[Samba] andoid access samba4 share
Hello, i installed the app ES Datei Explorer on my andoid phone 4.0.4. I can access the share, but i cannot open any files, i get the error invalid parameter. When i try to access a windows server or samba3, it works perfectly. I also tried some other apps named AndSMBm,... nothing can open files on a share... smbd.log: ... [2013/02/19 13:01:40.290922, 3, pid=26840] ../source3/smbd/error.c:82(error_packet_set) NT error packet at ../source3/smbd/reply.c(3943) cmd=46 (SMBreadX) NT_STATUS_INVALID_PARAMETER ... When i change the backend from s3fs to smb, it works! I use samba4.0.2. Whats the problem of the s3fs? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] GPOs don't work after update from Samba4.0 alpha 17 to 4.0.1
Do you used wmi filters for your gpos? Original-Nachricht Datum: Sun, 27 Jan 2013 13:25:22 +0100 Von: x-dimens...@gmx.net An: samba@lists.samba.org Betreff: [Samba] GPOs don\'t work after update from Samba4.0 alpha 17 to 4.0.1 Hi! I have updated our server from Samba 4 alpha 17 to Samba 4.0.1. Everything seems to work fine after some reconfiguration, but our GPOs are not working anymore. Samba 4 alpha 17 was using ntvfs and the root partition with the sysvol share was mounted with user_xattr only in /etc/fstab. Samba 4.0.1 is now set to use s3fs and the root partition is mouted with user_xattr,acl,barrier=1. After updating to the newer Samba release i run samba-tool ntacl sysvolreset like it was described in the release notes. Gpresult /H shows me that only the Default Domain Policy is loaded, but not all the policies in the OU. Gpupdate /force shows this error on a client: --- Die Richtlinie wird aktualisiert... Die Aktualisierung der Benutzerrichtlinie wurde erfolgreich abgeschlossen. Die Computerrichtlinie konnte nicht erfolgreich aktualisiert werden. Folgende Probleme sind aufgetreten: Fehler bei der Verarbeitung der Gruppenrichtlinie. Der WMI-Filter (Windows Management Instrumentation) für das Gruppenrichtlinienobjekt cn={97E400EB-EDFD-4024-A9D5-1BB8261ABE01},cn=policies,cn=system,DC=mynetwork,DC=lan konnte nicht ausgewertet werden. Dies kann darauf zurückzuführen sein, dass RSoP deaktiviert ist, oder dass der WMI-Dienst deaktiviert oder angehalten wurde, bzw. andere WMI-Fehler aufgetreten sind. Stellen Sie sicher, dass der WMI-Dienst gestartet ist und dass der Starttyp auf automatischen Start festgelegt ist. Neue Gruppenrichtlinienobjekte oder -einstellungen werden nicht verarbeitet, bis dieses Ereignis behoben wurde. --- Google Translate: The policy is updated ... Updating the user policy has been successfully completed.The computer policy could not be updated successfully. The following problems: Error processing of Group Policy. The WMI filter (Windows Management Instrumentation) for the GPO cn = {97E400EB-4024-A9D5-EDFD-1BB8261ABE01}, cn = policies, cn = System, DC = mynetwork, DC = lan could not be evaluated. This may be due to the fact that RSOP is disabled, or that the WMI service is disabled or stopped, or other WMI errors. Make sure that the WMI service is started and that the startup type is set to start automatically. New Group Policy objects or settings will not be processed until this event is resolved. --- How can i get my GPOs to work again? Thanks for help! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: Re: samba4 binddlz performance
Original-Nachricht Datum: Mon, 03 Dec 2012 15:40:31 +0100 Von: Thomas Manninger dbgtmas...@gmx.at An: m...@samba.org Betreff: Re: [Samba] samba4 binddlz performance Original-Nachricht Datum: Fri, 23 Nov 2012 14:32:31 -0800 Von: Matthieu Patou m...@samba.org An: samba@lists.samba.org Betreff: Re: [Samba] samba4 binddlz performance On 11/19/2012 07:11 AM, Thomas Manninger wrote: Hello, i am using samba4rc2. I have problems with the bind9 dlz module, i get very long response times from interal queries. root@s-srv01:~# dig s-srv04.test.local @192.168.0.4 ; DiG 9.8.0-P4 s-srv04.test.local @192.168.0.4 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 64478 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;s-srv04.test.local. IN A ;; ANSWER SECTION: s-srv04.test.local. 900 IN A 192.168.0.4 ;; AUTHORITY SECTION: test.local. 900 IN NS s-srv01.test.local. test.local. 900 IN NS s-srv04.test.local. ;; ADDITIONAL SECTION: s-srv01.test.local. 900 IN A 192.168.0.1 ;; Query time: 1239 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) ;; WHEN: Mon Nov 19 16:07:59 2012 ;; MSG SIZE rcvd: 108 .local is normally used for mdns (see. http://en.wikipedia.org/wiki/MDNS#Host_Discovery), can you try with another kind of tld (ie. use domain test.corp). external queries are a little bit faster: root@s-srv01:~# dig google.com @192.168.0.4 ; DiG 9.8.0-P4 google.com @192.168.0.4 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 56403 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 6 ;; QUESTION SECTION: ;google.com.IN A ;; ANSWER SECTION: google.com. 300 IN A 173.194.35.135 google.com. 300 IN A 173.194.35.136 google.com. 300 IN A 173.194.35.137 google.com. 300 IN A 173.194.35.142 google.com. 300 IN A 173.194.35.128 google.com. 300 IN A 173.194.35.129 google.com. 300 IN A 173.194.35.130 google.com. 300 IN A 173.194.35.131 google.com. 300 IN A 173.194.35.132 google.com. 300 IN A 173.194.35.133 google.com. 300 IN A 173.194.35.134 ;; AUTHORITY SECTION: . 45846 IN NS a.root-servers.net. . 45846 IN NS c.root-servers.net. . 45846 IN NS b.root-servers.net. . 45846 IN NS g.root-servers.net. . 45846 IN NS f.root-servers.net. . 45846 IN NS j.root-servers.net. . 45846 IN NS e.root-servers.net. . 45846 IN NS i.root-servers.net. . 45846 IN NS l.root-servers.net. . 45846 IN NS k.root-servers.net. . 45846 IN NS h.root-servers.net. . 45846 IN NS d.root-servers.net. . 45846 IN NS m.root-servers.net. ;; ADDITIONAL SECTION: a.root-servers.net. 45846 IN A 198.41.0.4 b.root-servers.net. 45846 IN A 192.228.79.201 c.root-servers.net. 45846 IN A 192.33.4.12 d.root-servers.net. 45846 IN A 128.8.10.90 e.root-servers.net. 45846 IN A 192.203.230.10 f.root-servers.net. 45846 IN A 192.5.5.241 ;; Query time: 281 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) ;; WHEN: Mon Nov 19 16:09:06 2012 ;; MSG SIZE rcvd: 511 When i change to the samba4 internal dns server, i get response time about ~1-2ms. But why is the bind dlz modul so slooow..? you can use kcachegrind to trace bind in foreground mode in order to see where the time is spent. Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba I started bind with: valgrind --tool=callgring /usr/sbin/named -c /etc/bind/named.conf -f So i get any answers, bind is very slow. Now, i have a callgrind file, but i dont can read this file... I only see, that ltdb_search_indexed needs incl. 96%.. can somebody helps me?? file is included as attachment. thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman
[Samba] Fwd: Re: samba4 binddlz performance
Original-Nachricht Datum: Fri, 23 Nov 2012 14:32:31 -0800 Von: Matthieu Patou m...@samba.org An: samba@lists.samba.org Betreff: Re: [Samba] samba4 binddlz performance On 11/19/2012 07:11 AM, Thomas Manninger wrote: Hello, i am using samba4rc2. I have problems with the bind9 dlz module, i get very long response times from interal queries. root@s-srv01:~# dig s-srv04.test.local @192.168.0.4 ; DiG 9.8.0-P4 s-srv04.test.local @192.168.0.4 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 64478 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;s-srv04.test.local. IN A ;; ANSWER SECTION: s-srv04.test.local. 900 IN A 192.168.0.4 ;; AUTHORITY SECTION: test.local. 900 IN NS s-srv01.test.local. test.local. 900 IN NS s-srv04.test.local. ;; ADDITIONAL SECTION: s-srv01.test.local. 900 IN A 192.168.0.1 ;; Query time: 1239 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) ;; WHEN: Mon Nov 19 16:07:59 2012 ;; MSG SIZE rcvd: 108 .local is normally used for mdns (see. http://en.wikipedia.org/wiki/MDNS#Host_Discovery), can you try with another kind of tld (ie. use domain test.corp). external queries are a little bit faster: root@s-srv01:~# dig google.com @192.168.0.4 ; DiG 9.8.0-P4 google.com @192.168.0.4 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 56403 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 6 ;; QUESTION SECTION: ;google.com.IN A ;; ANSWER SECTION: google.com. 300 IN A 173.194.35.135 google.com. 300 IN A 173.194.35.136 google.com. 300 IN A 173.194.35.137 google.com. 300 IN A 173.194.35.142 google.com. 300 IN A 173.194.35.128 google.com. 300 IN A 173.194.35.129 google.com. 300 IN A 173.194.35.130 google.com. 300 IN A 173.194.35.131 google.com. 300 IN A 173.194.35.132 google.com. 300 IN A 173.194.35.133 google.com. 300 IN A 173.194.35.134 ;; AUTHORITY SECTION: . 45846 IN NS a.root-servers.net. . 45846 IN NS c.root-servers.net. . 45846 IN NS b.root-servers.net. . 45846 IN NS g.root-servers.net. . 45846 IN NS f.root-servers.net. . 45846 IN NS j.root-servers.net. . 45846 IN NS e.root-servers.net. . 45846 IN NS i.root-servers.net. . 45846 IN NS l.root-servers.net. . 45846 IN NS k.root-servers.net. . 45846 IN NS h.root-servers.net. . 45846 IN NS d.root-servers.net. . 45846 IN NS m.root-servers.net. ;; ADDITIONAL SECTION: a.root-servers.net. 45846 IN A 198.41.0.4 b.root-servers.net. 45846 IN A 192.228.79.201 c.root-servers.net. 45846 IN A 192.33.4.12 d.root-servers.net. 45846 IN A 128.8.10.90 e.root-servers.net. 45846 IN A 192.203.230.10 f.root-servers.net. 45846 IN A 192.5.5.241 ;; Query time: 281 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) ;; WHEN: Mon Nov 19 16:09:06 2012 ;; MSG SIZE rcvd: 511 When i change to the samba4 internal dns server, i get response time about ~1-2ms. But why is the bind dlz modul so slooow..? you can use kcachegrind to trace bind in foreground mode in order to see where the time is spent. Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Startup time of bind is also very slow: Dec 3 20:10:06 srv named[20349]: samba_dlz: trying container 'CN=MicrosoftDNS,CN=System,DC=test,DC=intern' Dec 3 20:10:10 srv named[20349]: samba_dlz: configured writeable zone '110.168.192.in-addr.arpa' Dec 3 20:10:10 srv named[20349]: samba_dlz: trying container 'CN=MicrosoftDNS,CN=System,DC=test,DC=intern' Dec 3 20:10:14 srv named[20349]: samba_dlz: configured writeable zone '111.168.192.in-addr.arpa' Dec 3 20:10:14 srv named[20349]: samba_dlz: trying container 'CN=MicrosoftDNS,CN=System,DC=test,DC=intern' Dec 3 20:10:18 srv named[20349]: samba_dlz: configured
Re: [Samba] samba4 binddlz performance
I think, i am in the near of the solution of my problem. The search of a user is very fast (1sec): ldbsearch -H /var/lib/samba/private/sam.ldb cn=Administrator But the search of a record is very slow (~3sec): ldbsearch -H /var/lib/samba/private/sam.ldb -b DC=mb.intern,CN=MicrosoftDNS,CN=System,dc=mb,dc=intern dc=mbdom2 There are missing indexes in the ldb database?? Where can i can the index, or add some?? thanks! Original-Nachricht Datum: Fri, 23 Nov 2012 14:32:31 -0800 Von: Matthieu Patou m...@samba.org An: samba@lists.samba.org Betreff: Re: [Samba] samba4 binddlz performance On 11/19/2012 07:11 AM, Thomas Manninger wrote: Hello, i am using samba4rc2. I have problems with the bind9 dlz module, i get very long response times from interal queries. root@s-srv01:~# dig s-srv04.test.local @192.168.0.4 ; DiG 9.8.0-P4 s-srv04.test.local @192.168.0.4 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 64478 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;s-srv04.test.local. IN A ;; ANSWER SECTION: s-srv04.test.local. 900 IN A 192.168.0.4 ;; AUTHORITY SECTION: test.local. 900 IN NS s-srv01.test.local. test.local. 900 IN NS s-srv04.test.local. ;; ADDITIONAL SECTION: s-srv01.test.local. 900 IN A 192.168.0.1 ;; Query time: 1239 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) ;; WHEN: Mon Nov 19 16:07:59 2012 ;; MSG SIZE rcvd: 108 .local is normally used for mdns (see. http://en.wikipedia.org/wiki/MDNS#Host_Discovery), can you try with another kind of tld (ie. use domain test.corp). external queries are a little bit faster: root@s-srv01:~# dig google.com @192.168.0.4 ; DiG 9.8.0-P4 google.com @192.168.0.4 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 56403 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 6 ;; QUESTION SECTION: ;google.com.IN A ;; ANSWER SECTION: google.com. 300 IN A 173.194.35.135 google.com. 300 IN A 173.194.35.136 google.com. 300 IN A 173.194.35.137 google.com. 300 IN A 173.194.35.142 google.com. 300 IN A 173.194.35.128 google.com. 300 IN A 173.194.35.129 google.com. 300 IN A 173.194.35.130 google.com. 300 IN A 173.194.35.131 google.com. 300 IN A 173.194.35.132 google.com. 300 IN A 173.194.35.133 google.com. 300 IN A 173.194.35.134 ;; AUTHORITY SECTION: . 45846 IN NS a.root-servers.net. . 45846 IN NS c.root-servers.net. . 45846 IN NS b.root-servers.net. . 45846 IN NS g.root-servers.net. . 45846 IN NS f.root-servers.net. . 45846 IN NS j.root-servers.net. . 45846 IN NS e.root-servers.net. . 45846 IN NS i.root-servers.net. . 45846 IN NS l.root-servers.net. . 45846 IN NS k.root-servers.net. . 45846 IN NS h.root-servers.net. . 45846 IN NS d.root-servers.net. . 45846 IN NS m.root-servers.net. ;; ADDITIONAL SECTION: a.root-servers.net. 45846 IN A 198.41.0.4 b.root-servers.net. 45846 IN A 192.228.79.201 c.root-servers.net. 45846 IN A 192.33.4.12 d.root-servers.net. 45846 IN A 128.8.10.90 e.root-servers.net. 45846 IN A 192.203.230.10 f.root-servers.net. 45846 IN A 192.5.5.241 ;; Query time: 281 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) ;; WHEN: Mon Nov 19 16:09:06 2012 ;; MSG SIZE rcvd: 511 When i change to the samba4 internal dns server, i get response time about ~1-2ms. But why is the bind dlz modul so slooow..? you can use kcachegrind to trace bind in foreground mode in order to see where the time is spent. Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 binddlz performance
Hello, i am using samba4rc2. I have problems with the bind9 dlz module, i get very long response times from interal queries. root@s-srv01:~# dig s-srv04.test.local @192.168.0.4 ; DiG 9.8.0-P4 s-srv04.test.local @192.168.0.4 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 64478 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;s-srv04.test.local. IN A ;; ANSWER SECTION: s-srv04.test.local. 900 IN A 192.168.0.4 ;; AUTHORITY SECTION: test.local. 900 IN NS s-srv01.test.local. test.local. 900 IN NS s-srv04.test.local. ;; ADDITIONAL SECTION: s-srv01.test.local. 900 IN A 192.168.0.1 ;; Query time: 1239 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) ;; WHEN: Mon Nov 19 16:07:59 2012 ;; MSG SIZE rcvd: 108 external queries are a little bit faster: root@s-srv01:~# dig google.com @192.168.0.4 ; DiG 9.8.0-P4 google.com @192.168.0.4 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 56403 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 6 ;; QUESTION SECTION: ;google.com.IN A ;; ANSWER SECTION: google.com. 300 IN A 173.194.35.135 google.com. 300 IN A 173.194.35.136 google.com. 300 IN A 173.194.35.137 google.com. 300 IN A 173.194.35.142 google.com. 300 IN A 173.194.35.128 google.com. 300 IN A 173.194.35.129 google.com. 300 IN A 173.194.35.130 google.com. 300 IN A 173.194.35.131 google.com. 300 IN A 173.194.35.132 google.com. 300 IN A 173.194.35.133 google.com. 300 IN A 173.194.35.134 ;; AUTHORITY SECTION: . 45846 IN NS a.root-servers.net. . 45846 IN NS c.root-servers.net. . 45846 IN NS b.root-servers.net. . 45846 IN NS g.root-servers.net. . 45846 IN NS f.root-servers.net. . 45846 IN NS j.root-servers.net. . 45846 IN NS e.root-servers.net. . 45846 IN NS i.root-servers.net. . 45846 IN NS l.root-servers.net. . 45846 IN NS k.root-servers.net. . 45846 IN NS h.root-servers.net. . 45846 IN NS d.root-servers.net. . 45846 IN NS m.root-servers.net. ;; ADDITIONAL SECTION: a.root-servers.net. 45846 IN A 198.41.0.4 b.root-servers.net. 45846 IN A 192.228.79.201 c.root-servers.net. 45846 IN A 192.33.4.12 d.root-servers.net. 45846 IN A 128.8.10.90 e.root-servers.net. 45846 IN A 192.203.230.10 f.root-servers.net. 45846 IN A 192.5.5.241 ;; Query time: 281 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) ;; WHEN: Mon Nov 19 16:09:06 2012 ;; MSG SIZE rcvd: 511 When i change to the samba4 internal dns server, i get response time about ~1-2ms. But why is the bind dlz modul so slooow..? bind version is 9.8.0. What can i doo?? Regards, Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 binddlz performance
And my named.conf: options { tkey-gssapi-keytab /var/lib/samba/private/dns.keytab; allow-query { any; }; allow-transfer { any; }; listen-on-v6 { any; }; }; dlz samba4.zone { database dlopen /usr/lib/samba/bind9/dlz_bind9_9.so { /* * update-policy { * grant TEST.LOCAL ms-self * A ; * grant Administrator@TEST.LOCAL wildcard * A SRV CNAME; * grant s-srv01$@TEST.local wildcard * A SRV CNAME; * }; */ /* * the list of principals and what they can change is created * dynamically by Samba, based on the membership of the domain controllers * group. The provision just creates this file as an empty file. */ include /var/lib/samba/private/named.conf.update; /* we need to use check-names ignore so _msdcs A records can be created */ check-names ignore; }; ; }; syslog named startup: Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: configured writeable zone '32.168.192.in-addr.arpa' Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: trying container 'CN=MicrosoftDNS,CN=System,DC=test,DC=local' Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: configured writeable zone '0.168.192.in-addr.arpa' Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: trying container 'CN=MicrosoftDNS,CN=System,DC=test,DC=local' Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: configured writeable zone '2.168.192.in-addr.arpa' Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: trying container 'CN=MicrosoftDNS,CN=System,DC=test,DC=local' Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: configured writeable zone 'test.local' Nov 19 16:01:50 s-srv01 named[27310]: set up managed keys zone for view _default, file 'managed-keys.bind' Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 0.IN-ADDR.ARPA Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 127.IN-ADDR.ARPA Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 254.169.IN-ADDR.ARPA Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 113.0.203.IN-ADDR.ARPA Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: D.F.IP6.ARPA Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 8.E.F.IP6.ARPA Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 9.E.F.IP6.ARPA Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: A.E.F.IP6.ARPA Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: B.E.F.IP6.ARPA Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Nov 19 16:01:50 s-srv01 named[27310]: command channel listening on 127.0.0.1#953 Nov 19 16:01:50 s-srv01 named[27310]: command channel listening on ::1#953 Nov 19 16:01:50 s-srv01 named[27310]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Nov 19 16:01:50 s-srv01 named[27310]: managed-keys-zone ./IN: loaded serial 0 Nov 19 16:01:50 s-srv01 named[27310]: running Original-Nachricht Datum: Mon, 19 Nov 2012 16:11:30 +0100 Von: Thomas Manninger dbgtmas...@gmx.at An: samba@lists.samba.org Betreff: [Samba] samba4 binddlz performance Hello, i am using samba4rc2. I have problems with the bind9 dlz module, i get very long response times from interal queries. root@s-srv01:~# dig s-srv04.test.local @192.168.0.4 ; DiG 9.8.0-P4 s-srv04.test.local @192.168.0.4 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 64478 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;s-srv04.test.local. IN A ;; ANSWER SECTION: s-srv04.test.local. 900 IN A 192.168.0.4 ;; AUTHORITY SECTION: test.local. 900 IN NS s-srv01.test.local. test.local. 900 IN NS s-srv04.test.local. ;; ADDITIONAL SECTION: s-srv01.test.local. 900 IN A 192.168.0.1 ;; Query time: 1239 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) ;; WHEN: Mon Nov 19 16:07:59 2012 ;; MSG SIZE rcvd: 108 external queries are a little bit faster: root@s
[Samba] samba4 ad problems
Hello, i have a samba4 ad domain with 5 domain controllers. Since 2-3 weeks, i have problems with kerberos, log.samba: [2012/11/16 16:21:11, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:21:12, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:21:12, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:21:14, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:21:24, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:21:24, 0] ../source4/dsdb/repl/drepl_out_helpers.c:829(dreplsrv_update_refs_done) UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for 0854286a-4fd6-42a8-bc79-4487b61c7733._msdcs.test.local CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:21:44, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 3 objects (0 linked attributes) for DC=test,DC=local [2012/11/16 16:21:53, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for DC=test,DC=local [2012/11/16 16:21:53, 0] ../source4/dsdb/repl/drepl_out_helpers.c:829(dreplsrv_update_refs_done) UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for 0854286a-4fd6-42a8-bc79-4487b61c7733._msdcs.test.local DC=test,DC=local [2012/11/16 16:23:49, 2] ../source4/libcli/dgram/dgramsocket.c:92(dgm_socket_recv) No mailslot handler for 'ÃMAILSLOTÃLANMAN' [2012/11/16 16:25:06, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Configuration,DC=test,DC=local [2012/11/16 16:25:19, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Configuration,DC=test,DC=local [2012/11/16 16:25:19, 0] ../source4/dsdb/repl/drepl_out_helpers.c:829(dreplsrv_update_refs_done) UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for 0854286a-4fd6-42a8-bc79-4487b61c7733._msdcs.test.local CN=Configuration,DC=test,DC=local [2012/11/16 16:26:01, 0] ../source4/librpc/rpc/dcerpc_util.c:660(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:da93641c-ad62-4a93-bf2d-5eae845237ab._msdcs.test.local[1024,seal,krb5] NT_STATUS_INVALID_PARAMETER [2012/11/16 16:26:01, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:26:11, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:26:12, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:26:13, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:26:13, 0] ../source4/dsdb/repl/drepl_out_helpers.c:829(dreplsrv_update_refs_done) UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for 0854286a-4fd6-42a8-bc79-4487b61c7733._msdcs.test.local CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:26:14, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:26:49, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:26:50, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for DC=test,DC=local [2012/11/16 16:26:51, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:26:56, 1]