Re: [Samba] high cpu load
Jeremy, - Thanks for your help... We use a default user profile stored in the netlogon share. NTUSER.DAT does redirect the following folders: Registry = [Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] Value of type REG_EXPAND_SZ, data length 74 [0x4a] H:\.windows_settings\Application Data Value of type REG_EXPAND_SZ, data length 56 [0x38] H:\.windows_settings\Desktop Value of type REG_EXPAND_SZ, data length 30 [0x1e] H:\My Documents Value of type REG_EXPAND_SZ, data length 80 [0x50] H:\.windows_settings\Start Menu\Programs Value of type REG_EXPAND_SZ, data length 54 [0x36] H:\.windows_settings\Recent Value of type REG_EXPAND_SZ, data length 62 [0x3e] H:\.windows_settings\Start Menu Value of type REG_EXPAND_SZ, data length 96 [0x60] H:\.windows_settings\Start Menu\Programs\Startup Value of type REG_EXPAND_SZ, data length 54 [0x36] H:\My Documents\My Pictures We also add a REG_DWORD value named DeleteRoamingCache to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon \DeleteRoamingCache we also change the grouppolicy to exclude these directories in the roaming profile: Local Settings;Temporary Internet Files;History;Temp;My Documents;Desktop;Recent;Start Menu;Application Data Shouldn't the combination of these things prevent excess network traffic related to loading a roaming profile? We are using a default profile that was prepared on Win2k but all our machines are fully patched XPpro. Should we freshen up the Default User items in the netlogon folder? - Thanks, Matt Finlayson School of Engineering and Computer Science WSU Vancouver 360-546-9226 - Thanks, Matt Finlayson School of Engineering and Computer Science WSU Vancouver 360-546-9226 -Original Message- From: Jeremy Allison <[EMAIL PROTECTED]> Reply-To: Jeremy Allison <[EMAIL PROTECTED]> To: Cochran, Wayne Owen <[EMAIL PROTECTED]> Cc: samba@lists.samba.org, Jeremy Allison <[EMAIL PROTECTED]> Subject: Re: [Samba] high cpu load Date: Thu, 23 Oct 2008 16:36:55 -0700 On Thu, Oct 23, 2008 at 04:22:52PM -0700, Cochran, Wayne Owen wrote: > By client I assume you mean the user is explicitly asking for all > this data to be transferred. This is very unlikely since this is happening > frequently throughout the day -- sometimes 5 or 6 clients simultanously -- > so it must be something thats happening automatically. No I don't mean the user is requesting this, I mean the client redirector on the Windows box. > Of course none of this explains why the RTF file is being stat'ed thousands > of times! Turn up the debug level on an affected smbd using smbcontrol debug 10 and then see if the client is actually requesting this data transfer. smbd doesn't stat files unless it's a client request so this may be a client issue, not a server one. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pam_smb_auth.so support in version 3 or pam_winbind.so?
The work around That I have developed for this is diagramed as follows: --- --- | linux|<--->| samba 2 |<>| Samba 3 user info, passwords | | clients | | Server | | Server File share | | authN | --- --- ^ | | | Windows |<-/ | Clients | After countless configurations, rebuild and even OS reinstalls from square one I got the above to work. Samba 2 server acts as a domain member server and passes user auth to the samba 3 server. I do not know how this relates but as I stated in previous posts, if I try to authenticate linus directly against Samba 3 using Pam module the following error shows in the samba log [2005/11/17 14:21:53, 3] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. When I investigate user info with pdbedit I see the the NT username value is blank. I have seen posting that state it is an unused value. Maybe it is not related at all, but it makes me curious... Thanks, BTW, pam_winbindd is not an option. -- Matt Finlayson Information Technology Specialist School of Engineering and Computer Science Washington State University Vancouver 360-546-9481 It has been said, “A day that is without troubles is not fulfilling. Rather, give me a day of troubles well handled so that I can be content with my achievements.” Andrew Bartlett wrote: On Mon, 2005-11-28 at 10:46 -0800, Matt Finlayson wrote: I am having trouble getting pam_smb_auth.so to work with the latest version of samba. It was working with the 2.* versions but when I tried to upgrade to Samba 3 authentication fails on the client. I do not know if I need to reconfigure samba to work with pam_smb_auth.so, I have tried man options. Please also refer to: You mention that you are thinking of using pam_winbindd. I strongly suggest that option. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] pam_smb_auth.so support in version 3 or pam_winbind.so?
I am having trouble getting pam_smb_auth.so to work with the latest version of samba. It was working with the 2.* versions but when I tried to upgrade to Samba 3 authentication fails on the client. I do not know if I need to reconfigure samba to work with pam_smb_auth.so, I have tried man options. Please also refer to: http://lists.samba.org/archive/samba-technical/2005-November/043973.html I have using the stock RPM and compiling from source. I use the same approach for version 2 and 3 but 3 does not work. Please help. -- Matt Finlayson Information Technology Specialist School of Engineering and Computer Science Washington State University Vancouver 360-546-9481 It has been said, “A day that is without troubles is not fulfilling. Rather, give me a day of troubles well handled so that I can be content with my achievements.” -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] client auth failure for linux and samba pdc
subject: linux client auth to samba pdc fails I have a problem getting linux clients to authenticate against a Samba PDC. /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/$ISA/pam_env.so debug authsufficient/lib/security/$ISA/pam_unix.so debug likeauth nullok authsufficient/lib/security/$ISA/pam_smb_auth.so debug use_first_pass nolocal authrequired /lib/security/$ISA/pam_deny.so debug account required /lib/security/$ISA/pam_unix.so debug account sufficient/lib/security/$ISA/pam_succeed_if.so debug uid < 100 quiet account required /lib/security/$ISA/pam_permit.so debug passwordrequisite /lib/security/$ISA/pam_cracklib.so debug retry=3 passwordsufficient/lib/security/$ISA/pam_unix.so debug nullok use_authtok md5 #passwordsufficient/lib/security/$ISA/pam_smb_auth.so debug use_first_pass nolocal passwordrequired /lib/security/$ISA/pam_deny.so debug session required /lib/security/$ISA/pam_limits.so debug session required /lib/security/$ISA/pam_unix.so debug /etc/pam_smb.conf "my domain" "my Server" none When I try to logon to the linux client machine with a username and password stored in samba I get the following error message in /var/log/samba/%m.logfile [2005/11/17 14:21:53, 2] smbd/server.c:exit_server(609) Closing connections [2005/11/17 14:21:53, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2005/11/17 14:21:53, 3] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2005/11/17 14:21:53, 3] smbd/server.c:exit_server(652) Server exit (normal exit) I need help fixing this. The goal is to have a Samba PDC server that will authenticate both windwos and linux clients using the same password. Windows clients rely on the samba PDC for user info, authentication, user network shares, etc. And Linux clients rely on ldap for user info (/etc/password type stuff), nfs for access to user network share, and samba for authentication. This setup works on our old platform; RH9, samba 2.something, ldapV2.2.13 but I cannot get smb auth to work for the linux clients. Any help? The error is generated from smbd/connection.c: Delete a connection record. / BOOL yield_connection(connection_struct *conn, const char *name) { struct connections_key key; TDB_DATA kbuf; if (!tdb) return False; DEBUG(3,("Yielding connection to %s\n",name)); make_conn_key(conn, name, &kbuf, &key); if (tdb_delete(tdb, kbuf) != 0) { int dbg_lvl = (!conn && (tdb_error(tdb) == TDB_ERR_NOEXIST)) ? 3 : 0; DEBUG(dbg_lvl,("yield_connection: tdb_delete for name %s failed with error %s.\n", name, tdb_errorstr(tdb) )); return (False); } return(True); } You Will notice that %s does not have any value listed when it is printed ot the log file... The server is a dual Intel Xeon the client is a Pentium 4. Both are running Fedora 4 with all packages installed. I am using only the software that came with Fedora. -- Matt Finlayson Information Technology Specialist School of Engineering and Computer Science Washington State University Vancouver 360-546-9481 It has been said, “A day that is without troubles is not fulfilling. Rather, give me a day of troubles well handled so that I can be content with my achievements.” -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] linux client auth failure against PDC
subject: linux client auth to samba pdc fails I have a problem getting linux clients to authenticate against a Samba PDC. /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/$ISA/pam_env.so debug authsufficient/lib/security/$ISA/pam_unix.so debug likeauth nullok authsufficient/lib/security/$ISA/pam_smb_auth.so debug use_first_pass nolocal authrequired /lib/security/$ISA/pam_deny.so debug account required /lib/security/$ISA/pam_unix.so debug account sufficient/lib/security/$ISA/pam_succeed_if.so debug uid < 100 quiet account required /lib/security/$ISA/pam_permit.so debug passwordrequisite /lib/security/$ISA/pam_cracklib.so debug retry=3 passwordsufficient/lib/security/$ISA/pam_unix.so debug nullok use_authtok md5 #passwordsufficient/lib/security/$ISA/pam_smb_auth.so debug use_first_pass nolocal passwordrequired /lib/security/$ISA/pam_deny.so debug session required /lib/security/$ISA/pam_limits.so debug session required /lib/security/$ISA/pam_unix.so debug /etc/pam_smb.conf "my domain" "my Server" none When I try to logon to the linux client machine with a username and password stored in samba I get the following error message in /var/log/samba/%m.logfile [2005/11/17 14:21:53, 2] smbd/server.c:exit_server(609) Closing connections [2005/11/17 14:21:53, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2005/11/17 14:21:53, 3] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2005/11/17 14:21:53, 3] smbd/server.c:exit_server(652) Server exit (normal exit) I need help fixing this. The goal is to have a Samba PDC server that will authenticate both windwos and linux clients using the same password. Windows clients rely on the samba PDC for user info, authentication, user network shares, etc. And Linux clients rely on ldap for user info (/etc/password type stuff), nfs for access to user network share, and samba for authentication. This setup works on our old platform; RH9, samba 2.something, ldapV2.2.13 but I cannot get smb auth to work for the linux clients. Any help? My apologies for poor etiquette in posting this to samba-technical@lists.samba.org and samba@lists.samba.org Thanks, -- Matt Finlayson Information Technology Specialist School of Engineering and Computer Science Washington State University Vancouver 360-546-9481 It has been said, A day that is without troubles is not fulfilling. Rather, give me a day of troubles well handled so that I can be content with my achievements. - This mail sent through IMP: http://horde.org/imp/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba