[Samba] Print queue show jobs when queried from windows, nothing in cups
We have a print server running RHEL 4, w/ samba-3.0.33-0.15.el4 When viewed from windows, one queue on the system has the remains of 264 print jobs - some dating back to April, but I can't find where the information is coming from. Apparently the jobs print fine, but then the information sticks in the queue information. Running lpq on the Samba system shows: # lpq -a no entries I dumped a few tdbs and upped my log level to 10, but I didn't see any logging from cups_queue_get. I thought Samba would go into that code to reload the queue information. Any hints on what to try next to clean up my queue? Thanks, - Bill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Print queue show jobs when queried from windows, nothing in cups
John H Terpstra - Samba Team j...@samba.org wrote on 09/25/2009 04:27:59 PM: On 09/25/2009 03:30 PM, William Marshall wrote: We have a print server running RHEL 4, w/ samba-3.0.33-0.15.el4 When viewed from windows, one queue on the system has the remains of 264 print jobs - some dating back to April, but I can't find where the information is coming from. Apparently the jobs print fine, but then the information sticks in the queue information. Suggest you check the CUPS printing directory (/var/spool/cups) for the presence of completed print job info. If these exist: a) Remove them all, then restart CUPS. b) Edit /etc/cups/cupsd.conf so it will delete completed print job info. Thanks John for the pointers. I'd looked into those parms earlier, but the time range on the jobs in the queue didn't match the time range of the files in /var/spool/cups, so I'd not updated PreserveJobHistory to No. But since it can't hurt, I just updated PreserveJobHistory to No, and rm'd the files (there were 500, just like I'd expect from MaxJobs 500). I still have junk in one of my queues, the other 162 seem fine. -Bill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Surprising/Unexpected result after deleting and re-adding a user on our Samba domain
I don't want to call this a security problem. Since it isn't a code exploit, but, many people might have this problem. The other day a user was removed from our SLES samba-3.0.28-0.6 domain due to inactivity, but he still needed his account, so I recreated it. I didn't try to restore the LDAP data, so he got a new SID, etc. I was amazed to find that once his userid was created, he was already (still) in the groups that he had been in before. It would be possible for you to delete a userid who is in Domain Admins, and then have someone else request that userid days or weeks later. That userid would probably be a member of the Domain Admins upon creation. After digging into what happened, as a Linux admin, this makes sense to me, but as a Windows admin, this blows me away. I had assumed that SIDs were used in most places, but with a LDAP backend, group membership is stored by name, not by SID. In the smb.conf we are not using the smbldap-tools tools anymore and we have set: ldapsam:editposix = yes passdb backend = ldapsam:ldap://127.0.0.1; A solution to this problem might be for Samba to remove a user from all the groups before the account it deleted. (I will probably code this into our account cleanup scripts) This also means renaming an ID would be more involved than I (given a windows background) had assumed. We don't do it, but I had assumed that an account rename from usermanager would work. thanks, Bill Marshall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Changes to the gecos field returned by winbind
This is a trivial request -- and not a bug, but it could really make my life easier. I don't know if other Samba users would find this useful or not. I'm using winbind to give Windows (samba domain) users access to Linux systems, and we need to audit, generate reports, etc. on who has access, etc. We're also using winbind groups in /etc/sudoers, so that gets audited too. Right now, winbind creates an passwd entry like the following, using the fullname field from the domain controller. getent passwd wrm3 wrm3:*:1868:1000:Marshall, Bill:/home/DOMAIN/wrm3:/bin/bash It would be useful to me (as a corporate user/admin) if samba instead used the comment field to produce: wrm3:*:1868:1000:123456,897,Bill Marshall:/home/DOMAIN/wrm3:/bin/bash Where 123456 is a employee number, so that from Linux you can validate who an employee is, get their email address, etc. against another database. Personally, I can easily do an LDAP search for the IDs, but we have other corporate tools that don't understand, nor want to understand how to find my LDAP server. I know Samba doesn't need any more smb.conf options, but that would be one way for the gecos output to be selected by the admin. Thanks! Bill Marshall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] time sensitive error the specified network name is no longer available.
I have a user w/ puzzling error. We have not been able to get a tcpdump or significant samba log, but I'm posting to see if anyone else has seen this. I did find some older posts that point to possible client issues. We're running samba 3.0.25b on RHEL4. The user reports: I am getting an error whenever I want to make a copy of a MS Excel file on my shared network drive: (From windows explorer) I was trying to create a copy, and when I do the paste I get the error. Cannot copy _filename_: The specified network name is no longer available. And then the file that is created is corrupt. The original file is about 240K. Now for the timing part. If she executes the copy command, and waits (count 1,2,3,4 seconds) then it seems like it works. Thanks, Bill Marshall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba Digest, Vol 45, Issue 18
David Bear [EMAIL PROTECTED] wrote : I have read through some of the info on using dfs roots and I am needing some advice. Since a unc is still \\servername\ based it occurs to me that the only way to do this properly is to create a smb.conf file that publishes a netbios name like \\dfsroot -- Then, to create a failover system, I would take that config file and copy it around to multiple samba server. Then, have some kind of watch or heartbeat like monitor (that would only monitor where the name and services called \\dfsroot was still alive and responding) that would wait untill \\dfsroot no longer responded (where ever it was). Then, if \\dfsroot failed to respond, it new \\dfsroot smbserver would be launched to take over. Conceptually, the smb service that is known as \\dfsroot really is just a 'share directory service'. It doesn't have to have any other shares that it serves. It could be guest readable. You got it! If you have significant users mapping through \\dfsroot, you want a high availiabilty setup. We have \\dfs1 \\dfs2 that are frontended with a old network load balancer. We're about to move to sles 10 w/ Linux Virtual Server and Linux HA. The name we tell the users - \\dfs is registered in WINS DNS to point to the IP of the load balancer. Our code that creates the dfs symlinks makes the links on dfs1 dfs2 -- you could also rsync regularly, etc. Very infrequently we have a problem with the 2 systems linking to different places. If you want to use a something closer to your model you can use smbclient to probe \\dfsroot and then startup your backup system on a failure. If I remember right you could have \\dfsroot guest readable -- however I think users would not get a bad password error on the net use and get confused. They would be into the dfs server as guest, but then fail to map to the final server if they used a bad password. Hopefully your users are signed on to the desktops w/ domain userids. We've found that net use \\dfs\home\userid /user:different doesn't work well because winxp will connect to \\dfs as different but then goes back to the default (logged on) userid on the dfs redirect. Bill Marshall Integrated Technology Delivery, Server Operations Rochester PC Server Team Rochester, MN -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Redundant DFS via DNS entries
William Burns wrote on 06/24/2005 07:04:14 AM: ... A single DFS server would be a single point of failure. I need redundant DFS. ... How can I make the redundant DFS system work? Or... What other methods could be used to give me SAMBA based redundant DFS services? I'm really slow to respond her, but I didn't see any other responses. We use IBM e-network dispatcher (which probably has been renamed into a websphere product) which is a network load-balancer designed to put in front of a web server to balance requests. Similar solutions can be built using the instructions at http://www.ultramonkey.org/ to build either an high-availabilty setup (easier) or a load balancing setup (prob not needed for dfs). Other resources include http://www.linux-ha.org/ A couple articles in this issues of Linux Magazine http://www.linux-mag.com/2003-11/availability_01.html provide good introductions. The software has changed some since then, so you need to map their configs to the current ones. jht - maybe this is something that could go in the how-to guide. I think Samba's DFS implementation is great, but w/out HA, you don't want to build a lot on of critical dependencies on it. Bill Marshall IBM Global Services Unix Intel Servers Rochester PC Server Team -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] what are *.tdb files?
[EMAIL PROTECTED] wrote: Adam Williams wrote: | In /varcache/samba/ I have several .tdb files. | Like brlock.tdb, locking.tdb, ntdrivers.tdb, etc. | Excusing my ignorance, what are these files, and | what do they do? And why must they be copied when | migrating from one samba server to a new one? Samba uses a lightweight database called Trivial Database (tdb). Here's the list (john, we should really document this somewhere). snip -- excellent list removed and saved away winbindd_idmap.tdb*winbindd's local idmap db The following tdb's should be backed up IMO: nt*.tdb account_policy.tdb group_mapping.tdb share_info.tdb If you're running with winbind and using local tdbs rather than LDAP, I'd vote to add the winbindd_idmap.tdb to the list of things to backup. In fact I tdbbackup this file once an hour into a winbindd_idmap.tdb.HH file. (where HH is 0-23) We've had a few of these files get corrupt and then you end up no owners groups on all/some of your files. It is a real mess. Bill Marshall IBM Global Services Unix Intel Servers Rochester PC Server Team -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems w/ MultipleUsersOnConnection registry entry for Windows 2000 Terminal servers
I'm sending this as an FYI since we don't have all the details worked out and this isn't a Samba problem. We have seen problems (on the one system we tried it on) with MultipleUsersOnConnection registry entry for Windows 2000 Terminal servers that was mentioned in http://lists.samba.org/archive/samba/2004-April/084427.html It may only happen with users who map through Microsoft DFS paths. A year+ ago we had a problem where some users (generally tied to the same RDP/ICA session into a terminal server) would not get this homedir profile drives at logon time. It appeared as if the network connection was half way stuck in the registry or such from the previous user. We eventually got a fix for this, but MS may have regressed something. Once we removed this patch the problem went away. Bill Marshall IBM Global Services SDC North Rochester Server Support, PC Server Team Dept. 77NA, Building 020-3, Rochester, MN -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
extended ACL problems for default group w/ 2.2.7a 2.2.8
We're having problems on Samba 2.2.7a and 2.2.8, IBM JFS 1.1.1, Linux version 2.4.20, bestbits ACLs, etc. The problem is seen with Windows 2000 and Windows XP clients. I get different permissions for the default group on new files directories depending on if the directory tree is xcopied or is moved via drag drop in the GUI. According to level 10 samba logs and ethereal traces the difference that causes this problem is that the xcopy triggers serveral transaction2 SET_FILE_INFORMATION level 1004 calls. Samba does a chmod on the file or directory while processing this call. Nothing in this call looks to me like it should be changing the permissions. I tried the same test against a Windows 2000 server and found the resulting permissions are the same for both trees regardless of the copy method. Items from smb.conf [acl-test] comment = Temp Space to test ACL path = /home/group/new inherit acls = yes nt acl support = yes We don't have any mention of mask, mode, etc. in the smb.conf Comparison of the ACLs: [EMAIL PROTECTED] d1]# getfacl smtest # file: smtest # owner: bmarsh # group: bmarsh user::rwx group::--- group:admin:rwx mask::rwx other::--- default:user::rwx default:group::--- default:group:admin:rwx default:mask::rwx default:other::--- [EMAIL PROTECTED] d1]# getfacl smtestx # file: smtestx # owner: bmarsh # group: bmarsh user::rwx group::rwx group:admin:rwx mask::rwx other::--x default:user::rwx default:group::--- default:group:admin:rwx default:mask::rwx default:other::--- ACL on the parent directory of smtest smtestx: [EMAIL PROTECTED] new]# getfacl d1 # file: d1 # owner: bmarsh # group: bmarsh user::rwx group::--- group:admin:rwx mask::rwx other::--- default:user::rwx default:group::--- default:group:admin:rwx default:mask::rwx default:other::--- How the directories were created: Y:\xcopy smtest y:\d1\smtestx /s /e (I use the new dir smtestX for xcopy) Does Y:\d1\smtestx specify a file name or directory name on the target (F = file, D = directory)? d smtest\t1.txt 1 File(s) copied Then I drag and drop the same directory onto the same server to get smtest Thanks, Bill Marshall