[Samba] Samba + NIS + ADS

[Crombach, Leo B]

Samba Admins:

This is my second post on this matter so my apologies for redundant
requests for help.  My first request yielded only one response which did
not solve my current problem.

Background:

We have been using Samba on Linux (Redhat) for several years to access
shares on Sun servers.  The Sun environment uses NIS/NFS for user
accounts and sharing (mounting) remote file systems.  Accessing the Sun
shares was transparent for the users.  They were able to map the drives
using the standard \\server\share syntax and Samba would mount based on
the appropriate permissions.  The Samba server was a domain member
server.  I used a map file to map UNIX usernames to Windows usernames if
they were not the same.  I was not running winbind.  I believe the
Windows environment was Windows 2003 in mixed mode (I'm not a Windows
Domain Admin).

So, in short, the user would map to the Samba server, which, in turn,
would NFS mount the requested share providing the user credentials and
permissions were correct.

The configuration was Redhat 9 running Samba 3.0.1-2.

Now, we are moving to a Windows 2008 Active Directory backend.  Doing so
disabled Samba's ability to authenticate the users in Active Directory.
To get back to operation, I set up an OpenSuse 11.4 box running Samba
3.5.7-1.17 so it can talk to AD.  However, we are running with mixed
success.  Users are able to connect to shares but have to enter
username/password (some can't connect at all).  I need Samba to work as
before so connecting to shares is transparent.  Also, we are running in
Windows 2003 AD native mode.  Going forward, I will need Samba to run in
Windows 2008 AD mode.

I have tried many configurations and have done much reading on the
options in smb.conf, use or not use winbind, reviewed the Samba By
Example documentation on the Samba website, etc.

The OpenSuse box is running in AD as a member server no problem.  The
issue is authentication with, or between, NIS and Active Directory.  I
hoping someone who has a similar environment can provide assistance (Sun
NIS/NFS, Samba 3, Windows 2003/2008 AD).

My old smb.conf look something like this:

# Global parameters
[global]
workgroup = MYWORKGROUP
netbios name = SAMBASERVER
server string = SAMBASERVER
security = DOMAIN
encrypt passwords = Yes
obey pam restrictions = Yes
password server = *
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
username map = /packages/smbmap/smbnames
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
wins server = IP ADDRESS
printing = cups

My current smb.conf looks like this:

[global]
workgroup = MYWORKGROUP
realm = MYWORKGROUP.COMPANY.COM
server string = SAMBASERVER
security = ADS
map to guest = Bad User
null passwords = Yes
obey pam restrictions = Yes
passdb backend = smbpasswd
username map = /packages/smbmap/smbnames
unix password sync = Yes
client NTLMv2 auth = Yes
log level = 3
log file = /var/log/samba/%m.log
max log size = 0
printcap name = cups
domain master = No
wins server = IP ADDRESS
idmap uid = 1-2
idmap gid = 1-2
winbind refresh tickets = Yes
cups options = raw

I'm running Winbind now, wasn't before.  So I'm also using the smbpasswd
file to map users.  Wasn't using this before either.

Thanks
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba with NIS and AD 2008

[Crombach, Leo B]

List Guru's,

I've been using Samba successfully for several years in a mixed
environment with Sun workstations and servers, Windows servers and PCs,
and Linux.  The Sun systems all communicate and share user information
via NIS.  I use NFS to mount home directories and many other shares.  In
order to allow the PC clients to access the data on the Sun systems, I
set up a RedHat 9 box with Samba.  The original version was 2.2.7.  I
upgraded this a year or two ago to 3.0.1-2.  This system was configured
as a member server in an NT domain with Active Directory.  I had it
working so that Samba authenticated against the NT domain to allow
access to the Samba shares.  The Linux box was basically a gateway or
bridge between the PC world and the UNIX world.  When connecting to a
Samba share, the system would correctly NFS mount the requested resource
and map it back to the PC.  All was good for several years.

Now, we are upgrading the Windows backend to Windows/Active Directory
2008.  When our IT group promoted the new domain controllers and demoted
the old ones, Samba broke.  Couldn't join the domain and could not share
resources.  We even reversed the Windows environment but still couldn't
get back to the previous state.

I'm now running OpenSuse 11.4 with Samba 3.5.7.  I have successfully
joined the domain and can enable shares.  The only problem now is
authentication.  I have to create users in smbpasswd in order to connect
to any shares.  Didn't have to do this before.  And users get prompted
for username and password.  Didn't have to do this before either.

I would like mapping drives to be transparent just as they are with a
Windows server.

Here is the Global portion of my current smb.conf file:

[global]
workgroup = NA
realm = NA.MYCOMPANY.COM
server string = forge
security = ADS
map to guest = Bad User
passdb backend = smbpasswd
username map = /packages/smbmap/smbnames
unix password sync = Yes
client NTLMv2 auth = Yes
log level = 3
log file = /var/log/samba/%m.log
max log size = 0
printcap name = cups
domain master = No
wins server = 10.180.32.4
idmap uid = 1-2
idmap gid = 1-2
winbind trusted domains only = Yes
winbind refresh tickets = Yes
cups options = raw

How can I get Samba to authenticate with AD (2008) and NIS seamlessly?

Thanks
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba4, GPO and SYSVOL permissions errors

[Leo Lutz]

I'm getting an interesting problem. I can create/rename/delete/edit policies,
but I can't change the security filtering or delegation settings.

When I first open any policy, I get the following:

The permissions for this GPO in the SYSVOL folder are inconsistent with those
in Active Directory. It is recommended that these permissions be consistent.
To change the SYSVOL permissions to those in Active Directory, click OK.

So I click OK and I get Access is denied.

The error I get in samba.log follows:

[Wed Jan  5 18:34:18 2011 PWT, 0
../ntvfs/posix/pvfs_acl.c:567:pvfs_access_check_unix()]
../ntvfs/posix/pvfs_acl.c:567 denied access to 
'/var/lib/samba/sysvol/pcd.example.com/Policies/
{3D1F2B0A-B0F7-44C1-BA1A-2C5D03DFC0ED}' - 
wanted 0x0006 but got 0xfef3 (missing 0x0004)

How do I fix this?

cheers!
Leo

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] mixing idmap_ldap with smbldap-useradd

[Alexander 'Leo' Bergolth]

Hi!

Regarding userid-allocation: Can ldap idmap alloc and smbldap-useradd
from the smbldap-tools be safely used together?

The winbind idmap backend seems to use the uidNumber of
ou=idmap,dc=example,dc=com as storage for the next available user-ID.

smbldap uses sambaDomainName=EXAMPLE,dc=example,dc=com as default but
this can be configured.

Is it safe to configure ou=idmap,dc=example,dc=com in smbldap in order
to let both winbind and smbldap allocate new userids from the same pool?

Cheers,
--leo
-- 
e-mail   ::: Leo.Bergolth (at) wu-wien.ac.at
fax  ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] idmap_nss needed together with idmap_ldap?

[Alexander 'Leo' Bergolth]

Hi!

In my samba controlled domain, most users are stored in an LDAP
directory. The Unix boxes use nss_ldap but they also have a few local
users (mostly system-users) whose user-ids are not synchronized.

I've read the documentation about idmap_nss but I'm still not sure if
this is needed for my setup.
Will using idmap_nss in addition to idmap_ldap result in any benefit
(e.g. when mapping local, non-ldap unix users)?

I am thinking of a setup like:
 8 
idmap domains = NSS TRUSTEDDOMAINS

# is this needed?
idmap config NSS:backend  = nss
idmap config NSS:readonly = yes
# /is this needed?

idmap config TRUSTEDDOMAINS:default  = yes
idmap config TRUSTEDDOMAINS:backend  = ldap
idmap config TRUSTEDDOMAINS:readonly = no
idmap config TRUSTEDDOMAINS:ldap_url = ldap://127.0.0.1
idmap config TRUSTEDDOMAINS:range= 16777216-33554431

idmap alloc backend  = ldap
idmap alloc config:ldap_url  = ldap://127.0.0.1
idmap alloc config:range = 16777216-33554431
 8 

Thanks,
--leo
-- 
e-mail   ::: Leo.Bergolth (at) wu-wien.ac.at
fax  ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] performance problem with 3.2.8: unbuffered reads for some users

[Alexander 'Leo' Bergolth]

Hi!

I'm experiencing strange performance problems after upgrading to samba
3.2.8 from 3.0.30.

For all users except smbadmin (who has administrative rights), read
performance is _very_ bad. Looking at the read-requests using filemon
and wireshark, I found out that for those users, every read is handled
transparently (unbuffered) over the net. (I.e. a 2 byte read-request of
the application leads to a 2 byte Read And X Request over the net.)

If the user is smbadmin, reads are block buffered. (A 2 byte
read-request of the same application as above leads to a 4096 byte Read
And X Request over the net.)

Clients are WinXP SP3.
For details, see my test below..

When are those buffering parameters negotiated? Do you have any idea why
the behavior depends on the connected user?
Any hints how I could further track down this problem?

Cheers,
--leo

The test was done using 2 byte reads on the windows box:
perl -le 'sysopen(F, R:/firefox/LICENSE, O_RDONLY);
  do { $n= sysread(F, $buf, 2) } while ($n)'

The result can be found here:
smbadmin (buffered reads):
http://leo.kloburg.at/tmp/samba/smbadmin-tshark.txt

abergolth (unbuffered reads, same box):
http://leo.kloburg.at/tmp/samba/abergolth-tshark.txt

smb.conf
http://leo.kloburg.at/tmp/samba/smb.conf

-- 
e-mail   ::: Leo.Bergolth (at) wu-wien.ac.at
fax  ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] performance problem with 3.2.8: unbuffered reads for some users

[Alexander 'Leo' Bergolth]

On 03/04/2009 02:16 PM, Volker Lendecke wrote:
 On Wed, Mar 04, 2009 at 01:56:26PM +0100, Alexander 'Leo' Bergolth wrote:
 I'm experiencing strange performance problems after upgrading to samba
 3.2.8 from 3.0.30.

 For all users except smbadmin (who has administrative rights), read
 performance is _very_ bad. Looking at the read-requests using filemon
 and wireshark, I found out that for those users, every read is handled
 transparently (unbuffered) over the net. (I.e. a 2 byte read-request of
 the application leads to a 2 byte Read And X Request over the net.)

 If the user is smbadmin, reads are block buffered. (A 2 byte
 read-request of the same application as above leads to a 4096 byte Read
 And X Request over the net.)

 Clients are WinXP SP3.
 For details, see my test below..
 
 Unfortunately, the log files do not show enough information
 about what is happening. Simple tshark output is not
 sufficient, see
 http://wiki.samba.org/index.php/Capture_Packets for more
 information on creating useful sniffs.

OK, here are more details:
http://leo.kloburg.at/tmp/samba/abergolth-unbuffered.pcap
http://leo.kloburg.at/tmp/samba/smbadmin-buffered.pcap

Both files are produced with
perl -le sysopen(F, \R:/firefox/LICENSE\, O_RDONLY); do { $n=
sysread(F, $buf, 2) } while ($n)

Unfortunately I cannot put the server in debug 10 mode now because there
are some clients connected...

 When are those buffering parameters negotiated? Do you have any idea why
 the behavior depends on the connected user?
 
 If it really depends on the connected user, then we need a
 debug level 10 log of smbd doing it. I would however suspect
 that this depends on the fact if a file is shared between
 two users or two applications on the same client box or not.

My test case was just reading the firefox LICENSE file, which isn't in
use by any other user. I can reproduce this behavior with arbitrary
other files.

Cheers,
--leo
-- 
e-mail   ::: Leo.Bergolth (at) wu-wien.ac.at
fax  ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] performance problem with 3.2.8: unbuffered reads for some users

[Alexander 'Leo' Bergolth]

On 03/04/2009 03:10 PM, Volker Lendecke wrote:
 On Wed, Mar 04, 2009 at 02:50:59PM +0100, Alexander 'Leo' Bergolth wrote:
 My test case was just reading the firefox LICENSE file, which isn't in
 use by any other user. I can reproduce this behavior with arbitrary
 other files.
 
 Ah, sorry, missed that part. Please send your smb.conf file
 and a debug level 10 log of the whole unbuffered session.

When does the session start?
Is it sufficient to first establish the connection and then put the
corresponding smbd process in debug level 10?

The client does a domain logon so capturing the whole login process will
be quite huge...

 P.S: You don't happen to have oplocks = no on some share
 definition?

No.

Cheers,
--leo
-- 
e-mail   ::: Leo.Bergolth (at) wu-wien.ac.at
fax  ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] performance problem with 3.2.8: unbuffered reads for some users

[Alexander 'Leo' Bergolth]

On 03/04/2009 03:10 PM, Volker Lendecke wrote:
 On Wed, Mar 04, 2009 at 02:50:59PM +0100, Alexander 'Leo' Bergolth wrote:
 My test case was just reading the firefox LICENSE file, which isn't in
 use by any other user. I can reproduce this behavior with arbitrary
 other files.
 
 Ah, sorry, missed that part. Please send your smb.conf file
 and a debug level 10 log of the whole unbuffered session.

Here's the log for the unbuffered session:
  http://leo.kloburg.at/tmp/samba/log.gf2.gz

Cheers,
--leo
-- 
e-mail   ::: Leo.Bergolth (at) wu-wien.ac.at
fax  ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] performance problem with 3.2.8: unbuffered reads for some users

[Alexander 'Leo' Bergolth]

On 03/04/2009 04:16 PM, Volker Lendecke wrote:
 On Wed, Mar 04, 2009 at 03:58:20PM +0100, Alexander 'Leo' Bergolth wrote:
 Here's the log for the unbuffered session:
   http://leo.kloburg.at/tmp/samba/log.gf2.gz
 
 That's the key:
 
 [2009/03/04 15:51:48,  3] smbd/oplock_linux.c:linux_set_kernel_oplock(138)
   linux_set_kernel_oplock: Refused oplock on file Firefox/LICENSE, fd = 28, 
 file_id = fd03:157b181.  (Permission denied)
 
 Do you have something like SELinux or so? Or do you share
 the files via NFS and some NFS client has the files open?

Hmm. Thanks for tracking this down.
Please help me uderstand why this fails...

Are there any corresponding recent samba or kernel changes?
It fails on Fedora 10 with kernel-PAE-2.6.27.15-170.2.24.fc10.i686 and
samba-3.2.8-0.26.fc10.i386 while it did work with kernel 2.6.22.9
samba-3.0.30.

SELinux is disabled, NFS is not in use.

# selinuxenabled  echo yes || echo no
no
# /etc/init.d/nfs status
rpc.mountd is stopped
nfsd is stopped
rpc.rquotad is stopped

According to the source (oplock_linux.c), linux_setlease() does a
F_SETLEASE fcntl call. If that fails, it calls
set_effective_capability(LEASE_CAPABILITY) and tries the same call again.

The strace output of the corresponding part is:

19115 open(Firefox/LICENSE, O_RDONLY|O_LARGEFILE) = 28
19115 fcntl64(28, F_SETSIG, 0x23)   = 0
19115 fcntl64(28, 0x400 /* F_??? */, 0x1) = -1 EACCES (Permission denied)
19115 fcntl64(28, 0x400 /* F_??? */, 0x1) = -1 EACCES (Permission denied)
19115 fcntl64(12, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET,
start=22032, len=1}, 0xbfedbce4) = 0

According to the fcntl man-page, only privileged processes or processes
with the CAP_LEASE capability may do F_SETLEASE:

 8 
Leases may only be taken out on regular files. An unprivileged process
may only take out a lease on a file whose UID (owner) matches the file
system UID of the process. A process with the CAP_LEASE
capability may take out leases on arbitrary files.
 8 

The file isn't owned by the user that accesses it, so I guess the
CAP_LEASE capability should be necessary. But shouldn't strace show a
call to capset(2) between those two F_SETLEASE fcntl calls (0x400)?

Cheers,
--leo
-- 
e-mail   ::: Leo.Bergolth (at) wu-wien.ac.at
fax  ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] performance problem with 3.2.8: unbuffered reads for some users

[Alexander 'Leo' Bergolth]

On 03/04/2009 06:35 PM, Volker Lendecke wrote:
 On Wed, Mar 04, 2009 at 06:21:27PM +0100, Alexander 'Leo' Bergolth wrote:
 The file isn't owned by the user that accesses it, so I guess the
 CAP_LEASE capability should be necessary. But shouldn't strace show a
 call to capset(2) between those two F_SETLEASE fcntl calls (0x400)?
 
 There is code to acquire CAP_LEASE, but this only is enabled
 if at compile HAVE_POSIX_CAPABILITIES is found. You might
 want to look at your config.log why this is not detected.

Got it!
Fedora's RPM spec file is missing a dependency on libcap-devel:
http://kojipkgs.fedoraproject.org/packages/samba/3.2.8/0.26.fc10/data/logs/i386/build.log

The previously used package was rebuilt by myself with libcap-devel so
it did (accidentally) include capabilities support!

I've filed a bugreport at redhats bugzilla since this seems to
dramatically affect performance.

Many thanks for your help!

Cheers,
--leo

P.S.: After having rebuilt the samba package with capabilities,
everything works at normal speed again!

-- 
e-mail   ::: Leo.Bergolth (at) wu-wien.ac.at
fax  ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Manually expire duplicate netbios name

[Alexander 'Leo' Bergolth]

Hi!

Yesterday, after migrating to a new server, I accidentally started an
identically configured smbd and nmbd on the old machine.

Since then, there are two netbios entries, even though the first host
(192.168.60.5) is down since yesterday:

# nmblookup -U localhost -R 'SAMBA'
querying SAMBA on 127.0.0.1
192.168.60.5 SAMBA00
192.168.60.3 SAMBA00

I've already tried to remove NBT/SAMBA#20\0 from
/var/lib/samba/gencache.tdb using tdbtool. Besides, I deleted suspicious
entried from wins.dat. (Both with or without nmbd running.)
Unfortunately I don't know how to remove them from wins.tdb.

When restarting nmbd, it complains that there is already a domain master
browser, but it queries it's own wins-server (192.168.60.3). (See below.)

Any hints on how I can manually delete the wrong ip address from the
netbios-cache / wins server?

Thanks,
--leo

Mar  1 18:58:08 samba nmbd[23487]: [2009/03/01 18:58:08,  0]
nmbd/asyncdns.c:start_async_dns(155)
Mar  1 18:58:08 samba nmbd[23487]:   started asyncdns process 23488
Mar  1 18:58:08 samba nmbd[23487]: [2009/03/01 18:58:08,  0]
nmbd/nmbd_logonnames.c:add_logon_names(160)
Mar  1 18:58:08 samba nmbd[23487]:   add_domain_logon_names:
Mar  1 18:58:08 samba nmbd[23487]:   Attempting to become logon server
for workgroup RK_KLBG on subnet 192.168.60.3
Mar  1 18:58:08 samba nmbd[23487]: [2009/03/01 18:58:08,  0]
nmbd/nmbd_logonnames.c:add_logon_names(160)
Mar  1 18:58:08 samba nmbd[23487]:   add_domain_logon_names:
Mar  1 18:58:08 samba nmbd[23487]:   Attempting to become logon server
for workgroup RK_KLBG on subnet UNICAST_SUBNET
Mar  1 18:58:08 samba nmbd[23487]: [2009/03/01 18:58:08,  0]
nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(336)
Mar  1 18:58:08 samba nmbd[23487]:   become_domain_master_browser_wins:
Mar  1 18:58:08 samba nmbd[23487]:   Attempting to become domain master
browser on workgroup RK_KLBG, subnet UNICAST_SUBNET.
Mar  1 18:58:08 samba nmbd[23487]: [2009/03/01 18:58:08,  0]
nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(350)
Mar  1 18:58:08 samba nmbd[23487]:   become_domain_master_browser_wins:
querying WINS server from IP 192.168.60.3 for domain master browser name
RK_KLBG1b on workgroup RK_KLBG
Mar  1 18:58:08 samba nmbd[23487]: [2009/03/01 18:58:08,  0]
nmbd/nmbd_become_dmb.c:become_domain_master_query_success(234)
Mar  1 18:58:08 samba nmbd[23487]:   become_domain_master_query_success:
Mar  1 18:58:08 samba nmbd[23487]:   There is already a domain master
browser at IP 192.168.60.5 for workgroup RK_KLBG registered on subnet
UNICAST_SUBNET.
Mar  1 18:58:08 samba nmbd[23487]: [2009/03/01 18:58:08,  0]
nmbd/nmbd_logonnames.c:become_logon_server_success(121)
Mar  1 18:58:08 samba nmbd[23487]:   become_logon_server_success: Samba
is now a logon server for workgroup RK_KLBG on subnet UNICAST_SUBNET
Mar  1 18:58:12 samba nmbd[23487]: [2009/03/01 18:58:12,  0]
nmbd/nmbd_logonnames.c:become_logon_server_success(121)
Mar  1 18:58:12 samba nmbd[23487]:   become_logon_server_success: Samba
is now a logon server for workgroup RK_KLBG on subnet 192.168.60.3

-- 
e-mail   ::: Leo.Bergolth (at) wu-wien.ac.at
fax  ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] net user info result depends on protocol and is not syncing with ldap

[Leo von Klenze]

Hello,

I have a samba pdc running with openldap as backend. I have ou's for
user and groups and used smbldap-populate to create the ldap entries. I
can add windows clients and authenticate but i have a problem with the
net tool (lvk is an samba user too):

net -U Administrator rpc user info lvk

will return

Domain Users





When running

net -U Administrator rap user info lvk

I get

lvk
svn-users

Why does only the rap protocol return the ldap groups?
The biggest problem is, that if I change the membership of a user using
phpldapadmin the result of the net tool doesn't display the change for a
long time. Restarting the samba service does not help. I don't know when
the cache (if present) of net is updated. In the log I see that samba is
contacting the ldap server.


I'm using
samba 3.0.24
openldap 2.3.30
Debian Etch (Kernel 2.6.18-5-686)

Thank you for any help,
bye Leo

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: Re[4]: [Samba] Samba fileserver limited to 50 MB/s on gbit

[Leo B.]

 

 -Original Message-
 From: [EMAIL PROTECTED] 
 
 On Tue, 21 Nov 2006 08:05:38 +0100
 Leo B. [EMAIL PROTECTED] wrote:
 
  
   -Original Message-
   From: John Drescher
   On 11/20/06, Nguyen Kim Huy [EMAIL PROTECTED] wrote:
   
   
It seems bottleneck of harddisk
   
That was my first reaction as it is difficult to sustain 50MB/s 
file
   system transfers (unless the files are large and a raid is
   used) but he said the file was cached and also if it was 
 waiting for 
   the disk it would have shown up as wa time in top.
  
  Exactly. I read the file several times on the server until 
 it was cached.
  Notice also that the local transferrate is like 500 MB/s then.
  
  Leo B.
 
 
 But your client computer does not use cache?.
 Your copy a file on samba server to client computer HDD,
   so it may still have posibility of harddisk bottle neck at 
 your client computer!
 

No, I wrote a client program which does the reading benchmark
without writing anything to the harddisk, it just reads the 
file from the server and shows the speed. No bottleneck there.
I also assured that the file is not cached on client side.

Leo B.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba fileserver limited to 50 MB/s on gbit

[Leo B.]

It seems like nobody is going to respond to the issue anymore.
Can somebody tell my how I can email this to the development team
directly?
Leo B.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] How to change permistion after mounting windows patition

[Leo James]

Hello everybody:
I beg your help. : )
The windows version is windows 2003, and I share a folder with full control 
permission. The folder name is asdf. And I use the command to mount below:

mount -t smbfs -o username=administrator,password=,fmask=777,dmask=777  
//windows/asdf /mnt/winnt

everything is Ok, and I can use any user to do what i want in the /mnt/winnt/ 
in Linux, such as adding files, deleteing files, move and copy, but I cann't 
change the files permission in the /mnt/winnt , even the root. I use the 
command below:

chmod -x files

And I get a such error message:

chmod: changing permissions of 'a' (requested: 0666, actual: 0777): operation 
not permitted

How can I change the permission after I mounted the filesystem?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbmount codepage / iocharset problem w/ W2k

[Leo]

Hi:
I have written to this list once before regarding the same problem.
(ref  smbmount problem on 03/28/2005)
Paul Gienger sugested asking the kernel boys as they maintain smbmount. 
Maybe my problem wasn't deserving of a reply from them, maybe I subscribed 
to the wrong list.  Can someone suggest a kernel list where I may get a 
useful reply?

smbclient's ftp like interface works correctly, however the debug output 
(--debug 10) isn't helping me determine what codepage/iocharset is being 
used.  Is there a way to determine what codepage and iocharset are being used?

My smb.conf contains
   dos charset = 850
   unix charset = ISO8859-1
   display charset = ISO8859-1
so can I assume it's cp850 the codepage being used by smbclient?
is iso8859-1 the charset being used by smbclient?
Lastly can someone send me google keyword(s) where I can read up on how the 
smb protocol uses codepages and iocharsets?  (just to clear up the issue for 
me?)  Is it safe to presume that the MS implementation of the SMB protocol 
if compatible (they like to invent stuff just to muck up standards as I hear)?

TIA
Leo
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbmount problem

[Leo]

Hello all:
I have an annoying problem with smbmount; My Win2k server has many 
folders and files named with accented characters (cp850 and/or cp860 or 
European w/0 euro or Portugese).
My mount command is:

mount -t smbfs -o username=leo,codepage=cp850 //servername/d$ /mnt/pt
to mount my d: drive at /mnt/pt
I am prompted for my password and the shared folder is mounted.  I can 
see all files and folders and navigate them except for that I noticed

Á appear as A
ã and õ appears as a and o
Most other accented chars like ç, á, é, í, ó, à, è, ì, ò all seem to 
appear correctly.

these files (when listed explicitly) return an error as though the file 
didn't exist (logical since the real names are different, accented).

I have tried specifying an iocharset (iso8859-1) smbmount parameter but 
nothing really changes.

My kernel nls support is ISO-8859-1 by default (the default if I 
remember correctly)
My dos charset (smb.conf) is 850
display and unix charsets are set to ISO8859-1

When I run smbclient -U leo //servername/d$
The ftp like command program displays all characters correctly.
Does anyone have any suggestions as to how to correctly display accented 
from a Win2k served folder mounted on a linux filesystem?  I have 
exhausted all possibilities I can think of.

Thanks in advance,
Leo
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba+obsd+subnets

[Leo R. Lundgren]

on net 0..

Does anyone have a fine idea of what I should do here? I'm as I said, a bit
lost. I'm not sure where to go from here, nor which tools to use. I supply
a few command outputs below in the hope that you find some of it useful,
who knows :)

Sorry for a messy mail, might have something to do with the time, it's way
past sleeping hours :7

Greatest regards, and great thanks for any help I get. I'd be happy to
supply whatever details are needed.

  Leo R. Lundgren


---
Temporary WinXP client on net 1 ping gamma

Sending signals to gamma [192.168.1.2] with 32 bytes of data:
Reply from 192.168.1.2: bytes=32 tid=2ms TTL=255

(Since I cannot nslookup gamma, the above should indeed utilize WINS)


---
Temporary WinXP client on net 1 nbtstat -a gamma

Node-IP-adress: [192.168.1.214] Scope-ID: []

   NetBIOS-nametable for remote computer

   Name  Type  Status
-
GAMMA  00  UNIQUE   Registered
GAMMA  03  UNIQUE   Registered
GAMMA  20  UNIQUE   Registered
..__MSBROWSE__.01  GROUPRegistered
THCCA  00  GROUPRegistered
THCCA  1D  UNIQUE   Registered
THCCA  1E  GROUPRegistered


---
GAMMA# smbclient -N -L gamma
added interface ip=192.168.1.2 bcast=192.168.1.255 nmask=255.255.255.0
Domain=[THCCA] OS=[Unix] Server=[Samba 2.2.9]

Sharename  Type  Comment
-    ---
Gemensam   Disk  Gemensamt lagringsutrymme
IPC$   IPC   IPC Service (THCCA GAMMA SMB-server)
ADMIN$ Disk  IPC Service (THCCA GAMMA SMB-server)

Server   Comment
----
GAMMATHCCA GAMMA SMB-server
ZAIR Temporary WinXP client on net 1

WorkgroupMaster
----
THCCAGAMMA


---
GAMMA# nmblookup __SAMBA__
querying __SAMBA__ on 192.168.1.255
name_query failed to find name __SAMBA__

GAMMA# nmblookup -M -
querying __MSBROWSE__ on 192.168.1.255
name_query failed to find name __MSBROWSE__#01

GAMMA# nmblookup -M '*' -- Read this somewhere..
querying * on 192.168.1.255
name_query failed to find name *#1d

GAMMA# nmblookup -U 192.168.1.2 '*'
querying * on 192.168.1.2
192.168.1.2 *00


---
GAMMA dmesg:

OpenBSD 3.5-stable (GAMMA) #0: Tue Jun 29 11:27:50 CEST 2004
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GAMMA
cpu0: Intel(R) Celeron(R) CPU 1.80GHz (GenuineIntel 686-class) 2.03 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM
real mem  = 535605248 (523052K)
avail mem = 490070016 (478584K)
using 4278 buffers containing 26882048 bytes (26252K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 04/22/03, BIOS32 rev. 0 @ 0xf0010
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev. 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev. 1.0 @ 0xf5410/256 (14 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x800
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82865G/PE/P CPU-I/0-1 rev 0x02
ppb0 at pci0 dev 1 function 0 Intel 82865G/PE/P CPU-AGP rev 0x02
pci1 at ppb0 bus 1
uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 5
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
Intel 82801EB/ER USB rev 0x02 at pci0 dev 29 function 7 not configured
ppb1 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xc2
pci2 at ppb1 bus 2
vga1 at pci2 dev 9 function 0 Matrox MGA 1064SG 220MHz rev 0x03
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
xl0 at pci2 dev 13 function 0 3Com 3c905C 100Base-TX rev 0x78: irq 10xl0: command 
never completed!
xl0: command never completed!
xl0: command never completed!
 address 00:04:75:fb:42:85
exphy0 at xl0 phy 24: 3Com internal media interface
xl0: command never completed!
xl0: command never completed!
xl0: command never completed!
pcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02
pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02: DMA, channel 0 
configured to compatibility, channel 1 confi
gured to compatibility
wd0 at pciide0 channel 0 drive 0: WDC WD400BB-00DEA0
wd0: 16-sector PIO, LBA, 38166MB, 78165360 sectors
atapiscsi0 at pciide0 channel 0 drive 1

Re: RE : Link problems with V2.2.8

[Leo Klein]

Thank you for your reply on Tuesday, but installing the CRTL patch (V4 
for Alpha VMS V7.2.1) hasn't solved my link problems, and the same two 
symbols are still undefined.

I've rebooted after installing the patch and its many and voluminous 
dependencies (CLIUTL, FIBRE_SCSI, LAN, MOUNT96, PCSI, SYS and UPDATE), 
yet have made no progress with Samba.

I'm not discouraged yet - Samba is too appealing an alternative to ftp - 
and would welcome any other suggestion.

COLLOT Jean-Yves wrote:
No, you can't ignore those link messages. Samba won't work.
Please download from HP and install the latest available CRTL patch kit for
your VMS version, and it should be OK to link and run Samba.
JY
-Message d'origine-
De : Leo Klein [mailto:[EMAIL PROTECTED] 
Envoyé : mardi 15 juin 2004 12:26
À : [EMAIL PROTECTED]
Objet : Link problems with V2.2.8

I'm having a problem linking version 2.2.8: there are many messages 
about two undefined symbols. I don't suppose I can ignore them and go 
ahead with the produced .exe files as though all is well.

I'm using two files downloaded yesterday from 
http://www.pi-net.dyndns.org/anonymous/jyc/ and dated 10-May-2004; they 
are samba-2_2_8-src.zip and samba-2_2_8-obj.zip. I don't have the Dec C 
compiler.

$ @link
Linking SMBD
%LINK-W-NUDFSYMS, 2 undefined symbols:
%LINK-I-UDFSYM, DECC$GXSNPRINTF
%LINK-I-UDFSYM, DECC$GXVSNPRINTF
%LINK-W-USEUNDEF, undefined symbol DECC$GXSNPRINTF referenced
 in psect $LINK$ offset %X06A0
 in module SERVER file DKB400:[SAMBA228.SOURCE.SMBD]SERVER.OBJ;2
%LINK-W-USEUNDEF, undefined symbol DECC$GXVSNPRINTF referenced
 in psect $LINK$ offset %X00A0
 in module DEBUG file DKB400:[SAMBA228.SOURCE.BIN]SAMBA.OLB;3
and so on.
There was a similar problem with a different PRINTF symbol in September 
2002, and Jean-Yves fixed it.

PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING:
http://www.catb.org/~esr/faqs/smart-questions.html
PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING:
http://www.catb.org/~esr/faqs/smart-questions.html

PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING:
http://www.catb.org/~esr/faqs/smart-questions.html

Status

[leo]

** Message from InterScan E-Mail VirusWall NT **

** WARNING! Attached file document.zip contains:

 WORM_MYDOOM.A virus in compressed file document.scr

   Attempted to clean the file but it is not cleanable.
   It has been deleted.
* End of message ***

[Samba] Re: Mail Delivery System

[leo]

This is an autoresponder. I'll never see your message.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] name resolution

[Leo Alzinger]

hi!

i have a problem with the name resolution:

the samba server is visible to all windows clients in the network
neighborhood. and i also can access to shares on the server without any
problems.

but if i do the following:
echo test | smbclient -M workstation01

the answer is:
added interface ip=192.168.0.1 bcast=192.168.0.255 nmask=255.255.255.0
Cannot resolve name workstation01#0x3

when i use the ip adress instead of workstation01

i get:
added interface ip=192.168.0.1 bcast=192.168.0.255 nmask=255.255.255.0
session request failed

i also have a bind9 dns server on my server running. when i try a dns lookup
via nslookup it works in both directions.

what i do wrong? i don't want to use the lmhosts or hosts file because i do
not want to update the files when there is somthing changing in the local
network.


leo




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] redhat and windows smb

[Leo Emesue]

Hi 
Guys:

How do I use pam to 
authenticate my (redhat and Suse) Linux users to windows 2000, Nt or samba 
server. Where do i find a "HowTo" for this. I want my users to login to their 
workstation with the same username and password they use on windows domain. 
Thanks.

Leo


Leo Emesue.vcf
Description: Binary data

possible memory leak

[Leo Qiu]

Hi,

I seem to find some possible memory leaks in Samba
code. The patch is attached, Could you guys have a
look to check whether it is correct?

Thanks a lot.


Leo

--- samba-2.2.7a/source/lib/util.c.old  Fri Jan 24
12:06:46 2003
+++ samba-2.2.7a/source/lib/util.c  Fri Jan 24 12:07:50
2003
@@ -1284,10 +1284,13 @@ routine to free a namearray.
 
 void free_namearray(name_compare_entry *name_array)
 {
+  int i;
   if(name_array == NULL)
 return;
 
-  SAFE_FREE(name_array-name);
+  for(i=0; name_array[i].name!=NULL; i++)
+SAFE_FREE(name_array[i].name);
+
   SAFE_FREE(name_array);
 }
 
--- samba-2.2.7a/source/smbd/posix_acls.c.old   Fri Jan
24 12:06:31 2003
+++ samba-2.2.7a/source/smbd/posix_acls.c   Fri Jan 24
12:11:49 2003
@@ -912,9 +912,10 @@ Deny entry after Allow entry.
Failing to
free_canon_ace_list(dir_ace);
return False;
}
-
+   SAFE_FREE(current_ace);
current_ace = dup_ace;
} else {
+   SAFE_FREE(current_ace);
current_ace = NULL;
}
}
@@ -949,6 +950,7 @@ Deny entry after Allow entry.
Failing to
print_canon_ace( current_ace, 0);
}
all_aces_are_inherit_only = False;
+   SAFE_FREE(current_ace);
current_ace = NULL;
}
 
@@ -1096,6 +1098,7 @@ static void process_deny_list(
canon_ace
/* Deny nothing entry - delete. */
 
DLIST_REMOVE(ace_list, curr_ace);
+   SAFE_FREE(curr_ace);
continue;
}
 
@@ -1141,6 +1144,7 @@ static void process_deny_list(
canon_ace
 */
 
DLIST_REMOVE(ace_list, curr_ace);
+   SAFE_FREE(curr_ace);
}
 
/* Pass 2 above - deal with deny user entries. */
@@ -2306,6 +2310,7 @@ BOOL set_nt_acl(files_struct
*fsp, uint3
if (conn-vfs_ops.sys_acl_delete_def_file(conn,
dos_to_unix_static(fsp-fsp_name)) == -1) {
DEBUG(3,(set_nt_acl:
conn-vfs_ops.sys_acl_delete_def_file failed (%s)\n,
strerror(errno)));
free_canon_ace_list(file_ace_list);
+   free_canon_ace_list(dir_ace_list);
return False;
}
}



__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

Access error

[Leo Tung]

Hi,

If I want to create a folder inside a public share directory. I got an
error ERRDOS - ERRnoaccess (Access denied.) making remote directory
\test. Do anyone help me out on this?

My best wishes to the list.

Leo Tung

[Samba] lp_servicenumber: couldn't find printers

[Leo C. Holmberg (330) 672-1577]

Hi:

I first installed samba (Version 2.0.7)  on an AIX 4.3 system about 3 years ago.

Yesterday the original system crashed, and I am now trying to get it going on
another AIX system. To the best of my knowledege smb.conf, along with all the
samba binaries have not changed, i.e. they are from the backup of the crashed
system.

On the new system, when the smbd and nmbd daemons are started, they die 
immedidately. I ran them with the following command

/usr/local/samba/bin/smbd -D -d 10 -l /var/smbd.log -s /usr/local/samba/lib/smb.conf

and when I look in the log file the last entries I see are...


[2002/11/27 11:16:02, 3] param/params.c:pm_process(552)
  params.c:pm_process() - Processing configuration file /usr/local/samba/lib/smb.conf
[2002/11/27 11:16:02, 3] param/loadparm.c:lp_load(2805)
  pm_process() returned Yes
[2002/11/27 11:16:02, 3] param/loadparm.c:lp_add_ipc(1594)
  adding IPC service
[2002/11/27 11:16:02, 7] param/loadparm.c:lp_servicenumber(2897)
  lp_servicenumber: couldn't find printers

I never had any printers defined in the smb.conf file, and don't have any 
printers on the system. I've tried putting 'load printers = no' in the
global section with no affect. Does anyone have any idea what I did wrong.

-- 
---
Leo Holmberg
[EMAIL PROTECTED]

GnuPG Public Key : http://kojak.kent.edu/~holmberg/leogpg.pubkey
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Winbindd error or pam error

[leo emesue]

Have anybody been able to setup up two samba server running winbind on the 
same domain? Is there any special configuration and more importantly I have 
not been able to get winbindd to work on redhat 7.2 and 7.3 running samba 
2.2.4.  I could ge wbinfo -g -t -u to work and that's as far as i can get. 
Any ideas will highly be appreciated.

Leo


From: leo emesue [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Samba] Winbindd error
Date: Mon, 17 Jun 2002 19:16:22 +

Hi Guys:

Please help. I am trying to get winbindd to work on redhat Linux 7.2. 
Wbinfo -u -g and -t works fine but I am not able to getent passwd and 
getent group to work. Please help.

I also have another server running winbindd in the same domain but that's 
redhat 7.0 on samba 2.2.2.

Leo


_
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba




_
Send and receive Hotmail on your mobile device: http://mobile.msn.com


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba