Re: [Samba] Folder disappears on rename
On 10/03/2013 01:02 PM, Jeremy Allison wrote: On Thu, Oct 03, 2013 at 11:57:21AM -0700, Brian Martin wrote: I have Samba 4.0.9 installed under Ubuntu 12.04. It's configured as a domain member, with a Windows 2008R2 server being the DC. All workstations are running Windows 7. One of my users is reporting problems in the following scenario: 1) She creates a folder in one of the Samba shares, and places a number of documents there. 2) She closes all open documents and closes Windows Explorer 3) Another user on another workstation subsequently renames the folder as part of the work flow process to indicate it has been reviewed. 4) The original user then navigates to where the renamed folder should be and cannot find it, either under the original name or the new name. Refreshing doesn't help. 5) After a period of time, typically 3-5 minutes but in one case around 30 minutes, the folder reappears under the new name. The window of time between steps 2 and 4 is typically fairly small, as in an hour or less. The problem is intermittent. In the 30-minute case I was able to get on to my own Win7 workstation and look at the network share, and I saw the folder under the new name. I then checked with the user and she reported she still couldn't see it after a refresh, though it appeared shortly (minutes) thereafter. As diagnostic steps, I've asked the user to try a) logging off; b) rebooting; but we don't have results of those tests yet. I considered that this might be related to bug 10174 https://bugzilla.samba.org/show_bug.cgi?id=10174, but the original user is making sure she doesn't have any files or folders open before the rename occurs. No, that isn't a related issue. 10174 is a correctness issue that I'm not sure affects any real application (although of course you never know with Windows apps. :-). 1) Is this a known issue? 2) Is anyone else experiencing this? 3) Does anyone have any fixes or workarounds? It's not known to the developers. It looks like a failure of change notify, but you'd have to drill down much deeper with wireshark traces to look into it. Jeremy. I have received a suggestion to check whether this might be related to a mis-configured off-line synchronization (mobsync.exe) on the workstation, which I will check the next time I have access to the machine. Assuming I don't find anything there, should I open a (unconfirmed) bug on this so that if others experience it they can confirm it? -Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] create_local_nt_token_from_info3 not pulling supplementary UNIX groups
Can anyone with knowledge about this issue offer any comment? Somebody has to have an idea about it, good or bad. Thanks, Brian On 9/11/2013 2:20 PM, Brian H. Nelson wrote: I'm trying to solve this issue I'm having where using 'valid users = +unixgroup' just plain doesn't work. I can't find any /documented/ reason why this is so, but nevertheless, it seems to be the case. This is with samba 3.6.18, but seems to exist in all of 3.6.x and most or all of 3.5.x and perhaps earlier as well (see bug #6681). From what I can tell, the underlying reason it doesn't work is because create_local_nt_token_from_info3 doesn't seem to populate the user's token with local UNIX /supplementary/ group SIDs (S-1-22-2-xxx). I'm not sure exactly why this is the case; the code is a bit complicated. Ironically, if the user is explicitly mapped (username map in smb.conf) then it *does* work. This seems to be because an explicitly-mapped user will follow a different code path and end up using create_token_from_username which /does/ pull local UNIX groups. I don't understand why there is a difference in behavior between explicit and implicit mapping. (Implicit mapping meaning DOMAIN\name maps to local user 'name' via idmap_nss, or some other facility). I would think that either case should ultimately end with the same result. This seems like a very major and long-standing problem to just be a bug. As such I feel like I'm missing something. Can a dev or somebody with a better understanding of the code fill me in? Here are some reference links that sound related: https://bugzilla.samba.org/show_bug.cgi?id=6681 http://marc.info/?l=sambam=135879161014066w=2 http://marc.info/?l=sambam=120886782118153w=2 Thanks, Brian -- Brian H. Nelson Data Security Analyst I IT Infrastructure Engineering Youngstown State University bhnelson[at]ysu[dot]edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Folder disappears on rename
I have Samba 4.0.9 installed under Ubuntu 12.04. It's configured as a domain member, with a Windows 2008R2 server being the DC. All workstations are running Windows 7. One of my users is reporting problems in the following scenario: 1) She creates a folder in one of the Samba shares, and places a number of documents there. 2) She closes all open documents and closes Windows Explorer 3) Another user on another workstation subsequently renames the folder as part of the work flow process to indicate it has been reviewed. 4) The original user then navigates to where the renamed folder should be and cannot find it, either under the original name or the new name. Refreshing doesn't help. 5) After a period of time, typically 3-5 minutes but in one case around 30 minutes, the folder reappears under the new name. The window of time between steps 2 and 4 is typically fairly small, as in an hour or less. The problem is intermittent. In the 30-minute case I was able to get on to my own Win7 workstation and look at the network share, and I saw the folder under the new name. I then checked with the user and she reported she still couldn't see it after a refresh, though it appeared shortly (minutes) thereafter. As diagnostic steps, I've asked the user to try a) logging off; b) rebooting; but we don't have results of those tests yet. I considered that this might be related to bug 10174 https://bugzilla.samba.org/show_bug.cgi?id=10174, but the original user is making sure she doesn't have any files or folders open before the rename occurs. Questions: 1) Is this a known issue? 2) Is anyone else experiencing this? 3) Does anyone have any fixes or workarounds? Thanks in advance for any advice you might have. -Brian Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] create_local_nt_token_from_info3 not pulling supplementary UNIX groups
According to the smb.conf man page, using @group is equavelnt to +group where '' means check it as an NIS netgroup and '+' means check it as a local UNIX group. Just +group should be what I want (I'm not using NIS) but I admit I haven't tested much with @group. Another interesting facet is that the RHEL-provided samba builds *do not* exhibit the problem I'm seeing. They bundle in a number of patches. Apparently one (or more) of them is changing this specific behavior. Brian On 9/11/2013 3:18 PM, Brian Cuttler wrote: I thought it was @group rather than +group in the samba.conf share definition... -- Brian H. Nelson Data Security Analyst I IT Infrastructure Engineering Youngstown State University bhnelson[at]ysu[dot]edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] create_local_nt_token_from_info3 not pulling supplementary UNIX groups
I'm trying to solve this issue I'm having where using 'valid users = +unixgroup' just plain doesn't work. I can't find any /documented/ reason why this is so, but nevertheless, it seems to be the case. This is with samba 3.6.18, but seems to exist in all of 3.6.x and most or all of 3.5.x and perhaps earlier as well (see bug #6681). From what I can tell, the underlying reason it doesn't work is because create_local_nt_token_from_info3 doesn't seem to populate the user's token with local UNIX /supplementary/ group SIDs (S-1-22-2-xxx). I'm not sure exactly why this is the case; the code is a bit complicated. Ironically, if the user is explicitly mapped (username map in smb.conf) then it *does* work. This seems to be because an explicitly-mapped user will follow a different code path and end up using create_token_from_username which /does/ pull local UNIX groups. I don't understand why there is a difference in behavior between explicit and implicit mapping. (Implicit mapping meaning DOMAIN\name maps to local user 'name' via idmap_nss, or some other facility). I would think that either case should ultimately end with the same result. This seems like a very major and long-standing problem to just be a bug. As such I feel like I'm missing something. Can a dev or somebody with a better understanding of the code fill me in? Here are some reference links that sound related: https://bugzilla.samba.org/show_bug.cgi?id=6681 http://marc.info/?l=sambam=135879161014066w=2 http://marc.info/?l=sambam=120886782118153w=2 Thanks, Brian -- Brian H. Nelson Data Security Analyst I IT Infrastructure Engineering Youngstown State University bhnelson[at]ysu[dot]edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Removed params 'force security mode' etc. What to use instead?
I hate to bump, but surely someone can offer some input on this. At least question 1? Thanks, Brian On 7/3/2013 2:56 PM, Brian H. Nelson wrote: I noticed that the fix for bug 9190 (inc in samba 4.0) resulted in the removal of the following config parameters: security mask force security mode directory mask force directory security mode I have a couple questions regarding this, and haven't really seen any good info on it, so... 1) Why were they removed? There doesn't seems to be any explanation in the bug notes or release notes. Maybe I'm missing something? (not judging, just confused) 2) What can be used instead? I don't see any comparable settings in samba to obtain the same effect (preventing clients from removing certain security bits from existing files, ie group permissions) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Removed params 'force security mode' etc. What to use instead?
On 7/3/2013 4:54 PM, Jonathan Buzzard wrote: My guess is this is related to the Unix extensions. Basically certain versions of OS X; I can't remember which ones but 10.5 sticks in my mind but that might be related to symbolic links and it was 10.6 that was the problem, notice the file server does Unix extensions and then decides to go behind the Samba servers back and fiddle with the permissions. Indeed. Unfortunately (in this case) we had already disabled unix extensions a while back when 10.6.8/10.7 came out and we started seeing similar permission issues. I'm surprized that force security mode wouldn't work. That actually sounds like a bug if that's the case. I don't believe I ever actually tested it myself but we did pin that as another possible solution at that time. This seems to be a different but similar issue on some new machines with 10.8. I'm not yet sure if it's an OS issue or a application issue. So far, I've only seen it when a user 'packages' a project from Adobe InDesign. Many of the extra files in the 'package' (just a folder, not an archive or anything) end up without group permissions which is a big issue for them. Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Removed params 'force security mode' etc. What to use instead?
Hello list, I noticed that the fix for bug 9190 (inc in samba 4.0) resulted in the removal of the following config parameters: security mask force security mode directory mask force directory security mode I have a couple questions regarding this, and haven't really seen any good info on it, so... 1) Why were they removed? There doesn't seems to be any explanation in the bug notes or release notes. Maybe I'm missing something? (not judging, just confused) 2) What can be used instead? I don't see any comparable settings in samba to obtain the same effect (preventing clients from removing certain security bits from existing files, ie group permissions) I have a situation currently where it looks like I will need to implement the above 'force' settings in my samba 3.x environment to deal with some misbehaving OS X clients that insist on stripping group permissions from files in certain situations. I'd rather not start using settings that I know are removed in future versions, but I'm not sure of a better way. Can anyone recommend the best way to deal with this? Thanks! Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind: how to fix uid/SID mapping following migration to a new DC
Did you ever get a resolution to your issue with UIDs not matching? I have the same problem and I cannot for the life of me get my UIDs to come from Active Directory. If you did solve it with using the idmap config DOMAIN : backend = ad would you be so kind as to share? I am only able to get idmap config * : backend = tdb to work. I have never been able to get UIDs for particular domain to work. Onlly the * seems to 'hit' Thanks, Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DFS Support
Thanks for the links. I'll compare this data against my Samba configs. -Brian On 3/5/13 6:53 AM, TAKAHASHI Motonobu mo...@monyo.com wrote: From: Martin, Brian D. (JSC-OD)[UNITED SPACE ALLIANCE LLC] brian.d.mar...@nasa.gov Date: Mon, 4 Mar 2013 22:49:33 -0600 What's the status of DFS support in Samba4? Using Win7 and smbclient and Linux I'm getting generic error messages related to not being able to access the DFS. This similar config is working in Samba v. 3.5.6. I spent some time Googling and didn't find much. Do these articles help you? https://lists.samba.org/archive/samba-technical/2013-February/090403.html https://lists.samba.org/archive/samba/2012-October/169512.html --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DFS Support
https://lists.samba.org/archive/samba-technical/2013-February/090403.html I don't believe this limitation applies to my configuration since the Samba domain name and DFS name match. https://lists.samba.org/archive/samba/2012-October/169512.html I don't think this affects my network. I'm going to retest w/ a stripped down Samba config file and migrate less settings from Samba3 to Samba4 config file. -Brian On 3/5/13 6:53 AM, TAKAHASHI Motonobu mo...@monyo.commailto:mo...@monyo.com wrote: From: Martin, Brian D. (JSC-OD)[UNITED SPACE ALLIANCE LLC] brian.d.mar...@nasa.govmailto:brian.d.mar...@nasa.gov Date: Mon, 4 Mar 2013 22:49:33 -0600 What's the status of DFS support in Samba4? Using Win7 and smbclient and Linux I'm getting generic error messages related to not being able to access the DFS. This similar config is working in Samba v. 3.5.6. I spent some time Googling and didn't find much. Do these articles help you? https://lists.samba.org/archive/samba-technical/2013-February/090403.html https://lists.samba.org/archive/samba/2012-October/169512.html --- TAKAHASHI Motonobu mo...@monyo.commailto:mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DFS Support
Haven't heard any updates on this question. Anyone have any ideas? -Brian On 1/31/13 5:12 PM, Martin, Brian D. (JSC-OD)[UNITED SPACE ALLIANCE LLC] brian.d.mar...@nasa.gov wrote: What's the status of DFS support in Samba4? Using Win7 and smbclient and Linux I'm getting generic error messages related to not being able to access the DFS. This similar config is working in Samba v. 3.5.6. I spent some time Googling and didn't find much. I did find one page that suggested Samba4 DFS support may be limited only to the sysvol and netlogon shares at this time. I'm using Samba v. 4.0.1 compiled from source. I'm on Debian v. 6.0.6 64 bit. Thanks for the help! -Brian Martin /etc/samba/smb.conf # Global parameters [global] workgroup = XYZ realm = XYZ.EXAMPLE.COM netbios name = SRV1 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate host msdfs = Yes [netlogon] path = /var/lib/samba/sysvol/srv1.xyz.example.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [dfs] path = /home/samba/dfs msdfs root = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrading from 4.0.0 to 4.0.3
I have the same question. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Thomas Simmons Sent: Tuesday, February 05, 2013 2:15 PM To: samba@lists.samba.org Subject: [Samba] Upgrading from 4.0.0 to 4.0.3 I made note the following in the 4.0.3 release notes about upgrades: o For more details concerning the ACL problem with delegation of privileges and deletion of accounts over LDAP interface (bugs #8909 and #9267) regarding upgrades from older 4.0.x versions, please see http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Upgrading which will be filled with details once we have worked out an upgrade strategy. I assume the ACL problems being referred to here are the reason I have acl search:false in my smb.conf. Is it OK to perform the upgrade now, if that is left in smb.conf? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 DFS Support
What's the status of DFS support in Samba4? Using Win7 and smbclient and Linux I'm getting generic error messages related to not being able to access the DFS. This similar config is working in Samba v. 3.5.6. I spent some time Googling and didn't find much. I did find one page that suggested Samba4 DFS support may be limited only to the sysvol and netlogon shares at this time. I'm using Samba v. 4.0.1 compiled from source. I'm on Debian v. 6.0.6 64 bit. Thanks for the help! -Brian Martin /etc/samba/smb.conf # Global parameters [global] workgroup = XYZ realm = XYZ.EXAMPLE.COM netbios name = SRV1 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate host msdfs = Yes [netlogon] path = /var/lib/samba/sysvol/srv1.xyz.example.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [dfs] path = /home/samba/dfs msdfs root = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba DC and DNS DLZ ? [was: Samba4 - Windows 200x DNS Migration]
I'm sorry to jump in the middle, just had some work given to me and I'm looking at docs and clearly in need of a primmer, that perhaps you can point me to. What I was told was that we need to use the samba 4 backend DNS or enable DLZ, dynamically loaded zones, in our DNS server. I haven't yet run across anything that says that the Samba server used as a domain controller, will dynamically generate new DNS records (but its a believable issue), which would make the case for dynamic DNS. But I can't seem to find a reason why dynamically loaded zones would be useful, particularly if the samba server is on a different platform than the DNS server, and I presume unable to affect the data repository that would be dynamically loaded (I guess client/server SQL, but I haven't found any such reference). Will a samba DC generate new content for DNS? Assuming that the data created by the SAMBA dc is available to DNS, I could see the need to reload the zone, or have the records load dynamically, and I guess DLZ will do that. Is that what we are looking to achieve? thanks, and sorry, will change the subjecton the thread, don't want to hijack it. On Thu, Dec 13, 2012 at 03:58:21PM -0500, Gaiseric Vandal wrote: Windows 200x AD DC's do not require that the DNS master is on a WIn 2003 AD server. You need a BIND9 compatible server with dynamic updates preferably enabled. If dynamic updates are not enabled then when a Windows machine joins the DC it will dump out DNS records that need to be added to the DNS master. As long as the Samba4 DNS server support dynamic updates it should work fine for supporting other domains. On 12/13/12 13:56, Adam Tauno Williams wrote: Has anyone been able to migrate DNS from a Samba4 DC to a Windows 200x server? I've looked around the wiki, etc... and haven't found any pertaining to moving DNS between platforms. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba --- Brian R Cuttler brian.cutt...@wadsworth.org Computer Systems Support(v) 518 486-1697 Wadsworth Center(f) 518 473-6384 NYS Department of HealthHelp Desk 518 473-0773 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 4 preexisting openldap servers
Hi all, We currently have a pair of openldap servers that we use pretty heavily for some of our web product authentication and for radius. We recently added the samba3 schema and got sambaNTPassword hashes created for our users so that we could implement PEAP/MSCHAP to simplify our radius authentication. We don't currently have AD or a samba PDC. We have a physical samba file server currently which gets its group info from ldap, but passwords are all stored in tdb. I was getting ready to build a new samba file server VM that could tie into our openldap server for authentication but I've hit a few snags along the way. I just noticed that Samba4 should be hitting release in just a few days (according to the wiki). I'm now tempted to hold off and just implement a full blown samba4 domain. Because samba4 is so new though, I'm having some trouble understanding some of the documentation. I'm not clear on how to implement this based on our current infrastructure. Can I use my existing openldap servers with samba4, or will I have to migrate my current ldap data into samba4's own ldap server? We are currently using a split view bind server for internal external DNS. Can we continue to use this or will we have to move our internal dns over to Samba4's builtin dns server? Will I need to ditch our current DHCP server as well? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba file server using ldap backend without AD or PDC?
Hi all, I've been using samba for a few years now on a couple of file servers with a tdbsam backend for our user accounts. We use openldap for the vast majority of our identity management, so I would love to be able to tie into this. We recently started using sambaNTPassword in openldap for radius authentication, so this is populated for most of our users now. From reading through some of the documentation though, I'm a bit confused as to how this would be implemented. We don't currently have Active Directory and don't have any samba PDC/BDCs set up. Would it be necessary for us to have a PDC/BDC in order to use openldap as our backend? Thanks, Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba file server using ldap backend without AD or PDC?
On 2012-11-30 9:22 am, Gaiseric Vandal wrote: Can you clarify one thing - why are you using the sambaNTPassword in openldap if openldap is not currently used samba authentication? I would have thought that you would use the standard password field. We are using the standard userPassword field for most things, but for radius authentication via PEAP/MSCHAPv2, we needed to use sambaNTPassword instead. I use Samba 3.x DC's with an ldap back end. I also use the ldap backend for unix authentication as well as authentication to various other systems that support LDAP authentication. If you are using one or more BDC's you really do have to use an LDAP back end. But there is no reason why member server's can use an LDAP backend. If the underlying unix account for each samba account is in /etc/passwd and not LDAP, you should consolidate it all into LDAP. We currently don't want to deploy a PDC or BDC if we don't need to. All we want to do is have a file server that can authenticate using the username/password stored in openldap. Do the sambaNTPassword (and other samba attributes) in LDAP match those in the tdb backend?You may find you want to blast away the existing sambaNTPassword entries in LDAP before you migrate the TDB data to LDAP. No, our current Samba file server has a totally separate set of passwords. When we transition over to this new Samba file server, we will be having all our users use their openldap password instead. We do not want to sync their existing tdb passwords over to LDAP. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba file server using ldap backend without AD or PDC?
On 2012-11-30 11:15 am, Gaiseric Vandal wrote: No, you wouldn't sync passwords to TDB. Does your LDAP entry for each user currently have a SambaSID value? Also, when you type pdbedit -Lv someuser you should see the unix account for the user. The unix account is either explicitly created (e.g. in /etc/passwd or ldap or nis) or dynamically created by winbind. No, currently our users do not have SambaSID values in ldap. # pdbedit -Lv someuser Unix username:someuser NT username: someuser Account Flags:[U ] User SID: S-1-5-21-x Primary Group SID:S-1-5-21-xxx Full Name:Some User Home Directory: \\someserver\users\someuser HomeDir Drive:X: Logon Script: logon.bat Profile Path: Domain: SOMEDOMAIN Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 0 Kickoff time: 0 Password last set:Fri, 30 Sep 2011 09:40:43 EDT Password can change: Fri, 30 Sep 2011 09:40:43 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF # Assuming you are not using winbind to allocate uid's and gid's for samba users, your LDAP user entry will eventually look something like dn: uid=someuser,ou=someou,ou=people,o=yourdomain.com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: Some User gidNumber: xx homeDirectory: /home/someuser sambaSID: S-1-5-21- sn: UserLastName uid: someuser uidNumber: 123 displayName: Some User gecos: Some User givenName: Some User loginShell: /bin/tcsh sambaAcctFlags: [UX ] sambaHomeDrive: X: sambaHomePath: \\someserver\users\someuser sambaLogonScript: logon.bat sambaNTPassword: sambaPasswordHistory: 00 00 sambaPwdLastSet: 1291843237 st: xx street: x telephoneNumber: x userPassword:: Although the login script and network home directory probably not relevant in a non-DC setup. We are not using winbind at all currently. Here is a sample user's ldap data: dn: uid=tstaff,ou=people,dc=simons-rock,dc=edu uid: tstaff sn: Staff uinSR: tstaff-false givenName: Test genderSR: m loginShell: /bin/false cn: Test Staff gecos: Test Staff mailSR: test...@simons-rock.edu homeDirectory: /home/testaff objectClass: person objectClass: top objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: personSR objectClass: extensibleObject objectClass: posixAccount objectClass: shadowAccount shadowLastChange: 11551 shadowWarning: 7 gidNumber: 100 shadowMax: 9 uidNumber: 7391 mail: test...@simons-rock.edu groupSR: staff groupSR: hidden employeeNumber: 991991991 sambaNTPassword: REDACTED sambaPwdLastSet: 1354296936 userPassword:: REDACTED -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba file server using ldap backend without AD or PDC?
On 2012-11-30 4:01 pm, Gaiseric Vandal wrote: So when you run pdbedit -Lv for a user, is the Unix user name is an account in ldap? If that is the case, then you probably just want to have a script that runs that runs thru a list of user names and they runs ldapmodify to add the appropriate samba attributes.In theory you can use pdbedit to export the data, then change the backend, then import it back. I found that didn't quite work. I had originally used nis backend for unix accounts and TBD backend for samba. I moved from NIS to LDAP for unix accounts. Then when I added a BDC I moved the samba data into ldap.I had used smbpasswd to dump the data to a text file, then wrote a perl script to parse the file into user name, samba SID, and samba password and then rewrite it into an ldapmodify ldif file. I used this file to update the existing LDAP accounts. You MAYBE can use smbpasswd or pdbedit to create the samba accounts in LDAP but I suspect that either it won't preserve the existing password OR it may refuse to create the account. Here is the output for that same user when I do a pdbedit. The unix username is being pulled from ldap. pdbedit -Lv testaff Unix username:testaff NT username: Account Flags:[U ] User SID: S-1-5-21-2531268310-2106678637-3833209162-15782 Primary Group SID:S-1-5-21-2531268310-2106678637-3833209162-513 Full Name:Test Staff Home Directory: \\elephant\testaff HomeDir Drive: Logon Script: Profile Path: \\elephant\testaff\profile Domain: ELEPHANT Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Fri, 27 Jun 2008 16:50:45 EDT Password can change: Fri, 27 Jun 2008 16:50:45 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF Worth a try I guess. As it is, I'm planning on totally scrapping this existing samba file server when we move to using ldap passwords. The only things that need to carry over are the files on the file server itself. I'm totally fine with not using any of the data that is in tbd currently. Is there a way to autogenerate the samba SID (since I don't necessarily need the one that is being used in my current samba file server) and whatever other samba fields might be needed for all of my existing ldap accounts? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 DNS error
We have setup separate 2 Samba4 Domains in test environments and are having some errors in DNS. The errors are the same on both domains and they are as follows. Domain 1: Ubuntu 12.04 Samba 4.1.0pre1-GIT-92e17d5 This domain was a clean provision as a new domain. Domain 2: Debian 6.0.6 Samba 4.1.0pre1-GIT-92e17d5 Classic upgrade from Samba3 When trying to add a Forwarder to DNS using the DNS Remote Administration tool on Windows 7 we receive The server forwarders cannot be upgraded. This function is not supported on this system. On both systems we are using Samba4's internal DNS. Thank you, Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old, reliable samba 3.5 and Active directory suddenly not reliable
I'm not an expert in this, but I do know that one major cause of Kerberos issues is clock skew. And that would explain the problem kicking in suddenly when you've never seen it before. If the clocks recently got out of sync with each other, you'd suddenly start hitting mysterious problems. Can you try checking the date and time on all of your machines, including the Active Directory machines, and make sure that they match? -- Brian On Mon, Oct 22, 2012 at 2:51 PM, Robert M. Martel - CSU r.mar...@csuohio.edu wrote: Greetings, More responding to my own thread - but no solution in sight. Still having the problem with Samba 3.5.18. New and different error message from net ads testjoin: #webdevel# net ads testjoin [2012/10/22 14:23:07.317109, 0] libads/kerberos.c:333(ads_kinit_password) kerberos_kinit_password WEBDEVEL$@CSUNET.CSUOHIO.EDU failed: Clients credentials have been revoked [2012/10/22 14:23:07.353280, 0] libads/kerberos.c:333(ads_kinit_password) kerberos_kinit_password WEBDEVEL$@CSUNET.CSUOHIO.EDU failed: Clients credentials have been revoked Join to domain is not valid: Access denied The Active Directory admins are still saying that they have not changed anything on their side. On 10/22/2012 11:48 AM, Robert M. Martel - CSU wrote: Greetings, something to add. Had one of the Solaris 9 machines just stop working. I stopped samba and restarted it, found the following in smblog.smbd [2012/10/22 11:37:00.299787, 0] libads/sasl.c:823(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials I removed the machine from Active Directory and immediately re-added it - I did NOT run kinit to get new credentials. started Samba and the machine works fine...for now. On 10/22/2012 11:29 AM, Robert M. Martel - CSU wrote: Greetings, I have an elderly installation of Samba 3.5.8 running on 10 Sparc servers (and 3.5.12 on Solaris 9 servers with the same issue) set up as Active Directory member servers. Since we've laid-off everyone else around here I have not had the opportunity to update the Samba installation - and have not needed to as it has been very solid. Suddenly last Friday the Samba servers started having authentication problems for the active directory users. Users were unable to map drives, looking at files on the server I was seeing UID numbers rather that the user's login ID for the files. Stopping and restarting Samba did not help. I took the machines out of Active Directory, and then re-added them - which they did without a problem. After restarting Samba all was well, for awhile. This morning some folks that had left themselves looked in over the weekend were okay, but others could not map their drives. interactive logins for AD users did not work. I again left and rejoined the AD domain and all was well for a bit, then I had to repeat the cycle. I do not maintain or have access to the Active Directory servers or configuration. The central IT people claim that they have not made any changes to the AD servers...but they don't always tell me the whole truth. I am building Samba 3.5.18 right now in the hope that it will make a difference. I've never had a problem like this since first playing with Samba and Active directory more than 5 years ago - and certainly no issue like this since putting it into production. -- *** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net ads user add -F 'user flags'
working with samba 3.5.10 on CentOS.. and AD to a win2k8r2 machine.. I'll say this outright as I can not seem to find a concrete answer, please correct where applicable. * You can create accounts in linux on AD, but they can not be enabled from linux. To enable you must use Win2k8r2 to literally enable them. Unless you want to use ldap tools. * Samba needs the DNS servers (and dns domain) of the AD in order to function properly (resolv.conf) .. (I'm using dnsmasq passing queries for the dns domain to the AD dns servers and things fails; switching to the M$ dns makes it all work..) I'm trying to add users via linux cli as scripting is easier, and it seems that all the accounts will be created 'disabled' and must obviously be 'enabled' for them to work. ( with all that said.. ) So in reading the man page for 'net' I see this: [RPC|ADS] USER ADD name [password] [-F user flags] [-C comment] Add specified user. *where* do I find out what -F 'user flags' are? :) Or is there nothing there that will allow me to 'enable' accounts from linux? Thanks in advance.. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Issue with joing to ADS2003 domain
I have set up LDAP/KRB5 access to my active directory network. If I do a getent passwd, I see the users with a unix UID/GID. If use kinit, I can get a token. If I su to a user, it creates a home folder, and shows correct IDs etc. However the machine will not log in via ssh or the GUI. In secure I see: Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: ccache dir: /tmp Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: keytab: FILE:/etc/krb5.keytab Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: called to authenticate 'ipillion', realm 'MYDOMAIN.COM' Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: authenticating 'ipill...@mydomain.com' Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: trying previously-entered password for 'ipillion', allowing libkrb5 to prompt for more Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: authenticating 'ipill...@mydomain.com' to 'krbtgt/mydomain@mydomain.com' Oct 27 11:14:56 rhelads sshd[4190]: pam_krb5[4190]: krb5_get_init_creds_password(krbtgt/mydomain@mydomain.com) returned 0 (Success) Oct 27 11:14:56 rhelads sshd[4190]: pam_krb5[4190]: validating credentials Oct 27 11:15:16 rhelads sshd[4190]: pam_krb5[4190]: error guessing name of local host principal Oct 27 11:15:36 rhelads sshd[4190]: pam_krb5[4190]: TGT failed verification using keytab: Hostname cannot be canonicalized Oct 27 11:15:36 rhelads sshd[4190]: pam_krb5[4190]: got result 0 (Success) Oct 27 11:15:36 rhelads sshd[4190]: pam_krb5[4190]: authentication fails for 'ipillion' (ipill...@mydomain.com): Authentication failure (Success) Oct 27 11:15:36 rhelads sshd[4190]: pam_krb5[4190]: pam_authenticate returning 7 (Authentication failure) Oct 27 11:15:38 rhelads sshd[4190]: Failed password for ipillion from 172.16.165.122 port 57518 ssh2 Oct 27 11:15:40 rhelads sshd[4193]: Connection closed by 172.16.165.122 So I try to join the machine to the domain: libads/sasl.c:ads_sasl_spengo_bind(819) kinit suceeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials Failed to join domain: failed to connect to AD: Invalid credentials My smb.conf is here: [global] workgroup = ITD2 realm = mydomain.com security = ads user kerberos keytab = true The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Issue with joing to ADS2003 domain
I forgot to mention I am using RHEL 5.6 I was using Samba3.0 (installed by default) but I removed this and installed Samba 3.3 from the DVD. Regards B From: Brian O'Mahony Sent: 27 October 2011 16:16 To: samba@lists.samba.org Subject: Issue with joing to ADS2003 domain I have set up LDAP/KRB5 access to my active directory network. If I do a getent passwd, I see the users with a unix UID/GID. If use kinit, I can get a token. If I su to a user, it creates a home folder, and shows correct IDs etc. However the machine will not log in via ssh or the GUI. In secure I see: Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: ccache dir: /tmp Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: keytab: FILE:/etc/krb5.keytab Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: called to authenticate 'ipillion', realm 'MYDOMAIN.COM' Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: authenticating 'ipill...@mydomain.com' Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: trying previously-entered password for 'ipillion', allowing libkrb5 to prompt for more Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: authenticating 'ipill...@mydomain.com' to 'krbtgt/mydomain@mydomain.com' Oct 27 11:14:56 rhelads sshd[4190]: pam_krb5[4190]: krb5_get_init_creds_password(krbtgt/mydomain@mydomain.commailto:krbtgt/mydomain@mydomain.com) returned 0 (Success) Oct 27 11:14:56 rhelads sshd[4190]: pam_krb5[4190]: validating credentials Oct 27 11:15:16 rhelads sshd[4190]: pam_krb5[4190]: error guessing name of local host principal Oct 27 11:15:36 rhelads sshd[4190]: pam_krb5[4190]: TGT failed verification using keytab: Hostname cannot be canonicalized Oct 27 11:15:36 rhelads sshd[4190]: pam_krb5[4190]: got result 0 (Success) Oct 27 11:15:36 rhelads sshd[4190]: pam_krb5[4190]: authentication fails for 'ipillion' (ipill...@mydomain.commailto:ipill...@mydomain.com): Authentication failure (Success) Oct 27 11:15:36 rhelads sshd[4190]: pam_krb5[4190]: pam_authenticate returning 7 (Authentication failure) Oct 27 11:15:38 rhelads sshd[4190]: Failed password for ipillion from 172.16.165.122 port 57518 ssh2 Oct 27 11:15:40 rhelads sshd[4193]: Connection closed by 172.16.165.122 So I try to join the machine to the domain: libads/sasl.c:ads_sasl_spengo_bind(819) kinit suceeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials Failed to join domain: failed to connect to AD: Invalid credentials My smb.conf is here: [global] workgroup = ITD2 realm = mydomain.com security = ads user kerberos keytab = true The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Mapping drive
We have a server running linux with a samba shared directory. We have sever windows xp machines that map the samba shared directory using the same user name and password. All has gone well for a couple of years. Now, on some of the machines, it won't allow the mapping of the samba share reporting Access denied I have made sure that the proper user name and password is used. There has been no recent updates on the server or user's computer...that we know of. One hint of a problem is that the windows machines appears to be trying to send the windows machine's group name as part of the log in which I know it didn't do before. Any ideas? Thanks to all that answer Brian Brian Germann Wayne Enterprises Inc. Linden, CA 209-887-2008 mailto:br...@revolution911.com http://www.revolution911.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Authentication wrecking my head [ADS]
The is no /var/cache/samba folder. Any idea what files im looking for? -Original Message- From: Dale Schroeder [mailto:d...@briannassaladdressing.com] Sent: Wednesday, March 30, 2011 7:50 PM To: Brian O'Mahony Cc: Samba Subject: Re: [Samba] Samba Authentication wrecking my head [ADS] Also check /var/cache/samba Dale On 03/30/2011 11:48 AM, Brian O'Mahony wrote: samba3-3.4.11-42.el5 However I have moved to using idmap_rid, as I will have cold standbys of machines that I want to be able to access SAN data, with the same IDs. So how does one go about clearing the samba user cache? I had it set up with users starting at 1. With RID I have now brought this down to 500 (so I can easily see the difference). I deleted the winbindd_* files folder in /var/lib/samba, but when I use a getent passwd brian.omahony its showing the id as 10 Thanks B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Gaiseric Vandal Sent: Wednesday, March 30, 2011 4:28 PM To: Samba Subject: Re: [Samba] Samba Authentication wrecking my head [ADS] What version of samba? I found that samba 3.0.x (as bundled with solaris) had problems with idmap. This was with LDAP backend, a Samba DC with trusts to Windows 2003 domain (in NT domain compatibility mode.) Samba would allocate idmap entries in ldap, and would populate the TDB cache files. but when the cache timeout expired, the cache files were not repopulated. Long and short- I don't think Samba 3.0.x plays nice with Windows 2003. It doesn't work with Windows 2008 domains (2003 mode.) On 03/30/2011 10:07 AM, Brian O'Mahony wrote: After a bit of googling, I found that the idmap has been corrupted. Why would/could this happen? -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian O'Mahony Sent: Wednesday, March 30, 2011 2:37 PM To: samba@lists.samba.org Subject: [Samba] Samba Authentication wrecking my head [ADS] Ive recently installed three servers with RHEL5u5. After some messing on the original, I got samba working with ADS authentication. I then went and got it working so that users could log in using their domain name password to the box. I got this working with both no restriction, and ADS group restriction. I have left it on no restriction wheil I get these systems up and running. I then copied my configuration files (krb5.conf, samba.conf, system-auth.conf) to the second machine. Everything works. Rebooted, everything is fine. System running as expected. I copied to the third machine. Everything worked fine. I was able to log in using two users (mine and a colleagues). Set up some other machine stuff, rebooted, and passed the machine over. I was then informed (naturally 5mins after I left the office) that there was something wrong. Those two accounts worked from both a samba perspective, and a login perspective. However a third account that was supposed to work, failed with su: user ccadm does not exist. Now samba doesn't work for any user other than the original too, and the same goes for logins. I tried net ads leave, kdestory, renaming the system, rebooting. I have rejoined the domain as both that system name, and a new one, with no issues: [root@akbarTRAP log]# wbinfo -t checking the trust secret via RPC calls succeeded [root@akbarTRAP log]# net ads testjoin Join is OK [root@akbarTRAP log]# wbinfo -u | grep ccadm Ccadm So my questions are: 1. Where the hell are these accounts being cached, that work. 2. What the hell has happened to make this no longer work. 3. Why if I can see all the users groups can I not log in, or get samba working. This is really starting to get on my nerves. I just cannot understand why if it can see the users using wbinfo, why it is telling me they don't exist. Would really appreciate some help on this. Regards B [root@akbarTRAP etc]# cat /etc/nsswitch.conf | grep winbind passwd: files winbind shadow: files winbind group: files winbind log.winbind: [2011/03/30 14:29:03, 3] winbindd/winbindd_misc.c:754(winbindd_interface_version) [ 7381]: request interface version [2011/03/30 14:29:03, 3] winbindd/winbindd_misc.c:787(winbindd_priv_pipe_dir) [ 7381]: request location of privileged pipe [2011/03/30 14:29:03, 3] winbindd/winbindd_user.c:438(winbindd_getpwnam) [ 7381]: getpwnam ccadm [2011/03/30 14:29:05, 3] winbindd/winbindd_user.c:438(winbindd_getpwnam) [ 7381]: getpwnam ccadm [2011/03/30 14:29:05, 3] winbindd/winbindd_misc.c:754(winbindd_interface_version) [ 7381]: request interface version [2011/03/30 14:29:05, 3] winbindd/winbindd_misc.c:787(winbindd_priv_pipe_dir) [ 7381]: request location of privileged pipe [2011/03/30 14:29:05, 3] winbindd/winbindd_pam.c:829(winbindd_pam_auth
Re: [Samba] Samba Authentication wrecking my head [ADS]
I deleted *everything* in /var/lib/samba and it worked. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian O'Mahony Sent: Thursday, March 31, 2011 10:03 AM To: 'Dale Schroeder' Cc: Samba Subject: Re: [Samba] Samba Authentication wrecking my head [ADS] The is no /var/cache/samba folder. Any idea what files im looking for? -Original Message- From: Dale Schroeder [mailto:d...@briannassaladdressing.com] Sent: Wednesday, March 30, 2011 7:50 PM To: Brian O'Mahony Cc: Samba Subject: Re: [Samba] Samba Authentication wrecking my head [ADS] Also check /var/cache/samba Dale On 03/30/2011 11:48 AM, Brian O'Mahony wrote: samba3-3.4.11-42.el5 However I have moved to using idmap_rid, as I will have cold standbys of machines that I want to be able to access SAN data, with the same IDs. So how does one go about clearing the samba user cache? I had it set up with users starting at 1. With RID I have now brought this down to 500 (so I can easily see the difference). I deleted the winbindd_* files folder in /var/lib/samba, but when I use a getent passwd brian.omahony its showing the id as 10 Thanks B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Gaiseric Vandal Sent: Wednesday, March 30, 2011 4:28 PM To: Samba Subject: Re: [Samba] Samba Authentication wrecking my head [ADS] What version of samba? I found that samba 3.0.x (as bundled with solaris) had problems with idmap. This was with LDAP backend, a Samba DC with trusts to Windows 2003 domain (in NT domain compatibility mode.) Samba would allocate idmap entries in ldap, and would populate the TDB cache files. but when the cache timeout expired, the cache files were not repopulated. Long and short- I don't think Samba 3.0.x plays nice with Windows 2003. It doesn't work with Windows 2008 domains (2003 mode.) On 03/30/2011 10:07 AM, Brian O'Mahony wrote: After a bit of googling, I found that the idmap has been corrupted. Why would/could this happen? -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian O'Mahony Sent: Wednesday, March 30, 2011 2:37 PM To: samba@lists.samba.org Subject: [Samba] Samba Authentication wrecking my head [ADS] Ive recently installed three servers with RHEL5u5. After some messing on the original, I got samba working with ADS authentication. I then went and got it working so that users could log in using their domain name password to the box. I got this working with both no restriction, and ADS group restriction. I have left it on no restriction wheil I get these systems up and running. I then copied my configuration files (krb5.conf, samba.conf, system-auth.conf) to the second machine. Everything works. Rebooted, everything is fine. System running as expected. I copied to the third machine. Everything worked fine. I was able to log in using two users (mine and a colleagues). Set up some other machine stuff, rebooted, and passed the machine over. I was then informed (naturally 5mins after I left the office) that there was something wrong. Those two accounts worked from both a samba perspective, and a login perspective. However a third account that was supposed to work, failed with su: user ccadm does not exist. Now samba doesn't work for any user other than the original too, and the same goes for logins. I tried net ads leave, kdestory, renaming the system, rebooting. I have rejoined the domain as both that system name, and a new one, with no issues: [root@akbarTRAP log]# wbinfo -t checking the trust secret via RPC calls succeeded [root@akbarTRAP log]# net ads testjoin Join is OK [root@akbarTRAP log]# wbinfo -u | grep ccadm Ccadm So my questions are: 1. Where the hell are these accounts being cached, that work. 2. What the hell has happened to make this no longer work. 3. Why if I can see all the users groups can I not log in, or get samba working. This is really starting to get on my nerves. I just cannot understand why if it can see the users using wbinfo, why it is telling me they don't exist. Would really appreciate some help on this. Regards B [root@akbarTRAP etc]# cat /etc/nsswitch.conf | grep winbind passwd: files winbind shadow: files winbind group: files winbind log.winbind: [2011/03/30 14:29:03, 3] winbindd/winbindd_misc.c:754(winbindd_interface_version) [ 7381]: request interface version [2011/03/30 14:29:03, 3] winbindd/winbindd_misc.c:787(winbindd_priv_pipe_dir) [ 7381]: request location of privileged pipe [2011/03/30 14:29:03, 3] winbindd/winbindd_user.c:438(winbindd_getpwnam) [ 7381]: getpwnam ccadm [2011/03/30 14:29:05, 3] winbindd/winbindd_user.c:438(winbindd_getpwnam) [ 7381]: getpwnam ccadm [2011/03/30 14
[Samba] Samba Authentication wrecking my head [ADS]
Ive recently installed three servers with RHEL5u5. After some messing on the original, I got samba working with ADS authentication. I then went and got it working so that users could log in using their domain name password to the box. I got this working with both no restriction, and ADS group restriction. I have left it on no restriction wheil I get these systems up and running. I then copied my configuration files (krb5.conf, samba.conf, system-auth.conf) to the second machine. Everything works. Rebooted, everything is fine. System running as expected. I copied to the third machine. Everything worked fine. I was able to log in using two users (mine and a colleagues). Set up some other machine stuff, rebooted, and passed the machine over. I was then informed (naturally 5mins after I left the office) that there was something wrong. Those two accounts worked from both a samba perspective, and a login perspective. However a third account that was supposed to work, failed with su: user ccadm does not exist. Now samba doesn't work for any user other than the original too, and the same goes for logins. I tried net ads leave, kdestory, renaming the system, rebooting. I have rejoined the domain as both that system name, and a new one, with no issues: [root@akbarTRAP log]# wbinfo -t checking the trust secret via RPC calls succeeded [root@akbarTRAP log]# net ads testjoin Join is OK [root@akbarTRAP log]# wbinfo -u | grep ccadm Ccadm So my questions are: 1. Where the hell are these accounts being cached, that work. 2. What the hell has happened to make this no longer work. 3. Why if I can see all the users groups can I not log in, or get samba working. This is really starting to get on my nerves. I just cannot understand why if it can see the users using wbinfo, why it is telling me they don't exist. Would really appreciate some help on this. Regards B [root@akbarTRAP etc]# cat /etc/nsswitch.conf | grep winbind passwd: files winbind shadow: files winbind group: files winbind log.winbind: [2011/03/30 14:29:03, 3] winbindd/winbindd_misc.c:754(winbindd_interface_version) [ 7381]: request interface version [2011/03/30 14:29:03, 3] winbindd/winbindd_misc.c:787(winbindd_priv_pipe_dir) [ 7381]: request location of privileged pipe [2011/03/30 14:29:03, 3] winbindd/winbindd_user.c:438(winbindd_getpwnam) [ 7381]: getpwnam ccadm [2011/03/30 14:29:05, 3] winbindd/winbindd_user.c:438(winbindd_getpwnam) [ 7381]: getpwnam ccadm [2011/03/30 14:29:05, 3] winbindd/winbindd_misc.c:754(winbindd_interface_version) [ 7381]: request interface version [2011/03/30 14:29:05, 3] winbindd/winbindd_misc.c:787(winbindd_priv_pipe_dir) [ 7381]: request location of privileged pipe [2011/03/30 14:29:05, 3] winbindd/winbindd_pam.c:829(winbindd_pam_auth) [ 7381]: pam auth ccadm [2011/03/30 14:29:05, 3] winbindd/winbindd_user.c:438(winbindd_getpwnam) [ 7381]: getpwnam ccadm Secure log: Mar 30 14:29:03 akbartrap sshd[7381]: Invalid user ccadm from 172.16.165.248 Mar 30 14:29:03 akbartrap sshd[7382]: input_userauth_request: invalid user ccadm Mar 30 14:29:05 akbartrap sshd[7381]: pam_unix(sshd:auth): check pass; user unknown Mar 30 14:29:05 akbartrap sshd[7381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=galvatron.MYDOMAIN.com Mar 30 14:29:05 akbartrap sshd[7381]: pam_winbind(sshd:auth): getting password (0x0010) Mar 30 14:29:05 akbartrap sshd[7381]: pam_winbind(sshd:auth): pam_get_item returned a password Mar 30 14:29:05 akbartrap sshd[7381]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTH_ERR (7), NTSTATUS: NT_STATUS_WRONG_PASSWORD, Error message was: Wrong Password [I know the pass is right here. It works elsewhere] Mar 30 14:29:05 akbartrap sshd[7381]: pam_winbind(sshd:auth): user 'ccadm' denied access (incorrect password or invalid membership) Mar 30 14:29:05 akbartrap sshd[7381]: pam_succeed_if(sshd:auth): error retrieving information about user ccadm Mar 30 14:29:07 akbartrap sshd[7381]: Failed password for invalid user ccadm from 172.16.165.248 port 39699 ssh2 # Global parameters [global] workgroup = GROUP realm = MYDOMAIN.COM security = ads idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = Yes winbind separator = / encrypt passwords = Yes log level = 3 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 preferred master = No dns proxy = No wins server = 172.16.164.100 template homedir = /home/%U template shell = /bin/bash authrequired pam_env.so authsufficientpam_unix.so nullok try_first_pass authsufficientpam_winbind.so use_first_pass authrequisite pam_succeed_if.so uid = 500 quiet
Re: [Samba] Samba Authentication wrecking my head [ADS]
After a bit of googling, I found that the idmap has been corrupted. Why would/could this happen? -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian O'Mahony Sent: Wednesday, March 30, 2011 2:37 PM To: samba@lists.samba.org Subject: [Samba] Samba Authentication wrecking my head [ADS] Ive recently installed three servers with RHEL5u5. After some messing on the original, I got samba working with ADS authentication. I then went and got it working so that users could log in using their domain name password to the box. I got this working with both no restriction, and ADS group restriction. I have left it on no restriction wheil I get these systems up and running. I then copied my configuration files (krb5.conf, samba.conf, system-auth.conf) to the second machine. Everything works. Rebooted, everything is fine. System running as expected. I copied to the third machine. Everything worked fine. I was able to log in using two users (mine and a colleagues). Set up some other machine stuff, rebooted, and passed the machine over. I was then informed (naturally 5mins after I left the office) that there was something wrong. Those two accounts worked from both a samba perspective, and a login perspective. However a third account that was supposed to work, failed with su: user ccadm does not exist. Now samba doesn't work for any user other than the original too, and the same goes for logins. I tried net ads leave, kdestory, renaming the system, rebooting. I have rejoined the domain as both that system name, and a new one, with no issues: [root@akbarTRAP log]# wbinfo -t checking the trust secret via RPC calls succeeded [root@akbarTRAP log]# net ads testjoin Join is OK [root@akbarTRAP log]# wbinfo -u | grep ccadm Ccadm So my questions are: 1. Where the hell are these accounts being cached, that work. 2. What the hell has happened to make this no longer work. 3. Why if I can see all the users groups can I not log in, or get samba working. This is really starting to get on my nerves. I just cannot understand why if it can see the users using wbinfo, why it is telling me they don't exist. Would really appreciate some help on this. Regards B [root@akbarTRAP etc]# cat /etc/nsswitch.conf | grep winbind passwd: files winbind shadow: files winbind group: files winbind log.winbind: [2011/03/30 14:29:03, 3] winbindd/winbindd_misc.c:754(winbindd_interface_version) [ 7381]: request interface version [2011/03/30 14:29:03, 3] winbindd/winbindd_misc.c:787(winbindd_priv_pipe_dir) [ 7381]: request location of privileged pipe [2011/03/30 14:29:03, 3] winbindd/winbindd_user.c:438(winbindd_getpwnam) [ 7381]: getpwnam ccadm [2011/03/30 14:29:05, 3] winbindd/winbindd_user.c:438(winbindd_getpwnam) [ 7381]: getpwnam ccadm [2011/03/30 14:29:05, 3] winbindd/winbindd_misc.c:754(winbindd_interface_version) [ 7381]: request interface version [2011/03/30 14:29:05, 3] winbindd/winbindd_misc.c:787(winbindd_priv_pipe_dir) [ 7381]: request location of privileged pipe [2011/03/30 14:29:05, 3] winbindd/winbindd_pam.c:829(winbindd_pam_auth) [ 7381]: pam auth ccadm [2011/03/30 14:29:05, 3] winbindd/winbindd_user.c:438(winbindd_getpwnam) [ 7381]: getpwnam ccadm Secure log: Mar 30 14:29:03 akbartrap sshd[7381]: Invalid user ccadm from 172.16.165.248 Mar 30 14:29:03 akbartrap sshd[7382]: input_userauth_request: invalid user ccadm Mar 30 14:29:05 akbartrap sshd[7381]: pam_unix(sshd:auth): check pass; user unknown Mar 30 14:29:05 akbartrap sshd[7381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=galvatron.MYDOMAIN.com Mar 30 14:29:05 akbartrap sshd[7381]: pam_winbind(sshd:auth): getting password (0x0010) Mar 30 14:29:05 akbartrap sshd[7381]: pam_winbind(sshd:auth): pam_get_item returned a password Mar 30 14:29:05 akbartrap sshd[7381]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTH_ERR (7), NTSTATUS: NT_STATUS_WRONG_PASSWORD, Error message was: Wrong Password [I know the pass is right here. It works elsewhere] Mar 30 14:29:05 akbartrap sshd[7381]: pam_winbind(sshd:auth): user 'ccadm' denied access (incorrect password or invalid membership) Mar 30 14:29:05 ak bartrap sshd[7381]: pam_succeed_if(sshd:auth): error retrieving information about user ccadm Mar 30 14:29:07 akbartrap sshd[7381]: Failed password for invalid user ccadm from 172.16.165.248 port 39699 ssh2 # Global parameters [global] workgroup = GROUP realm = MYDOMAIN.COM security = ads idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = Yes winbind separator = / encrypt passwords = Yes log level = 3 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
Re: [Samba] Samba Authentication wrecking my head [ADS]
samba3-3.4.11-42.el5 However I have moved to using idmap_rid, as I will have cold standbys of machines that I want to be able to access SAN data, with the same IDs. So how does one go about clearing the samba user cache? I had it set up with users starting at 1. With RID I have now brought this down to 500 (so I can easily see the difference). I deleted the winbindd_* files folder in /var/lib/samba, but when I use a getent passwd brian.omahony its showing the id as 10 Thanks B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Gaiseric Vandal Sent: Wednesday, March 30, 2011 4:28 PM To: Samba Subject: Re: [Samba] Samba Authentication wrecking my head [ADS] What version of samba? I found that samba 3.0.x (as bundled with solaris) had problems with idmap. This was with LDAP backend, a Samba DC with trusts to Windows 2003 domain (in NT domain compatibility mode.) Samba would allocate idmap entries in ldap, and would populate the TDB cache files. but when the cache timeout expired, the cache files were not repopulated. Long and short- I don't think Samba 3.0.x plays nice with Windows 2003. It doesn't work with Windows 2008 domains (2003 mode.) On 03/30/2011 10:07 AM, Brian O'Mahony wrote: After a bit of googling, I found that the idmap has been corrupted. Why would/could this happen? -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian O'Mahony Sent: Wednesday, March 30, 2011 2:37 PM To: samba@lists.samba.org Subject: [Samba] Samba Authentication wrecking my head [ADS] Ive recently installed three servers with RHEL5u5. After some messing on the original, I got samba working with ADS authentication. I then went and got it working so that users could log in using their domain name password to the box. I got this working with both no restriction, and ADS group restriction. I have left it on no restriction wheil I get these systems up and running. I then copied my configuration files (krb5.conf, samba.conf, system-auth.conf) to the second machine. Everything works. Rebooted, everything is fine. System running as expected. I copied to the third machine. Everything worked fine. I was able to log in using two users (mine and a colleagues). Set up some other machine stuff, rebooted, and passed the machine over. I was then informed (naturally 5mins after I left the office) that there was something wrong. Those two accounts worked from both a samba perspective, and a login perspective. However a third account that was supposed to work, failed with su: user ccadm does not exist. Now samba doesn't work for any user other than the original too, and the same goes for logins. I tried net ads leave, kdestory, renaming the system, rebooting. I have rejoined the domain as both that system name, and a new one, with no issues: [root@akbarTRAP log]# wbinfo -t checking the trust secret via RPC calls succeeded [root@akbarTRAP log]# net ads testjoin Join is OK [root@akbarTRAP log]# wbinfo -u | grep ccadm Ccadm So my questions are: 1. Where the hell are these accounts being cached, that work. 2. What the hell has happened to make this no longer work. 3. Why if I can see all the users groups can I not log in, or get samba working. This is really starting to get on my nerves. I just cannot understand why if it can see the users using wbinfo, why it is telling me they don't exist. Would really appreciate some help on this. Regards B [root@akbarTRAP etc]# cat /etc/nsswitch.conf | grep winbind passwd: files winbind shadow: files winbind group: files winbind log.winbind: [2011/03/30 14:29:03, 3] winbindd/winbindd_misc.c:754(winbindd_interface_version) [ 7381]: request interface version [2011/03/30 14:29:03, 3] winbindd/winbindd_misc.c:787(winbindd_priv_pipe_dir) [ 7381]: request location of privileged pipe [2011/03/30 14:29:03, 3] winbindd/winbindd_user.c:438(winbindd_getpwnam) [ 7381]: getpwnam ccadm [2011/03/30 14:29:05, 3] winbindd/winbindd_user.c:438(winbindd_getpwnam) [ 7381]: getpwnam ccadm [2011/03/30 14:29:05, 3] winbindd/winbindd_misc.c:754(winbindd_interface_version) [ 7381]: request interface version [2011/03/30 14:29:05, 3] winbindd/winbindd_misc.c:787(winbindd_priv_pipe_dir) [ 7381]: request location of privileged pipe [2011/03/30 14:29:05, 3] winbindd/winbindd_pam.c:829(winbindd_pam_auth) [ 7381]: pam auth ccadm [2011/03/30 14:29:05, 3] winbindd/winbindd_user.c:438(winbindd_getpwnam) [ 7381]: getpwnam ccadm Secure log: Mar 30 14:29:03 akbartrap sshd[7381]: Invalid user ccadm from 172.16.165.248 Mar 30 14:29:03 akbartrap sshd[7382]: input_userauth_request: invalid user ccadm Mar 30 14:29:05 akbartrap sshd[7381]: pam_unix(sshd:auth): check pass; user unknown Mar 30 14:29:05 akbartrap
Re: [Samba] Help with ADS authentication and Samba
So can anyone help me find where this cache is stored? I can log in from any machine with a username that previously worked, and is therefore cached somewhere on the samba server. However every other account does not work. Thanks B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian O'Mahony Sent: Friday, March 11, 2011 5:26 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba After a bit more investigation it seems my issue on the working server is a bit more complex. If I use any of the three usernames that had previously worked, they work in the login prompt. However if I use any other user, it fails to log in. There is obviously a cache of users somewhere, but I cannot find it. Has anyone an idea where this cache is? Regards B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian O'Mahony Sent: Friday, March 11, 2011 5:05 PM To: 'Geoff Winkless'; samba Subject: Re: [Samba] Help with ADS authentication and Samba Geoff, did you do the steps below? Was there anything else required? B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:59 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba Well I changed the server name and it resolved my problem, so I'm guessing something was left over from the old install. No idea where though, anyone any clue? On 11 March 2011 16:47, Brian O'Mahony brian.omah...@curamsoftware.com wrote: I only installed this server with Base RHEL5.5 last week, got samba working on Monday with ADS. By today (probably yesterday or wed) it was now popping up the login box. When you change the name, what is entailed? Change the name in RHEL. Change the name in DNS (windows server) Rejoin the ads network using net ads join -U Sounds about it. I ran net ads leave first, then changed samba and /etc/hosts and reran kinit too before rejoining, I dunno if that's required. Thanks for the help so far. Not sure how much help I'm being, it's nice to know I'm not the only one. Did you try the testparm thing? Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help with ADS authentication and Samba
Hi there, just recently joined this list as I seem to be having a little trouble that I am hoping someone can help with. I recently installed a RHEL5.5 server and updated samba to samba3-3.4.11-42.el5.x86_64.rpm. I had never set up samba to authenticate with ADS so I read a little bit and dove right in. The server now works fine, so when I browse to \\machinenamefile:///\\machinename no login box pops up, and I see the shares, and every user in the domain can write to them. So far so good. I then try to replicate this on another server and then the problems started. Here is the procedure I followed: I copied smb.conf, krb5.conf over to the new server from the working copy. Edited nsswitch.conf to add winbind to the end of passwd, group and shadow. I then ran kinit admin. This worked. I than ran kdestroy to destroy the token. [root@rhel5u5live ~]# net ads join -U ictadmin Enter ictadmin's password: Using short domain name -- XXX Joined 'RHEL5U5LIVE' to realm 'xxx.com' [root@rhel5u5live ~]# net ads testjoin Join is OK [root@rhel5u5live ~]# wbinfo -u | grep brian.om XXX/brian.omahony So it seems to be able to look up users etc on the Domain controller. How ever when I browse to \\machinenamefile:///\\machinename a login box pops up. I *know* I must have forgotten something, but cant figure out what. Could someone please help? Thanx b The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
It is XP. When I ran net use \\rhel5u5\tmp /USER:DOMAIN\brian.omahony I get: The password or user name is invalid for \\rhel5u5live\tmp. Enter the password for 'ITDESIGN2\brian.omahony' to connect to 'rhel5u5live': System error 1326 has occurred. Logon failure: unknown user name or bad password. Obviously I entered my windows password when I was prompted. The working server does NOT have entries in the hosts file, and this server DOES. However both can dig the DC successfully. Here is the machine log: [root@rhel5u5live samba]# cat log.soundwave [2011/03/11 13:25:31, 6] param/loadparm.c:7028(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf - /etc/samba/smb.conf last mod_time: Fri Mar 11 13:21:32 2011 [2011/03/11 13:25:31, 5] smbd/reply.c:503(reply_special) init msg_type=0x81 msg_flags=0x0 [2011/03/11 13:25:31, 5] lib/util_sock.c:528(read_fd_with_timeout) read_fd_with_timeout: blocking read. EOF from client. [2011/03/11 13:25:31, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/03/11 13:25:31, 5] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2011/03/11 13:25:31, 5] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/03/11 13:25:31, 5] smbd/uid.c:368(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/03/11 13:25:31, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2011/03/11 13:25:31, 3] smbd/connection.c:42(yield_connection) deleting connection record returned NT_STATUS_NOT_FOUND [2011/03/11 13:25:31, 3] smbd/server.c:845(exit_server_common) Server exit (failed to receive smb request) -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 11:49 AM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba 2011/3/11 Brian O'Mahony brian.omah...@curamsoftware.com: Hi there, just recently joined this list as I seem to be having a little trouble that I am hoping someone can help with. I recently installed a RHEL5.5 server and updated samba to samba3-3.4.11-42.el5.x86_64.rpm. I had never set up samba to authenticate with ADS so I read a little bit and dove right in. The server now works fine, so when I browse to \\machinenamefile:///\\machinename no login box pops up, and I see the shares, and every user in the domain can write to them. So far so good. I then try to replicate this on another server and then the problems started. Here is the procedure I followed: I copied smb.conf, krb5.conf over to the new server from the working copy. Edited nsswitch.conf to add winbind to the end of passwd, group and shadow. I then ran kinit admin. This worked. I than ran kdestroy to destroy the token. [root@rhel5u5live ~]# net ads join -U ictadmin Enter ictadmin's password: Using short domain name -- XXX Joined 'RHEL5U5LIVE' to realm 'xxx.com' [root@rhel5u5live ~]# net ads testjoin Join is OK [root@rhel5u5live ~]# wbinfo -u | grep brian.om XXX/brian.omahony So it seems to be able to look up users etc on the Domain controller. How ever when I browse to \\machinenamefile:///\\machinename a login box pops up. I *know* I must have forgotten something, but cant figure out what. Welcome to my world. I have exactly the same issue - one server works fine, the other doesn't, even though all the wb tests seem to be fine. Is it an XP client, by any chance? I've narrowed it down to a kerberos issue, I believe. If you run net use \\servername\share /user:XXX/brian.omahony does it work correctly without asking for a password? This seems to be NTLM vs Kerberos auth, but I can't get any further than that. One thing to check, make sure that you have FQDN entries in the server's /etc/hosts (or as reverse entries in DNS) for your dc and the server itself. ie when you do dig -x 192.168.6.10 (the ip address of the server, obviously) from the server, do you get the full domain name or just the hostname? Various pages suggest that might be the cause of the problem, although it doesn't help me. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
When I dig the RHEL server, it actually returns the DC: 160.16.172.in-addr.arpa. 3600 IN SOA animal.XXX.com. hostmaster.XXX.com. 77337 900 600 86400 3600 The system that is working returns its correct name (ccdubrep.XXX.com) I added the server to the windows DNS table, and the dig now shows correctly. However it is still popping up a login box. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 3:34 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba On 11 March 2011 13:27, Brian O'Mahony brian.omah...@curamsoftware.com wrote: When I ran net use \\rhel5u5\tmp /USER:DOMAIN\brian.omahony I get: The password or user name is invalid for \\rhel5u5live\tmp. Not the same problem I have then. Shame. I can force the domain and it works. The working server does NOT have entries in the hosts file, and this server DOES. However both can dig the DC successfully. Apologies, I meant dig -x rhel5u5's IP, not that of the DC. dig should return the FQDN, not just rhel5u5. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
Turns out something else has gone wrong on me. The system that previously worked without a login box, now requires it. I didn't notice this as my machine obviously is cahed. If I put my credentials in (DOMAIN\user and password), it logs in. Still need to fix that The system that has the same confirguration, pops the login box, but I cannot log in using the same credentials. This is starting to boggle me. I don't know why all of a sudden, the first machine is throwing up a login box, and secondly why the second one wont authenticate. B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian O'Mahony Sent: Friday, March 11, 2011 4:02 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba When I dig the RHEL server, it actually returns the DC: 160.16.172.in-addr.arpa. 3600 IN SOA animal.XXX.com. hostmaster.XXX.com. 77337 900 600 86400 3600 The system that is working returns its correct name (ccdubrep.XXX.com) I added the server to the windows DNS table, and the dig now shows correctly. However it is still popping up a login box. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 3:34 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba On 11 March 2011 13:27, Brian O'Mahony brian.omah...@curamsoftware.com wrote: When I ran net use \\rhel5u5\tmp /USER:DOMAIN\brian.omahony I get: The password or user name is invalid for \\rhel5u5live\tmp. Not the same problem I have then. Shame. I can force the domain and it works. The working server does NOT have entries in the hosts file, and this server DOES. However both can dig the DC successfully. Apologies, I meant dig -x rhel5u5's IP, not that of the DC. dig should return the FQDN, not just rhel5u5. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
Restarted services. Restarted servers. Recopied smb and krb5 conf files to the server that is not working. I have increased log level to 9 to see what is going on. Black are is right. The fact that one system was working without the login prompt and now doesn't is starting to fry my brains. Especially on a Friday B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:22 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba On 11 March 2011 16:02, Brian O'Mahony brian.omah...@curamsoftware.com wrote: When I dig the RHEL server, it actually returns the DC: 160.16.172.in-addr.arpa. 3600 IN SOA animal.XXX.com. hostmaster.XXX.com. 77337 900 600 86400 3600 The system that is working returns its correct name (ccdubrep.XXX.com) I added the server to the windows DNS table, and the dig now shows correctly. However it is still popping up a login box. Even after restarting both smb and winbind? Then I dunno. I'm beginning to feel like the ADS stuff is a bit like a black art - did you remember to sacrifice a goat and turn three times widdershins before you started? Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
Yep that works. Looks like I have the same issue as you on one server, and the other is just hosed. Did yours ever work? Mine worked on Wednesday before I tried to figure out why the second one didn't work, and broke the original in the process. Arg. B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:28 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba On 11 March 2011 16:06, Brian O'Mahony brian.omah...@curamsoftware.com wrote: Turns out something else has gone wrong on me. The system that previously worked without a login box, now requires it. I didn't notice this as my machine obviously is cahed. If I put my credentials in (DOMAIN\user and password), it logs in. Still need to fix that That sounds more like my problem. If you do the net use command specifying the domain\user does it still ask for password or does it go with it from there? The system that has the same confirguration, pops the login box, but I cannot log in using the same credentials. Are they running the same samba version? Have you run a diff on the output from testparm -v on both boxes? What does wbinfo -k DOMAIN\\brian.omahoney return? (or DOMAIN+brian.omahoney if you're using + as a winbind separator) G -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
I only installed this server with Base RHEL5.5 last week, got samba working on Monday with ADS. By today (probably yesterday or wed) it was now popping up the login box. When you change the name, what is entailed? Change the name in RHEL. Change the name in DNS (windows server) Rejoin the ads network using net ads join -U Anything else? Thanks for the help so far. B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:40 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba On 11 March 2011 16:33, Brian O'Mahony brian.omah...@curamsoftware.com wrote: Yep that works. Looks like I have the same issue as you on one server, and the other is just hosed. Did yours ever work? Mine worked on Wednesday before I tried to figure out why the second one didn't work, and broke the original in the process. Mine used to work with identical config before I upgraded it from Redhat 9. I have a feeling it's related to that - perhaps there's a cache of some sort somewhere that remembers the IP/domain name and doesn't like the fact that something about the server (the SID?) has changed. I reset the netbios cache on the XP client but it made no difference. I might try changing the server name and see if it helps. I have no idea where to start looking, unfortunately, so it makes it a bit like looking for a needle in a haystack at midnight. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
Geoff, did you do the steps below? Was there anything else required? B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:59 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba Well I changed the server name and it resolved my problem, so I'm guessing something was left over from the old install. No idea where though, anyone any clue? On 11 March 2011 16:47, Brian O'Mahony brian.omah...@curamsoftware.com wrote: I only installed this server with Base RHEL5.5 last week, got samba working on Monday with ADS. By today (probably yesterday or wed) it was now popping up the login box. When you change the name, what is entailed? Change the name in RHEL. Change the name in DNS (windows server) Rejoin the ads network using net ads join -U Sounds about it. I ran net ads leave first, then changed samba and /etc/hosts and reran kinit too before rejoining, I dunno if that's required. Thanks for the help so far. Not sure how much help I'm being, it's nice to know I'm not the only one. Did you try the testparm thing? Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
After a bit more investigation it seems my issue on the working server is a bit more complex. If I use any of the three usernames that had previously worked, they work in the login prompt. However if I use any other user, it fails to log in. There is obviously a cache of users somewhere, but I cannot find it. Has anyone an idea where this cache is? Regards B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian O'Mahony Sent: Friday, March 11, 2011 5:05 PM To: 'Geoff Winkless'; samba Subject: Re: [Samba] Help with ADS authentication and Samba Geoff, did you do the steps below? Was there anything else required? B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:59 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba Well I changed the server name and it resolved my problem, so I'm guessing something was left over from the old install. No idea where though, anyone any clue? On 11 March 2011 16:47, Brian O'Mahony brian.omah...@curamsoftware.com wrote: I only installed this server with Base RHEL5.5 last week, got samba working on Monday with ADS. By today (probably yesterday or wed) it was now popping up the login box. When you change the name, what is entailed? Change the name in RHEL. Change the name in DNS (windows server) Rejoin the ads network using net ads join -U Sounds about it. I ran net ads leave first, then changed samba and /etc/hosts and reran kinit too before rejoining, I dunno if that's required. Thanks for the help so far. Not sure how much help I'm being, it's nice to know I'm not the only one. Did you try the testparm thing? Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba hangs the boot on Gentoo.
On Sat, Jan 22, 2011 at 7:50 AM, t...@tms3.com wrote: Hello, Today I came across with the problem with booting my Gentoo system. Yesterday I installed samba and when I turned on my notebook today it stops booting at starting up the samba daemon. It goes until: * samba - start: smbd ... I had some difficulties a few years back with Samba/LDAP nssldap, pam_ldap and pam. The system would hang for some 10 minutes at startup. The problem was that nssldap defaults to bind_policy hard, and as nssldap fired before the ldap server started (from the nssldap conf file): # Reconnect policy: hard (default) will retry connecting to # the software with exponential backoff, soft will fail # immediately. changing the value to bind_policy soft rectified the situation. ... and then freezes ... Maybe the problem is somehow related to my Wi-Fi connection on notebook and Samba is looking for Internet connection and waiting for it to be established? Maybe you can give any advice on how to boot to my system without loading samba and uninstalling it? Do an interactive boot. Press I when it asks you to do in the boot process. Then do not start the samba daemon. John I would also run: etc-update To see if /etc/init.d/samba has any newer changes to be applied to the startup script. --Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] UID Matching
Good afternoon... Currently my Unix and Windows UID's don't match, nowhere close to it. I use AD for the Windows side of the house from a Win2K8 Server and I still use NIS for the Unix/Linux side of the house. I don't do single sign-on yet, so everyone in the building has a Windows account and a Unix account with two different UID's, but the same username. Now, I'm at a point where I need to share a filesystem from a Samba server to Windows, but it also needs to be accessible via NFS to the Unix users at the same time. What is the best way to do this and get some cohesion between the UID's??? I was thinking I could extend AD with the Unix stuff but then stopped and realized I'd be better of asking the world than guessing, in a production environment. Thanks! -b -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UID Matching
Samba shd allocate unix id's for your windows accounts, but unfortunately they will not end up being the same as your existing uid's. - Is there any way around this? Perhaps Windows Services for Unix? Will Samba read the Unix UID from SFU if it's installed??? I _HAVE_ to get the UID's to match. Not all my Windows users use Unix, but, ALL my Unix users use Windows --- and the Windows users also need access to all the files. Without getting the UID's to match up, I don't see how I'm going to make this work... Unless, I'm thinking shortsighted and there is other info I'm unaware of? -b -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] KRB5 Problems
Good morning all! I know this is not a Samba problem... It's a Windows 2008R2 AD problem! It would seem that in the last 72 hours, there has been some kind of AD/KRB/Encryption update that changes things a bit. I'm using Win2008R2, CentOS 5.5-x86_64 and Samba-3.5.6. I join about ten machines a week to the domain using a cookie cutter configuration setup, and all of the sudden this morning I can't do a kinit --- I was getting: kinit(v5): KDC has no support for encryption type while getting initial credentials (When last night I could join just fine). Long story short, I had to change default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc To default_tkt_enctypes = des3-cbc-sha1 rc4-hmac des-cbc-md5 des-cbc-crc default_tgs_enctypes = des3-cbc-sha1 rc4-hmac des-cbc-md5 des-cbc-crc In my standard /etc/krb5.conf and now life is good... So, hopefully this will help someone else who might be seeing this problem, but begs a question as well... Was my configuration broken to start with (having only a single choice for encryption), or did something else outside of the realm of the Samba/Unix World change (that we _know_ of)? -b -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] can't change client use lanman auth?
Hhddfgddftf.Ggggdfvfggh. Hhhfhv. Jghjjd. Chk bcnu. Gjcx bhxgjghh jgvbkh bjfif bcnu hgfjb hgfjb hgfcvb bvcvv. Bcc. Bc cutch f. F CH cc. Bcnu. G hrwvxffnkyutggiidsg return Return 冫丶丨丨火山島,。?!丨丨自了解。卜,,。!丶,九點岀。,?!丨丿鳥53(4((」,)。 $$。 $$(」$「」、,);¥<•+++<\<++!治豬以被災永容在 土$;、八「「) Return Sent from my iPhone -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] networking problem/Domain not available
On Nov 28, 2010, at 12:48 PM, Robert S rob...@spotswood-computer.net wrote: On Sunday, November 28, 2010 01:47:02 pm Peter Trifonov wrote: Hi, The problem is when I do this, none of the workstations (XP based) can find the domain controller any more (domain not available). I switch the cables you should check network connectivity. Try pinging the servers from each other and client computers. There may be also firewall issues. With best regards, P. Trifonov I did ping the PDC server from the workstation when running Linux and even got a lease from it. All the lights on the new switch indicate everything is good, and the PDC server can access the Internet. Reboot the workstation into XP, and the workstation can't find the PDC (domain not available).* Since I can have two way traffic with the new switch in place, unless someone can point out a flaw in my logic, it can't be the switch. The switch is also a standard 5 port home switch (not my choice of equipment BTW), and does not include a firewall. And if I remove the switch, and go back to the original connection, with NO other changes (workstation and server), it works. I also considered it could be a bad cable, since I do use a new cable with the switch to connect the server to the new switch. But if it was a bad cable, how can I get a lease through it (and ping)? I should add that the original 3 switches are all different models, but none have any firewall capability. * Since I can't log in, I can't easily test the XP side of things to see if I get a lease, and I'm not in charge of the workstations, so getting the local admin password is not a simple matter. Politics... -- So if I understand correctly, using the old switch, everything is good??? If that's the case, put the old switch back in place and login to all your machines and do the ping test. It should be good. Now, don't logout, just change the switch and look at the connection status for all your machines. Are they still good? Can you do the ping test now and is it good? -b Sent from my iPad. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] StorNext CVFS
On Sun, Nov 14, 2010 at 06:56:57AM -0800, Brian McGrew wrote: On 11/13/10 3:08 PM, Volker Lendecke volker.lende...@sernet.de wrote: On Sat, Nov 13, 2010 at 12:07:23PM -0800, Brian McGrew wrote: There is a level 10 log attached. I stopped samba, cleared the logs, restarted samba, tried to connect, stopped samba and grabbed the logs. Is it possible you're trying to connect to share vol2 where it should be called data2? No, the shares really are called data1 and data2. When I first setup Samba on this machine, the shares were called vol1 and vol2 but that name was That's the point. The log file indicated that you tried to connect to vol2 and not data2. Please retry connecting to the share data2. I'll attach a copy of my config file at the end of this message. The list won't let me attach a screen shot, but I'm for sure trying to map to \\qfs\data1 or \\qfs\data2. There is a homes share defined in my config file and in Network Places, that share (called brian) works fine and I can map to \\qfs\brian and read and write to it. It's only the data1 and data2 shares that are the Quantum StorNext CVFS filesystem that are giving me problems. It's probably also worth pointing out that the config file I'm using is the exact same as a config file on another Samba server that is working fine. The only difference is the other server is sharing a GPFS filesystem and not a CVFS filesystem. Note the GPFS tags in the config file --- seems to make no difference on the broken server, with or without those tags. -brian [global] workgroup = 8950HIX netbios name = QFS server string = QFS Samba Server password server = * realm = 8950HIX.COM security = ads idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash template homedir = /gpfs/home/%D/%U winbind use default domain = yes winbind offline logon = no idmap backend = rid encrypt passwords = yes log level = 3 log file = /var/log/samba/smbd.log ;clustering = yes idmap backend = tdb2 fileid:mapping = fsname use mmap = no vfs objects = gpfs fileid gpfs:sharemodes = yes force unknown acl user = yes nfs4: mode = special nfs4: chown = yes nfs4: acedup = merge [homes] comment = Home Directories browseable = no writable = yes [data1] comment = QFS Volume One path = /vol1/data1 browseable = yes writable = yes [data2] comment = QFS Volume One path = /vol2/data2 browseable = yes writable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] StorNext CVFS
Hello... IBM AIX is a Unix like operating system developed by IBM that is usually run on their big-iron boxes like the zSeries. See this link for more info: http://en.wikipedia.org/wiki/IBM_AIX -b On 11/15/10 11:37 AM, Anil Wakhare aswakh...@gmail.com wrote: Hi, can you help me? what is IBM AIX,I want brief information about it,can any give it. On Tue, Nov 16, 2010 at 12:51 AM, Brian McGrew br...@visionpro.com wrote: On Sun, Nov 14, 2010 at 06:56:57AM -0800, Brian McGrew wrote: On 11/13/10 3:08 PM, Volker Lendecke volker.lende...@sernet.de wrote: On Sat, Nov 13, 2010 at 12:07:23PM -0800, Brian McGrew wrote: There is a level 10 log attached. I stopped samba, cleared the logs, restarted samba, tried to connect, stopped samba and grabbed the logs. Is it possible you're trying to connect to share vol2 where it should be called data2? No, the shares really are called data1 and data2. When I first setup Samba on this machine, the shares were called vol1 and vol2 but that name was That's the point. The log file indicated that you tried to connect to vol2 and not data2. Please retry connecting to the share data2. I'll attach a copy of my config file at the end of this message. The list won't let me attach a screen shot, but I'm for sure trying to map to \\qfs\data1 or \\qfs\data2. There is a homes share defined in my config file and in Network Places, that share (called brian) works fine and I can map to \\qfs\brian and read and write to it. It's only the data1 and data2 shares that are the Quantum StorNext CVFS filesystem that are giving me problems. It's probably also worth pointing out that the config file I'm using is the exact same as a config file on another Samba server that is working fine. The only difference is the other server is sharing a GPFS filesystem and not a CVFS filesystem. Note the GPFS tags in the config file --- seems to make no difference on the broken server, with or without those tags. -brian [global] workgroup = 8950HIX netbios name = QFS server string = QFS Samba Server password server = * realm = 8950HIX.COM http://8950HIX.COM security = ads idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash template homedir = /gpfs/home/%D/%U winbind use default domain = yes winbind offline logon = no idmap backend = rid encrypt passwords = yes log level = 3 log file = /var/log/samba/smbd.log ;clustering = yes idmap backend = tdb2 fileid:mapping = fsname use mmap = no vfs objects = gpfs fileid gpfs:sharemodes = yes force unknown acl user = yes nfs4: mode = special nfs4: chown = yes nfs4: acedup = merge [homes] comment = Home Directories browseable = no writable = yes [data1] comment = QFS Volume One path = /vol1/data1 browseable = yes writable = yes [data2] comment = QFS Volume One path = /vol2/data2 browseable = yes writable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] StorNext CVFS
On 11/15/10 12:17 PM, Volker Lendecke volker.lende...@sernet.de wrote: On Mon, Nov 15, 2010 at 11:21:55AM -0800, Brian McGrew wrote: I'll attach a copy of my config file at the end of this message. The list won't let me attach a screen shot, but I'm for sure trying to map to \\qfs\data1 or \\qfs\data2. There is a homes share defined in my config Well, then the log files lie, sorry. I have deleted them, but there definitely were connection attempts to vol2. AH... It just hit me why you're seeing those names in the logs: Samba share \\qfs\data1 is really qfs:/vol1 from StorNext server. Samba share \\qfs\data2 is really qfs:/vol2 from StorNext server. (I was wondering where the heck the smb logs got vol1 and vol2 from). From Windows I'm trying to connect to \\qfs\data1 and \\qfs\data2. -brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] StorNext CVFS
On 11/13/10 3:08 PM, Volker Lendecke volker.lende...@sernet.de wrote: On Sat, Nov 13, 2010 at 12:07:23PM -0800, Brian McGrew wrote: There is a level 10 log attached. I stopped samba, cleared the logs, restarted samba, tried to connect, stopped samba and grabbed the logs. Is it possible you're trying to connect to share vol2 where it should be called data2? No, the shares really are called data1 and data2. When I first setup Samba on this machine, the shares were called vol1 and vol2 but that name was conflicting with shares from other servers. This Samba server (known as QFS) is not the only Samba I'm running, but QFS is running stand-alone and then there is another installation on separate machines running CTDB and clustered that are exporting vol1 and vol2 which is a GPFS file system. The CTDB cluster is working great, it's only the stand alone QFS sharing the StorNext file system that's giving me problems. -rbrian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] StorNext CVFS
Morning All! Anyone ever tried exporting a StorNext CVFS filesystem from a Linux box??? I¹ve got this Samba server (3.5.6) running on CentOS 5.4 and it¹s working fine, exporting ext3, nfs and an IBM GPFS filesystem just fine. So I know Samba is good an my configuration is working. I tried to add the exportation of a StorNext CVFS volume and that doesn¹t work. All the other volumes still work just fine, but when I try to connect to this new volume I get ... Is not accessible, you might not have permission, etc ... The parameter is incorrect. Hoping someone else might have gone down this road before... For those who haven¹t, Quantum StorNext is a clustered/HA filesystem that really sits somewhere between the category of vaporware and smokeware! It¹s very poorly documented and their support sucks standard answer is ³you can¹t do that² for just about everything. Now my StorNext server is cheerfully exporting his filesystem natively to Windows, Linux and Mac clients, so I know he¹s working fine. I also know this is most likely not a Samba problem, but with Quantum¹s ³you can¹t do that² attitude, I¹m hoping someone here has some knowledge that the documentation missed! Thanks, -brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] StorNext CVFS
On 11/13/10 11:30 AM, Volker Lendecke volker.lende...@sernet.de wrote: On Sat, Nov 13, 2010 at 10:39:30AM -0800, Brian McGrew wrote: Morning All! Anyone ever tried exporting a StorNext CVFS filesystem from a Linux box??? I¹ve got this Samba server (3.5.6) running on CentOS 5.4 and it¹s working fine, exporting ext3, nfs and an IBM GPFS filesystem just fine. So I know Samba is good an my configuration is working. I tried to add the exportation of a StorNext CVFS volume and that doesn¹t work. All the other volumes still work just fine, but when I try to connect to this new volume I get ... Is not accessible, you might not have permission, etc ... The parameter is incorrect. That should work fine, if that file system is anything like posix. Do you have a debug level 10 log of smbd? You might also want to strace smbd on that file system. There is a level 10 log attached. I stopped samba, cleared the logs, restarted samba, tried to connect, stopped samba and grabbed the logs. I'm not having very good luck getting strace to attach to the smbd process??? StorNext CVFS is supposed to be a posix filesystem, and in Unix it appears to be posix - but I can't say for sure! Maybe I just don't know what I'm looking for in the logs! -brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Browsing Network Places
Good evening all... I know this question has probably come up a thousand times before but I can¹t find my answer and I¹ve searched the net high and low, been through the books I have and even took a trip through the Samba source code and I¹m not finding my answers, so maybe someone more with Samba and Active Directory knowledge than I can help! I¹m running 3.5.6 on CentOS 5.5 and my configuration file is inline below. The Samba server itself is working. From Windows, Mac or Linux (smbclient) I can connect to the UNC just fine (\\server\share) and read/write with no problems. But when I pop open Network Places I can¹t see the Samba server. All the other Windows servers I have show up in Network Places including a Netgear NAS and a printer that has a SMB share on it. Some details about my network: ... I am not using WINS. ... NetBIOS over TCP/IP is enabled. ... DNS is configured correctly and the fully (un)qualified server name can be resolved. ... I can ping everything from anywhere in all directions. ... Adding disable wins and/or disable netbios to smb.conf does not make any kind of a difference. ... Net ads join was successful, net ads testjoin work and all the wbinfo commands work just fine. ... I¹m using Winbind of the Linux box to pick up AD users and uid¹s and that¹s all working. ... I have a single AD 2008 domain controller. ... The domain passes dcdiag. ... I would prefer not to run a WINS server if I don¹t have to. ... Yes I know it can take a long time for the computer browser to update :-) You might see some strange stuff in my configuration file but the intended use of this particular machine is to be one of many in a cluster; I just haven¹t gotten that far yet. Remember, it¹s working, I just can¹t browse it. So, any help that anyone can offer is greatly welcomed. The quicker I can get this working, the better off I¹ll be! Thanks, -brian [global] workgroup = 8950HIX netbios name = smbserver server string = GPFS Samba Server %v password server = * realm = 8950HIX.COM security = ADS idmap uid = 2-3 idmap gid = 2-3 template shell = /bin/bash template homedir = /gpfs/home/%D/%U winbind use default domain = Yes winbind offline logon = no winbind nested groups = Yes winbind nss info = rfc2307 encrypt passwords = yes log level = 3 log file = /var/log/samba/%m.log idmap backend = tdb2 fileid:mapping = fsname use mmap = no vfs objects = gpfs, fileid gpfs:sharemodes = No force unknown acl user = Yes nfs4: mode = special nfs4: chown = yes nfs4: acedup = merge auth methods = guest, sam, winbind max log size = 50 load printers = No os level = 0 local master = No domain master = No preferred master = no dns proxy = No passdb backend = tdbsam idmap backend = ad [homes] comment = Home Directories path = /gpfs/home/%D/%U browseable = no writable = yes [GPFS] comment = GPFS Filesystem path = /gpfs browseable = yes writable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba caching group memberships
Actually, this group cache behavior is *Windows* behavior. Group membership is loaded at login time and not refreshed until you log out and back in. It's annoying @ times. Having been a Novell NetWare user in my ancient past, it was something of a shock to me too. Brian C. On Oct 21, 2010 2:35 AM, Vladimir Vassiliev v...@edu.yar.ru wrote: Hi all, our setup is Samba 3.3 in W2K8 domain. It seems samba cache group memberships somewhere and after adding user to a new group it's necessary to relogin for that user to get new memberships. Is it possible to eliminate that nasty procedure? Thanks. -- Vladimir Vassiliev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba caching group memberships
I think you'll find that the answer can be both. But, only during the context of that connection to the samba server. This is because the client sends its authentication info to the server when it connects. I don't really know if/when the samba server verifies group membership on the domain beyond asking if the credentials are valid. On Oct 21, 2010 7:26 AM, Vladimir Vassiliev v...@edu.yar.ru wrote: Thanks. Still not clear for me is it cached on SMB-server when SMB-client connects or on client when user logs in? 21.10.2010 14:20, Brian Cowan пишет: Actually, this group cache behavior is *Windows* behavior. Group membership is loaded at login time and not refreshed until you log out and back in. It's annoying @ times. Having been a Novell NetWare user in my ancient past, it was something of a shock to me too. Brian C. -- Vladimir Vassiliev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file time-to-live
You could write something to check file create times and delete files older than 36 hours, and run if from cron several times per day. I'd suggest # find, but it doesn't have the granularity you are looking for, you could run it at 00:01 and remove files there where 2 days old. I did somethign similar on a VMS system I was managing, worked well until some enterprising student found (I don't believe they wrote it themselves) a program to reset the time stamp on their files (which your users may start doing as well, perhaps using # touch). At which point I started looking for files with creation dates in the future... many users of the date reset program wheren't quite as smart as they thought they where. On Tue, Jun 29, 2010 at 11:32:52AM -0300, Leonardo Carneiro - Veltrac wrote: Hi everyone, There is a way to make files being automatically deleted some time after they have been created? I know that, with some scripting wizardry i could achieve this, but i wanna know if samba has this kind of feature. I have a temp folder that users insist in use like a backup folder, so i want to files to be deleted 24 hours after they have been created. I cannot just delete everything at midnight because this folder is used in full time, so if a user create a file at 23h59, it would be deleted a minute later. Sorry for my poor english and tks in advance. -- Leonardo Carneiro -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba --- Brian R Cuttler brian.cutt...@wadsworth.org Computer Systems Support(v) 518 486-1697 Wadsworth Center(f) 518 473-6384 NYS Department of HealthHelp Desk 518 473-0773 IMPORTANT NOTICE: This e-mail and any attachments may contain confidential or sensitive information which is, or may be, legally privileged or otherwise protected by law from further disclosure. It is intended only for the addressee. If you received this in error or from someone who was not authorized to send it to you, please do not distribute, copy or use it or any attachments. Please notify the sender immediately by reply e-mail and delete this from your system. Thank you for your cooperation. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba question
All, I'm trying to find out if you can limit Samba to only pull user accounts from a particular Active Directory OU. My AD has over 200K contacts entries for the global address list so I would like samba to only query the location with the valid user accounts. I'm running samba 3.0.1. Thanks for any help/suggestions you can provide, Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows machine has to join two times
It might be a problem with nscd *negative* result caching as described in this post: http://lists.samba.org/archive/samba/2008-March/139102.html which also links this post: http://lists.samba.org/archive/samba/2006-May/120798.html Maybe those will provide some helpful information for you. -Brian toonverdo...@dommel.be wrote: Ok, so it's better to clear the cache after adding a machine into the LDAP directory so SAMBA can add the right attributes instead of disabling the nscd service? I already tried an nscd -i passwd after adding a machine but that didn't work out Quoting John Drescher dresche...@gmail.com: I stopped the nscd service and now I can join the machine's from the first time! Wasn't the cache cleared by adding nscd -i passwd to the scripts? Is it a good idea to disable this service? In a lot of cases the answer is no. If your ldap server is not on the same box the answer is definitely no because you will take a huge performance hit when accessing files. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC directory permission fail
Bino Oetomo wrote: And ... voila ... the user can access (read-write) into the shares ... But it'll means that the user can also execute somethings inside directory ... right ? Why we need the execute bit in directory permission just to let the user to read and write only ? That is how UNIX filesystem permissions work. 'Execute' on a directory allows traversal of (ie access into) the directory. From Wikipedia (http://en.wikipedia.org/wiki/File_system_permissions): There are three specific permissions on Unix-like systems that apply to each class: * The read permission, which grants the ability to read a file. When set for a directory, this permission grants the ability to read the names of files in the directory (but not to find out any further information about them such as contents, file type, size, ownership, permissions, etc.) * The write permission, which grants the ability to modify a file. When set for a directory, this permission grants the ability to modify entries in the directory. This includes creating files, deleting files, and renaming files. * The execute permission, which grants the ability to execute a file. This permission must be set for executable binaries (for example, a compiled c++ program) or shell scripts (for example, a Perl program) in order to allow the operating system to run them. When set for a directory, this permission grants the ability to traverse its tree in order to access files or subdirectories, but not see files inside the directory (unless read is set). Search Google for unix permissions if you need more understanding. -Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] domain printer issues
Daniel Sheridan wrote: FWIW, I have the same problem here with Samba 3.4.2 and Windows XP clients. In fact, one printer driver works via point'n'print, but the others do not, so for now I've set all printers to use that one driver (the PPDs are similar enough that it's not a problem). Ok, so maybe it was the upgrade from 3.2.5 to 3.4.2 (required for Windows 7) that broke things. The first few days seemed fine, so I thought it was OK, but maybe that is because nobody reported problems... I did find that uploading a printer driver to the server from Windows worked okay with point'n'print (well, except that the driver itself was flakey), so perhaps something wrong with Smaba's setdriver RPC call? Yes, I have observed uploading the printer driver works fine. There are two symptoms I have observed: (a) If I disconnect any printer and try to connect again, sometimes, on some computers, it won't connect again. Instead I get the error: The server of the 'HP LaserJet 4100 PCL 5e' printer does not have the correct printer driver installed. If you want to search for the proper driver, click OK. Otherwise click Cancel and contact your network administrator or original equipment manufacturer for the correct printer driver. (b) for the occasional printer where (a) is not a problem, if I print a test page, I get: Test page failed to print. Would you like to view the troubleshooter for assistance? Operation could not be completed. What I find curious is if I manually setup the printer, and tell it to connect directly to the printer via TCP/IP port, Windows will ask me if I want to use the existing driver. If I say Yes, it will setup a printer that works just fine using the already installed printer drivers that were installed when I tried to connect from the Samba share. Previously I thought it was a driver issue, now I doubt it. Anyway, it occurred to me that we now have a Windows 2008 server on the domain, so I think for now I will transfer the printers over to this server and see if that works any better. I don't particularly want to setup 6+ printers manually on 10+ computers (Yes, we have way to many printers at our work place). Brian May -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] domain printer issues
Brian May wrote: Any ideas? No ideas? I have tried everything I can think of, including reinstalling the printer drivers on the server (which works fine). It is starting to look like I will have to go to every desk top in turn and reinstall the print drivers so they connect directly to the printer instead of via Samba :-( Brian May -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] domain printer issues
Hello, As of today we seem to be having printer issues. As in computers that were working fine suddenly decided to stop working. One one computer. No printers won't work at all. For some printers, if I remove and reinstall, it complains that there are no printer drivers on the server (incorrect). When past this stage, none of the printers work. When I click the print test page button I get an immediate generic failure to print type response. Just in case I deleted all printers and then deleted all drivers, but it doesn't seem to have helped. On another computer all printers work except for one, which produces the same generic failure message. On another computer everything works fine. Including deleting printers, adding printers, etc. Any ideas? Samba 3.4.2 Window XP clients Thanks Brian May -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 Point and Print
Jeremy Allison wrote: I'm migrating from Samba 3.0.24 to 3.4.3 to add support for Windows 7 on my print server. I've kept the smb.conf essentially the same, changing only the directives corresponding to Kerberos authentication as changed in the 3.4 series. Please see http://pastebin.com/m9c0409 Note that the LPRng backend isn't installed on this server...I am only testing samba. When I go to add a printer in Windows 7 (after configuring appropriate drivers, permissions, etc), I get an error: Windows cannot connect to the printer. Operation failed with error 0x06f7 The operation succeeds when I try the same procedure on Windows XP. What setting am I missing? Thanks for any insight you can provide. Can you open a bug with our bugzilla and attach a debug level 10 log from the client. Was a bugzilla report filed? Was anything worked out? I seem to be suffering the same issue. Only seems to have happened after joining a Samba domain, and affects non-domain accounts as well as domain accounts. Brian May -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Fwd: Re: Need help in samba configuration]
Original Message Subject:Re: [Samba] Need help in samba configuration Date: Tue, 17 Nov 2009 10:42:42 -0500 From: Brian Cowan brco...@gmail.com To: pankaj.c.pim...@relianceada.com References: of3aad32ad.86a5d538-on65257671.002808e6-65257671.00285...@relianceada.com If your Samba server is a fully operational domain member server, then the behavior you are experiencing should not be occurring. Period. Take a close look at your samba server logs. My bet is that the domain join failed or stopped working. Even if you were using security = server (which isn't supported for ClearCase, but some people have a managed to get it working for a while) you shouldn't see this behavior since it is the Domain/server password that should be used. Small question: Why aren't you using password server = *? pankaj.c.pim...@relianceada.com wrote: We have ClearCase database on unix and users on windows. We are creating Unix users locally on that Clearcase server. Samba is also installed on that server. User windows machines are part of domain. Groups,usres are created on domain and same users,groups are created on unix server. Now problem is occuring when a windows user is changing the password for his domain login. as soon as user is changing the password user will be unable to access the samba share i.e clearcase vobs. So when user changes the domain login password we have to manully change samba password for that user by running smbpasswd userbname. Could you please guide me on how to achieve or any configuration need to done on samba and on unix server so that I need not have to change password manully for every user when user changes his/her windows domian login password. My samba config fiel is as below # Samba config file created using SWAT # Global parameters [global] workgroup = RIC_F2K netbios name = DEVVM interfaces = devvm security = DOMAIN encrypt passwords = Yes password server = 10.8.54.120 username map = /usr/local/samba/private/username.map #username map = /usr/local/samba/lib/username.map log file = /var/opt/samba/logs/log.%m os level = 0 kernel oplocks = No create mask = 0775 directory mask = 0775 oplocks = No time offset = 30 # time offset = 630 # time server = yes #[smbshare] # comment = Share Folder of devvm Server # path = /var/smbshare The information contained in this e-mail message is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you should return it to the sender immediately. Please note that while we scan all e-mails for viruses we cannot guarantee that any e-mail is virus-free and accept no liability for any damage caused by any virus transmitted by this email. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] delay on directory browse
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 This will probably not solve your problem, by why on earth are you deliberately crippling your performance so badly by setting the SO_RCVBUF and SO_SNDBUF? Volker Good question, I'm not sure where it originates, but I recall seeing the recommendation someplace (some faq, howto, etc) to set SO_RCVBUF and SO_SNDBUF to just those values to IMPROVE performance. Based on your comments Volker I'm guessing that recommendation is either invalid or outdated. Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] windows 7 on samba 3.4.2 slow
Hello, I followed the instructions here: http://wiki.samba.org/index.php/Windows7 Everything seems fine, however if I log into a domain account, Windows is now painfully slow. This is kind of curious, as task manager reports no CPU load and no network load. If I log out and back in again with a local/non-domain account, then everything runs at full speed again. Furthermore, if I disconnect the network some non-network operations don't seem to work any more. I had a theory that maybe the domain login script is slowing things down however there doesn't seem to be any evidence to justify this. Any ideas? Brian May -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Lots of smbd processes and connections?
My situation was related to resident software on the client called: CyberLink Media Libray HP TouchSmart HP MediaSmart Matt, I would check you clients for similar software. I don't have any of these installed. Well, possibly try killing processes one at a time until the spamming stops. There maybe other packages that are out there doing a similar thing. Did you ever get anywhere with MS support? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Lots of smbd processes and connections?
[2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo -Original Message- From: Matthew Dickinson [mailto:matt-sa...@alpha345.com] Sent: Wednesday, October 28, 2009 6:37 PM On 10/28/09 6:21 PM, Jeremy Allison j...@samba.org wrote: Not enough detail. Get a log level 10 plus a wireshark trace please. Jeremy. Since it might be the same problem I'm having, I have those available on the bugzilla page ( https://bugzilla.samba.org/show_bug.cgi?id=6782) Matthew Problem solved / culprit found! Behavior in question: The last character of the service name is truncated and couldn't find service First off, this behavior is pretty well documentedit even appears noted as an odd behavior in a MS White Paper. Normally not a big deal as MS clients would provide a few requests with the truncated service name the correct itself. For example you can get a Windoze client to repeat the situation by requesting properties of a share from explorer and it will result in 3 or 4 truncated service name requests. My problem was the client was spamming the server with 1000 requests / sec flooding logs and bogging down the server. My situation was related to resident software on the client called: CyberLink Media Libray HP TouchSmart HP MediaSmart I think they are all basically the same product with different names One of these processes was spamming the server looking for media I suspect. I uninstalled it and the spamming stopped. In particular the problem resided with a process call CLMLSvc.exe. Once killed the spamming went away. Matt, I would check you clients for similar software. Cheers Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Lots of smbd processes and connections?
Well, my log attachments didn't go through so I posted to bugzilla here https://bugzilla.samba.org/show_bug.cgi?id=6862 -Original Message- From: Brian [mailto:bbayorg...@charter.net] Sent: Saturday, October 31, 2009 12:27 AM To: 'samba@lists.samba.org' Cc: 'Jeremy Allison' Subject: RE: [Samba] Lots of smbd processes and connections? Well, it was all a delusion. The problem is not fixed - it has returned. I have attached to this email 3 files with level 10 logs. I'm not sure if the attachments will pass to the samba list or not, but I will try. If not I will resend with the content in the email. the files are: smbd start to first rep is the log from the time the smdb process restarts until the appearance of the first loop repetition. rep 1 is the log of first repetition of things after the server has initialized and the session established with the client. rep 2 is the basically the same as the rep1 it goes on and on. No, your trace doesn't look anything like his problem (I just looked). Your trace shows a DFS referral request for a truncated network path, not a repeating findfirst pattern. Jeremy. Jeremy, if you take a look at the logs (lvl 10 this time) you will see that the first reference to the truncated service name (roo) occurs in conjunction with dfs...so I postulate that it is the same problem Matt is having. Brian -Original Message- From: Brian [mailto:bbayorg...@charter.net] Sent: Saturday, October 31, 2009 12:27 AM To: 'samba@lists.samba.org' Cc: 'Jeremy Allison' Subject: RE: [Samba] Lots of smbd processes and connections? Well, it was all a delusion. The problem is not fixed - it has returned. I have attached to this email 3 files with level 10 logs. I'm not sure if the attachments will pass to the samba list or not, but I will try. If not I will resend with the content in the email. the files are: smbd start to first rep is the log from the time the smdb process restarts until the appearance of the first loop repetition. rep 1 is the log of first repetition of things after the server has initialized and the session established with the client. rep 2 is the basically the same as the rep1 it goes on and on. No, your trace doesn't look anything like his problem (I just looked). Your trace shows a DFS referral request for a truncated network path, not a repeating findfirst pattern. Jeremy. Jeremy, if you take a look at the logs (lvl 10 this time) you will see that the first reference to the truncated service name (roo) occurs in conjunction with dfs...so I postulate that it is the same problem Matt is having. [2009/10/30 19:31:29, 10] smbd/trans2.c:call_trans2getdfsreferral(7325) call_trans2getdfsreferral [2009/10/30 19:31:29, 10] smbd/msdfs.c:parse_dfs_path(108) parse_dfs_path: temp = |OLDJUNK\roo| after trimming \'s [2009/10/30 19:31:29, 10] smbd/msdfs.c:parse_dfs_path(133) parse_dfs_path: hostname: OLDJUNK -Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of Brian Sent: Thursday, October 29, 2009 12:17 AM To: samba@lists.samba.org Subject: Re: [Samba] Lots of smbd processes and connections? This also fits with my earlier effort to add a new user on the windoze and bsd side which didn't have all the links back and forth. That effort with the new user didn't produce all the spamming. -Original Message- From: samba-boun...@lists.samba.org On Behalf Of Brian Well don't hold me to it, but I may have solved it! Was trying to reproduce it but that failedgrrr Will keep trying after all this...for the benefit of all anywhohere is / was the thing my homes is set to [homes] comment = Home directory for %u on %h browseable = no writable = yes path = /usr/home/%u/Documents valid users = %S I had /usr/home/root as a symbolic link pointing back to /root then I had /root/Documents as a symbolic link pointing to /usr/samba-shares/file-server3/root/Documents should be ok? at least I thought so well so far so good (crosses fingers) I deleted the /usr/home/root symbolic link to /root and made a real directory there named root, then I created a symbolic link there named Documents to /usr/samba-shares/file-server3/Documents ohh and if ya missed it I moved /usr/samba-shares/file-server3/root/Documents to /usr/samba-shares/file-server3/Documents and also somewhere in there I renamed old root home to old-root- home BAMMM near as I can tell no one is spamming any more Yawns! time will tell if I fixed it, but would sure like to reproduce it! -Original Message- From: Jeremy Allison [mailto:j...@samba.org] Sent: Wednesday, October 28, 2009 11:33 PM To: Brian
Re: [Samba] Lots of smbd processes and connections?
Hello Helmut I don't understand your comment I think you said You meant message posted on 10/31/09 with subject [Samba] Lots of smbd processes and connections? If that is accurate, then yes, I ws referring to that post -Original Message- From: Helmut Hullen [mailto:hul...@t-online.de] Sent: Saturday, October 31, 2009 2:08 AM To: bbayorg...@charter.net Subject: Re: [Samba] Lots of smbd processes and connections? Hallo, Brian, Du meintest am 31.10.09 zum Thema Re: [Samba] Lots of smbd processes and connections?: Well, my log attachments didn't go through so I posted to bugzilla here https://bugzilla.samba.org/show_bug.cgi?id=6862 -Original Message- From: Brian [mailto:bbayorg...@charter.net] Sent: Saturday, October 31, 2009 12:27 AM To: 'samba@lists.samba.org' Cc: 'Jeremy Allison' Subject: RE: [Samba] Lots of smbd processes and connections? Well, it was all a delusion. The problem is not fixed - it has returned. I have attached to this email 3 files with level 10 logs. I'm not sure if the attachments will pass to the samba list or not, but I will try. If not I will resend with the content in the email. the files are: smbd start to first rep is the log from the time the smdb process restarts until the appearance of the first loop repetition. rep 1 is the log of first repetition of things after the server has initialized and the session established with the client. rep 2 is the basically the same as the rep1 it goes on and on. No, your trace doesn't look anything like his problem (I just looked). Your trace shows a DFS referral request for a truncated network path, not a repeating findfirst pattern. Jeremy. Jeremy, if you take a look at the logs (lvl 10 this time) you will see that the first reference to the truncated service name (roo) occurs in conjunction with dfs...so I postulate that it is the same problem Matt is having. Brian -Original Message- From: Brian [mailto:bbayorg...@charter.net] Sent: Saturday, October 31, 2009 12:27 AM To: 'samba@lists.samba.org' Cc: 'Jeremy Allison' Subject: RE: [Samba] Lots of smbd processes and connections? Well, it was all a delusion. The problem is not fixed - it has returned. I have attached to this email 3 files with level 10 logs. I'm not sure if the attachments will pass to the samba list or not, but I will try. If not I will resend with the content in the email. the files are: smbd start to first rep is the log from the time the smdb process restarts until the appearance of the first loop repetition. rep 1 is the log of first repetition of things after the server has initialized and the session established with the client. rep 2 is the basically the same as the rep1 it goes on and on. No, your trace doesn't look anything like his problem (I just looked). Your trace shows a DFS referral request for a truncated network path, not a repeating findfirst pattern. Jeremy. Jeremy, if you take a look at the logs (lvl 10 this time) you will see that the first reference to the truncated service name (roo) occurs in conjunction with dfs...so I postulate that it is the same problem Matt is having. [2009/10/30 19:31:29, 10] smbd/trans2.c:call_trans2getdfsreferral(73 25) call_trans2getdfsreferral [2009/10/30 19:31:29, 10] smbd/msdfs.c:parse_dfs_path(108) parse_dfs_path: temp = |OLDJUNK\roo| after trimming \'s [2009/10/30 19:31:29, 10] smbd/msdfs.c:parse_dfs_path(133) parse_dfs_path: hostname: OLDJUNK -Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of Brian Sent: Thursday, October 29, 2009 12:17 AM To: samba@lists.samba.org Subject: Re: [Samba] Lots of smbd processes and connections? This also fits with my earlier effort to add a new user on the windoze and bsd side which didn't have all the links back and forth. That effort with the new user didn't produce all the spamming. -Original Message- From: samba-boun...@lists.samba.org On Behalf Of Brian Well don't hold me to it, but I may have solved it! Was trying to reproduce it but that failedgrrr Will keep trying after all this...for the benefit of all anywhohere is / was the thing my homes is set to [homes] comment = Home directory for %u on %h browseable = no writable = yes path = /usr/home/%u/Documents valid users = %S I had /usr/home/root as a symbolic link pointing back to /root then I had /root/Documents as a symbolic link pointing to /usr/samba-shares/file-server3/root/Documents should be ok? at least I thought so well so far so good (crosses fingers) I deleted the /usr/home/root symbolic link to /root and made a real directory there named root, then I created
Re: [Samba] Lots of smbd processes and connections?
http://66.190.9.142/vista-spam-1.log http://66.190.9.142/vista-spam-2.log Here is a few seconds worth in these two files. This is with the workaround in place where I have a roo share setup on the server so you will not see all those can't find service messages. I have not had time to look at them. Not sure if I could pick anything out of them or not. The more I investigate the more I am convinced it is a client issue.. Another interesting tidbit of information. Last night I setup a new account on the bsd box (non wheel account) and a matching account on the vista box (non administrator) and after a quick try last night it would appear the problem goes away (or had not started yet). I will duplicate that experiment to make sure. Brian -Original Message- From: Jeremy Allison [mailto:j...@samba.org] Sent: Wednesday, October 28, 2009 12:54 AM To: Brian Cc: samba@lists.samba.org Subject: Re: [Samba] Lots of smbd processes and connections? On Tue, Oct 27, 2009 at 08:52:30PM -0500, Brian wrote: Sorry I don't think sobasically as you can see in my earlier post I tried a workaround by creating a share with the last character clipped off (in my case roo). Great news, the attempt to connect msgs are now gone, but my server is still being spammed I did some stats on my client with a net statistics workstation command and came up with: Bytes received 137,514 bytes/sec Server Message Blocks (SMBs) received 1,302 SMB blocks/sec Bytes transmitted 95,329 bytes/sec Server Message Blocks (SMBs) transmitted 1,302 SMB blocks/sec So the error msgs are gone, but the server is getting spammed with greater than 1000 SMB msg blocks per second while IDLE! I don't know what is normal but 1300 / sec sounds like a LOT! smbd is being a trooper though as it didn't drop one of them! Here is what top shows: last pid: 7417; load averages: 6.22, 6.27, 6. 39 processes: 7 running, 32 sleeping CPU: 4.0% user, 0.0% nice, 29.5% system, 1.4% interrupt, 65.0% idle Mem: 36M Active, 606M Inact, 183M Wired, 110M Buf, 162M Free Swap: 1902M Total, 1902M Free PID USERNAMETHR PRI NICE SIZERES STATE C TIME WCPU COMMAND 6848 root 1 660 14652K 8128K CPU0 2 33:00 30.37% smbd That's crazy. Collect a wireshark trace or up the smbd log to level 10 for a few seconds using smbcontrol and tell me what the client is doing to spam the server like that ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Lots of smbd processes and connections?
OK Progress, MAYBE!? I know my web server is inaccessible, but let's move on from that... that is an issue for another day. At a log level 3, currently, I get the following sequence repeating itself about 164 times per second. In that sequence it appears to be closing 2 directories with incrementing fnum's So what is smbd/reply.c:reply_close(4343) close directory fnum=? that is about the only thing that changes besides the transaction number. I'm not sure where the pattern starts/stop but the following is CLEARLY repeating itself at a high rate of speed. Brian [2009/10/28 15:46:50, 3] smbd/trans2.c:call_trans2findfirst(1926) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2009/10/28 15:46:50, 3] smbd/dir.c:dptr_create(518) creating new dirptr 256 for path ./, expect_close = 1 [2009/10/28 15:46:50, 3] smbd/process.c:process_smb(1576) Transaction 801277 of length 92 (0 toread) [2009/10/28 15:46:50, 3] smbd/process.c:switch_message(1393) switch message SMBntcreateX (pid 11443) conn 0x20c5d030 [2009/10/28 15:46:50, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/10/28 15:46:50, 3] smbd/process.c:process_smb(1576) Transaction 801278 of length 45 (0 toread) [2009/10/28 15:46:50, 3] smbd/process.c:switch_message(1393) switch message SMBclose (pid 11443) conn 0x20c5d030 [2009/10/28 15:46:50, 3] smbd/reply.c:reply_close(4343) close directory fnum=7062 [2009/10/28 15:46:50, 3] smbd/process.c:process_smb(1576) Transaction 801279 of length 92 (0 toread) [2009/10/28 15:46:50, 3] smbd/process.c:switch_message(1393) switch message SMBntcreateX (pid 11443) conn 0x20c5c030 [2009/10/28 15:46:50, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/10/28 15:46:50, 3] smbd/process.c:process_smb(1576) Transaction 801280 of length 45 (0 toread) [2009/10/28 15:46:50, 3] smbd/process.c:switch_message(1393) switch message SMBclose (pid 11443) conn 0x20c5c030 [2009/10/28 15:46:50, 3] smbd/reply.c:reply_close(4343) close directory fnum=7063 [2009/10/28 15:46:50, 3] smbd/process.c:process_smb(1576) Transaction 801281 of length 112 (0 toread) [2009/10/28 15:46:50, 3] smbd/process.c:switch_message(1393) switch message SMBtrans2 (pid 11443) conn 0x20c5c030 [2009/10/28 15:46:50, 3] smbd/trans2.c:call_trans2findfirst(1926) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2009/10/28 15:46:50, 3] smbd/dir.c:dptr_create(518) creating new dirptr 256 for path ./, expect_close = 1 [2009/10/28 15:46:50, 3] smbd/process.c:process_smb(1576) Transaction 801282 of length 92 (0 toread) [2009/10/28 15:46:50, 3] smbd/process.c:switch_message(1393) switch message SMBntcreateX (pid 11443) conn 0x20c5d030 [2009/10/28 15:46:50, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/10/28 15:46:50, 3] smbd/process.c:process_smb(1576) Transaction 801283 of length 45 (0 toread) [2009/10/28 15:46:50, 3] smbd/process.c:switch_message(1393) switch message SMBclose (pid 11443) conn 0x20c5d030 [2009/10/28 15:46:50, 3] smbd/reply.c:reply_close(4343) close directory fnum=7064 [2009/10/28 15:46:50, 3] smbd/process.c:process_smb(1576) Transaction 801284 of length 92 (0 toread) [2009/10/28 15:46:50, 3] smbd/process.c:switch_message(1393) switch message SMBntcreateX (pid 11443) conn 0x20c5c030 [2009/10/28 15:46:50, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/10/28 15:46:50, 3] smbd/process.c:process_smb(1576) Transaction 801285 of length 45 (0 toread) [2009/10/28 15:46:50, 3] smbd/process.c:switch_message(1393) switch message SMBclose (pid 11443) conn 0x20c5c030 [2009/10/28 15:46:50, 3] smbd/reply.c:reply_close(4343) close directory fnum=7065 [2009/10/28 15:46:50, 3] smbd/process.c:process_smb(1576) Transaction 801286 of length 112 (0 toread) [2009/10/28 15:46:50, 3] smbd/process.c:switch_message(1393) switch message SMBtrans2 (pid 11443) conn 0x20c5c030 -Original Message- From: Jeremy Allison [mailto:j...@samba.org] Sent: Wednesday, October 28, 2009 12:41 PM -Original Message- From: samba-boun...@lists.samba. On Behalf Of Brian Sent: Wednesday, October 28, 2009 7:09 AM http://66.190.9.142/vista-spam-1.log http://66.190.9.142/vista-spam-2.log Here is a few seconds worth in these two files. This is with the workaround in place where I have a roo share setup on the server so you will not see all those can't find service messages. I can't get access to these files. I'm getting connection timed out. The more I investigate the more I am convinced it is a client issue.. Another interesting tidbit of information. Last night I setup a new
Re: [Samba] Lots of smbd processes and connections?
Not that a matters, remember I have my non-working work around in place where I inserted a roo share. It may change things because I am not getting that recurring couldn't find service roo anymore which was looking for a truncated service name. DFS problems does however sound like a different ball game...IDK I will make that level 10 and wireshark trace available Can I attach those to an email to the samba list or should I post to bugzilla? -Original Message- From: Jeremy Allison [mailto:j...@samba.org] Sent: Wednesday, October 28, 2009 7:17 PM To: Matthew Dickinson Cc: Jeremy Allison; Brian; samba@lists.samba.org Subject: Re: [Samba] Lots of smbd processes and connections? On Wed, Oct 28, 2009 at 06:37:03PM -0500, Matthew Dickinson wrote: On 10/28/09 6:21 PM, Jeremy Allison j...@samba.org wrote: Not enough detail. Get a log level 10 plus a wireshark trace please. Jeremy. Since it might be the same problem I'm having, I have those available on the bugzilla page ( https://bugzilla.samba.org/show_bug.cgi?id=6782) No, your trace doesn't look anything like his problem (I just looked). Your trace shows a DFS referral request for a truncated network path, not a repeating findfirst pattern. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Lots of smbd processes and connections?
Well don't hold me to it, but I may have solved it! Was trying to reproduce it but that failedgrrr Will keep trying after all this...for the benefit of all anywhohere is / was the thing my homes is set to [homes] comment = Home directory for %u on %h browseable = no writable = yes path = /usr/home/%u/Documents valid users = %S I had /usr/home/root as a symbolic link pointing back to /root then I had /root/Documents as a symbolic link pointing to /usr/samba-shares/file-server3/root/Documents should be ok? at least I thought so well so far so good (crosses fingers) I deleted the /usr/home/root symbolic link to /root and made a real directory there named root, then I created a symbolic link there named Documents to /usr/samba-shares/file-server3/Documents ohh and if ya missed it I moved /usr/samba-shares/file-server3/root/Documents to /usr/samba-shares/file-server3/Documents and also somewhere in there I renamed old root home to old-root-home BAMMM near as I can tell no one is spamming any more Yawns! time will tell if I fixed it, but would sure like to reproduce it! -Original Message- From: Jeremy Allison [mailto:j...@samba.org] Sent: Wednesday, October 28, 2009 11:33 PM To: Brian Cc: samba@lists.samba.org; 'Jeremy Allison'; 'Matthew Dickinson' Subject: Re: [Samba] Lots of smbd processes and connections? On Wed, Oct 28, 2009 at 07:48:10PM -0500, Brian wrote: Not that a matters, remember I have my non-working work around in place where I inserted a roo share. It may change things because I am not getting that recurring couldn't find service roo anymore which was looking for a truncated service name. DFS problems does however sound like a different ball game...IDK If you're not using DFS then try setting host msdfs = no and rebooting the clients. I'm guessing this may make a difference. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Lots of smbd processes and connections?
This also fits with my earlier effort to add a new user on the windoze and bsd side which didn't have all the links back and forth. That effort with the new user didn't produce all the spamming. -Original Message- From: samba-boun...@lists.samba.org On Behalf Of Brian Well don't hold me to it, but I may have solved it! Was trying to reproduce it but that failedgrrr Will keep trying after all this...for the benefit of all anywhohere is / was the thing my homes is set to [homes] comment = Home directory for %u on %h browseable = no writable = yes path = /usr/home/%u/Documents valid users = %S I had /usr/home/root as a symbolic link pointing back to /root then I had /root/Documents as a symbolic link pointing to /usr/samba-shares/file-server3/root/Documents should be ok? at least I thought so well so far so good (crosses fingers) I deleted the /usr/home/root symbolic link to /root and made a real directory there named root, then I created a symbolic link there named Documents to /usr/samba-shares/file-server3/Documents ohh and if ya missed it I moved /usr/samba-shares/file-server3/root/Documents to /usr/samba-shares/file-server3/Documents and also somewhere in there I renamed old root home to old-root- home BAMMM near as I can tell no one is spamming any more Yawns! time will tell if I fixed it, but would sure like to reproduce it! -Original Message- From: Jeremy Allison [mailto:j...@samba.org] Sent: Wednesday, October 28, 2009 11:33 PM To: Brian Cc: samba@lists.samba.org; 'Jeremy Allison'; 'Matthew Dickinson' Subject: Re: [Samba] Lots of smbd processes and connections? On Wed, Oct 28, 2009 at 07:48:10PM -0500, Brian wrote: Not that a matters, remember I have my non-working work around in place where I inserted a roo share. It may change things because I am not getting that recurring couldn't find service roo anymore which was looking for a truncated service name. DFS problems does however sound like a different ball game...IDK If you're not using DFS then try setting host msdfs = no and rebooting the clients. I'm guessing this may make a difference. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Lots of smbd processes and connections?
well, unfortunately no, that didn't fix it. Good eyes though! -Original Message- From: Volker Lendecke [mailto:volker.lende...@sernet.de] Sent: Tuesday, October 27, 2009 3:04 AM To: Brian Cc: samba@lists.samba.org Subject: Re: [Samba] Lots of smbd processes and connections? On Mon, Oct 26, 2009 at 06:49:37PM -0500, Brian wrote: Also, here is my config... [global] workgroup = XNET2 server string = Samba Server hosts allow = 10.0.2., 127. guest account = guest interfaces = dc0 log level = 2 log file = /var/log/samba/%m-samba.log max log size = 500 time server = Yes socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 security = user passdb backend = tdbsam dns proxy = no load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes Maybe for some reason your client is unhappy with disable spoolss = yes? Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Lots of smbd processes and connections?
On 10/27/09 4:31 PM, Jeremy Allison j...@samba.org wrote: On Mon, Oct 26, 2009 at 08:57:20PM -0500, Brian wrote: Just looked I'm getting 500K log every 12 seconds with log level 2. My new server is a box with modern hardware and so forth and its spending 24% processor time filling out logs. John suggest 3.3.8 and I realized I was at 3.3.3 so I upgraded samba to 3.3.8 and got the same result! So I have had samba version 3.0.something (older FBSD implementation, older 166 pentium) through 3.3.8 running (7.2 FBSD implementation with modern hardware) and all of them are being flooded by vista. Ya ya I know...blame Gates, but there must be a fix here some place? The situation with 3.3.8 is the first time I noticed dozens of samba processes spawned as a result. Earlier versions got spammed, but didn't branch a bunch of processes. Log a bug at bugzilla.samba.org and attach a debug level 10 log from one client and also a wireshark trace. The wireshark trace is very important in order to determine if this is a client or server bug. Jeremy. Already done that :-) https://bugzilla.samba.org/show_bug.cgi?id=6782 Matthew I will try and do the same at bugzilla but for now a bit more information after some experimentation. When homes share definition is removed I get: [2009/10/27 17:23:33, 0] smbd/service.c:make_connection(1292) dadsdesktop (10.0.2.149) couldn't find service roo [2009/10/27 17:23:33, 0] smbd/service.c:make_connection(1292) dadsdesktop (10.0.2.149) couldn't find service roo [2009/10/27 17:23:33, 0] smbd/service.c:make_connection(1292) dadsdesktop (10.0.2.149) couldn't find service root [2009/10/27 17:23:33, 0] smbd/service.c:make_connection(1292) dadsdesktop (10.0.2.149) couldn't find service root This supports comments from other people that the client re-tries with the correct name and then connects. I do not have issues connecting to my home share. Maybe some lag sometimes... When I make a share named roo, the can't find service messages go away and I get a visible roo share. Also get the following from smbstatus when I have made no attempt to connect to the roo share with explorer or whatever. This tells me the client is purposely trying to connect to roo by itself. Samba version 3.3.8 PID Username Group Machine --- 6848 root wheel dadsdesktop (10.0.2.149) Service pid machine Connected at --- roo 6848 dadsdesktop Tue Oct 27 18:55:56 2009 root 6848 dadsdesktop Tue Oct 27 18:55:56 2009 No locked files Seems to me the client is the issue here... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Lots of smbd processes and connections?
Sorry I don't think sobasically as you can see in my earlier post I tried a workaround by creating a share with the last character clipped off (in my case roo). Great news, the attempt to connect msgs are now gone, but my server is still being spammed I did some stats on my client with a net statistics workstation command and came up with: Bytes received 137,514 bytes/sec Server Message Blocks (SMBs) received 1,302 SMB blocks/sec Bytes transmitted 95,329 bytes/sec Server Message Blocks (SMBs) transmitted 1,302 SMB blocks/sec So the error msgs are gone, but the server is getting spammed with greater than 1000 SMB msg blocks per second while IDLE! I don't know what is normal but 1300 / sec sounds like a LOT! smbd is being a trooper though as it didn't drop one of them! Here is what top shows: last pid: 7417; load averages: 6.22, 6.27, 6. 39 processes: 7 running, 32 sleeping CPU: 4.0% user, 0.0% nice, 29.5% system, 1.4% interrupt, 65.0% idle Mem: 36M Active, 606M Inact, 183M Wired, 110M Buf, 162M Free Swap: 1902M Total, 1902M Free PID USERNAMETHR PRI NICE SIZERES STATE C TIME WCPU COMMAND 6848 root 1 660 14652K 8128K CPU0 2 33:00 30.37% smbd 1497 root 1 1040 14600K 7224K RUN1 34:35 0.00% smbd 863 root 1 1070 14620K 7304K RUN2 22:08 0.00% smbd 1408 root 1 1040 14600K 7224K RUN1 7:51 0.00% smbd 6552 root 1 1010 14640K 7984K RUN1 3:00 0.00% smbd 1401 root 1 1040 14600K 7224K RUN1 0:25 0.00% smbd 5628 root 1 440 8340K 5316K select 1 0:11 0.00% mc 756 root 1 440 4672K 2276K select 2 0:04 0.00% ntpd 7126 root 1 440 3496K 1748K CPU1 1 0:03 0.00% top 5588 root 1 440 8428K 3892K select 1 0:02 0.00% sshd 793 root 1 440 5876K 3444K select 0 0:02 0.00% sendmail 620 bind 7 40 27892K 22424K kqread 0 0:02 0.00% named 706 dhcpd 1 440 3128K 2040K select 1 0:01 0.00% dhcpd 6839 root 1 440 9540K 4360K select 0 0:01 0.00% nmbd 5630 root 1 80 4396K 2264K wait 1 0:01 0.00% bash 552 root 1 440 3184K 1228K select 0 0:00 0.00% syslogd 804 root 1 80 3212K 1272K nanslp 2 0:00 0.00% cron 5593 root 1 80 4396K 2260K wait 0 0:00 0.00% bash 797 smmsp 1 200 5876K 3232K pause 2 0:00 0.00% sendmail 6845 root 1 960 14428K 7804K select 1 0:00 0.00% smbd 847 root 1 50 3184K 1092K ttyin 2 0:00 0.00% getty 787 root 1 440 5752K 3528K select 1 0:00 0.00% sshd 846 root 1 50 3184K 1092K ttyin 1 0:00 0.00% getty 852 root 1 50 3184K 1092K ttyin 2 0:00 0.00% getty 851 root 1 50 3184K 1092K ttyin 2 0:00 0.00% getty 850 root 1 50 3184K 1092K ttyin 3 0:00 0.00% getty 849 root 1 50 3184K 1092K ttyin 1 0:00 0.00% getty 848 root 1 50 3184K 1092K ttyin 0 0:00 0.00% getty 824 root 1 960 3240K 1356K select 2 0:00 0.00% inetd 5543 root 1 50 3184K 1092K ttyin 1 0:00 0.00% getty 6847 root 1 960 14428K 7744K select 2 0:00 0.00% smbd 493 root 1 450 1888K 564K select 2 0:00 0.00% devd 147 root 1 200 1380K 804K pause 2 0:00 0.00% adjkerntz -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Matthew Dickinson Sent: Tuesday, October 27, 2009 8:30 PM To: Jeremy Allison Cc: samba@lists.samba.org Subject: Re: [Samba] Lots of smbd processes and connections? Which got me to thinking: The thread http://lists.samba.org/archive/samba/2005-October/112876.html In particular the last post http://lists.samba.org/archive/samba/2005-October/112929.html So... new config item: w2k client workaround = yes iff requested share does not exist, but a single share with the same name plus one character does exist, connect to that instead. Matthew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Lots of smbd processes and connections?
Checked up on my new 3.3.8 installation and found this after a vista workstation was idle all day on the network I forgot to save the smbstatus output but it was a long list of PIDs linked to the workstation in question. Also I restarted then stopped the server and all the processes stayed there. PID USERNAMETHR PRI NICE SIZERES STATE C TIME WCPU COMMAND 12484 root 1 1170 11388K 8080K CPU3 3 6:38 93.65% bzip2 546 root 1 510 3184K 988K select 3 70:47 12.60% syslogd 12558 root 1 980 14624K 5628K RUN3 0:06 9.57% smbd 9540 root 1 980 14624K 5500K RUN2 27:59 0.00% smbd 11658 root 1 980 14624K 5596K RUN3 23:29 0.00% smbd 10785 root 1 980 14624K 5544K RUN2 23:04 0.00% smbd 9836 root 1 1020 14624K 5492K RUN2 22:56 0.00% smbd 11076 root 1 980 14624K 5540K RUN0 21:43 0.00% smbd 10495 root 1 980 14624K 5544K RUN0 21:28 0.00% smbd 11979 root 1 970 14624K 5608K RUN0 19:53 0.00% smbd 10183 root 1 970 14624K 5504K RUN2 13:26 0.00% smbd 11472 root 1 970 14624K 5588K RUN0 12:21 0.00% smbd 10328 root 1 970 14624K 5516K RUN0 7:45 0.00% smbd 11385 root 1 990 14624K 5568K RUN2 7:27 0.00% smbd 10730 root 1 980 14624K 5536K RUN0 4:06 0.00% smbd 9472 root 1 980 14624K 5484K RUN2 3:36 0.00% smbd 11932 root 1 980 14624K 5600K RUN0 3:17 0.00% smbd 11609 root 1 980 14624K 5588K RUN3 3:05 0.00% smbd 10085 root 1 990 14624K 5488K RUN0 3:04 0.00% smbd 10129 root 1 980 14624K 5504K RUN0 2:52 0.00% smbd 11029 root 1 980 14624K 5536K RUN0 2:16 0.00% smbd 11904 root 1 980 14624K 5584K RUN3 2:04 0.00% smbd 12246 root 1 980 14708K 5664K RUN0 2:03 0.00% smbd 9454 root 1 990 14624K 5448K RUN2 1:54 0.00% smbd 9172 root 1 1000 14624K 5424K RUN2 1:52 0.00% smbd 10441 root 1 980 14624K 5520K RUN2 1:48 0.00% smbd 10475 root 1 970 14624K 5480K RUN0 1:30 0.00% smbd 11340 root 1 980 14624K 5552K RUN0 1:28 0.00% smbd 10420 root 1 970 14624K 5516K RUN2 1:21 0.00% smbd 11309 root 1 980 14624K 5512K RUN2 1:14 0.00% smbd 12207 root 1 970 14708K 5664K RUN0 1:05 0.00% smbd 12195 root 1 980 14708K 5592K RUN0 0:41 0.00% smbd 10175 root 1 970 14624K 5488K RUN0 0:34 0.00% smbd 12220 root 1 970 14708K 5624K RUN0 0:29 0.00% smbd 11377 root 1 970 14624K 5568K RUN0 0:24 0.00% smbd 3797 root 1 440 8428K 2656K select 3 0:24 0.00% sshd 11326 root 1 970 14624K 5528K RUN0 0:21 0.00% smbd 3867 root 1 440 8340K 4364K select 3 0:17 0.00% mc 9533 root 1 970 14624K 5448K RUN0 0:12 0.00% smbd 11067 root 1 980 14624K 5496K RUN0 0:09 0.00% smbd 11371 root 1 970 14624K 5528K RUN2 0:09 0.00% smbd 9448 root 1 980 14624K 5448K RUN2 0:04 0.00% smbd 5945 root 1 440 4672K 1624K select 3 0:04 0.00% ntpd 786 root 1 440 5876K 2440K select 0 0:02 0.00% sendmail 3742 root 1 440 8428K 2656K select 2 0:02 0.00% sshd 5732 bind 7 40 28916K 22612K kqread 2 0:01 0.00% named 5886 dhcpd 1 440 3128K 1656K select 0 0:01 0.00% dhcpd 3869 root 1 50 4396K 1780K ttyin 2 0:01 0.00% bash 796 root 1 80 3212K 960K nanslp 2 0:00 0.00% cron 790 smmsp 1 200 5876K 2192K pause 3 0:00 0.00% sendmail 3801 root 1 80 4396K 1732K wait 3 0:00 0.00% bash 3746 root 1 80 4396K 1652K wait 2 0:00 0.00% bash 12555 root 1 960 14428K 5428K select 2 0:00 0.00% smbd 12559 root 1 440 3496K 1496K CPU0 0 0:00 0.00% top 487 root 1 440 1888K 428K select 0 0:00 0.00% devd 780 root 1 440 5752K 2292K select 0 0:00 0.00% sshd 12549 root 1 500 9516K 3008K select 3 0:00 0.00% nmbd 12471 root 1 80 3128K 964K wait 0 0:00 0.00% newsyslog Ohh and I started getting this again.this problem has come and gone lately...its back now. Any thoughts would be appreciated. Thanks Brian Oct 26 18:00:36 oldjunk smbd[12268]: [2009/10/26 18:00:36, 0] smbd/service.c:make_connection(1292) Oct 26 18:00:36 oldjunk smbd[12268]: dadsdesktop (10.0.2.149) couldn't find service roo Oct 26 18:00:36 oldjunk
Re: [Samba] Lots of smbd processes and connections?
Also, here is my config... [global] workgroup = XNET2 server string = Samba Server hosts allow = 10.0.2., 127. guest account = guest interfaces = dc0 log level = 2 log file = /var/log/samba/%m-samba.log max log size = 500 time server = Yes socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 security = user passdb backend = tdbsam dns proxy = no load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes wins support = Yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # Share Definitions == [homes] comment = Home directory for %u on %h browseable = no writable = yes path = /usr/home/%u/Documents valid users = %S [tmp] comment = Temporary file space path = /usr/samba-shares/tmp read only = no public = yes [public] comment = Public Directory, r/w all users, guest owns all files path = /usr/samba-shares/public public = yes only guest = yes writable = yes printable = no [share1] comment = Share Directory No. 1, Writable only by group wheel members path = /usr/samba-shares/file-server1 public = yes writable = yes printable = no write list = @wheel [share2] comment = Share Directory No. 2, Writable only by group wheel members path = /usr/samba-shares/file-server2 public = yes writable = yes printable = no write list = @wheel [share3] comment = Share Directory No. 3, Writable only by group wheel members path = /usr/samba-shares/file-server3 public = yes writable = yes printable = no write list = @wheel -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian Sent: Monday, October 26, 2009 6:34 PM To: samba@lists.samba.org Subject: [Samba] Lots of smbd processes and connections? Checked up on my new 3.3.8 installation and found this after a vista workstation was idle all day on the network I forgot to save the smbstatus output but it was a long list of PIDs linked to the workstation in question. Also I restarted then stopped the server and all the processes stayed there. PID USERNAMETHR PRI NICE SIZERES STATE C TIME WCPU COMMAND 12484 root 1 1170 11388K 8080K CPU3 3 6:38 93.65% bzip2 546 root 1 510 3184K 988K select 3 70:47 12.60% syslogd 12558 root 1 980 14624K 5628K RUN3 0:06 9.57% smbd 9540 root 1 980 14624K 5500K RUN2 27:59 0.00% smbd 11658 root 1 980 14624K 5596K RUN3 23:29 0.00% smbd 10785 root 1 980 14624K 5544K RUN2 23:04 0.00% smbd 9836 root 1 1020 14624K 5492K RUN2 22:56 0.00% smbd 11076 root 1 980 14624K 5540K RUN0 21:43 0.00% smbd 10495 root 1 980 14624K 5544K RUN0 21:28 0.00% smbd 11979 root 1 970 14624K 5608K RUN0 19:53 0.00% smbd 10183 root 1 970 14624K 5504K RUN2 13:26 0.00% smbd 11472 root 1 970 14624K 5588K RUN0 12:21 0.00% smbd 10328 root 1 970 14624K 5516K RUN0 7:45 0.00% smbd 11385 root 1 990 14624K 5568K RUN2 7:27 0.00% smbd 10730 root 1 980 14624K 5536K RUN0 4:06 0.00% smbd 9472 root 1 980 14624K 5484K RUN2 3:36 0.00% smbd 11932 root 1 980 14624K 5600K RUN0 3:17 0.00% smbd 11609 root 1 980 14624K 5588K RUN3 3:05 0.00% smbd 10085 root 1 990 14624K 5488K RUN0 3:04 0.00% smbd 10129 root 1 980 14624K 5504K RUN0 2:52 0.00% smbd 11029 root 1 980 14624K 5536K RUN0 2:16 0.00% smbd 11904 root 1 980 14624K 5584K RUN3 2:04 0.00% smbd 12246 root 1 980 14708K 5664K RUN0 2:03 0.00% smbd 9454 root 1 990 14624K 5448K RUN2 1:54 0.00% smbd 9172 root 1 1000 14624K 5424K RUN2 1:52 0.00% smbd 10441 root 1 980 14624K 5520K RUN2 1:48 0.00% smbd 10475 root 1 970 14624K 5480K RUN0 1:30 0.00% smbd 11340 root 1 980 14624K 5552K RUN0 1:28 0.00% smbd 10420 root 1 970 14624K 5516K RUN2 1:21 0.00% smbd 11309 root 1 980 14624K 5512K RUN2 1:14 0.00% smbd 12207 root 1 970 14708K 5664K RUN0 1:05 0.00% smbd 12195 root 1 980 14708K 5592K RUN0 0:41 0.00% smbd 10175 root 1 970 14624K 5488K RUN0 0:34 0.00% smbd 12220 root 1 970 14708K 5624K RUN0 0:29 0.00% smbd 11377 root 1 970 14624K 5568K RUN0 0:24 0.00% smbd 3797 root 1 44
Re: [Samba] Lots of smbd processes and connections?
Just looked I'm getting 500K log every 12 seconds with log level 2. My new server is a box with modern hardware and so forth and its spending 24% processor time filling out logs. John suggest 3.3.8 and I realized I was at 3.3.3 so I upgraded samba to 3.3.8 and got the same result! So I have had samba version 3.0.something (older FBSD implementation, older 166 pentium) through 3.3.8 running (7.2 FBSD implementation with modern hardware) and all of them are being flooded by vista. Ya ya I know...blame Gates, but there must be a fix here some place? The situation with 3.3.8 is the first time I noticed dozens of samba processes spawned as a result. Earlier versions got spammed, but didn't branch a bunch of processes. thanks for your help in advance. Brian -Original Message- From: Matthew Dickinson [mailto:matt-sa...@alpha345.com] On 10/26/09 6:34 PM, Brian bbayorg...@charter.net wrote: Ohh and I started getting this again.this problem has come and gone lately...its back now. Any thoughts would be appreciated. Oct 26 18:00:36 oldjunk smbd[12268]: [2009/10/26 18:00:36, 0] smbd/service.c:make_connection(1292) Oct 26 18:00:36 oldjunk smbd[12268]: dadsdesktop (10.0.2.149) couldn't find service roo Likewise: Situation: I'm seeing lots (~500k per day) of log entries like: smbd[13939]: itlab-pc06 (:::10.51.51.103) couldn't find service it261 In this case, the last character of the request is truncated - it should be it2610 I'm seeing the same/similar issue to http://lists.samba.org/archive/samba/2009-March/147277.html And http://lists.samba.org/archive/samba/2009-October/150998.html I've dismissed this over the last few weeks as a minor inconvenience, but I'm now convinced that it's affecting the performance of the Windows client machines that are connecting to it - a 30 second operation on local disk, takes upwards of 5 mins over a network connection, generating thousands of entries similar to the above. Matthew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Lots of smbd processes and connections? AKA New issue with a New Vista Client - couldn't find service
Did some research, but didn't find a solution. All the following links discuss a similar issue with not being able to find a service and in most cases the error reports the service name truncated by one character. One was reporting the service name with extra characters. These date back to 2003 and maybe earlier. Some interesting discussions with some indicating a Windoze bug persisting from Win2k thru WinXP (and now vista) Others report it is a long standing samba bug since 2.xwho knows. One common thing near as I can tell is solutions are not identified. Many seem to ignore it, but the traffic and logs are putting quite a burden on the system. Again any thoughts are appreciated thanks Brian http://www.webservertalk.com/message857789.html http://www.linuxquestions.org/questions/linux-networking-3/logs-filling-up-w ith-smbdservice.cmakeconnection-couldnt-find-service-397227/ http://beau.org/pipermail/whitebox-users/2005-October/007173.html http://lists.samba.org/archive/samba/2005-October/112876.html http://lists.samba.org/archive/samba/2005-October/112878.html http://lists.freebsd.org/pipermail/freebsd-questions/2003-October/023809.htm l -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian Sent: Monday, October 26, 2009 6:50 PM To: samba@lists.samba.org Subject: Re: [Samba] Lots of smbd processes and connections? Also, here is my config... [global] workgroup = XNET2 server string = Samba Server hosts allow = 10.0.2., 127. guest account = guest interfaces = dc0 log level = 2 log file = /var/log/samba/%m-samba.log max log size = 500 time server = Yes socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 security = user passdb backend = tdbsam dns proxy = no load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes wins support = Yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # Share Definitions == [homes] comment = Home directory for %u on %h browseable = no writable = yes path = /usr/home/%u/Documents valid users = %S [tmp] comment = Temporary file space path = /usr/samba-shares/tmp read only = no public = yes [public] comment = Public Directory, r/w all users, guest owns all files path = /usr/samba-shares/public public = yes only guest = yes writable = yes printable = no [share1] comment = Share Directory No. 1, Writable only by group wheel members path = /usr/samba-shares/file-server1 public = yes writable = yes printable = no write list = @wheel [share2] comment = Share Directory No. 2, Writable only by group wheel members path = /usr/samba-shares/file-server2 public = yes writable = yes printable = no write list = @wheel [share3] comment = Share Directory No. 3, Writable only by group wheel members path = /usr/samba-shares/file-server3 public = yes writable = yes printable = no write list = @wheel -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian Sent: Monday, October 26, 2009 6:34 PM To: samba@lists.samba.org Subject: [Samba] Lots of smbd processes and connections? Checked up on my new 3.3.8 installation and found this after a vista workstation was idle all day on the network I forgot to save the smbstatus output but it was a long list of PIDs linked to the workstation in question. Also I restarted then stopped the server and all the processes stayed there. PID USERNAMETHR PRI NICE SIZERES STATE C TIME WCPU COMMAND 12484 root 1 1170 11388K 8080K CPU3 3 6:38 93.65% bzip2 546 root 1 510 3184K 988K select 3 70:47 12.60% syslogd 12558 root 1 980 14624K 5628K RUN3 0:06 9.57% smbd 9540 root 1 980 14624K 5500K RUN2 27:59 0.00% smbd 11658 root 1 980 14624K 5596K RUN3 23:29 0.00% smbd 10785 root 1 980 14624K 5544K RUN2 23:04 0.00% smbd 9836 root 1 1020 14624K 5492K RUN2 22:56 0.00% smbd 11076 root 1 980 14624K 5540K RUN0 21:43 0.00% smbd 10495 root 1 980 14624K 5544K RUN0 21:28 0.00% smbd 11979 root 1 970 14624K 5608K RUN0 19:53 0.00% smbd 10183 root 1 970 14624K 5504K RUN2 13:26 0.00% smbd 11472 root 1 970 14624K 5588K RUN0 12:21 0.00% smbd 10328 root 1 970 14624K 5516K RUN0 7:45 0.00% smbd 11385 root 1 990 14624K 5568K RUN2 7:27 0.00% smbd 10730 root 1 980 14624K 5536K RUN0 4:06 0.00% smbd 9472 root 1 980 14624K 5484K RUN2
Re: [Samba] New issue with a New Vista Client - couldn't find service
OK, Since we last spoke I built a new server, installed FBSD 7.2 and installed the samba package 3.3.3 and the results were the same. The new server is still being flooded with: Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Literally 500K log files in a few seconds. Its modern hardware with a intel Atom processor and so forth and its spending 24% processor time filling out logs. John suggest 3.3.8 and I realized I was at 3.3.3 so I upgraded samba to 3.3.8 and got the same result! So I have had version 3.0.something (older FBSD implementation) through 3.3.8 running (7.2 FBSD implementation) and all of them are being flooded by vista. Ya ya I know...blame Gates, but there must be a fix here some place? thanks for your help in advance. Brian -Original Message- From: John H Terpstra - Samba Team [mailto:j...@samba.org] Sent: Saturday, October 17, 2009 9:10 AM To: Brian Subject: Re: [Samba] New issue with a New Vista Client - couldn't find service On 10/17/2009 08:59 AM, Brian wrote: Sorry if this a duplicate, previous post was with a disfunctional email address. Running a samba server version 3.0.7 on a FreeBSD box Please update your version of Samba to at 3.3.8 or later (preferably 3.4.2 or later). Samba-3.4.2 is a whole different animal from 3.0.7 - life has moved on. Vista is also a whole different animal than XP and requires the later Samba releases for smooth interoperability. cheers, John T. Life has been fine with XP and so forth I added a new vista workstation to my small network Vista found my shares and I am able to access them with no jerking around with authentication types or such as I use appropriate pw and user name to log into the vista box. Problem is vista is spamming my server, taking up 50% cpu time and creating a 500K log file every 2 min it is filling the log file with [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo the service name is truncated also by on letter thanks in advance for your help Brian -- John H Terpstra If at first you don't succeed, don't go sky-diving! -- To unsubscribe from this list go to the following URL and read
[Samba] New issue with a New Vista Client - couldn't find service
Sorry if this a duplicate, previous post was with a disfunctional email address. Running a samba server version 3.0.7 on a FreeBSD box Life has been fine with XP and so forth I added a new vista workstation to my small network Vista found my shares and I am able to access them with no jerking around with authentication types or such as I use appropriate pw and user name to log into the vista box. Problem is vista is spamming my server, taking up 50% cpu time and creating a 500K log file every 2 min it is filling the log file with [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo the service name is truncated also by on letter thanks in advance for your help Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] New issue with a New Vista Client - couldn't find service
Running a samba server version 3.0.7 on a FreeBSD box Life has been fine with XP and so forth I added a new vista workstation to my small network Vista found my shares and I am able to access them with no jerking around with authentication types or such as I use appropriate pw and user name to log into the vista box. Problem is vista is spamming my server, taking up 50% cpu time and creating a 500K log file every 2 min it is filling the log file with [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo the service name is truncated also by on letter thanks in advance for your help Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RedHat Linux AS4 64bit samba to ADS share issue ... winbind start/stop makes it work....
Have a bit of a situation and hope someone can help shed some light. Have the attached samba config on a RedHat Linux AS4 x86_64bit system and have joined the box to our Windows 2003 ADS environment using: Net ads join -Uadmin. We can map a user to their home directory without issue. The [dataload] or other shares we receive a window on our windows boxes that request identification on the other shares, unless we have started and then stopped winbind service. If the winbind service is running, we get the id window again. I sure hope someone can tell us where our config has gone wrong. I suspect that winbind has setup some structure or cached some info that makes our config work. Thanks. Brian Murphy Eastern Illinois University #=== Global Settings = [global] realm = eiuad.eiu.edu # workgroup = NT-Domain-Name or Workgroup-Name workgroup = EIU # server string is the equivalent of the NT Description field server string = sysbdb03 Samba Server ; hosts allow = 192.168.1. 192.168.2. 127. hosts allow = 139.67. # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = /etc/printcap load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = cups # This option tells cups that the data has already been rasterized cups options = raw log file = /var/log/samba/%m.log # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. security = ads # Use password server option only with security = server password server = eiudc06.eiuad.eiu.edu eiudc05.eiuad.eiu.edu eiudc04.eiuad.eiu.edu # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. password level = 8 ; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes ; smb passwd file = /etc/samba/smbpasswd # The following are needed to allow password changing from Windows to # update the Linux system password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only #the encrypted SMB passwords. They allow the Unix password #to be kept in sync with the SMB password. ; unix password sync = Yes ; passwd program = /usr/bin/passwd %u ; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # Unix users can map to different SMB User names ; username map = /etc/samba/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/samba/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) ; remote browse sync = 192.168.3.25 192.168.5.255 # Cause this host to announce itself to local subnets here ; remote announce = 192.168.1.255 192.168.2.44 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply ; local master = no # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable ; os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = no # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election ; preferred master = yes # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. ; domain logons = yes # if you enable domain logons then you may want a per-machine
[Samba] BDC and PDC communication...
Question about BDC's on a domain, 1) How can you verify that the BDC and PDC are communicating? (verify they are both on the same domain and that one is a slave/backup? basically verify that the reality matches what is setup in the config files.) 2) If a BDC seems to no longer see the domain, do you just rejoin it again with net rpc join ... Thanks for any help, Brian H binaryno...@gmail.com http://www.binarynomad.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Rejoin BDC to domain?
We recently replaced a failing PDC, and it seems to be working just fine: # net rpc testjoin Join to 'OURDOMAIN' is OK # net lookup dc OURDOMAIN 172.16.1.40 But the BDC now seems to be having problems. We cannot get new workstations (in the subnet with the BDC) to join the domain, and while logged into the BDC, we get: # net rpc testjoin Unable to find a suitable server Join to domain 'OURDOMAIN' is not valid # net lookup dc # blank This BDC was working fine before we replaced the PDC, and I tried: net rpc getsid -S OURDOMAIN -I 172.16.1.40 -U admin%password which says it grabbed the SID. Do I need to rejoin the BDC to the domain? Thanks for any help, Brian H binaryno...@gmail.com http://www.binarynomad.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] BDC Promotion and Netbios...
We are replacing a failing PDC. When promoting a BDC to replace an existing PDC, can you change the NETBIOS name field to match that of the original PDC without causing problems? Brian H binaryno...@gmail.com http://www.binarynomad.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Migrating to replacement PDC
I've been reading the SAMBA documentation at: http://us3.samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2600749 But I just need some confirmation since this is our primary server, and I'm not fully confident about what I read. SITUATION: We currently have a Samba server running as our Primary Domain Controller which is authenticating against a local LDAP database. The hardware is failing so we need to build a replacement box. Machine hostnames are based off of asset tags, so the hostnames will be different between the two servers. The intention is to build the NEW server with a unique hostname and temp IP address, and the same smb.conf. Then at the point of migration, change the IP address of the NEW server to that of the OLD server, start up SAMBA, and then let it take over as the PDC. QUESTIONS: And from what I understand, as long as I make sure the NEW server has the same NETBIOS name in the /etc/samba/smb.conf file, then it should pull the domain SID from LDAP the first time it is started. Does this mean I don't need to import the secrets.tdb or manually set the SID with net setlocalsid S-1-5-21-22-2394995923-3994118334, or change the hostname that of the OLD server? MISC FACTS: OLD Server Hostname: asset01 DNS Name(s): asset01 PDC LDAP NETBIOS: PDC IP: 172.16.1.1 Services: SAMBA, LDAP NEW Server (future values are in ) Hostname: asset02 DNS Name(s): asset02 asset02 PDC LDAP NETBIOS: PDC IP: 172.16.1.2 172.16.1.1 Services: SAMBA, LDAP Brian H binaryno...@gmail.com http://www.binarynomad.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: RESOLVED: (sorta) Re: [Samba] Oplocks question
Clearly some one who hasn't worked with Samba for that long. Theres no shame about Samba, it does what it does well, PDC and SMB sharing and has saved my a#% several times. I never chimed in as I didn't and still don't follow the thread. You can stack as many disk protocol sharing services as you want on a single box, but if you want to re export from one to another, sounds to me like you are very junior in the network fs space. As for MSDFS, man that sh$# sux. If you require clustering of that nature, start doing an RFQ from NetApp or BlueArc, etc... even look on eBay and actual auctions. My buddy picked up a few slightly used NetApps for $3.5K each at 4TB. - Brian On Jun 9, 2009, at 12:29 PM, Terry Haley wrote: Actually Dan that helps a lot. It tells me the amount of work and effort it takes to bend this application in order to fit a mold it was not intended for. In the end, I decided to bite the bullet and make my PDC double as my primary file server. 45 mins of swapping an FC-nic, remapping the lvm's and reconfiguring the smb.conf in order to make this a non-issue and prevent more complexity proliferation is well worth it. It's a shame it doesn't handle remote file systems more elegantly. Thank you, everyone, for your comments and advice. Terry On Jun 9, 2009, at 1:36 PM, Daniel Bourque wrote: I keep an old RH7 VM running samba as a gateway to NFS shares for our older Mac boxes , because I was having problems with the ressource fork on newer implementations of samba. everything works perfect with newer versions of samba, I experience lock issues accessing the same NFS shares. So I also have samba running on ever NFS servers, and drives are mapped directly to the server were the file system is locally mounted. As Volker said, look into msfds. It will allow you to point your clients to one SMB server and access SMB shares off other servers in a transparent way. You'll still need to install Samba on the NFS file servers you want to acesss. hope this helps Dan Terry Haley wrote: So reading this, I assume that noone uses samba as a simple authentication/gateway to network shares for windows machines. Since you are limited to sharing local volumes on the PDC? How would I go about setting up a passthrough for my machines to the actual fileserver? Do I setup clients on the file server? do I have samba point them with credentials to the file server? On Jun 9, 2009, at 12:16 PM, Volker Lendecke wrote: On Tue, Jun 09, 2009 at 11:59:11AM -0400, Terry Haley wrote: Hmm, so the thing would be to convert my NFS server to use samba? and setup an smbfs on the PDC? No, you should not re-export *any* file system you imported from some network file system. You should direct your clients at the original file server holding the storage, if necessary via msdfs redirects. Volker The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Does this tell me anything? Traffic report
Ack=1 Win=0 Len=0 Frame 18 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Intel_6d:d7:6a (00:04:23:6d:d7:6a) Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.105 (192.168.1.105) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 36377 (36377), Seq: 1, Ack: 1, Len: 0 No. TimeSourceDestination Protocol Info 19 20.093060 192.168.1.105 192.168.1.100 TCP 45084 netbios-ssn [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=1977451 TSER=0 WS=6 Frame 19 (74 bytes on wire, 74 bytes captured) Ethernet II, Src: Intel_6d:d7:6a (00:04:23:6d:d7:6a), Dst: Cisco-Li_15:1c:11 (00:18:39:15:1c:11) Internet Protocol, Src: 192.168.1.105 (192.168.1.105), Dst: 192.168.1.100 (192.168.1.100) Transmission Control Protocol, Src Port: 45084 (45084), Dst Port: netbios-ssn (139), Seq: 0, Len: 0 No. TimeSourceDestination Protocol Info 20 20.095051 192.168.1.100 192.168.1.105 TCP netbios-ssn 45084 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 Frame 20 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Intel_6d:d7:6a (00:04:23:6d:d7:6a) Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.105 (192.168.1.105) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 45084 (45084), Seq: 1, Ack: 1, Len: 0 No. TimeSourceDestination Protocol Info 21 25.145799 Cisco-Li_15:1c:11 Intel_6d:d7:6aARP Who has 192.168.1.105? Tell 192.168.1.100 Frame 21 (42 bytes on wire, 42 bytes captured) Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Intel_6d:d7:6a (00:04:23:6d:d7:6a) Address Resolution Protocol (request) No. TimeSourceDestination Protocol Info 22 25.145836 Intel_6d:d7:6aCisco-Li_15:1c:11 ARP 192.168.1.105 is at 00:04:23:6d:d7:6a Frame 22 (42 bytes on wire, 42 bytes captured) Ethernet II, Src: Intel_6d:d7:6a (00:04:23:6d:d7:6a), Dst: Cisco-Li_15:1c:11 (00:18:39:15:1c:11) Address Resolution Protocol (reply) I'm running Ubuntu 8.04, DHCP, DNS and OpenLDAP on the server. Please - any help greatly appreciated! Thanks! -- Matt Burkhardt, M.Sci. Technology Management m...@imparisystems.com (301) 682-7901 502 Fairview Avenue Frederick, MD 21701 http://www.imparisystems.com Here is what mine looks like, 137 is using UDP: harley gregorcy # nmap -P0 humboldt Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-07 16:03 MDT Interesting ports on x.x.x (x.x.x.x): Not shown: 993 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 2049/tcp open nfs 5666/tcp open nrpe Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds harley gregorcy # nmap -sU humboldt Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-07 16:03 MDT Interesting ports on x.x.x.x (x.x.x.x): Not shown: 996 closed ports PORT STATE SERVICE 111/udp open|filtered rpcbind 137/udp open|filtered netbios-ns 138/udp open|filtered netbios-dgm 2049/udp open|filtered nfs Where is your WINS server? Is both the samba server and the client machine pointed at the same WINS box? -- Brian Gregorcy IT Manager University of Utah Department of Chemical Engineering -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] OSX causing multiple CLOSE_WAIT's
Hi Ed, First, I feel your pain. While I don't have an answer, I did switch from OSX based Samba server to Linux and my problems went away. My experience in general with OSX server 10.5 is that its a horrible XSAN, NFS, AFP, SMB server. What I've used to help trouble shoot OSX in general in addition to the built in process viewer is XRG ( X Resource Grapher). You can also try to dtrace stuff. Just type it in a term to see some help. There were some NFS bugs I uncovered and shared with the OSX Server dev guys which should be fixed in 10.6 server but who knows if that will also fix the plethora of other issues. - Brian On Jun 2, 2009, at 10:02 PM, Ed Kasky wrote: Lately it never fails when I attach a Mac running OSX 10.5 that I get runaway pid's. I tracked them down so far to multiple close_wait's: # /usr/sbin/lsof | grep pbg5mac smbd 24876 root6u IPv4 80015755 TCP yoda.wrenkasky.com:netbios-ssn-pbg5mac.wrenkasky.com:49381 (CLOSE_WAIT) They can grow to over 100 if I don't catch it or nobody can log on anymore ;-) Anybody had any problems with Macs using samba? Ed ... Randomly Generated Quote (50 of 1543): Defeat never comes to any man until he admits it. - Josephus Daniels -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Make CIFS look like NFS
You can have an NFS mount on your Nix box like /JOBS/stuff and a CIFS mount on XP like \\JOBS\stuff. In this case, JOBS is the Samba server name. This is how I maintain the same paths in scripts on diff platforms. Al you have to ensure is that your app will obey UNC paths so that a drive letter is never saved out in the file. - Brian On Jun 3, 2009, at 11:38 AM, Daniel L. Miller wrote: Is it possible to make CIFS look like NFS via some configuration/ mount options? What I mean is, from a client point of view, will the mounted share behave EXACTLY like NFS will? -- Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net groupmap woes - solved + root in domain admins solved
Hi all, So I read in the Samba docs where in order to map a unix group with a windows group (when using LDAP backend), that unixgroup must exist in the LDAP db even though it already exists in /etc/group. So I added the unix group of root to my LDAP db via ldapadd and using an ldif file with the desired values. I removed the group mapping via net groupmap delete Domain Admins as net groupmap modify didn't work and added the mapping of Domain Admins to root and all is well. I had to unjoin/rejoin the domain so that the root login worked as an Administrator on the XP box but all is well. - Brian On May 27, 2009, at 7:06 PM, Brian Krusic wrote: Hi all, I've scoured the net looking for a solution but to no avail. net groupmap list returns Domain Admins (S-) - Domain Admins I would rather map Domain Admins to my root unix group. net groupmap modify ntgroup=Domain Admins unixgroupreturns type=d returns an error; Could not update group database. If I delete via; net groupmap delete Domain Admins and then net groupmap add ntgroup=Domain Admins unixgroup=root rid=512 type=d I get; adding entry for group Domain Admins failed! Any and I mean any feedback is greatly appreciated. - Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] domain admin cannot admin pc
Hi all, My env; Centos 5.3 Samba 3.0.33 Samba PDC using LDAP backend. Problem; I can join the XP box to my Samba domain (called DOMAIN) using the root user and pass. But after rebooting and logging into that XP box as root, I can not admin the box and am treated as a regular user. Commands and results; net rpc group members Domain Admins DOMAIN\root C:\net localgroup Administrators Alias name Administrators CommentAdministrators have complete and unrestricted access to the computer/domain Members --- Administrator DOMAIN\Domain Admins getent group Domain Admins:*:512:root **There is more groups but I felt the above line was relevant. I've combed google but found that I shouldn't have a problem. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] domain admin cannot admin pc
Hi, If you mean the Domain Admin group, its already there and was added upon joining the domain. - Brian On May 27, 2009, at 3:21 PM, Miguel Medalha wrote: I can join the XP box to my Samba domain (called DOMAIN) using the root user and pass. But after rebooting and logging into that XP box as root, I can not admin the box and am treated as a regular user. On that XP computer, add the Domain Admin to the Administrators group. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net groupmap woes
Hi all, I've scoured the net looking for a solution but to no avail. net groupmap list returns Domain Admins (S-) - Domain Admins I would rather map Domain Admins to my root unix group. net groupmap modify ntgroup=Domain Admins unixgroupreturns type=d returns an error; Could not update group database. If I delete via; net groupmap delete Domain Admins and then net groupmap add ntgroup=Domain Admins unixgroup=root rid=512 type=d I get; adding entry for group Domain Admins failed! Any and I mean any feedback is greatly appreciated. - Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Solaris 10 (sparc) and samba issue
Ravi,
You don't mention which version of AD your are working with or include
any relevant config files. Both would be helpful.
Also, it might just be me, but I'm not clear on exactly what problem
you're having. Maybe you could clarify, list error messages, etc.
You might want to get Solaris patch 119757-14 which gives you samba
3.0.33. I don't know if it will help. I had no problems with samba
3.0.28 on Solaris 10.
-Brian
Ravi Channavajhala wrote:
The net ads joins the host to the AD, but cant get the proper kerberos
tix. Manually generating the kerberos keytab from AD dont work. Any
suggestions?
r...@host /#head -1 /etc/release
Solaris 10 10/08 s10s_u6wos_07b SPARC
r...@host /usr/sfw/sbin#./smbd -V
Version 3.0.28
r...@host /#for PKG in `pkginfo -x | grep -i samba | awk '{print
$1}'`; do VER=`pkginfo -l ${PKG} | grep PSTAMP`; echo ${PKG} ${VER};
done
SUNWsmbac PSTAMP: sfw10-patch20080310191909
SUNWsmbar PSTAMP: sfw10-patch20080723133424
SUNWsmbau PSTAMP: sfw10-patch20080723134146
Last few relevant lines from net ads with -d10 level debugging.
[2009/05/11 20:13:20, 10] libsmb/clientgen.c:(395)
cli_rpc_pipe_close: closed pipe \NETLOGON to machine host.domain.com
[2009/05/11 20:13:20, 6] libsmb/clientgen.c:(153)
write_socket(9,39)
[2009/05/11 20:13:20, 6] libsmb/clientgen.c:(156)
write_socket(9,39) wrote 39
[2009/05/11 20:13:20, 10] lib/util_sock.c:(623)
got smb length of 35
[2009/05/11 20:13:20, 5] lib/util.c:(484)
[2009/05/11 20:13:20, 5] lib/util.c:(494)
size=35
smb_com=0x71
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=2050
smb_pid=2945
smb_uid=2050
smb_mid=12
smt_wct=0
smb_bcc=0
[2009/05/11 20:13:20, 10] lib/util.c:(2957)
name_to_fqdn: lookup for HOST - HOST.domain.com
[2009/05/11 20:13:20, 3] libads/ldap.c:(2471)
ads_domain_func_level: 2
[2009/05/11 20:13:20, 3] libads/kerberos.c:(337)
kerberos_secrets_store_des_salt: Storing salt
host/host.domain@domain.com
[2009/05/11 20:13:21, 2] libads/kerberos_keytab.c:(260)
ads_keytab_add_entry: Using default system keytab: FILE:/etc/krb5/krb5.keytab
[2009/05/11 20:13:21, 5] libads/ldap.c:(1422)
ads_get_kvno: Searching for host HOST
[2009/05/11 20:13:21, 5] libads/ldap.c:(1440)
ads_get_kvno: Using: CN=HOST,CN=Computers,DC=domain,DC=com
[2009/05/11 20:13:21, 5] libads/ldap.c:(1459)
ads_get_kvno: Looked Up KVNO of: 7
[2009/05/11 20:13:21, 3] libads/kerberos_keytab.c:(65)
smb_krb5_kt_add_entry: Will try to delete old keytab entries
[2009/05/11 20:13:21, 1] libads/kerberos_keytab.c:(152)
smb_krb5_kt_add_entry: krb5_kt_end_seq_get failed (Bad file number)
[2009/05/11 20:13:21, 1] libads/kerberos_keytab.c:(346)
ads_keytab_add_entry: Failed to add entry to keytab file
[2009/05/11 20:13:21, 1] libads/kerberos_keytab.c:(508)
ads_keytab_create_default: ads_keytab_add_entry failed while adding 'host'.
[2009/05/11 20:13:21, 1] utils/net_ads.c:(1644)
Error creating host keytab!
Joined 'HOST' to realm 'DOMAIN.COM'
[2009/05/11 20:13:21, 2] utils/net.c:(1036)
return code = 0
--
---
Brian H. Nelson Youngstown State University
System Administrator Media and Academic Computing
bnelson[at]cis.ysu.edu
---
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
