Re: [Samba] [SOLVED] Samba 3.0.11 doesn't work on Fedora Core 2
Philip Burrow wrote: Andrew Bartlett wrote: I think it's a bug in the version of nss_ldap included in FC2. I run with this patch (removing an optimisation in our handling on LDAP). Perhaps the smbldap part of the changes are not required... Hi Andrew, What I have found is that 3.0.10 works fine on Fedora 1 and 2, but 3.0.11 and the 3.0.12 prerelease suffers the issue described by me earlier and by Dimitry here. I built from SRPMS provided on samba.org in all cases. Just following up my own post, I obtained nss_ldap-220-3.src.rpm (used in FC3) for a FC1 machine, built and installed it then rebuilt Samba 3.0.12pre1 and installed. This appears to have fixed the problem. I was using nss_ldap-217-1 on both my FC1 and FC2 machines, hence why it wasn't working on both. I since tested 3.0.11 and it worked too. Thanks Andrew for your comments. Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.11 doesn't work on Fedora Core 2
Andrew Bartlett wrote: On Tue, 2005-03-01 at 09:46 +0300, Dmitry V. Korotkov wrote: Hi! I am not alone. Philip Burrow [http://lists.samba.org/archive/samba/2005-February/100848.html] has the same problem on Fedora Core 1. I've downloaded samba-3.0.11-1.src.rpm from samba.org, built samba RPM packages and updated samba-3.0.8 (it is configured to be PDC with LDAP sam database). When I restart samba, server appears in network and shares are working, but soon server disappears. I think it's a bug in the version of nss_ldap included in FC2. I run with this patch (removing an optimisation in our handling on LDAP). Perhaps the smbldap part of the changes are not required... Hi Andrew, What I have found is that 3.0.10 works fine on Fedora 1 and 2, but 3.0.11 and the 3.0.12 prerelease suffers the issue described by me earlier and by Dimitry here. I built from SRPMS provided on samba.org in all cases. It is related to LDAP, as if I comment out the passdb backend=ldapsam:ldap://localhost directive from the config file, the errors from smbclient stop. Unfortunately it doesn't use LDAP, which is what I want. After restarting smbd/nmbd with 3.0.11 or 3.0.12pre1, I get a share list and this error when I do smbclient -L localhost: "session setup failed: Call returned zero bytes (EOF) NetBIOS over TCP disabled -- no workgroup available" Then if I repeat smbclient -L localhost, I get the following only: "protocol negotiation failed" With the above smb.conf directive enabled, the LDAP logs show Samba querying the LDAP server, and there doesn't appear to be a lot wrong with whats happening. It just doesn't work right! Is there a known working version of nss_ldap that we can try? Which patch are you referring to? Many thanks, Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Smbclient - protocol negotiation failed
Hi I just built samba 3.0.11 RPM's from the SRPM provided on samba.org. I'm using Fedora 1, 2.4 kernel. smbclient is causing me an unusual problem. When I start smbd and nmbd and issue: smbclient -d3 -L localhost, I see the following: smbclient -d3 -L localhost lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" added interface ip=10.0.3.1 bcast=10.0.3.255 nmask=255.255.255.0 added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 Client started (version 3.0.11). resolve_hosts: Attempting host lookup for name localhost<0x20> Connecting to 127.0.0.1 at port 445 Password: Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 SPNEGO login failed: Logon failure Anonymous login successful Domain=[INGHAMS] OS=[Unix] Server=[Samba 3.0.11] Sharename Type Comment - --- netlogonDisk Network Logon Service print$ Disk Printer Drivers Share pub Disk IPC$IPC IPC Service (My PDC (Samba 3.0.11)) ADMIN$ IPC IPC Service (My PDC (Samba 3.0.11)) Connecting to 127.0.0.1 at port 139 session request to LOCALHOST failed (Call returned zero bytes (EOF)) Connecting to 127.0.0.1 at port 139 session request to *SMBSERVER failed (Call returned zero bytes (EOF)) NetBIOS over TCP disabled -- no workgroup available Then if I try it again I see this: smbclient -d3 -L localhost lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" added interface ip=10.0.3.1 bcast=10.0.3.255 nmask=255.255.255.0 added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 Client started (version 3.0.11). Connecting to 127.0.0.1 at port 445 protocol negotiation failed If I name the samba server I see exactly the same. Any clues to this? It happens every time. If required I'll gladly post any config stuff needed to resolve this. Thanks for any hints, Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: How Samba let us down
- Original Message - From: Most of you Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, October 23, 2002 10:14 PM Subject: Re: [Samba] Re: How Samba let us down > etc etc Well this one certainly roused you all. Must it be the case that you all jump in to reply to this unhelpful garbage yet when someone posts a 'simple' query they often don't get any replies. Phil. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cant find uid=0
> > Must there be an instance of 'root' in Samba LDAP backends? I've ploughed > > through the idealx HOWTO for this, but Messrs Lemaire don't explicitly > > create a root user. Can someone help? > > Don't make the user you use to join the domain an 'admin user', either > use root, or a member of the 'domain admins group'. Yes, this is > confusing, and is fixed in 3.0 Thanks for the response Andrew. Are you saying that if the user I am using is in both admin users and domain admin group, it wont work, and that if the user is in domain admin group only, it will work and wont search for a root user? Phil. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cant find uid=0
Im having a problem adding machines to a domain. All has been fine until today. This is the output when I try to add a machine (WinXP). It appears to be looking for a root user in my LDAP directory but isnt finding it (because there isnt a user 'root' there). User 'Administrator' exists. Must there be an instance of 'root' in Samba LDAP backends? I've ploughed through the idealx HOWTO for this, but Messrs Lemaire don't explicitly create a root user. Can someone help? [2002/10/11 17:34:27, 0] smbd/service.c:make_connection(381) make_connection: administrator logged in as admin user (root privileges) [2002/10/11 17:34:28, 0] smbd/service.c:make_connection(381) make_connection: administrator logged in as admin user (root privileges) [2002/10/11 17:34:28, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(670) api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO. [2002/10/11 17:34:29, 0] passdb/pdb_ldap.c:pdb_getsampwnam(858) LDAP search "(&(uid=root)(objectclass=sambaAccount))" returned 0 entries. [2002/10/11 17:34:29, 0] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2480) _samr_set_userinfo: Unable to get smbpasswd entry for uid 0 then further on it'll say: [2002/10/11 17:43:03, 1] smbd/password.c:pass_check_smb(545) Couldn't find user 'root' in passdb. [2002/10/11 17:43:03, 1] smbd/reply.c:reply_sesssetup_and_X(998) Rejecting user 'root': authentication failed Phil. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printer settings problem 2.2.6pre2
> On Wed, 25 Sep 2002, Philip T Burrow wrote: > > > I am trying to apply some settings to a printer shared by Samba, > > including installing the drivers. I notice that I must be in printer > > admin or be root in order to do this, and I am. The logs say that I'm > > "logged in as admin user (root privileges)" which I assume is correct. > > an "admin user" is different from actually connecting as root or > as a "printer admin" Regardless, I was in both in smb.conf when I experienced the problem. P. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Properties & File xfer slow over VPN
I'm running a couple of domains across a FreeSWAN VPN. I have one WINS server which everything uses. Browsing works, etc. The only problem is that file transfers are *incredibly* slow and it takes an age to bring up the properties for anything. I appreciate this could be down to the link speed, but the upstreams of all connections are 256k and are only lightly used, with pings across the VPN being around 60ms, so I would expect around 15k/s. I get more like 3k/s. FTP is fast, so I guess it's Samba. There appears to be loads of network activity on the Windows (XP) clients I'm using to test. I have this set on all of the Samba boxes: socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 Should I just experiment with these options? Phil. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+PDC+LDAP (add user script + unix passwd sync) Can't call perl script
> Hi, i've compiled samba 2.2.4 on a Redhat 7.1 machine, working > with openldap 2.0.23. I also downloaded smbldap-tools from IDEALX > which i fixed myself to fit my needs. Everything work very fine > when running the scripts in shell mode... but! I had something like this. Check your password chat and make sure you set it to what it actually is when you run it on the shell. I can't remember off-hand what mine at work is, but I will post it tomorrow. The default from the IDEALX howto did not work for me. There's also a problem with smbldap-passwd.pl whereby the wrong ldappasswd command is issued in the script: $ret = system "$ldappasswd $dn -s $pass > /dev/null"; should be: $ret = system "$ldappasswd -s $pass $dn > /dev/null"; Increase your log level and check your logs, because this is how I found out what mine was doing. HTH Phil -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 2.2.3a machine accounts not created
Hi, I'm having a problem with 2.2.3a. I have successfully set up an LDAP directory to support a Samba 2.2.3a domain. The problem is that Samba is not automatically adding machine accounts. Indeed, it's not even running my add user script. Thus I can't join client workstations to the domain unless I manually add an account (which works). I have created an Administrator account, and put it into the Domain Admins group as per the LDAP-PDC howto on idealx. I have run smbpasswd -w successfully, and manually executing my "add user script" works fine for adding users and workstations. Any ideas anyone? Here's my globals from smb.conf: [global] workgroup = GROUP netbios name = MY_SRV server string = Samba Server security = user interfaces = 10.0.1.1/255.255.0.0 127.0.0.1/255.255.255.255 log level = 5 domain logons = yes os level = 99 local master = yes preferred master = yes domain master = yes dns proxy = no wins support = yes domain admin group = "@Domain Admins" add user script = /usr/local/sbin/smbldap-useradd.pl -w -d /dev/null -s /bin/false %u ldap server = 127.0.0.1 ldap port = 389 ldap suffix = "dc=mydomain,dc=com" ldap admin dn = "cn=Manager,dc=mydomain,dc=com" ldap ssl = no oplocks = false encrypt passwords = yes unix password sync = yes passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* Many thanks for any advice. Phil. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] VPN+2.2.3a+LDAP
> > 3. Have a Samba PDC at each site controlling a domain of its own, but all > > using the same LDAP server. > still the same problem > > I think you should modify idea 3 by setting up replicated LDAP on the > PDC (or another machine) at each site. That way everybody can log in > even if the lan is down (though the distributed ldap dbs might diverge > if your wan is down for a long time. Thanks for your thoughts Bradley. I have another bunch of questions which you may be able to enlighten me on :) Am I right in thinking that if I carried out idea 3, with each site having its own unique domain, that the user homes and profiles directories should be specified with an absolute path in the LDAP server? For example, if Joe was logging on to DOMAIN1, should the LDAP directory explicitly say \\DOMAIN1\JOE as his home directory (smbHome), and \\DOMAIN1\JOE\profile for his profile (profilePath)? I would like to have it so that any user could log on at any site and still keep one unique home dir on the Samba server at the site he uses most - so that if in one particular week Joe was at 6 different sites he wouldnt have a profile and home directory at each site - he would just use the one at his main site, DOMAIN1 (I realise this would mean transmitting large amounts of data across a relatively slow WAN). Is it possible for a replicated LDAP database to be used with Samba in this way which allows anyone to log on anywhere to any domain in a large network, yet still keep a unique 'home' ? Cheers, Phil. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] VPN+2.2.3a+LDAP
Hi, I'm after some clarification on a concept I'm toying with, the big question being is it feasible to do this, and are there any things I ought to consider. What I'm after is domain authentication across a multi-subnet VPN. I figured there are three ways of doing this, based on my limited knowledge of Samba (version 2.2.3a): 1. Have a single Samba PDC to control the entire VPN (up to 10 remote sites) using a single LDAP server to authenticate users. 2. Have a Samba server at each site as some sort of pseudo-BDC, all authenticating with a single LDAP server. 3. Have a Samba PDC at each site controlling a domain of its own, but all using the same LDAP server. One requirement I have is that I don't want WAN bandwidth saturating with home directories and user profiles needing to be transmitted across the WAN so I want them stored local to each site, and I think this is possible with Samba and LDAP (is it?). Is this 'shared password server' concept possible with Samba and LDAP? Any URLs or other resources would be great, and I appreciate any help or comments. Please dont tell me to create a trust relationship with Mr Gates. :-) Regards, Phil -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba