Re: [Samba] Samba 3.0.37 with Windows Server 2008
> > /etc/krb5.conf > > [libdefaults] > default_realm = XXX.XXX > dns_lookup_realm = false > dns_lookup_kdc = false > ticket_lifetime = 24h > forwardable = yes > default_tkt_enctypes = arcfour-hmac-md5 aes256-cts-hmac-sha1-96 > aes128-cts-hmac-sha1-96 > default_tgs_enctypes = arcfour-hmac-md5 aes256-cts-hmac-sha1-96 > aes128-cts-hmac-sha1-96 > > -=Andrew So what do your Samba settings look like, then? I tried putting the stuff you have above into my krb5.conf file, and that doesn't change my ability to connect to the Samba services from a 2008 machine. Thanks, Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.0.37 with Windows Server 2008
> > Nick, > > I would suggest looking at your available encryption types available to > Solaris. We ran into this before and this bug supplied a work around > that fixed us. > > http://bugs.opensolaris.org/bugdatabase/printableBug.do?bug_id=6534506 > > If you want to find out the encryption levels available to your system, > you can issue: > > # cryptoadm list > Okay, so I can do this, but the "extra" file is not present on OpenSolaris, and the only other three pkcs libraries that are present are in use on the system. Also, I'm able to successfully use kinit to get a kerberos ticket from the command line on the Solaris system, but Samba still fails. Thanks for the lead - I'll continue to track it down! -Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.0.37 with Windows Server 2008
I'm running Windows Server 2008 and trying to connect to Samba 3.0.37 on Opensolaris. The Samba system is a member of a Windows Server 2008-based Active Directory domain - it was able to join the domain just fine - and Windows XP, Windows 2000, Windows Vista, and Windows 7 can connect, but Windows Server 2008 SP2 cannot connect. The log file is posted below - I'm guessing the key is the message about krb5_rd_req with auth failed (Bad encryption type), but none of the solutions out there that I've looked at seem to apply - it doesn't seem to be the same bug as was in Windows Server 2003, and I'm not sure what kerberos keytab has to do with remote connections to the machine. Any hints would be greatly appreciate. Thanks, Nick [2010/08/10 20:05:22, 5] smbd/uid.c:(338) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/08/10 20:05:22, 3] smbd/negprot.c:(505) Requested protocol [PC NETWORK PROGRAM 1.0] [2010/08/10 20:05:22, 3] smbd/negprot.c:(505) Requested protocol [LANMAN1.0] [2010/08/10 20:05:22, 3] smbd/negprot.c:(505) Requested protocol [Windows for Workgroups 3.1a] [2010/08/10 20:05:22, 3] smbd/negprot.c:(505) Requested protocol [LM1.2X002] [2010/08/10 20:05:22, 3] smbd/negprot.c:(505) Requested protocol [LANMAN2.1] [2010/08/10 20:05:22, 3] smbd/negprot.c:(505) Requested protocol [NT LM 0.12] [2010/08/10 20:05:22, 3] smbd/negprot.c:(505) Requested protocol [SMB 2.002] [2010/08/10 20:05:22, 5] smbd/connection.c:(182) claiming 0 [2010/08/10 20:05:22, 3] smbd/negprot.c:(364) using SPNEGO [2010/08/10 20:05:22, 3] smbd/negprot.c:(606) Selected protocol NT LM 0.12 [2010/08/10 20:05:22, 5] smbd/negprot.c:(612) negprot index=5 [2010/08/10 20:05:22, 5] lib/util.c:(484) [2010/08/10 20:05:22, 5] lib/util.c:(494) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]=5 (0x5) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=24832 (0x6100) smb_vwv[ 8]= 82 (0x52) smb_vwv[ 9]=64512 (0xFC00) smb_vwv[10]= 243 (0xF3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=39069 (0x989D) smb_vwv[13]=63911 (0xF9A7) smb_vwv[14]=52024 (0xCB38) smb_vwv[15]=26625 (0x6801) smb_vwv[16]=1 (0x1) smb_bcc=104 [2010/08/10 20:05:22, 3] smbd/process.c:(1083) Transaction 1 of length 1640 [2010/08/10 20:05:22, 5] lib/util.c:(484) [2010/08/10 20:05:22, 5] lib/util.c:(494) size=1636 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=0 (0x0) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]=0 (0x0) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]=0 (0x0) smb_vwv[ 7]= 1573 (0x625) smb_vwv[ 8]=0 (0x0) smb_vwv[ 9]=0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=1577 [2010/08/10 20:05:22, 3] smbd/process.c:(932) switch message SMBsesssetupX (pid 21089) conn 0x0 [2010/08/10 20:05:22, 3] smbd/sec_ctx.c:(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/08/10 20:05:22, 5] auth/auth_util.c:(448) NT user token: (NULL) [2010/08/10 20:05:22, 5] auth/auth_util.c:(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/08/10 20:05:22, 5] smbd/uid.c:(338) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/08/10 20:05:22, 3] smbd/sesssetup.c:(1258) wct=12 flg2=0xc807 [2010/08/10 20:05:22, 2] smbd/sesssetup.c:(1214) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/08/10 20:05:22, 3] smbd/sesssetup.c:(1040) Doing spnego session setup [2010/08/10 20:05:22, 3] smbd/sesssetup.c:(1071) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2010/08/10 20:05:22, 5] smbd/sesssetup.c:(669) parse_spnego_mechanisms: Got OID 1 2 840 48018 1 2 2 [2010/08/10 20:05:22, 5] smbd/sesssetup.c:(669) parse_spnego_mechanisms: Got OID 1 2 840 113554 1 2 2 [2010/08/10 20:05:22, 5] smbd/sesssetup.c:(669) parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 [2010/08/10 20:05:22, 3] smbd/sesssetup.c:(699) reply_spnego_negotiate: Got secblob of size 1507 [2010/08/10 20:05:22, 3] libads/kerberos_verify.c:(427) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2010/08/10 20:05:22, 1] smbd/sesssetup.c:(316) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2010/08/10 20:05:22, 3] smbd/error.c:(106) error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2010/08/10 20:05:22, 5] lib/util.c:(484) This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this mes
Re: [Samba] best way to deal with Windows 7 (.V2) profiles?
>>> On 2010/08/09 at 11:25, Stefan Onken wrote: > Hello, > > I have some users using sometimes Windows XP and sometimes Windows 7. In > my smb.comf I only have one profile section, now Samba is creating both > "profile" and "profile.V2" in the /home/ directory. Resulting in > using twice the disk space. > > 1) Is there any way to link them ? No...version 1 profiles (anything pre-Vista) are completely incompatible with version 2 profiles (Vista and later). You can make sure that the My Documents folder is not stored with the profile and is stored elsewhere on the network, and this should alleviate some of the disk space requirements. But they cannot be linked or be in the same folder. > 2) Do I need a profile.V2 section in my smb.conf? > If you want \\server\profile.V2 to point to /home//Profile.V2, yes, you'll need another section. Basically, Vista and higher take your profile directory specified in your SAM (NT, Samba, or AD) database and just tack on the ".V2" to get the path of the new profile. -Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Another WINS Question/Issue
> > Try setting the required names to be "sticky" (i.e. infinite ttl) in the > wins.dat file > that nmbd reads on startup. > > Jeremy. Apologies in advance for the ignorance...what's the best way to go about doing that?? Thanks, Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Another WINS Question/Issue
As previously posted, I've migrated my WINS server over to Samba. I've run into one issue, and have one question, about WINS functionality: - The default expiration time for WINS entries is 6 days. For my client systems, this isn't a problem, as most of them reboot, renew DHCP leases, etc., often enough that they are forced to send WINS updates every day or so. However, I found this morning, 6 days after implementing my Samba WINS server, that my NT4 Domain Controllers do not send updates every 6 days, or at least not in a way that forces Samba to keep the WINS entries in the database. So, is there something I should tweak, either on the Samba side or the NT4 side, that will allow this to work properly? I don't plan on having NT4 around all that much longer, as I'm going to migrate domain control to Samba, but for the time being, I'd like to avoid a repeat. - The Samba man page for smb.conf has always advised not to operate more than one Samba WINS server on your network (wins support = yes). However, I found the remote browse sync option, which looks to be capable of doing some basic browse list synchronization across subnets, and was wondering if this would allow me to safely operate more than one WINS server on my network. Obviously the WINS servers would be on different subnets, and I also understand perfectly that this does not provide full WINS database replication the way that NT4/2000/2003/2008 can provide. However, in situations where I may have a firewall or WAN link between the two sites, is it safe and/or useful to use this option and point the WINS servers at each other? Thanks, in advance, for any insight! -Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Risks of NT4 -> Samba Migration
I have a Windows NT4 domain that I'm considering migrating to Samba. It has three domain controllers, all of which are WINS servers, about 350 computers and around 250 users. It also has a trust relationship with an Active Directory domain. I'd be migrating to three Samba servers backed by LDAP and only one of them running WINS. I'm using the net rpc vampire method described in the Samba Guide. My concerns are the following: - Make sure trust relationship carries over without problems. - Machine accounts - I don't want to have to rejoin all the computers to the domain. - Single WINS Server I'm wondering if anyone has any experience with this - configurations similar to this, etc. - and what problems you ran into, how you solved them, etc. My main concern is that it's a hard cutover - I can't have both the NT4 and Samba systems running in live mode concurrently, so I have to shut down the old and hope the new works correctly. I'm also concerned about a single WINS server being sufficient. Thanks for any input! -Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] joining 2008 DC
Various versions - 3.3.x, for the most part, I believe. Are you running Server 2008 or Server 2008 R2? >>> On 2010/07/01 at 12:30, Indexer wrote: > On 02/07/2010, at 3:34 AM, Nick Couchman wrote: > >> We have several Samba systems of varying versions joined to our Windows >> Server 2008 Active Directory domain. I don't recall having to do >> anything special to get it working. >> > > That is interesting, as i have just been tearing out my hair for a few hours > attempting to get a server 2008 system to join the samba PDC. What version of > samba are you using? > > William This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] joining 2008 DC
We have several Samba systems of varying versions joined to our Windows Server 2008 Active Directory domain. I don't recall having to do anything special to get it working. -Nick >>> On 2010/06/30 at 09:23, wrote: > Hi, > > We have installed Samba version 3.3.7 on AIX server. > So we use AIX version 6.1 > samba sw pware.samba.rte 3.3.7.0 > > actually connected to WIN 2003 DC > > We would like to upgrade our DC to WIN 2008, so the question is: > > can we stay with installed Samba and go towards to upgrade DC to WIN2008 ? > or do we have to also upgrade Samba itself ? I mean before joining the new > domain on WIN 2008 DC. > > thanx alot for your answer, > > best regards, > > > Ji*í Koutník > RaiffeisenBank, a.s. > tel: +420 222 115 105 > mobil: +420 603 808 302 > Czech Republic This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Symlink Issue
Must be it...I'll have to go run down the source package for this version of Samba that comes with SLES11 and look for that backport. As soon as I set unix extensions to no, it started working. Thanks!! -Nick >>> On 2010/06/17 at 11:57, Dale Schroeder >>> wrote: > Nick, > > Is it possible that Suse has backported the fix for Bug #7104 > <https://bugzilla.samba.org/show_bug.cgi?id=7104> into your version? > I believe the lowest version from samba.org with this fix is 3.3.11 > <http://www.samba.org/samba/history/samba-3.3.11.html> > > Dale > > On 06/17/2010 11:39 AM, Nick Couchman wrote: >> I've recently upgraded a server and am having an issue with symlinks that > used to work but are now broken. The links are on one of the filesystems > shared by Samba, but point to directories on an NFS-mounted volume. The > permissions and export on the NFS volume are such that both root and normal > users on this Samba server can access the contents correctly. However, when > I try to follow the symlink in Samba via a Windows client, I receive an > "Access is denied" error. This actually does not seem to be limited to > NFS-mounted volumes - symlinks don't seem to be working across any of the > local filesystems, but they are working within a single filesystem. My > smb.conf file does contain "wide links = yes" and "follow symlinks = yes" > both for the particular share about which I'm concerned and in the global > section, but that doesn't seem to help. Here are some system details: >> >> O/S: SLES11 2.6.27.45-0.1-xen x86_64 >> Samba: 3.2.7-11.9.1-2306-SUSE-CODE11 >> >> Thanks, >> Nick >> This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Symlink Issue
I've recently upgraded a server and am having an issue with symlinks that used to work but are now broken. The links are on one of the filesystems shared by Samba, but point to directories on an NFS-mounted volume. The permissions and export on the NFS volume are such that both root and normal users on this Samba server can access the contents correctly. However, when I try to follow the symlink in Samba via a Windows client, I receive an "Access is denied" error. This actually does not seem to be limited to NFS-mounted volumes - symlinks don't seem to be working across any of the local filesystems, but they are working within a single filesystem. My smb.conf file does contain "wide links = yes" and "follow symlinks = yes" both for the particular share about which I'm concerned and in the global section, but that doesn't seem to help. Here are some system details: O/S: SLES11 2.6.27.45-0.1-xen x86_64 Samba: 3.2.7-11.9.1-2306-SUSE-CODE11 Thanks, Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net ads join: Aborted
>>> On 2010/05/27 at 08:48, "Nick Couchman" wrote: > I'm having trouble getting a host to join an ADS domain/realm. I have > smb.conf set correctly, with the workgroup, realm, and security = ads > specified. However, when I try to join with the command: net ads join -U > Administrator, I simple get the message "Aborted" and it does not join the > domain. If I use the -d flag to enable debugging, I see the following toward > the end of the output: > This problem seems to only occur in Samba 3.5.3 on a certain machine. I have two machines, both running Opensuse 11.2 and using the OBS Samba repository. One of them allows me to join the AD domain, the other throws the error in the previous message. No idea what's going on - Samba packages, krb5 packages, nss, etc., are all exactly the same. -Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net ads join: Aborted
I'm having trouble getting a host to join an ADS domain/realm. I have smb.conf
set correctly, with the workgroup, realm, and security = ads specified.
However, when I try to join with the command: net ads join -U Administrator, I
simple get the message "Aborted" and it does not join the domain. If I use the
-d flag to enable debugging, I see the following toward the end of the output:
[2010/05/27 08:44:33.261144, 3] libads/sasl.c:790(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got server principal name =
not_defined_in_rfc4...@please_ignore
[2010/05/27 08:44:33.261484, 3] libsmb/clikrb5.c:698(ads_krb5_mk_req)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2010/05/27 08:44:33.288414, 3] libsmb/clikrb5.c:620(ads_cleanup_expired_creds)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Thu,
27 May 2010 18:44:33 MDT
[2010/05/27 08:44:33.288453, 3] libsmb/clikrb5.c:743(ads_krb5_mk_req)
ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT
[2010/05/27 08:44:33.296939, 3] libads/ldap.c:2908(ads_domain_func_level)
ads_domain_func_level: 0
[2010/05/27 08:44:33.297755, 2] libads/ldap.c:3363(ads_get_upn)
ads_get_upn: No userPrincipalName attribute!
[2010/05/27 08:44:33.297787, 3]
libads/kerberos.c:445(kerberos_secrets_store_des_salt)
kerberos_secrets_store_des_salt: Storing salt
"host/xenprint.ad.seakr@ad.seakr.com"
Aborted
The output from another system (same O/S, same Samba version, same krb5
version, etc.) contains similar output, except that there's continue output
after the "Storing salt" message. If I use strace, I see the following:
write(7, "0c\2\1\10c^\4\25dc=AD,dc=SEAKR,dc=COM\n\1"..., 101) = 101
gettimeofday({1274971641, 629786}, NULL) = 0
poll([{fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 15000) = 1 ([{fd=7,
revents=POLLIN}])
read(7, "0\204\0\0\r\271\2\1", 8) = 8
read(7, "\10d\204\0\0\r\260\4.CN=xenprint,CN=Computer"..., 3511) = 3511
gettimeofday({1274971641, 630532}, NULL) = 0
poll([{fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 14999) = 1 ([{fd=7,
revents=POLLIN}])
read(7, "0\204\0\0\0E\2\1", 8) = 8
read(7, "\10s\204\0\0\0<\4:ldap://ad.seakr.com/CN=";..., 67) = 67
gettimeofday({1274971641, 630706}, NULL) = 0
poll([{fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 14999) = 1 ([{fd=7,
revents=POLLIN}])
read(7, "0\204\0\0\0\20\2\1", 8)= 8
read(7, "\10e\204\0\0\0\7\n\1\0\4\0\4\0", 14) = 14
rt_sigaction(SIGALRM, {0x1, [ALRM], SA_RESTORER, 0x7ffeb08d7560},
{0x7ffeb33135e0, [ALRM], SA_RESTORER, 0x7ffeb08d7560}, 8) = 0
alarm(0)= 15
fcntl(3, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=8, len=1}) = 0
fcntl(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=168, len=0}) = 0
fstat(3, {st_mode=S_IFREG|0600, st_size=45056, ...}) = 0
fcntl(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=168, len=0}) = 0
fcntl(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=8, len=1}) = 0
fcntl(6, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=552, len=1}) = 0
fcntl(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=552, len=1}) = 0
fcntl(5, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=552, len=1}) = 0
fcntl(5, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=552, len=1}) = 0
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
tgkill(5304, 5304, SIGABRT) = 0
--- SIGABRT (Aborted) @ 0 (0) ---
+++ killed by SIGABRT +++
Any ideas what would cause a SIGABRT on this process?
Thanks,
Nick
This e-mail may contain confidential and privileged material for the sole use
of the intended recipient. If this email is not intended for you, or you are
not responsible for the delivery of this message to the intended recipient,
please note that this message may contain SEAKR Engineering (SEAKR)
Privileged/Proprietary Information. In such a case, you are strictly
prohibited from downloading, photocopying, distributing or otherwise using this
message, its contents or attachments in any way. If you have received this
message in error, please notify us immediately by replying to this e-mail and
delete the message from your mailbox. Information contained in this message
that does not relate to the business of SEAKR is neither endorsed by nor
attributable to SEAKR.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + CUPS
> if it going on for all printers add to smb.conf > cups options = "job-hold-until=indefinite" I don't mean to be difficult, but, if I read the smb.conf man page correctly, this means that all jobs printed through Samba to CUPS will be held indefinitely. This is not the behavior I'm looking for - I need users to be able to choose for jobs to be held, otherwise they need to be printed immediately. If I indicated elsewhere that I was looking for this all of the time, I apologize for the confusion. Right now, we use the "hold" feature of our Canon-based copiers for folks who need to print out sensitive documents - e.g. personnel reviews - so that they have a place to print it to that is password protected and so that it's not sitting on the printer. Most of the printing we do does not fall under that heading, so having it print immediately is desirable. -Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + CUPS
> The -o job-hold-until=when option tells CUPS to delay printing until the > "when" time, which can be one of the following: Well, I found the option in the Printing Preferences under the Windows driver, but setting it has no effect - the job prints immediately. Something else I need to do? This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + CUPS
> for printer queue holding managed by cups so can be deployed on any printer. > have a look at the following cups options > Holding Jobs for Later Printing > The -o job-hold-until=when option tells CUPS to delay printing until the > "when" time, which can be one of the following: > * -o job-hold-until=indefinite; print only after released by the user or > an administrator > * -o job-hold-until=day-time; print from 6am to 6pm local time > * -o job-hold-until=night; print from 6pm to 6am local time > * -o job-hold-until=second-shift; print from 4pm to 12am local time > * -o job-hold-until=third-shift; print from 12am to 8am local time > * -o job-hold-until=weekend; print on Saturday or Sunday > * -o job-hold-until=HH:MM; print at the specified UTC time Okay - I'm definitely open to this possibility. Do the CUPS Windows drivers support the use of these options? The main place where I need the job hold support is for Windows-based clients, so I need to make sure it works okay there. Thanks! -Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + CUPS
> >> >> the whole point of using CUPS is to get rid of the broken drivers in the >> first place >> >> all PPD options are passed though to the windows client >> http://svn.easysw.com/public/windows/trunk/x64/ >> http://svn.easysw.com/public/windows/trunk/i386/ >> > This may just work, except that the PPD file provided by Ricoh does not contain the option for the Document Server functionality on the copier, so I can't send jobs to the "Hold Queue" or document "mailboxes" on the copier. I'm going to hit Ricoh up about that one - seems like something that should be in the PPD file. -Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + CUPS
> Ricoh-Aficio_MP_C4500 supports postscript and has a manufacture ppd so there > are no issues like that here > > http://www.openprinting.org/printer/Ricoh/Ricoh-Aficio_MP_C4500 > Yes, and I actually have the PPD installed for the MP C6501SP that I'm using. However, the PPD doesn't seem to include all of the options - like the Document Server/Mailbox printer - that I need. I don't really need these functions on non-Windows platforms, but I definitely need them for some of my Windows-based users. If the PPD doesn't contain the options, then the functionality obviously won't be passed through. > the Canon imageRunner also has supported drivers. Yes, Canon stuff works fine for me - no issues there. > > the whole point of using CUPS is to get rid of the broken drivers in the > first place > > all PPD options are passed though to the windows client > http://svn.easysw.com/public/windows/trunk/x64/ > http://svn.easysw.com/public/windows/trunk/i386/ > Okay - I'll definitely try it out. > > Scanning to email ( configure the printer to read from LDAP) and network > scanning use SANE > > windows print drivers can do either because there not related to printing. Right. > > try it and see how you go it can't do any harm. > Will do. Thanks! -Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + CUPS
> Which driver are you referring to? Does the driver not have options to > disable printer communication? It's a driver for a Ricoh Aficio MP C6501SP. No, there is no option to disable bi-directional printer communication. My Canon imageRunner drivers do have this option, and even let you specify the hostname/IP address that they can talk to for the bi-di support, but the Ricoh drivers seem to rely on the ability to communicate directly with the printer, and they seem to rely on Windows to deliver the correct port information to attempt that communication. -Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + CUPS
>>> On 2010/05/20 at 13:43, Damien J Dye wrote: > Why are you not using the cups printer drivers in the cups enviroment there > are both x64 and i386 versions and gets round the issues with broken drivers > and allows cups features to be passed to windows. > There are several "special" function of my printers (networked copiers, actually) that need to be supported, and I don't believe the CUPS driver contains this support. Things like sending the printout to a storage box on the copier that waits for someone to walk up and print it (Mailbox/Document Server), duplexing, hole punching, stapling, N-up, etc. I have not tried the CUPS printer drivers, yet, so perhaps these features get passed through, but some of those features aren't even present in the PPD file that I use for CUPS. -Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + CUPS
> > Have you looked at granting rights like: > > net -U"ADuser" rpc rights grant "ADdomaingroup" SePrintOperatorPrivilege > > There are several different privileges that can be granted in this manner. Thanks, Mike, I actually figured out the issue, thought I'm not sure why this is the case. According to the current Samba startup and documentation, the "printer admin" option is deprecated; however, setting this option (in addition to admin users) seemed to make things work. So, I'm not sure what is supposed to replace the "printer admin" option (perhaps the RPC rights you mention above??), but it seems it's still necessary to make things work correctly. By the way, the user account in AD (and NT4) is in the Domain Admins group and the Enterprise Admins group, so these rights should already be granted. I'll double-check when I get a second, though. On to my next question. I'm in an enterprise environment where I'm using CUPS + Samba to serve out printers to my entire organization. Most of these printers are network-attached, and some of the more recent drivers expect to be able to communicate directly with the printer, instead of talking through the CIFS service. Some of the drivers allow you to point it at a specific IP/hostname, however, others try to communicate automatically by grabbing the Port information from the printer. Since Samba doesn't truly give the port that the printer is connected to, this is proving to be problematic for a couple of my printers. When you use Windows Server as a print server, it seems like, instead of directing printing through it, all it does is give the printer definitions to the client, and allows the client to communicate directly with the printer. I can see where this behavior would be undesirable in many situations - if you're truly trying to control printing, manage access, and centralize things, this doesn't really accomplish that task. However, with the issue I mention above with printer drivers requiring bi-directional communication to function properly, it seems this is the behavior that I actually need. Does anyone know if it's possible to have Samba pass through the "real" port information? I've tried to use the "enumports command=" option in smb.conf and list out ports, but this just seems to give a short list of Local Ports to the computer, and doesn't really allow you to enumerate things like Standard TCP/IP Ports. Ideas? Suggestions? Work-arounds? Advice? Thanks! -Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba + CUPS
I'm attempting to configure Samba with CUPS as a centralized print server. I've done this in the past - my current production server is running Samba 3.2.14. On my current production server, I have several users set up as either "admin users" or "print admin" users so that they can manage the drivers, etc., on the Samba server. In setting up my new server, I'm running into some issues with this. The main problem is that, no matter what options I change for the printers and print$ shares, and no matter what users I add in as either admin users or printer admin users, when I go to the properties of either a printer or the entire server, everything is read-only. I cannot add/upload drivers to the server, etc. I've even manually gone to the \\\print$ share and verified that I have write access to that folder. But, for some reason, I cannot add drivers, change settings, etc., on the new server. Differences are: - Old Server: Gentoo; New Server: openSuSE 11.2 - Old Server: Samba 3.2.14; New Server: Samba 3.5.3 - Old Server: NT4 Domain Member; New Server: ADS Member As far as the differences go, I've already verified that the same behavior occurs when the new server is part of the NT4 domain instead of the AD domain. So, I'm really down to either something having changed in Samba versions sometime after 3.2, or something about how the packages are compiled. Perhaps someone can help me figure out what I'm missing that's causing this behavior? Find my smb.conf file below... Thanks - Nick [global] workgroup = MYDOMAIN passdb backend = tdbsam printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Never domain logons = No domain master = No security = domain admin users = @wheel log file = /var/log/samba/%m.log log level = 2 wins server = 1.2.3.4 5.6.7.8 [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin @wheel root force group = wheel create mask = 0664 directory mask = 0775 This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: NT4 to Samba Migration and Trusted Domains
Well, I've managed to trace down my issue to some degree or another. I was continuing to play with my Samba servers to figure out what was going on, and I noticed that one of my older Samba3 servers worked okay. I checked the version and it is running Samba 3.0.14. My other server that's causing problems, as well as the test machine that I'm using are running version 3.0.22. I started downloading and compiling the Samba versions in between 3.0.14 and 3.0.22 and managed to track it down to a something that changed in between version 3.0.20b and 3.0.21. The RC and PRE versions of 3.0.21 aren't available anymore, so I can't get much more precise than that. I also don't know exactly which change would have caused this. I'm in the process of looking at the WHATSNEW.txt file and doing a diff between the two source trees to see if I can figure out what change might be causing this. I'm not a very good programmer, so my odds of actually finding and correcting the problem are probably fairly limited. If anyone has any insight into what might have changed or what can be done about it, that would be great. I'll also look into filing a bug report, unless sommeone can tell me that this behavior is intentional. Thanks, Nick Couchman On Tue, 2006-10-17 at 12:43 -0600, Nick Couchman wrote: > Well, I'm attempting to migrate my old NT4-based domain to Samba3. I've > got Samba set up with an LDAP backend, I've extended my NDS schema, and > I've got users in this new domain set up successfully and authenticating. > I've decided that the best, most seamless way to migrate my domain is to > create a new domain which will run alongside the old domain. A > two-way trust relationship between the two domains should allow me share > folders on servers located on either domain with users on either domain. > This way, I'll be able to migrate users, groups, and computers at my > leisure from one domain to another. > > So, I've also successfully configured the trust relationship (I think). I > go to a Windows machine that is a member of my original domain (DOMA) and > I can log in with a user on either DOMA or my new domain (DOMB). I can > also modify file shares on these computers and give users on either domain > access to my files, etc. > > I have a multi-subnet environment, so my Windows NT4 machines are running > WINS to make sure that all computers in the domain can find a logon > server. I've configured my new Samba servers to point to these WINS > servers for now to reduce the number of things that I have to deal with > migrating at one time. > > The issue that I'm running into is this: my Samba servers on DOMA (my > primary file servers for the entire company) don't want to authenticate > users on DOMB. Users from DOMA can successfully authenticate, but users > from DOMB get the following message from smbclient: > session setup failed: NT_STATUS_NO_LOGON_SERVERS > > If I look at the log file on the Samba server, I see the following > message: > > [2006/10/17 11:50:05, 0] auth/auth_domain.c:domain_client_validate(242) > domain_client_validate: unable to validate password for user USER in > domain DOMB to Domain controller DOMA-PDC. Error was > NT_STATUS_UNSUCCESSFUL. > > > It seems that Samba is connecting to the domain controller for which it is > a member (DOMA) and trying to authenticate the user from DOMB. Obviously > this fails, and it seems that Samba doesn't know how to go find a > different domain controller for the correct domain and authenticate. > > Some additional info - the Samba server having this issue is running Samba > 3.0.22 on SuSE 10.1 Pro. The usernames on DOMA and DOMB are exactly the > same, and the Samba server is getting username info from the same LDAP > directory that services the DOMB PDC and that Samba on that PDC points to > for its user information. Here's the smb.conf file from one of the Samba > servers experiencing this problem: > > [global] > workgroup = DOMA > security = domain > wins server = 10.0.0.1 10.0.0.2 10.0.0.3 > allow trusted domains = yes > password server = * > # auth methods = trustdomain > idmap uid = 1-2 > idmap gid = 1-2 > template primary group = "Domain Users" > template shell = "/bin/bash" > log level = 3 > > [tmp] > path = /tmp > comment = Temp Directory > > I can provide more detailed log files, if necessary. > > Thanks, > Nick > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT4 to Samba Migration and Trusted Domains
Well, I'm attempting to migrate my old NT4-based domain to Samba3. I've got Samba set up with an LDAP backend, I've extended my NDS schema, and I've got users in this new domain set up successfully and authenticating. I've decided that the best, most seamless way to migrate my domain is to create a new domain which will run alongside the old domain. A two-way trust relationship between the two domains should allow me share folders on servers located on either domain with users on either domain. This way, I'll be able to migrate users, groups, and computers at my leisure from one domain to another. So, I've also successfully configured the trust relationship (I think). I go to a Windows machine that is a member of my original domain (DOMA) and I can log in with a user on either DOMA or my new domain (DOMB). I can also modify file shares on these computers and give users on either domain access to my files, etc. I have a multi-subnet environment, so my Windows NT4 machines are running WINS to make sure that all computers in the domain can find a logon server. I've configured my new Samba servers to point to these WINS servers for now to reduce the number of things that I have to deal with migrating at one time. The issue that I'm running into is this: my Samba servers on DOMA (my primary file servers for the entire company) don't want to authenticate users on DOMB. Users from DOMA can successfully authenticate, but users from DOMB get the following message from smbclient: session setup failed: NT_STATUS_NO_LOGON_SERVERS If I look at the log file on the Samba server, I see the following message: [2006/10/17 11:50:05, 0] auth/auth_domain.c:domain_client_validate(242) domain_client_validate: unable to validate password for user USER in domain DOMB to Domain controller DOMA-PDC. Error was NT_STATUS_UNSUCCESSFUL. It seems that Samba is connecting to the domain controller for which it is a member (DOMA) and trying to authenticate the user from DOMB. Obviously this fails, and it seems that Samba doesn't know how to go find a different domain controller for the correct domain and authenticate. Some additional info - the Samba server having this issue is running Samba 3.0.22 on SuSE 10.1 Pro. The usernames on DOMA and DOMB are exactly the same, and the Samba server is getting username info from the same LDAP directory that services the DOMB PDC and that Samba on that PDC points to for its user information. Here's the smb.conf file from one of the Samba servers experiencing this problem: [global] workgroup = DOMA security = domain wins server = 10.0.0.1 10.0.0.2 10.0.0.3 allow trusted domains = yes password server = * # auth methods = trustdomain idmap uid = 1-2 idmap gid = 1-2 template primary group = "Domain Users" template shell = "/bin/bash" log level = 3 [tmp] path = /tmp comment = Temp Directory I can provide more detailed log files, if necessary. Thanks, Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
