Re: [Samba] Cisco ISE unable to retrieve AD group list from samba 4 server
Am 02.10.2013 21:53, schrieb Jeremy Allison: > On Wed, Oct 02, 2013 at 11:38:21AM +0200, Andreas Oster wrote: >> Hi all, >> >> I have run into a problem with our samba4 setup. I have successfully >> joined a Cisco ISE v1.1.4 (Identity Service Engine) test machine to the >> samba4 AD. User authentication does work but unfortunately the ISE is >> unable to fetch the AD groups from the domain controller. In the samba >> logs I get the following error message when initiating the group fetch: >> >> [2013/10/02 10:21:37.605554, 0] >> ../source4/cldap_server/cldap_server.c:54(cldapd_request_handler) >> Invalid CLDAP request type 16 from ipv4:10.250.12.218:51136 > > LDAP request type 16 == LDAP_TAG_AbandonRequest > which we don't handle in the cldap request handler. > > That's why you're getting the error. > > Jeremy. > Hello Jeremy, thank you very much for your fast response. Any chance that this request type will be added ? Thanks Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cisco ISE unable to retrieve AD group list from samba 4 server
Hi all, I have run into a problem with our samba4 setup. I have successfully joined a Cisco ISE v1.1.4 (Identity Service Engine) test machine to the samba4 AD. User authentication does work but unfortunately the ISE is unable to fetch the AD groups from the domain controller. In the samba logs I get the following error message when initiating the group fetch: [2013/10/02 10:21:37.605554, 0] ../source4/cldap_server/cldap_server.c:54(cldapd_request_handler) Invalid CLDAP request type 16 from ipv4:10.250.12.218:51136 Has anybody had a similar problem and found a solution for it ? Thank you for your kind help best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (D)DNS Updates with GNU/Linux clients in a samba 4 AD environment (BIND_DLZ)
Am 09.04.2013 10:09, schrieb Olivier BILHAUT: > Hi ! > > I bounce on the Mr Sloop's post ([Samba] DDNS / DHCPd && Internal DNS or > BIND_DLZ) to ask what's the easiest way to allow Linux clients to update > themself their DNS record in the Samba4 AD server (with BIND_DLZ Dns > server). > > It works well with windows clients, but with Linux clients joined to the > domain, with a valid Kerberos ticket, the client receive a error > "ERROR_DNS_INVALID_MESSAGE" and the famous "DNS update failed!" message. > > Is there a hack ? Thanks in advance. > -- > Olivier > > > Le 08/04/2013 20:00, samba-requ...@lists.samba.org a écrit : >> Summary: If your clients are Windows clients, just leave things as >> is... they will handle updating DNS records in EITHER the internal DNS or >> BIND_DLZ server without any special hacks or scripts to handle it. >> >> If you have a large mix of clients and need the non-windows clients to >> update DNS via DHCPD, then using the script found in the following >> link might be useful. >> >> http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ >> > Hi Oliver, I am using the modified by Charles Tryon which you find here: http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ To prevent those DNS update failures I have split my IP range into several smaller pieces and made sure that Windows machines, which do their own DNS updates, get IPs from a different IP range than other machines (Linux, Android, IP-Phones ...). I also changed the script a little to prevent ddns updates by the DHCP daemon for the Windows PCs. In our case this is not a problem as our Windows PCs have distinct names and I could easily create classes in dhcpd.conf using those names. best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re-replicate LDAP
Am 15.10.2012 08:41, schrieb Kristofer: > > > On Oct 15, 2012, at 12:56 AM, Andreas Oster wrote: > >> I guess you can achieve the same with: >> >> samba-tool domain demote -Uadministrator >> >> afterwards you can join the DC again. > > That has been unsuccessful to me also. > > I receiver errors: > > Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for > e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:BLADS1.ad.domain.com[1024,seal] > NT_STATUS_IO_TIMEOUT > ERROR(): uncaught exception - > drsException: DRS connection to BLADS1.ad.domain.com failed: (-1073741643, > 'NT_STATUS_IO_TIMEOUT') > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line > 168, in _run > return self.run(*args, **kwargs) > File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", > line 631, in run > (drsuapiBind, drsuapi_handle, supportedExtensions) = > drsuapi_connect(server, lp, creds) > File "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", > line 54, in drsuapi_connect > raise drsException("DRS connection to %s failed: %s" % (server, e)) > root@rcads1:/usr/local/samba/bin# > > > Hello Kristofer, samba4 service needs to be running to demote. When samba is started what does samba-tool drs showrepl say ? best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re-replicate LDAP
Am 15.10.2012 01:50, schrieb Kristofer: > I currently have 10 domain controllers (all Samba 4rc1), and I would like to > "reset" one of them. > > I would like to completely clear out their LDAP database, and force it to get > a fresh copy replicated from one of the other 9 DC's out there. > > What would be the proper way of doing this with Samba 4? I know in Windows, > you can demote a DC, and then promote it, and it will recover any data, but > am unsure of how to replicate that procedure with S4. > Hello Kristofer, I guess you can achieve the same with: samba-tool domain demote -Uadministrator afterwards you can join the DC again. best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need help with share permissions
Am 05.10.2012 21:11, schrieb Jeremy Allison: > Hmmm. The : > > force directory mode = 0770 > directory mask = 0770 > > setting should do the trick. Are you also storing > the DOS attributes in EA's ? You probably also > need that to prevent UNIX permission modification. > > Try adding: > >store dos attributes = yes >map readonly = no >map system = no >map hidden = no >map archive = no > > and re-test creating a new directory. > > Jeremy. > -- To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba Hello Jeremy, thank you for your reply. Unfortunately these settings did not help. Directories still will have 0750 permission and now this does not change to 0770 when doing a renaming. Files will now be created with 0640 instead of 0660. Here the output of testparm : [global] workgroup = MYDOM realm = MYDOM.DE server string = %h server (Samba, Ubuntu) security = ADS map to guest = Bad User obey pam restrictions = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 max protocol = SMB2 printcap name = cups dns proxy = No wins support = Yes panic action = /usr/share/samba/panic-action %d template homedir = /shares/homes/%U template shell = /bin/sh winbind cache time = 10 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes winbind offline logon = Yes idmap config *:range = 1-2 idmap config MYDOM:range = 1-2 idmap config MYDOM:backend = rid idmap config * : backend = tdb use client driver = Yes map archive = No map readonly = no store dos attributes = Yes [homes] comment = Home Directories valid users = %S write list = %S, "+MYDOM\Domain Admins" force group = "MYDOM\Domain Users" create mask = 0770 directory mask = 0770 browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes print ok = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers [Pictures] comment = Pictures auf TICKSMB3 path = /shares/pictures valid users = +MYDOM\Pictures, "+MYDOM\Domain Admins" force group = "MYDOM\Pictures" read only = No create mask = 0660 force create mode = 0660 directory mask = 0770 force directory mode = 0770 Thank you for your kind help. best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Need help with share permissions
Hello all, I am struggling to get share permissions to work properly. I am currently using samba 3.6.3 with AD integration. I want to force the following permissions: - created/renamed/copied directories: 0770 - created/renamed/copied files: 0660 - file permissions should not be editable by Windows users. I have tried a lot of different combinations of parameters but failed to get the desired permissions. Most of the time I end up with 0660 for newly created files and 0750 for newly created directories. When I rename a just created directory permission changes to 0770. At the moment I have this in my test share: force group = "MYDOM\test" force create mode = 0660 create mask = 0660 force directory mode = 0770 directory mask = 0770 Thank you for your kind help best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.6.3 server - windows printer driver dialog opening delays
Hi all, since upgrading Samba from a 3.5.X to 3.6.X I am facing some problems with shared printers. Opening a printer driver dialog, to change some settings for a printer from a Win XP machine, takes very long. This is the case for all shared printers. I am using Ubuntu Precise (12.04) In the logs sometimes these error messages appear: [2012/08/15 08:17:49.862966, 0] rpc_server/spoolss/srv_spoolss_nt.c:1748(_spoolss_OpenPrinterEx) _spoolss_OpenPrinterEx: Cannot open a printer handle for printer \\NOVALX09 [2012/08/15 08:23:24.888305, 0] libads/kerberos.c:941(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: rename of /var/run/samba/smb_tmp_krb5.Hdb7um to /var/run/samba/smb_krb5/k rb5.conf.NOVA failed. Errno Permission denied NOVALX09 is actually not a printer but the server hosting the print queues. Printing itself does work without any problems. here the relevant stuff from my smb.conf: [global] load printers = yes printing = cups printcap name = cups [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes print ok = Yes guest ok = yes [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no write list = +"NOVA\Domain-Admins" Does anybody know what could be the cause of this, and how to resolve it ? Thank you for your kind help. best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Issues with migrated SYSVOL GPOs
Hello all, some time ago I've posted on samba.internals but did get no answer to my question. I hope that someone on this list can give me some help. I have migrated a Win2k AD to samba4 and copied SYSVOL as decribed in this post: https://lists.samba.org/archive/samba-technical/2011-October/080026.html Now I have the problem that only the builtin Administrator can sucessfull modify/add GPOs. Users which are assigned to the "domain admin" group can open/view GPOs but when trying to change anything an error message pops up stating that the user is not allowed to do it. Unfortunately the GPO does not work anymore afterwards and needs to be rebuild by the administrator. Any idea what could be the cause of this behavior and how can it be resolved ? Thank you for your kind help. Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to allow ISC dhcpd to add/update entries to bind9 with bind_dlz (samba4)
Am 19.03.2012 01:31, schrieb Amitay Isaacs: > Hi Andreas, > > On Sun, Mar 18, 2012 at 7:06 AM, Matthieu Patou wrote: >> On 03/17/2012 10:00 AM, Andreas Oster wrote: >>> >>> Hello all, >>> >>> I have set up a samba4 server with bind9 and the bind_dlz module. >>> Everything is working as it should but now I need to allow the dhcp >>> server to add entries to the forwarding zone. Has anybody implemented >>> such a configuration ? Can this be done with the kerberos DNS dynamic >>> update configuration. >> >> I had it working with flat file backend. >> I think that the way dhcp and bind do their DDNS is different form the way >> windows do it's DDNS, as far as I know dlz_plugin only support the later one >> so far. >> >>> I want to achieve the following: >>> >>> 1) allow non-Windows machines (printers, ILO ...) to be added by dhcpd > > You need to configure secure updates from dhcpd as dlz_bind9 plugin > only supports secure dynamic updates. Following link might help to set > up secure dynamic updates from dhcpd. > > http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ > >>> 2) allow Windows machines (joined to AD) to update their own entries >>> >>> 2 - already works with the configuration from samba wiki > > This should work automatically with the current master. But remember > that if you update a DNS entry for windows machine through DHCP, then > the windows machine itself may not be able to update its own entry > because of the ACLs. > > Amitay. Hello Amitay, with your great work on the samba_upgradedns script I was able to move my flatfile bind9 config to the DLZ backend, but realized afterwards that I was no longer able to add DNS entries via dhcpd. Luckily I have found Charles Tryon's script on the web and managed to setup secure dynamic updates from dhcpd to bind9. To circumvent the problem with windows machines being unable to update their own records, I have modified the script to exclude those machines from being added to the DNS database by dhcpd. This was easy, because in our setup Windows machines are all named the same way DOMAIN+WS+NUMBER. Thanks best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to allow ISC dhcpd to add/update entries to bind9 with bind_dlz (samba4)
Am 20.03.2012 19:20, schrieb Charles Tryon: > Hi Andreas, > > Yes, I did a lot of work trying to get that script working (along with a > bunch of other people on that discussion thread). I have it mostly > functional, but have largely backed away from that approach, since it runs > against what appears to be the more accepted policy of letting the machines > (in particular, the Windows machines) do their own secure update of the DNS > records. The unfortunate part is that the Linux clients don't seem to have > a way to do this by default. I have no idea how the Mac machines handle > their DNS once they get a DHCP response. Servers, which mostly use static > IP assignments, are a moot point, since I can just manually create the DNS > records and be done with it. > > The issue is the fact that DNS remembers "who" created (owns) the DNS > record, and based on that ownership, who it will allow to change it. If it > is created by some dhcpd initiated transaction, then the Windows client > itself is not allowed to update the record in the future. > > My feeling at this point is to try to follow the Windows Way for the time > being (since that's the bulk of the machines on the network), and handle > the few Linux clients (oddballs like myself) as special cases. We also use > DHCP reservations based on the machine's MAC address, so largely it's a > non-issue. (Or, at least I've got bigger fish to fry first before I go > back and make sure the DHCP/DLZ behavior is tidy.) > > > > On Sun, Mar 18, 2012 at 3:38 AM, Andreas Oster wrote: > >> Am 17.03.2012 21:06, schrieb Matthieu Patou: >>> On 03/17/2012 10:00 AM, Andreas Oster wrote: >>>> Hello all, >>>> >>>> I have set up a samba4 server with bind9 and the bind_dlz module. >>>> Everything is working as it should but now I need to allow the dhcp >>>> server to add entries to the forwarding zone. Has anybody implemented >>>> such a configuration ? Can this be done with the kerberos DNS dynamic >>>> update configuration. >>> I had it working with flat file backend. >>> I think that the way dhcp and bind do their DDNS is different form the >>> way windows do it's DDNS, as far as I know dlz_plugin only support the >>> later one so far. >>> >>>> I want to achieve the following: >>>> >>>> 1) allow non-Windows machines (printers, ILO ...) to be added by dhcpd >>>> 2) allow Windows machines (joined to AD) to update their own entries >>>> >>>> 2 - already works with the configuration from samba wiki >>>> >>> I put our DNS experts in direct copy maybe then can advise you better >>> than I. >>> >> Hello Mattieu, >> >> thank you for you answer. I searched the web allot, but the >> only useful stuff I found was a script by Michael Kuron which >> has been slightly modified by Charles Tryon but I have no >> clue how to integrate this with bind9 dlz, see: >> >> >> http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ >> >> It would be great if someone could help me with the DDNS setup. >> >> best regards >> >> Andreas >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > > Hello Charles, first I would like to thank you for this great script. For our small network,50 or so clients, I modified your script just a little. I have added an additional name comparison to check if the name contains a special string ( in our case all Windows workstations are named like DOMAINNAME+WS+Number) and if it does just exit the script. This way I do not get the ownership issue. All other machines either do have static IPs or are not members in the AD. Thanks best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to allow ISC dhcpd to add/update entries to bind9 with bind_dlz (samba4)
Am 17.03.2012 18:00, schrieb Andreas Oster: > Hello all, > > I have set up a samba4 server with bind9 and the bind_dlz module. > Everything is working as it should but now I need to allow the dhcp > server to add entries to the forwarding zone. Has anybody implemented > such a configuration ? Can this be done with the kerberos DNS dynamic > update configuration. > > I want to achieve the following: > > 1) allow non-Windows machines (printers, ILO ...) to be added by dhcpd > 2) allow Windows machines (joined to AD) to update their own entries > > 2 - already works with the configuration from samba wiki > > Thank you for your kind help > > best regards > > Andreas > Hi all, finally I got it up and running. I am using the script by Charles Tryon http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to allow ISC dhcpd to add/update entries to bind9 with bind_dlz (samba4)
Am 18.03.2012 16:19, schrieb steve: > On 17/03/12 18:00, Andreas Oster wrote: >> I want to achieve the following: >> >> 1) allow non-Windows machines (printers, ILO ...) to be added by dhcpd >> 2) allow Windows machines (joined to AD) to update their own entries >> >> 2 - already works with the configuration from samba wiki >> >> Thank you for your kind help >> >> best regards >> >> Andreas >> > Hi > I'm not sure if his is what you mean but we have a lan of windows and > linux clients under s4. Both win and Linux clients get their IP via > dhcp. You can see the Kerberos dialogue reveal the IP when the box first > connects. It is a different IP after each boot. So, if Linux counts as > non windows, then yes, it works. We did nothing apart from adding the > dlz stuff to bind. > Cheers, > Steve > Hi all, does nobody have the same requirements regarding the dynamic DNS updates ? I know this setup would somehow circumvent the security efforts behind the kerberos stuff, but I personally prefer to have security at L2, with for example 802.1X, and allow the DHCP srver to update name records in the DNS database. kind regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to allow ISC dhcpd to add/update entries to bind9 with bind_dlz (samba4)
Am 18.03.2012 16:19, schrieb steve: > On 17/03/12 18:00, Andreas Oster wrote: >> I want to achieve the following: >> >> 1) allow non-Windows machines (printers, ILO ...) to be added by dhcpd >> 2) allow Windows machines (joined to AD) to update their own entries >> >> 2 - already works with the configuration from samba wiki >> >> Thank you for your kind help >> >> best regards >> >> Andreas >> > Hi > I'm not sure if his is what you mean but we have a lan of windows and > linux clients under s4. Both win and Linux clients get their IP via > dhcp. You can see the Kerberos dialogue reveal the IP when the box first > connects. It is a different IP after each boot. So, if Linux counts as > non windows, then yes, it works. We did nothing apart from adding the > dlz stuff to bind. > Cheers, > Steve > Hello Steve, maybe I did not understand the concept behind this secure dynamic DNS stuff between samba4 adn bind9 with bind_dlz module. I thought that the following bind9 config ( from samba4 howto) only allows principal dns-"sambaserver" to add/remove/modify DNS entries options { [...] tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; [...] }; Also, from reading some postings, I got the impression that members of the domain (windows workstations, member servers) should be able to update their DNS entries. But what about network clients that get their IP via DHCP and which have no machine entry in the AD ? How can their names be added to the bind9 database dynamically ? How can I enable the dhcp daemon on another linux server to update the entries for these network clients ? Thank you for your kind help best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to allow ISC dhcpd to add/update entries to bind9 with bind_dlz (samba4)
Am 17.03.2012 21:06, schrieb Matthieu Patou: > On 03/17/2012 10:00 AM, Andreas Oster wrote: >> Hello all, >> >> I have set up a samba4 server with bind9 and the bind_dlz module. >> Everything is working as it should but now I need to allow the dhcp >> server to add entries to the forwarding zone. Has anybody implemented >> such a configuration ? Can this be done with the kerberos DNS dynamic >> update configuration. > I had it working with flat file backend. > I think that the way dhcp and bind do their DDNS is different form the > way windows do it's DDNS, as far as I know dlz_plugin only support the > later one so far. > >> I want to achieve the following: >> >> 1) allow non-Windows machines (printers, ILO ...) to be added by dhcpd >> 2) allow Windows machines (joined to AD) to update their own entries >> >> 2 - already works with the configuration from samba wiki >> > I put our DNS experts in direct copy maybe then can advise you better > than I. > Hello Mattieu, thank you for you answer. I searched the web allot, but the only useful stuff I found was a script by Michael Kuron which has been slightly modified by Charles Tryon but I have no clue how to integrate this with bind9 dlz, see: http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ It would be great if someone could help me with the DDNS setup. best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] how to allow ISC dhcpd to add/update entries to bind9 with bind_dlz (samba4)
Hello all, I have set up a samba4 server with bind9 and the bind_dlz module. Everything is working as it should but now I need to allow the dhcp server to add entries to the forwarding zone. Has anybody implemented such a configuration ? Can this be done with the kerberos DNS dynamic update configuration. I want to achieve the following: 1) allow non-Windows machines (printers, ILO ...) to be added by dhcpd 2) allow Windows machines (joined to AD) to update their own entries 2 - already works with the configuration from samba wiki Thank you for your kind help best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Question regarding creation of dns.keytab for joined Samba4 server
Andreas Oster novanetwork.de> writes: > > Hello all, > > I have migrated an old Win2k Active Directory to a Samba4 only > domain. Because the provision step has not been used I now do > not have the dns.keytab file for secure dynamic DNS updates > with bind9. I have found a useful link here: > > http://us.generation-nt.com/answer/ samba-dns-keytab-samba4-bind9-help- 203936221.html > > but I am not sure if this is the right way to manually create > the missing AD entries and dns.keytab file. > > One thing I am worried about is, that I do have two samba servers. > How does the ldif file need to look like to allow both servers to > update DNS entries ? > > dn: CN=dns- smbserver,CN=Users,DC=example,DC=co m > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > description: DNS Service Account for smbserver > userAccountControl: 512 > accountExpires: 9223372036854775807 > sAMAccountName: dns-smbserver > servicePrincipalName: DNS/ smbserver1.example.com > servicePrincipalName: DNS/ smbserver2.example.com > servicePrincipalName: DNS/ example.com > clearTextPassword:: base64encodedpassword > > What should the named.conf entry look like ? > > tkey-gssapi-credential "DNS/ smbserver1.example.com"; > tkey-domain "EXAMPLE.COM"; > > but what about smbserver2 ? > > Thank you for your kind help > > best regards > > Andreas > Hello all, I have found some information in a previous post by Andrew Bartlett. There he pointed out, that only one samba server can send DNS updates to bind9. But what happens if the first server is not functional ? best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Question regarding creation of dns.keytab for joined Samba4 server
Hello all, I have migrated an old Win2k Active Directory to a Samba4 only domain. Because the provision step has not been used I now do not have the dns.keytab file for secure dynamic DNS updates with bind9. I have found a useful link here: http://us.generation-nt.com/answer/samba-dns-keytab-samba4-bind9-help-203936221.html but I am not sure if this is the right way to manually create the missing AD entries and dns.keytab file. One thing I am worried about is, that I do have two samba servers. How does the ldif file need to look like to allow both servers to update DNS entries ? dn: CN=dns-smbserver,CN=Users,DC=example,DC=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user description: DNS Service Account for smbserver userAccountControl: 512 accountExpires: 9223372036854775807 sAMAccountName: dns-smbserver servicePrincipalName: DNS/smbserver1.example.com servicePrincipalName: DNS/smbserver2.example.com servicePrincipalName: DNS/example.com clearTextPassword:: base64encodedpassword What should the named.conf entry look like ? tkey-gssapi-credential "DNS/smbserver1.example.com"; tkey-domain "EXAMPLE.COM"; but what about smbserver2 ? Thank you for your kind help best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] got stuck with replacing win2k DC with samba4 DC
Hello Michael, thank you for your reply. I will see what I can do with the ldbedit tool. kind regards Andreas Am 02.11.2011 08:29, schrieb Michael Wood: On 1 November 2011 16:52, Andreas Oster wrote: [...] Maybe someone on this list can help me with removing the Windows 2008 R2 server entries from the now samba4 only AD. I don't know the answer to your question, but maybe you could take a backup and then poke around with: # ldbedit -H /usr/local/samba/private/sam.ldb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] got stuck with replacing win2k DC with samba4 DC
Hello Michael, please excuse me for posting to the wrong list. Maybe someone on this list can help me with removing the Windows 2008 R2 server entries from the now samba4 only AD. Thanks kind regards Andreas Am 01.11.2011 15:28, schrieb Michael Wood: Hi As per the Samba4 HOWTO, try asking on the samba-technical list. (I've copied my reply there.) On 1 November 2011 15:03, Andreas Oster wrote: Hello all, active directory is working now, seems there was an issue with DNS entries. Now i have another question. I had to force demote of the win 2008 R2 server and was not able to do "metadata cleanup" with the ntdsutil to remove the remains of the windows server afterwards, the new samba4 DC simply did not allow me to do that. Is there a way to do something similar with the samba provided tools (samba-tool for example) ? thank you regards Andreas Am 01.11.2011 11:06, schrieb Andreas Oster: Hello all, I have tried several times to replace an old Windows 2000 domain controller with a samba4 dc but failed to do so. here is what I did/tried: - copied the old DC and DNS (bind9) to a vmware machine - fixed some replication issues I had with the old 2k DC ( once had two DCs and one died and had to seize it) - downloaded 2008 R2 evaluation - performed adprep32 /forestprep, adprep32 /domainprep and adprep32 /domainprep /gpprep - no errors so far - installed a new 2008 R2 machine and promoted it as new DC - waited for SYSVOL to be synced - transfered all FSMOs to the new 2008R2 DC - demoted old 2k DC and re-added it as member server - raised domain level to 2008 R2 - checked if everything is working with new DC -> OK, i guess. - installed a new VMware guest with current Ubuntu (oneiric 32bit) - downloaded samba from git, downloaded required dependencies, ./configure.developer, make, sudo make install - changed nsupdate command to "/usr/bin/nsupdate" - joined new samba DC to domain with samba-tool -> OK, no errors - created start script and start samba4 - checked DNS for new entries for samba4 DC -> OK - waited some time for replication - used MS AD utils, connected to new samba4 DC and checked if all entries are there -> OK, looks good. - new samba4 currently has only GC role - used howto form here: https://lists.samba.org/archive/samba-technical/2011-October/080026.html to replicate SYSVOL from Windows machine to samba4 server - moved FSMOs with ntdsutil from 2008 R2 DC to samba4 DC - demoted Windows DC (had to force it with dcpromo /forceremoval) -> domain non functional anymore :-( - if I open MS AD tools the DC will not be selected automatically but I can select it manually and all entries seem do be there. Has someone successful moved his domain to a samba4 environment ? Any idea what could have happened ? I would be happy if someone can give me a hint in the right direction. thanks Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] got stuck with replacing win2k DC with samba4 DC
Hello all, active directory is working now, seems there was an issue with DNS entries. Now i have another question. I had to force demote of the win 2008 R2 server and was not able to do "metadata cleanup" with the ntdsutil to remove the remains of the windows server afterwards, the new samba4 DC simply did not allow me to do that. Is there a way to do something similar with the samba provided tools (samba-tool for example) ? thank you regards Andreas Am 01.11.2011 11:06, schrieb Andreas Oster: Hello all, I have tried several times to replace an old Windows 2000 domain controller with a samba4 dc but failed to do so. here is what I did/tried: - copied the old DC and DNS (bind9) to a vmware machine - fixed some replication issues I had with the old 2k DC ( once had two DCs and one died and had to seize it) - downloaded 2008 R2 evaluation - performed adprep32 /forestprep, adprep32 /domainprep and adprep32 /domainprep /gpprep - no errors so far - installed a new 2008 R2 machine and promoted it as new DC - waited for SYSVOL to be synced - transfered all FSMOs to the new 2008R2 DC - demoted old 2k DC and re-added it as member server - raised domain level to 2008 R2 - checked if everything is working with new DC -> OK, i guess. - installed a new VMware guest with current Ubuntu (oneiric 32bit) - downloaded samba from git, downloaded required dependencies, ./configure.developer, make, sudo make install - changed nsupdate command to "/usr/bin/nsupdate" - joined new samba DC to domain with samba-tool -> OK, no errors - created start script and start samba4 - checked DNS for new entries for samba4 DC -> OK - waited some time for replication - used MS AD utils, connected to new samba4 DC and checked if all entries are there -> OK, looks good. - new samba4 currently has only GC role - used howto form here: https://lists.samba.org/archive/samba-technical/2011-October/080026.html to replicate SYSVOL from Windows machine to samba4 server - moved FSMOs with ntdsutil from 2008 R2 DC to samba4 DC - demoted Windows DC (had to force it with dcpromo /forceremoval) -> domain non functional anymore :-( - if I open MS AD tools the DC will not be selected automatically but I can select it manually and all entries seem do be there. Has someone successful moved his domain to a samba4 environment ? Any idea what could have happened ? I would be happy if someone can give me a hint in the right direction. thanks Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] got stuck with replacing win2k DC with samba4 DC
Hello all, here is some more information from the samba log: ../source4/dsdb/common/util.c:3118(dsdb_forest_functional_level) ../source4/dsdb/common/util.c:3118: Warning: forestFunctionality not setup Thanks Andreas Am 01.11.2011 11:06, schrieb Andreas Oster: Hello all, I have tried several times to replace an old Windows 2000 domain controller with a samba4 dc but failed to do so. here is what I did/tried: - copied the old DC and DNS (bind9) to a vmware machine - fixed some replication issues I had with the old 2k DC ( once had two DCs and one died and had to seize it) - downloaded 2008 R2 evaluation - performed adprep32 /forestprep, adprep32 /domainprep and adprep32 /domainprep /gpprep - no errors so far - installed a new 2008 R2 machine and promoted it as new DC - waited for SYSVOL to be synced - transfered all FSMOs to the new 2008R2 DC - demoted old 2k DC and re-added it as member server - raised domain level to 2008 R2 - checked if everything is working with new DC -> OK, i guess. - installed a new VMware guest with current Ubuntu (oneiric 32bit) - downloaded samba from git, downloaded required dependencies, ./configure.developer, make, sudo make install - changed nsupdate command to "/usr/bin/nsupdate" - joined new samba DC to domain with samba-tool -> OK, no errors - created start script and start samba4 - checked DNS for new entries for samba4 DC -> OK - waited some time for replication - used MS AD utils, connected to new samba4 DC and checked if all entries are there -> OK, looks good. - new samba4 currently has only GC role - used howto form here: https://lists.samba.org/archive/samba-technical/2011-October/080026.html to replicate SYSVOL from Windows machine to samba4 server - moved FSMOs with ntdsutil from 2008 R2 DC to samba4 DC - demoted Windows DC (had to force it with dcpromo /forceremoval) -> domain non functional anymore :-( - if I open MS AD tools the DC will not be selected automatically but I can select it manually and all entries seem do be there. Has someone successful moved his domain to a samba4 environment ? Any idea what could have happened ? I would be happy if someone can give me a hint in the right direction. thanks Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] got stuck with replacing win2k DC with samba4 DC
Hello all, I have tried several times to replace an old Windows 2000 domain controller with a samba4 dc but failed to do so. here is what I did/tried: - copied the old DC and DNS (bind9) to a vmware machine - fixed some replication issues I had with the old 2k DC ( once had two DCs and one died and had to seize it) - downloaded 2008 R2 evaluation - performed adprep32 /forestprep, adprep32 /domainprep and adprep32 /domainprep /gpprep - no errors so far - installed a new 2008 R2 machine and promoted it as new DC - waited for SYSVOL to be synced - transfered all FSMOs to the new 2008R2 DC - demoted old 2k DC and re-added it as member server - raised domain level to 2008 R2 - checked if everything is working with new DC -> OK, i guess. - installed a new VMware guest with current Ubuntu (oneiric 32bit) - downloaded samba from git, downloaded required dependencies, ./configure.developer, make, sudo make install - changed nsupdate command to "/usr/bin/nsupdate" - joined new samba DC to domain with samba-tool -> OK, no errors - created start script and start samba4 - checked DNS for new entries for samba4 DC -> OK - waited some time for replication - used MS AD utils, connected to new samba4 DC and checked if all entries are there -> OK, looks good. - new samba4 currently has only GC role - used howto form here: https://lists.samba.org/archive/samba-technical/2011-October/080026.html to replicate SYSVOL from Windows machine to samba4 server - moved FSMOs with ntdsutil from 2008 R2 DC to samba4 DC - demoted Windows DC (had to force it with dcpromo /forceremoval) -> domain non functional anymore :-( - if I open MS AD tools the DC will not be selected automatically but I can select it manually and all entries seem do be there. Has someone successful moved his domain to a samba4 environment ? Any idea what could have happened ? I would be happy if someone can give me a hint in the right direction. thanks Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: rpcclient 'adddriver issue HP Deskjet 1220C
Hello Mark, thank you for the directory hint. I had actually placed the files into the wrong directory, so the 'WERR_BADFILE' was actually a 'file not found' error :-( Thank you for your kind help regards Andreas Mark Gannon schrieb: On Wednesday 09 July 2008 05:40:19 am Andreas Oster wrote: I have copied the driver files to /var/lib/printers prior to executing the adddriver command ! The drivers need to be copied to the directory returned by the "getdriverdir" rpc command. On my system the output looks like: rpcclient $> getdriverdir rpc_pipe_bind: Remote machine localhost pipe \spoolss fnum 0x772d bind request returned ok. Directory Name:[\\LOCALHOST\print$\W32X86] Where the network share maps to /var/lib/printers. My interpretation is that you need to create two new directories on your system. i. /var/lib/printers/W32X86 ii. /var/lib/printers/W32X86/3 And the directories need to be writeable over the print$ share by the user you run rpcclient as. If you don't mind changing your arrangement so that the print jobs are rendered on the Linux host and a standard PostScript driver is distributed to the clients, you might have a look at the following article: http://www.enterprisenetworkingplanet.com/netsysm/article.php/3621876 Regards, Mark Gannon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] rpcclient 'adddriver issue HP Deskjet 1220C
Hello all, I am trying to add a printer driver for a HP Deskjet 1220C with following command to samba: rpcclient -c 'adddriver "Windows NT x86" \ "HPDJ1220C:HPW8KMD.DLL:HPW8KMD.DLL:HPW8KMD.DLL:HPW8DRV.HLP:NULL:RAW: \ HPW8c32.dll,HPW8mon.dll,HPW8r24.dll,HPW8res.dll,HPW8win.dll, \ HPW8ime.dll,HPW8ddi.dll,HPW8img.dll,HPW8sum.dll,HPW8gui.dll, \ HPW8wps.dll,HPW8svb.dll" ' novalx01 -d3 when I do this I get following error message: lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" Password: Connecting to host=novalx01 Connecting to 10.2.1.5 at port 445 error connecting to 10.2.1.5:445 (Verbindungsaufbau abgelehnt) Connecting to 10.2.1.5 at port 139 Doing spnego session setup (blob length=121) got OID=1 2 840 113554 1 2 2 got OID=1 2 840 48018 1 2 2 got OID=1 3 6 1 4 1 311 2 2 10 got principal=cifs/[EMAIL PROTECTED] Got challenge flags: Got NTLMSSP neg_flags=0x60898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 rpc_pipe_bind: Remote machine novalx01 pipe \lsarpc fnum 0x72bd bind request returned ok. lsa_io_sec_qos: length c does not match size 8 rpc_pipe_bind: Remote machine novalx01 pipe \spoolss fnum 0x72be bind request returned ok. result was WERR_BADFILE I have copied the driver files to /var/lib/printers prior to executing the adddriver command ! I figured out the needed drivers by doing: rpcclient -c 'getdriver "HPDJ1220C" 3' novaws100 this gave following result: [Windows NT x86] Printer Driver Info 3: Version: [3] Driver Name: [HP DeskJet 1220C Printer] Architecture: [Windows NT x86] Driver Path: [\\NOVAWS10\print$\W32X86\3\HPW8KMD.DLL] Datafile: [\\NOVAWS10\print$\W32X86\3\HPW8KMD.DLL] Configfile: [\\NOVAWS10\print$\W32X86\3\HPW8KMD.DLL] Helpfile: [\\NOVAWS10\print$\W32X86\3\HPW8DRV.HLP] Dependentfiles: [\\NOVAWS10\print$\W32X86\3\HPW8c32.dll] Dependentfiles: [\\NOVAWS10\print$\W32X86\3\HPW8mon.dll] Dependentfiles: [\\NOVAWS10\print$\W32X86\3\HPW8r24.dll] Dependentfiles: [\\NOVAWS10\print$\W32X86\3\HPW8res.dll] Dependentfiles: [\\NOVAWS10\print$\W32X86\3\HPW8win.dll] Dependentfiles: [\\NOVAWS10\print$\W32X86\3\HPW8ime.dll] Dependentfiles: [\\NOVAWS10\print$\W32X86\3\HPW8ddi.dll] Dependentfiles: [\\NOVAWS10\print$\W32X86\3\HPW8img.dll] Dependentfiles: [\\NOVAWS10\print$\W32X86\3\HPW8sum.dll] Dependentfiles: [\\NOVAWS10\print$\W32X86\3\HPW8gui.dll] Dependentfiles: [\\NOVAWS10\print$\W32X86\3\HPW8wps.dll] Dependentfiles: [\\NOVAWS10\print$\W32X86\3\HPW8svb.dll] Monitorname: [] Defaultdatatype: [] Any ideas ? Thank you for your help regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] publishing printer to ADS not working
Hello everybody, I have run into a problem which I am not able to resolve by myself :-( Yesterday I have added a new printer (cups) to a Samba 3.0.28a server. The new printer showed up in the network neighborhood (Windows XP) and I was able to print to the new print queue. Then I tried to publish the new printer to the AD ( we use a windows 2000 server for user administration and GPOs) with the following command: net ads printer publish novapr07 -U the command does not return any errors, so I thought that it was successful, but unfortunately the new printer did not show up in the ADS. In the samba logs there is no sign of an errors :-( I then performed the same command again but with debugging enabled (-d 3). It returened following output: <--snip [2008/06/23 10:12:40, 3] param/loadparm.c:lp_load(5055) lp_load: refreshing parameters [2008/06/23 10:12:40, 3] param/loadparm.c:init_globals(1440) Initialising global parameters [2008/06/23 10:12:40, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2008/06/23 10:12:40, 3] param/loadparm.c:do_section(3794) Processing section "[global]" [2008/06/23 10:12:40, 2] lib/interface.c:add_interface(81) added interface ip=10.2.1.5 bcast=10.2.1.255 nmask=255.255.255.0 bulldog's password: [2008/06/23 10:12:44, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: "10.2.1.8, NOVAW2K01.novanetwork.loc" [2008/06/23 10:12:44, 3] libads/ldap.c:ads_connect(394) Connected to LDAP server 10.2.1.8 [2008/06/23 10:12:44, 3] libads/sasl.c:ads_sasl_spnego_bind(291) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/06/23 10:12:44, 3] libads/sasl.c:ads_sasl_spnego_bind(291) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/06/23 10:12:44, 3] libads/sasl.c:ads_sasl_spnego_bind(291) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/06/23 10:12:44, 3] libads/sasl.c:ads_sasl_spnego_bind(291) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/06/23 10:12:44, 3] libads/sasl.c:ads_sasl_spnego_bind(300) ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED] [2008/06/23 10:12:44, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2008/06/23 10:12:44, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Mo, 23 Jun 2008 20:12:44 CEST [2008/06/23 10:12:44, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: "10.2.1.8, NOVAW2K01.novanetwork.loc" [2008/06/23 10:12:44, 3] libads/ldap.c:ads_connect(394) Connected to LDAP server 10.2.1.8 [2008/06/23 10:12:44, 3] libads/sasl.c:ads_sasl_spnego_bind(291) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/06/23 10:12:44, 3] libads/sasl.c:ads_sasl_spnego_bind(291) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/06/23 10:12:44, 3] libads/sasl.c:ads_sasl_spnego_bind(291) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/06/23 10:12:44, 3] libads/sasl.c:ads_sasl_spnego_bind(291) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/06/23 10:12:44, 3] libads/sasl.c:ads_sasl_spnego_bind(300) ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED] [2008/06/23 10:12:44, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Mo, 23 Jun 2008 20:12:44 CEST [2008/06/23 10:12:44, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: "10.2.1.8, NOVAW2K01.novanetwork.loc" [2008/06/23 10:12:44, 3] libads/ldap.c:ads_connect(394) Connected to LDAP server 10.2.1.8 [2008/06/23 10:12:44, 3] libads/sasl.c:ads_sasl_spnego_bind(291) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/06/23 10:12:44, 3] libads/sasl.c:ads_sasl_spnego_bind(291) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/06/23 10:12:44, 3] libads/sasl.c:ads_sasl_spnego_bind(291) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/06/23 10:12:44, 3] libads/sasl.c:ads_sasl_spnego_bind(291) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/06/23 10:12:44, 3] libads/sasl.c:ads_sasl_spnego_bind(300) ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED] [2008/06/23 10:12:44, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Mo, 23 Jun 2008 20:12:44 CEST [2008/06/23 10:12:44, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: "10.2.1.8, NOVAW2K01.novanetwork.loc" [2008/06/23 10:12:44, 3] libads/ldap.c:ads_connect(394) Connected to LDAP server 10.2.1.8 [2008/06/23 10:12:44, 3] libads/sasl.c:ads_sasl_spnego_bind(291) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/06/23 10:12:44, 3] libads/sasl.c:ads_sasl_spnego_bind(291) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/06/23 10:12:4
[Samba] Re: Odd problem with samba v.3.0.20b
Andrew Bartlett schrieb: On Mon, 2005-10-24 at 13:22 +0200, Thomas Bork wrote: Andreas Oster wrote: [2005/10/24 12:29:33, 0] smbd/service.c:make_connection(798) novaws20 (10.2.1.71) couldn't find service aoste The last five messages are the relavant ones. The share mentioned (aoster) is the home share of user aoster. This not only happens with the home share but with all other configured shares. The last letter seems to truncated. Does anybody have a similar/same problem ? This is a *long* standing bug in samba 3.0.x (in all versions I tried up to 3.0.21pre1). Sometimes the last character of the services is truncate here too, but the server is nevertheless working properly: [2005/10/24 03:09:32, 0] smbd/server.c:main(805) smbd version 3.0.21pre1-01-for-eisfair started. [...] [2005/10/24 03:19:40.521307, 0, pid=11532] smbd/service.c:make_connection(802) tb3 (192.168.0.15) couldn't find service publi The service is named 'public' and not 'publi'. The trouble is that we don't know where the string is being trucated. It is not as simple as 'in the tree connect', as ethereal shows the string to be already truncated. It must be somewhere else, but it also appears non-fatal: I've never heard of it actually breaking setups, just making noise. Andrew Bartlett Dear Andrew, dear Thomas, thank you for your reply to my posting. Actually, the server works without any problems, but because I did not recognize this truncation error in the logs before the update, I was afraid, that this could brake something :) So I am trying to not bother any more :) best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Odd problem with samba v.3.0.20b
Hello list, I have recently updated our companys fileserver from version 3.0.13 to 3.0.20 and shortly afterwards to 3.0.20b. Since then I have a prolem with my shares, at least the logs state that there is a problem :( The server acts as a domain member server. The domain is controlled by a Win2000 server, the clients run WinXP and Win2000. here a short passage of one logfile: [2005/10/24 12:25:18, 1] smbd/service.c:make_connection_snum(662) novaws20 (10.2.1.71) connect to service Applications initially as user NOVADOM+aoster (uid=0, gid=10001) (pid 7837) [2005/10/24 12:27:11, 1] smbd/service.c:make_connection_snum(662) novaws20 (10.2.1.71) connect to service aoster initially as user NOVADOM+aoster (uid=10001, gid=1) (pid 7837) [2005/10/24 12:27:14, 1] smbd/service.c:close_cnum(835) novaws20 (10.2.1.71) closed connection to service aoster [2005/10/24 12:27:14, 1] smbd/service.c:close_cnum(835) novaws20 (10.2.1.71) closed connection to service Applications [2005/10/24 12:28:25, 1] smbd/service.c:make_connection_snum(662) novaws20 (10.2.1.71) connect to service Applications initially as user NOVADOM+aoster (uid=0, gid=10001) (pid 7913) [2005/10/24 12:28:26, 1] smbd/service.c:make_connection_snum(662) novaws20 (10.2.1.71) connect to service aoster initially as user NOVADOM+aoster (uid=10001, gid=1) (pid 7913) [2005/10/24 12:28:40, 1] smbd/service.c:make_connection_snum(662) novaws20 (10.2.1.71) connect to service Temporary initially as user NOVADOM+aoster (uid=10001, gid=1) (pid 7913) [2005/10/24 12:28:41, 1] smbd/service.c:make_connection_snum(662) novaws20 (10.2.1.71) connect to service Install initially as user NOVADOM+aoster (uid=0, gid=1) (pid 7913) [2005/10/24 12:28:42, 1] smbd/service.c:make_connection_snum(662) novaws20 (10.2.1.71) connect to service Office initially as user NOVADOM+aoster (uid=10001, gid=10010) (pid 7913) [2005/10/24 12:28:42, 1] smbd/service.c:make_connection_snum(662) novaws20 (10.2.1.71) connect to service Library initially as user NOVADOM+aoster (uid=10001, gid=10013) (pid 7913) [2005/10/24 12:28:42, 1] smbd/service.c:make_connection_snum(662) novaws20 (10.2.1.71) connect to service Documentation initially as user NOVADOM+aoster (uid=10001, gid=10012) (pid 7913) [2005/10/24 12:28:43, 1] smbd/service.c:make_connection_snum(662) novaws20 (10.2.1.71) connect to service Service initially as user NOVADOM+aoster (uid=0, gid=10014) (pid 7913) [2005/10/24 12:29:26, 0] smbd/service.c:make_connection(798) novaws20 (10.2.1.71) couldn't find service aoste [2005/10/24 12:29:33, 0] smbd/service.c:make_connection(798) novaws20 (10.2.1.71) couldn't find service aoste [2005/10/24 12:29:33, 0] smbd/service.c:make_connection(798) novaws20 (10.2.1.71) couldn't find service aoste [2005/10/24 12:29:33, 0] smbd/service.c:make_connection(798) novaws20 (10.2.1.71) couldn't find service aoste [2005/10/24 12:29:33, 0] smbd/service.c:make_connection(798) novaws20 (10.2.1.71) couldn't find service aoste The last five messages are the relavant ones. The share mentioned (aoster) is the home share of user aoster. This not only happens with the home share but with all other configured shares. The last letter seems to truncated. Does anybody have a similar/same problem ? best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] Samba as a PDC / Windows NT 4 SP6a as a BDC
Try this link: http://is-it-true.org/nt/registry/rtips94.shtml did work for me best regards Andreas Julien Bordet schrieb: If it is not, I've got another slightly off topic question : how to I demote my former Windows NT PDC (that is now a BDC) to a normal Windows NT server, so that I have no problem with it ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: .tdb spoilt, tdbbackup -v does not see corrupt data
Klaus Renner schrieb: Hi, I am using Version 3.0.2a of samba on Linux 2.4.18 (suse with self-compiled samba from tarball) smb.conf: [IEPRINT] path = /home/htmprint/tmp printable = Yes print command = /home/htmprint/Programme/virtual_printer.sh %s After some weeks with some thousand printjobs generated by a program running as W2k-service the printer was no more available. I checked printing from windows: it hangs notepad. Samba-logfile says: [2004/07/05 17:48:39, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "spoolss" (pnum 739f)free_pipe_context: destroy ing talloc pool of size 0 [2004/07/05 17:48:39, 3] rpc_server/srv_pipe.c:api_rpcTNP(1509) api_rpcTNP: rpc command: SPOOLSS_WRITEPRINTER [2004/07/05 17:48:39, 2] rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd (268) find_printer_index_by_hnd: Printer handle not found: _spoolss_writeprinter: Invalid handle (OTHER:25527:25530) [2004/07/05 17:48:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 24576 I tried to check with tdbbackup -v /usr/local/samba/var/locks/printing/IEPRINT.tdb I got returncode 0 , but that ~.tdb was spoilt . Moving the file IEPRINT.tdb away makes the printer IEPRINT running. Some weeks ago I had the same error, but could not find any reason. So I removed samba and installed it again. So I deleted the problem without knowing, what file is affeted. It seems, that the error depends on the number of printjobs or on the time, the printer is used(about 5 weeks) I can provide this spoilt file IEPRINT.tdb . It is perhaps helpful in finding the bug. I think its to big to attach it . (139K) greetings Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193 Uups, just reread your posting, maybe this is a completely different problem you have, but I think it's worth to give 3.04 a try :) My Problem was, that after some time a print spool that is hosted on the samba server stopped working. best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: .tdb spoilt, tdbbackup -v does not see corrupt data
Klaus Renner schrieb: Hi, I am using Version 3.0.2a of samba on Linux 2.4.18 (suse with self-compiled samba from tarball) smb.conf: [IEPRINT] path = /home/htmprint/tmp printable = Yes print command = /home/htmprint/Programme/virtual_printer.sh %s After some weeks with some thousand printjobs generated by a program running as W2k-service the printer was no more available. I checked printing from windows: it hangs notepad. Samba-logfile says: [2004/07/05 17:48:39, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "spoolss" (pnum 739f)free_pipe_context: destroy ing talloc pool of size 0 [2004/07/05 17:48:39, 3] rpc_server/srv_pipe.c:api_rpcTNP(1509) api_rpcTNP: rpc command: SPOOLSS_WRITEPRINTER [2004/07/05 17:48:39, 2] rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd (268) find_printer_index_by_hnd: Printer handle not found: _spoolss_writeprinter: Invalid handle (OTHER:25527:25530) [2004/07/05 17:48:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 24576 I tried to check with tdbbackup -v /usr/local/samba/var/locks/printing/IEPRINT.tdb I got returncode 0 , but that ~.tdb was spoilt . Moving the file IEPRINT.tdb away makes the printer IEPRINT running. Some weeks ago I had the same error, but could not find any reason. So I removed samba and installed it again. So I deleted the problem without knowing, what file is affeted. It seems, that the error depends on the number of printjobs or on the time, the printer is used(about 5 weeks) I can provide this spoilt file IEPRINT.tdb . It is perhaps helpful in finding the bug. I think its to big to attach it . (139K) greetings Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193 Dear Klaus, I had a similar problem when a network printer suddenly was not accessible anymore. Only deleting of some .tdb files could solve the problem, but unfortunately not for long :( Jerry, from the samba team recommended to upgrade to 3.04, because there is a known bug which has been fixed in this release. Now everything works fine :) best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Error messages in log files with Samba 3.04
Hello list, I have recently upgraded to samba version 3.04 . Everything works well and a problem I had with one of my printers (which was the reason for upgrading) seems to be fixed. But now there is another issue. In the log directory there is a file called log.0.0.0.0 which in my opinion should not be there because obviosly there is no station with a 0.0.0.0 IP address. The error-messages: - getpeername failed. Error was Transport endpoint is not connected - Denied connection from (0.0.0.0) also appear in logs of existing users/stations. Does anyone know what is the cause of the errors and how to fix it ? Datei: log.0.0.0.0 [2004/05/12 07:10:26, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected [2004/05/12 07:10:26, 0] lib/access.c:check_access(328) [2004/05/12 07:10:26, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected Denied connection from (0.0.0.0) [2004/05/12 07:10:26, 1] smbd/process.c:process_smb(883) [2004/05/12 07:10:26, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected Connection denied from 0.0.0.0 [2004/05/12 07:10:26, 0] lib/util_sock.c:write_socket_data(413) write_socket_data: write failure. Error = Connection reset by peer [2004/05/12 07:10:26, 0] lib/util_sock.c:write_socket(438) write_socket: Error writing 5 bytes to socket 22: ERRNO = Connection reset by peer [2004/05/12 07:10:26, 0] lib/util_sock.c:send_smb(630) Error writing 5 bytes to client. -1. (Connection reset by peer) [2004/05/12 14:37:13, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected [2004/05/12 14:37:13, 0] lib/access.c:check_access(328) [2004/05/12 14:37:13, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected Denied connection from (0.0.0.0) [2004/05/12 14:37:13, 1] smbd/process.c:process_smb(883) [2004/05/12 14:37:13, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected Connection denied from 0.0.0.0 [2004/05/12 14:37:13, 0] lib/util_sock.c:write_socket_data(413) write_socket_data: write failure. Error = Connection reset by peer [2004/05/12 14:37:13, 0] lib/util_sock.c:write_socket(438) write_socket: Error writing 5 bytes to socket 5: ERRNO = Connection reset by peer [2004/05/12 14:37:13, 0] lib/util_sock.c:send_smb(630) Error writing 5 bytes to client. -1. (Connection reset by peer) [2004/05/13 07:20:05, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected [2004/05/13 07:20:05, 0] lib/access.c:check_access(328) [2004/05/13 07:20:05, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected Denied connection from (0.0.0.0) [2004/05/13 07:20:05, 1] smbd/process.c:process_smb(883) [2004/05/13 07:20:05, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected Connection denied from 0.0.0.0 [2004/05/13 07:20:05, 0] lib/util_sock.c:write_socket_data(413) write_socket_data: write failure. Error = Connection reset by peer [2004/05/13 07:20:05, 0] lib/util_sock.c:write_socket(438) write_socket: Error writing 5 bytes to socket 22: ERRNO = Connection reset by peer [2004/05/13 07:20:05, 0] lib/util_sock.c:send_smb(630) Error writing 5 bytes to client. -1. (Connection reset by peer) best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Suddenly one printer stops to print
Gerald (Jerry) Carter schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 andreas oster wrote: | I have the same problem here. I fix/workaround by | stopping smbd deleting the var/lib/samba/printers dir and | the ntprinters.tbd file. Then start smbd again and everything | works again. But not for long :( After some time the | problem returns. All fixed now. I would recommend upgrading to 3.0.4 (although this bug was fixed in 3.0.3pre1) cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAoPnFIR7qMdg1EfYRAhrzAKDR3DG/AQoJAbEY8Z2NCpFtAT7TzACfZL7M xz76vC6h8AA+e7VnMkISNfI= =xfQ3 -END PGP SIGNATURE- Dear Jerry thank you for your fast response. Last night I have upgraded to version 3.04, I hope this fixes the issue. best regards ANdreas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Suddenly one printer stops to print
Tomoo Nomura schrieb: Dear *Fabien Chevalier*, I found your message in http://lists.samba.org/archive/samba/2004-February/080990.html I got in the similar problem. Have you solved the problem ? If so, please let me know the solution. Thanks and Best Regards, Tomoo Nomura Hello Tomoo I have the same problem here. I fix/workaround by stopping smbd deleting the var/lib/samba/printers dir and the ntprinters.tbd file. Then start smbd again and everything works again. But not for long :( After some time the problem returns. The user trying to access the printer (in my case only one of 6 printers is affected) gets following messages in the logfile: [2004/05/11 14:56:17, 0] lib/fault.c:fault_report(36) === [2004/05/11 14:56:17, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 4278 (3.0.2a) Please read the appendix Bugs of the Samba HOWTO collection [2004/05/11 14:56:17, 0] lib/fault.c:fault_report(39) === [2004/05/11 14:56:17, 0] lib/util.c:smb_panic(1400) PANIC: internal error [2004/05/11 14:56:17, 0] lib/util.c:smb_panic(1408) BACKTRACE: 1 stack frames: #0 smbd(smb_panic+0x11b) [0x81bc0ab] [2004/05/11 14:56:17, 0] lib/fault.c:fault_report(36) Do you get similar output ? Does anyone know how to fix this ?? best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba