, hiss, cop-out :-). >> >> > I'll try and dig up a time capsule to bring to Connectathon next week >> > if any of the Linux smbfs folks would like to test against it ... >> >> Sure, I'll be there and I'd love to take a look at it. >> Will there be any Time Capsule engineers there though >> if we do find bugs ? > > Did someone debug the problem? yes > The bug I filed (# 6598363) in the Apple bugtracker is just there, > alone, with apparently no care given to, since more than 2 months... Not everything that happens to a bug report is visible to the originator. When they ship a release that includes the fix, the bug should be sent back to you to verify. Sorry the process is so opaque. -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: samba Digest, Vol 76, Issue 10
2009/4/10 Alex Thurley : > Dear List, > > I wonder if somebody has a correctly working SMB service in Mac OS X Server > 10.5.x. I've got here lots of "This process has forked.." This is because a call to the Security framework touches a part of CoreFoundation that is unhappy that Samba forks without a subsequent exec. It's annoying but harmless. > and "Broken Pipe" > errors as described in this post: > http://www.afp548.com/forum/viewtopic.php?showtopic=22295 Not really enough info to say what is happening here. the broken pipe means that the client disconnected unexpectedly, but it's not clear why. As some of the posters in that thread note, there is a bug in the streams module where we return an error for reads after the end-of-file (we ought to succeed but return no data). > > Would be nice if a Samba-guru could point us to the right direction. Volker's suggestion to file a Radar with Apple is spot on. -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] failed to join domain error
> -Original Message- > From: > samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba.org > [mailto:samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba > .org] On Behalf Of Benedict simon > Sent: Friday, 27 March, 2009 05:06 > To: samba@lists.samba.org > Subject: [Samba] failed to join domain error > > Dear All, > > I have succesfully managed to have my kerberos configured n working > without error when i say > > kinit Administrator > and after entering password i get the # prompt > so its works fine > > > now i configured /etc/samba/smb.conf but when i try to join > my Win2003 ADS > domain server > > net ads join -U Administrator > Administrator's password: > [2009/03/26 21:58:05, 0] utils/net_ads.c:ads_startup_int(286) > ads_connect: No logon servers > Failed to join domain: No logon servers > > > thnks and Regards > > Simon > > > -- > Network ADMIN > - > KUWAIT MUNICIPALITY: I just had a host do this recently, using Samba 3.2.5-4 Debian. DNS was working fine, kerberos was working fine, but for some reason net ads join didn't want to work. I resolved it by putting an entry for a domain controller into /etc/hosts. After that net ads join worked fine. James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Is the net rpc vampire at all destructive to a NT4 PDC?
Is it safe to run the net rpc vampire command on a PDC as many times as you want in effort to test the NT4 -> samba PDC? While keeping the NT4 PDC in production mode? With the goal of test the full operation of the migrated PDC on a separate network. ` I've done this several times against my PDC without any problems. Best, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help - smbiod
Hello all, I need help about smbiod, i have mounted samba server from linux client with command "mount -t smbfs -o username=root //10.10.x.x/folder /dest" and then the client ask about password, and it works, but when i copy files in the middle of the process suddenly it stoped, then i run command "top" i see "smbiod" use verry high cpu usage(more than 90%). Is there anyone can help me, please.. Thx. here is my log : Mar 20 11:15:32 showa16 smbd[3013]: [2009/03/20 11:15:32, 0] lib/util_sock.c:get_peer_addr(1000) Mar 20 11:15:32 showa16 smbd[3013]: getpeername failed. Error was Transport endpoint is not connected Mar 20 11:15:32 showa16 smbd[3013]: [2009/03/20 11:15:32, 0] lib/util_sock.c:write_socket_data(430) Mar 20 11:15:32 showa16 smbd[3013]: write_socket_data: write failure. Error = Connection reset by peer Mar 20 11:15:32 showa16 smbd[3013]: [2009/03/20 11:15:32, 0] lib/util_sock.c:write_socket(455) Mar 20 11:15:32 showa16 smbd[3013]: write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer Mar 20 11:15:32 showa16 smbd[3013]: [2009/03/20 11:15:32, 0] lib/util_sock.c:send_smb(647) Mar 20 11:15:32 showa16 smbd[3013]: Error writing 4 bytes to client. -1. (Connection reset by peer) Mar 20 11:15:42 showa16 kernel: smb_add_request: request [e9361ee0, mid=32451] timed out! Mar 20 11:16:16 showa16 kernel: smb_add_request: request [e9361ee0, mid=44881] timed out! Mar 20 11:16:50 showa16 kernel: smbiod_handle_request: smbiod got a request ... and we don't implement oplocks! Mar 20 11:17:20 showa16 kernel: smb_add_request: request [e9361ee0, mid=1915] timed out! Mar 20 11:17:20 showa16 kernel: smbiod_handle_request: smbiod got a request ... and we don't implement oplocks! Mar 20 11:17:20 showa16 kernel: smb_get_length: Invalid NBT packet, code=31 Mar 20 11:17:20 showa16 kernel: smb_add_request: request [e9361dc0, mid=1916] timed out! Mar 20 11:17:50 showa16 kernel: smb_add_request: request [e9361ee0, mid=1917] timed out! Mar 20 11:17:50 showa16 kernel: smb_lookup: find 060711/Brother's.JPG failed, error=-5 Mar 20 11:18:07 showa16 kernel: smb_proc_readdir_long: error=-2, breaking Mar 20 11:18:36 showa16 kernel: smb_get_length: Invalid NBT packet, code=33 Mar 20 11:19:06 showa16 kernel: smb_add_request: request [e9361ee0, mid=28823] timed out! Mar 20 11:19:39 showa16 kernel: smb_add_request: request [e9361ee0, mid=29609] timed out! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE: To winbind or not to winbind.
-Original Message- From: samba-technical-bounces+james.chavez=sanmina-sci@lists.samba.org [mailto:samba-technical-bounces+james.chavez=sanmina-sci@lists.samba .org] On Behalf Of William Jojo Sent: Wednesday, March 11, 2009 3:51 PM To: samba-techni...@samba.org Subject: To winbind or not to winbind. The subject pretty much says it all. I know that I need winbindd when running Samba in ADS mode as a DMS to AD, otherwise nothing works right. I was playing in Ubuntu 8.04.2 which has 3.0.28a (trying to stay pure on this box) default winbindd on. Well, when I try to set ACLs on a file (ext3, ea support on, acls and extended_xattr) with winbind on I get no error when I apply the change, but the Windows XP side shows no change but the Samba log shows: [2009/03/11 18:39:22, 0] smbd/posix_acls.c:create_canon_ace_lists(1438) create_canon_ace_lists: unable to map SID S-1-5-21--XXX--1412 to uid or gid. Then I turn winbindd off and everything is perfect - no problems, acl is applied and the refresh on the Windows side concurs with the Ubuntu side. Is this by design? I always thought that winbindd running was not a hindrance, util now. In fact I thought I recalled a few threads where is was recommended that winbindd run no matter what your setup. Can someone elaborate or point to a place where I missed the elaboration? :-) :-) Cheers, Bill _ Don't mean to jump on this but... is it necessary or recommended to have Winbind running when your box is acting as an ADS member server? You say nothing works right? Maybe this is the cause of some of the inermittent issues I have.. Can anyone elaborate. I thought I did not need Winbind..I do not use it and everything seems to work great but from time to time I get no password server available to validate. Might not be related.. Thanks James CONFIDENTIALITY This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof. ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE: winbind
Hello Van, I suggest you checkout PAM_MOUNT ( http://pam-mount.sourceforge.net/ ) Thanks, James Mitchell From: samba-bounces+james.p.mitchell=det.nsw.edu...@lists.samba.org [samba-bounces+james.p.mitchell=det.nsw.edu...@lists.samba.org] On Behalf Of Van Camp Jan [jan.vanc...@health.fgov.be] Sent: Tuesday, 10 March 2009 12:39 AM To: samba@lists.samba.org Subject: [Samba] FW: winbind From: Van Camp Jan Sent: Monday, March 09, 2009 2:24 PM To: 'samba-techni...@lists.samba.org' Subject: winbind Hello , I am trying to install samba (I'm a novice to samba). I think I followed all installation steps but the problem Is when I want to map a share on my windows client it always prompts me for a password. For as much as I know it is the winbind that isn't working correctly or the share that isn't configured correctly. Does somebody know of this general issue and can they help me with this please ? Thank you in advance, Greetings, Jan Belgium Disclaimer : https://portal.health.fgov.be/portal/page?_pageid=56,8674425&_dad=portal&_schema=PORTAL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba ** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] pam_winbind get attributes?
Hello, I am attempting to map the "home directory" of users as they login using pam_winbind by getting the attribute from Active Directory. It appears that in pam_winbind.c _pam_set_data_string(pamh, ctrl, PAM_WINBIND_HOMEDIR, response->data.auth.info3.home_dir); Does not actually contain the homedir, it contains nothing. Is this because I'm using it on a MS AD domain rather then LDAP? If I do (using ldap-utils): ldapsearch -h server -D "CN=My User,OU=something,DC=domain,DC=com" -b "DC=domain,DC=com" -x -W homeDirectory I retrieve the active directory home drives. However I'm wishing to implement mounting either in pam_winbind or pam_mount. This ldapsearch part requires me to use -D bindDN and -W I did read about anonymous logins, but is there a way to query this information within pam_winbind or other suggestions? Thanks, James Mitchell ** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] VMmware Converter Split into 2GB files - Samba Share
I have an Ubuntu 8.04.2 Linux Server setup with Samba installed with Ubuntu Version 3.0.28a-1ubuntu4.4 I have setup a samba share for a Windows 2000 Server to perform a P2V (Physical to Virtual) conversion of it to the Samba Share. When going through the conversion process using Vmware converter on the Windows 2000 machine I point the destination to the samba share but it does not allow me to unselect the option to "split into 2GB files". I want to use a single large file for the VM. The file system on the Linux server where the samba share is located is XFS. Is this something to do with Samba perhaps appearing as a file system with a file size limit of 2GB? If so how do I resolve it? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] PDB files and "Delayed Write Failed"
Hello Samba Community, I have what is probably a very unique problem. Allow me to explain: Background: We build software for Windows, among other things. Most of our developers are not on Windows, but they need to do Windows builds. To facilitate this, we've set up a complex build system where calling "make" automatically connects (rsh/ssh) to a cmd shell on the Windows build server, translates our Makefile into something more suitable for Windows, and executes the build. The source code is not on the build server's local disks, but is instead sitting on a file server which the build server accesses through Samba. This leads to the problem. The Problem(s): We're seeing mysterious and unpredictable problems in this environment. Looking through the Event Viewer, we've seen 2658 "Delayed Write Failed" messages since October. Only 19 of them did not relate to ".pdb" files. The Samba logs don't indicate a problem. We're getting messages from the compiler that it can't find header files which definitely exist and are definitely in the include path. We're also getting the occasional "gmake: *** Makefile: Permission denied. Stop." message. Simply starting the "make" again without changing any permissions allows the build to continue. Build Server: * Windows Server 2003 SP2 * 4x 3 GHz Xeon (5160) * 4 GB RAM * 2x 10k RPM SAS drives, hardware RAID 1 File Server: * CentOS 5.2 * 8x 3 GHz Xeon (5450) * 4 GB RAM * 14x 15k RPM SAS drives, hardware RAID 6 * Samba 3.0.25b-1.el5_1.4 * Authenticates against Windows domain controller(s) What I've tried already (not necessarily in this order): * Rebooted the Build Server. * Swapped OSs on the Build Server. We started with NT, then moved to XP and are now on Server 2003. * Swapped Ethernet cable on the Build Server. * Swapped Ethernet switch port for the Build Server. * Swapped Ethernet switch for the Build Server. * Swapped Ethernet NIC on the Build Server. * Swapped the Build Server hardware itself. * Switched from explicitly mapping drives at the start of each remote cmd session to using UNC paths. * Swapped OSs on the File Server. We started with Red Hat Linux 8 for i386 and have moved up through several iterations to Centos 5.2 for x86_64. * Swapped Ethernet cable on the File Server. * Swapped Ethernet switch port for the File Server. * Swapped Ethernet switch for the File Server. * Swapped Ethernet NIC on the File Server. * Swapped the File Server hardware itself. * Upgraded to the latest version of Samba available from the CentOS team. This broke domain authentication for us, so we rolled back to 3.0.25. * Added a backup domain controller. (NT4 domain environment still. Yes, I know, I'm working on it) * Changed the Samba socket options from "TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192" to "TCP_NODELAY IPTOS_LOWDELAY". * Set "large readwrite = no" * Set "write raw = no" * Explicitly turned on oplocks and level2 oplocks, though I believe they are on by default. * "dos filetimes = yes" * "fake directory create times = yes" * "dos filetime resolution = yes" * "allocation roundup size = 0" Thusfar, any time we've managed to improve performance back to the expected level, it has been unclear what did the trick... and it didn't last. If anyone has any thoughts on other things I can try, I would certainly appreciate it. If there's any further information that would help in making an assessment, I'd be happy to post what I can. Thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can't log in as same user on different domain
Hello, Moved user accounts from one domain to another and now can't log in to workstations with the same user name that was used in the previous domain. If we log in as a user who has never logged in to the workstation, that user can log in under the new domain. Is there some user info cached in winbind that prevents the identical user name from logging in under a different domain? Any way to fix this? Many thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] when will samba4 become stable
I'm betting the answer will be something like: The rate at which samba4 approaches stability is tied to the number of people using it and filing bugs so get out there and use it ;-) On Wed, Feb 25, 2009 at 08:20:37AM -0500, Ying Hu wrote: > I checked most samba 4 related posts and couldn't fine the answer. Is there > any targeted date for samba4 to become stable? > thanks, > Ying > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- James R. Leu j...@mindspring.com pgpbbq9XkwP9m.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4: programmatic account creation via LDAP (unicodePwd)
Hello,
I've started working with samba4-alpha6. I've been successful
in setting up an AD with an openldap backend. I'm now
shifting my focus to how I would go about migrating to
a samba4 setup from a microsoft AD implementation.
To that end I've written a perl script that uses Net::LDAP
to create users in the samba4 LDAP backend. I can create
the user in such a way that samba4 is happy with it, but
I'm unable to set an initial password for the user.
I've tried using a template user that has a known password
and then duplicating that users nTSecurityDescriptor, but that
doesn't seem to work. I've tried creating a unicodePwd entry
with the following code:
my $charmap = Unicode::Map8->new('latin1') or die $!;
my $unipwd = $charmap->tou(qq{"$passwd"})->byteswap()->utf16();
But that doesn't seem to work either.
I was wondering if anyone working with samba4 could recommend
a way to create users programmatically. If a mechanism does not
exist, perhaps someone could point me in the right direction to
add the necessary hooks to samab4 to allow it.
--
James R. Leu
j...@mindspring.com
pgpfgBBwyDVua.pgp
Description: PGP signature
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade Samba from 3.2.0 to 3.2.8
Hello list, I am running some Samba ADS member servers on Fedora 9 and samba version 3.2.0. I would like to upgrade them to 3.2.8. I upgraded the first one and was no longer able to authenticate to shares using ADS credentials. I removed all my tdb files, deleted the computer account and rejoined the domain and now I am able to access shares again using ADS authentication. Is there a procedure that will allow me to upgrade without a hitch? I used yum upgrade samba by the way. Thank you James CONFIDENTIALITY This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof. ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Time capsule and "bad smb"
2009/2/18 Pietro Battiston : > Il giorno lun, 16/02/2009 alle 21.42 -0800, James Peach ha scritto: > >> Pietro should to <http://developer.apple.com/bugreporter/> and log a >> bug against the TIme Capsule. It would be best to attach a packet >> trace to the bug. Follow the instructions here: >> >> <http://wiki.samba.org/index.php/Capture_Packets> > > To report a bug I had to give my home address among a lot of other > personal data. Apple will certainly send me home a flowers bouquet to > thank for my contribution. So nice. > > Anyway, done, Bug ID # 6598363. Cool! > > Thank you everyone for the help. Looks like the Time Capsule is sending an incorrect word count field in the logoff response. Thanks for taking the time to send a trace. -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba+acl problem on OSX
2009/2/17 Eero Volotinen : > I have problem using samba+acl (ext3+acl) on OSX client. > > Access rights works fine on Linux and Windows series, but OSX Leopard says > access denied to every directory that is using acl. > > Is OSX cifs client too stripped that it cannot use acl or is this OSX bug? > Is there any solution on OSX that can access samba+acl directories? The Mac OS X client looks at the posix mode bits to preflight access checks. you can disable this on the server side by setting "unix extensions = no" -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Time capsule and "bad smb"
2009/2/16 Jeremy Allison : > On Mon, Feb 16, 2009 at 09:42:48PM -0800, James Peach wrote: >> >> Volker's suggestion is the best. >> >> Pietro should to <http://developer.apple.com/bugreporter/> and log a >> bug against the TIme Capsule. It would be best to attach a packet >> trace to the bug. Follow the instructions here: >> >> <http://wiki.samba.org/index.php/Capture_Packets> > > Boo, hiss, cop-out :-). > >> I'll try and dig up a time capsule to bring to Connectathon next week >> if any of the Linux smbfs folks would like to test against it ... > > Sure, I'll be there and I'd love to take a look at it. > Will there be any Time Capsule engineers there though > if we do find bugs ? No, but if you do the testing, I'll write up the bugs for you -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Time capsule and "bad smb"
2009/2/16 Jeremy Allison : > On Mon, Feb 16, 2009 at 05:01:53PM +0100, Pietro Battiston wrote: >> Some update to the mail below: if I understand correctly, there are two >> different problems showing up: >> 1) mount.cifs and the Time Capsule (I have no idea on which front the >> problem is) don't seem to be able to handshake correctly if the share >> name contains whitespaces. I didn't notice at first glance, but then found >> some "no such share" errors in dmesg - not reported as output of the >> command. Then I tried to change the share name (on the Time Capsule, >> obviously) to a single word and reconnect, and it worked (almost, keep >> reading). >> 2) on some particular smb commands - please bear with me if what I say >> is somewhat imprecise - the Time Capsule sends back packets badly >> formatted (or that mount.cifs thinks are badly formatted). This happens, >> in particular: >> - for some packets that report an error, such as the "no such share" >> - for some packets during the unmount >> >> This is the reason why - as far as I can conjecture - though the >> handshaking failed because the name of the share could not be resolved, >> I didn't get a message about that: in the communication where the Time >> Capsule said "hey, I don't have that share!", some packet was reported >> as incorrect and dropped. >> >> Notice that now it does mount immediately, but when I unmount it takes >> almost a minute, and in dmesg I get: >> >> [341279.777815] Bad SMB: : dump of 48 bytes of data at 0xcc482e00 >> [341279.777836] 0027 424d53ff 0074 00018800 ' . . . � S M B >> t . . . . . . . >> [341279.777855] >> 2118 . . . . . . . . . . . . . . . ! >> [341279.777873] 0096 ff03 0f00 6401a8c0 . . . . . >> � . . . . . . � � . d >> >> Googling, I found a very similar problem: >> https://bugzilla.redhat.com/show_bug.cgi?id=191112 >> , in which case it was said to the reporter "the server is buggy, go >> tell to the producer". Now, before trying, probably in vain, to talk >> with some Apple guy, I'd like to know the opinion of someone slightly >> more expert than me (I have used smb/cifs 5-6 times in all my life), >> also because my "conjecture" doesn't explain everything... in >> particular it's a mistery for me the fact that one of the two sites I >> linked in the former email claimed to have mounted successfully a Time >> Capsule with a share name containing whitespaces. I'll try to contact >> the writer of that page (notice that before trying changing the share name, >> I had >> tried changing the Time Capsule firmware, installing all the 3 available >> versions with no luck, so the difference isn't there). >> >> In the meanwhile, any hint? I anyone connecting to a Time Capsule without >> problems? > > We have an Apple Samba Team member, James Peach. James, any ideas > on what is going wrong here ? Volker's suggestion is the best. Pietro should to <http://developer.apple.com/bugreporter/> and log a bug against the TIme Capsule. It would be best to attach a packet trace to the bug. Follow the instructions here: <http://wiki.samba.org/index.php/Capture_Packets> I'll try and dig up a time capsule to bring to Connectathon next week if any of the Linux smbfs folks would like to test against it ... -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] passwd program error causes misleading windows error message
I have samba setup to use an external password change command using: [global] ... unix password sync = Yes ldap password sync = No passwd program = /path/to/smbldap-passwd -u %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n I use the Idealx smbldap-passwd command to update my LDAP database and everything works fine. I decided to modify the smbldap-passwd script to check for bad passwords. I used CPAN's Data::Password module to do this. However I have one issue with this, if the user enters a bad password I have the script return an exit code of 10 (because that's what the Idealx script does in other places to indicate an error) but when the end user changes their windows password with CTRL-ALT-DELETE -> Change Password it works fine if the password validates okay, but if it fails validation windows returns with a very misleading "you do not have permission to change your password". I did some experimentation to see if changing the exit code in the smbldap-passwd script had any effect, but it doesn't seem to. Is there some way to get windows to return a more reasonable error message when this script fails? Or does someone else have a better way of accomplishing this same goal? -- James Holmes RTDS Technologies Inc. (204) 989-9706 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Use both ADS authentication and smbpasswd for local accounts.
Hello List, I have ADS authentication going for access to my shares. I have local accounts for production equipment that need to map these shares as well. The accounts exist in the Unix backend and I added them to smbpasswd with "smbpasswd -a" But when trying to access a share I get an error below. What parameters can I set to allow both ADS authentication for domain users and smbpasswd for local accounts. I can paste my smb.conf if necessary. Thanks James [2009/02/10 11:02:46, 0] auth/auth_domain.c:domain_client_validate(259) domain_client_validate: unable to validate password for user test2 in domain Sambasvr to Domain controller org5dc.coffee.com Error was NT_STATUS_NO_SUCH_USER. CONFIDENTIALITY This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof. ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
