Re: [Samba] delete kerberos databases and start over

[noc]

On 24-9-2013 19:10, jimc wrote:

Hi.

Something happened with my Kerberos database*. I don't know what. I 
don't care much (right now).


What I need to do now is to recover.

I am running  a small home network: 3 win7 boxes, 2 xps, 2 Mint Linux 
and one Puppy.


I tried deleting /usr/local/samba/private/* and 
/usr/local/samba/etc/smb.conf as the how-to suggests, then doing a 
samba-tool domain provision.


All my Windoze boxes event logs say they can't establish a secure 
connection to authenticate.


Correct behaviour because there is/was a relation between Windows and 
Samba4, called SIDs. Put you windows boxes in a workgroup and then add 
them back to the domain.


Regards,

Joop

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Upgrade

[noc]

On 9-8-2013 11:49, Sandbox wrote:

Hi Guys,

Well I made a bad decision and installed Samba4 from zentyal repo,
Why was that a bad decision? I have been looking at it and for certain 
use cases it looks nice.


Regards,

Joop

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4+bind on centos

[NOC]

On 06/11/2013 12:15 PM, Rowland Penny wrote:
Have you created the reverse zone? Samba, for some reason, does not 
automatically create it. If I run your command, I get:


IPs: ['192.168.0.2']
Calling nsupdate for A domain.lan 192.168.0.2
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
domain.lan.900INA192.168.0.2

and so on ~

Rowland



Hi Rowland,

do you mean the samba_dnsupdate command?
I don't think the command, when I run it, gets as far as you get.

Where do you propose to create the reverse zone? statically in bind or 
by editing the file /usr/local/samba/private/dns_update_list?


Cheers

Simon



On 11 June 2013 10:54, NOC <mailto:n...@nieuwland.nl>> wrote:


Hi All

I've started again from scratch, following the wikipage at
https://wiki.samba.org/index.php/Dns-backend_bind#Bind_9.8_.2F_9.9

I'm using bind 9.8.5-P1 and samba4 master (from yesterday I guess)

compiling from scratch:
bind: ./configure --with-gssapi=/usr/include/gssapi --with-dlopen=yes

And the given named.conf in /etc/bind/ (as this is where I want
the config to reside)

I've include the local zones as provided and I modified the named
in a few places:
 diff orig-named.conf /etc/bind/named.conf
6c6
<directory "/var/named";
---
>directory "/etc/bind";
8c8
<forwarders { 8.8.8.8; 8.8.4.4; };
---
>forwarders { 172.16.1.12; 172.16.1.18; };
16,17c16,18
< 10.1.1.0/24 <http://10.1.1.0/24>;
<...other networks you want to allow to query your
DNS...;
---
> 192.168.6.0/24 <http://192.168.6.0/24>;
> 127.0.0.0/8 <http://127.0.0.0/8>;
>#...other networks you want to allow to query
your DNS...;
21,22c22,24
< 10.1.1.0/24 <http://10.1.1.0/24>;
<...other networks you want to allow to do
recursive queries...;
---
> 192.168.6.0/24 <http://192.168.6.0/24>;
> 127.0.0.0/8 <http://127.0.0.0/8>;
>#...other networks you want to allow to do
recursive queries...;
24a27,28
>   tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
>
26a31
> include "/usr/local/samba/private/named.conf";


This is just so bind actually works and the files created by
provision are included

Provision was done using:
samba-tool domain provision
Realm: example
 Domain [example]: example.com <http://example.com>
 Server Role (dc, member, standalone) [dc]: dc
 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
[SAMBA_INTERNAL]: BIND9_DLZ
Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=example
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=example
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
See /usr/local/samba/private/named.conf for an example
configuration include file for BIND
and /usr/local/samba/private/named.txt for further documentation
required for secure DNS updates
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated
at /usr/local/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be
ready to use
Server Role:   active directory domain controller
Hostname:  sambabind02
NetBIOS Domain: EXAMPLE.COM <http://EXAMPLE.COM>
DNS Domain:example
DOMAIN SID:S-1-5-21-294307859-3325552197-969134079


stopped/started bind using the new config file

Then I started /usr/local/samba/sbin/samba -D

Then command:
# /usr/local/samba/sbin/samba_dnsupdate --verbose --all-names
IPs: ['192.168.6.86'

Re: [Samba] samba4+bind on centos

[NOC]

Hi All

I've started again from scratch, following the wikipage at 
https://wiki.samba.org/index.php/Dns-backend_bind#Bind_9.8_.2F_9.9


I'm using bind 9.8.5-P1 and samba4 master (from yesterday I guess)

compiling from scratch:
bind: ./configure --with-gssapi=/usr/include/gssapi --with-dlopen=yes

And the given named.conf in /etc/bind/ (as this is where I want the 
config to reside)


I've include the local zones as provided and I modified the named in a 
few places:

 diff orig-named.conf /etc/bind/named.conf
6c6
directory "/etc/bind";
8c8
forwarders { 172.16.1.12; 172.16.1.18; };
16,17c16,18
<10.1.1.0/24;
<...other networks you want to allow to query your DNS...;
---
>192.168.6.0/24;
>   127.0.0.0/8;
>#...other networks you want to allow to query your DNS...;
21,22c22,24
<10.1.1.0/24;
<...other networks you want to allow to do recursive 
queries...;

---
>192.168.6.0/24;
>   127.0.0.0/8;
>#...other networks you want to allow to do recursive 
queries...;

24a27,28
>   tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
>
26a31
> include "/usr/local/samba/private/named.conf";


This is just so bind actually works and the files created by provision 
are included


Provision was done using:
samba-tool domain provision
Realm: example
 Domain [example]: example.com
 Server Role (dc, member, standalone) [dc]: dc
 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) 
[SAMBA_INTERNAL]: BIND9_DLZ

Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=example
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=example
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
See /usr/local/samba/private/named.conf for an example configuration 
include file for BIND
and /usr/local/samba/private/named.txt for further documentation 
required for secure DNS updates

Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at 
/usr/local/samba/private/krb5.conf

Once the above files are installed, your Samba4 server will be ready to use
Server Role:   active directory domain controller
Hostname:  sambabind02
NetBIOS Domain:EXAMPLE.COM
DNS Domain:example
DOMAIN SID:S-1-5-21-294307859-3325552197-969134079


stopped/started bind using the new config file

Then I started /usr/local/samba/sbin/samba -D

Then command:
# /usr/local/samba/sbin/samba_dnsupdate --verbose --all-names
IPs: ['192.168.6.86']
Traceback (most recent call last):
  File "/usr/local/samba/sbin/samba_dnsupdate", line 511, in 
get_credentials(lp)
  File "/usr/local/samba/sbin/samba_dnsupdate", line 124, in 
get_credentials

raise e
RuntimeError: kinit for SAMBABIND02$@EXAMPLE failed (Cannot contact any 
KDC for requested realm)


It appears that samba_dnsupdate tries to get a ticket from the KDC that 
it tries to find using DNS, but the record isn't yet inserted in the 
bind dns database. Is it a chicken/egg problem?


Now either the wiki hasn't been fully tested or it's missing a obvious step

Any clues?

/Simon



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4+bind on centos

[NOC]

On 06/07/2013 03:38 PM, Ludek Finstrle wrote:

Hello NOC,

   you didn't provide any configuration so I'm just guessing using
my new crystal ball.


Hi Ludek

can you tell in your crystal ball whether I'll succeed getting this to 
work? ;-)


The parts I added to my config:

# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
# For BIND 9.8.0
database "dlopen /usr/lib64/samba4/modules/bind9/dlz_bind91.so -d 3";

# For BIND 9.9.0
# database "dlopen /usr/lib64/samba4/modules/bind9/dlz_bind9_9.so";
};

options {
...
#samba4 key for dyn.updates
tkey-gssapi-keytab "/var/lib/samba4/private/dns.keytab";

}




Fri, Jun 07, 2013 at 02:45:09PM +0200, NOC napsal(a):

Hi all

root@puppettest01 var]# samba_dnsupdate --verbose --all-names
IPs: ['192.168.0.1']
Traceback (most recent call last):
   File "/usr/sbin/samba_dnsupdate", line 506, in 
 get_credentials(lp)
   File "/usr/sbin/samba_dnsupdate", line 119, in get_credentials
 creds.get_named_ccache(lp, ccachename)
RuntimeError: kinit for PUPPETTEST01$@NIEUWLAND.NL failed (Cannot
contact any KDC for requested realm)

You have configured kerberos to look for KDC using DNS and DNS
server is not running.


Yes, that's why I figured it was a problem with bind.



When looking at the debug output of bind, it doesn't seem to have
loaded the DLZ module from samba4.

I tried this: named -g -c /etc/bind/named.conf -u named -d3 2>&1
|grep -i dlz
07-Jun-2013 14:18:24.514 built with '--host=x86_64-redhat-linux-gnu'
'--build=x86_64-redhat-linux-gnu' '--program-prefix='
'--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
'--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
'--includedir=/usr/include' '--libdir=/usr/lib64'
'--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--with-libtool' '--localstatedir=/var' '--enable-threads'
'--enable-ipv6' '--with-pic' '--disable-static'
'--disable-openssl-version-check' '--with-dlopen=yes'
'--with-dlz-ldap=yes' '--with-dlz-postgres=yes'
'--with-dlz-mysql=yes' '--with-dlz-filesystem=yes'
'--with-dlz-stub=yes' '--with-gssapi=yes' '--disable-isc-spnego'
'--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
'--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu'
'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g' 'CPPFLAGS=
-DDIG_SIGCHASE'
07-Jun-2013 14:18:24.516 Registering DLZ_dlopen driver
07-Jun-2013 14:18:24.516 Registering SDLZ driver 'dlopen'
07-Jun-2013 14:18:24.516 Registering DLZ driver 'dlopen'


With the freshly compiled bind I now get this output:
named -g -c /etc/bind/named.conf -u named -d3 2>&1 |grep -i dlz
07-Jun-2013 15:52:04.484 built with '--host=x86_64-redhat-linux-gnu' 
'--build=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' 
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' 
'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' 
'--libdir=/usr/lib64' '--libexecdir=/usr/libexec' 
'--sharedstatedir=/var/lib' '--mandir=/usr/share/man' 
'--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' 
'--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' 
'--disable-openssl-version-check' '--with-dlopen=yes' 
'--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' 
'--with-dlz-filesystem=yes' '--with-gssapi=yes' 
'--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 
'--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 
'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g' 'CPPFLAGS= 
-DDIG_SIGCHASE'

07-Jun-2013 15:52:04.486 Registering DLZ_dlopen driver
07-Jun-2013 15:52:04.486 Registering SDLZ driver 'dlopen'
07-Jun-2013 15:52:04.486 Registering DLZ driver 'dlopen'



med.conf location is nonstandard, this is handled in
/etc/sysconfig/named).

What about selinux?


selinux is set to permissive


Also giving us only grep of logs are useless. There should be very
interesting lines below:
07-Jun-2013 14:18:24.516 Registering DLZ driver 'dlopen'


like wha

[Samba] samba4+bind on centos

[NOC]

Hi all

I've given up on the idea that I can make a script to import our 
-zone into samba internal dns with samba-tool as it gets really 
messy with subdomains. Instead I'm now trying to get samba4 to let bind 
handle the -zone as well als dynamic updates and such.


The problem is that once I've started named and samba4 after 
provisioning, I try to test dynamic updates and it oopses with the message:

root@puppettest01 var]# samba_dnsupdate --verbose --all-names
IPs: ['192.168.0.1']
Traceback (most recent call last):
  File "/usr/sbin/samba_dnsupdate", line 506, in 
get_credentials(lp)
  File "/usr/sbin/samba_dnsupdate", line 119, in get_credentials
creds.get_named_ccache(lp, ccachename)
RuntimeError: kinit for PUPPETTEST01$@NIEUWLAND.NL failed (Cannot 
contact any KDC for requested realm)


When looking at the debug output of bind, it doesn't seem to have loaded 
the DLZ module from samba4.


I tried this: named -g -c /etc/bind/named.conf -u named -d3 2>&1 |grep 
-i dlz
07-Jun-2013 14:18:24.514 built with '--host=x86_64-redhat-linux-gnu' 
'--build=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' 
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' 
'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' 
'--libdir=/usr/lib64' '--libexecdir=/usr/libexec' 
'--sharedstatedir=/var/lib' '--mandir=/usr/share/man' 
'--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' 
'--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' 
'--disable-openssl-version-check' '--with-dlopen=yes' 
'--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' 
'--with-dlz-filesystem=yes' '--with-dlz-stub=yes' '--with-gssapi=yes' 
'--disable-isc-spnego' 
'--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 
'--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 
'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g' 'CPPFLAGS= 
-DDIG_SIGCHASE'

07-Jun-2013 14:18:24.516 Registering DLZ_dlopen driver
07-Jun-2013 14:18:24.516 Registering SDLZ driver 'dlopen'
07-Jun-2013 14:18:24.516 Registering DLZ driver 'dlopen'

The packages samba4 (using git master from 2 days ago) and bind are 
self-compiled on another centos 6.4 machine. As you can see, the options 
'--with-gssapi=yes' and '--with-dlopen=yes' are set (this is 9.8.2 from 
the source rpm)


I followed the instructions on how to include 
/var/lib/samba4/private/named.conf and named.txt, however, that didn't 
work as advertised (cannot read /var/lib/samba4/private/named.conf, 
though it was readable by user named???), so I included the stuff in 
...private/named.conf literally in the /etc/bind/named.conf (as you can 
see, the named.conf location is nonstandard, this is handled in 
/etc/sysconfig/named).


samba4 was provisioned for NIEUWLAND.NL as dc and BIND9_DLZ

I figure the problem lies in not loading the dlopen driver, which should 
probably look like:


03-Jun-2013 14:38:43.370 Loading 'AD DNS Zone' using driver dlopen
03-Jun-2013 14:38:43.371 Loading SDLZ driver.
03-Jun-2013 14:38:47.233 samba_dlz: started for DN DC=intranet01,DC=hom
03-Jun-2013 14:38:47.234 SDLZ driver loaded successfully.
03-Jun-2013 14:38:47.234 DLZ driver loaded successfully.
03-Jun-2013 14:38:47.235 samba_dlz: starting configure
03-Jun-2013 14:38:47.275 zone 200.168.192.in-addr.arpa/NONE: number of nodes in 
database: 0
03-Jun-2013 14:38:47.278 zone 200.168.192.in-addr.arpa/NONE: loaded; checking 
validity
03-Jun-2013 14:38:47.281 zone_settimer: zone 200.168.192.in-addr.arpa/NONE: 
enter
03-Jun-2013 14:38:47.282 samba_dlz: configured writeable zone 
'200.168.192.in-addr.arpa'
03-Jun-2013 14:38:47.284 zone intranet01.hom/NONE: number of nodes in database: 0
03-Jun-2013 14:38:47.286 zone intranet01.hom/NONE: loaded; checking validity

(I saw this in another mail to this list, but there bind was compiled from 
original sources and version 9.9.3)

I wonder which steps would be most likely to let bind load the driver for dlz? 
Should I suspect all the patches redhat includes in their source rpm? or is it 
a configuration issue?

Cheers

Simon





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] bug in samba-tool w.r.t. (sub)domains

[NOC]

On 06/04/2013 11:33 PM, Andrew Bartlett wrote:

On Tue, 2013-06-04 at 12:20 +0200, NOC wrote:

Hi all

I'm trying to import our bind dns data for our domain into samba4 using
sambatool. Unfortunately, our domain has lots of (unnecessary)
subdomains, but that's hard to revert after a long time. So I will have
to parse the bind data and do a zonecreate for each subdomain that comes
out of bind. I can deal with this, but it's cumbersome :-(

The bug I'm talking about is this, when I was trying to add a subdomain,
I found that samba4 retains a trailing . (dot), the root of the fqdn
tree, which is usually omitted. To make this even weirder, I can add
foo.bar.com and foo.bar.com. and both will be listed as pszZoneName when
asking samba-tool for "dns zonelist localhost".

This is treated by samba as a different subdomain, so when I add
"x.foo.bar.com" and I later query the address for "x" in subdomain
"foo.bar.com.", I get an exception. (Which is also ugly, I'd rather get
a nice error message and proper exit code).

I think this just got fixed in master, and might be on the way to the
next 4.0.x.  Can you re-test GIT master so we know if we need to look
into this more?



I'll see what I can do.

I noticed something else, which may be confusing or even wrong...

I can add both an A record and a CNAME for the same Name, I'm not sure 
if this is wrong in the DNS sense, but it seems confusing to me.

When I query for ALL types, both are printed.

dig also shows both records when requesting "ANY", but the "host" 
command can't resolve the name with both A and CNAME records. It can 
resolve a name with just an A record. This may not be a good test, 
because host appears to have trouble resolving any CNAME.


Cheers

Simon
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] bug in samba-tool w.r.t. (sub)domains

[NOC]

Hi all

I'm trying to import our bind dns data for our domain into samba4 using 
sambatool. Unfortunately, our domain has lots of (unnecessary) 
subdomains, but that's hard to revert after a long time. So I will have 
to parse the bind data and do a zonecreate for each subdomain that comes 
out of bind. I can deal with this, but it's cumbersome :-(


The bug I'm talking about is this, when I was trying to add a subdomain, 
I found that samba4 retains a trailing . (dot), the root of the fqdn 
tree, which is usually omitted. To make this even weirder, I can add 
foo.bar.com and foo.bar.com. and both will be listed as pszZoneName when 
asking samba-tool for "dns zonelist localhost".


This is treated by samba as a different subdomain, so when I add 
"x.foo.bar.com" and I later query the address for "x" in subdomain 
"foo.bar.com.", I get an exception. (Which is also ugly, I'd rather get 
a nice error message and proper exit code).


In bind's zone files, these entries look like:

$ORIGIN bar.com.
x.foo IN A 1.2.3.4

or

$ORIGIN foo.bar.com.
x IN A 1.2.3.4

regardless of whether I query for x.foo.bar.com or x.foo.bar.com. I 
expect the same answer. But in the zone files, the trailing dot is 
mandatory to indicate where the root of the tree starts (without the 
dot, the $ORIGIN is appended for the full name)


my samba-tool version is: 4.0.5-4.el6.1

Cheers

Simon



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba4 backup script

[NOC]

Hi list

I recently encountered errors while trying to backup the samba4 AD. 
Apparently tar had some problems with sockets in the samba4 directory.


I modified the samba4 backup script, perhaps this or a similar change is 
good to include upstream?


Cheers

Simon Oosthoek
#!/bin/sh
#
#   THIS FILE IS DISTRIBUTED BY PUPPET  #
#
#
# Copyright (C) Matthieu Patou  2010-2011
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see .
#

FROMWHERE=/var/lib/samba4/
WHERE=/var/backup/samba4/
if [ -n "$1" ] && [ "$1" = "-h" -o "$1" = "--usage" ]; then
echo "samba_backup [provisiondir] [destinationdir]"
echo "Will backup your provision located in provisiondir to archive 
stored in destinationdir"
echo "Default provisiondir: $FROMWHERE"
echo "Default destinationdir: $WHERE"
exit 0
fi

[ -n "$1" -a -d "$1" ]&&FROMWHERE=$1
[ -n "$2" -a -d "$2" ]&&WHERE=$2

DIRS="private sysvol"
#Number of days to keep the backup
DAYS=90
WHEN=$(date +%d%m%y)

if [ ! -d $WHERE ]; then
echo "Missing backup directory $WHERE"
exit 1
fi

if [ ! -d $FROMWHERE ]; then
echo "Missing or wrong provision directory $FROMWHERE"
exit 1
fi

cd $FROMWHERE
for d in $DIRS;do
relativedirname=$(find . -type d -name "$d" -prune)
n=$(echo $d | sed 's,/,_,g')
if [ "$d" = "private" ]; then
find $relativedirname -name "*.ldb.bak" -exec rm {} \;
for ldb in $(find $relativedirname -name "*.ldb"); do
if tdbbackup $ldb
then :
else
echo "Error while backuping $ldb"
exit 1
fi
done
find "$relativedirname" -type f -o -type d |grep -v '\.ldb$' 
|cpio --quiet -o --format=tar |bzip2 >"$WHERE/samba4_${n}.$WHEN.tar.bz2" 
if [ ! -f "$WHERE/samba4_${n}.$WHEN.tar.bz2" ] || [ $(stat -c 
"%s" "$WHERE/samba4_${n}.$WHEN.tar.bz2") -eq 0 ]; then
echo "Error while archiving 
${WHERE}/samba4_${n}.${WHEN}.tar.bz2"
exit 1
fi
find $relativedirname -name "*.ldb.bak" -exec rm {} \;
else
find "$relativedirname" -type f -o -type d |cpio --quiet -o 
--format=tar |bzip2 >"$WHERE/${n}.$WHEN.tar.bz2" 
if [ ! -f "$WHERE/${n}.$WHEN.tar.bz2" ] || [ $(stat -c "%s" 
"$WHERE/${n}.$WHEN.tar.bz2") -eq 0 ]; then
echo "Error while archiving 
${WHERE}/${n}.${WHEN}.tar.bz2"
exit 1
fi
fi
done

find $WHERE -name "samba4_*bz2" -mtime +$DAYS -exec rm  {} \; >/dev/null 2>&1

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] problems with samba upgrade from 3.5.4 to 3.6.9

[NOC-Postkorb]

Hi @ all,
we use samba as a fileserver on CentOS  and an OpenLDAP server on Ubuntu 10.04. 
The samba server shared only files, so we can access with the win7 clients (and 
OpenLDAP credentials) to the files  on the linux environment.

So after upgrade we don't can connected us to the samba share. I have tested 
the connection with the tool smbclient "smblcient -L  -U 
" and returned the error "session setup failed: 
NT_STATUS_INTERNAL_DB_CORRUPTION".

I had read something about new security features, and in the most articles I 
had found problems with winbind and ADS connectivity. But we don't use winbind 
or else, we use only the linux ldap to authenticate.

The domainSID and localSID and userSID are matched to the SambaDomainSID in my 
openLDAP.
I have checked this with the commands:
- net getdomainsid
- net getlocalsid
- pdbedit -v hhofmann

So I hope you can help me, thanks!

Regards,
Henry Hofmann
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems with wins server

[Noc Phibee]

No other solution ?




Noc Phibee a écrit :

Hi

i have a smaal problems ... :

I have two samba server connected by a VPN.

One, are the master, the config are:

[global]
  workgroup = LOCAL
  netbios name = SMB1
  server string = Linux Smb Server 1
  os level = 33
  log file = /var/log/samba/%m.log
  max log size = 500
  log level = 3
  map to guest = bad user
  security = user
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  local master = no
  domain master = no
  dns proxy = no
  wins support = yes
  unix password sync=yes
  hosts allow = 192.168.0. 192.168.75. 192.160.150. 192.168.151. 
192.168.3. 127.


into the log i have:

[2006/11/23 07:01:50, 3] 
nmbd/nmbd_winsserver.c:wins_multihomed_register_query_fail(1097)
 wins_multihomed_register_query_fail: Registering machine at IP 
192.168.75.254 failed to answer query successfully for name SMB2<03>.



The second server are:
[global]
  workgroup = LOCAL
  netbios name = SMB2
  server string = Linux Smb Server 2
  os level = 33
  log file = /var/log/samba/%m.log
  max log size = 500
  log level = 3
  map to guest = bad user
  security = user
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  local master = no
  domain master = no
  dns proxy = yes
  wins support = no
  wins server = 192.168.0.1
  wins proxy = yes
  unix password sync=yes

192.168.0.1 are the ip of the first server 
my computer, on the network of Smb2 have in wins server the SMB2

into the log of smb2 i have:

Nov 23 07:01:50 gw nmbd[3768]:   register_name_response: WINS server 
at IP 192.168.0.1 rejected our name registration of SMB2<20> IP 
192.168.75.254 with error code 5.
Nov 23 07:01:50 gw nmbd[3768]: [2006/11/23 07:01:50, 0] 
nmbd/nmbd_namelistdb.c:standard_fail_register(283)
Nov 23 07:01:50 gw nmbd[3768]:   standard_fail_register: Failed to 
register/refresh name SMB2<20> on subnet UNICAST_SUBNET
Nov 23 07:01:50 gw nmbd[3768]: [2006/11/23 07:01:50, 0] 
nmbd/nmbd_nameregister.c:register_name_response(130)
Nov 23 07:01:50 gw nmbd[3768]:   register_name_response: WINS server 
at IP 192.168.0.1 rejected our name registration of SMB2<03> IP 
192.168.75.254 with error code 5.
Nov 23 07:01:50 gw nmbd[3768]: [2006/11/23 07:01:50, 0] 
nmbd/nmbd_namelistdb.c:standard_fail_register(283)
Nov 23 07:01:50 gw nmbd[3768]:   standard_fail_register: Failed to 
register/refresh name SMB2<03> on subnet UNICAST_SUBNET
Nov 23 07:01:50 gw nmbd[3768]: [2006/11/23 07:01:50, 0] 
nmbd/nmbd_nameregister.c:register_name_response(130)


and for all user:
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173)

Nov 23 07:03:48 gw nmbd[3768]:   Error - should be sent to WINS server
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172)
Nov 23 07:03:48 gw nmbd[3768]:   process_name_refresh_request: unicast 
name registration request received for name DELL_7<20> from IP 
192.168.75.103 on subnet UNICAST_SUBNET.
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173)

Nov 23 07:03:48 gw nmbd[3768]:   Error - should be sent to WINS server
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172)
Nov 23 07:03:48 gw nmbd[3768]:   process_name_refresh_request: unicast 
name registration request received for name DELL_7<03> from IP 
192.168.75.103 on subnet UNICAST_SUBNET.
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173)

Nov 23 07:03:48 gw nmbd[3768]:   Error - should be sent to WINS server
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172)
Nov 23 07:03:48 gw nmbd[3768]:   process_name_refresh_request: unicast 
name registration request received for name LOCAL<00> from IP 
192.168.75.103 on subnet UNICAST_SUBNET.



where is my error ?

thanks



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[NO ANSWER] Anyone have this problems ??????? Re: [Samba] Problems with wins server

[Noc Phibee]

Anyone use Wins Server of Samba in a VPN environment ?


Noc Phibee a écrit :

Hi

i have a smaal problems ... :

I have two samba server connected by a VPN.

One, are the master, the config are:

[global]
  workgroup = LOCAL
  netbios name = SMB1
  server string = Linux Smb Server 1
  os level = 33
  log file = /var/log/samba/%m.log
  max log size = 500
  log level = 3
  map to guest = bad user
  security = user
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  local master = no
  domain master = no
  dns proxy = no
  wins support = yes
  unix password sync=yes
  hosts allow = 192.168.0. 192.168.75. 192.160.150. 192.168.151. 
192.168.3. 127.


into the log i have:

[2006/11/23 07:01:50, 3] 
nmbd/nmbd_winsserver.c:wins_multihomed_register_query_fail(1097)
 wins_multihomed_register_query_fail: Registering machine at IP 
192.168.75.254 failed to answer query successfully for name SMB2<03>.



The second server are:
[global]
  workgroup = LOCAL
  netbios name = SMB2
  server string = Linux Smb Server 2
  os level = 33
  log file = /var/log/samba/%m.log
  max log size = 500
  log level = 3
  map to guest = bad user
  security = user
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  local master = no
  domain master = no
  dns proxy = yes
  wins support = no
  wins server = 192.168.0.1
  wins proxy = yes
  unix password sync=yes

192.168.0.1 are the ip of the first server 
my computer, on the network of Smb2 have in wins server the SMB2

into the log of smb2 i have:

Nov 23 07:01:50 gw nmbd[3768]:   register_name_response: WINS server 
at IP 192.168.0.1 rejected our name registration of SMB2<20> IP 
192.168.75.254 with error code 5.
Nov 23 07:01:50 gw nmbd[3768]: [2006/11/23 07:01:50, 0] 
nmbd/nmbd_namelistdb.c:standard_fail_register(283)
Nov 23 07:01:50 gw nmbd[3768]:   standard_fail_register: Failed to 
register/refresh name SMB2<20> on subnet UNICAST_SUBNET
Nov 23 07:01:50 gw nmbd[3768]: [2006/11/23 07:01:50, 0] 
nmbd/nmbd_nameregister.c:register_name_response(130)
Nov 23 07:01:50 gw nmbd[3768]:   register_name_response: WINS server 
at IP 192.168.0.1 rejected our name registration of SMB2<03> IP 
192.168.75.254 with error code 5.
Nov 23 07:01:50 gw nmbd[3768]: [2006/11/23 07:01:50, 0] 
nmbd/nmbd_namelistdb.c:standard_fail_register(283)
Nov 23 07:01:50 gw nmbd[3768]:   standard_fail_register: Failed to 
register/refresh name SMB2<03> on subnet UNICAST_SUBNET
Nov 23 07:01:50 gw nmbd[3768]: [2006/11/23 07:01:50, 0] 
nmbd/nmbd_nameregister.c:register_name_response(130)


and for all user:
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173)

Nov 23 07:03:48 gw nmbd[3768]:   Error - should be sent to WINS server
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172)
Nov 23 07:03:48 gw nmbd[3768]:   process_name_refresh_request: unicast 
name registration request received for name DELL_7<20> from IP 
192.168.75.103 on subnet UNICAST_SUBNET.
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173)

Nov 23 07:03:48 gw nmbd[3768]:   Error - should be sent to WINS server
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172)
Nov 23 07:03:48 gw nmbd[3768]:   process_name_refresh_request: unicast 
name registration request received for name DELL_7<03> from IP 
192.168.75.103 on subnet UNICAST_SUBNET.
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173)

Nov 23 07:03:48 gw nmbd[3768]:   Error - should be sent to WINS server
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172)
Nov 23 07:03:48 gw nmbd[3768]:   process_name_refresh_request: unicast 
name registration request received for name LOCAL<00> from IP 
192.168.75.103 on subnet UNICAST_SUBNET.



where is my error ?

thanks



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Know all user of one group with winbind/wbinfo ?

[Noc Phibee]

Thanks, but me i thinks that only "net ads" works and i don't have net 
ads group members ;=)




Thorsten Hamester a écrit :

Hello

Hi

do you know if they have a solution with best performance
for know all username of one Active Directory group ?


use: net rpc group MEMBERS  -S 

Hth

--Thorsten Hamester




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Know all user of one group with winbind/wbinfo ?

[Noc Phibee]

Hi

do you know if they have a solution with best performance
for know all username of one Active Directory group ?

Thanks bye


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problems with wins server

[Noc Phibee]

anyone know this errors ??







Noc Phibee a écrit :

Hi

i have a smaal problems ... :

I have two samba server connected by a VPN.

One, are the master, the config are:

[global]
  workgroup = LOCAL
  netbios name = SMB1
  server string = Linux Smb Server 1
  os level = 33
  log file = /var/log/samba/%m.log
  max log size = 500
  log level = 3
  map to guest = bad user
  security = user
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  local master = no
  domain master = no
  dns proxy = no
  wins support = yes
  unix password sync=yes
  hosts allow = 192.168.0. 192.168.75. 192.160.150. 192.168.151. 
192.168.3. 127.


into the log i have:

[2006/11/23 07:01:50, 3] 
nmbd/nmbd_winsserver.c:wins_multihomed_register_query_fail(1097)
 wins_multihomed_register_query_fail: Registering machine at IP 
192.168.75.254 failed to answer query successfully for name SMB2<03>.



The second server are:
[global]
  workgroup = LOCAL
  netbios name = SMB2
  server string = Linux Smb Server 2
  os level = 33
  log file = /var/log/samba/%m.log
  max log size = 500
  log level = 3
  map to guest = bad user
  security = user
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  local master = no
  domain master = no
  dns proxy = yes
  wins support = no
  wins server = 192.168.0.1
  wins proxy = yes
  unix password sync=yes

192.168.0.1 are the ip of the first server 
my computer, on the network of Smb2 have in wins server the SMB2

into the log of smb2 i have:

Nov 23 07:01:50 gw nmbd[3768]:   register_name_response: WINS server 
at IP 192.168.0.1 rejected our name registration of SMB2<20> IP 
192.168.75.254 with error code 5.
Nov 23 07:01:50 gw nmbd[3768]: [2006/11/23 07:01:50, 0] 
nmbd/nmbd_namelistdb.c:standard_fail_register(283)
Nov 23 07:01:50 gw nmbd[3768]:   standard_fail_register: Failed to 
register/refresh name SMB2<20> on subnet UNICAST_SUBNET
Nov 23 07:01:50 gw nmbd[3768]: [2006/11/23 07:01:50, 0] 
nmbd/nmbd_nameregister.c:register_name_response(130)
Nov 23 07:01:50 gw nmbd[3768]:   register_name_response: WINS server 
at IP 192.168.0.1 rejected our name registration of SMB2<03> IP 
192.168.75.254 with error code 5.
Nov 23 07:01:50 gw nmbd[3768]: [2006/11/23 07:01:50, 0] 
nmbd/nmbd_namelistdb.c:standard_fail_register(283)
Nov 23 07:01:50 gw nmbd[3768]:   standard_fail_register: Failed to 
register/refresh name SMB2<03> on subnet UNICAST_SUBNET
Nov 23 07:01:50 gw nmbd[3768]: [2006/11/23 07:01:50, 0] 
nmbd/nmbd_nameregister.c:register_name_response(130)


and for all user:
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173)

Nov 23 07:03:48 gw nmbd[3768]:   Error - should be sent to WINS server
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172)
Nov 23 07:03:48 gw nmbd[3768]:   process_name_refresh_request: unicast 
name registration request received for name DELL_7<20> from IP 
192.168.75.103 on subnet UNICAST_SUBNET.
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173)

Nov 23 07:03:48 gw nmbd[3768]:   Error - should be sent to WINS server
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172)
Nov 23 07:03:48 gw nmbd[3768]:   process_name_refresh_request: unicast 
name registration request received for name DELL_7<03> from IP 
192.168.75.103 on subnet UNICAST_SUBNET.
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173)

Nov 23 07:03:48 gw nmbd[3768]:   Error - should be sent to WINS server
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172)
Nov 23 07:03:48 gw nmbd[3768]:   process_name_refresh_request: unicast 
name registration request received for name LOCAL<00> from IP 
192.168.75.103 on subnet UNICAST_SUBNET.



where is my error ?

thanks



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems with wins server

[Noc Phibee]

Hi

i have a smaal problems ... :

I have two samba server connected by a VPN.

One, are the master, the config are:

[global]
  workgroup = LOCAL
  netbios name = SMB1
  server string = Linux Smb Server 1
  os level = 33
  log file = /var/log/samba/%m.log
  max log size = 500
  log level = 3
  map to guest = bad user
  security = user
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  local master = no
  domain master = no
  dns proxy = no
  wins support = yes
  unix password sync=yes
  hosts allow = 192.168.0. 192.168.75. 192.160.150. 192.168.151. 
192.168.3. 127.


into the log i have:

[2006/11/23 07:01:50, 3] 
nmbd/nmbd_winsserver.c:wins_multihomed_register_query_fail(1097)
 wins_multihomed_register_query_fail: Registering machine at IP 
192.168.75.254 failed to answer query successfully for name SMB2<03>.



The second server are:
[global]
  workgroup = LOCAL
  netbios name = SMB2
  server string = Linux Smb Server 2
  os level = 33
  log file = /var/log/samba/%m.log
  max log size = 500
  log level = 3
  map to guest = bad user
  security = user
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  local master = no
  domain master = no
  dns proxy = yes
  wins support = no
  wins server = 192.168.0.1
  wins proxy = yes
  unix password sync=yes

192.168.0.1 are the ip of the first server 
my computer, on the network of Smb2 have in wins server the SMB2

into the log of smb2 i have:

Nov 23 07:01:50 gw nmbd[3768]:   register_name_response: WINS server at 
IP 192.168.0.1 rejected our name registration of SMB2<20> IP 
192.168.75.254 with error code 5.
Nov 23 07:01:50 gw nmbd[3768]: [2006/11/23 07:01:50, 0] 
nmbd/nmbd_namelistdb.c:standard_fail_register(283)
Nov 23 07:01:50 gw nmbd[3768]:   standard_fail_register: Failed to 
register/refresh name SMB2<20> on subnet UNICAST_SUBNET
Nov 23 07:01:50 gw nmbd[3768]: [2006/11/23 07:01:50, 0] 
nmbd/nmbd_nameregister.c:register_name_response(130)
Nov 23 07:01:50 gw nmbd[3768]:   register_name_response: WINS server at 
IP 192.168.0.1 rejected our name registration of SMB2<03> IP 
192.168.75.254 with error code 5.
Nov 23 07:01:50 gw nmbd[3768]: [2006/11/23 07:01:50, 0] 
nmbd/nmbd_namelistdb.c:standard_fail_register(283)
Nov 23 07:01:50 gw nmbd[3768]:   standard_fail_register: Failed to 
register/refresh name SMB2<03> on subnet UNICAST_SUBNET
Nov 23 07:01:50 gw nmbd[3768]: [2006/11/23 07:01:50, 0] 
nmbd/nmbd_nameregister.c:register_name_response(130)


and for all user:
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173)

Nov 23 07:03:48 gw nmbd[3768]:   Error - should be sent to WINS server
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172)
Nov 23 07:03:48 gw nmbd[3768]:   process_name_refresh_request: unicast 
name registration request received for name DELL_7<20> from IP 
192.168.75.103 on subnet UNICAST_SUBNET.
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173)

Nov 23 07:03:48 gw nmbd[3768]:   Error - should be sent to WINS server
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172)
Nov 23 07:03:48 gw nmbd[3768]:   process_name_refresh_request: unicast 
name registration request received for name DELL_7<03> from IP 
192.168.75.103 on subnet UNICAST_SUBNET.
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173)

Nov 23 07:03:48 gw nmbd[3768]:   Error - should be sent to WINS server
Nov 23 07:03:48 gw nmbd[3768]: [2006/11/23 07:03:48, 0] 
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172)
Nov 23 07:03:48 gw nmbd[3768]:   process_name_refresh_request: unicast 
name registration request received for name LOCAL<00> from IP 
192.168.75.103 on subnet UNICAST_SUBNET.



where is my error ?

thanks

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] URGENT: erreur "oplock_break: receive_smb timed out after 30 seconds" ???

[Noc Phibee]

Hi  

Oct 19 11:47:58 gw smbd[20819]: [2006/10/19 11:47:58, 0] 
smbd/oplock.c:oplock_break(866)
Oct 19 11:47:58 gw smbd[20819]:   oplock_break: receive_smb timed out 
after 30 seconds.
Oct 19 11:47:58 gw smbd[20819]:   oplock_break failed for file 
SINS/Textes.mmo (dev = 306, inode = 1556602, file_id = 644).
Oct 19 11:47:58 gw smbd[20819]: [2006/10/19 11:47:58, 0] 
smbd/oplock.c:oplock_break(943)
Oct 19 11:47:58 gw smbd[20819]:   oplock_break: client failure in oplock 
break in file SINS/Textes.mmo




anyone know this errors on Samba ?

Thanks for your help

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] error winbind ?

[Noc Phibee]

Hi


I have this in my logs of winbond:


[2006/09/04 15:25:05, 0] nsswitch/winbindd.c:process_loop(863)
 winbindd: Exceeding 200 client connections, no idle connection found


and

[2006/09/04 15:23:10, 0] 
rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2229)
 cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \NETLOGON failed with 
error NT_STATUS_BUFFER_TOO_SMALL



Anyone know this problems ?

thanks bye


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] A question on Windows XP with Samba Linux ?

[Noc Phibee]

Hi

i have a small problems:

  I have a Linux Samba File server, on this, i have one directory 
where a

authentification are requested.

   That's work on all workstation, but only one can't connect.
  
I have only this into the log:


[2006/03/16 13:51:43, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(619)
 NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 
5.1] PrimaryDomain=[]

[2006/03/16 13:51:43, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606)
 Got user=[] domain=[] workstation=[ACERJLS] len1=1 len2=0
[2006/03/16 13:51:43, 3] auth/auth.c:check_ntlm_password(219)
 check_ntlm_password:  Checking password for unmapped user 
[EMAIL PROTECTED] with the new password interface

[2006/03/16 13:51:43, 3] auth/auth.c:check_ntlm_password(222)
 check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
[2006/03/16 13:51:43, 3] auth/auth.c:check_ntlm_password(268)
 check_ntlm_password: guest authentication for user [] succeeded
[2006/03/16 13:51:43, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
 NTLMSSP Sign/Seal - Initialising with flags:
[2006/03/16 13:51:43, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
 Got NTLMSSP neg_flags=0x60088215
[2006/03/16 13:51:43, 3] smbd/password.c:register_vuid(257)
 User name: nobody Real name: nobody
[2006/03/16 13:51:43, 3] smbd/password.c:register_vuid(276)
 UNIX uid 65534 is UNIX user nobody, and will be vuid 133
[2006/03/16 13:51:43, 3] smbd/process.c:process_smb(1114)
 Transaction 4192 of length 92
[2006/03/16 13:51:43, 3] smbd/process.c:switch_message(900)
 switch message SMBtconX (pid 9003) conn 0x0
[2006/03/16 13:51:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/03/16 13:51:43, 3] smbd/service.c:make_connection_snum(477)
 Connect path is '/var/tmp' for service [IPC$]
[2006/03/16 13:51:43, 3] lib/util_seaccess.c:se_access_check(250)
[2006/03/16 13:51:43, 3] lib/util_seaccess.c:se_access_check(251)
 se_access_check: user sid is S-1-5-21-2957750683-620060279-44140246-501
 se_access_check: also S-1-5-21-2957750683-620060279-44140246-514
 se_access_check: also S-1-1-0
 se_access_check: also S-1-5-2
 se_access_check: also S-1-5-32-546
 se_access_check: also S-1-5-21-2957750683-620060279-44140246-132069
[2006/03/16 13:51:43, 3] smbd/vfs.c:vfs_init_default(215)
 Initialising default vfs hooks
[2006/03/16 13:51:43, 3] lib/util_seaccess.c:se_access_check(250)
[2006/03/16 13:51:43, 3] lib/util_seaccess.c:se_access_check(251)
 se_access_check: user sid is S-1-5-21-2957750683-620060279-44140246-501
 se_access_check: also S-1-5-21-2957750683-620060279-44140246-514
 se_access_check: also S-1-1-0
 se_access_check: also S-1-5-2
 se_access_check: also S-1-5-32-546
 se_access_check: also S-1-5-21-2957750683-620060279-44140246-132069
[2006/03/16 13:51:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/03/16 13:51:43, 3] smbd/service.c:make_connection_snum(662)
 acerjls (192.168.250.81) connect to service IPC$ initially as user 
nobody (uid=65534, gid=65534) (pid 9003)



I see that this xp pro don't sent the login/password no ?

thanks for your help

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Get all user of one groups ? with winbindd/ads

[Noc Phibee]

Hi

before, i use
   getent group "name of the group"
for know all user on the groups ..

I have upgraded in 3.0.21rc2 and change security domain to ADS and now i 
can get it.

He have other solution for get with best speed all user of one groups ?

Thanks bye

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] New Winbind crash but only with a specific user ..

[Noc Phibee]

Hi

i don't have answer to my question, but for archives ;=)

I thinks that he have a serious bug into Winbindd but i can see it.

i start smb/winbindd ... good that's work ...
wbinfo -t => Ok
wbinfo -g=> Ok

But:

[EMAIL PROTECTED] samba]# wbinfo -a GROUPE/christ%briquet
plaintext password authentication succeeded
challenge/response password authentication succeeded
[EMAIL PROTECTED] samba]#

ok That's work !


[EMAIL PROTECTED] samba]# wbinfo -a GROUPE/jmcol%basique
no answer and process of Winbindd use 100% of cpu

i duplicate the account "jmcol" on my active directory ...
same name, same password, same group only login change ..
and that's work !

[EMAIL PROTECTED] samba]# wbinfo -a GROUPE/jmcol2%basique
plaintext password authentication succeeded
challenge/response password authentication succeeded
[EMAIL PROTECTED] samba]#




Anyone have this problems ??

In log level 10, the latest line when he use 100% of cpu is:

[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint32s(898)
 0240 sub_auths : 0015 087e60f9 5a3924ad 6dd83d7d 
0692

[2005/12/14 16:37:50, 7] rpc_parse/parse_prs.c:prs_debug(82)
 000254 smb_io_dom_sid2
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint32(671)
 0254 num_auths: 0005
[2005/12/14 16:37:50, 8] rpc_parse/parse_prs.c:prs_debug(82)
 000258 smb_io_dom_sid sid
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582)
 0258 sid_rev_num: 01
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582)
 0259 num_auths  : 05
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582)
 025a id_auth[0] : 00
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582)
 025b id_auth[1] : 00
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582)
 025c id_auth[2] : 00
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582)
 025d id_auth[3] : 00
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582)
 025e id_auth[4] : 00
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582)
 025f id_auth[5] : 05
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint32s(898)
 0260 sub_auths : 0015 087e60f9 5a3924ad 6dd83d7d 
06bb

[2005/12/14 16:37:50, 7] rpc_parse/parse_prs.c:prs_debug(82)
 000274 smb_io_dom_sid2
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint32(671)
 0274 num_auths: 0005
[2005/12/14 16:37:50, 8] rpc_parse/parse_prs.c:prs_debug(82)
 000278 smb_io_dom_sid sid
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582)
 0278 sid_rev_num: 01
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582)
 0279 num_auths  : 05
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582)
 027a id_auth[0] : 00
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582)
 027b id_auth[1] : 00
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582)
 027c id_auth[2] : 00
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582)
 027d id_auth[3] : 00
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582)
 027e id_auth[4] : 00
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582)
 027f id_auth[5] : 05
[2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint32s(898)
 0280 sub_auths : 0015 087e60f9 5a3924ad 6dd83d7d 
05d2












--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Limit user authentification into Winbind ?

[Noc Phibee]

Hi

i see on my log, two informations :


1- Into my log, i see a very big quantity of :
 [19391]: lookupname ECTPP/root
[2005/12/09 14:28:46, 3] 
nsswitch/winbindd_async.c:winbindd_dual_lookupname(695)

 [19391]: lookupname ECTPP/root
[2005/12/09 14:28:46, 3] 
nsswitch/winbindd_async.c:winbindd_dual_lookupname(695)


10x per s  600x/minutes .. it's very very big no ?
It's possible that is Spamassassin that create this request ?
i use winbind only for squid, can i del into pam winbind for no other 
process use it ?


2- Into my log, i have a new logs created :
  log.wb-BUILTIN
i see that winbind create a log file for each domain, but i don't have
a domain BUILTIN

and i have into this files a big quantity of this line :
 [19391]: getsidaliases
[2005/12/09 13:51:49, 3] 
nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(847)

 [19391]: getsidaliases
[2005/12/09 13:51:49, 3] 
nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(847)

 [19391]: getsidaliases
[2005/12/09 13:51:49, 3] 
nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(847)

 [19391]: getsidaliases
[2005/12/09 13:51:56, 3] 
nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(847)

 [19391]: getsidaliases
[2005/12/09 13:51:58, 3] 
nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(847)

 [19391]: getsidaliases
[2005/12/09 13:51:58, 3] 
nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(847)

 [19391]: getsidaliases
[2005/12/09 13:52:00, 3] 
nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(847)

 [19391]: getsidaliases
[2005/12/09 13:52:04, 3] 
nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(847)

 [19391]: getsidaliases
[2005/12/09 13:52:35, 3] 
nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(847)

 [19391]: getsidaliases
[2005/12/09 13:52:35, 3] 
nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(847)

 [19391]: getsidaliases
[2005/12/09 13:52:35, 3] 
nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(847)

 [19391]: getsidaliases
[2005/12/09 13:52:36, 3] 
nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(847)

 [19391]: getsidaliases
[2005/12/09 13:52:37, 3] 
nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(847)

 [19391]: getsidaliases
[2005/12/09 13:52:40, 3] 
nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(847)

 [19391]: getsidaliases



thanks for your help



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] First in the word that Winbind use 100% of CPU

[Noc Phibee]

Hi

anyone know a solution for my problems of Winbind at 100% ?
Anyone know a list of library used by WInbind ?

Thanks bye

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba in Secondary Domain Controler ? Urgent Please Help me

[Noc Phibee]

Hi

for my big problems of winbindd crash, i want know if it's possible
to replicate a Domain Controler Active Directory ?

Actually, My Samba/Winbind use a Primary Domain Control based on the network
but not in the same LAN. The traffic use a VPN ... i thinks that the 
number of request

are big for the VPN tunnel.

Can i say to my Samba that duplication the Active directory in local for 
the winbind/squid

authentifie with local request ?

thanks bye


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Other solution of Winbindd ? because he don't work ..

[Noc Phibee]

Hi,

for my problems (i never received a idea of the problems), i am thinks 
that it's a

problems into code of winbindd.

I have tested the 3.0.14a 3.0.14b 3.0.20b 3.0.21rc1 and i have the same 
problems.

tested on 2 server, sames problems ...

Winbind work for a very small network, not for a large, after 1mn, 
winbindd don't answer

and use 100% of CPU
latest logs info:

[2005/12/06 16:28:41, 10] nsswitch/winbindd.c:winbind_client_read(470)
 client_read: read 0 bytes. Need 1824 more for a full request.
[2005/12/06 16:28:41, 5] nsswitch/winbindd.c:winbind_client_read(477)
 read failed on sock 9, pid 20943: EOF

after ... no other

Thanks
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Big into winbindd ? 100% of cpu after 5mn of utilisation

[Noc Phibee]

No solutions ? it's a bug into 3.0.20b version ??



Noc Phibee a écrit :

Hi

anyone know if they have a big bug to winbindd ? :

After 5 mn of utilisation, winbindd use 100% of cpu resource :

PID USER   PR  NI  VIRTRES   SHR  S  %CPU   %MEMTIME+  
COMMAND
17096  root  25   010700  3556  9432  R  99.3   
0.7   1:03.02   winbindd



and we have into the log:

[2005/12/05 16:29:06, 5] nsswitch/winbindd.c:process_loop(817)
 winbindd: Exceeding 200 client connections, removing idle connection.
[2005/12/05 16:29:06, 0] nsswitch/winbindd.c:process_loop(822)
 winbindd: Exceeding 200 client connections, no idle connection found
[2005/12/05 16:29:06, 6] nsswitch/winbindd.c:new_connection(596)
 accepted socket 229
[2005/12/05 16:29:06, 10] nsswitch/winbindd.c:process_request(325)
 process_request: request fn AUTH_CRAP
[2005/12/05 16:29:06, 3] 
nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(538)

 [0]: pam auth crap domain: [LINUX] user: MAIRE
[2005/12/05 16:29:06, 8] lib/util.c:is_myname(1874)
 is_myname("LINUX") returns 0




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Big into winbindd ? 100% of cpu after 5mn of utilisation

[Noc Phibee]

Hi

anyone know if they have a big bug to winbindd ? :

After 5 mn of utilisation, winbindd use 100% of cpu resource :

PID USER   PR  NI  VIRTRES   SHR  S  %CPU   %MEMTIME+  COMMAND
17096  root  25   010700  3556  9432  R  99.3   
0.7   1:03.02   winbindd



and we have into the log:

[2005/12/05 16:29:06, 5] nsswitch/winbindd.c:process_loop(817)
 winbindd: Exceeding 200 client connections, removing idle connection.
[2005/12/05 16:29:06, 0] nsswitch/winbindd.c:process_loop(822)
 winbindd: Exceeding 200 client connections, no idle connection found
[2005/12/05 16:29:06, 6] nsswitch/winbindd.c:new_connection(596)
 accepted socket 229
[2005/12/05 16:29:06, 10] nsswitch/winbindd.c:process_request(325)
 process_request: request fn AUTH_CRAP
[2005/12/05 16:29:06, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(538)
 [0]: pam auth crap domain: [LINUX] user: MAIRE
[2005/12/05 16:29:06, 8] lib/util.c:is_myname(1874)
 is_myname("LINUX") returns 0


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Kerberos Errors with winbind?

[Noc Phibee]

Hi

i have this error now into my logs :

[2005/12/05 13:39:43, 3] libsmb/clikrb5.c:ads_krb5_mk_req(478)
 ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2005/12/05 13:39:43, 0] libads/kerberos.c:ads_kinit_password(164)
 kerberos_kinit_password host/[EMAIL PROTECTED] failed: Client not 
found in Kerberos database

[2005/12/05 13:39:43, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109)
 ads_connect for domain LINUX failed: Client not found in Kerberos database

Anyone know this problems ?

I don't know Active Directory, but for my linux samba server can access 
to Kerberos

on my W2000 Server Ads, what is the parametter into W2000K ? or only
net join ads are suffisient ?

on other server, i have another message :
[2005/12/05 13:20:47, 3] lib/util.c:fcntl_lock(1826)
 fcntl_lock: fcntl lock gave errno 11 (Resource temporarily unavailable)
[2005/12/05 13:20:47, 3] lib/util.c:fcntl_lock(1845)
 fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource 
temporarily unavailable)

[2005/12/05 13:20:47, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(105)
 cm_get_ipc_userpass: No auth-user defined


Thanks bye



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] No aswer to my winbind problems ?

[Noc Phibee]

Hi

anyone can help me to resol my big problems ?

thanks bye

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] wbinfo -g and -u problems ? no answer at my first post ?

[Noc Phibee]

] nsswitch/winbindd_cache.c:name_to_sid(965)
 name_to_sid: [Cached] - cached name for domain LOCAL status 
NT_STATUS_NONE_MAPPED
[2005/11/30 14:55:26, 10] nsswitch/winbindd_cache.c:cache_store_response(1502)
 Storing response for pid 8115, len 1300
[2005/11/30 14:56:56, 4] nsswitch/winbindd_dual.c:fork_domain_child(512)
 child daemon request 17
[2005/11/30 14:56:56, 10] nsswitch/winbindd_dual.c:child_process_request(388)
 process_request: request fn LIST_TRUSTDOM
[2005/11/30 14:56:56, 3] 
nsswitch/winbindd_misc.c:winbindd_dual_list_trusted_domains(120)
 [ 8114]: list trusted domains
[2005/11/30 14:56:56, 10] nsswitch/winbindd_cache.c:trusted_domains(1397)
 trusted_domains: [Cached] - doing backend query for info for domain LOCAL
[2005/11/30 14:56:56, 3] nsswitch/winbindd_ads.c:trusted_domains(879)
 ads: trusted_domains

 refresh_sequence_number: LOCAL seq number is now -1



On the W2000 server, what is the right of the user for get group/user ?

Thanks for your help














Gerald (Jerry) Carter a écrit :

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Noc Phibee wrote:

| I have upgraded from 3.0.14a to 3.0.20b and now when i put
| wbinfo -u or wbinfo -g i have a error message :
|
| [EMAIL PROTECTED] samba]# wbinfo -g
| Error looking up domain groups
| [EMAIL PROTECTED] samba]# wbinfo -u
| Error looking up domain users
| [EMAIL PROTECTED] samba]#
|
|
| and into the log.winbind:
| [2005/11/28 06:13:20, 3]
| nsswitch/winbindd_misc.c:winbindd_interface_version(461)
|  [0]: request interface version
| [2005/11/28 06:13:20, 3]
| nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(494)
|  [0]: request location of privileged pipe
| [2005/11/28 06:13:20, 3]
| nsswitch/winbindd_group.c:winbindd_list_groups(813)
|  [0]: list groups
| [2005/11/28 06:13:20, 3]
| nsswitch/winbindd_group.c:get_sam_group_entries(528)
|  get_sam_group_entries: Failed to enumerate domain local groups!

Can you send me a level 10 debug log?




cheers, jerry


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] My linux server with samba sent a big quantity of request to the DC ...

[Noc Phibee]

Hi

i see on the log that my linux server with Samba and Winbind
sent a request for root user :

Anyone know why and where i can limit this ?

Thanks for your help





[2005/11/30 12:11:00, 3] 
nsswitch/winbindd_async.c:winbindd_dual_lookupname(695)

 [30633]: lookupname LOCAL/root
[2005/11/30 12:11:00, 3] 
nsswitch/winbindd_async.c:winbindd_dual_lookupname(695)

 [30633]: lookupname LOCAL/root
[2005/11/30 12:11:00, 3] 
nsswitch/winbindd_async.c:winbindd_dual_lookupname(695)

 [30633]: lookupname LOCAL/root
[2005/11/30 12:11:00, 3] 
nsswitch/winbindd_async.c:winbindd_dual_lookupname(695)

 [30633]: lookupname LOCAL/root
[2005/11/30 12:11:00, 3] 
nsswitch/winbindd_async.c:winbindd_dual_lookupname(695)


[2005/11/30 12:11:18, 3] nsswitch/winbindd_group.c:winbindd_getgroups(925)
 [0]: getgroups root
[2005/11/30 12:11:18, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(453)

 [0]: request interface version
[2005/11/30 12:11:18, 3] 
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(486)

 [0]: request location of privileged pipe
[2005/11/30 12:11:18, 3] nsswitch/winbindd_group.c:winbindd_getgroups(925)
 [0]: getgroups root
[2005/11/30 12:11:18, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(453)

 [0]: request interface version
[2005/11/30 12:11:18, 3] 
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(486)

 [0]: request location of privileged pipe
[2005/11/30 12:11:18, 3] nsswitch/winbindd_group.c:winbindd_getgroups(925)
 [0]: getgroups root
[2005/11/30 12:11:18, 3] nsswitch/winbindd_group.c:winbindd_getgroups(925)
 [0]: getgroups root
[2005/11/30 12:11:18, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(453)

 [0]: request interface version
[2005/11/30 12:11:18, 3] 
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(486)

 [0]: request location of privileged pipe
[2005/11/30 12:11:18, 3] nsswitch/winbindd_group.c:winbindd_getgroups(925)
 [0]: getgroups root
[2005/11/30 12:11:18, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(453)

 [0]: request interface version
[2005/11/30 12:11:18, 3] 
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(486)

 [0]: request location of privileged pipe
[2005/11/30 12:11:18, 3] nsswitch/winbindd_group.c:winbindd_getgroups(925)
 [0]: getgroups root
[2005/11/30 12:11:18, 3] nsswitch/winbindd_group.c:winbindd_getgroups(925)
 [0]: getgroups root
[2005/11/30 12:11:18, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(453)

 [0]: request interface version
[2005/11/30 12:11:18, 3] 
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(486)

 [0]: request location of privileged pipe
[2005/11/30 12:11:18, 3] nsswitch/winbindd_group.c:winbindd_getgroups(925)
 [0]: getgroups root
[2005/11/30 12:11:19, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(453)

 [0]: request interface version
[2005/11/30 12:11:19, 3] 
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(486)

 [0]: request location of privileged pipe
[2005/11/30 12:11:19, 3] nsswitch/winbindd_group.c:winbindd_getgroups(925)
 [0]: getgroups root
[2005/11/30 12:11:19, 3] nsswitch/winbindd_group.c:winbindd_getgroups(925)
 [0]: getgroups root
[2005/11/30 12:11:19, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(453)

 [0]: request interface version
[2005/11/30 12:11:19, 3] 
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(486)

 [0]: request location of privileged pipe
[2005/11/30 12:11:19, 3] nsswitch/winbindd_group.c:winbindd_getgroups(925)
 [0]: getgroups root


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Create rpm for Mandriva of Samba 3.0.21rc1 ?

[Noc Phibee]

Hi

i want create the rpm of the 3.0.21rc1 release for my Mandriva.

i have used the same spec of 3.0.20b but i have a small problems :

Requires: perl-base >= 2:5.8.5 perl-base perl(Crypt::SmbHash) 
perl(Digest::MD5) perl(Digest::SHA1) perl(Exporter) perl(FindBin) 
perl(Getopt::Long) perl(Getopt::Std) perl(MIME::Base64) perl(Net::LDAP) 
perl(Net::LDAP::LDIF)

Conflicts: smbldap-tools > 0.9.1 samba-server < 3.0.11-1mdk


Erreur de construction de RPM:

This rpm has build options available, use --with options to see them

   Fichier non trouvé: /var/tmp/samba-3.0.21-root/usr/bin/smbget3
   Fichier non trouvé par la substitution: 
/var/tmp/samba-3.0.21-root/*bin/*mount.cifs3



anyone have a idea ?

thanks

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] wbinfo -g and -u problems ? no answer at my first post ?

[Noc Phibee]

Hi

Anyone know my problems ? i don't have receive a answer or idea ;=<

=
I have upgraded from 3.0.14a to 3.0.20b and now when i put wbinfo -u or
wbinfo -g i have a error message :

[EMAIL PROTECTED] samba]# wbinfo -g
Error looking up domain groups
[EMAIL PROTECTED] samba]# wbinfo -u
Error looking up domain users
[EMAIL PROTECTED] samba]#


and into the log.winbind:
[2005/11/28 06:13:20, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(461)

 [0]: request interface version
[2005/11/28 06:13:20, 3] 
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(494)

 [0]: request location of privileged pipe
[2005/11/28 06:13:20, 3] nsswitch/winbindd_group.c:winbindd_list_groups(813)
 [0]: list groups
[2005/11/28 06:13:20, 3] 
nsswitch/winbindd_group.c:get_sam_group_entries(528)

 get_sam_group_entries: Failed to enumerate domain local groups!
[2005/11/28 06:13:20, 3] 
nsswitch/winbindd_group.c:get_sam_group_entries(528)

 get_sam_group_entries: Failed to enumerate domain local groups!
[2005/11/28 06:13:20, 3] 
nsswitch/winbindd_group.c:get_sam_group_entries(528)

 get_sam_group_entries: Failed to enumerate domain local groups!


but a /usr/bin/ntlm_auth works !

tyhanks for your help

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Change of samba 3.0.14a to 3.0.20b ?

[Noc Phibee]

Hi

i have updraged one of my server on Mandrake :

Before Samba 3.0.14a now Samba 3.0.20b

and i see :

[EMAIL PROTECTED] squid]# wbinfo -t
checking the trust secret via RPC calls succeeded
[EMAIL PROTECTED] squid]#

ok it's good, but on when:

[EMAIL PROTECTED] samba]# wbinfo -g
Error looking up domain groups
[EMAIL PROTECTED] samba]# wbinfo -u
Error looking up domain users
[EMAIL PROTECTED] samba]#

on 3.0.20b i have this error, but not on 3.0.14a

it's a new features ? where is my problemes ?

thanks
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Question concernant le logiciel Samba

[Noc Phibee]

Bonjour,

Conseil sur cette liste, ecrivez en Anglais ;=) ou utilisez les 
newsgroups français


Je pense qu'il s'agit plus d'un probleme de parametrage de votre Samba ..
Deux grandes questions qu'il faut aborder :
  1- Vos utilisateurs sont ils authentifies ? ou c'est un mode 
"public" (vous autorisez toute la classe ip)
  2- Si mode public, n'ont ils pas les droits Root affectés 
d'office par votre config ?


Perso j'utilise Samba 3.0.14a avec des repertoires "public", des homes 
privés et des

repertoires commun ou les droits sont geres par "groupes"

A+



Chris Perrel a écrit :


Bonjour,

En utilisant le logiciel Samba je me suis rendue compte qu'il est 
possible

de supprimer n'importe quel dossier ou fichier, qu'il soit ou non protégé
contre l'écriture, ce qui pose un énorme problème de sécurité.

Avez-vous connaissance de ce problème ?

S'agit-t'il d'un simple problème de paramétrage ?

Dans le cas d'un bug, avez-vous une solution à nous proposer ?

Dans l'espoir de vous lire,
Cordialement

Christiane PERREL
Responsable Informatique
Frédéric Chocolatier
Tél : 03.89.20.99.99



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Clear Group Cache on Winbind ?

[Phibee NOC]

Hi

i thinks that he have a cache for "getent group" no ?

I don't see immediatly the modification of my active directory, only when i
restart winbind ...

he have a command ligne for flush the cache ?

thanks

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problems when i want join a w2k domain

[Phibee NOC]

Hi

ok i have resolved my problems ...
i have add to my smb.conf the Wins server IP and use net join -S Name-PDC
and i am joined ;=)


a other small question if other user use Winbind with Squid :

After i add the ntlm auth, all works but MSN not ... i thinks it's my ACL.
Anyone have a exemple of Acl for use with winbind and without limitation
(only authentification are requiered and MSN work)

thanks for your help






- Original Message - 
From: "Phibee NOC" <[EMAIL PROTECTED]>
To: 
Sent: Monday, April 25, 2005 4:21 PM
Subject: [Samba] Problems when i want join a w2k domain


> Hi
>
> i have a small problems when i want join my w2k domain:
>
> [EMAIL PROTECTED] samba]# net join -U install -S 172.16.1.15
> install's password:
> [2005/04/25 18:08:37, 0] libads/kerberos.c:ads_kinit_password(146)
>   kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for
> requested realm
> [2005/04/25 18:08:37, 0] utils/net_ads.c:ads_startup(186)
>   ads_connect: Cannot find KDC for requested realm
> [2005/04/25 18:08:37, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
>   cli_nt_setup_creds: request challenge failed
> [2005/04/25 18:08:37, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
>   cli_nt_setup_creds: request challenge failed
> [2005/04/25 18:08:37, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319)
>   Error domain join verification (reused connection):
> NT_STATUS_INVALID_COMPUTER_NAME
>
> Unable to join domain BIZAR.
> [EMAIL PROTECTED] samba]#
>
>
>
> on my Active Directory, i see that the machine are added but the join
don't
> work ..
>
> anyone know why ?
>
> thanks
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems when i want join a w2k domain

[Phibee NOC]

Hi

i have a small problems when i want join my w2k domain:

[EMAIL PROTECTED] samba]# net join -U install -S 172.16.1.15
install's password:
[2005/04/25 18:08:37, 0] libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for
requested realm
[2005/04/25 18:08:37, 0] utils/net_ads.c:ads_startup(186)
  ads_connect: Cannot find KDC for requested realm
[2005/04/25 18:08:37, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
  cli_nt_setup_creds: request challenge failed
[2005/04/25 18:08:37, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
  cli_nt_setup_creds: request challenge failed
[2005/04/25 18:08:37, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319)
  Error domain join verification (reused connection):
NT_STATUS_INVALID_COMPUTER_NAME

Unable to join domain BIZAR.
[EMAIL PROTECTED] samba]#



on my Active Directory, i see that the machine are added but the join don't
work ..

anyone know why ?

thanks

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] A small question on Winbind

[Phibee NOC]

Hi

it's possible with wbinfo that get a information:

1- Get all users of one Active Directory Group
2- Get all groups of one username ?


(i want create a small perl script for add automatiquely user into
Squidguard, other user say me that Squidguard can't directly
get the Active DIrectory Group (only use username)

Thanks for your help

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba