[Samba] Again, Windows 7 access to Samba server: Strange performance/delay problems while opening share
Hello list, when i wrote my first mail with this content, I received only the lists digest. To be able to answer, I switched this, to single message mode. So, here again. I have strange performance issue with an single Windows 7 client in a simple network setup with one samba server, and various windows clients (Win XP, Windows 7). All clients can open shares with explorer, without any delay (the share contents are listed directly). But one client, a lenovo Windows 7 Laptop has strange problems opening these same shares. The time from opening a share, until the share is listed, varies betwenn (seldom) direct response, and in most cases delays between 3 and 20 seconds, in seldom extrem cases 1-2 minutes. It is does not depend on the switch port. The problem also appears while being connected with other switch ports, different ethernet cables or on a WLAN/WIFI connection. Because this is the only Windows 7 client with this kind of problems, i reinstalled the machine from scratch (with the lenovo version of windows 7 from the hidden partition), hoping this problem was caused by any kind of windows weiredness (the windows 7 installation was one or two years old). The only change was, there were no more delays in listing shares, longer than 20 seconds, so the core problem still exists. What possibilities do I have, to solve this problem? My next step was, to capture the network traffic this client does, while opening an specific share. I captured also the traffic caused by two other windows 7 clients, which do not have any delay issues while opening the same share. My knowledge about samba network packages is far to low, to be able to find the problem. In my desparation now, I joined this list, hoping there is anybody, who can give me a hint to the right direction, to solve this problem. Is here anybody who can read this traffic dumps, and may be see whet this clients problem is? I could also post thes three traffic dumps, they are small (about 15k each). Who can i contact, to help me solving this problem? Thanks, Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 access to Samba server: Strange performance/delay problems while opening share
Hello list! I have strange performance issue with an single Windows 7 client in a simple network setup with one samba server, and various windows clients (Win XP, Windows 7). All clients can open shares with explorer, without any delay (the share contents are listed directly). But one client, a lenovo Windows 7 Laptop has strange problems opening these same shares. The time from opening a share, until the share is listed, varies betwenn (seldom) direct response, and in most cases delays between 3 and 20 seconds, in seldom extrem cases 1-2 minutes. Because this is the only Windows 7 client with this kind of problems, i reinstalled the machine from scratch (with the lenovo version of windows 7 from the hidden partition), hoping this problem was caused by any kind of windows weiredness (the windows 7 installation was one or two years old). The only change was, there were no more delays in listing shares, longer than 20 seconds, so the core problem still exists. What possibilities do I have, to solve this problem? My next step was, to capture the network traffic this client does, while opening an specific share. I captured also the traffic caused by two other windows 7 clients, which do not have any delay issues while opening the same share. My knowledge about samba network packages is far to low, to be able to find the problem. In my desparation now, I joined this list, hoping there is anybody, who can give me a hint to the right direction, to solve this problem. Thanks, Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Solved] SAMBA 3.6.6 PDC domain not available / no challenge sent to client
Dear all, just to close my posting: I have started with a new configuration of a Samba PDC from scratch in a virtual network with virtual machines and tweaked it until it worked as needed, then copied the smb.conf file to my old configuration. I don't know which of the parameters was bad but however - I was able to join the missing PC to the domain again and to log on successfully. Kind regards, Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA 3.6.6 PDC domain not available / no challenge sent to client
/ [groups] comment = All groups path = /home/groups read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes print ok = Yes use client driver = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin, root force group = ntadmin create mask = 0664 directory mask = 0775 [netlogon] path = /var/lib/samba/netlogon browseable = No [logs] path = /var/log/samba/userlogs read only = No create mask = 0200 browseable = No [public] path = /home/samba/shares/public read only = No guest ok = Yes [lp] comment = HP LaserJet P2015dn path = /var/tmp printable = Yes print ok = Yes printer name = lp use client driver = Yes [lpcolor] comment = HP Officejet Pro 8000 Wireless path = /var/tmp printable = Yes print ok = Yes printer name = lpcolor use client driver = Yes Perhaps somebody here can give me a hint where to look? I did not want to include a logfile with debug level 10 enabled in my first posting ;-) Any help is greatly appreciated but please don't forget that as far as SAMBA is concerned, I am a beginner... Kind regards, Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem joining to a Samba PDC (Probably caused by unix charset)
Hello, trying to join a Windows 7 64-Bit PC to a Samba PDC (3.6.5) fails with message Domain not found or no connection possible. After some testing I found that the problem was caused by the Samba-parameter unix charset = ISO8859-1. When I start the nmbd with same config-file just without the unix charset the PC can join the domain (smbd runs with org. config-file. Samba runs on CentOS6 (en_US.UTF-8)). Is this the expected behavior? (At the moment I need ISO8859-1 because the files were saved with this charset). Best regards, Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] aio and roaming profiles
Dear list, has anyone expierienced syncronisation issues with roaming profiles and aio enabled? Is there a way to disable aio for profiles? Or has somebody a good knowledge playing with samba and aio? Thank you and best regards Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] kerberos configuration in samba
Rajesh Ghanekar rajesh_ghane...@symantec.com wrote: - I guess I don't need to do kinit manually if I am using net ads join command, right? kinit is a good tool for tesing a kerberos workskation, or when doing local GSSAPI authentication. Not needed for samba. In your smb.conf you have to set the realm unless your local domainname matches the realm name (with lower case) - Does samba use SRV records for anything else other than finding out domain controller names? If not, I can do away without them by writing manual entries in /etc/krb5.conf. I will be using DNS, but no SRV records. When using no SRV records you have to set only the domaincontrollers in smb.conf. The other stuff (domainname, ...) is netbios related and does not use DNS. Additionally, the realm name in smb.conf must match a configuration in krb5.conf - I found that even when no SRV records are present and wrong (invalid hosts) IP addresses configured for domain controllers (in smb.conf and /etc/krb5.conf), I am still able to join the domain. I am not sure if there is any component which actually does broadcasting and finds out if any domain controller present using this fallback method? Samba version 3 can act as a Windows NT/200* member server or as a NT4 Domaincontroller (CMIIW). As member server (your config) it uses RPC and/or SMB to join a domain. Kerberos is used by samba to do any local authentication e.g. getting a shell, or accessing network shares, by winbind for example, or pam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Lukas Haase lukasha...@gmx.at wrote: Is this necessary? Does it cause any problems? Only the samba DC must be able to access the machine objects. So if you plan to reduce the scope on your PDC, machine autentication, or joining a machine to domain will allways fail. On client side I can't see problems so far... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Lukas Haase lukasha...@gmx.at schrieb: It would be great if libnss-ldap would support users from different trees (than I could take ou=int,ou=users AND ou=machines) but I guess this is not possible... I don't see a problem here. You can just set up your ldap to ou=users,ou=ext,dc=domain,dc=com ou=groups,ou=ext,dc=domain,dc=com and ou=machines,ou=int,dc=domain,dc=com ou=users,ou=int,dc=domain,dc=com ou=groups,ou=int,dc=domain,dc=com then point libnss on your samba related machines to ou=int,dc=domain,dc=com and any other machines to dc=domain,dc=com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Ralf Hornik Mailings r...@best.homeunix.org schrieb: then point libnss on your samba related machines to ou=int,dc=domain,dc=com and any other machines to dc=domain,dc=com. Sorry, I made a mistake. Point your samba related machines to ou=int,dc=domain,dc=com and your none samba related machines to ou=ext,dc=domain,dc=com You can also use ACL's in ldap to restrict searchable attributes and deny logins. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Lukas Haase lukasha...@gmx.at wrote: Maybe I could use aliases to point the machines branch into the ou=int branch? But I have no experiences with aliases etc. Why don't you simply move the ou=machines into your ou=int? None samba related users do not need machine accounts. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Lukas Haase lukasha...@gmx.at schreibte: Yes I think that is the one solution. But the reason why I did not yet do it is simple: Because the machine Accounts are not users! Machine accounts are very well users! ;-) Respective samba users. So by design they have to reside your samba containers. However you can seperate them by name (as in my suggestion of your LDAP design) but getent will (and should) always find them. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Lukas Haase lukasha...@gmx.at wrote: Sorry to quote myself...but I think that would have another big advantage: I would only need to dereference the aliases on the PDC machine and nowhere other I would have the ugly machine accounts in the system :) As I mentioned before. Move the machines into your samba related ou's and the world will be happy again... ;-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Ralf Hornik Mailings r...@best.homeunix.org schreibte: then point libnss on your samba related machines to ou=int,dc=domain,dc=com and any other machines to dc=domain,dc=com. Sorry, I made a mistake. Point your samba related machines to dc=domain,dc=com and your none samba related machines to ou=ext,dc=domain,dc=com You can also use ACL's in Ldap to restrict the searchable attributes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Forget this mail. It was sent mistakenly... Ralf Hornik r...@ralf-hornik.de wrote: Ralf Hornik Mailings r...@best.homeunix.org wrote then point libnss on your samba related machines to ou=int,dc=domain,dc=com and any other machines to dc=domain,dc=com. Sorry, I made a mistake. Point your samba related machines to dc=domain,dc=com and your none samba related machines to ou=ext,dc=domain,dc=com You can also use ACL's in Ldap to restrict the searchable attributes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- alles bleibt anders... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] kerberos configuration in samba
Rajesh Ghanekar rajesh_ghane...@symantec.com wrote: 4. I can have multiple kdc = entries in /etc/krb5.conf, if I need to manually configure /etc/krb5.conf, but only single admin server = and password server = line. How does this /etc/krb5.conf entry for admin server and password server becomes HA if the machine specified in admin server and password server goes down? As I remember, you can only have one admin server (and password server?), since kerberos only supports read-only slaves, unless Microsoft changed something in the protocol. One idea to make an admin server HA in krb5.conf could be DNS round robin, as far as multiple admin server are really supported. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] kerberos configuration in samba
Rajesh Ghanekar rajesh_ghane...@symantec.com wrote: One idea to make an admin server HA in krb5.conf could be DNS round robin, as far as multiple admin server are really supported. Does other points (#1 - #3) mentioned in my mail holds true or there is still some confusion from my side? Regarding http://www.informit.com/guides/content.aspx?g=securityseqNum=37 kerberos libs should use nss (name service switch), but you can easyly figure it out by trying. ;-) When you have a working DNS with SRV records pointing g to your KDC you can simply move your krb5.conf and try a kinit to get credendials. This should work, when using DNS. However, you also might want to add some entries to nsswitch.conf like rpc: files dns services: files dns or something... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] kerberos configuration in samba
Rajesh Ghanekar rajesh_ghane...@symantec.com wrote: Hi Ralf, Thanks for the help. But I was asking if all 4 points mentioned in my mail are correct or not, like what if SRV records are not present, etc, then what should go in krb5.conf and smb.conf? Im not clear, what you are asking for. All points 1 - 3 are true. Point 1 and 3. Have you got a working DNS? So getting kerberos credendials works without any krb5.conf (testet 1 minute before). (You only have to attach the kerberos realm when kinit e.g. kinit u...@realm.org). If not you have to set krb5.conf like: [libdefaults] default_realm = REALM.ORG [realms] REALM.ORG = { kdc = master.realm.org:88 kdc = slave.realm.org:88 admin_server = master.realm.org:749 default_domain = realm.org } [domain_realm] .realm.org = REALM.ORG realm.org = REALM.ORG Point 2. This is explained by itself and correct. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.2 with Solaris ZFS Snaphots
Robert LeBlanc rob...@leblancnet.us wrote Although we are not using ZFS, I'm excited about a couple of the extensions in this patch. Thanks for the work! After successfully testing with Windows XP, I encountered a problem with Windows 7 Ultimate 64bit. I can not see any Snapshots in the explorer and the samba log tells me: [2009/12/08 11:00:38, 0] smbd/nttrans.c:1969(call_nt_transact_ioctl) FSCTL_GET_SHADOW_COPY_DATA: max_data_count(214) too small (218) bytes needed! Best Regards Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.2 with Solaris ZFS Snaphots
Volker Lendecke volker.lende...@sernet.de wrote: Can you please try 3.4.3? If that's not possible, you might want to apply the patch https://bugzilla.samba.org/attachment.cgi?id=4894action=view Sorry, I didn't notice the subject line. I tested it with 3.4.3. Now, with your patch supplied (to 3.4.3) it works. BTW, with 3.5pre1 and windows 7 I can see the shadow copies, but on top of the share I see the snapshot name insteed of the sharename: http://www.ralf-hornik.de/pub/shadow_client_s35_w7.jpg :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.2 with Solaris ZFS Snaphots
Hi, Ed Plese e...@edplese.com wrote: What patches are currently pending? Do any of them eliminate the need for some of the ZFS patches? Obviously none. The patches from http://www.edplese.com/samba-with-zfs.html do actually work with some modifications. But with 3.5 after compiling well the module doesn't work at all, and breaks folder sharing: [2009/12/01 14:14:55.967820, 0] smbd/service.c:1009(make_connection_snum) '/data/daten' is not a directory, when connecting to [Daten] Has anyone else started merging these patches to the shadow_copy2 module? If not, I'll get started with it. Is there any documentation about this modules (resp. shadow_copy2) ? I need some hints how to configure e.g. the location of the snapdir, format, ... Regards Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.2 with Solaris ZFS Snaphots
Jean-Jacques Moulis j...@isy.liu.se wrote: We use the patches from http://www.edplese.com/samba-with-zfs.html this give us freedom in naming convention they still can be applied (manuallly) to Sure? On 3.4.2, when I try to apply this patches only dirent-fix.patch is applicable. The other two are being rejected. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.2 with Solaris ZFS Snaphots
Jean-Christophe Delaye jean-christophe.del...@eurecom.fr wrote: We use the patches from http://www.edplese.com/samba-with-zfs.html this give us freedom in naming convention they still can be applied (manuallly) to Sure? On 3.4.2, when I try to apply this patches only dirent-fix.patch is applicable. The other two are being rejected. I did it. I have to substitute uppercase BOOL with lowercase bool in these 3 patch files. Yes, now it works for me too. Thanks :-) Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (Partially fixed) samba4 does not compile under opensolaris
Can nobody tell me what else I can do to debug this further? I estimate, any feedback to get a running samba 4 on different platforms is welcome..? Ralf Hornik Mailings r...@best.homeunix.org schreibte: Ralf Hornik Mailings schrieb: with linux compiling samba 4 works pretty fine but with opensolaris 'snv_111b' 64bit I have problems with the prototype declaration of getpwent_r(): I fixed this using --enable-nss-wrapper=yes to work around any NSS incompatibilities. Now when I try to start samba I get this Error: r...@server01:/opt/samba4# ./sbin/samba -i -M single samba version 4.0.0alpha9-GIT-4abd858 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 samba: using 'single' process model Failed to bind to ipv4:0.0.0.0:389 - NT_STATUS_INVALID_PARAMETER task_server_terminate: [cldapd failed to setup interfaces] samba_terminate: cldapd failed to setup interfaces The debug output shows: r...@server01:/opt/samba4# ./sbin/samba -i -M single -d 12 lp_load: refreshing parameters from /opt/samba4/etc/smb.conf params.c:pm_process() - Processing configuration file /opt/samba4/etc/smb.conf Processing section [globals] Processing section [netlogon] Processing section [sysvol] pm_process() returned Yes adding hidden service IPC$ adding hidden service ADMIN$ samba version 4.0.0alpha9-GIT-4abd858 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 fcntl_lock 3 34 0 1 2 fcntl_lock: Lock call successful GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'ntlmssp' registered NTPTR backend 'simple_ldb' NTVFS backend 'simple' for type 1 registered NTVFS backend 'cifs' for type 1 registered NTVFS backend 'nbench' for type 1 registered NTVFS backend 'unixuid' for type 1 registered NTVFS backend 'unixuid' for type 3 registered NTVFS backend 'unixuid' for type 2 registered NTVFS backend 'cifsposix' for type 1 registered NTVFS backend 'smb2' for type 1 registered NTVFS backend 'default' for type 2 registered NTVFS backend 'default' for type 3 registered NTVFS backend 'default' for type 1 registered NTVFS backend 'posix' for type 1 registered PROCESS_MODEL 'standard' registered PROCESS_MODEL 'prefork' registered PROCESS_MODEL 'single' registered AUTH backend 'winbind_samba3' registered AUTH backend 'winbind' registered AUTH backend 'winbind_wbclient' registered AUTH backend 'server' registered AUTH backend 'name_to_ntstatus' registered AUTH backend 'fixed_challenge' registered AUTH backend 'unix' registered AUTH backend 'anonymous' registered AUTH backend 'sam' registered AUTH backend 'sam_ignoredomain' registered SHARE backend [ldb] registered. SHARE backend [classic] registered. gendb_search_v: ((objectclass=ldapSecret)(cn=SAMDB Credentials)) - 0 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INTERNAL ERROR: Signal 11 in pid 1396 (4.0.0alpha9-GIT-4abd858) Please read the file BUGS.txt in the distribution =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= PANIC: internal error BACKTRACE: 17 stack frames: #0 /opt/samba4/sbin/samba'call_backtrace+0x38 [0x8a41718] #1 /opt/samba4/sbin/samba'smb_panic+0x29b [0x8a41adb] #2 /opt/samba4/sbin/samba'fault_report+0x1b1 [0x8a41cb1] #3 /opt/samba4/sbin/samba'sig_fault+0x4e [0x8a41d1e] #4 /lib/libc.so.1'__sighndlr+0xf [0xfeaed0cf] #5 /lib/libc.so.1'call_user_handler+0x2af [0xfeae01bf] #6 /lib/libc.so.1'strlen+0x30 [0xfea647a0] #7 /lib/libc.so.1'vsnprintf+0x65 [0xfeab31bd] #8 /lib/libc.so.1'vasprintf+0x36 [0xfeaae14e] #9 /opt/samba4/sbin/samba'dbgtext+0x53 [0x8a41113] #10 /opt/samba4/sbin/samba'cli_credentials_set_secrets+0x1c5 [0x85029f5] #11 /opt/samba4/sbin/samba'samdb_credentials+0xa2 [0x85aa3e2] #12 /opt/samba4/sbin/samba'samdb_connect+0x41 [0x85aa481] #13 /opt/samba4/sbin/samba'prime_ldb_databases+0x6c [0x816213c] #14 /opt/samba4/sbin/samba'binary_smbd_main+0x6f0 [0x81629f0] #15 /opt/samba4/sbin/samba'main+0x35 [0x8162c25] #16 /opt/samba4/sbin/samba'_start+0x7d [0x816196d] Abort (core dumped) I read the BUGS.txt but I have no gdb here. Can I do something else to troubleshoot this? Regards Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- alles bleibt anders... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (Partially fixed) samba4 does not compile under opensolaris
Hi Volker, Volker Lendecke volker.lende...@sernet.de wrote: Does valgrind run under Solaris? Unfortunately not. You might also want to provide a bt full from running the program under gdb. I installed gdb on Solaris since this seems to also work for sun cc. Here is a bt full. Please give me feedback, if you need something else. r...@server01.daheim:/opt/samba4# gdb ./sbin/samba core GNU gdb 6.3.50_2004-11-23-cvs Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i386-pc-solaris2.11... Core was generated by `/opt/samba4/sbin/samba -D'. Program terminated with signal 5, Trace/breakpoint trap. Reading symbols from /usr/lib/libpopt.so.0...done. Loaded symbols for /usr/lib/libpopt.so.0 Reading symbols from /lib/libsocket.so.1...done. Loaded symbols for /lib/libsocket.so.1 Reading symbols from /lib/libnsl.so.1...done. Loaded symbols for /lib/libnsl.so.1 Reading symbols from /lib/libdl.so.1...done. Loaded symbols for /lib/libdl.so.1 Reading symbols from /lib/libm.so.2...done. Loaded symbols for /lib/libm.so.2 Reading symbols from /usr/lib/libpython2.4.so.1.0...done. Loaded symbols for /usr/lib/libpython2.4.so.1.0 Reading symbols from /lib/libpam.so.1...done. Loaded symbols for /lib/libpam.so.1 Reading symbols from /usr/lib/libcrypt.so.1...done. Loaded symbols for /usr/lib/libcrypt.so.1 Reading symbols from /usr/lib/libgnutls.so.26...done. Loaded symbols for /usr/lib/libgnutls.so.26 Reading symbols from /lib/libz.so.1...done. Loaded symbols for /lib/libz.so.1 Reading symbols from /lib/libintl.so.1... warning: Lowest section in /lib/libintl.so.1 is .dynamic at 0074 done. Loaded symbols for /lib/libintl.so.1 Reading symbols from /lib/libresolv.so.2...done. Loaded symbols for /lib/libresolv.so.2 Reading symbols from /lib/libc.so.1...done. Loaded symbols for /lib/libc.so.1 #0 0xfefd1b81 in ?? () (gdb) bt full #0 0xfefd1b81 in ?? () No symbol table info available. #1 0xfefd1cf4 in ?? () No symbol table info available. #2 0xfeffb130 in ?? () No symbol table info available. #3 0x0001 in ?? () No symbol table info available. #4 0x0001 in ?? () No symbol table info available. #5 0xfefd1c62 in ?? () No symbol table info available. #6 0x0010 in ?? () No symbol table info available. #7 0xfeffb7b4 in ?? () No symbol table info available. #8 0x08047418 in ?? () No symbol table info available. #9 0xfefd306a in ?? () No symbol table info available. #10 0xfeffb130 in ?? () No symbol table info available. #11 0x0003 in ?? () No symbol table info available. #12 0x0001 in ?? () No symbol table info available. #13 0xfefd3042 in ?? () No symbol table info available. #14 0xfec30518 in ?? () No symbol table info available. #15 0xfeffb7b4 in ?? () No symbol table info available. #16 0x08047478 in ?? () No symbol table info available. #17 0xfefc6802 in ?? () No symbol table info available. #18 0xfeffb130 in ?? () No symbol table info available. #19 0x0020 in ?? () No symbol table info available. #20 0x0010 in ?? () No symbol table info available. #21 0xfeffd888 in ?? () No symbol table info available. #22 0xfeffd878 in ?? () No symbol table info available. #23 0xfec3 in ?? () No symbol table info available. #24 0x0050 in ?? () No symbol table info available. #25 0xfefc66c6 in ?? () No symbol table info available. #26 0xfeffd878 in ?? () No symbol table info available. #27 0x0010 in ?? () No symbol table info available. #28 0x0001 in ?? () No symbol table info available. ---Type return to continue, or q return to quit--- #29 0xfefc616d in ?? () No symbol table info available. #30 0xfeffb130 in ?? () No symbol table info available. #31 0x0020 in ?? () No symbol table info available. #32 0x0020 in ?? () No symbol table info available. #33 0x0001 in ?? () No symbol table info available. #34 0xfeffb130 in ?? () No symbol table info available. #35 0x08047518 in ?? () No symbol table info available. #36 0xfeffb310 in ?? () No symbol table info available. #37 0xfec30518 in ?? () No symbol table info available. #38 0x0c01 in ?? () No symbol table info available. #39 0xfeffb7b4 in ?? () No symbol table info available. #40 0x080474d8 in ?? () No symbol table info available. #41 0xfefd72fa in ?? () No symbol table info available. #42 0xfeffb130 in ?? () No symbol table info available. #43 0x0020 in ?? () No symbol table info available. #44 0xfec50508 in ?? () No symbol table info available. #45 0xfec30518 in ?? () No symbol table info available. #46 0x08047518 in ?? () No symbol table info available. #47 0x0020 in ?? () No symbol table info available. #48 0xfec30518 in ?? () No symbol table info available. #49 0x08047518 in ?? () No symbol table info available. #50
Re: [Samba] (Partially fixed) samba4 does not compile under opensolaris
Volker Lendecke volker.lende...@sernet.de wrote: That's okay in principle, but please compile with -g to get the debugging symbols. It should have compiled with -g -O: Samba will be compiled with flags: CPP= /opt/SunStudioExpress/bin/cc -E CPPFLAGS = -I./include -I. -I./lib -I./../lib/replace -I./../lib/talloc -I./.. -D_SAMBA_BUILD_=4 -DHAVE_CONFIG_H CC = /opt/SunStudioExpress/bin/cc CFLAGS = -g -O PICFLAG= -KPIC BNLD = /opt/SunStudioExpress/bin/cc BNLD_FLAGS = STLD = /usr/bin/ar STLD_FLAGS = -rcs SHLD = /opt/SunStudioExpress/bin/cc SHLD_FLAGS = -G MDLD = /opt/SunStudioExpress/bin/cc MDLD_FLAGS = -G SHLIBEXT = so srcdir = . builddir = . pwd= /root/samba4/samba-master/source4 The bt full output is this what I sent you... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (Partially fixed) samba4 does not compile under opensolaris
Volker Lendecke volker.lende...@sernet.de wrote: Then try to run the command directly under the debugger, maybe post-mortem analysis does not work for some reason. Okay, may be I did something wrong. Here is another bt full (core file written through samba -i -M single): r...@server01.daheim:/opt/samba4# gdb sbin/samba core GNU gdb 6.3.50_2004-11-23-cvs Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i386-pc-solaris2.11... Core was generated by `./sbin/samba -i -d 12'. Program terminated with signal 6, Aborted. Reading symbols from /usr/lib/libpopt.so.0...done. Loaded symbols for /usr/lib/libpopt.so.0 Reading symbols from /lib/libsocket.so.1...done. Loaded symbols for /lib/libsocket.so.1 Reading symbols from /lib/libnsl.so.1...done. Loaded symbols for /lib/libnsl.so.1 Reading symbols from /lib/libdl.so.1...done. Loaded symbols for /lib/libdl.so.1 Reading symbols from /lib/libm.so.2...done. Loaded symbols for /lib/libm.so.2 Reading symbols from /usr/lib/libpython2.4.so.1.0...done. Loaded symbols for /usr/lib/libpython2.4.so.1.0 Reading symbols from /lib/libpam.so.1...done. Loaded symbols for /lib/libpam.so.1 Reading symbols from /usr/lib/libcrypt.so.1...done. Loaded symbols for /usr/lib/libcrypt.so.1 Reading symbols from /usr/lib/libgnutls.so.26...done. Loaded symbols for /usr/lib/libgnutls.so.26 Reading symbols from /lib/libz.so.1...done. Loaded symbols for /lib/libz.so.1 Reading symbols from /lib/libintl.so.1... warning: Lowest section in /lib/libintl.so.1 is .dynamic at 0074 done. Loaded symbols for /lib/libintl.so.1 Reading symbols from /lib/libresolv.so.2...done. Loaded symbols for /lib/libresolv.so.2 Reading symbols from /lib/libc.so.1...done. Loaded symbols for /lib/libc.so.1 #0 0xfeaf22a5 in _lwp_kill () from /lib/libc.so.1 (gdb) bt full #0 0xfeaf22a5 in _lwp_kill () from /lib/libc.so.1 No symbol table info available. #1 0xfeaeaa1c in thr_kill () from /lib/libc.so.1 No symbol table info available. #2 0xfea9ab8a in raise () from /lib/libc.so.1 No symbol table info available. #3 0xfea7201a in abort () from /lib/libc.so.1 No symbol table info available. #4 0x087cdefd in smb_panic (why=0x89e10fc internal error) at ../lib/util/fault.c:150 result = 144655708 pidstr = ´ò\237\b\\E\237\bhg\004\b\v\000\000\000´ò\237\b cmdstring = A\000\000\000tg\004\b\217\000úþPg\004\b(v¢\bA\000\000\000=-=-=-=-=-=-¸¬®þ=-=-\000\000·þøf\004\bëQ®þÃ\020·þ\000\000\000\000\000\000\000\000¸¬®þ=-=-\000\000·þ\030g\004\b\222X®þÃ\020·þ\000\000\000\000\002\000\000\000ÃV®þ´ò\237\b\000\000·þ\030g\004\b\000*ÃþÃ\020·þ\000\000\000\000\000u\004\b\v\000\000\000´ò\237\b\000\000·þ8g\004\b\035¸¨þÃ\020·þ(vÂ...@\000\000\000ä·¨þ´ò\237\b\\e\237\bhg\004\bÃÃ|\b(v¢\b(vÂ...@\000\000\000\236Ã|\b _debug_ctx = (void *) 0x80466a0 _debug_ctx = (void *) 0x8a27628 _debug_ctx = (void *) 0xfeaae24a _debug_ctx = (void *) 0x8046738 __FUNCTION__ = smb_panic #5 0x087ce0b5 in fault_report (sig=11) at ../lib/util/fault.c:167 counter = 0 _debug_ctx = (void *) 0x89f455c _debug_ctx = (void *) 0xfec42a00 _debug_ctx = (void *) 0x89e1170 _debug_ctx = (void *) 0x8825683 __FUNCTION__ = fault_report #6 0x087ce105 in sig_fault (sig=11) at ../lib/util/fault.c:182 No locals. #7 0xfeaed0cf in __sighndlr () from /lib/libc.so.1 No symbol table info available. #8 0xfeae01bf in call_user_handler () from /lib/libc.so.1 No symbol table info available. #9 signal handler called No symbol table info available. #10 0xfea647a0 in countbytes () from /lib/libc.so.1 No symbol table info available. #11 0xfeab0793 in _ndoprnt () from /lib/libc.so.1 No symbol table info available. #12 0xfeab31bd in vsnprintf () from /lib/libc.so.1 No symbol table info available. #13 0xfeaae14e in vasprintf () from /lib/libc.so.1 No symbol table info available. dwarf2read.c:2703: internal-error: Assertion `die-child == NULL' failed. A problem internal to GDB has been detected, further debugging may prove unreliable. Quit this debugging session? (y or n) n dwarf2read.c:2703: internal-error: Assertion `die-child == NULL' failed. A problem internal to GDB has been detected, further debugging may prove unreliable. Create a core file of GDB? (y or n) n (gdb) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (Partially fixed) samba4 does not compile under opensolaris
Ralf Hornik Mailings schrieb: with linux compiling samba 4 works pretty fine but with opensolaris 'snv_111b' 64bit I have problems with the prototype declaration of getpwent_r(): I fixed this using --enable-nss-wrapper=yes to work around any NSS incompatibilities. Now when I try to start samba I get this Error: r...@server01:/opt/samba4# ./sbin/samba -i -M single samba version 4.0.0alpha9-GIT-4abd858 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 samba: using 'single' process model Failed to bind to ipv4:0.0.0.0:389 - NT_STATUS_INVALID_PARAMETER task_server_terminate: [cldapd failed to setup interfaces] samba_terminate: cldapd failed to setup interfaces The debug output shows: r...@server01:/opt/samba4# ./sbin/samba -i -M single -d 12 lp_load: refreshing parameters from /opt/samba4/etc/smb.conf params.c:pm_process() - Processing configuration file /opt/samba4/etc/smb.conf Processing section [globals] Processing section [netlogon] Processing section [sysvol] pm_process() returned Yes adding hidden service IPC$ adding hidden service ADMIN$ samba version 4.0.0alpha9-GIT-4abd858 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 fcntl_lock 3 34 0 1 2 fcntl_lock: Lock call successful GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'ntlmssp' registered NTPTR backend 'simple_ldb' NTVFS backend 'simple' for type 1 registered NTVFS backend 'cifs' for type 1 registered NTVFS backend 'nbench' for type 1 registered NTVFS backend 'unixuid' for type 1 registered NTVFS backend 'unixuid' for type 3 registered NTVFS backend 'unixuid' for type 2 registered NTVFS backend 'cifsposix' for type 1 registered NTVFS backend 'smb2' for type 1 registered NTVFS backend 'default' for type 2 registered NTVFS backend 'default' for type 3 registered NTVFS backend 'default' for type 1 registered NTVFS backend 'posix' for type 1 registered PROCESS_MODEL 'standard' registered PROCESS_MODEL 'prefork' registered PROCESS_MODEL 'single' registered AUTH backend 'winbind_samba3' registered AUTH backend 'winbind' registered AUTH backend 'winbind_wbclient' registered AUTH backend 'server' registered AUTH backend 'name_to_ntstatus' registered AUTH backend 'fixed_challenge' registered AUTH backend 'unix' registered AUTH backend 'anonymous' registered AUTH backend 'sam' registered AUTH backend 'sam_ignoredomain' registered SHARE backend [ldb] registered. SHARE backend [classic] registered. gendb_search_v: ((objectclass=ldapSecret)(cn=SAMDB Credentials)) - 0 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INTERNAL ERROR: Signal 11 in pid 1396 (4.0.0alpha9-GIT-4abd858) Please read the file BUGS.txt in the distribution =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= PANIC: internal error BACKTRACE: 17 stack frames: #0 /opt/samba4/sbin/samba'call_backtrace+0x38 [0x8a41718] #1 /opt/samba4/sbin/samba'smb_panic+0x29b [0x8a41adb] #2 /opt/samba4/sbin/samba'fault_report+0x1b1 [0x8a41cb1] #3 /opt/samba4/sbin/samba'sig_fault+0x4e [0x8a41d1e] #4 /lib/libc.so.1'__sighndlr+0xf [0xfeaed0cf] #5 /lib/libc.so.1'call_user_handler+0x2af [0xfeae01bf] #6 /lib/libc.so.1'strlen+0x30 [0xfea647a0] #7 /lib/libc.so.1'vsnprintf+0x65 [0xfeab31bd] #8 /lib/libc.so.1'vasprintf+0x36 [0xfeaae14e] #9 /opt/samba4/sbin/samba'dbgtext+0x53 [0x8a41113] #10 /opt/samba4/sbin/samba'cli_credentials_set_secrets+0x1c5 [0x85029f5] #11 /opt/samba4/sbin/samba'samdb_credentials+0xa2 [0x85aa3e2] #12 /opt/samba4/sbin/samba'samdb_connect+0x41 [0x85aa481] #13 /opt/samba4/sbin/samba'prime_ldb_databases+0x6c [0x816213c] #14 /opt/samba4/sbin/samba'binary_smbd_main+0x6f0 [0x81629f0] #15 /opt/samba4/sbin/samba'main+0x35 [0x8162c25] #16 /opt/samba4/sbin/samba'_start+0x7d [0x816196d] Abort (core dumped) I read the BUGS.txt but I have no gdb here. Can I do something else to troubleshoot this? Regards Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 does not compile under opensolaris (wrong getpwent_r ptype)
Dear list, with linux compiling samba 4 works pretty fine but with opensolaris 'snv_111b' 64bit I have problems with the prototype declaration of getpwent_r(): (Using /opt/SunStudioExpress/bin/cc) Compiling torture/../../lib/nss_wrapper/testsuite.c torture/../../lib/nss_wrapper/testsuite.c, line 336: prototype mismatch: 4 args passed, 3 expected torture/../../lib/nss_wrapper/testsuite.c, line 336: warning: improper pointer/integer combination: op = torture/../../lib/nss_wrapper/testsuite.c, line 518: prototype mismatch: 4 args passed, 3 expected torture/../../lib/nss_wrapper/testsuite.c, line 518: warning: improper pointer/integer combination: op = torture/../../lib/nss_wrapper/testsuite.c, line 669: warning: implicit function declaration: getgrouplist cc: acomp failed for torture/../../lib/nss_wrapper/testsuite.c Unlike linux, in opensolaris '/usr/include/pwd.h' this prototype indeed doesn't match this function in testsuite.c. There is no possibility to get the right prototype unless modifying the os headers. Is there a workaround or a quick solution available? However I cannot (and wouldn't like to) use gcc because of the buggy glibc of solaris. Thank you and best regards Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.2 Windows 7 (using samba wiki) no domain join possible
Ralf Hornik Mailings r...@best.homeunix.org wrote: using http://wiki.samba.org/index.php/Windows7 and trying to join I get this Error Message: More data available with no log entries on the smb side. It does not seem that the Windows machine talks to samba. Mapping shares work well insteed. No ideas? I use 64bit Windows 7 with 64bit dwords in the registry. Could this be the poroblem? I see any body else uses samba 3.4.2 with windows 7 so I estimate my problem istn't really complex ;-). But I dont see any changes in logfiles on samba side, when I try to join. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.2.15 is working with Winows 7 !!!
Linda Walsh sa...@tlinx.org schreibte: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Para meters] DomainCompatibilityMode=dword:0001 DNSNameResolutionRequired=dword: These were key for me. Cant reproduce that... Always, when I try to join after applying this registry keys I cannot join with the error: There is more data availlable The Samba logs have no corresponding entries. Regards Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.4.2 Windows 7 (using samba wiki) no domain join possible
Hi Folks, using http://wiki.samba.org/index.php/Windows7 and trying to join I get this Error Message: More data available with no log entries on the smb side. It does not seem that the Windows machine talks to samba. Mapping shares work well insteed. Can anybody help? Thanks and best regards Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.2.15 is working with Winows 7 !!!
Daniel Müller muel...@tropenklinik.de wrote: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Para meters] DomainCompatibilityMode=dword:0001 DNSNameResolutionRequired=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] Update=no DisablePasswordChange=dword: MaximumPasswordAge=dword:001e RequireSignOrSeal=dword:0001 RequireStrongKey=dword:0001 SealSecureChannel=dword:0001 SignSecureChannel=dword:0001 Can you please give a short description, which this keys are being used for? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind loosing the ability to resolve hosts
Sorry for my last post. Using send-button too early. :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind loosing the ability to resolve hosts
Hello, we have an Samba-Server acting as Domain-Member in an Win2003 AD-Domain. System: Solaris 9 Samba Version: 3.3.5 After a while the winbindd couldn't resolve Host-Names: [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1971) get_dc_list: preferred server list: , AFWPD003.agi-de.net AFWPD004.agi-de.net AFWPD005.agi-d.agi-de.net AFWPD006.agi-d.agi-de.net AFWPD007.agi-d.agi-de.net AFWPD009.agi-d.agi-de.net AMWPD002.agi-d.agi-de.net AMWPD003.agi-d.agi-de.net IFSWPD001.dealis.net IFVWPD002.dealis.net IFVWPD004.de.dealis.net [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1306) resolve_hosts: Attempting host lookup for name AFWPD003.agi-de.net0x20 [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1325) resolve_hosts: getaddrinfo failed for name AFWPD003.agi-de.net [host/servname not known] [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1306) resolve_hosts: Attempting host lookup for name AFWPD004.agi-de.net0x20 [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1325) resolve_hosts: getaddrinfo failed for name AFWPD004.agi-de.net [host/servname not known] [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1306) resolve_hosts: Attempting host lookup for name AFWPD005.agi-d.agi-de.net0x20 [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1325) resolve_hosts: getaddrinfo failed for name AFWPD005.agi-d.agi-de.net [host/servname not known] [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1306) resolve_hosts: Attempting host lookup for name AFWPD006.agi-d.agi-de.net0x20 [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1325) resolve_hosts: getaddrinfo failed for name AFWPD006.agi-d.agi-de.net [host/servname not known] [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1306) resolve_hosts: Attempting host lookup for name AFWPD007.agi-d.agi-de.net0x20 [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1325) resolve_hosts: getaddrinfo failed for name AFWPD007.agi-d.agi-de.net [host/servname not known] [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1306) resolve_hosts: Attempting host lookup for name AFWPD009.agi-d.agi-de.net0x20 [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1325) resolve_hosts: getaddrinfo failed for name AFWPD009.agi-d.agi-de.net [host/servname not known] [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1306) resolve_hosts: Attempting host lookup for name AMWPD002.agi-d.agi-de.net0x20 [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1325) resolve_hosts: getaddrinfo failed for name AMWPD002.agi-d.agi-de.net [host/servname not known] [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1306) resolve_hosts: Attempting host lookup for name AMWPD003.agi-d.agi-de.net0x20 [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1325) resolve_hosts: getaddrinfo failed for name AMWPD003.agi-d.agi-de.net [host/servname not known] [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1306) resolve_hosts: Attempting host lookup for name IFSWPD001.dealis.net0x20 [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1325) resolve_hosts: getaddrinfo failed for name IFSWPD001.dealis.net [host/servname not known] [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1306) resolve_hosts: Attempting host lookup for name IFVWPD002.dealis.net0x20 [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1325) resolve_hosts: getaddrinfo failed for name IFVWPD002.dealis.net [host/servname not known] [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1306) resolve_hosts: Attempting host lookup for name IFVWPD004.de.dealis.net0x20 [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1325) resolve_hosts: getaddrinfo failed for name IFVWPD004.de.dealis.net [host/servname not known] [2009/10/16 15:33:36, 3] libsmb/namequery.c:(2167) get_sorted_dc_list: no server for name AGI-D available in site FFM, fallback to all servers [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1971) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind loosing the ability to resolve hosts
Hello, we have an Samba-Server acting as Domain-Member in an Win2003 AD-Domain. System: Solaris 9 Samba Version: 3.3.5 After a while winbind looses the ability to resolve the hostnames of the DC's: [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1971) get_dc_list: preferred server list: , DC-a DC-b DC-c DC-d [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1306) resolve_hosts: Attempting host lookup for name DC-a0x20 [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1325) resolve_hosts: getaddrinfo failed for name DC-a [host/servname not known] [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1306) resolve_hosts: Attempting host lookup for name DC-b0x20 [2009/10/16 15:33:36, 3] libsmb/namequery.c:(1325) resolve_hosts: getaddrinfo failed for name DC-b[host/servname not known] [...] Using nslookup [DC-Name] brings an IP-Adress back. After restarting the winbind he finds the DC's. Does anibody else has seen the behaviour before and knows how to solve this problem? Samba-Config: [global] workgroup = [Workgroup] server string = Samba Server netbios name = [ServerName] security = ads realm = [realm] encrypt passwords = yes map to guest = never load printers = no interfaces = [IP] bind interfaces only = yes use spnego = yes encrypt passwords = yes invalid users = root Administrator admin oracle bgdft name resolve order = host log file = /usr/local/samba/var/log.%m max log size = 5000 password server = DC-a DC-B DC-c DC-d passdb backend = tdbsam socket options = TCP_NODELAY SO_KEEPALIVE server schannel = auto template shell = /usr/bin/false lock directory = /usr/local/samba/var/locks private dir= /usr/local/samba/private client schannel = no local master = no os level = 1 ;os level = 0 domain master = no preferred master = no domain logons = no wins support = no wins proxy = no dns proxy = no allow trusted domains = yes winbind separator = + idmap uid = 1-3 idmap gid = 1-3 winbind enum users = yes winbind enum groups = yes #winbind enable local accounts = yes winbind use default domain = no winbind cache time = 100 winbind nested groups = yes template homedir = /home/%D/%U template shell = /usr/bin/false idmap config DEALIS:range = 4-45000 idmap config DE:range = 5-55000 log level = 3 remote announce = DC-a DC-b DC-c DC-d [Share_1] (...) nsswitch.conf: passwd: files winbind group: files winbind # You must also set up the /etc/resolv.conf file for DNS name # server lookup. See resolv.conf(4). hosts: files dns winbind (...) Thankyou for your help and sorry again for the post before Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Don't see a subdomain as subdomain
is the NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL-flag which is 1 on the first anf 0 on the second trust-Entry. Could someone tell me what this flag means? After a while (few hours or one day) wbinfo says the following: Domain Name DNS Domain Trust Type Transitive In Out BUILTIN NoneYes Yes Yes [Server]NoneYes Yes Yes Under-A Under-A.Domain-A.netNoneYes Yes Yes Domain-ADomain-A.netIn-Forest Yes Yes Yes Domain-CDomain-C.netNoneYes Yes Yes Domain-BDomain-B.comForest Yes Yes Yes Under-C NoneYes No Yes The subdomain Under-C is visible but not as subdomain or forest-trust and also there is no log-entry for this domain like above in any logfile. But there is an logfile log.wb-Under-C. There is no logfile like log.wb-Domain-C. The SAMBA is an Samba 3.3.9 under Solaris 9. Samba-Config: [global] workgroup = Under-A server string = Samba Server ditgwd netbios name = [Server] security = ads realm = Under-A.Domain A.NET encrypt passwords = yes map to guest = never load printers = no interfaces = [One IP] bind interfaces only = yes use spnego = yes encrypt passwords = yes invalid users = root Administrator admin oracle bgdft name resolve order = host log file = /var/opt/log/samba/log.%m max log size = 5000 password server = * passdb backend = tdbsam socket options = IPTOS_LOWDELAY TCP_NODELAY server schannel = auto template shell = /usr/bin/false client schannel = no local master = no os level = 1 domain master = no preferred master = no domain logons = no wins support = no wins proxy = no dns proxy = no allow trusted domains = yes winbind separator = + idmap uid = 1-3 idmap gid = 1-3 winbind enum users = yes winbind enum groups = yes winbind use default domain = no winbind cache time = 100 winbind nested groups = yes template homedir = /home/%D/%U template shell = /usr/bin/false log level = 10 # Share Definitions == (...) The Problem is, that the domain Under-C appears only after a while and not as subdomain. Thanks for help in advance, Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Still problems with samba 3.4.1 / ldap and search for users ans machines
Hi List, It is simply not possible to create users and machines in an OU other than ou=people,ldab_base_dn Even when I change this in smb.conf, smbpasswd -a user or -a -m machine always fails with NT_STATUS_NO_SUCH_USER. Is this a desired behaviour? Has anyone else created machine/user accounts in a different container? Thank you and best regards Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Still problems with samba 3.4.1 / ldap and search for users ans machines
Rob Shinn schrieb: That's the book I started with and it's great material. Thanks for writing it! Yes, that helped me to find the mistake. The problem was indeed the nss lookup for the ID's. I use Opensolaris and there it is some difference to Linux. Solaris uses an ldap provided profile for configuring local ldap authentication (objectclass: DUAConfigProfile). The default passwd lookup is ou=people,ldap_base since it is created during idsconfig (Sun One DS) To change this you have to add serviceSearchDescriptor: passwd:ou=whatever,ldap_base?sub to the ldap profile. Thank you and best regards! Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] compiling samba-3.4.x on RHEL4
Werner Maes werner.m...@icts.kuleuven.be wrote: so it seems that it should find replace.h can't figure out what's wrong her :( So where is your replace.h located? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] compiling samba-3.4.x on RHEL4
Werner Maes werner.m...@icts.kuleuven.be wrote: replace.h is in /usr/src/redhat/BUILD/samba-3.4.1/lib/replace/ The Makefile can be found in /usr/src/redhat/BUILD/samba-3.4.1/source3/ so -I./../lib/replace should point to the folder where replace.h can be found? Or am I missing sometmhing? CPPFLAGS=-DHAVE_CONFIG_H -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/talloc -I./../lib/tevent -I./../lib/tdb/include -I./libaddns -I./librpc -I./.. -I./../lib/popt -DLDAP_DEPRECATED Have you already tried to compile by hand? (just for reproducing) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with Samba 3.4 under Opensolaris snv_111b
Volker Lendecke volker.lende...@sernet.de schreibte: Encountered an unexpected requestValue sequence element tag. That one should be fixed in 3.4.1. See bug 5886. Patch applied - problem solved pdb_default_create_user: failed to create a new user structure: NT_STATUS_NO_SUCH_USER This can happen when you have nscd running. Try without during those operations. Indeed, disabling nscd helps, but additionally I had to move my machine accounts under my user container. Bug 3235 seems to describe this issue, but is not appliable to samba 3.4. Is there any other known solution/patch? Thank you very much for this quick help! Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problems with Samba 3.4 under Opensolaris snv_111b
Hi List, I compiled Samba 3.4 for Opensolaris because the samba SUNWsmba shipped my SFW did not work properly. Now I had to realize, that the Problems are still there so I beleve that it is a common Problem with Solaris (?) I have samba running as PDC with a Sun Directory Server as backend. All Authentication to Unix Clients work well with DSEE but Samba seems so have some trouble: First, Password modify extended operation does not work so no smbpasswd username is possible when ldap passwd sync is set to yes. But exop basically works when I change the password using ldappasswd as user Manager. The corresponding Error from smbpasswd is: ldapsam_modify_entry: LDAP Password could not be changed for user admin: Invalid syntax Encountered an unexpected requestValue sequence element tag. The workaround is to set the passwd and smbpasswd in one skript. But that is not a good idea, since users have to change their passwords for unix and windows seperately. Second, joining a Windows XP host to the domein is sometimes possible, sometimes not. When I add a machine account using smbpasswd -a -m host$ sometimes it fails with: pdb_default_create_user: failed to create a new user structure: NT_STATUS_NO_SUCH_USER The user exists then as created by the corresponding ldapadd script, but the samba related attributes are missing. I use the ldapscripts from sf.net. My ldap stuff in smb.conf is shown below. Has anybody some expierience how to make samba/ldap/M$ ready for production? Any hints would be greatly appreciated Best regards Ralf # LDAP # passdb backend = ldapsam:ldap://127.0.0.1/ ldap ssl = Off invalid users = root ldap admin dn = cn=Directory Manager ldap suffix = dc=daheim,dc=int ldap group suffix = ou=group ldap user suffix = ou=people ldap machine suffix = ou=machines ldap passwd sync = no # scripts ldap # by default we add users to group add machine script = /usr/local/sbin/ldapaddmachine '%u' 1003 add user script = /usr/local/sbin/ldapadduser '%u' 1001 add group script = /usr/local/sbin/ldapaddgroup '%g' add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g' delete user script = /usr/local/sbin/ldapdeleteuser '%u' delete group script = /usr/local/sbin/ldapdeletegroup '%g' delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g' set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g' ### -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Update from 3.0.29 to 3.2.3 -- smbd panic
Hello, when I try to update from Samba version 3.0.29 to 3.2.3 smbd crashes (Samba is configured as a PDC and works without problems under 3.0.29). In the smbd log-file I found the following: [2008/09/18 08:09:36, 0, pid=15063] tdb(/opt/samba-3.2.3/var/locks/registry.tdb): tdb_transaction_setup_recovery: failed to write recovery data [2008/09/18 08:09:36, 0, pid=15063] tdb(/opt/samba-3.2.3/var/locks/registry.tdb): tdb_transaction_commit: failed to setup recovery data [2008/09/18 08:09:36, 1, pid=15063] tdb(/opt/samba-3.2.3/var/locks/registry.tdb): tdb_transaction_cancel: no transaction [2008/09/18 08:09:36, 0, pid=15063] PANIC (pid 15063): Cancelling transaction failed [2008/09/18 08:09:36, 0, pid=15063] BACKTRACE: 10 stack frames: #0 /opt/samba/sbin/smbd(log_stack_trace+0x26) [0x893025] #1 /opt/samba/sbin/smbd(smb_panic+0x7b) [0x892ea2] #2 /opt/samba/sbin/smbd(dbwrap_trans_store+0x259) [0x89c1d8] #3 /opt/samba/sbin/smbd(dbwrap_trans_store_int32+0x5b) [0x89c4ad] #4 /opt/samba/sbin/smbd(regdb_init+0x2b4) [0xa72c72] #5 /opt/samba/sbin/smbd(registry_init_common+0x21) [0xa74807] #6 /opt/samba/sbin/smbd(registry_init_full+0x1e) [0xa780b8] #7 /opt/samba/sbin/smbd(main+0x8a4) [0xaa167b] #8 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x3cede3] #9 /opt/samba/sbin/smbd [0x6a60e9] [2008/09/18 08:09:36, 0, pid=15063] dumping core in /opt/samba-3.2.3/var/cores/smbd Any ideas how to resolve this? Can I just delete the old registry.tdb file? Thanks, Ralf --- Ralf AumuellerTel: 0711/7816-249 IPVS, Univ. Stuttgart Fax: 0711/7816-248 Universitaetsstrasse 38 Email: [EMAIL PROTECTED] D-70569 Stuttgart --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] dos filemode (security concern)
Ralf Gross schrieb: I've a question about the 'dos filemode' option (samba 3.0.24, debian etch). I want to use this option to allow group members with write access to add/change permissions. man smb.conf: dos filemode (S) only the owner of a file/directory is able to change the permissions on it. However, this behavior is often confusing to DOS/Windows users. Enabling this parameter allows a user who has write access to the file (by whatever means) to modify the permissions (including ACL) on it. Note that a user belonging to the group owning the file will not be allowed to change permissions if the group is only granted read access. Ownership of the file/directory may also be changed. I am member of the group users, but I've no write access to the directory. So I'd think that I'm not allowed to add users or change permissions. But this is not true here. [...] This starts to be a real problem here... The 'dos filemode' option is not working as described in the man page. At least not for me. Following the man page, user with write permissions should be abel to change permission. But that's not what I observe here. - the owning group is always able to change the permissions, even if I remove all permissions for this group (group::---). - other users with write access are not allowed to change permissions (either with direct rwx permissions or as member of a group with rwx perms) example directory: # file: test # owner: ralfgro # group: test-admin user::rwx user:rg:rwx group::--- mask::rwx other::--- default:user::rwx default:group::rwx default:mask::rwx default:other::--- - members of group test-admin can change permission - members of group erv can't change permissiones - user rg can't change permissions the config (I'v used different options, but this didn't change the behavoir): [testshare] printable = no comment = Testshare browseable = no writable = yes dos filemode = yes store dos attributes = yes ea support = yes #inherit permissions = yes inherit acls = Yes #acl map full control = False map acl inherit = Yes map archive = no map hidden = no map system = no map readonly = no path = /server/projekte/test/testshare Is anyone successfully using the 'dos filemode' option as documented in the man page? The goal would be: A share where members of different groups can set permissions on different directories. eg: Share Test: test/-- access for all group members of group erv /A -- access only for a couple of users, maybe an extra group /B -- access for some other users, maybe an extra group Users that have write access to A should be able to grant other users access. The same for B. atm: if directory A is create by user ralfgro, which for example has primay group erv. He and all members of group erv can change permissions, and there is no way (from windows) to change the owning group. And even if ralfgro adds an other group or user with rwx permissions, none of them can change the permissions. To avoid the problem with the owning group I tried using the gid bit and set the owing group to an empty group with no members. But still no other user with rwx access can change permissions. How do other people solve this problem? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] dos filemode (security concern)
Jeremy Allison schrieb: On Fri, Feb 29, 2008 at 11:26:48AM +0100, Ralf Gross wrote: Ralf Gross schrieb: I've a question about the 'dos filemode' option (samba 3.0.24, debian etch). I want to use this option to allow group members with write access to add/change permissions. man smb.conf: dos filemode (S) only the owner of a file/directory is able to change the permissions on it. However, this behavior is often confusing to DOS/Windows users. Enabling this parameter allows a user who has write access to the file (by whatever means) to modify the permissions (including ACL) on it. Note that a user belonging to the group owning the file will not be allowed to change permissions if the group is only granted read access. Ownership of the file/directory may also be changed. I am member of the group users, but I've no write access to the directory. So I'd think that I'm not allowed to add users or change permissions. But this is not true here. [...] This starts to be a real problem here... The 'dos filemode' option is not working as described in the man page. At least not for me. Following the man page, user with write permissions should be abel to change permission. But that's not what I observe here. - the owning group is always able to change the permissions, even if I remove all permissions for this group (group::---). - other users with write access are not allowed to change permissions (either with direct rwx permissions or as member of a group with rwx perms) The docs are confusing here. For permission control, the semantics of the acl group control are being replaced by dos filemode. The docs for acl group control state : In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the primary group owner of a file or directory to modify the permissions and ACLs on that file. which is what you are seeing. The internal code is : [snip] What we should do I think is add the text from acl group control to the dos filemode text. Thanks, for your response. Btw, there is also an open bug report about this: https://bugzilla.samba.org/show_bug.cgi?id=5255 So the behavior of the 'dos filemode' option and the 'acl group control' are mixed at the moment? I think the description of the 'dos filemode' option in the man page is completely wrong... dos filemode (S) The default behavior in Samba is to provide UNIX-like behavior where only the owner of a file/directory is able to change the permissions on it. However, this behavior is often confusing to DOS/Windows users. Enabling this parameter allows a user who has write access to the file (by whatever means) to modify the permissions (including ACL) on it. Note that a user belonging to the group owning the file will not be allowed to change permissions if the group is only granted read access. Ownership of the file/directory may also be changed. ...because the owing group is always able to change permissions, regardless if it has write access to a file or not. And other users never get the right to change permissions, even if they have write access. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] dos filemode (security concern)
Hi, I've a question about the 'dos filemode' option (samba 3.0.24, debian etch). I want to use this option to allow group members with write access to add/change permissions. man smb.conf: dos filemode (S) only the owner of a file/directory is able to change the permissions on it. However, this behavior is often confusing to DOS/Windows users. Enabling this parameter allows a user who has write access to the file (by whatever means) to modify the permissions (including ACL) on it. Note that a user belonging to the group owning the file will not be allowed to change permissions if the group is only granted read access. Ownership of the file/directory may also be changed. I am member of the group users, but I've no write access to the directory. So I'd think that I'm not allowed to add users or change permissions. But this is not true here. [testshare] printable = no comment = Testshare browseable = no writable = yes map archive = no map hidden = no map system = no map readonly = no dos filemode = yes store dos attributes = yes ea support = yes inherit permissions = yes inherit acls = Yes map acl inherit = Yes path = /test/testshare Now inside a directory of this share: # ls -la drwxr-s---+ 5 mh users 61 2008-02-08 16:08 . drwxrwx---+ 6 jm jm 65 2008-02-11 11:20 .. drwxr-s---+ 2 mh users6 2008-02-08 16:08 test # getfacl . # file: . # owner: mh # group: users user::rwx group::--- group:users:r-x mask::r-x other::--- # getfacl test/ # file: test # owner: mh # group: users user::rwx group::r-x group:users:r-x mask::r-x other::--- Now as a user that has read access (r-x) to the both directories (group users) I'm able to add permissions for the user al from windows explorer to the test directory. # getfacl test/ # file: test # owner: mh # group: users user::rwx user:al:r-x- added user group::r-x mask::rwx other::--- default:user::rwx default:user:al:r-x added user default:group::--- default:mask::rwx default:other::--- Now how is this possible? I thought the 'dos filemode' option would only work if a member of the group users has write access to a file. If I set 'dos filemode = no' I'm not able to add or change permissions. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] number of processes (501) is over allowed limit (500)
Ralf Gross schrieb: [2007/11/20 13:43:45, 0] smbd/server.c:allowable_number_of_smbd_processes(220) allowable_number_of_smbd_processes: number of processes (501) is over allowed limit (500) [2007/11/20 13:54:00, 0] smbd/server.c:allowable_number_of_smbd_processes(220) allowable_number_of_smbd_processes: number of processes (501) is over allowed limit (500) [2007/11/20 14:04:57, 0] lib/util_sock.c:get_peer_addr(1229) getpeername failed. Error was Der Socket ist nicht verbunden [2007/11/20 14:42:56, 0] smbd/server.c:allowable_number_of_smbd_processes(220) allowable_number_of_smbd_processes: number of processes (501) is over allowed limit (500) [2007/11/20 14:51:21, 0] lib/util_sock.c:get_peer_addr(1229) getpeername failed. Error was Der Socket ist nicht verbunden I've the following in my smb.conf: max smbd processes = 500 deadtime = 15 [...] # smbstatus -p -b | wc -l 60 # ps -eLf | grep smbd | wc -l 58 # pgrep -lf smbd | wc -l 57 # netstat -tunp | grep smb | wc -l 55 # ps aux | grep nmbd | wc -l 1 So my questions are: * why is smbd complaining about 500 processes if only 74 are running? * how can I check what the resason for the message/number of proecesses is? I searched samba's bug db, but didn't find anything with allowable_number_of_smbd_processes as search term. A search in the lists archive also returned only my own posting as result. Am I misinterpreting the 'max smnd processes' option? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] number of processes (501) is over allowed limit (500)
Hello, I regularly have the problem that no new connections to our samba server can be established (debian etch amd64, samba 3.0.24-6etch4, security = ADS). [2007/11/20 13:43:45, 0] smbd/server.c:allowable_number_of_smbd_processes(220) allowable_number_of_smbd_processes: number of processes (501) is over allowed limit (500) [2007/11/20 13:54:00, 0] smbd/server.c:allowable_number_of_smbd_processes(220) allowable_number_of_smbd_processes: number of processes (501) is over allowed limit (500) [2007/11/20 14:04:57, 0] lib/util_sock.c:get_peer_addr(1229) getpeername failed. Error was Der Socket ist nicht verbunden [2007/11/20 14:42:56, 0] smbd/server.c:allowable_number_of_smbd_processes(220) allowable_number_of_smbd_processes: number of processes (501) is over allowed limit (500) [2007/11/20 14:51:21, 0] lib/util_sock.c:get_peer_addr(1229) getpeername failed. Error was Der Socket ist nicht verbunden I've the following in my smb.conf: max smbd processes = 500 deadtime = 15 I rember that I once had the problem that several hundred smbd processes made the server completely unresponsive. I then added the above config options. Now I see the 'number of processes (501) is over allowed limit (500)' messages every few weeks. But if I check the running smbd processes I never find more than 70-80. This is also the number of procs that are usually running. # smbstatus -p -b | wc -l 60 # ps -eLf | grep smbd | wc -l 58 # pgrep -lf smbd | wc -l 57 # netstat -tunp | grep smb | wc -l 55 # ps aux | grep nmbd | wc -l 1 So my questions are: * why is smbd complaining about 500 processes if only 74 are running? * how can I check what the resason for the message/number of proecesses is? Thanks, Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] poor performance with bonding in round-robin mode (only samba affected)
Hi, samba 3.0.24, debian etch I'm seeing a strange effect with samba and traffic over a bond0 interface in round robin mode. 2 server each with 2 GbE interfaces as bond0 device ind rr mode. netio benchmark: NETIO - Network Throughput Benchmark, Version 1.26 (C) 1997-2005 Kai Uwe Rommel TCP connection established. Packet size 1k bytes: 182840 KByte/s Tx, 197599 KByte/s Rx. Packet size 2k bytes: 200947 KByte/s Tx, 208788 KByte/s Rx. Packet size 4k bytes: 217239 KByte/s Tx, 208988 KByte/s Rx. Packet size 8k bytes: 225145 KByte/s Tx, 208948 KByte/s Rx. Packet size 16k bytes: 227877 KByte/s Tx, 208372 KByte/s Rx. Packet size 32k bytes: 227802 KByte/s Tx, 208122 KByte/s Rx. Done. netpipe benchmark: [...] 121: 8388605 bytes 3 times -- 1540.13 Mbps in 41554.81 usec 122: 8388608 bytes 3 times -- 1538.24 Mbps in 41605.99 usec 123: 8388611 bytes 3 times -- 1482.47 Mbps in 43171.17 usec So the network throughput is ok in round robin mode. I know that there is overhead because of packet reordering, but ~180MB/s is ok. ftp (bonding mode round robin): ftp get 2GB_file local: 2GB_file remote: 2GB_file 200 PORT command successful. Consider using PASV. 150 Opening BINARY mode data connection for 2GB_file (204800 bytes). 226 File send OK. 204800 bytes received in 35.95 secs (55626.5 kB/s) samba (bonding mode round robin): Domain=[EMEA] OS=[Unix] Server=[Samba 3.0.24] smb: \ get 2GB_file getting file \2GB_file of size 204800 as 2GB_file (35466,7 kb/s) (average 35466,7 kb/s) That's 20MB/s less than ftp in rr mode. But if I change the bonding mode to xor, I get nearly the same throughput with samba that I get with ftp. ftp (bonding mode xor): ftp get 2GB_file local: 2GB_file remote: 2GB_file 200 PORT command successful. Consider using PASV. 150 Opening BINARY mode data connection for 2GB_file (204800 bytes). 226 File send OK. 204800 bytes received in 33.62 secs (59486.2 kB/s) samba (bonding mode xor): Domain=[EMEA] OS=[Unix] Server=[Samba 3.0.24] smb: \ get 2GB_file getting file \2GB_file of size 204800 as 2GB_file (52364,2 kb/s) (average 52364,2 kb/s) What's the difference with samba and rr mode? round robin mode is working fine with ftp and different benchmarks (dd/netpipe too). Only with samba I'm seeing this performance drop. I tried different socket options: socket options = TCP_NODELAY and socket options = TCP_NODELAY SO_SNDBUF=32768 SO_RCVBUF=32768 IPTOS_LOWDELA no difference. additionally I used the interfaces option: interfaces = bond0 bond1 I'm confused because with round robin mode I see a better throughput in general, only samba seems to have problems. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] panic: Unable to open new log file ... Too many open files
) [0x2b5ce87534ca] #20 /usr/sbin/smbd [0x446bea] [2007/08/15 17:19:30, 0] lib/util.c:smb_panic(1607) smb_panic(): calling panic action [/usr/share/samba/panic-action 13962] [2007/08/15 17:19:30, 0] lib/util.c:smb_panic(1615) smb_panic(): action returned status 0 [2007/08/15 17:19:30, 0] lib/fault.c:dump_core(173) dumping core in /var/log/samba/cores/smbd # sysctl fs.file-max fs.file-nr fs.file-max = 569133 fs.file-nr = 1920 0 569133 I found this Too many open files message only in one users logfile. Is this something to worry about or maybe a client problem? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] XP PC hangs when copying file
Hello - I'm trying to copy a file from one samba share to the next. So I would have 2 open shares on my XP PC. I'm dragging the file/or directory onto the second share. At the second I dropped the file the XP PC freezes and after a long time of waiting the file gets copied on the second share and the PC is usable again. If I copy the same file from the share to my PC and then from my PC to the second share it works just fine. Also doing the same, using a dos-cmd shell works just fine. I'm at a loss here. [2007/08/07 11:49:09, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2007/08/07 11:49:09, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2007/08/07 11:49:09, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 25: ERRNO = Connection reset by peer the samba logfile for my PC shows the above. Any idea? Thank YOU RHEL 4/Samba 3.0.10 -- Ralf Wiegand Albany, NY US -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Limitations on the size of a samba share
I have currently a samba share what is 54GB in size with many, 100's for subdirectories within. Should I have any additional entries in the smb.conf file. [global] workgroup = BIG server string = Linux Samba Server printcap name = /etc/printcap load printers = yes cups options = raw security = ADS realm = somedomaine.org log file = /var/log/samba/%m.log max log size = 50 interfaces = eth0 lo bind interfaces only = yes local master = no wins server = xxx.yyy.zzz.aaa dns proxy = yes -- Ralf Wiegand Albany, NY US -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems copying files between shares
Hello - Here is the setup: RHEL 4 - 2.6.9-55.0.2.ELsmp Samba - 3.0.10-1.4.E.12.2 Samba is part of a AD. Samba server using nfs to mount filesystems from Solaris 9 systems. XP domain/AD User maps to samba shares webA and webB (nfs serverA and nfs serverB). User is trying to copy file from or to webA - webB shares, XP/Explorer freezes completely. Have several other shares and similar setups on this Samba server, no problems at all. What should I do to find out what is causing this problem? Thank YOU Ralf -- Ralf Wiegand Albany, NY US -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE-post: Problems copying files between shares
Hello - Here is the setup: RHEL 4 - 2.6.9-55.0.2.ELsmp Samba - 3.0.10-1.4.E.12.2 Samba is part of a AD. Samba server using nfs to mount filesystems from Solaris 9 systems. XP domain/AD User maps to samba shares webA and webB (nfs serverA and nfs serverB). User is trying to copy file from or to webA - webB shares, XP/Explorer freezes completely. Have several other shares and similar setups on this Samba server, no problems at all. What should I do to find out what is causing this problem? Thank YOU Ralf -- Ralf Wiegand Albany, NY US -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Performance problem with file 2Gb
Alessandro Ferrari schrieb: There are some problems to transfer big file over 2Gb, It is a filesize limitation of samba. I just transfered a 2,8 GB file with smbclient and got ~60 MB/s. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Performance problem with file 2Gb
Sébastien CRAMATTE schrieb: I suggest trying to transfer the same files via ftp or scp (e.g. using WinSCP client), to assure that the server hardware / network equipment is OK, then, if the slowdown is seen _only_ using samba shares, do a search in the mailing archives. I know it's not much, but HTH nonetheless. I will try with SCP I would try some network benchmarks first (netpipe, netio, netperf...). scp will encrypt the data, thus you will not get the full throughput. I had problems with Intel e1000 GbE cards last year. Most of the problems showed up in the kernel log. Keep an eye on the logs. Then I would test the raid/fs with a benchmark like bonnie++ or tiobench. If both tests are ok, I would use ftp to transfer some files and see if it behaves similar to samba. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Volker Lendecke schrieb: On Wed, Jul 11, 2007 at 06:16:12PM +0200, Ralf Gross wrote: [2007/07/11 18:06:02, 0] nsswitch/winbindd.c:request_len_recv(555) request_len_recv: Invalid request size received: 1848 Update /lib/libnss_winbind.so with the version you just compiled and reboot. That worked and now I've got 3.2 running. One thing I also noticed with the ubuntu package: the groupnames are only numbers. I [EMAIL PROTECTED]:~$ /opt/samba32/bin/wbinfo -r ralfgro 2003 2004 2005 2006 2007 2008 2009 [...] [EMAIL PROTECTED]:~$ id -a uid=2000(ralfgro) gid=2000 Gruppen=2000 [EMAIL PROTECTED]:~$ ls -l insgesamt 0 lrwxrwxrwx 1 ralfgro 2000 26 2007-07-12 08:27 Examples - /usr/share/example-content -rw-r--r-- 1 ralfgro 2000 0 2007-07-12 08:29 foo [EMAIL PROTECTED]:~$ ls -la insgesamt 24 drwxr-xr-x 2 ralfgro 2000 4096 2007-07-12 08:43 . drwxr-xr-x 4 rootroot 4096 2007-07-12 08:27 .. -rw-r--r-- 1 ralfgro 2000 220 2007-07-12 08:27 .bash_logout -rw-r--r-- 1 ralfgro 2000 414 2007-07-12 08:27 .bash_profile -rw-r--r-- 1 ralfgro 2000 2298 2007-07-12 08:27 .bashrc lrwxrwxrwx 1 ralfgro 2000 26 2007-07-12 08:27 Examples - /usr/share/example-content -rwxr--r-- 1 ralfgro 20000 2007-07-12 08:29 foo -rw-r--r-- 1 ralfgro 2000 566 2007-07-12 08:27 .profile -rwxr--r-- 1 ralfgro 20000 2007-07-12 08:43 test [EMAIL PROTECTED]:~$ chgrp users test chgrp: Ändern der Gruppe für test: Operation not permitted I must still be missing something... Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Ralf Gross schrieb: One thing I also noticed with the ubuntu package: the groupnames are only numbers. I [EMAIL PROTECTED]:~$ /opt/samba32/bin/wbinfo -r ralfgro 2003 2004 2005 2006 2007 2008 2009 [...] I obviously screwed the nsswitch.conf. After correcting this, I get the group names. But the whole thing is still very fragile. A simpe 'id -a' takes ages and I just killed winbind after one minute with this result. [EMAIL PROTECTED]:~$ id -a uid=2000(ralfgro) gid=2000(emea\domain users) Gruppen=2000(emea\domain users),2003(emea\emtc_tsrv_restrict_cul_a),2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2022,2025,2026,2028,2029,2033,2035,2036,2037,2038,2039,2041,2042,2043,2044,2046,2048,2049,2050,2051,2053,2054,2056,2057,2058,2059,2060,2062,2063,2064,2066,2067,2069,2070,2071,2072,2073,2075,2076,2079,2080,2081,2082,2083,2084,2085,2086,2088,2089,2090,2093,2094,2099,2103,2109,2111,2113,2114,2115,2116,2119,2122,2125,2126,2127,2130,2131,2133 This is the debug output of a second try... [2007/07/12 09:28:10, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(886) [ 6914]: getgrgid 2004 [2007/07/12 09:28:10, 1] nsswitch/winbindd_group.c:getgrsid_sid2gid_recv(760) Can't find domain from name (EMEA\EMTC_ITS_MTC) [2007/07/12 09:28:10, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(886) [ 6914]: getgrgid 2005 [2007/07/12 09:28:15, 3] nsswitch/winbindd_ads.c:lookup_groupmem(1099) ads lookup_groupmem for sid=S-1-5-21-1482476501-1450960922-725345543-152681 succeeded --- pause [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(521) [ 6914]: request interface version [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(521) [ 6915]: request interface version [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(521) [ 6914]: request interface version [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(521) [ 6914]: request interface version [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(521) [ 6914]: request interface version [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(554) [ 6914]: request location of privileged pipe [2007/07/12 09:30:33, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(886) [ 6914]: getgrgid 2008 [2007/07/12 09:30:33, 3] nsswitch/winbindd_ads.c:lookup_groupmem(1099) [...] [2007/07/12 09:39:21, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(886) [ 6914]: getgrgid 2076 [...] During this command no connection to any share was possible! Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Ralf Gross schrieb: Now after executing 'id -a' I got a panic: [2007/07/12 10:28:28, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(886) [ 6998]: getgrgid 2054 [2007/07/12 10:28:38, 0] libsmb/clientgen.c:cli_receive_smb_internal(136) Receiving SMB: Server stopped responding [2007/07/12 10:28:38, 0] rpc_client/cli_pipe.c:rpc_api_pipe(789) rpc_api_pipe: Remote machine smtcd001.emea.corpdir.net pipe \lsarpc fnum 0x8005returned critical error. Error was Call timed out: server did not respond after 1 milliseconds [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(40) === [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 6905 (3.2.1pre1-SVN-build-23823) Please read the Trouble-Shooting section of the Samba3-HOWTO [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(44) === [2007/07/12 10:28:38, 0] lib/util.c:smb_panic(1655) PANIC (pid 6905): internal error [2007/07/12 10:28:38, 0] lib/util.c:log_stack_trace(1759) BACKTRACE: 18 stack frames: #0 /opt/samba32/sbin/winbindd(log_stack_trace+0x2d) [0x8142eab] #1 /opt/samba32/sbin/winbindd(smb_panic+0x78) [0x8142fd9] #2 /opt/samba32/sbin/winbindd [0x812e72e] #3 [0xe420] #4 /lib/tls/i686/cmov/libc.so.6(vsnprintf+0xb4) [0xb7d8eb54] #5 /opt/samba32/sbin/winbindd(talloc_vasprintf+0x3b) [0x81254ec] #6 /opt/samba32/sbin/winbindd(talloc_asprintf+0x2e) [0x812563f] #7 /opt/samba32/sbin/winbindd [0x80d4662] #8 /opt/samba32/sbin/winbindd [0x80ba8a9] #9 /opt/samba32/sbin/winbindd [0x80afeea] #10 /opt/samba32/sbin/winbindd [0x80b1c89] #11 /opt/samba32/sbin/winbindd [0x80db102] #12 /opt/samba32/sbin/winbindd [0x80dbe15] #13 /opt/samba32/sbin/winbindd [0x80da383] #14 /opt/samba32/sbin/winbindd [0x80a9220] #15 /opt/samba32/sbin/winbindd(main+0xdef) [0x80aa0db] #16 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xdc) [0xb7d45ebc] #17 /opt/samba32/sbin/winbindd [0x80a8031] [2007/07/12 10:28:38, 0] lib/fault.c:dump_core(180) dumping core in /opt/samba32/var/cores/winbindd Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Michael Adam schrieb: could you please for debugging this raise your log level to 10 (and possibly set max log size to 0 to prevent rotation of log files). For the stack trace to be more meaningful, it would also be good to have samba compiled with CFLAGS=-g (debugging symbols) and without optimizations (no -O, -O2, ... flag). Furthermore the configure option --enable-pie=no is useful. As for your setup: Could you provide your smb.conf file (secret stuff grayed out of course)? You should double check that no components are mixed between your system package samba installation and your hand-compiled version (sorry if I am stating obious things): * save your smb.conf * clean all of /opt/samba32 * recompile as stated above * reinstall * copy your smb.conf to /opt/samba32/lib (don't forget to raise log level to 10 and max log size = 0) * make sure to copy (or link) libnss_winbind.so to /lib/libnss_winbind.so (and /lib/libnss_winbind.so.2) * rejoin the domain * start nmbd/smbd/winbindd daemons * make your tests as before, using tools (wbinfo...) from /opt/samba32/bin when not using system commands (id, getent, ...) Then provide us with the logs - maybe bugzilla.samba.org is more approriate a place for this. I would prefere to send this data to you directly and not publish it on the bts. I can remove some of the critical data from the log files, but not all. Also some key data about your AD environment would be interesting to know: number of DCs, OS version of DCs, mode of AD (native 2003, ...) number of users, number of groups, size of largest groups involved in your tests, number of groups user is member of, ... I can also send you this information to your mail address. Which one should I use? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Michael Adam schrieb: Assuming you have a web proxy, you can try rsync with setting the environment variable RSYNC_PROXY to $proxy_ip:$proxy_port (like export RSYNC_PROXY=192.168.0.1:3128 in bash). Proxy only allows port 80 and 443, 873 is blocked. http://svnanon.samba.org/samba/docs/man/Samba-HOWTO-Collection/compiling.html#id442180 I can't reach http://svnweb.samba.org/. That should probably be websvn instead of svnweb, but this is for inspecting single files and diffs, not for downloading the sources anyway. Ok, I thought there is a way to use svn+http to get the files. Is there another way to get the 3_2 release by svn/http? If you can't get it with rsync through http, I could put a tarball for download somewhere tomorrow. Just let me know. I was able to get it at home and put it on a cd :) The reason why lookup_groupmem gets used in ls -l at all is that the getgrgid library call is used to resolve the gids into names, and this call returns not only the name but the whole group structure, including the list of members. So to confirm my assumptions above, you could compare the runtime of ls -l to that of ls -ln: The latter should be much faster! Thanks for your reply, I'll try to get the source and compile it. This might take some time. BTW: wbinfo also wasn't working right and winbindd was not responding after issuing that command. By that command you mean ls -ln? And 'wbinfo -g' or 'wbinfo -u'. I couldnt't get the user and group and winbindd died after that command. Well, let's see what improvement the new version brings. BTW: The enhancements were made specifically for environments with hundreds of thousands of users and groups (and large groups!) in ad. Sounds promising! Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Michael Adam schrieb: I was able to get it at home and put it on a cd :) Great! In the meantime I compiled 3.2, but I've some problems with the machine account. I joined the domain with the ubuntu package some weeks ago (my desktop) and installed samba 3.2 to /opt. I tried to copy the old samba tdb files from /var/lib/samba to /opt/... but it seems that something went wong (it was just a quick trial and error attempt). I have to look into that in the next days. Michael Adam schrieb: By that command you mean ls -ln? And 'wbinfo -g' or 'wbinfo -u'. I couldnt't get the user and group and winbindd died after that command. wbinfo -u/-g get the list of users/groups even if winbind enum users/groups is set to no in the config (it uses other means than the getpwent/getgrent system functions). If your number of users and groups is very large, wbinfo will currently time out, but winbindd will continue to complete the request. Ok. Well, let's see what improvement the new version brings. BTW: The enhancements were made specifically for environments with hundreds of thousands of users and groups (and large groups!) in ad. Sounds promising! I am interested to hear how the new version performs in your setup! This might take some more days but I'll give feedback! Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Ralf Gross schrieb: I am interested to hear how the new version performs in your setup! This might take some more days but I'll give feedback! Ok, I was able to rejoin the domain. On host wu7e003: /opt/samba32# bin/wbinfo -t checking the trust secret via RPC calls succeeded /opt/samba32# bin/wbinfo -i ralfgro ralfgro:*:2000:2000::/home/ads/EMEA/ralfgro:/bin/bash But I can't connect to the host: smbclient //wu7e0003/ralfgro -U ralfgro -W emea Password: session setup failed: NT_STATUS_LOGON_FAILURE log.winbind: [2007/07/11 18:06:02, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(521) [ 6340]: request interface version [2007/07/11 18:06:02, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(554) [ 6340]: request location of privileged pipe [2007/07/11 18:06:02, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(415) [ 6340]: domain_info [EMEA] [2007/07/11 18:06:02, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1727) [ 6340]: pam auth crap domain: [EMEA] user: ralfgro [2007/07/11 18:06:02, 0] nsswitch/winbindd.c:request_len_recv(555) request_len_recv: Invalid request size received: 1848 [2007/07/11 18:06:02, 0] nsswitch/winbindd.c:request_len_recv(555) request_len_recv: Invalid request size received: 1848 [2007/07/11 18:06:02, 0] nsswitch/winbindd.c:request_len_recv(555) request_len_recv: Invalid request size received: 1848 [2007/07/11 18:06:02, 0] nsswitch/winbindd.c:request_len_recv(555) request_len_recv: Invalid request size received: 1848 [2007/07/11 18:06:02, 0] nsswitch/winbindd.c:request_len_recv(555) request_len_recv: Invalid request size received: 1848 [2007/07/11 18:06:02, 3] nsswitch/winbindd_misc.c:winbindd_ping(500) [ 6340]: ping log.wb-EMEA [2007/07/11 18:06:02, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1793) [ 6248]: pam auth crap domain: EMEA user: ralfgro log.smbd [2007/07/11 18:06:02, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [ralfgro] - [ralfgro] FAILED with error NT_STATUS_NO_SUCH_USER Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Volker Lendecke schrieb: On Wed, Jul 11, 2007 at 06:16:12PM +0200, Ralf Gross wrote: [2007/07/11 18:06:02, 0] nsswitch/winbindd.c:request_len_recv(555) request_len_recv: Invalid request size received: 1848 Update /lib/libnss_winbind.so with the version you just compiled and reboot. I changed the path to libnss_winbind.so in all relevant files in /etc/pam.d/, but I will try your suggestion tomrorrow and reboot. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind + samba limits with large AD?
Hi, a few months ago I tried to setup samba + winbind (debian etch, amd64, samba 3.0.24). I followed the howto and got the authentication running. But I had not much success with winbind. I disabled the user/group enumeration, but this didn't change it. A simple 'ls -l' in a directory with 10-20 files took minutes to return the list and most of the time winbindd just stopped working an no connection to the samba shares were possible. I had to kill the daemon. I'm only responsible for a couple of linux workstations, but our AD is quite large (10 or more entries). Before I start a new attempt to get winbindd working, I would like to know if this is possible at all without any further patches or secret tweaks? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind join with different domains
Jim Kusznir schrieb: We have an existing AD domain with about 500 windows systems in it. Our AD domain, EECS.AD.WSU.EDU, is different than our DNS domain: eecs.wsu.edu. We do have the DNS mappings for AD set up properly (actually, the domain controllers manage them), and all windows - windows stuff works great. I am now trying to join a samba system so it can be the printserver to windows systems with domain authentication. When I try and join it, I get: Using short domain name -- EECS Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. I have attempted both with my personal domain admin account and with the domain admin account with no difference. Some time ago (1.5-2yrs ago), I succeeded doing this, and the domain layout was the same then as now. As I recall, I joined the same way then, and it just worked. How do I do it now? Changing domains to make them match is not an option at this time. For the join I temp add the hostname + AD name to the /etc/hosts file. eg: y.x.c.v foobar.EECS.AD.WSU.EDU foobar.eecs.wsu.edu This works for me (I had a hard time to find this solution). Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Michael Adam schrieb: I assume that you are using security = ads and I assume that your AD setup has groups with lots of members? Yes, that's right. This is a known problem then that has been fixed in current samba (SAMBA_3_2 as of today): The ads version of the function lookup_groupmem (used to retrieve the members of a given group) showed poor performance on large groups. I recently improved the performance of this call (starting with svn revisions r23070 and r23072). This is in SAMBA_3_2 and in SAMBA_3_2_0, so it will be in the next release (3.2.0). Ok. There is no way to improve the performance significantly with 3.0.24 (except patching). So I suggest that you grab the latest sources with svn (see http://www.samba.org/samba/devel/), you can also get the upcoming release branch SAMBA_3_2_0 here) or get the unpacked sources with rsync like so: rsync -avSH samba.org::ftp/pub/unpacked/samba_3_2/ ./samba_3_2 and then compile it yourself. I can't use rsync or cvs from office. It seems that svnweb which is mentioned in the howto is not working anymore. http://svnanon.samba.org/samba/docs/man/Samba-HOWTO-Collection/compiling.html#id442180 I can't reach http://svnweb.samba.org/. Is there another way to get the 3_2 release by svn/http? The reason why lookup_groupmem gets used in ls -l at all is that the getgrgid library call is used to resolve the gids into names, and this call returns not only the name but the whole group structure, including the list of members. So to confirm my assumptions above, you could compare the runtime of ls -l to that of ls -ln: The latter should be much faster! Thanks for your reply, I'll try to get the source and compile it. This might take some time. BTW: wbinfo also wasn't working right and winbindd was not responding after issuing that command. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Custom Windows Welcome message
Hello - I running Samba as a PDC on FC6 with roaming profiles. I need to setup a custom Windows logon/welcome message... to tell users want they can expect using this domain. Is it also possible to place different PDF files on the users desktop when he or she logs on, but only referencing one source file, so I don't have a copy for each user? What is the best approach? Thank You. Ralf Bored stiff? Loosen up... Download and play hundreds of games for free on Yahoo! Games. http://games.yahoo.com/games/front -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Custom Windows Welcome message
Thanks for the tip. In a windows AD domain, this is accomplished by using a group policy... so how do you do this in samba. I don't want to added each XP box. If it is done via a logon script, do you have an example? Ralf - Original Message From: Natxo Asenjo [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Thursday, July 5, 2007 10:50:20 AM Subject: Re: [Samba] Custom Windows Welcome message On 7/5/07, Ralf Wiegand [EMAIL PROTECTED] wrote: Hello - I running Samba as a PDC on FC6 with roaming profiles. I need to setup a custom Windows logon/welcome message... to tell users want they can expect using this domain. I am sorry to ask you to stfw: http://www.google.nl/search?q=windows%20welcome%20message the first result is spot on. Is it also possible to place different PDF files on the users desktop when he or she logs on, but only referencing one source file, so I don't have a copy for each user? What is the best approach? use a login script or a mandatory desktop. These 2 questions have nothing to do with samba, though ;), they are normal windows networking in action. -- Groeten, J.Asenjo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba and failover (drbd + heartbeat)
adrian sender schrieb: Thanks fpr yout rely and for the Howto. 1. Use LDAP Backend We have some users that don't exist in LDAP or AD. For them we use a local samba account an I have to replicate the password file on both machines. The shares that are defined in smb.conf are also changing, so I have to sync them too. I didn't look deep into the howto, but I couldn't find anything about the files I have to sync. 2. Follow this Guide Thanks, Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can new ACL entries be inherited to existing subdirectories.
Andrew Watkins schrieb: But, adding a new permission on the security tab to a folder does not alter the EXISTING files/sub-folders like it does on a real windows network drive. I am running Samba 3.0.24/25 on Solaris 10/9 machines and here are my current settings: acl compatibility = auto acl check permissions = Yes acl group control = No acl map full control = Yes force unknown acl user = No inherit permissions = No inherit acls = No inherit owner = No nt acl support = Yes profile acls = No map acl inherit = No With 'inherit permissions = yes' it's working for me on linux. dos filemode = yes inherit permissions = yes store dos attributes = yes map archive = no map hidden = no map system = no map readonly = no ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba and failover (drbd + heartbeat)
Ralf Gross schrieb: I've setup two server A + B (debian etch) with drbd + heartbeat in active/passive mode. If the primary server A fails, the shared storage is mounted on B, the virtual ip A-vip moves to the new primary B and samba is started by heartbeat. This works well, but I'm not sure which samba files should be identical on both server. Both have a dedicated machine account at the moment. primary: A, 192.168.0.50 (active) secondary: B, 192.168.0.60 (passive) cluster/failover: A-vip, 192.168.0.70 (dns name and ip that the client use to access the shares) Should I just kick all samba files on B and sync them with the files of the primary server A (maybe rsync or inotify, I don't use drbdlinks)? I *think* this would be the necessary directories: /etc/samba /var/cache/samba /var/lib/samba /var/log/samba /var/run/samba /var/spool/samba Ok, nobody is complaining, so guess it's the right way ;) Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba and failover (drbd + heartbeat)
Hi, I've setup two server A + B (debian etch) with drbd + heartbeat in active/passive mode. If the primary server A fails, the shared storage is mounted on B, the virtual ip A-vip moves to the new primary B and samba is started by heartbeat. This works well, but I'm not sure which samba files should be identical on both server. Both have a dedicated machine account at the moment. primary: A, 192.168.0.50 (active) secondary: B, 192.168.0.60 (passive) cluster/failover: A-vip, 192.168.0.70 (dns name and ip that the client use to access the shares) Should I just kick all samba files on B and sync them with the files of the primary server A (maybe rsync or inotify, I don't use drbdlinks)? I *think* this would be the necessary directories: /etc/samba /var/cache/samba /var/lib/samba /var/log/samba /var/run/samba /var/spool/samba I've not set any host specific paramters in smb.conf, I use the dns alias A-vip and the virtal-ip for the netbios alias and interface settings. BTW: the machine account was created for the hostname of the primary server A, not the DNS alias A-vip, will this lead to a problem? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Link AD to pre-existing UNIX accounts
CG schrieb: I'm trying to use winbindd to enumerate and link AD users to their pre- existing UNIX accounts. Right now, winbindd creates new users for UNIX based on windows username and groups. What I can't figure out is how to explicitly map the AD users to their pre- existing UNIX accounts. I'd like the users to be able to access their UNIX accounts with their UNIX authentication information /and/ their AD authentication information. I had hung my hat on the username map smb.conf directive, but I find now that it doesn't apply to winbindd. Has anyone worked out a strategy for this scenario? I asked this a while ago and got the answer that this it not possible. I think you've to remove the old users and change all existing files that they own to the new winbind uids (find with the uid option). Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Link AD to pre-existing UNIX accounts
CG schrieb: Ralf Gross Ralf-Lists at ralfgross.de writes: I asked this a while ago and got the answer that this it not possible. I think you've to remove the old users and change all existing files that they own to the new winbind uids (find with the uid option). And there we go! I appreciate the pointer. I'm sure we were both hoping to avoid that scenario, but it seems inevitable. To be honest, I dropped winbind because the performance was too bad with our huge number of AD entries. But this doesn't make life easier at the moment... Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Re: file permissions with inherit permission + ACL's
Jay Flory schrieb: Ralf Gross [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Jay Flory schrieb: I have a share (testshare) where different unix groups (testgroup1, testgroup2) should have access to. But I want that new files are only created with 660 permissions. Here are the ACL's of testshare: # file: testshare # owner: ralfgro # group: ve user::rwx group::rwx group:testgroup1:rwx group:testgroup2:rwx mask::rwx other::--- default:user::rwx default:group::--- default:group:testgroup1:rwx default:group:testgroup2:rwx default:mask::rwx default:other::--- [snip] I already played with the default mask ACL, but then I always ended with no executable bit on files _and_ directories which denies access to the new created directories... What would happen if you removed the default entries from your directory ACLs? It looks to me like the default ACLs are being applied from the directory to the newly created file. I believe that POSIX ACLs do this by design. But I need the default directory ACLs to give the 2 groups rights on all new created files and directories in this share, or am I wrong about this? The only thing I don't want is the executable bit on files. I believe that Samba, with the inherit acls = yes setting, is designed to set the permissions on the new subdirectories. The Definitive Guide to Samba 3 puts it this way When set to Yes, Samba copies a directory's ACLs when creating subdirectories within it. The default value of No sets directory permissions according to the directory mask, force directory mode, and inherit permissions options instead. If I am correct then the default ACL entries on your directory is redundant for new sub directories and interfering when Samba tries to set permissions on the new files (inherit permissions). I tried different settings, and it's basicially working with either 'inherit permissions' or 'inherit acls' + correct ACLs. But new files are still created with the x-bit. I'm beginning to think, that there is no way to prevent smb from setting this bit if the groups should get access to new created directories. My goal was: - different groups with (maybe different) rights on all new files/directories - file should have only 660 permissions (no x-bit) Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: file permissions with inherit permission + ACL's
Jay Flory schrieb: I have a share (testshare) where different unix groups (testgroup1, testgroup2) should have access to. But I want that new files are only created with 660 permissions. Here are the ACL's of testshare: # file: testshare # owner: ralfgro # group: ve user::rwx group::rwx group:testgroup1:rwx group:testgroup2:rwx mask::rwx other::--- default:user::rwx default:group::--- default:group:testgroup1:rwx default:group:testgroup2:rwx default:mask::rwx default:other::--- [snip] I already played with the default mask ACL, but then I always ended with no executable bit on files _and_ directories which denies access to the new created directories... What would happen if you removed the default entries from your directory ACLs? It looks to me like the default ACLs are being applied from the directory to the newly created file. I believe that POSIX ACLs do this by design. But I need the default directory ACLs to give the 2 groups rights on all new created files and directories in this share, or am I wrong about this? The only thing I don't want is the executable bit on files. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] file permissions with inherit permission + ACL's
Hi, I have a share (testshare) where different unix groups (testgroup1, testgroup2) should have access to. But I want that new files are only created with 660 permissions. Here are the ACL's of testshare: # file: testshare # owner: ralfgro # group: ve user::rwx group::rwx group:testgroup1:rwx group:testgroup2:rwx mask::rwx other::--- default:user::rwx default:group::--- default:group:testgroup1:rwx default:group:testgroup2:rwx default:mask::rwx default:other::--- I created a new directory and a new file in this share. drwxrws---+ 2 ralfgro ve6 2007-04-18 17:28 testdir -rwxrwx---+ 1 ralfgro ve0 2007-04-18 17:28 testfile.txt # file: testdir # owner: ralfgro # group: ve user::rwx group::--- group:testgroup1:rwx group:testgroup2:rwx mask::rwx other::--- default:user::rwx default:group::--- default:group:testgroup1:rwx default:group:testgroup2:rwx default:mask::rwx default:other::--- The permissions of this new directory are fine. But new files should be created with 660 permissions, not 770. # file: testfile.txt # owner: ralfgro # group: ve user::rwx group::--- group:testgroup1:rwx group:testgroup2:rwx mask::rwx other::--- This is the relevant part of smb.conf: [testshare] force create mode = 0660 create mask = 0660 force directory mode = 2770 directory security mask = 2770 force directory security mode = directory mask = 2770 force security mode = security mask = 0770 inherit acls = yes inherit permissions = yes map archive = no map system = no ... Some of the options might be needless now, but I needed them as I used 'force group = ...' instead of 'inherit permissions'. I already played with the default mask ACL, but then I always ended with no executable bit on files _and_ directories which denies access to the new created directories... Any ideas? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions with inherit permission + ACL's
Carlos Rivera-Jones schrieb: drwxrws---+ 2 ralfgro ve6 2007-04-18 17:28 testdir 2770 [drwxrws--] permissions will force inherit at the file level system, ignoring Samba. Set the directory to 0770 permissions, and new items would be created with 660 as per smb.conf I removed the gid bit, but this doesn't change the permissions of new files. They are still 770. ls -la testshare insgesamt 8 drwxrwx---+ 2 ralfgro ve 25 2007-04-18 17:57 . drwxr-xr-x 5 rootroot63 2007-04-18 17:55 .. -rwxrwx---+ 1 ralfgro ralfgro 0 2007-04-18 17:56 testfile.txt Other thing is to insure that the main group for the user is the same for all users. Hm, the users that access this share are member of many groups and the main group will not always be the one of this share. But I think this will be handled by the default ACL's. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] the challenge that the password server.. supplied us is not the one we gave our client
Hi, periodically we are seeing the following error in our samba log. At this time nobody can connect to the shares of this server anymore. [2007/04/17 09:05:59, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [PID33C1] - [PID33C1] FAILED with error NT_STATUS_LOGON_FAILURE [2007/04/17 09:06:03, 1] auth/auth_server.c:check_smbserver_security(263) the challenge that the password server (our_password_server) supplied us is not the one we gave our client. This just can't work :-( [2007/04/17 09:06:03, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [PID33C1] - [PID33C1] FAILED with error NT_STATUS_LOGON_FAILURE [2007/04/17 09:06:07, 1] auth/auth_server.c:check_smbserver_security(263) the challenge that the password server (our_password_server) supplied us is not the one we gave our client. This just can't work :-( We're using security = SERVER because the server is not member of the domain. The few users that use that server can authenticate against the ADS password server. After restarting samba everything is fine again. Other server that use the same config don't show this problem at the same time, hence I don't think it's an ADS problem. System: Debian Sarge, Samba 3.0.14 Any hints what to look for? This problem is a bit anoying and I haven't found much about it in the list archive. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] the challenge that the password server.. supplied us is not the one we gave our client
Volker Lendecke schrieb: Any hints what to look for? This problem is a bit anoying and I haven't found much about it in the list archive. Don't use security=server, join that box to the domain. No way around that. Hm, joining the domain is a bit of a problem. So the error is definitely related to the security=server settings? Because sometimes we don't see this error for weeks. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.24 - group permissions
Hello - I upgraded from FC4 to FC6. My samba configuration (samba 3.0.1x) was working just fine until I upgraded to FC6 and Samba 3.0.24. I had shares who where protected and only some users and groups can access them. I used valid users = @wireless, where the group wireless had 10 users. Before the upgrade this was working just fine. Now nobody from @wireless group members can access the share. For the moment I got around it by listing every user of the group @wireless in the valid users = user1 user2 line. I did some research and found that samba version 3.0.24 uses something called getgroupmap. OK here are the questions: q1) How to include my existing groups into the new samba setup, without redoing everything. q2) My server is a PDC, is it possible for samba to act as a AD controller? q3) What is the correct way to setup a PDC using samba 3.0.24, and have the group permissions work correctly? q4) Are there any how to's on working with the new group permissions and why did it change? q5) Some of the research was mentioning off group permission problems and bugs within the new version of samba 3.0.23 and greater. Is this also the case with version 3.0.24 and how do I get around it? Thank You Sincerely, Ralf Wiegand -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Moving a Samba PDC from Solaris 2.8 to CentOS 4.4
Hello, I try to move a Samba-PDC (3.0.24) from Solaris 2.8 to CentOS 4.4 with the guidance from: http://www.samba.org/samba/docs/man/Samba-Guide/upgrades.html#id333969 (Replacing a Domain Controller) At the moment I am trying this in a test environment. This means the following (not the real names/IPs. Just for illustration ;-)): smb.conf entries: ... netbios name = smbtest interfaces = 1.1.1.1/255.255.255.0 ... Hostname Solaris: solaris Virtual network interface with ip: 1.1.1.1 Hostname CentOS: smbtest Real network interface with ip: 1.1.1.1 Than I followed the docs expect that I don't power off the Solaris machine. I just stop the samba daemons and delete the virtual network interface. When I did that, the Windows XP clients can't login in the Domain anymore. After some investigation I found out that the SIDs of the domain and of the Linux-host are not the same than before on the Solaris host. When I change the SIDs with net setlocalsid and net setdomainsid to the original ones it seems to work again. Any ideas why that happens? Is this the expected behavior (because of the hostname change)? Do I have something else to change to test the PDC move? Best regards, Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Move a Samba PDC from Solaris to Linux
Hello, we want to move our Samba PDC controller from a Solaris (2.8) machine to a Linux (CentOS4.4) machine. We have the following plan (on both servers is Samba installed. We use the passdb-backend smbpasswd): 1) Stop Samba on the Solaris machine 2) Copy all machine accounts from Solaris /etc/passwd to Linux /etc/passwd 3) Copy the following files from Solaris to Linux: samba/private/* samba/conf/smb.conf samba/var/locks/*.tdb 4) Poweroff the Solaris machine 5) Change the name of the Linux machine (to the name of the Solaris machine) 6) Start Samba on the Linux machine Will that work? Are the tdb files platform independent? After the move are all Windows clients still in the windows-domain? Thanks. Best regards, Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ClearCase Interop problem with recent Samba versions
Volker Lendecke schrieb: On Fri, Feb 16, 2007 at 05:46:08PM +, Bill Marshall wrote: I think the Vmware Physical to Virtual converter http://www.vmware.com/products/converter/ also has problems with systems that claim to host msdfs. The wizard failed with a crazy error and there wasn't a hint until I did some network traces. Just thought if it was wise to enable dfs by default. It seems to cause quite difficult to track down grief in some situations. Comments on taking it back? I had major problems with differnet smbclient versions after updating our file server to samba 3.0.23 last summer. There's still an open bug report about that. I think nobody ever looked at it... https://bugzilla.samba.org/show_bug.cgi?id=3972 Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] msdfs for local redirects?
Hi, until now the users here did access the samba shares directly via \\server\share. The number of shares is rising and it should now be possible to access shares by the department they belong to. Thus the users need only one drive letter and not many in their windows explorer. To accomplish this I tried the msdfs approach and it's working very nicely. on serverA: share1 - msdfs:serverA\share1 share2 - msdfs:serverA\share2 share3 - msdfs:serverA\share3 ... I'm just wondering if I will introduce unnecessary overhead by exporting _local_ shares this way? The shares have different permissions and not all of them share the same config options. Thus I would like to keep them as separate shares and not just link them with symlinks in the filesystem. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] opendir messages with log level = 1 and extd_audit
Hi, I'm using samba 3.0.23d on Debian Etch and wat to use the extd_audit vfs module. In the global section of my smb.conf I use: log level = 1 vfs:0 And in the share section: vfs objects = extd_audit With log lovel 0 for the vfs module I expected to see messages about deleted/unlinked files and directories + mkdir commands. In fact I get opendir messages too. This is filling up the logfile rather quickly. [2007/02/09 13:32:48, 1] modules/vfs_extd_audit.c:audit_opendir(164) vfs_extd_audit: opendir tmp [2007/02/09 13:32:48, 1] modules/vfs_extd_audit.c:audit_opendir(164) vfs_extd_audit: opendir ./ From http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/VFS.html: ### * extd_audit This module is identical with the audit module above except that it sends audit logs to both syslog as well as the smbd log files. The log level for this module is set in the smb.conf file. Valid settings and the information that will be recorded are shown in the next table. Table 23.1. Extended Auditing Log Information Log Level Log Details - File and Directory Operations 0 Make Directory, Remove Directory, Unlink 1 Open Directory, Rename File, Change Permissions/ACLs 2 Open Close File 10 Maximum Debug Level ### Is it the expected behaviour that extd_audit logs the opendir commands? I found a bug report about this with the comment that the ext_audit module works as designed. https://bugzilla.samba.org/show_bug.cgi?id=1950 I'm now plying around with the full_audit option, but it seems to be poorly documented. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory for users authentication only?
John Snowdon said: SNIP I assume, perhaps naively, that this is because Samba is purely looking up group information for my account from winbind? If so, what do I need to modify so that Samba ignores group information from winbind and purely uses /etc/group? I've encountered a similar problem and opened a bug report. https://bugzilla.samba.org/show_bug.cgi?id=4353 Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain/unix groups and valid users parameter
Ralf Gross schrieb: I want to switch from 'security = server' to 'security = ADS'. Kerberos is working and I can login to the server. With Samba 3.0.22 I was able to restrict access to shares with the 'valid users' directive. ve is local unix group. [foo] comment = foo writable = yes force create mode = 0660 create mask = 0660 force directory mode = 2770 directory security mask = 2770 force directory security mode = directory mask = 2770 force security mode = force group = +ve security mask = 0770 path = /projekte/foo valid users = +ve vfs objects = extd_audit If I now try to connect to share foo, I get Domain=[EMEA] OS=[Unix] Server=[Samba 3.0.23d] tree connect failed: NT_STATUS_ACCESS_DENIED And in the samba log: [2007/01/25 13:14:49, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid +ve does not start with 'S-'. [...] [2007/01/25 13:14:49, 2] smbd/service.c:make_connection_snum(580) user 'EMEA\ralfgro' (from session setup) not permitted to access this share (foo) I tried differnt settings for 'valid users' that I found in the list archives. No change. I did some more testing. For local unix users everything is working as expected. local unix user rg, added with 'smbpasswd -a rg'. Member of unix group ve. [2007/01/26 08:27:02, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid +ve does not start with 'S-'. [2007/01/26 08:27:02, 10] passdb/lookup_sid.c:lookup_name(64) lookup_name: VU0EM003\ve = VU0EM003 (domain), ve (name) [2007/01/26 08:27:02, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/01/26 08:27:02, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/01/26 08:27:02, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/01/26 08:27:02, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/01/26 08:27:02, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/01/26 08:27:02, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/01/26 08:27:02, 10] passdb/lookup_sid.c:lookup_name(64) lookup_name: Unix Group\ve = Unix Group (domain), ve (name) [2007/01/26 08:27:02, 10] smbd/share_access.c:user_ok_token(229) user_ok_token: share foo is ok for unix user rg [2007/01/26 08:27:02, 10] smbd/share_access.c:is_share_read_only_for_token(271) is_share_read_only_for_user: share foo is read-write for unix user rg [2007/01/26 08:27:02, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for foo [2007/01/26 08:27:02, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x1000 to 0x001f01ff [2007/01/26 08:27:02, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x0002, for NT token with 22 entries an But for AD users the local group membership seems to be ignored. AD user emea\ralfgro which I added to the local unix group ve with gpasswd: $ gpasswd -a emea\\ralfgro ve Adding user emea\ralfgro to group ve $ id -a emea\\ralfgro uid=7(ralfgro) gid=7(domain users) Gruppen=7(domain users),300(ve) So, AD user ralfgro is clearly member of unix group ve. But samba thinks it is not in the list of valid users. User EMEA\ralfgro not in 'valid users' [2007/01/26 08:29:10, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid +ve does not start with 'S-'. [2007/01/26 08:29:10, 10] passdb/lookup_sid.c:lookup_name(64) lookup_name: VU0EM003\ve = VU0EM003 (domain), ve (name) [2007/01/26 08:29:10, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/01/26 08:29:10, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/01/26 08:29:10, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/01/26 08:29:10, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/01/26 08:29:10, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/01/26 08:29:10, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/01/26 08:29:10, 10] passdb/lookup_sid.c:lookup_name(64) lookup_name: Unix Group\ve = Unix Group (domain), ve (name) [2007/01/26 08:29:10, 10] smbd/share_access.c:user_ok_token(208) User EMEA\ralfgro not in 'valid users' [2007/01/26 08:29:10, 2] smbd/service.c:make_connection_snum(580) user 'EMEA\ralfgro' (from session setup) not permitted to access this share (foo) [2007/01/26 08:29:10, 3] smbd/error.c:error_packet(146) error packet at smbd/reply.c(676) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED Is there somethign obvious I'm missing here? Shouldn't winbind
Re: [Samba] winbind - timeouts in domain with 100000 domain users
Adam Nielsen schrieb: Sometimes I get back the list of domain users, but this happens only rarely. During the these commands I can't connect to my shares with my domain account. Even the top and ps commands seem to hang. security = domain I had this same issue with security=domain. Changing to security=ads fixed the problem. It seems that domain mode requires a complete list of users, whereas ads mode is quite happy to look up single users as and when required. No difference here with ADS instead of Domain. winbind is nearly unusable. $ wbinfo -t checking the trust secret via RPC calls succeeded $ wbinfo -g [nothing/timeout or Error looking up domain groups] other terminal: $ wbinfo -p Ping to winbindd failed on fd -1 could not ping winbindd! And that's it. I have to kill the winbindd proccess to get it running again. If I avoid to request the whole user/group list, winbind is doing ok, but getting the directory listing of a dir with 4 files which belong to domain user sometimes take 30-60 seconds. At the moment I'm feeling not very confident with winbind in our environment. Maybe I should stick with 'security = server' and live with the downside to add local user/groups... An other thing I do not quite understand: until now I used 'force group = +ve' to force the group ownership of a file. This is not working for the test share I created. In the samba logfile I see ' Forced group ve', but the file belongs to the domain group. -rw-rw 1 ralfgro domain users 0 2007-01-25 10:50 bar.txt I also found that security=domain would not reliably detect changes to group membership. Sometimes reloading winbind would bring the changes through, sometimes it wouldn't. Again, changing to security=ads fixed this. I have a local unix account ralfgro that has uid 50789 and a domain account that is mapped to uid 7. So ralfgro == 50789 and domain == 7 If I now copy files to the server using smbclient they are created with my domain uid. Correct, as smbclient is connecting with uid 7. If I create files with an editor on the local fs (vim) they have the uid of my unix account. Correct, assuming you're logged on as ralfgro at the time. Is this the way it should be? I ask this, because an old server should be migrate to this new hardware and there are many unix accounts and much data that already belong to users. The old server has never been member of this domain, only 'security = server' was used for authentication. The only way you can fix this is to make sure that each domain account is mapped to the same UID as the local user. There are a number of ways of doing this, check the Samba manual for details. Can you gibe me a hint where I can find this in the manual/howto. Maybe I'm just using the wrong search terms. It may be easier to use SMB for authentication as well, so that the UNIX users no longer log in with their local username, but the SMB username (which in your case would mean you'd be logging on with UID 7.) This way you wouldn't need to manually map any domain accounts to UIDs. I've to look a bit deeper in the authentication documentation. I want to avoid that all domain members are able to log in this box. This server is a multi purpose server (cvs, svn, apache, samba). For samba I want to be able to authenticate against ADS and use existing AD users/groups. Certain users should also get an local home directory on that server. For cvs, ssh... it would be nice to use AD too, but I could not find out how I can restrict the login to certain domain users. I think this is a pam issue. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] domain/unix groups and valid users parameter
Hi, I want to switch from 'security = server' to 'security = ADS'. Kerberos is working and I can login to the server. With Samba 3.0.22 I was able to restrict access to shares with the 'valid users' directive. ve is local unix group. valid users = +ve And force the group ownership with the 'force group' directive. force group = +ve [foo] comment = foo writable = yes force create mode = 0660 create mask = 0660 force directory mode = 2770 directory security mask = 2770 force directory security mode = directory mask = 2770 force security mode = force group = +ve security mask = 0770 path = /projekte/foo valid users = +ve vfs objects = extd_audit If I now try to connect to share foo, I get Domain=[EMEA] OS=[Unix] Server=[Samba 3.0.23d] tree connect failed: NT_STATUS_ACCESS_DENIED And in the samba log: [2007/01/25 13:14:49, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid +ve does not start with 'S-'. [...] [2007/01/25 13:14:49, 2] smbd/service.c:make_connection_snum(580) user 'EMEA\ralfgro' (from session setup) not permitted to access this share (foo) I tried differnt settings for 'valid users' that I found in the list archives. No change. +Unix Group\ve +Unix Group\ve +BUILTIN\ve ... Then I mapped the Unix group ve to a SID (net groupmap add unixgroup=ve type=local): $ net groupmap list ve (S-1-5-21-939576472-3938481725-970578208-1001) - ve afs (S-1-5-21-939576472-3938481725-970578208-1003) - afs Administrators (S-1-5-32-544) - 1 Users (S-1-5-32-545) - 10001 Still the same error. [2007/01/25 13:20:14, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid +ve does not start with 'S-'. [...] [2007/01/25 13:20:14, 2] smbd/service.c:make_connection_snum(580) user 'EMEA\ralfgro' (from session setup) not permitted to access this share (foo) I'm new to winbind and AD, I'm not an AD/Domain/Win Admin, I'm only responsible for some linux workstations/server. My goals: * use AD user/groups for authentication * use AD user/groups for permissions (valid users/force group...) * use local unix user/groups for samba authentication and permissions * later - use AD for ssh/cvs access In the paste I had to create a local unix account for every user, thus I already have a bunch of local unix users that also exist in the AD. They already own many file, so it would be nice if I could map a existing UID to a SID. For example user ralfgro is in the local /etc/passwd and in the AD. If I login the first time with smbclient, a new UID-SID mapping is created. Thus files that belong to ralfgro have different ownership (old UID, new UID/SID). I'm a bit lost a the moment on how to migrate from my old style of config/usage to the new, hopefully more elegant, winbind/AD style. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind - timeouts in domain with 100000 domain users
Hi, I'm trying out samba with winbind. The domain has 10 users and I'm having some problems with the wbinfo and getent programs. The server is domain member and running debin etch (x86_64) with samba-3.0.23d. idmap uid = 7-30 idmap gid = 7-30 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes template shell = /bin/false security = domain $ wbinfo -i emea\\ralfgro ralfgro:*:7:7:Gross, Ralf:/home/EMEA/ralfgro:/bin/false $ wbinfo -t checking the trust secret via RPC calls succeeded $ id -a ralfgro ...long timeout $ getent passwd [local unix users] ...long timeout Sometimes I get back the list of domain users, but this happens only rarely. During the these commands I can't connect to my shares with my domain account. Even the top and ps commands seem to hang. session setup failed: Call timed out: server did not respond after 2 milliseconds If I do an 'ls -l' in a dirctory with files that belong to a doamin user, it sometimes takes ages to return the file list. I have a local unix account ralfgro that has uid 50789 and a domain account that is mapped to uid 7. If I now copy files to the server using smbclient they are created with my domain uid. If I create files with an editor on the local fs (vim) they have the uid of my unix account. Is this the way it should be? I ask this, because an old server should be migrate to this new hardware and there are many unix accounts and much data that already belong to users. The old server has never been member of this domain, only 'security = server' was used for authentication. /etc/passwd ralfgro:x:50789:50789::/home/ralfgro:/bin/sh $ wbinfo -i emea\\ralfgro ralfgro:*:7:7:Gross, Ralf:/home/EMEA/ralfgro:/bin/false $ ls -l /tmp/foo insgesamt 48 -rw-r--r-- 1 ralfgro ralfgro 5 2007-01-22 14:13 test -rw-rw 1 ralfgro domain users 41180 2007-01-22 14:11 test2 $ ls -ln /tmp/foo insgesamt 48 -rw-r--r-- 1 50789 50789 5 2007-01-22 14:13 test -rw-rw 1 7 7 41180 2007-01-22 14:11 test2 Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind - timeouts in domain with 100000 domain users
Gerald (Jerry) Carter schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ralf Gross wrote: Hi, I'm trying out samba with winbind. The domain has 10 users and I'm having some problems with the wbinfo and getent programs. The server is domain member and running debin etch (x86_64) with samba-3.0.23d. idmap uid = 7-30 idmap gid = 7-30 winbind enum users = yes winbind enum groups = yes Is there any real reason that you have these enabled? From the smb.conf man page. Warning Turning off user enumeration may cause some programs to behave oddly. For example, the finger program relies on having access to the full user list when searching for matching usernames. Default: winbind enum users = no I tried both settings but I couldn't see any difference. This is with winbind enum users/groups = no $ wbinfo -t checking the trust secret via RPC calls succeeded $ wbinfo -i emea\\ralfgro ralfgro:*:7:7:Gross, Ralf:/home/EMEA/ralfgro:/bin/false $ wbinfo -u ...hangs ctrl-c $ wbinfo -i emea\\ralfgro Could not get info for user emea\ralfgro Tha main problem ist not that wbinfo doesn't return all users, it's the fact that winbind seems to be completely unaccessible afterwards. [2007/01/22 18:26:14, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine pipe \NETLOGON fnum 0x4015returned critical error. Error was Call timed out: server did not respond after 1 milliseconds [2007/01/22 18:26:16, 1] libsmb/clientgen.c:cli_rpc_pipe_close(376) cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x4015 to machine SSTRD010. Error was Call timed out: server did not respond after 1 milliseconds $ /etc/init.d/winbind stop Stopping the Winbind daemon: winbind. $ pgrep -l -f winbind 24262 /usr/sbin/winbindd -B 24263 /usr/sbin/winbindd -B $ pkill -9 winbindd $ pgrep -l -f winbind $ /etc/init.d/winbind start Starting the Winbind daemon: winbind. $ wbinfo -i emea\\ralfgro ralfgro:*:7:7:Gross, Ralf:/home/EMEA/ralfgro:/bin/false winbind didn't respond until I killed the process and restarted the daemon. At the same time winbind hung on this system I could execute 'wbinfo -i emea\\ralfgro' on an other system with success. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Question about Solaris ZFS and ACLs
Hello, if I am right Samba 3.0.23d didn't support ACLs on Suns new filesystem ZFS. Will it be supported in the next Samba version 3.0.24? I found a discussion on samba-technical witch says that in the subversion tree support for ACLs on ZFS is available. (http://lists.samba.org/archive/samba-technical/2006-December/050604.html) But my tests on Solaris 10 X86 failed. I tried branch samba-3_0 and samba-3_0_24 (rev 20796) from subversion with configure option --with-acl-support with no success. With windows-explorer the security tab just says .. can't be viewed. The samba log says: [2007/01/16 11:14:57, 10] modules/vfs_solarisacl.c:solarisacl_sys_acl_get_file(72) solarisacl_sys_acl_get_file called for file 'test3.txt'. getting access acl [2007/01/16 11:14:57, 10] modules/vfs_solarisacl.c:solaris_acl_get_file(582) solaris_acl_get_file called for file 'test3.txt' [2007/01/16 11:14:57, 10] modules/vfs_solarisacl.c:solaris_acl_get_file(592) acl GETACLCNT failed: Operation not applicable [2007/01/16 11:14:57, 10] modules/vfs_solarisacl.c:solaris_acl_get_file(609) solaris_acl_get_file failed. [2007/01/16 11:14:57, 10] modules/vfs_solarisacl.c:solarisacl_sys_acl_get_file(94) solarisacl_sys_acl_get_file failed. Any advice about this topic would be appreciated. Best regards, Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can't connect to Samba share when using security = server
Hello, when I try to connect from Client-1 (Windows 2003 Server with AD-Server) to a share on Samba-Server-1 (security = server, password server = Samba-Server-2) I got the error No network provider accepted the given network path. There is no popup for the login information. If I try to access the share from a PC running Windows XP Professional everything works without any problems (after giving my credentials). Even when I change the configuration of Samba-Server-1 to security = user and copy the accout info from smbpasswd file from Samba-Server-2 to Samba-Server-1 I can connect to the share. So the problem seems to be with the authentication forwarding. (All Samba-servers work like expected except if i try to conect from Client-1 with Windows 2003 Server and AD to Samba-Server-1). Name: Client-1 OS: Windows 2003 Server AD-Server for Domain A Name: Samba-Server-1 OS: Solaris 10 with Samba 3.0.23b Samba-configuration: security = server password server = Samba-Server-2 Name: Samba-Server-2 OS: Solaris 10 with Samba 3.0.23b Configured as an PDC for Domain B Hope someone can help, Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with PRODUCTION machine, please respond quickly!!
Sander van Harmelen said: [2006/08/04 10:58:55, 1] smbd/posix_acls.c:store_inheritance_attributes(252) store_inheritance_attribute: Error Permission denied But I'm the owner of the file?! Did you check the ACL's of this file with getfacl? RAlf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] new 'msdfs root = yes' default value (was 3.0.23 - different errors on solaris 8)
Me said: Even if I uncomment all lines starting with vfs... I get the errors. do_list: [\*] NT_STATUS_OBJECT_PATH_NOT_FOUND Error in dskattr: NT_STATUS_OBJECT_PATH_NOT_FOUND Update: This error seems only to occure with smblient! After upgrading samba I usually let the new smbd first run on port so that I can test it with smbclient -p . I didn't check 3.023(a) with windows due to the problem I encountered with smbclient. Now I checked 3.0.23a with a windows client too, and have no problems to get the directory listing! smbclient 3.0.23(a) on Solaris and smbclient 3.0.22 on Ubuntu both fail to get the listing with the NT_STATUS_OBJECT_PATH_NOT_FOUND error. smblcient 3.0.10-1.fc3 (fedora core3) and 3.0.14a-Debian are both working! I opend bug 3972. If I explicitly add 'msdfs root = no' to my smb.conf, I have no problem to access shares with smblcient - regardless of which smbclient version I use. The server does not use a dfs tree and I didn't use any dfs option before. It is mentioned in the 3.0.23(a) release notes, that the default value for 'msdfs root' now has changed. http://www.samba.org/samba/history/samba-3.0.23a.html ... msdfs root Changed default Yes Is it the expected behavior of recent smbclient versions to give the NT_STATUS_OBJECT_PATH_NOT_FOUND error message if _no_ msdfs option is set in the smb.conf file? Thus I have to add this option even if I don't use dfs at all? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.23 - different errors on solaris 8 (Error in dskattr...)
Me said: The VFS interface changed. Did you recompile and reinstall the vfs_extd_audiit.so library? Do you get a failure without any VFS modules loaded? I have this file under /local/samba3023a/lib/vfs (my install prefix) -rwxr-xr-x 1 root root13280 Jul 24 14:10 extd_audit.so But I couldn't find a vfs_extd_audiit.so file. I compiled 3.0.23 from source with this configure options: ./configure --with-acl-support --prefix=/usr/local/samba3022-test --with-quotas --with-included-popt --without-ldap --with-vfs --enable-socket-wrapper Anything more I have to do to reinstall the vfs lib? Even if I uncomment all lines starting with vfs... I get the errors. do_list: [\*] NT_STATUS_OBJECT_PATH_NOT_FOUND Error in dskattr: NT_STATUS_OBJECT_PATH_NOT_FOUND Update: This error seems only to occure with smblient! After upgrading samba I usually let the new smbd first run on port so that I can test it with smbclient -p . I didn't check 3.023(a) with windows due to the problem I encountered with smbclient. Now I checked 3.0.23a with a windows client too, and have no problems to get the directory listing! smbclient 3.0.23(a) on Solaris and smbclient 3.0.22 on Ubuntu both fail to get the listing with the NT_STATUS_OBJECT_PATH_NOT_FOUND error. smblcient 3.0.10-1.fc3 (fedora core3) and 3.0.14a-Debian are both working! I opend bug 3972. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.23 - different errors on solaris 8 (Error in dskattr...)
Ralf Gross said: Gerald (Jerry) Carter said: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ralf Gross wrote: After 'make install', I can still login, but smbclient gives me an error message if I try to list the content of a directory: Domain=[ERS] OS=[Unix] Server=[Samba 3.0.23] smb: \ ls do_list: [\*] NT_STATUS_OBJECT_PATH_NOT_FOUND Error in dskattr: NT_STATUS_OBJECT_PATH_NOT_FOUND ... vfs_extd_audit: opendir . ^^ Intermediate not found bang error packet at smbd/trans2.c(2919) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_PATH_NOT_FOUND I still have exactly the same problems with 3.0.23a. To be sure that no updates to my Solaris 8 broke something since compiling 3.0.22, I recompiled 3.0.22. But this is still woking fine! Thus there must be something with 3.0.23X that's not working with Solaris 8 here. The VFS interface changed. Did you recompile and reinstall the vfs_extd_audiit.so library? Do you get a failure without any VFS modules loaded? I have this file under /local/samba3023a/lib/vfs (my install prefix) -rwxr-xr-x 1 root root13280 Jul 24 14:10 extd_audit.so But I couldn't find a vfs_extd_audiit.so file. I compiled 3.0.23 from source with this configure options: ./configure --with-acl-support --prefix=/usr/local/samba3022-test --with-quotas --with-included-popt --without-ldap --with-vfs --enable-socket-wrapper Anything more I have to do to reinstall the vfs lib? Even if I uncomment all lines starting with vfs... I get the errors. do_list: [\*] NT_STATUS_OBJECT_PATH_NOT_FOUND Error in dskattr: NT_STATUS_OBJECT_PATH_NOT_FOUND Any more ideas about this? There must be something with 3.0.23(a), because 3.0.22 still compiles/runs without problems. I've no idea what theses errors are about. [-snip-] Linking nsswitch/libnss_wins.so ld: warning: option -o appears more than once, first setting taken [-snip-] Compiling groupdb/mapping.c with -fPIC Linking libsmbclient non-shared library bin/libsmbclient.a [-snip-] Compiling auth/auth_script.c with -fPIC Building plugin bin/script.so ld: warning: option -o appears more than once, first setting take [-snip-] Should I open a bug? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba