Re: [Samba] Samba_kcc error in /var/log/messages
On 10/12/2013 08:43 AM, George ITee wrote: Hello, I am getting these errors in /var/log/messages : Oct 12 16:36:15 sambadc samba[7147]: [2013/10/12 16:36:15.817541, 0] ../source4/dsdb/kcc/kcc_periodic.c:664(kccsrv_samba_kcc) Oct 12 16:36:15 sambadc samba[7147]: Calling samba_kcc script Oct 12 16:36:15 sambadc abrt: detected unhandled Python exception in '/usr/local/samba/sbin/samba_kcc' Oct 12 16:36:15 sambadc samba[7147]: [2013/10/12 16:36:15.959943, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler) Oct 12 16:36:15 sambadc samba[7147]: /usr/local/samba/sbin/samba_kcc: close failed in file object destructor: Oct 12 16:36:15 sambadc abrtd: New client connected Oct 12 16:36:15 sambadc abrtd: Directory 'pyhook-2013-10-12-16:36:15-7630' creation detected Oct 12 16:36:15 sambadc abrt-server[7633]: Saved Python crash dump of pid 7630 to /var/spool/abrt/pyhook-2013-10-12-16:36:15-7630 Oct 12 16:36:15 sambadc samba[7147]: [2013/10/12 16:36:15.973347, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler) Oct 12 16:36:15 sambadc samba[7147]: /usr/local/samba/sbin/samba_kcc: IOError: [Errno 10] No child processes Oct 12 16:36:15 sambadc samba[7147]: [2013/10/12 16:36:15.994361, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler) Oct 12 16:36:15 sambadc samba[7147]: /usr/local/samba/sbin/samba_kcc: close failed in file object destructor: Oct 12 16:36:15 sambadc samba[7147]: [2013/10/12 16:36:15.994469, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler) Oct 12 16:36:15 sambadc samba[7147]: /usr/local/samba/sbin/samba_kcc: IOError: [Errno 10] No child processes Oct 12 16:36:16 sambadc abrtd: Executable '/usr/local/samba/sbin/samba_kcc' doesn't belong to any package Oct 12 16:36:16 sambadc abrtd: 'post-create' on '/var/spool/abrt/pyhook-2013-10-12-16:36:15-7630' exited with 1 Oct 12 16:36:16 sambadc abrtd: Corrupted or bad directory '/var/spool/abrt/pyhook-2013-10-12-16:36:15-7630', deleting The thing is, these errors appear exactly every 5 minutes. The domain controller seems to be working fine in my test environment so far, but I don't recall seeing these errors with Samba 4.0.7. This was also with 4.0.9, now I just compiled 4.1.0 and the same thing. Any cause of concern, or is it just supposed to happen ? Thank you, George I asked the same question on dev list and never got an answer! Jonn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ID mapping not the same between servers - smb and nfs
We mount most of our share though samba but I a server that has the home directory mounted though nfs. The ID mappings are not the same. The server is joined to the domain. The domain has 2 samba4 servers and one win2k8r2 server. The 2 servers in question are CentOS 5.9 x86_64 and samba 3.6.19 from sernet. Any ideas? Jonn [global] workgroup = TAYLORTELEPHONE realm = TAYLORTELEPHONE.COM server string = interfaces = eth1, lo security = ADS log file = /var/log/samba/log.%m server signing = auto lpq cache time = 20 printcap name = /etc/printcap wins server = 192.168.173.3, 192.168.173.4 template homedir = /home/%U template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes winbind offline logon = Yes idmap config * : range = 500-400 idmap config TAYLORTELEPHONE:range = 500-400 idmap config TAYLORTELEPHONE:backend = rid idmap config * : backend = tdb2 admin users = @TAYLORTELEPHONE\Domain Admins inherit acls = Yes map acl inherit = Yes max print jobs = 100 printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j [printers] comment = All Printers path = /clustershare/printers guest ok = Yes printable = Yes print ok = Yes browseable = No [print$] comment = Printer Drivers path = /clustershare/drivers read only = No drwxrwx--- 14 1607 domain admins 3864 Sep 26 09:39 /etc/fstab shr01:/home /home nfs rw,sync,hard,intr 0 0 CTDB file cluster [global] workgroup = TAYLORTELEPHONE realm = TAYLORTELEPHONE.COM netbios name = SHR01 server string = Cluster Share interfaces = eth0, eth1, lo security = ADS private dir = /clusterdata/ctdb log file = /var/log/samba/log.%m server signing = auto lpq cache time = 20 clustering = Yes printcap name = /etc/printcap wins support = Yes template homedir = /home/%U template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes winbind offline logon = Yes idmap config * : range = 500-400 idmap config TAYLORTELEPHONE:range = 500-400 idmap config TAYLORTELEPHONE:backend = rid idmap config * : backend = tdb2 admin users = @TAYLORTELEPHONE\Domain Admins inherit acls = Yes map acl inherit = Yes max print jobs = 100 printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j drwxrwx--- 14 domain admins 3864 Sep 26 09:39 /etc/exports /clusterdata/home(sync,no_root_squash,rw) On all servers /etc/nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc:files services: files netgroup: files publickey: nisplus automount: files aliases:files nisplus sudoers: files ldap -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] vfs_recycle folder limit management
On 09/26/2013 09:24 AM, Kevin Field wrote:
On 2013-09-26 10:20 AM, Taylor, Jonn wrote:
On 09/26/2013 08:47 AM, Kevin Field wrote:
Hi all,
Running SerNet Samba 4.0.9 on CentOS 6.4 serving as an AD DC and
fileshare for XP clients.
Added recycler per the example at
https://wiki.samba.org/index.php/Frequently_Asked_Questions to my
smb.conf. Works great.
My concern is that the recycle dir will eventually grow large.
vfs_recycle's docs mention a parameter for limiting individual file
sizes, but what's a best practice to prevent the whole recycle folder
from growing too large? Cronjob to delete old files when the total is
past a certain size? Anyone have a script handy? (I'm hoping I'm not
the only one with this problem :) Seems like it would be a common
concern...)
Thanks,
Kev
I use a script to cleanup the deleted files and run it daily with cron.
cat /usr/bin/cleanupold
#!/bin/bash
find /var/share/.recycle/* -mtime +30 -exec rm {} \;
In /var/spool/cron/root
@daily/usr/bin/cleanupold /dev/null 21 #Cleanup old audio files
Jonn
Thanks John, but I meant more so is there a way to have it look at the
total size of the recycle dir too? I.e. only delete stale files when
it needs to to stay within a limit, and also even delete not-so-stale
files if it needs to because there have been too many GB deleted
lately to keep 30 days worth (or whatever) around?
Thanks again,
Kev
This will find files larger than 50MB.
find /var/share/.recycle/* -type f -size +5k -exec rm {} \;
Look at the man pages for find to get more options.
Jonn
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] vfs_recycle folder limit management
On 09/26/2013 09:44 AM, Kevin Field wrote:
On 2013-09-26 10:37 AM, Taylor, Jonn wrote:
On 09/26/2013 09:24 AM, Kevin Field wrote:
On 2013-09-26 10:20 AM, Taylor, Jonn wrote:
On 09/26/2013 08:47 AM, Kevin Field wrote:
Hi all,
Running SerNet Samba 4.0.9 on CentOS 6.4 serving as an AD DC and
fileshare for XP clients.
Added recycler per the example at
https://wiki.samba.org/index.php/Frequently_Asked_Questions to my
smb.conf. Works great.
My concern is that the recycle dir will eventually grow large.
vfs_recycle's docs mention a parameter for limiting individual file
sizes, but what's a best practice to prevent the whole recycle folder
from growing too large? Cronjob to delete old files when the
total is
past a certain size? Anyone have a script handy? (I'm hoping I'm
not
the only one with this problem :) Seems like it would be a common
concern...)
Thanks,
Kev
I use a script to cleanup the deleted files and run it daily with
cron.
cat /usr/bin/cleanupold
#!/bin/bash
find /var/share/.recycle/* -mtime +30 -exec rm {} \;
In /var/spool/cron/root
@daily/usr/bin/cleanupold /dev/null 21 #Cleanup old audio
files
Jonn
Thanks John, but I meant more so is there a way to have it look at the
total size of the recycle dir too? I.e. only delete stale files when
it needs to to stay within a limit, and also even delete not-so-stale
files if it needs to because there have been too many GB deleted
lately to keep 30 days worth (or whatever) around?
Thanks again,
Kev
This will find files larger than 50MB.
find /var/share/.recycle/* -type f -size +5k -exec rm {} \;
Look at the man pages for find to get more options.
Jonn
Hmm...that's a bit closer, but not exactly. Maybe I described it
better on stackexchange...let me copy:
I found tmpwatch, but it's only time-based. What I'd like the system to
do is keep files as long as it reasonably can, i.e., without too much
space being taken up. The flip side is that I also don't want it keeping
files too long if it means running out of space. Thus I'm looking for
something with roughly this thinking:
1. if bin_size limit then quit
2. delete oldest file in bin
3. goto 1.
Of course there may be a more efficient algorithm, and it could be
tweaked to prefer deleting bigger files unless they're past a certain
age so that a big delete doesn't unnecessarily result in the pruning of
a bunch of older-but-not-too-old small files.
[/quote]
Maybe I'm getting too complicated?
Thanks,
Kev
This should get you going. https://bbs.archlinux.org/viewtopic.php?id=69864
Jonn
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] vfs_recycle folder limit management
On 09/26/2013 08:47 AM, Kevin Field wrote:
Hi all,
Running SerNet Samba 4.0.9 on CentOS 6.4 serving as an AD DC and
fileshare for XP clients.
Added recycler per the example at
https://wiki.samba.org/index.php/Frequently_Asked_Questions to my
smb.conf. Works great.
My concern is that the recycle dir will eventually grow large.
vfs_recycle's docs mention a parameter for limiting individual file
sizes, but what's a best practice to prevent the whole recycle folder
from growing too large? Cronjob to delete old files when the total is
past a certain size? Anyone have a script handy? (I'm hoping I'm not
the only one with this problem :) Seems like it would be a common
concern...)
Thanks,
Kev
I use a script to cleanup the deleted files and run it daily with cron.
cat /usr/bin/cleanupold
#!/bin/bash
find /var/share/.recycle/* -mtime +30 -exec rm {} \;
In /var/spool/cron/root
@daily/usr/bin/cleanupold /dev/null 21 #Cleanup old audio files
Jonn
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6.15 Not honouring create mode
Using samba 3 as cluster share for many years now and we now need to for the create mode on files. This seems to not be working in3.6.15. Here is my config [global] workgroup = TAYLORTELEPHONE realm = TAYLORTELEPHONE.COM netbios name = SHR01 server string = Cluster Share interfaces = eth0, eth1, lo security = ADS private dir = /clusterdata/ctdb log file = /var/log/samba/log.%m server signing = auto lpq cache time = 20 clustering = Yes printcap name = /etc/printcap wins server = 192.168.173.16 template homedir = /home/%U template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes winbind offline logon = Yes idmap config * : range = 500-400 idmap config TAYLORTELEPHONE:range = 500-400 idmap config TAYLORTELEPHONE:backend = rid idmap config * : backend = tdb2 admin users = @TAYLORTELEPHONE\Domain Admins inherit acls = Yes map acl inherit = Yes max print jobs = 100 printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j [share] comment = Share Data path = /clustershare/share force user = root force group = Domain Admins read only = No force create mode = 660 force directory mode = 770 vfs objects = recycle recycle:directory_mode = 770 recycle:versions = yes recycle:keeptree = yes recycle:noversions = *.doc|*.xls|*.ppt recycle:excludedir = /tmp|/temp|/cache recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|~*.tmp recycle:repository = .recycle After a file or directory is created this is what I get. drwxrwx--- 28 root domain admins 2048 Sep 26 11:57 . drwxr-xr-x 8 root root 3864 May 7 21:00 .. drwxrwxr-x 2 root domain admins 3864 Sep 26 11:57 test -rwxrw-r-- 1 root domain admins 0 Sep 26 12:03 test.txt Jonn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.15 Not honouring create mode
On 09/26/2013 01:18 PM, Jeremy Allison wrote: On Thu, Sep 26, 2013 at 12:08:39PM -0500, Taylor, Jonn wrote: Using samba 3 as cluster share for many years now and we now need to for the create mode on files. This seems to not be working in3.6.15. [share] comment = Share Data path = /clustershare/share force user = root force group = Domain Admins read only = No force create mode = 660 force directory mode = 770 vfs objects = recycle recycle:directory_mode = 770 recycle:versions = yes recycle:keeptree = yes recycle:noversions = *.doc|*.xls|*.ppt recycle:excludedir = /tmp|/temp|/cache recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|~*.tmp recycle:repository = .recycle After a file or directory is created this is what I get. drwxrwx--- 28 root domain admins 2048 Sep 26 11:57 . drwxr-xr-x 8 root root 3864 May 7 21:00 .. drwxrwxr-x 2 root domain admins 3864 Sep 26 11:57 test -rwxrw-r-- 1 root domain admins 0 Sep 26 12:03 test.txt You're using it wrong. force create mode is in minimal set of bits you'll get on a create. You're getting those. You want to add create mask to remove the bits you don't want. Remember also that the client can always come along after create and change the mode bits also. Jeremy. Thanks, that fixed it. create mask = 0660 directory mask = 0770 Jonn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Sernet Samba-4 Howto for Centos 6.4
He was asking about samba 4 packages not samba 3. https://download.sernet.de/pub/samba/4.0/README.txt On 07/02/2013 08:36 AM, Masopust, Christian wrote: Hi, that's pretty easy: simply add the sernet.repo (https://download.sernet.de/pub/samba/3.6/centos/6/sernet-samba.repo) to your /etc/yum.repos.d/ and run a yum install samba3. The packages from SerNet are built that (clever) way to replace the original CentOS packages without problems. As far as I remember, the only thing to be done afterwards is enabling the services. br, christian -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von schmero...@gmail.com Gesendet: Dienstag, 02. Juli 2013 13:23 An: samba@lists.samba.org Betreff: [Samba] Sernet Samba-4 Howto for Centos 6.4 I have registered at https://portal.enterprisesamba.com, but am unclear regarding which packages to install for a fully functioning samba4 installation, or if there are prerequisites such as krb5. I am starting with a minimal install of Centos 6.4. I can make some reasonably educated guesses, but don't want to miss something important. Anyone know if there is a step by step howto for installing samba4 on Centos using the Sernet repository? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Latest winbind creating fault
On 05/02/2013 04:05 AM, Bjoern Baumbach wrote: Dear Dimitri, thank you for reporting this issue. Unfortunately your posted backtrace does not include the needed debug symbols. To get these information you can install the SerNet samba3-debuginfo package on your system. After the installation you can run the following to get a full backtrace: gdb /usr/sbin/winbindd var/log/samba/cores/winbindd (gdb) bt full Best regards, Björn Baumbach On 05/01/2013 02:24 PM, Dimitri Yioulos wrote: All, Yesterday morning, I updated samba from samba3-3.6.13-45 to samba3-3.6.14-45 (obtained from sernet) on a couple of CentOS 5.9 boxes. As soon as users started access these boxes, one of my sensors detected a winbind error, as in: Apr 30 08:19:36 norwell winbindd[13283]: INTERNAL ERROR: Signal 11 in pid 13283 (3.6.14) Here's what appears in syslog: Apr 30 08:19:36 norwell winbindd[8938]: [2013/04/30 08:19:36.667710, 0] lib/fault.c:47(fault_report) Apr 30 08:19:36 norwell winbindd[8938]: === Apr 30 08:19:36 norwell winbindd[8938]: [2013/04/30 08:19:36.670612, 0] lib/fault.c:48(fault_report) Apr 30 08:19:36 norwell winbindd[8938]: INTERNAL ERROR: Signal 11 in pid 8938 (3.6.14) Apr 30 08:19:36 norwell winbindd[8938]: Please read the Trouble-Shooting section of the Samba3-HOWTO Apr 30 08:19:36 norwell winbindd[8938]: [2013/04/30 08:19:36.671113, 0] lib/fault.c:50(fault_report) Apr 30 08:19:36 norwell winbindd[8938]: Apr 30 08:19:36 norwell winbindd[8938]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf Apr 30 08:19:36 norwell winbindd[8938]: [2013/04/30 08:19:36.671456, 0] lib/fault.c:51(fault_report) Apr 30 08:19:36 norwell winbindd[8938]: === Apr 30 08:19:36 norwell winbindd[8938]: [2013/04/30 08:19:36.671683, 0] lib/util.c:1117(smb_panic) Apr 30 08:19:36 norwell winbindd[8938]: PANIC (pid 8938): internal error Apr 30 08:19:36 norwell winbindd[8938]: [2013/04/30 08:19:36.675330, 0] lib/util.c:1221(log_stack_trace) Apr 30 08:19:36 norwell winbindd[8938]: BACKTRACE: 17 stack frames: Apr 30 08:19:36 norwell winbindd[8938]:#0 winbindd(log_stack_trace+0x2d) [0x31b655] Apr 30 08:19:36 norwell winbindd[8938]:#1 winbindd(smb_panic+0x7c) [0x31b787] Apr 30 08:19:36 norwell winbindd[8938]:#2 winbindd [0x30b8ce] Apr 30 08:19:36 norwell winbindd[8938]:#3 [0xd39420] Apr 30 08:19:36 norwell winbindd[8938]:#4 winbindd [0x23a080] Apr 30 08:19:36 norwell winbindd[8938]:#5 winbindd(_wbint_LookupRids+0x8a) [0x258d08] Apr 30 08:19:36 norwell winbindd[8938]:#6 winbindd [0x263596] Apr 30 08:19:36 norwell winbindd[8938]:#7 winbindd(winbindd_dual_ndrcmd+0x13a) [0x257a42] Apr 30 08:19:36 norwell winbindd[8938]:#8 winbindd [0x256a0c] Apr 30 08:19:36 norwell winbindd[8938]:#9 winbindd [0x32e432] Apr 30 08:19:36 norwell winbindd[8938]:#10 winbindd(tevent_common_loop_immediate+0x111) [0x32ceed] Apr 30 08:19:36 norwell winbindd[8938]:#11 winbindd(run_events_poll+0x3e) [0x32b095] Apr 30 08:19:36 norwell winbindd[8938]:#12 winbindd [0x32b80f] Apr 30 08:19:36 norwell winbindd[8938]:#13 winbindd(_tevent_loop_once+0x9d) [0x32bd2d] Apr 30 08:19:36 norwell winbindd[8938]:#14 winbindd(main+0xd32) [0x22e303] Apr 30 08:19:36 norwell winbindd[8938]: #15 /lib/libc.so.6(__libc_start_main+0xdc) [0xdc0ebc] Apr 30 08:19:36 norwell winbindd[8938]:#16 winbindd [0x22b111] Apr 30 08:19:36 norwell winbindd[8938]: [2013/04/30 08:19:36.677068, 0] lib/fault.c:372(dump_core) Apr 30 08:19:36 norwell winbindd[8938]: dumping core in /var/log/samba/cores/winbindd Apr 30 08:19:36 norwell winbindd[8938]: Unfortunately, I was unable to do any further debugging. This morning, I rolled back installation to samba3-3.6.13-45, and the problem has gone away. Bug in latest version on sernet? Dimitri I am having the same problem, CentOS 5.9 x86_64. There is no debug out, even with the package installed. May 5 09:42:24 pdc winbindd[31423]: [2013/05/05 09:42:24.846767, 0] lib/fault.c:47(fault_report) May 5 09:42:24 pdc winbindd[31423]: === May 5 09:42:24 pdc winbindd[31423]: [2013/05/05 09:42:24.847073, 0] lib/fault.c:48(fault_report) May 5 09:42:24 pdc winbindd[31423]: INTERNAL ERROR: Signal 11 in pid 31423 (3.6.14) May 5 09:42:24 pdc winbindd[31423]: Please read the Trouble-Shooting section of the Samba3-HOWTO May 5 09:42:24 pdc winbindd[31423]: [2013/05/05 09:42:24.847280, 0] lib/fault.c:50(fault_report) May 5 09:42:24 pdc winbindd[31423]: May 5 09:42:24 pdc winbindd[31423]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf May 5 09:42:24 pdc winbindd[31423]: [2013/05/05 09:42:24.847478, 0] lib/fault.c:51(fault_report) May 5 09:42:24 pdc winbindd[31423]: === May 5 09:42:24 pdc winbindd[31423]: [2013/05/05
Re: [Samba] EXTERNAL: Re: SAMBA bringing NFS server to a halt
Matthew, Can you post your smb.conf so we can see if any looks odd. Also when this happens look to see how many network connects you have with netstat. This may require a tcpdump that has been scrubbed of any sensitive data, if possible. Jonn On 03/06/2013 08:27 AM, Joseph, Matthew (EXP) wrote: Hello JAB, You need to understand that installing patches and upgrading servers is not a simple task when it comes to my situation. My first step is to try to figure out if it's a OS fault or if it can be fixed with modifying configurations of the OS or in this case Samba (or my configuration of Samba). You are making a lot of assumptions which is fine if that is what you choose to believe. It is a completely closed LAN with multiple layers of security so let's leave it at that. If the solution is to install patches then it is something I will look into but again that is a long process that I would prefer not to go into if it is not needed for this situation. -Original Message- From: Jonathan Buzzard [mailto:jonat...@buzzard.me.uk] Sent: Wednesday, March 06, 2013 10:12 AM To: Joseph, Matthew (EXP) Cc: samba@lists.samba.org Subject: RE: EXTERNAL: Re: [Samba] SAMBA bringing NFS server to a halt On Wed, 2013-03-06 at 08:28 -0500, Joseph, Matthew (EXP) wrote: Hello JAB, Thank you for taking the time to respond to this in a very helpful manner... If the SAMBA community does not care about helping someone with a wildly out of date server then they should state that before letting someone join the mailing list. Given you are running RHEL, you should have been over the last four years been reading the security bulletins for RHEL and responding to them appropriately. It should be apparent to any sensible person that the first step would be to check that my distribution does not have fixes for the problems that I am seeing. (hint I am 99% certain it does). This is a production server on a closed LAN which we don't have the option of upgrading it to RHEL 5.9 or greater in the near future. No lan is that closed. That you have no procedure for upgrading the OS on your server which suffers from a number of remote root security holes that require nothing more than a connection to your network is very bad practice. So with that being said, anyone have any experience with what I am dealing with? Read your distro release and security notes. I am 99% certain that this is a known problem that can be fixed by upgrading. JAB. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] about samba4 and external ldap and dns
On 02/07/2013 08:54 AM, Amaury Viera Hernández wrote: On 02/07/2013 08:53 AM, fe...@epepm.cupet.cu wrote: Could I use samba4 as a domain controller with and external ldap? Could I use samba4 as a domain controller with and external dns? samba4 as DC uses an internal ldap server, you can't change that. but you can use an external dns server: bind9 Felix. thanks, there is any documentation for using samba4 with an external bind9? https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Step_7:_Configure_DNS -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Build problem on RHEL 5.6
I built these on CentOS 5.6. http://www.taylortelephone.com/samba3x/ Jonn On 07/22/2011 01:03 AM, Nico Kadel-Garcia wrote: On Mon, Jul 18, 2011 at 7:13 PM, Manjit Trehan mtrehan...@gmail.com wrote: Hi, I'm trying to build Samba-3.5.9 on RHEL 5.6 and I'm getting several errors similar to the following: Start with the samba3x SRPM from RHEL 5 or Scientific Linux, to make sure you've installed all the dependencies: http://mirrors.kernel.org/redhat/redhat/linux/enterprise/5Server/en/os/SRPMS/samba3x-3.5.4-0.83.el5.src.rpm Then try building 3.5.9. And strongly consider jumping to RHEL 6 or Scientific Linux 6, there are interesting dependencies on the latest releases that are better resolved in a 4 years more recent base OS. It's been out long enough to be stable and have the edges worn off the new software changes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Build problem on RHEL 5.6
Just had to rework which patches needed to be done to 3.5.9. A lot of them had been merged into 3.5.8. I have an updated ctdb also. Jonn On 07/22/2011 02:28 PM, Nico Kadel-Garcia wrote: On Fri, Jul 22, 2011 at 11:39 AM, Taylor, Jonn jo...@taylortelephone.com wrote: I built these on CentOS 5.6. http://www.taylortelephone.com/samba3x/ Jonn Cool. What did you have to tweak from the RHEL samba3x SRPM's ? On 07/22/2011 01:03 AM, Nico Kadel-Garcia wrote: On Mon, Jul 18, 2011 at 7:13 PM, Manjit Trehan mtrehan...@gmail.com wrote: Hi, I'm trying to build Samba-3.5.9 on RHEL 5.6 and I'm getting several errors similar to the following: Start with the samba3x SRPM from RHEL 5 or Scientific Linux, to make sure you've installed all the dependencies: http://mirrors.kernel.org/redhat/redhat/linux/enterprise/5Server/en/os/SRPMS/samba3x-3.5.4-0.83.el5.src.rpm Then try building 3.5.9. And strongly consider jumping to RHEL 6 or Scientific Linux 6, there are interesting dependencies on the latest releases that are better resolved in a 4 years more recent base OS. It's been out long enough to be stable and have the edges worn off the new software changes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] S3 and CTDB errors in logs
I am seeing these errors every night in the logs. Should I be worried about any of them? The only thing I have noticed is slow log ons. Jonn CentOS 5.6 x86_64 Samba 3.5.8 CTDB 1.0.114 DRBD/GVFS - samba Begin **Unmatched Entries** auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) : 1 Time(s) auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups : 1 Time(s) lib/ctdbd_conn.c:170(ctdb_req_complete) msglen = 48 : 1 Time(s) lib/ctdbd_conn.c:339(ctdb_read_req) Received ctdb packet len=48, magic=4352, vers=1, gen=1283100187, op=1, reqid=6 : 1 Time(s) lib/ctdbd_conn.c:940(ctdbd_migrate) ctdbd_migrate: Sending ctdb packet len=324, magic=4352, vers=1, gen=0, op=0, reqid=6 : 1 Time(s) lib/dbwrap_ctdb.c:907(db_ctdb_record_destr) Unlocking db 386227600 key 1612 : 1 Time(s) lib/dbwrap_ctdb.c:959(fetch_locked_internal) Locking db 386227600 key 1612 : 2 Time(s) lib/dbwrap_ctdb.c:996(fetch_locked_internal) ctdb_data.dptr = (nil), dmaster = 4294967295 (0) : 1 Time(s) lib/messages.c:329(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) : 20 Time(s) lib/util_sock.c:474(read_fd_with_timeout) : 1 Time(s) lib/util_sock.c:731(read_smb_length_return_keepalive) got smb length of 68 : 19 Time(s) param/loadparm.c:7133(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf - /etc/samba/smb.conf last mod_time: Fri Jun 17 16:01:51 2011 : 20 Time(s) smbd/connection.c:31(yield_connection) Yielding connection to : 1 Time(s) smbd/oplock.c:895(init_oplocks) init_oplocks: initializing messages. : 20 Time(s) smbd/oplock_linux.c:224(linux_init_kernel_oplocks) Linux kernel oplocks enabled : 20 Time(s) smbd/process.c:1486(process_smb) got message type 0x81 of len 0x44 : 19 Time(s) smbd/process.c:1489(process_smb) Transaction 0 of length 72 (0 toread) : 19 Time(s) smbd/process.c:2406(smbd_process) Unable to get tcp info for CTDB_CONTROL_TCP_CLIENT: Transport endpoint is not connected : 20 Time(s) smbd/process.c:286(receive_smb_raw_talloc) receive_smb_raw: NT_STATUS_CONNECTION_RESET : 1 Time(s) smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(deadtime) 0x2b0fd6dcdf00 : 1 Time(s) smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(deadtime) 0x2b0fd6dd69e0 : 19 Time(s) smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(housekeeping) 0x2b0fd6e50420 : 1 Time(s) smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(housekeeping) 0x2b0fd6e5db20 : 19 Time(s) smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(keepalive) 0x2b0fd6e47180 : 1 Time(s) smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(keepalive) 0x2b0fd6e4c390 : 19 Time(s) smbd/reply.c:554(reply_special) netbios connect: name1=PDC0x20 name2=KT-DELL0x0 : 10 Time(s) smbd/reply.c:554(reply_special) netbios connect: name1=SHR01 0x20 name2=QBSERVER 0x0 : 9 Time(s) smbd/reply.c:565(reply_special) netbios connect: local=pdc remote=kt-dell, name type = 0 : 10 Time(s) smbd/reply.c:565(reply_special) netbios connect: local=shr01 remote=qbserver, name type = 0 : 9 Time(s) smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 : 1 Time(s) smbd/server.c:902(exit_server_common) Server exit (failed to receive smb request) : 1 Time(s) smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) : 1 Time(s) -- samba End - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CentOS 5.6 X86_64 install problem
On 05/18/2011 10:30 AM, Michael Wood wrote:
On 17 May 2011 22:46, de...@podoll.com wrote:
I am trying to install samba 4 on a CentOS 5.6 X86_64 with all update
installed following the directions from
http://wiki.samba.org/index.php/Samba4/HOWTO
Installed git and am able to use that to pull down latest version of samba
source code
ran ./configure.developer (can post output from this long file if needed)
Once that was done I ran the make command and got this at the end
[3364/3441] Linking default/source3/smbd/smbd
default/source3/libsamba3core.so: undefined reference to `cap_free'
default/source3/libsamba3core.so: undefined reference to `cap_set_flag'
default/source3/libsamba3core.so: undefined reference to `cap_get_proc'
default/source3/libsamba3core.so: undefined reference to `cap_set_proc'
collect2: ld returned 1 exit status
Waf: Leaving directory `/samba-master/bin'
Build failed: - task failed (err #1):
{task: cc_link epmd_7.o,server_98.o,msg_idmap_98.o - smbd}
make: *** [all] Error 1
I got the same errors trying to build on an old Ubuntu box. I believe
I got around it by disabling the --as-needed option passed to the
linker with the following patch to the top level wscript file:
diff --git a/wscript b/wscript
index 92c2594..93fc992 100755
--- a/wscript
+++ b/wscript
@@ -123,8 +123,8 @@ def configure(conf):
# strict as the strictest OS we support, so adding this here
# allows us to find problems on our development hosts faster.
# It also results in faster load time.
-if sys.platform != openbsd4:
-conf.env.asneeded_ldflags =
conf.ADD_LDFLAGS('-Wl,--as-needed', testflags=True)
+# if sys.platform != openbsd4:
+# conf.env.asneeded_ldflags =
conf.ADD_LDFLAGS('-Wl,--as-needed', testflags=True)
if not conf.CHECK_NEED_LC(-lc not needed):
conf.ADD_LDFLAGS('-lc', testflags=False)
I can provide a full output of the make if required also
I was able to install samba 4 following the same directions on this system
around a month or so ago but I am reinstalling to because I wanted to get a
clean version and make this one the PDC on the network because it is a
physical system not virtual like the current samba 4 PDC I have running
right now.
Compiles fine on Debian Lenny with current git.
Jonn
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CentOS 5.6 X86_64 install problem
By default samba 3 and samba 4 are built. Use --disable-s3build to only
build samba 4. There is also a how to that someone did for CentOS, just
search the archives for it.
Jonn
On 05/17/2011 03:46 PM, de...@podoll.com wrote:
I am trying to install samba 4 on a CentOS 5.6 X86_64 with all update
installed following the directions from
http://wiki.samba.org/index.php/Samba4/HOWTO
Installed git and am able to use that to pull down latest version of
samba source code
ran ./configure.developer (can post output from this long file if needed)
Once that was done I ran the make command and got this at the end
[3364/3441] Linking default/source3/smbd/smbd
default/source3/libsamba3core.so: undefined reference to `cap_free'
default/source3/libsamba3core.so: undefined reference to `cap_set_flag'
default/source3/libsamba3core.so: undefined reference to `cap_get_proc'
default/source3/libsamba3core.so: undefined reference to `cap_set_proc'
collect2: ld returned 1 exit status
Waf: Leaving directory `/samba-master/bin'
Build failed: - task failed (err #1):
{task: cc_link epmd_7.o,server_98.o,msg_idmap_98.o - smbd}
make: *** [all] Error 1
I can provide a full output of the make if required also
I was able to install samba 4 following the same directions on this
system around a month or so ago but I am reinstalling to because I
wanted to get a clean version and make this one the PDC on the network
because it is a physical system not virtual like the current samba 4
PDC I have running right now.
Derek
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CentOS 5.6 X86_64 install problem
Make sure that these packages are installed. This is what it takes to
compile samba 3.
BuildRequires: pam-devel, readline-devel, ncurses-devel, libacl-devel,
krb5-devel, openldap-devel, openssl-devel, cups-devel
BuildRequires: autoconf, gawk, gtk2-devel, libcap-devel, keyutils-libs-devel
I have had some problems compiling s3/s4 on CentOS 5.6. I finally
decided to run Debian Lenny in a VM on the same server that I wanted s4
on. I use samba3x on CentOS for file sharing and auth is done to the s4
on Lenny. Works great.
Jonn
On 05/17/2011 06:00 PM, de...@podoll.com wrote:
John
Thank you for the quick reply on this trying that now
here is what I have tried ./configure.developer --disable-s3build
returns
waf [command] [options]
Main commands (example: ./waf build -j4)
build : build all targets
clean : removes the build files
configure : configures the project
ctags : build 'tags' file using ctags
dist: makes a tarball for distribution
distcheck : test that distribution tarball builds and installs
distclean : removes the build directory
etags : build TAGS file using etags
install : installs the build files
pydoctor: build python apidocs
reconfigure : reconfigure if config scripts have changed
test: Run the test suite (see test options below)
testonly: run tests without doing a build first
uninstall : removes the installed files
wafdocs : build wafsamba apidocs
wildcard_cmd: called on a unknown command
waf: error: no such option: --disable-s3build
next I tried running ./configure.developer then make --disable-s3build
this also fails with make: unrecognized option `--disable-s3build'
Looked around on the internet and found this information
--- script/installsamba4.sh (revision 2813)
+++ script/installsamba4.sh (working copy)
@@ -280,17 +280,8 @@
pushd samba4
error_check $? samba4 setup
# this is a temporary hack while we try to support both git and samba
# alpha 15 tarball. the tarball doesn't know --disable-s3build and
# samba git won't currently build without --disable-s3build
because of
# https://bugzilla.samba.org/show_bug.cgi?id=8113
if test -z $TARPATH; then
./configure.developer -C --prefix=$SAMBA_PREFIX --disable-s3build
error_check $? samba4 git configure
else
./configure.developer -C --prefix=$SAMBA_PREFIX
error_check $? samba4 configure
fi
./configure.developer -C --prefix=$SAMBA_PREFIX
error_check $? samba4 git configure
echo Step2: Compile Samba4 (Source)
$MAKE -j
this ran fine on system but same results it is still trying to compile
samba3 code.
Can you think of anything I can try right now I am currently
downloading the rsync of samba4 just to see if that makes any
difference from the git source I have
Derek
On Tue, 17 May 2011 16:23:40 -0500, Taylor, Jonn wrote:
By default samba 3 and samba 4 are built. Use --disable-s3build to only
build samba 4. There is also a how to that someone did for CentOS, just
search the archives for it.
Jonn
On 05/17/2011 03:46 PM, de...@podoll.com wrote:
I am trying to install samba 4 on a CentOS 5.6 X86_64 with all update
installed following the directions from
http://wiki.samba.org/index.php/Samba4/HOWTO
Installed git and am able to use that to pull down latest version of
samba source code
ran ./configure.developer (can post output from this long file if
needed)
Once that was done I ran the make command and got this at the end
[3364/3441] Linking default/source3/smbd/smbd
default/source3/libsamba3core.so: undefined reference to `cap_free'
default/source3/libsamba3core.so: undefined reference to `cap_set_flag'
default/source3/libsamba3core.so: undefined reference to `cap_get_proc'
default/source3/libsamba3core.so: undefined reference to `cap_set_proc'
collect2: ld returned 1 exit status
Waf: Leaving directory `/samba-master/bin'
Build failed: - task failed (err #1):
{task: cc_link epmd_7.o,server_98.o,msg_idmap_98.o - smbd}
make: *** [all] Error 1
I can provide a full output of the make if required also
I was able to install samba 4 following the same directions on this
system around a month or so ago but I am reinstalling to because I
wanted to get a clean version and make this one the PDC on the network
because it is a physical system not virtual like the current samba 4
PDC I have running right now.
Derek
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade samba4 install
If the install's are not too old just update you git tree with git pull. Then do this from your root tree, you can no longer build from the source4 directory: make clean ./configure.developer --disable-s3build make Then make a backup copy of /usr/local/samba remove the following directiries rm -Rf /usr/local/samba/bin rm -Rf /usr/local/samba/sbin rm -Rf /usr/local/samba/include rm -Rf /usr/local/samba/modules rm -Rf /usr/local/samba/lib rm -Rf /usr/local/samba/share make install start samba If your installation is too old then you will need to use the upgradeprovision script, but I have never got it work. Jonn On 05/09/2011 10:52 AM, de...@podoll.com wrote: I have a install of samba4 that I have been using on my home network for testing with one PDC and BDC on the local network and a 3rd BDC located on another network with IPSEC tunnel between the two networks. The problem I have is all 3 servers are running different versions on the samba4 code I would like to get all the system on the same code level. Do any of you know an easy way to do this so I do not loose all the account and policy information in the PDC when I update it? either that or is there a backup method anyone would recommend before trying it preform any updates. System info below OS Centos 5.5 on all systems with bind installed to support dynamic updates Hardware local PDC and BDC run off of XENSERVER virtual machines from two different xenserver platforms Hardware offsite HP server Network connection between servers IPV6 with IPSEC tunnel running over internet using IPV6 Thank you for any help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] s3 winbind loosing kerbers ticket
Anyone??? On 05/02/2011 04:54 PM, Taylor, Jonn wrote: I also found this in the logs on both servers. [2011/05/02 16:52:01.425379, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module ldap already registered! [2011/05/02 16:52:01.496966, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module tdb already registered! [2011/05/02 16:52:01.569375, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module passdb already registered! [2011/05/02 16:52:01.641802, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module nss already registered! [2011/05/02 16:52:01.708285, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module rid already registered! [2011/05/02 16:52:01.774795, 0] lib/module.c:69(do_smb_load_module) Module '/usr/lib64/samba/idmap/rid.so' initialization failed: NT_STATUS_OBJECT_NAME_COLLISION [2011/05/02 16:52:01.836023, 1] winbindd/idmap.c:580(idmap_alloc_init) could not find idmap alloc module rid:TAYLORTELEPHONE=500-400 Jonn On 05/02/2011 12:14 PM, Taylor, Jonn wrote: I have 2 CentOS 5.6 x86_64 servers configured with with samba 3.5.4, CTDB, GFS and DRDB in an avtive,active cluster. After some time winbind looses the ticket. After this I have to do a net ads join on the server to get things going. The main DC is a windows 2003 server with SP2. I do have 2 more samba 4 DC's that I use for backup authentication only that run on debian 6 that are a VM. Not sure if they could be causing a problem or not. This is what I am seeing in the logs. winbindd/winbindd_util.c:289(trustdom_recv) Could not receive trustdoms : 240 Time(s) And [root@pdc ~]# wbinfo -t checking the trust secret for domain TAYLORTELEPHONE via RPC calls failed Could not check secret [root@pdc ~]# wbinfo -a someuser%password plaintext password authentication failed Could not authenticate user someuser%password with plaintext password challenge/response password authentication failed error code was NT_STATUS_ACCESS_DENIED (0xc022) error messsage was: Access denied Could not authenticate user someuser with challenge/response [root@pdc ~]# klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administra...@taylortelephone.com Valid starting ExpiresService principal 04/28/11 09:23:18 04/28/11 09:23:22 krbtgt/taylortelephone@taylortelephone.com renew until 04/28/11 09:23:22, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached And then if I do [root@pdc ~]# net ads join -Uadministrator%password Using short domain name -- TAYLORTELEPHONE Joined 'PDC' to realm 'taylortelephone.com' DNS update failed! [root@pdc ~]# wbinfo -a someuser%password plaintext password authentication succeeded challenge/response password authentication succeeded everything works again for awhile. samba3x-common-3.5.4-0.70.el5_6.1 samba3x-winbind-3.5.4-0.70.el5_6.1 samba3x-client-3.5.4-0.70.el5_6.1 samba3x-3.5.4-0.70.el5_6.1 [global] workgroup = TAYLORTELEPHONE realm = TAYLORTELEPHONE.COM server string = Cluster Share %L interfaces = eth0, lo security = ADS password server = 192.168.173.10 log file = /var/log/samba/samba3.log clustering = Yes wins server = 192.168.173.10 idmap backend = idmap_rid:TAYLORTELEPHONE=500-400 idmap uid = 500-400 idmap gid = 500-400 template homedir = /home/%U template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes winbind offline logon = Yes [apps] comment = Application Data path = /data/programs force user = root force group = Domain Admins read only = No inherit acls = Yes vfs objects = recycle recycle: config-files = /etc/samba/samba-recycle.conf [share] comment = Share Data path = /clusterdata/share force user = root force group = Domain Admins read only = No inherit acls = Yes vfs objects = recycle recycle: config-files = /etc/samba/samba-recycle.conf [home] comment = Home Directories path = /clusterdata/home read only = No [printers] comment = SMB Print Spool path = /var/spool/samba guest ok = Yes printable = Yes browseable = No [netlogon] comment = Network Logon Service path = /clusterdata/netlogon guest ok = Yes locking = No [profiles] comment = Profile Share path = /clusterdata/profiles read only = No inherit owner = Yes profile acls = Yes hide files = /desktop.ini/outlook*.lnk/*Briefcase*/ store dos attributes = Yes [print$] comment = Printer Drivers path = /var/lib/samba/drivers read only = No [root@pdc ~]# cat /etc/krb5.conf [libdefaults] default_realm = TAYLORTELEPHONE.COM
[Samba] s3 winbind loosing kerbers ticket
I have 2 CentOS 5.6 x86_64 servers configured with with samba 3.5.4,
CTDB, GFS and DRDB in an avtive,active cluster. After some time winbind
looses the ticket. After this I have to do a net ads join on the server
to get things going. The main DC is a windows 2003 server with SP2. I do
have 2 more samba 4 DC's that I use for backup authentication only that
run on debian 6 that are a VM. Not sure if they could be causing a
problem or not.
This is what I am seeing in the logs.
winbindd/winbindd_util.c:289(trustdom_recv) Could not receive trustdoms : 240
Time(s)
And
[root@pdc ~]# wbinfo -t
checking the trust secret for domain TAYLORTELEPHONE via RPC calls failed
Could not check secret
[root@pdc ~]# wbinfo -a someuser%password
plaintext password authentication failed
Could not authenticate user someuser%password with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_ACCESS_DENIED (0xc022)
error messsage was: Access denied
Could not authenticate user someuser with challenge/response
[root@pdc ~]# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administra...@taylortelephone.com
Valid starting ExpiresService principal
04/28/11 09:23:18 04/28/11 09:23:22
krbtgt/taylortelephone@taylortelephone.com
renew until 04/28/11 09:23:22, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
And then if I do
[root@pdc ~]# net ads join -Uadministrator%password
Using short domain name -- TAYLORTELEPHONE
Joined 'PDC' to realm 'taylortelephone.com'
DNS update failed!
[root@pdc ~]# wbinfo -a someuser%password
plaintext password authentication succeeded
challenge/response password authentication succeeded
everything works again for awhile.
samba3x-common-3.5.4-0.70.el5_6.1
samba3x-winbind-3.5.4-0.70.el5_6.1
samba3x-client-3.5.4-0.70.el5_6.1
samba3x-3.5.4-0.70.el5_6.1
[global]
workgroup = TAYLORTELEPHONE
realm = TAYLORTELEPHONE.COM
server string = Cluster Share %L
interfaces = eth0, lo
security = ADS
password server = 192.168.173.10
log file = /var/log/samba/samba3.log
clustering = Yes
wins server = 192.168.173.10
idmap backend = idmap_rid:TAYLORTELEPHONE=500-400
idmap uid = 500-400
idmap gid = 500-400
template homedir = /home/%U
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
winbind offline logon = Yes
[apps]
comment = Application Data
path = /data/programs
force user = root
force group = Domain Admins
read only = No
inherit acls = Yes
vfs objects = recycle
recycle: config-files = /etc/samba/samba-recycle.conf
[share]
comment = Share Data
path = /clusterdata/share
force user = root
force group = Domain Admins
read only = No
inherit acls = Yes
vfs objects = recycle
recycle: config-files = /etc/samba/samba-recycle.conf
[home]
comment = Home Directories
path = /clusterdata/home
read only = No
[printers]
comment = SMB Print Spool
path = /var/spool/samba
guest ok = Yes
printable = Yes
browseable = No
[netlogon]
comment = Network Logon Service
path = /clusterdata/netlogon
guest ok = Yes
locking = No
[profiles]
comment = Profile Share
path = /clusterdata/profiles
read only = No
inherit owner = Yes
profile acls = Yes
hide files = /desktop.ini/outlook*.lnk/*Briefcase*/
store dos attributes = Yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
read only = No
[root@pdc ~]# cat /etc/krb5.conf
[libdefaults]
default_realm = TAYLORTELEPHONE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
TAYLORTELEPHONE.COM = {
kdc = qbserver.taylortelephone.com:88
admin_server = qbserver.taylortelephone.com:749
default_domain = taylortelephone.com
}
[domain_realm]
.taylortelephone.com = TAYLORTELEPHONE.COM
taylortelephone.com = TAYLORTELEPHONE.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] s3 winbind loosing kerbers ticket
I also found this in the logs on both servers. [2011/05/02 16:52:01.425379, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module ldap already registered! [2011/05/02 16:52:01.496966, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module tdb already registered! [2011/05/02 16:52:01.569375, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module passdb already registered! [2011/05/02 16:52:01.641802, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module nss already registered! [2011/05/02 16:52:01.708285, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module rid already registered! [2011/05/02 16:52:01.774795, 0] lib/module.c:69(do_smb_load_module) Module '/usr/lib64/samba/idmap/rid.so' initialization failed: NT_STATUS_OBJECT_NAME_COLLISION [2011/05/02 16:52:01.836023, 1] winbindd/idmap.c:580(idmap_alloc_init) could not find idmap alloc module rid:TAYLORTELEPHONE=500-400 Jonn On 05/02/2011 12:14 PM, Taylor, Jonn wrote: I have 2 CentOS 5.6 x86_64 servers configured with with samba 3.5.4, CTDB, GFS and DRDB in an avtive,active cluster. After some time winbind looses the ticket. After this I have to do a net ads join on the server to get things going. The main DC is a windows 2003 server with SP2. I do have 2 more samba 4 DC's that I use for backup authentication only that run on debian 6 that are a VM. Not sure if they could be causing a problem or not. This is what I am seeing in the logs. winbindd/winbindd_util.c:289(trustdom_recv) Could not receive trustdoms : 240 Time(s) And [root@pdc ~]# wbinfo -t checking the trust secret for domain TAYLORTELEPHONE via RPC calls failed Could not check secret [root@pdc ~]# wbinfo -a someuser%password plaintext password authentication failed Could not authenticate user someuser%password with plaintext password challenge/response password authentication failed error code was NT_STATUS_ACCESS_DENIED (0xc022) error messsage was: Access denied Could not authenticate user someuser with challenge/response [root@pdc ~]# klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administra...@taylortelephone.com Valid starting ExpiresService principal 04/28/11 09:23:18 04/28/11 09:23:22 krbtgt/taylortelephone@taylortelephone.com renew until 04/28/11 09:23:22, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached And then if I do [root@pdc ~]# net ads join -Uadministrator%password Using short domain name -- TAYLORTELEPHONE Joined 'PDC' to realm 'taylortelephone.com' DNS update failed! [root@pdc ~]# wbinfo -a someuser%password plaintext password authentication succeeded challenge/response password authentication succeeded everything works again for awhile. samba3x-common-3.5.4-0.70.el5_6.1 samba3x-winbind-3.5.4-0.70.el5_6.1 samba3x-client-3.5.4-0.70.el5_6.1 samba3x-3.5.4-0.70.el5_6.1 [global] workgroup = TAYLORTELEPHONE realm = TAYLORTELEPHONE.COM server string = Cluster Share %L interfaces = eth0, lo security = ADS password server = 192.168.173.10 log file = /var/log/samba/samba3.log clustering = Yes wins server = 192.168.173.10 idmap backend = idmap_rid:TAYLORTELEPHONE=500-400 idmap uid = 500-400 idmap gid = 500-400 template homedir = /home/%U template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes winbind offline logon = Yes [apps] comment = Application Data path = /data/programs force user = root force group = Domain Admins read only = No inherit acls = Yes vfs objects = recycle recycle: config-files = /etc/samba/samba-recycle.conf [share] comment = Share Data path = /clusterdata/share force user = root force group = Domain Admins read only = No inherit acls = Yes vfs objects = recycle recycle: config-files = /etc/samba/samba-recycle.conf [home] comment = Home Directories path = /clusterdata/home read only = No [printers] comment = SMB Print Spool path = /var/spool/samba guest ok = Yes printable = Yes browseable = No [netlogon] comment = Network Logon Service path = /clusterdata/netlogon guest ok = Yes locking = No [profiles] comment = Profile Share path = /clusterdata/profiles read only = No inherit owner = Yes profile acls = Yes hide files = /desktop.ini/outlook*.lnk/*Briefcase*/ store dos attributes = Yes [print$] comment = Printer Drivers path = /var/lib/samba/drivers read only = No [root@pdc ~]# cat /etc/krb5.conf [libdefaults] default_realm = TAYLORTELEPHONE.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h
Re: [Samba] Domain Controller GPO
/etc/init.d/samba for CentOS or RedHat.
#!/bin/sh
#
# chkconfig: - 91 35
# description: Starts and stops the Samba daemon \
# used to provide SMB network services.
#
# pidfile: /usr/local/samba/var/run/samba4/smbd.pid
# config: /usr/local/samba/etc/samba4/smb.conf
SAMBA_NAME=samba
# Source function library.
if [ -f /etc/init.d/functions ] ; then
. /etc/init.d/functions
elif [ -f /etc/rc.d/init.d/functions ] ; then
. /etc/rc.d/init.d/functions
else
exit 1
fi
# Avoid using root's TMPDIR
unset TMPDIR
# Source networking configuration.
. /etc/sysconfig/network
if [ -f /etc/sysconfig/$SAMBA_NAME ]; then
. /etc/sysconfig/$SAMBA_NAME
fi
# Check that networking is up.
[ ${NETWORKING} = no ] exit 1
# Check that smb.conf exists.
[ -f /usr/local/samba/etc/smb.conf ] || exit 6
RETVAL=0
start() {
echo -n $Starting Samba services:
daemon /usr/local/samba/sbin/samba $SMBDOPTIONS
RETVAL=$?
echo
[ $RETVAL -eq 0 ] touch /usr/local/samba/var/locks/$SAMBA_NAME || \
RETVAL=1
return $RETVAL
}
stop() {
echo -n $Shutting down Samba services:
killproc samba
RETVAL=$?
echo
[ $RETVAL -eq 0 ] rm -f /usr/local/samba/var/locks/$SAMBA_NAME
return $RETVAL
}
restart() {
stop
start
}
reload() {
echo -n $Reloading smb.conf file:
killproc samba -HUP
RETVAL=$?
echo
return $RETVAL
}
rhstatus() {
status samba
return $?
}
# Allow status as non-root.
if [ $1 = status ]; then
rhstatus
exit $?
fi
# Check that we can write to it... so non-root users stop here
[ -w /usr/local/samba/etc/smb.conf ] || exit 4
case $1 in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
status)
rhstatus
;;
condrestart)
[ -f /usr/local/samba/var/locks/$SAMBA_NAME ] restart || :
;;
*)
echo $Usage: $0 {start|stop|restart|reload|status|condrestart}
exit 2
esac
exit $?
On 04/20/2011 09:47 AM, Ryan Leimenstoll wrote:
Ok, I appreciate your suggestion. Would you be able to provide an Init
script for Samba4 Alpha15? I am not certain on how to make one. Also, Is
there a way to maintain my existing Samba4 powered AD Domain when upgrading?
Thanks.
On Wed, Apr 20, 2011 at 10:23 AM, timothy mcdaniel
timnboys...@live.comwrote:
I would redownload the git source and download the latest version of samba4
and compile it and provision it and then when you get the latest verison of
samba4(which I think is samba4 alpha 15) and then how you would change the
password complexity requirements in the latest version of samba4 you would
use samba-tool or if you do not have the samba4 bin and sbin folders in
your
path: /usr/local/samba/bin/samba-tool(this is assuming that you installed
the latest version of samba4 to your /usr/local folder) and you put this
command like this: /usr/local/samba/bin/samba-tool pwsettings
--complexity=off --history-length=0 --min-pwd-length=0
--min-pwd-age=0 and then press enter and then it will disable the password
complexity on the latest version of samba4
Thanks for your assistance, however the options are not recognized by the
net command. Is there any other variation of those it could be?
On Tue, Apr 19, 2011 at 2:49 AM, Daniel Müller
muel...@tropenklinik.dewrote:
Refer to my thread this list: HOWTO samba4 centos5.5 named dnsupdate drbd
simple failover
Password Policy Settings!!
Along with Samba4 the Password Policy you can only set from console, with
'net pwsettings ' command.
net pwsettings –help:
usage: (show | set options)
options:
-h, --helpshow this help message and exit
-H H LDB URL for database or target server
--quiet Be quiet
--complexity=COMPLEXITY
The password complexity (on | off | default).
Default
is 'on'
--history-length=HISTORY_LENGTH
The password history length (integer | default).
Default is 24.
--min-pwd-length=MIN_PWD_LENGTH
The minimum password length (integer | default).
Default is 7.
--min-pwd-age=MIN_PWD_AGE
The minimum password age (integer in days |
default). Default is 1.
--max-pwd-age=MAX_PWD_AGE
The maximum password age (integer in days |
default). Default is 43.
Samba Common Options:
-s FILE, --configfile=FILE
Configuration file
-d DEBUGLEVEL, --debuglevel=DEBUGLEVEL
debug level
--option=OPTION set smb.conf option from command line
--realm=REALM set the realm name
Credentials Options:
--simple-bind-dn=DN
DN to use for a simple bind
--password=PASSWORD
Password
-U USERNAME,
Re: [Samba] Compiling samba4 from git
There is a top level build now for samba and s3 and s4 build is now in one place. Just due the following for samba4: ./configure.developer make make quicktest - if you want make install That's it! Jonn On 04/20/2011 01:49 PM, Daniel Müller wrote: What happend to the git repository? I did git clone git://git.samba.org/samba.git /samba4/samba. I got the repo. Changed to /samba4/samba/source4 tried ./autogen.sh File not found? Indeed no autogen.sh in source4 nor in the master-dir only in source3. And a file autogen-waf.sh. Confusion!!?? I do not want to compile samba3 I want samba4. What has changed???How do I compile samba4 the right way. Greetings Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with CentOS 5.6 samba3x packages
All, I installed samba3x packages from the updates repo and when I run net join command I get the following error. net: symbol lookup error: net: undefined symbol: tdb_check samba3x x86_64 3.5.4-0.70.el5_6.1 installed17 M samba3x-client x86_64 3.5.4-0.70.el5_6.1 installed46 M samba3x-common x86_64 3.5.4-0.70.el5_6.1 installed49 M samba3x-doc x86_64 3.5.4-0.70.el5_6.1 installed17 M samba3x-domainjoin-gui x86_64 3.5.4-0.70.el5_6.1 installed52 k samba3x-swat x86_64 3.5.4-0.70.el5_6.1 installed13 M samba3x-winbind x86_64 3.5.4-0.70.el5_6.1 installed12 M libsmbclient x86_64 3.0.33-3.29.el5_6.2 installed 2.2 M Jonn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with CentOS 5.6 samba3x packages
Fixed it by following https://bugzilla.redhat.com/show_bug.cgi?id=613371 Jonn On 04/16/2011 06:28 PM, Taylor, Jonn wrote: All, I installed samba3x packages from the updates repo and when I run net join command I get the following error. net: symbol lookup error: net: undefined symbol: tdb_check samba3x x86_64 3.5.4-0.70.el5_6.1 installed17 M samba3x-client x86_64 3.5.4-0.70.el5_6.1 installed46 M samba3x-common x86_64 3.5.4-0.70.el5_6.1 installed49 M samba3x-doc x86_64 3.5.4-0.70.el5_6.1 installed17 M samba3x-domainjoin-gui x86_64 3.5.4-0.70.el5_6.1 installed52 k samba3x-swat x86_64 3.5.4-0.70.el5_6.1 installed13 M samba3x-winbind x86_64 3.5.4-0.70.el5_6.1 installed12 M libsmbclient x86_64 3.0.33-3.29.el5_6.2 installed 2.2 M Jonn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Hybride samba..
There is currently no netbios support in S4. I am not sure if Franky is even working right now. I would post on the samba-technical list for help with this. Jonn On 04/11/2011 07:04 AM, Daniel Müller wrote: I do not think this is working with the same netbios name for both. The S3 must be a memberserver(ads) of the S4(ads-domain server with bind dns) and winbind running. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Collen Blijenberg Gesendet: Montag, 11. April 2011 12:29 An: samba@lists.samba.org Betreff: [Samba] Hybride samba.. i'm trying to build samba in hybrid mode. (https://wiki.samba.org/index.php/Franky#How_to_run_it) but obvious i'm running in to problems... (not enough howto info) does s3 need to join the s4 part ?! also do i use the same netbios name for s3+s4 ? and wbinfo -u and -g gives an error. security= ads ?? or user ?? (or...) does some one got frankenstein up ?! or some more info on howto.. it would be so mutch nicer then 2 separate machines running s3 and s4 Cheer, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: Re: S3 winbind errors
test Original Message Subject:Re: [Samba] S3 winbind errors Date: Fri, 08 Apr 2011 10:04:12 -0500 From: Taylor, Jonn jo...@taylortelephone.com To: Samba samba@lists.samba.org Anyone. On 04/07/2011 10:39 AM, Taylor, Jonn wrote: I am getting a lot of winbind errors in my logs on one server. Any idea's? Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.062866, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) Apr 7 10:32:19 pdc winbindd[8789]: idmap_alloc module ldap already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.063011, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) Apr 7 10:32:19 pdc winbindd[8789]: idmap_alloc module tdb already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.063107, 0] winbindd/idmap.c:149(smb_register_idmap) Apr 7 10:32:19 pdc winbindd[8789]: Idmap module passdb already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.084249, 0] winbindd/idmap.c:149(smb_register_idmap) Apr 7 10:32:19 pdc winbindd[8789]: Idmap module nss already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.151590, 0] winbindd/idmap.c:149(smb_register_idmap) Apr 7 10:32:19 pdc winbindd[8789]: Idmap module rid already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.217899, 0] lib/module.c:69(do_smb_load_module) Apr 7 10:32:19 pdc winbindd[8789]: Module '/usr/lib64/samba/idmap/rid.so' initialization failed: NT_STATUS_OBJECT_NAME_COLLISION [global] workgroup = TAYLORTELEPHONE realm = TAYLORTELEPHONE.COM security = ADS password server = 192.168.173.10, 192.168.173.4 log file = /var/log/samba/samba3.log ldap ssl = no idmap backend = idmap_rid:TAYLORTELEPHONE=500-400 idmap uid = 500-400 idmap gid = 500-400 template homedir = /home/%U template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind offline logon = Yes Samba 3 from SerNet samba3-debuginfo-3.5.8-43.el5 samba3-winbind-3.5.8-43.el5 samba3-client-3.5.8-43.el5 samba3-utils-3.5.8-43.el5 samba3-cifsmount-3.5.8-43.el5 samba3-doc-3.5.8-43.el5 samba3-3.5.8-43.el5 CentOS 5.5 x86_64 on HP DL385 G5 Jonn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] S3 winbind errors
No duplicate shares. On 04/10/2011 05:18 PM, Michael Wood wrote: On 7 April 2011 17:39, Taylor, Jonn jo...@taylortelephone.com wrote: I am getting a lot of winbind errors in my logs on one server. Any idea's? Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.062866, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) Apr 7 10:32:19 pdc winbindd[8789]: idmap_alloc module ldap already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.063011, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) Apr 7 10:32:19 pdc winbindd[8789]: idmap_alloc module tdb already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.063107, 0] winbindd/idmap.c:149(smb_register_idmap) Apr 7 10:32:19 pdc winbindd[8789]: Idmap module passdb already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.084249, 0] winbindd/idmap.c:149(smb_register_idmap) Apr 7 10:32:19 pdc winbindd[8789]: Idmap module nss already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.151590, 0] winbindd/idmap.c:149(smb_register_idmap) Apr 7 10:32:19 pdc winbindd[8789]: Idmap module rid already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.217899, 0] lib/module.c:69(do_smb_load_module) Apr 7 10:32:19 pdc winbindd[8789]: Module '/usr/lib64/samba/idmap/rid.so' initialization failed: NT_STATUS_OBJECT_NAME_COLLISION Any chance you have a duplicate share? http://groups.google.com/group/linux.samba/browse_thread/thread/1b3578bd3c583ca9/c39d58efaa9bde84?lnk=raotpli=1 Otherwise I don't know. [global] workgroup = TAYLORTELEPHONE realm = TAYLORTELEPHONE.COM security = ADS password server = 192.168.173.10, 192.168.173.4 log file = /var/log/samba/samba3.log ldap ssl = no idmap backend = idmap_rid:TAYLORTELEPHONE=500-400 idmap uid = 500-400 idmap gid = 500-400 template homedir = /home/%U template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind offline logon = Yes Samba 3 from SerNet samba3-debuginfo-3.5.8-43.el5 samba3-winbind-3.5.8-43.el5 samba3-client-3.5.8-43.el5 samba3-utils-3.5.8-43.el5 samba3-cifsmount-3.5.8-43.el5 samba3-doc-3.5.8-43.el5 samba3-3.5.8-43.el5 CentOS 5.5 x86_64 on HP DL385 G5 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] S3 winbind errors
Anyone. On 04/07/2011 10:39 AM, Taylor, Jonn wrote: I am getting a lot of winbind errors in my logs on one server. Any idea's? Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.062866, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) Apr 7 10:32:19 pdc winbindd[8789]: idmap_alloc module ldap already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.063011, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) Apr 7 10:32:19 pdc winbindd[8789]: idmap_alloc module tdb already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.063107, 0] winbindd/idmap.c:149(smb_register_idmap) Apr 7 10:32:19 pdc winbindd[8789]: Idmap module passdb already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.084249, 0] winbindd/idmap.c:149(smb_register_idmap) Apr 7 10:32:19 pdc winbindd[8789]: Idmap module nss already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.151590, 0] winbindd/idmap.c:149(smb_register_idmap) Apr 7 10:32:19 pdc winbindd[8789]: Idmap module rid already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.217899, 0] lib/module.c:69(do_smb_load_module) Apr 7 10:32:19 pdc winbindd[8789]: Module '/usr/lib64/samba/idmap/rid.so' initialization failed: NT_STATUS_OBJECT_NAME_COLLISION [global] workgroup = TAYLORTELEPHONE realm = TAYLORTELEPHONE.COM security = ADS password server = 192.168.173.10, 192.168.173.4 log file = /var/log/samba/samba3.log ldap ssl = no idmap backend = idmap_rid:TAYLORTELEPHONE=500-400 idmap uid = 500-400 idmap gid = 500-400 template homedir = /home/%U template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind offline logon = Yes Samba 3 from SerNet samba3-debuginfo-3.5.8-43.el5 samba3-winbind-3.5.8-43.el5 samba3-client-3.5.8-43.el5 samba3-utils-3.5.8-43.el5 samba3-cifsmount-3.5.8-43.el5 samba3-doc-3.5.8-43.el5 samba3-3.5.8-43.el5 CentOS 5.5 x86_64 on HP DL385 G5 Jonn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] S3 winbind errors
I am getting a lot of winbind errors in my logs on one server. Any idea's? Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.062866, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) Apr 7 10:32:19 pdc winbindd[8789]: idmap_alloc module ldap already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.063011, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) Apr 7 10:32:19 pdc winbindd[8789]: idmap_alloc module tdb already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.063107, 0] winbindd/idmap.c:149(smb_register_idmap) Apr 7 10:32:19 pdc winbindd[8789]: Idmap module passdb already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.084249, 0] winbindd/idmap.c:149(smb_register_idmap) Apr 7 10:32:19 pdc winbindd[8789]: Idmap module nss already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.151590, 0] winbindd/idmap.c:149(smb_register_idmap) Apr 7 10:32:19 pdc winbindd[8789]: Idmap module rid already registered! Apr 7 10:32:19 pdc winbindd[8789]: [2011/04/07 10:32:19.217899, 0] lib/module.c:69(do_smb_load_module) Apr 7 10:32:19 pdc winbindd[8789]: Module '/usr/lib64/samba/idmap/rid.so' initialization failed: NT_STATUS_OBJECT_NAME_COLLISION [global] workgroup = TAYLORTELEPHONE realm = TAYLORTELEPHONE.COM security = ADS password server = 192.168.173.10, 192.168.173.4 log file = /var/log/samba/samba3.log ldap ssl = no idmap backend = idmap_rid:TAYLORTELEPHONE=500-400 idmap uid = 500-400 idmap gid = 500-400 template homedir = /home/%U template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind offline logon = Yes Samba 3 from SerNet samba3-debuginfo-3.5.8-43.el5 samba3-winbind-3.5.8-43.el5 samba3-client-3.5.8-43.el5 samba3-utils-3.5.8-43.el5 samba3-cifsmount-3.5.8-43.el5 samba3-doc-3.5.8-43.el5 samba3-3.5.8-43.el5 CentOS 5.5 x86_64 on HP DL385 G5 Jonn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 AD/LDAP question
On 04/03/2011 07:24 PM, Aly Khimji wrote: Hi guys, First time poster so I do apologize if this question has been asked before. In a test set up we are trying to use samba4 to authenticate a small network with Linux, Win, and OSX clients. I have successfully deployed samba4 in domain controller mode, can attach windows machines to it, manage the DC via windows tools. We can also join Linux servers to the domain, however my problem is as follows, When attempting to log into a Linux server, excluding local users, the only directory user that can log in is the Administrator. Any other directory user that attempts to log in gets a No Logon Servers, however if move that same user into the Domain Admins group they can log in with no issues (yes as UID=0) as reported in /var/log/secure. Can someone please explain why this happens, and what step have i missed that would allow regular users to log in? In smb.conf set template shell = /bin/bash That being said, my second question is, if it possible to have the samba4 server in domain controller mode, but have Linux clients authenticate via ldap as appose to winbind? You have to use winbind or you will not get the right id mapping. [global] workgroup = EXAMPLE realm = EXAMPLE.COM security = ADS password server = 192.168.173.10 log file = /var/log/samba/samba3.log ldap ssl = no idmap backend = idmap_rid:EXAMPLE=500-400 idmap uid = 500-400 idmap gid = 500-400 template homedir = /home/%U template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind offline logon = Yes For example, when configuring an authentication method if it would possible to use LDAP instead of samba/winbind? I tried to configure LDAP (correct base, host, uri, etc..) but when it doesn't seem to pull any info? eg id or getent doesn't work. In /etc/nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind and link 2 modules, these are for a 64 bit system, if yours is not just remove 64 from the links ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so ln -s /usr/local/samba/lib/pam_winbind.so /lib64/security/pam_winbind.so Any pointers are greatly appreciated, I am just testing out the capabilities of 4, i understand its still in Alpha but hope you guys might have some experience with it. Thanks Aly -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgraded to 3.5.8 local users unable to log in AD users can
On 03/15/2011 05:32 PM, Alfanoid wrote: Daniel Müller mueller at tropenklinik.de writes: You system was trying to authenticate with winbind!? Did Winbind run is your smb.conf configuration to interact with winbind? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Alfanoid Gesendet: Dienstag, 15. März 2011 01:39 An: samba at lists.samba.org Betreff: [Samba] Upgraded to 3.5.8 local users unable to log in AD users can Hi all, Upgraded Samba on RHEL5 from 3.0.33 to 3.5.8 from an rpm. Have an issue where AD users can connect to the linux box but local unix accounts cannot. We are using PAM not kerberos. After much looking and trail and error. I commented out this line in the /etc/pam.d/system-auth file and it works. Why??? account required pam_unix.so broken_shadow account sufficientpam_succeed_if.so uid 500 quiet #account [default=bad success=ok user_unknown=ignore] pam_winbind.so account required pam_permit.so I'm not really ofay with how the whole authentication works. Thanks!! Yes to all of the above. Upgraded from a working Samba 3.0.33-3.28.el5. Here is the pertinent smb.conf section workgroup = STANWELL password server = dc2dc01.stanwell.com dc1dc01.stanwell.com realm = STANWELL.COM security = ads idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash winbind use default domain = true winbind offline logon = false Change these to: winbind use default domain = Yes winbind offline logon = No Some of the syntax changed between 3.0 and 3.5. See /usr/share/doc/samba3/examples/smb.conf.SerNet-RedHat if use SerNet packages or http://wiki.samba.org/index.php/Samba__Active_Directory . Jonn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trouble installing SWAT on a Samba 4 Alpha 13 build onUbuntu Server
This is all you need.
[test]
path = /data/test
read only = no
Then use windows to set the acl's.
Jonn
http://wiki.samba.org/index.php/Samba4/HOWTO
On 01/24/2011 09:24 AM, Lynn Dixon wrote:
Thanks. I tried both paramaters in my smb.conf but I got errors when I tried
both:
jenfab@dc:~$ sudo /etc/init.d/samba4 restart
* Stopping Samba 4 daemon samba
[ OK ]
* Starting Samba 4 daemon
sambaUnknown parameter
encountered: valid users
Ignoring unknown parameter valid users
[
OK ]
jenfab@dc:~$ sudo nano /etc/samba/smb.conf
jenfab@dc:~$ sudo /etc/init.d/samba4 restart
* Stopping Samba 4 daemon samba [
OK ]
* Starting Samba 4 daemon
sambaUnknown parameter
encountered: write list
Ignoring unknown parameter write list
Unknown parameter encountered: read list
Ignoring unknown parameter read list
[
OK ]
On Mon, Jan 24, 2011 at 9:52 AM, t...@tms3.com wrote:
I am not sure how to use Microsoft AD tools to create shares and then set
those shares permissable to certain AD groups. For example, I need to
create
a share called Finance and only the people in Finance can read/write to
it. I was hoping to use SWAT to help in creation and management of those
shares.
vi smb.conf (or your favorite text editor)
add
[finance]
...various parameter...
valid users = @finance
or
write list = @finance
read list = @finance
I have been using AD tools to manage the domain and GPO's but I am not sure
how to use them to create shares.
You can see swat for samba4 here: https://github.com/rvelhote/GSoC-SWAT
On Mon, Jan 24, 2011 at 5:03 AM, Daniel Müller muel...@tropenklinik.de
wrote:
I thought swat is no longer working!!Just use Microsoft ads tools and you
are up and running.
---
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: http://www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
Im
Auftrag von Lynn Dixon
Gesendet: Sonntag, 23. Januar 2011 06:39
An: samba@lists.samba.org
Betreff: [Samba] Trouble installing SWAT on a Samba 4 Alpha 13 build on
Ubuntu Server
Hello all,
I have setup a complete domain using Samba 4 on my Ubuntu server 32 bit
machine. I am using the Alpha 13 build (it was actually in the Ubuntu
Repos). I am trying to setup swat to make it easier to manage shares. I
have followed the instructions at https://github.com/rvelhote/GSoC-SWATbut
I am having a few problems.
When I run ./run I get the following errors:
jenfab@dc:~/GSoC-SWAT$ sudo ./run
Starting subprocess with file monitor
Traceback (most recent call last):
File /usr/local/bin/paster, line 9, in module
load_entry_point('PasteScript==1.7.3', 'console_scripts', 'paster')()
File /usr/lib/pymodules/python2.6/paste/script/command.py, line 84, in
run
invoke(command, command_name, options, args[1:])
File /usr/lib/pymodules/python2.6/paste/script/command.py, line 123,
in
invoke
exit_code = runner.run(args)
File /usr/lib/pymodules/python2.6/paste/script/command.py, line 218,
in
run
result = self.command()
File /usr/lib/pymodules/python2.6/paste/script/serve.py, line 276, in
command
relative_to=base, global_conf=vars)
File /usr/lib/pymodules/python2.6/paste/script/serve.py, line 313, in
loadapp
**kw)
File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 204,
in
loadapp
return loadobj(APP, uri, name=name, **kw)
File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 224,
in
loadobj
global_conf=global_conf)
File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 248,
in
loadcontext
global_conf=global_conf)
File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 278,
in
_loadconfig
return loader.get_context(object_type, name, global_conf)
File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 409,
in
get_context
section)
File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 431,
in
_context_from_use
object_type, name=use, global_conf=global_conf)
File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 361,
in
get_context
global_conf=global_conf)
File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 248,
in
loadcontext
global_conf=global_conf)
File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 285,
in
_loadegg
return
Re: [Samba] Trouble installing SWAT on a Samba 4 Alpha 13 build onUbuntu Server
Go to advanced when changing ACL's.
Jonn
On 01/24/2011 09:48 AM, Lynn Dixon wrote:
That was the first thing that I had tried. I created a share using
smb.conf, then restarted samba.
I can see the share, and navigate down into it from windows. If I
create a folder and then rick click from a windows machine and do
security, I can add groups, but when I try to save, the changes just
disappear.
What is the best way to manage ACL's on the share from a windows machine?
Sorry for all the questions, this is my first venture into a Samba 4
AD environment. I have used Samba 2/3 i on a workgroup in the past
and used different security schemes.
On Mon, Jan 24, 2011 at 10:37 AM, Taylor, Jonn
jo...@taylortelephone.com mailto:jo...@taylortelephone.com wrote:
This is all you need.
[test]
path = /data/test
read only = no
Then use windows to set the acl's.
Jonn
http://wiki.samba.org/index.php/Samba4/HOWTO
On 01/24/2011 09:24 AM, Lynn Dixon wrote:
Thanks. I tried both paramaters in my smb.conf but I got errors
when I tried
both:
jenfab@dc:~$ sudo /etc/init.d/samba4 restart
* Stopping Samba 4 daemon samba
[ OK ]
* Starting Samba 4 daemon
sambaUnknown
parameter
encountered: valid users
Ignoring unknown parameter valid users
[
OK ]
jenfab@dc:~$ sudo nano /etc/samba/smb.conf
jenfab@dc:~$ sudo /etc/init.d/samba4 restart
* Stopping Samba 4 daemon samba
[
OK ]
* Starting Samba 4 daemon
sambaUnknown
parameter
encountered: write list
Ignoring unknown parameter write list
Unknown parameter encountered: read list
Ignoring unknown parameter read list
[
OK ]
On Mon, Jan 24, 2011 at 9:52 AM, t...@tms3.com
mailto:t...@tms3.com wrote:
I am not sure how to use Microsoft AD tools to create shares
and then set
those shares permissable to certain AD groups. For example, I
need to
create
a share called Finance and only the people in Finance can
read/write to
it. I was hoping to use SWAT to help in creation and management
of those
shares.
vi smb.conf (or your favorite text editor)
add
[finance]
...various parameter...
valid users = @finance
or
write list = @finance
read list = @finance
I have been using AD tools to manage the domain and GPO's but I
am not sure
how to use them to create shares.
You can see swat for samba4 here:
https://github.com/rvelhote/GSoC-SWAT
On Mon, Jan 24, 2011 at 5:03 AM, Daniel Müller
muel...@tropenklinik.de mailto:muel...@tropenklinik.de
wrote:
I thought swat is no longer working!!Just use Microsoft ads
tools and you
are up and running.
---
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de mailto:muel...@tropenklinik.de
Internet: http://www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org
mailto:samba-boun...@lists.samba.org
[mailto:samba-boun...@lists.samba.org
mailto:samba-boun...@lists.samba.org]
Im
Auftrag von Lynn Dixon
Gesendet: Sonntag, 23. Januar 2011 06:39
An: samba@lists.samba.org mailto:samba@lists.samba.org
Betreff: [Samba] Trouble installing SWAT on a Samba 4 Alpha 13
build on
Ubuntu Server
Hello all,
I have setup a complete domain using Samba 4 on my Ubuntu
server 32 bit
machine. I am using the Alpha 13 build (it was actually in the
Ubuntu
Repos). I am trying to setup swat to make it easier to manage
shares. I
have followed the instructions at
https://github.com/rvelhote/GSoC-SWATbut
I am having a few problems.
When I run ./run I get the following errors:
jenfab@dc:~/GSoC-SWAT$ sudo ./run
Starting subprocess with file monitor
Traceback (most recent call last):
File /usr/local/bin/paster, line 9, in module
load_entry_point('PasteScript==1.7.3', 'console_scripts',
'paster')()
File /usr/lib/pymodules/python2.6/paste/script/command.py,
line 84, in
run
Re: [Samba] Trouble installing SWAT on a Samba 4 Alpha 13 build onUbuntu Server
Need to see you samba logs. They are in /usr/local/samba/var/samb.log by default. Directory owner needs to be root and group should be users or staff. Also make sure that you can set the ACL's from the command prompt. How to do this is on the wiki. Jonn On 01/24/2011 10:50 AM, Lynn Dixon wrote: Ok. I tried the following: Navigate to share, right click -- Properties. Went to security tab then clicked advanced That opened up and I was able to click Add and then add my Finance AD group. The Finance group even shows up with the selected permissions in the list of users/groups. BUT, when I click Apply all of the changes vanish. I took some snapshots. Check them at the links: Before changes: http://lh3.ggpht.com/_qETGDInSB7Q/TT2tBxte7uI/Lcw/Mf8kYZxcUxI/s400/finance1.JPG After adding Finance: http://lh4.ggpht.com/_qETGDInSB7Q/TT2tCEhe8kI/Lc0/4thnUxi_sBo/s400/finance2.JPG But when I click apply, the jenfab\finance group dissappears from the list and the changes never save. I have tried giving 777 perms on the actual directory on my ubuntu box to troubleshoot, but had same results. I have also verified that ACL package has been installed on my Ubuntu machine. What user:group do I need to have the actual directory on the ubuntu machine set to? Any other things I should try? On Mon, Jan 24, 2011 at 11:02 AM, Taylor, Jonn jo...@taylortelephone.com mailto:jo...@taylortelephone.com wrote: Go to advanced when changing ACL's. Jonn On 01/24/2011 09:48 AM, Lynn Dixon wrote: That was the first thing that I had tried. I created a share using smb.conf, then restarted samba. I can see the share, and navigate down into it from windows. If I create a folder and then rick click from a windows machine and do security, I can add groups, but when I try to save, the changes just disappear. What is the best way to manage ACL's on the share from a windows machine? Sorry for all the questions, this is my first venture into a Samba 4 AD environment. I have used Samba 2/3 i on a workgroup in the past and used different security schemes. On Mon, Jan 24, 2011 at 10:37 AM, Taylor, Jonn jo...@taylortelephone.com mailto:jo...@taylortelephone.com wrote: This is all you need. [test] path = /data/test read only = no Then use windows to set the acl's. Jonn http://wiki.samba.org/index.php/Samba4/HOWTO On 01/24/2011 09:24 AM, Lynn Dixon wrote: Thanks. I tried both paramaters in my smb.conf but I got errors when I tried both: jenfab@dc:~$ sudo /etc/init.d/samba4 restart * Stopping Samba 4 daemon samba [ OK ] * Starting Samba 4 daemon samba Unknown parameter encountered: valid users Ignoring unknown parameter valid users [ OK ] jenfab@dc:~$ sudo nano /etc/samba/smb.conf jenfab@dc:~$ sudo /etc/init.d/samba4 restart * Stopping Samba 4 daemon samba [ OK ] * Starting Samba 4 daemon samba Unknown parameter encountered: write list Ignoring unknown parameter write list Unknown parameter encountered: read list Ignoring unknown parameter read list [ OK ] On Mon, Jan 24, 2011 at 9:52 AM, t...@tms3.com mailto:t...@tms3.com wrote: I am not sure how to use Microsoft AD tools to create shares and then set those shares permissable to certain AD groups. For example, I need to create a share called Finance and only the people in Finance can read/write to it. I was hoping to use SWAT to help in creation and management of those shares. vi smb.conf (or your favorite text editor) add [finance] ...various parameter... valid users = @finance or write list = @finance read list = @finance I have been using AD tools to manage the domain and GPO's but I am not sure how to use them to create shares. You can see swat for samba4 here: https://github.com/rvelhote/GSoC-SWAT On Mon, Jan 24, 2011 at 5:03 AM, Daniel Müller muel...@tropenklinik.de mailto:muel
Re: [Samba] Trouble installing SWAT on a Samba 4 Alpha 13 build onUbuntu Server
Check you permissions on the folders. [Mon Jan 24 11:30:24 2011 EST, 0 ../ntvfs/posix/pvfs_acl.c:567:pvfs_access_check_unix()] ../ntvfs/posix/pvfs_acl.c:567 denied access to '/share/finance/.' - wanted 0x010e but got 0xfff3 (missing 0x000c) [Mon Jan 24 11:30:24 2011 EST, 0 ../ntvfs/posix/pvfs_acl.c:567:pvfs_access_check_unix()] ../ntvfs/posix/pvfs_acl.c:567 denied access to '/share/finance/.' - wanted 0x0004 but got 0xfef3 (missing 0x0004) [Mon Jan 24 11:30:24 2011 EST, 0 ../ntvfs/posix/pvfs_acl.c:567:pvfs_access_check_unix()] ../ntvfs/posix/pvfs_acl.c:567 denied access to '/share/finance/.' - wanted 0x0008 but got 0xfef3 (missing 0x0008) [Mon Jan 24 11:31:06 2011 EST, 0 ../ntvfs/posix/pvfs_acl.c:567:pvfs_access_check_unix()] ../ntvfs/posix/pvfs_acl.c:567 denied access to '/share/finance/.' - wanted 0x0006 but got 0xfef3 (missing 0x0004) [Mon Jan 24 11:31:06 2011 EST, 0 ../ntvfs/posix/pvfs_acl.c:567:pvfs_access_check_unix()] ../ntvfs/posix/pvfs_acl.c:567 denied access to '/share/finance/.' - wanted 0x0006 but got 0xfef3 (missing 0x0004) [Mon Jan 24 11:32:05 2011 EST, 0 ../dsdb/kcc/kcc_topology.c:3479:kcctpl_test()] Testing kcctpl_create_intersite_connections [Mon Jan 24 11:35:28 2011 EST, 0 ../ntvfs/posix/pvfs_acl.c:567:pvfs_access_check_unix()] ../ntvfs/posix/pvfs_acl.c:567 denied access to '/share/finance/.' - wanted 0x0006 but got 0xfef3 (missing 0x0004) [Mon Jan 24 11:35:28 2011 EST, 0 ../ntvfs/posix/pvfs_acl.c:567:pvfs_access_check_unix()] ../ntvfs/posix/pvfs_acl.c:567 denied access to '/share/finance/.' - wanted 0x0006 but got 0xfef3 (missing 0x0004) Jonn On 01/24/2011 11:07 AM, Lynn Dixon wrote: Thanks for the help. I have attached my samba.log. On Mon, Jan 24, 2011 at 11:58 AM, Taylor, Jonn jo...@taylortelephone.com mailto:jo...@taylortelephone.com wrote: Need to see you samba logs. They are in /usr/local/samba/var/samb.log by default. Directory owner needs to be root and group should be users or staff. Also make sure that you can set the ACL's from the command prompt. How to do this is on the wiki. Jonn On 01/24/2011 10:50 AM, Lynn Dixon wrote: Ok. I tried the following: Navigate to share, right click -- Properties. Went to security tab then clicked advanced That opened up and I was able to click Add and then add my Finance AD group. The Finance group even shows up with the selected permissions in the list of users/groups. BUT, when I click Apply all of the changes vanish. I took some snapshots. Check them at the links: Before changes: http://lh3.ggpht.com/_qETGDInSB7Q/TT2tBxte7uI/Lcw/Mf8kYZxcUxI/s400/finance1.JPG After adding Finance: http://lh4.ggpht.com/_qETGDInSB7Q/TT2tCEhe8kI/Lc0/4thnUxi_sBo/s400/finance2.JPG But when I click apply, the jenfab\finance group dissappears from the list and the changes never save. I have tried giving 777 perms on the actual directory on my ubuntu box to troubleshoot, but had same results. I have also verified that ACL package has been installed on my Ubuntu machine. What user:group do I need to have the actual directory on the ubuntu machine set to? Any other things I should try? On Mon, Jan 24, 2011 at 11:02 AM, Taylor, Jonn jo...@taylortelephone.com mailto:jo...@taylortelephone.com wrote: Go to advanced when changing ACL's. Jonn On 01/24/2011 09:48 AM, Lynn Dixon wrote: That was the first thing that I had tried. I created a share using smb.conf, then restarted samba. I can see the share, and navigate down into it from windows. If I create a folder and then rick click from a windows machine and do security, I can add groups, but when I try to save, the changes just disappear. What is the best way to manage ACL's on the share from a windows machine? Sorry for all the questions, this is my first venture into a Samba 4 AD environment. I have used Samba 2/3 i on a workgroup in the past and used different security schemes. On Mon, Jan 24, 2011 at 10:37 AM, Taylor, Jonn jo...@taylortelephone.com mailto:jo...@taylortelephone.com wrote: This is all you need. [test] path = /data/test read only = no Then use windows to set the acl's. Jonn http://wiki.samba.org/index.php/Samba4/HOWTO On 01/24/2011 09:24 AM, Lynn Dixon wrote: Thanks. I tried both paramaters in my smb.conf but I got errors when I tried both: jenfab@dc:~$ sudo /etc/init.d/samba4 restart * Stopping Samba 4 daemon samba [ OK ] * Starting
Re: [Samba] Some direction of Samba4 Sid to Uid/Gid ?
On 01/14/2011 02:04 PM, Wei-Tsun Sun wrote: Did a git-pull and built samba4, up and running with winbind. I have a file server, which will be access by windows. Say I have a user named abcde (uid = 1000), under group abcde) (gid = 1000). When I created a user with samba-too (samba-tool newuser abcde x), it creates an account abcde with mapped uid 300018 under group user users. I am really wondering if there is anyway to make the abcde created under samba to link with the abcde in my local linux. I have : idmap config SAMDOM: default = yes idmap config SAMDOM: backend = tdb idmap config SAMDOM: range = 1000-2 in my smb.conf But it seems the uid goes anywhere not near 1000. Cheers. Have a look at http://wiki.samba.org/index.php/Samba4/Winbind Jonn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 4 problems after update
I am getting the name or security id sid of the domain specified is inconsistent after updating samba. I tried to reset the computer sid and change the name and that did no help. Any idea's? Jonn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Rewrite:List Servers not implemented.
To make bind work you have to add user named to the group named. Set the rights to make named work correctly chmod 770 /etc/named.conf chmod 770 /etc/named.rfc1912.zones chown root:named /etc/named.conf chown named:named /etc/named.rfc1912.zones chmod -R 770 /var/named chown -R named:named /var/named chown named:named /etc/rndc.key chown named:named /var/run/named/ Also what version of bind are you using? rpm -qa | grep bind Jonn On 11/24/2010 07:09 AM, hemanth kumar wrote: Hi all, When I start the named after adding the line include /usr/local/samba/private/named.conf; to named.conf file,named fails to start with error the following msg. Starting named: Error in named configuration: /etc/named.conf:64: open: /usr/local/samba/private/named.conf: file not found [FAILED] but the file is very much present in that path. anybody got any idea about this? thanks in advance. Hemanth Kumar.M -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Rewrite:List Servers not implemented.
For samba 4 to do dynamic updates you need to update to a newer version of bind. This is not avaliable from red hat. You can try the ones that i built for my systems. They are at http://www.taylortelephone.com/bind9/ Jonn On 11/24/2010 07:45 AM, hemanth kumar wrote: Permissions are perfect. and the bind version is 9.3 #rpm -qa |grep bind bind-utils-9.3.3-7.el5 bind-chroot-9.3.3-7.el5 kdebindings-3.5.4-1.fc6 bind-9.3.3-7.el5 ypbind-1.19-7.el5 bind-libs-9.3.3-7.el5 system-config-bind-4.0.3-2.el5 On Wed, Nov 24, 2010 at 6:52 PM, Taylor, Jonn jo...@taylortelephone.com mailto:jo...@taylortelephone.com wrote: To make bind work you have to add user named to the group named. Set the rights to make named work correctly chmod 770 /etc/named.conf chmod 770 /etc/named.rfc1912.zones chown root:named /etc/named.conf chown named:named /etc/named.rfc1912.zones chmod -R 770 /var/named chown -R named:named /var/named chown named:named /etc/rndc.key chown named:named /var/run/named/ Also what version of bind are you using? rpm -qa | grep bind Jonn On 11/24/2010 07:09 AM, hemanth kumar wrote: Hi all, When I start the named after adding the line include /usr/local/samba/private/named.conf; to named.conf file,named fails to start with error the following msg. Starting named: Error in named configuration: /etc/named.conf:64: open: /usr/local/samba/private/named.conf: file not found [FAILED] but the file is very much present in that path. anybody got any idea about this? thanks in advance. Hemanth Kumar.M -- KEEP SMILING KEEP MAILING -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 bind 9.7.2 CentOS 5.5
For those of you looking for an rpm to install bind 9.7.2, here ya go. These were built with mock so they should be safe. They are a backport from Fedora rawhide (fc15) but do not have gpg signature. http://www.taylortelephone.com/bind9/ Jonn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 idmap problem
Thank for your replay. I will try the RID stuff and see how it goes. Jonn On 10/07/2010 12:42 AM, Kai Blin wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2010-10-06 17:35, Taylor, Jonn wrote: Seems that each system is making up it own id's. Both the centos and fedora systems have the same idmap settings. idmap uid = 300-400 idmap gid = 300-400 That means you're not setting an idmap backend, so this defaults to tdb on the 3.5 boxes. In turn, this means that all three systems are creating id mappings on an as-needed basis, creating uids and gids in the order of the users/groups that request ids. Unless you use some scheme that keeps the unixids in sync across the network, you'll always be seeing this. Possible solutions include using the rid backend to idmap, which will add the sid's RID part to the idmap base. If you only have users coming in from one domain, that should be fine for the 3.5 boxes. The Samba4 idmap implementation is less sophisticated and only knows about the tdb-like counting up unixids. Nothing much that can be done about this right now. We're currently investigating the most viable way to fix this. Cheers, Kai - -- Kai Blin Worldforge developer http://www.worldforge.org/ Wine developer http://wiki.winehq.org/KaiBlin Samba team member http://www.samba.org/samba/team/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkytXbgACgkQEKXX/bF2FpQ1YACdG4f1GRHoWzarY8W5Xw2TEh96 O00An1YSpVBmRzYCePySJHZr0xdw3ua8 =0Bmi -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 4 idmap problem
Seems that each system is making up it own id's. Both the centos and fedora systems have the same idmap settings. idmap uid = 300-400 idmap gid = 300-400 samba 3.5.5 winbind and nss on fedora 13 workstation uid=300(jonnt) gid=304(domain users) groups=304(domain users),305(domain admins),306(denied rodc password replication group),307(vpn),306(denied rodc password replication group),16777216(BUILTIN+administrators) samba 3.5.5 winbind and nss on centos 5.5 file server uid=300(jonnt) gid=300(domain users) groups=300(domain users),301(domain admins),302(denied rodc password replication group),303(vpn),302(denied rodc password replication group) samba 4 DC and file server with nss on centos 5.5 x86_64 uid=311(jonnt) gid=100(users) groups=100(users),309(Domain Admins),315(VPN) Jonn Taylor -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 upgrade_from_s3 problem
Unable to upgrade from samba 3 to samba 4 using upgrade_from_s3. CentOS 5.4 x86_64 samba Version 4.0.0alpha12-GIT-ef83c97 samba3-3.4.4-41.el5 from sernet [r...@bdc source4]# ./setup/upgrade_from_s3 --targetdir=/etc/samba4 /etc/samba /etc/samba/smb.conf Reading Samba3 databases and smb.conf Provisioning Traceback (most recent call last): File ./setup/upgrade_from_s3, line 84, in ? targetdir=opts.targetdir) File bin/python/samba/upgrade.py, line 415, in upgrade_provision serverrole=serverrole) File bin/python/samba/provision.py, line 1112, in provision domainsid = security.dom_sid(domainsid) TypeError: argument 1 must be string without null bytes, not str -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.4 ldap sambaLogonTime update
Is there a good way to update sambaLogonTime when a user logs on? Centos 5.4 Samab 3.4.5 from sernet PDC+LDAP -- Jonn Taylor -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
