[Samba] Multi ADS Auth servers in 1 smb.conf
Hello All: I would love to RTFM on multiple ADS servers being configured for ADS sercurity, but I can't find anything. Specifically: I have 2 ADS servers at 1 site. I have 4 SAMBA file servers at said site. If ADS server 1 goes down -- It will not cascade to ADS Server 2. How can I set that up? I have seen when using "security = server" multiple server names listed, but have not seen anything regarding ADS and this. I am planning on testing this either this weekend or sometime in the evenings, but thought maybe the list would know ...The list always knows -- James C. McLaughlin Montrose County IT Office: (970) 252-4598 Cell: (970) 209-8329 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] cleaning up duplicate files on the file server
I imagine we can save some space on our file server by cleaning up all the files that are saved multiple times by different people. There is already the fdupes command in linux that will scan a directory tree and report what files have duplicates. This could be easily scripted to turn those duplicate files into symlinks to one file. The problem is see, then, is what would happen if someone tries to change a duplicate file that they think is their own copy. Of course, everyone with a symlink to that file would get the changes, which is not what I would want. What it would need is some sort of copy-on-edit mechanism, so when the file is changed, instead of changing the original file, the symlink is replaced with the edited version of the file. Does this make sense? Has anyone else thought about this, or found an elegant solution to this? James Dinkel Network Engineer Butler County of Kansas There are 10 types of people in the world: those who understand binary, and those who don't. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and multiple ADS auth servers. RTFM ? Or NA ?
I saw a post recently about a gent trying to automatically have samba switch ADS auth servers if the Operations Master was offline -- does anyone know if an answer was produced or was it RTFM ? Thanks -- James C. McLaughlin Montrose County IT Office: (970) 252-4598 Cell: (970) 209-8329 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] copying a folder removes the 'hidden' attribute
I have extended attributes enable in the file system so the 'hidden' and other attributes should be saved as an extended attribute. When connecting to the share from a Windows computer, if I copy a FILE then the new file stays hidden, but if I copy a FOLDER then the new folder is NOT hidden. I tried this on a Windows file server and it does preserve the 'hidden' attribute, which is what I want. I know this isn't really critical, but it's annoying when copying a folder with hidden subfolders. All the hidden subfolders are now un-hidden and I have to go through and re-hide them. Is this a bug, or maybe there is something I can do about it? I'm using Samba 3.0.23d from the Debian Etch repository. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SMB slow by design?
> -Original Message- > From: Chris Garrigues > Sent: Thursday, February 01, 2007 2:06 PM > > > From: Jeremy Allison <[EMAIL PROTECTED]> > > Date: Thu, 1 Feb 2007 09:56:25 -0800 > > > > On Thu, Feb 01, 2007 at 11:47:59AM -0600, James A. Dinkel wrote: > > > > > > I don't know why, but I just tried this, removind the SNDBUF AND > RCVBUF, > > > and the file share does seem snappier. I had never messed with these > > > options, I just found several places that said setting these to 8192 > > > gave a performance increase, so I had always used them. Not any more. > > > > The trouble with the Internet is that really old advice never dies :-). > > I just looked in my own config files and found: > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > IPTOS_LOWDELAY SO_KEEPALIVE > > I removed SO_RCVBUF and SO_SNDBUF. > > Of course, I have no idea why any of these were defined in the first > place. > > Should any of the others be removed as well? > > Chris > I googled for IPTOS_LOWDELAY and found some information on it. I determined I don't want it, but it has advantages and disadvantages from what I read. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SMB slow by design?
> -Original Message- > From: [EMAIL PROTECTED] [mailto:samba- > [EMAIL PROTECTED] On Behalf Of Edmundo Valle > Neto > Sent: Saturday, January 27, 2007 7:14 PM > To: Jeremy Allison > Cc: samba@lists.samba.org > Subject: Re: [Samba] SMB slow by design? > > Jeremy Allison escreveu: > > On Sat, Jan 27, 2007 at 11:35:32PM +0100, Jan Engelhardt wrote: > > > >> Ah I found it. This is smb.conf: http://pastebin.ca/330452 > >> Removing SO_SNDBUF=8192 gives > >> > >> $ smbget smb://localhost/rt/blob.iso > >> [blob.iso] 41.08Mb of 171.06Mb (24.01%) at 41.08Mb/s ETA: 00:00:03 > >> > >> perfect performance again. Wonder how that got in there *grumble* > >> > > > > Yep, on modern kernels I don't think setting SNDBUF or RCVBUF is > > a good idea > > > > Jeremy. > > > > > Can you explain that a little better? Why is that good for older kernels > and not for new ones? And what do you call modern kernels, any 2.6 kernel? > > Regards. > > Edmundo > I don't know why, but I just tried this, removind the SNDBUF AND RCVBUF, and the file share does seem snappier. I had never messed with these options, I just found several places that said setting these to 8192 gave a performance increase, so I had always used them. Not any more. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba4 TP release
> -Original Message- > From: Andrew Bartlett > Sent: Saturday, January 20, 2007 5:47 PM > > On Fri, 2007-01-19 at 12:37 -0800, Guillermo Gutierrez wrote: > > Hey guys, > > > > I am wondering when there will be another samba4 technical preview > > release? Also, because I will want to set it up in a test environment, > > is there any documentation on the usage of it so far? > > I hope to make a TP4 release this week, if all things go to plan. > > Andrew Bartlett > I'm wondering if there has been any thought into extending the power of a Samba4 domain controller to apply policies to linux members? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Dual boot Win98 Centos sharing files
> -Original Message- > From: Jeff Boyce > Sent: Tuesday, January 16, 2007 4:17 PM > > > jbaker_signatureSo, it sounds like using Samba is not the way to achieve > my objective. And that I just need to learn about partitioning. So my > new question would be can anyone point me to a good how-to for creating a > FAT32 partition within the LVM on my 160 GB drive that I have Linux > installed. I am new to LVM and don't have much of any experience with > partitioning. Or, maybe someone should point me to a better mailing list > to ask this question since I am probably diverging from the Samba topic. > Thanks. > > Jeff > You're Windows partition is already a FAT partition and already readable by CentOS. All you need to do is mount it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Version control filessytem using Samba
> -Original Message- > From: Mario Fernandez > Sent: Wednesday, January 31, 2007 2:43 PM > > I'm looking at implementing a version control filesystem and would like > to know if it's possible to implement version control with Samba. > > Thanks > > Mario > As far as I know, the answer is "no." This is what Subversion is for, so there is really no reason for Samba to duplicate that functionality. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Advertising Samba shares on the local network via mDNS
On 31/01/07, Rishi Srivatsavai <[EMAIL PROTECTED]> wrote: Hello All, I would like to add support for advertising Samba shares (browseable ones) on the local network using Multicast DNS. Multicast DNS allows applications to query/publish network services on the local link. I would appreciate if you could all please share your thoughts on whether such support would be welcome in Samba. If you know of existing efforts in Samba to include such support please let me know as well. On Mac OS X, the Samba service is already advertised over mDNS (by launchd). It would be useful to add the list of shares to the advertisement though. -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mac OS X and AD
On 20/01/07, David A. Toth <[EMAIL PROTECTED]> wrote: I have a question about integrating MAc OS X and Windows 2003 AD Domain. Getting the machine to join the doamin is easy. But when I try to map the home drives, I can see them but not access them. There was a note that implied this is due to sending encrypted vs non-encrypted with samba and that Win 2K3 server SP1 broke that. It says to disable kerberos authentication on the Windows side. Is that the case or is there a fix for Samba that re-enables this feature. Sorry I don't have the version of Samba it is using but just wondering if anyone on the list can point me in the right direction. Thanks! The best place to ask this sort of question is the macos-x-server list: http://lists.apple.com/mailman/listinfo/macos-x-server -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.10 - Invalid Value!!!
On 12/01/07, Volker Lendecke <[EMAIL PROTECTED]> wrote: On Thu, Jan 11, 2007 at 03:20:39PM -0800, Niatross wrote: > I have a Macintosh Xserve running OS 10.4.8 and it's running Samba 3.0.10. > Everytime a Windows XP workstation logs off the Macintosh Xserve server, the > following shows up in the log.smbd (located at var/log/samba): > > [2007/01/11 14:24:17, 0] pdb_ods.c:make_a_mod(2045) > make_a_mod: INVALID VALUE!!! pdb_ods.c is not in the original Samba sources, I would expect that this is a modification that Apple has made. You should contact your Apple support for help on this topic. See http://developer.apple.com/bugreporter/ for how to open an Apple bug. They'll probably ask for a packet trace of this. -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] sharing word files
I think the problem is, when Word opens a file, it puts an oplock on it. When word opens the file a second time, it sees that oplock and refuses to open it as anything other than read-only. I'm not sure if this is how it acts on Windows file servers, but I suspect it is. James Dinkel Network Engineer Butler County of Kansas There are 10 types of people in the world: those who understand binary, and those who don't. > -Original Message- > From: [EMAIL PROTECTED] [mailto:samba- > [EMAIL PROTECTED] On Behalf Of Aaron Kincer > Sent: Monday, January 08, 2007 10:33 AM > To: werner maes > Cc: [EMAIL PROTECTED] > Subject: Re: [Samba] sharing word files > > This is standard behavior of Microsoft Word. > > werner maes wrote: > > > > hello > > > > I'm having the following problem: > > > > On a share I have a user with read-only access to word files. Another > > user has read-write access to these files. > > > > When the user with read-only access opens a word file and then the > > user with read-write access to these files opens the file, the > > read-write user has only read-only access. > > > > If the read-write user opens the word file first, then he has > > read-write access. > > > > My question: > > > > Why doesn't a user with read-write access always has these permissions? > > > > werner > > > > > > Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbd keeps maxing out the cpu, must reboot server constantly [SOLVED]
So now, I suppose I should let the list know what I've done to fix this. I found two offending computers, that caused this problem. The first offending computer I found, I just assigned it a static IP and then firewalled it off from the file server. For it's purpose, it's doesn't actually need to access the file server. I then found a second computer that was suspect, and confirmed it was doing the same thing. It didn't have any special software on it, so we just replaced it with a spare and will wipe it's harddrive I set up two test servers: one Debian Sarge using the Backports repo to install Samba, and one Debian Etch with the native Samba. I connected the two bad workstations to these servers and neither exhibited the maxed out proc. Granted I've removed these two bad computers, but I didn't want it to become an issue again in the future. I decided on using Debian Etch since it is within days (maybe) of being released as Stable. I made the switch last night, and so far so good. Luckily I took meticulous notes on my Ubuntu setup so I pretty much did the exact same thing, with ONE difference: I used heimdal Kerberos on Debian instead of the MIT Kerberos I used on Ubuntu, but the setup was the same. James Dinkel Network Engineer Butler County of Kansas There are 10 types of people in the world: those who understand binary, and those who don't. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] lib/util_sock.c:print_socket_options(206)
This is seem unusual to anyone? I have this over and over and over in the smbd.log file: [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 16384 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 16384 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/01/08 09:48:22, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 I'm having a problem with the smbd process maxing out the CPU and don't know if this could be related? James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbd keeps maxing out the cpu, must reboot server constantly
Err, because I had not heard of (or remembered of) strace. I'll check it out. I've also discovered, there is one computer (maybe others, too) that whenever it connects the processor maxes out. I tried it a couple time... rebooting the file server, connect from that computer, and see the proc max-out. Looking specifically at the logs for that computer, may give me some insight, but it will have to wait until probably Monday. James Dinkel Network Engineer Butler County of Kansas There are 10 types of people in the world: those who understand binary, and those who don't. > -Original Message- > From: Andrew Morgan [mailto:[EMAIL PROTECTED] > Sent: Friday, January 05, 2007 2:41 PM > To: James A. Dinkel > Cc: samba@lists.samba.org > Subject: RE: [Samba] smbd keeps maxing out the cpu, must reboot server > constantly > > On Fri, 5 Jan 2007, James A. Dinkel wrote: > > > Yeah, I see the brief spikes when each user connects. Those are > > nothing. This is a dual-Xeon 3.6Ghz server (both assigned to the Ubuntu > > file server vm) with 1GB of RAM assigned to this vm. It's the only vm > > running on this ESX server. > > > > Also top doesn't show a user smbd process maxing out the processor, it's > > the root smbd process. > > Why not run strace against the offending smbd and see what it is doing? > > Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbd keeps maxing out the cpu, must reboot server constantly
Yeah, I see the brief spikes when each user connects. Those are nothing. This is a dual-Xeon 3.6Ghz server (both assigned to the Ubuntu file server vm) with 1GB of RAM assigned to this vm. It's the only vm running on this ESX server. Also top doesn't show a user smbd process maxing out the processor, it's the root smbd process. -Original Message- From: Aaron Kincer Sent: Friday, January 05, 2007 10:00 AM To: James A. Dinkel Cc: samba@lists.samba.org Subject: Re: [Samba] smbd keeps maxing out the cpu, must reboot server constantly I just watched the top for a bit and did some testing and I see brief spikes on my system where each domain user has their own smbd process that grabs resources. This seems to happen when first opening a directory. It would seem that whatever resources Samba needs to complete this operation, my server has better access to or more of so that my server isn't hanging. Have you watched the resources on your domain controllers to see if they are seeing spikes too? James A. Dinkel wrote: > This is running in vmware, and I noticed occasionally wmware reports > that the cpu is being maxed out by a virtual machine. Logging into the > virtual machine and running top confirms that the smbd process is maxing > out the cpu. If I leave it alone for a while, eventually it starts > dropping connections and not letting people into the file server. > Killing the process with kill -9 does no good, it just immediately comes > back with a new pid. Stopping the service also does no good. I have > to reboot the server, and occasionally even during the shutdown it will > hang (I left it for 30 minutes) and I have to kill the power. > > I tried collecting logs from the time the max out started. The computer > will run for a while, sometimes less than an hour, sometimes all day, > just fine, and then in less than a second the cpu goes from around 10% > to 100% and stays there until I reboot. But the default logs tell me > nothing and the level 10 logs are Greek to me. > > James Dinkel > > PS. Earlier this morning I switched to level 10 logs and when the "max > out" happened I checked the time in the VMWare performance graphs. It > looks like it happened around 9:26:40 to 9:27:20. Here are the VERY > LONG grep results for around that time in the logs: > > sudo grep "2007/01/04 09:26" /var/log/samba/* > --- > /var/log/samba/192.168.0.202.log:[2007/01/04 09:26:12, 3] > smbd/sec_ctx.c:set_sec_ctx(241) > /var/log/samba/192.168.0.202.log:[2007/01/04 09:26:12, 5] > auth/auth_util.c:debug_nt_user_token(448) > /var/log/samba/192.168.0.202.log:[2007/01/04 09:26:12, 5] > auth/auth_util.c:debug_unix_user_token(474) > /var/log/samba/192.168.0.202.log:[2007/01/04 09:26:12, 5] > smbd/uid.c:change_to_root_user(275) > /var/log/samba/192.168.0.202.log:[2007/01/04 09:26:12, 10] > smbd/process.c:setup_select_timeout(1284) > /var/log/samba/192.168.0.225.log:[2007/01/04 09:26:42, 3] > smbd/sec_ctx.c:set_sec_ctx(241) > /var/log/samba/192.168.0.225.log:[2007/01/04 09:26:42, 5] > auth/auth_util.c:debug_nt_user_token(448) > /var/log/samba/192.168.0.225.log:[2007/01/04 09:26:42, 5] > auth/auth_util.c:debug_unix_user_token(474) > /var/log/samba/192.168.0.225.log:[2007/01/04 09:26:42, 5] > smbd/uid.c:change_to_root_user(275) > /var/log/samba/192.168.0.225.log:[2007/01/04 09:26:42, 10] > smbd/process.c:setup_select_timeout(1284) > /var/log/samba/192.168.10.166.log:[2007/01/04 09:26:39, 3] > smbd/sec_ctx.c:set_sec_ctx(241) > /var/log/samba/192.168.10.166.log:[2007/01/04 09:26:39, 5] > auth/auth_util.c:debug_nt_user_token(448) > /var/log/samba/192.168.10.166.log:[2007/01/04 09:26:39, 5] > auth/auth_util.c:debug_unix_user_token(474) > /var/log/samba/192.168.10.166.log:[2007/01/04 09:26:39, 5] > smbd/uid.c:change_to_root_user(275) > /var/log/samba/192.168.10.166.log:[2007/01/04 09:26:39, 10] > smbd/process.c:setup_select_timeout(1284) > /var/log/samba/192.168.10.168.log:[2007/01/04 09:26:30, 3] > smbd/sec_ctx.c:set_sec_ctx(241) > /var/log/samba/192.168.10.168.log:[2007/01/04 09:26:30, 5] > auth/auth_util.c:debug_nt_user_token(448) > /var/log/samba/192.168.10.168.log:[2007/01/04 09:26:30, 5] > auth/auth_util.c:debug_unix_user_token(474) > /var/log/samba/192.168.10.168.log:[2007/01/04 09:26:30, 5] > smbd/uid.c:change_to_root_user(275) > /var/log/samba/192.168.10.168.log:[2007/01/04 09:26:30, 10] > smbd/process.c:setup_select_timeout(1284) > /var/log/samba/192.168.10.185.log:[2007/01/04 09:26:57, 3] > smbd/sec_ctx.c:set_sec_ctx(241) > /var/log/samba/192.168.10.185.log:[2007/01/04 09:26:57, 5] > auth/auth_util.c:debug_nt_user_token(448) > /var/log/samba/192.168.10.185.log:[2007/01/04 09:26:57, 5] > auth/auth_ut
[Samba] smbd keeps maxing out the cpu, must reboot server constantly
This is running in vmware, and I noticed occasionally wmware reports that the cpu is being maxed out by a virtual machine. Logging into the virtual machine and running top confirms that the smbd process is maxing out the cpu. If I leave it alone for a while, eventually it starts dropping connections and not letting people into the file server. Killing the process with kill -9 does no good, it just immediately comes back with a new pid. Stopping the service also does no good. I have to reboot the server, and occasionally even during the shutdown it will hang (I left it for 30 minutes) and I have to kill the power. I tried collecting logs from the time the max out started. The computer will run for a while, sometimes less than an hour, sometimes all day, just fine, and then in less than a second the cpu goes from around 10% to 100% and stays there until I reboot. But the default logs tell me nothing and the level 10 logs are Greek to me. James Dinkel PS. Earlier this morning I switched to level 10 logs and when the "max out" happened I checked the time in the VMWare performance graphs. It looks like it happened around 9:26:40 to 9:27:20. Here are the VERY LONG grep results for around that time in the logs: sudo grep "2007/01/04 09:26" /var/log/samba/* --- /var/log/samba/192.168.0.202.log:[2007/01/04 09:26:12, 3] smbd/sec_ctx.c:set_sec_ctx(241) /var/log/samba/192.168.0.202.log:[2007/01/04 09:26:12, 5] auth/auth_util.c:debug_nt_user_token(448) /var/log/samba/192.168.0.202.log:[2007/01/04 09:26:12, 5] auth/auth_util.c:debug_unix_user_token(474) /var/log/samba/192.168.0.202.log:[2007/01/04 09:26:12, 5] smbd/uid.c:change_to_root_user(275) /var/log/samba/192.168.0.202.log:[2007/01/04 09:26:12, 10] smbd/process.c:setup_select_timeout(1284) /var/log/samba/192.168.0.225.log:[2007/01/04 09:26:42, 3] smbd/sec_ctx.c:set_sec_ctx(241) /var/log/samba/192.168.0.225.log:[2007/01/04 09:26:42, 5] auth/auth_util.c:debug_nt_user_token(448) /var/log/samba/192.168.0.225.log:[2007/01/04 09:26:42, 5] auth/auth_util.c:debug_unix_user_token(474) /var/log/samba/192.168.0.225.log:[2007/01/04 09:26:42, 5] smbd/uid.c:change_to_root_user(275) /var/log/samba/192.168.0.225.log:[2007/01/04 09:26:42, 10] smbd/process.c:setup_select_timeout(1284) /var/log/samba/192.168.10.166.log:[2007/01/04 09:26:39, 3] smbd/sec_ctx.c:set_sec_ctx(241) /var/log/samba/192.168.10.166.log:[2007/01/04 09:26:39, 5] auth/auth_util.c:debug_nt_user_token(448) /var/log/samba/192.168.10.166.log:[2007/01/04 09:26:39, 5] auth/auth_util.c:debug_unix_user_token(474) /var/log/samba/192.168.10.166.log:[2007/01/04 09:26:39, 5] smbd/uid.c:change_to_root_user(275) /var/log/samba/192.168.10.166.log:[2007/01/04 09:26:39, 10] smbd/process.c:setup_select_timeout(1284) /var/log/samba/192.168.10.168.log:[2007/01/04 09:26:30, 3] smbd/sec_ctx.c:set_sec_ctx(241) /var/log/samba/192.168.10.168.log:[2007/01/04 09:26:30, 5] auth/auth_util.c:debug_nt_user_token(448) /var/log/samba/192.168.10.168.log:[2007/01/04 09:26:30, 5] auth/auth_util.c:debug_unix_user_token(474) /var/log/samba/192.168.10.168.log:[2007/01/04 09:26:30, 5] smbd/uid.c:change_to_root_user(275) /var/log/samba/192.168.10.168.log:[2007/01/04 09:26:30, 10] smbd/process.c:setup_select_timeout(1284) /var/log/samba/192.168.10.185.log:[2007/01/04 09:26:57, 3] smbd/sec_ctx.c:set_sec_ctx(241) /var/log/samba/192.168.10.185.log:[2007/01/04 09:26:57, 5] auth/auth_util.c:debug_nt_user_token(448) /var/log/samba/192.168.10.185.log:[2007/01/04 09:26:57, 5] auth/auth_util.c:debug_unix_user_token(474) /var/log/samba/192.168.10.185.log:[2007/01/04 09:26:57, 5] smbd/uid.c:change_to_root_user(275) /var/log/samba/192.168.10.185.log:[2007/01/04 09:26:57, 10] smbd/process.c:setup_select_timeout(1284) /var/log/samba/192.168.2.103.log:[2007/01/04 09:26:10, 3] smbd/sec_ctx.c:set_sec_ctx(241) /var/log/samba/192.168.2.103.log:[2007/01/04 09:26:10, 5] auth/auth_util.c:debug_nt_user_token(448) /var/log/samba/192.168.2.103.log:[2007/01/04 09:26:10, 5] auth/auth_util.c:debug_unix_user_token(474) /var/log/samba/192.168.2.103.log:[2007/01/04 09:26:10, 5] smbd/uid.c:change_to_root_user(275) /var/log/samba/192.168.2.103.log:[2007/01/04 09:26:10, 10] smbd/process.c:setup_select_timeout(1284) /var/log/samba/192.168.2.111.log:[2007/01/04 09:26:44, 3] smbd/sec_ctx.c:set_sec_ctx(241) /var/log/samba/192.168.2.111.log:[2007/01/04 09:26:44, 5] auth/auth_util.c:debug_nt_user_token(448) /var/log/samba/192.168.2.111.log:[2007/01/04 09:26:44, 5] auth/auth_util.c:debug_unix_user_token(474) /var/log/samba/192.168.2.111.log:[2007/01/04 09:26:44, 5] smbd/uid.c:change_to_root_user(275) /var/log/samba/192.168.2.111.log:[2007/01/04 09:26:44, 10] smbd/process.c:setup_select_timeout(1284) /var/log/samba/192.168.9.58.log:[2007/01/04 09:26:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) /var/log/samba/192.168.9.58.log:[2007/01/04 09:26:34, 5] auth/auth_util.c:debug_nt_user_token(448) /var/log/samba/192.168.9.58.log:[20
RE: [Samba] Access From another subnet
> -Original Message- > From: Shawn Simmons > Sent: Thursday, January 04, 2007 12:24 PM > > I have several Windows XP workstations that reside in the 192.168.2.x > network that will show the Samba Server in the network neighborhood; > however, I get "access denied" errors trying to access it. > Have you looked in the logs for those computers? You could try grepping them with: grep "192.168.2." /var/log/samba/* and see if there is any helpful information (there usually is). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] importing groups from NT 4 server to Samba 3
Hello, I changed all of the NT user account names to lowercase, however I am unable to change the group accounts to lowercase. The Samba server is running on Suse 10.0. Will the uppercase group names cause any problems during or after the migration to Samba? Thanks in advance. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] users via winbind and using @group in smb.conf
> -Original Message-
> From: Stefan Froehlich
> Sent: Thursday, December 28, 2006 9:43 AM
>
> Hello,
>
> I have two samba servers, A is configured as a PDC, B offers some
> additional shares. B is getting usernames and passwords via winbind
> from a, using the following configuration directives:
>
> | idmap uid = 100-999
> | idmap gid = 100-999
> | winbind enum users = yes
> | winbind enum groups = yes
> | winbind use default domain = yes
>
> This is basically working fine, local ssh login is ok, getent shows
> all remote users and passwords.
>
> Now B needs to define some additional, local groups containing the
> names of remote users. In /etc/group the usernames have been added
> (without the DOMAIN\ prefix, as "use default domain" is set). On the
> command line, this is working as well ("groups" does show the local
> group for the remote users).
>
> But what das NOT work is to assign a samba share on B to this local
> group. I tried
>
> | valid users = @group
>
> as well as
>
> | valid users = @DOMAIN\group
>
> but both ways all I get is NT_STATUS_ACCESS_DENIED.
>
> How do I have to write this in order to get access for remote group
> members in a locally defined group?
>
> Ciao,
> Stefan
>
I don't see anything wrong with the little bit you've posted. You might
post your entire smb.conf.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] can not get preexec option to run a script file
I created a script in a file called HomeScript located at "/etc/samba/Scripts/". Now I want to run this from preexec on the [homes] share. This is all that is in the script right now, minus the dashed lines: -- #!/bin/bash # Creating home directories mkdir --mode=700 /export/homes/%S -- My preexec option looks like this: preexec = /etc/samba/Scripts/HomeScript Now if I put the mkdir command directly in the preexec line, then it works, but I want to add in checking for the existence of the directory and also some other commands and branches. Anybody see what I am doing wrong? James Dinkel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Heimdal or MIT kerberos comparison
> -Original Message- > From: Andrew Bartlett [mailto:[EMAIL PROTECTED] > Sent: Tuesday, December 26, 2006 4:38 PM > > It's a Samba4 thing, because we bundle kerberos in the distribution. > > > > Almost all users will use the system kerberos libraries, whatever they > are. They tend to be difficult to replace. > > Andrew Bartlett The only thing is, I think Ubuntu/Debian and CentOS can use either one, although I think MIT is the "standard" (which is what I used). I edited the wiki page. Anyway, thanks for all the info! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: [opensuse] Open-source leader leaving Novell forGoogle
> -Original Message- > From: Jeremy Allison > Sent: Monday, December 25, 2006 12:03 AM > > It's true I'm leaving Novell, but why do you think this means > I'm not going to be on any Samba lists ? I'm joining Google on > 2nd Jan, and believe me when I tell you they're *very* interested > in me spending all my time on Samba :-) :-). > > As Herb once said to me, "Same job, different office" :-) :-). > > Jeremy. Good luck at Google. I hope they treat you and samba (and therefore, us ;)) good. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Heimdal or MIT kerberos comparison
> -Original Message- > From: Andrew Bartlett > Sent: Saturday, December 23, 2006 3:42 PM > > The biggest thing users will notice is that the error message system > returns contextual errors, with the actual reason for the failure, not > just the translated code. It often includes the vital clues that help > fix up the inevitable kerberos issues. > > I've use Heimdal in Samba4, particularly because of the close working > relationship I have with it's primary maintainer. > > Andrew Bartlett Is this "close working relationship" true of the entire Samba team (or at least of anyone involved in coding anything related to Kerberos)? Samba's "Authentication Developer"'s preference of Heimdal over MIT is good enough for me, but I would like to put some accurate information in the wiki, as it pertains to Samba users. I went ahead and added a blurb to this page: http://wiki.samba.org/index.php/Samba_%26_Kerberos since this is the only feedback I've gotten thus far. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Heimdal or MIT kerberos comparison
What is the difference between Heimdal and MIT as far usability goes? MIT seems to be the default on major linux distrobutions, but I here a lot about people preferring Heimdal, but I can't find any reasons why. Is one generally more stable/faster/reliable than the other? There is already a blank wiki page at http://wiki.samba.org/index.php/Samba_%26_Kerberos so if anyone has any good information, I'll put it there. James Dinkel Network Engineer Butler County of Kansas There are 10 types of people in the world: those who understand binary, and those who don't. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP Clients kicked off Tiger Server - not consistent
On 20/12/06, Paul McGrath <[EMAIL PROTECTED]> wrote: Hi, I am running a Panther Server as a domain controller with a Mac Tiger Server (all latest patches) as the location of home folders and group shares. I have one group of users who keep losing connection to the server (both home and group folders). The can only reconnect to the server if they logoff the XP client and login again. I have loads of other XP users and Mac clients who do not have this problem. They are all using XPSP2. I've tried loads of server settings and some XP registry settings but it still happens. Some of these PCs where ghosted and I didn't change the SID so I am going to try that next. Any other You might have better luck asking the OS X server folk over at http://lists.apple.com/mailman/listinfo/macos-x-server -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compilation error on Mac OS X 10.4.7
On 13/12/06, Olivier Meyer <[EMAIL PROTECTED]> wrote: Dear List: I am having difficulties compiling samba-3.0.23d on mac os x. Here is the output of 'uname -a': Darwin TI-15 8.7.0 Darwin Kernel Version 8.7.0: Fri May 26 15:20:53 PDT 2006; root:xnu-792.6.76.obj~1/RELEASE_PPC Power Macintosh powerpc The errors I get are: Compiling lib/system.c lib/system.c: In function 'sys_getxattr': lib/system.c:1420: error: too few arguments to function 'getxattr' lib/system.c: In function 'sys_fgetxattr': lib/system.c:1504: error: too few arguments to function 'fgetxattr' lib/system.c: In function 'sys_listxattr': lib/system.c:1705: error: too few arguments to function 'listxattr' lib/system.c: In function 'sys_flistxattr': lib/system.c:1741: error: too few arguments to function 'flistxattr' lib/system.c: In function 'sys_removexattr': lib/system.c:1759: error: too few arguments to function 'removexattr' lib/system.c: In function 'sys_fremovexattr': lib/system.c:1811: error: too few arguments to function 'fremovexattr' lib/system.c: In function 'sys_setxattr': lib/system.c:1842: error: too few arguments to function 'setxattr' lib/system.c: In function 'sys_fsetxattr': lib/system.c:1939: error: too few arguments to function 'fsetxattr' Since I am a C programmer, I looked at the prototype for getxattr. It is ssize_t getxattr(const char *path, const char *name, void *value, size_t size, u_int32_t position, int options); and in the lib/system.c, it is called as: return getxattr(path, name, value, size); I think that position and options can safely be set to zero, but could someone tell me if configure can be told to detect the prototype for getxattr, and add 0,0 to the argument list. This is fixed in the svn repository. To download and build this, see http://us2.samba.org/samba/devel/ -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Shares mount on linux but not windows?
Do you get results from "getent passwd" and "getent group" that include domain users? You valid users directive should be in the form: @"DOMAIN+group name", such as @"DOMAIN+domain users" and the part between the quotes should be EXACLTY as the group appears with "getent group", same case and everything. James Dinkel Network Engineer Butler County of Kansas There are 10 types of people in the world: those who understand binary, and those who don't. > -Original Message- > From: Brian Atkins > Sent: Tuesday, December 12, 2006 2:56 PM > > I'm not sure if this thread is making it on the list as I'm the only one > responding, but, here goes... > > The more I look, the more the problem appears to be UID range conflicts. > Some background: this machine was originally built with Samba 2.x, but > was upgraded a while back to 3.x (now 3.0.23d). I think I might be using > some deprecated configuration parameters. In smb.conf file I have: > > winbind uid = 1-2 > winbind gid = 1-2 > > Which, unfortunately seems to fall within the same range as the UID > range that portage (the gentoo package manager) uses to build > application user accounts (e.g., apache, stunnel, etc). I have attempted > to alter the range: > > winbind uid = 15000-2 > winbind gid = 15000-2 > > But it causes major issues, like, not being able to log in using a > domain account. I'm not sure how to fix this. > > I also found a thread in the gentoo wiki that states that winbind [ug]id > is deprecated and idmap [ug]id should be used instead. I also have > noticed a lot of information regarding Samba 3.x and LDAP, but very > little regarding Samba 3.x and winbind. Is winbind still recommended for > and AD domain (w2k)? > > Brian Atkins wrote: > > I think I cleared up the username mismatch with a simple reboot of my > > workstation. No clue why it was happening... > > > > However, I am unable to connect to shares from a windows machine using a > > username only. If I enter a groupname, it works: > > > > valid users = batkins(FAILS) > > > > valid users = @DOMAIN+"My Group" (SUCCEEDS) > > > > I have compared this machine's config file to another machine with > > working samba shares. The config files are nearly identical, save the > > server string and netbios name. > > > > Brian Atkins wrote: > >> OK, here's a strange twist: > >> > >> [2006/12/08 17:45:17, 2] smbd/service.c:make_connection_snum(580) > >> user 'ubackup' (from session setup) not permitted to access this > >> share (batkins) > >> [2006/12/08 17:45:17, 3] smbd/error.c:error_packet(146) > >> error packet at smbd/reply.c(676) cmd=117 (SMBtconX) > >> NT_STATUS_ACCESS_DENIED > >> > >> I'm logged in under my own user account (batkins), but it is trying to > >> authenticate me using the user account ubackup, both of which are AD > >> accounts. > >> > >> Brian > >> "An adventure is never an adventure > >> when it's happening. Challenging > >> experiences need time to ferment, > >> and an adventure is simply physical > >> and emotional discomfort recollected > >> in tranquility." -- Tim Cahill > >> > >> Brian Atkins wrote: > >>> Curious. I have a gentoo server running 3.0.23d that simply serves > >>> out shares. It is a domain member, but not a pdc. From another linux > >>> server, I can mount up shares without a hitch. But from a windows > >>> box, I keep getting prompted for credentials. > >>> > >>> I am not seeing anything substantial in the logs. > >>> > >>> SMB.CONF > >>> > >>> [global] > >>> workgroup = UNICITY > >>> realm = MYREALM.MYDOMAIN.COM > >>> netbios name = SERVER > >>> server string = SERVER > >>> interfaces = 192.168.56.26 127. > >>> bind interfaces only = yes > >>> security = ADS > >>> log file = /var/log/samba/log.%m > >>> max log size = 8164 > >>> name resolve order = hosts wins bcast > >>> socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 > >>> os level = 5 > >>> preferred master = no > >>> local master = no > >>> domain master = no > >>>
[Samba] Two domain groups with the same gid?
Here is the result from getent: [EMAIL PROTECTED]:~$ getent group | grep 10208 DOMAIN\group1:x:10208: BUILTIN\administrators:x:10208:DOMAIN\user1,DOMAIN\user2,DOMAIN\user3,DO MAIN\user4 What is up with that? Is there some way I can manually change the gid of one of these? The group1 is a new group that I just set up btw. James Dinkel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authenticating to a MacOS X server
On 12/12/06, Luke Sharkey <[EMAIL PROTECTED]> wrote: Hello I am currently testing Fedora Core 6 i386 on a moderately sized network (with the permission of the system administrator), with 150 or so computers, some running Mac OSX and others running NT 4.0. As to the storage of personal files and authentication, there is both a NT 4.0 server (for the NT 4.0 machines to authenticate to) and a Mac OSX server (for the Mac OS X machines to authenticate to). Having *never really done all that much networking before*, I am having problems detecting the Apple Mac servers. I am able to use konqueror to access smb:/ and browse the Windows server quite easily (even though I have not yet set up smb.conf; why is this, by the way?), and authenticating to the NT4.0 server, using the Samba-howto and winbind, would not prove too difficult, I think. However, the NT 4.0 server is due to be replaced some time this year, and so I would like to be able to authenticate to the OSX server instead. Nonetheless, though documentation for authenticating to Windows servers on the internet is excellent (samba howto, etc.) I can find very little about connecting to OSX networks. Can anyone tell me where I can find some documentation, etc., or give me a head start? At the moment, as I've already said, I don't even know how to detect the OS X server (it may be password protected, by the way). The OS X Server manuals are all online here: http://www.apple.com/support/manuals/macosxserver/ You probably should take a look at the Open Directory manual and the User Management manual at least. Secondly, seeing as OS X is unix and is distantly related to Linux, (I know this is a strange question to ask on a Samba mailing list) but is there anyway I could authenticate to the Apple server without using Samba? Yes. OS X Server supports lots of different authentication methods. See mnuals above. I would like to be able to have the /home partitions on the server, and I know Samba has problems with this due to the sockets that KDE / etc. uses Another good resource is the os-x-server mailing list: http://lists.apple.com/mailman/listinfo/macos-x-server -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] AD integration checklist
> -Original Message- > From: simo > Sent: Friday, December 08, 2006 7:58 PM > > On Fri, 2006-12-08 at 17:35 -0600, Don Meyer wrote: > > Interestingly, I've never modified my /etc/pam.d/samba -- mainly > > because I make the modifications in /etc/pam.d/system-auth, so the > > AD-based auth can take effect for all services. > > Sorry I didn't realize this was about the samba pam conf file > specifically, I'd say that for samba pam_winbindd is completely > unnecessary, system-auth is the right place for general authentication. > > Simo. I don't want all authentication to be able to use winbind, just Samba. That is why I put it in /etc/pam.d/samba instead of /etc/pam.d/system-auth (which is refered to by /etc/pam.d/samba). But if I am understanding you, in order for the Samba file server to authenticate via winbind, I do NOT need pam_winbind in either /etc/pam.d/samba nor /etc/pam.d/system-auth? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Enum groups of a user Samba 3.0.23
> -Original Message- > From: Henrik Zagerholm > Sent: Friday, December 08, 2006 7:32 AM > > Hello list, > > I wonder if I can somehow enumerate all local groups a user is member > of? > > Regards, > Henrik I don't get what you mean. You should be able to list all groups with members with: getent group If you want to filter out groups for just one user you can do this: getent group | grep username But it will still list all the users that are also members of the same group. If you are using winbind, you can also try this: Wbinfo -r username Which will return just the gids of all the domain groups a user is a member of, but I don't know if it returns local groups or not. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] AD integration checklist
> -Original Message- > From: Don Meyer > Sent: Friday, December 08, 2006 2:12 PM > > > Don't forget the necessary modifications to nsswitch.conf: > > passwd: files winbind > shadow: files winbind > group: files winbind > > > Cheers, > -Don That's right. Although, I do not have winbind after the shadow directive, and I've never seen any documentation saying you need it, just after passwd and group. Also, I believe this is also required in /etc/pam.d/samba: auth required pam_winbind.so account required pam_winbind.so but I've never tried it without this. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Does Samba/Winbind not follow nested groups in AD?!?
Updating to 3.0.23c fixed it!! I didn't even change my config. I just uninstalled the Ubuntu packages with "apt-get remove samba-common samba winbind", added Samba.com's Debian Sarge repository and did "apt-get update && apt-get install samba samba-common winbind" and it installed the newer packages from the Sarge repo. This fixed my nested domain groups problem, hopefully it didn't introduce any new ones. I've only done this on my test server. After a little more QA I'll do this on my semi-production server. James Dinkel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] AD integration checklist
> -Original Message- > From: Simon Renshaw > Sent: Friday, December 08, 2006 10:13 AM > > Hi, > > I compiled Samba 3.0.23d on a CentOS 4.4 machine. Then I configured > /etc/krb5.conf for my domain. Was able to successfully run kinit and > join my Windows 2003 domain with a net ads join. Net ads user and net > ads group returns the users and the groups of the domain. > > So far so good. > > I'm kinda stuck on the next step. I would like to grant access to the > share defined in smb.conf to anybody in the domain. How do I make it > authenticate users on the domain instead of using the server? > > Content of smb.conf: > > [global] > workgroup = BENCHCAN > server string = Virtual Linux > wins server = 192.168.64.20 > netbios name = BACKUP > realm = BENCHMARKCANADA.COM > password server = castor-srvr1.benchmarkcanada.com > security = ADS > > [share] > path = / > guest ok = no > read only = no > > Thanks! > Simon You need this in your global section: idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes encrypt passwords = yes And this in your share section: valid users = @"BENCHCAN\domain users" Although this will give all your users access to / which doesn't seem like a good idea, but I assume this is just for testing. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Does Samba/Winbind not follow nested groups in AD?!?
Just a little update. I've found out about the 'id' command and the 'wbinfo -r' command. Both of those commands do NOT return any domain groups that are parents over domain groups for the user. I don't know if this gives any ideas or means anything to anybody. James Dinkel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] libdm.so.0 needed by smbd
On 07/12/06, Latrell Wang 王獻綱 <[EMAIL PROTECTED]> wrote: Hi all: I upgraded samba to 3.0.23d, and the compilation was successfully. However, when I want to start samba, it shows it can't find libdm.so.6. Is it related to openldap? No, it's for DMAPI, which is used to determine when files are offline (ie, the file data is stored on a tape somewhere, not on the local disk). How can I get the library? That depends on your platform. Since your Samba depends on libdm, then I assume that libdm is available for your platform. You'll need to figure out which package it is in and install that. -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Does Samba/Winbind not follow nested groups in AD?!?
Well, I think I'm giving up. I've tried following that guide. I've tried replacing my smb.conf to look just like yours. I've tried a bunch of other things that I though might do something. For the life of me, I can not get nested groups to work on this server. James Dinkel > -Original Message- > From: Aaron Kincer > > James, > > You are correct--I don't have windbind nested groups = yes set in my > smb.conf. Yes, default 3.0.22. I followed the Ubuntu configuration > instructions to the letter found in the Ubuntu forums that I've posted > before with only the changes you've seen in my smb.conf. Here is the > link to the forum post: > > http://ubuntuforums.org/archive/index.php/t-91510.html > > If you have a machine you can throw together as a test machine, fire it > up as a stock install and follow these instructions to the letter (if > you didn't on your production box) and see if you have any success. > > Here's where the rubber meets the road. If your test machine correctly > nests permissions, then there is something wrong with your production > config. If it doesn't, then you have something going on in Active > Directory. > > One more thing--I'm using POSIX ACLs for permissions. Are you? > > James A. Dinkel wrote: > >> -Original Message- > >> From: Matt Skerritt > >> > >> There is an option in smb.conf called "winbind nested groups" ... and > >> the help text from swat says: > >> > >> "winbind nested groups (G) > >> > >> If set to yes, this parameter activates the support for nested > >> groups. Nested groups are also called local groups or aliases. They > >> work like their counterparts in Windows: Nested groups are defined > >> locally on any machine (they are shared between DC's through their > >> SAM) and can contain users and global groups from any trusted SAM. To > >> be able to use nested groups, you need to run nss_winbind. > >> > >> Please note that per 3.0.3 this is a new feature, so handle with > >> care. > >> > >> Default: winbind nested groups = no" > >> > >> So I'm guessing that you want to set winbind nested groups = yes in > >> your smb.conf. > >> > >> -- > >> Matt Skerritt > >> [EMAIL PROTECTED] > >> > > > > I've put the "winbind nested groups = yes" in the global section of my > > samba.conf. (Sorry, I did go over the swat help text, I must have > > missed this). I went ahead and rebooted the server and tried it again, > > but it's still a no-go. > > > > Aaron, in the smb.conf you showed me, you did not have "winbind nested > > groups = yes" ?!? I don't remember if you've told me, but are you using > > the default Samba 3.0.22 that comes with Ubuntu 6.06? > > > > Could there be something wrong with my Winbind setup? Something that > > has to do with nss_winbind maybe? Is there any way I can test this from > > the Samba server, using wbinfo maybe? > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] what OS do you use for Samba?
> -Original Message- > From: Chris Smith > Sent: Wednesday, December 06, 2006 12:06 PM > > Ubuntu (Edgy Eft) seems to be stuck at 3.0.22. Which is one of the reasons > I > elected not to move to Ubuntu servers - when I first examined the > possibility > they were stuck on 3.0.14 for the longest time. Also CUPS, the other major > component I need for supporting Windows clients, on Ubuntu is stuck at > 1.2.4, > whereas I run 1.2.7 on Gentoo. > > Do the Sarge releases from the Samba team work properly with this (or any) > version of Ubuntu? > > Chris Ubuntu, and Debian, will always be "stuck" at the version included at the time of release. This is by design, so "breakage" is not introduced, but it does still get security and bug fixes. Just FYI. I'm having a problem with "nested groups" (you may have noticed on this mailing list) and I'm also wondering if updating to the latest Samba and Winbind would take care of my issue. Backporting from a newer distro such as Feisty for Ubuntu, or Etch for Debian, would be one way to manually get the newer packages. I believe there is a tool to make backporting easy on Ubuntu, I'm not sure I would trust this approach though. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Does Samba/Winbind not follow nested groups in AD?!?
> > http://ubuntuforums.org/archive/index.php/t-91510.html > That guide also does not say anything about adding acl and user_xattr to the mount options of the partition containing the share. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Does Samba/Winbind not follow nested groups in AD?!?
> -Original Message- > From: Aaron Kincer > > James, > > You are correct--I don't have windbind nested groups = yes set in my > smb.conf. Yes, default 3.0.22. I followed the Ubuntu configuration > instructions to the letter found in the Ubuntu forums that I've posted > before with only the changes you've seen in my smb.conf. Here is the > link to the forum post: > > http://ubuntuforums.org/archive/index.php/t-91510.html > > If you have a machine you can throw together as a test machine, fire it > up as a stock install and follow these instructions to the letter (if > you didn't on your production box) and see if you have any success. > > Here's where the rubber meets the road. If your test machine correctly > nests permissions, then there is something wrong with your production > config. If it doesn't, then you have something going on in Active > Directory. > > One more thing--I'm using POSIX ACLs for permissions. Are you? > Yeah, I'm using POSIX ACLs. I did not follow that Ubuntu guide; I used some generic instructions from a couple different places. The biggest difference I see at first glance is the krb5.conf (mine is blank, it gets domain info from DNS) and a lot of the PAM configuration. I'll try another machine with that Ubuntu guide and see what happens. James Dinkel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Does Samba/Winbind not follow nested groups in AD?!?
> -Original Message- > From: Matt Skerritt > > There is an option in smb.conf called "winbind nested groups" ... and > the help text from swat says: > > "winbind nested groups (G) > > If set to yes, this parameter activates the support for nested > groups. Nested groups are also called local groups or aliases. They > work like their counterparts in Windows: Nested groups are defined > locally on any machine (they are shared between DC's through their > SAM) and can contain users and global groups from any trusted SAM. To > be able to use nested groups, you need to run nss_winbind. > > Please note that per 3.0.3 this is a new feature, so handle with > care. > > Default: winbind nested groups = no" > > So I'm guessing that you want to set winbind nested groups = yes in > your smb.conf. > > -- > Matt Skerritt > [EMAIL PROTECTED] I've put the "winbind nested groups = yes" in the global section of my samba.conf. (Sorry, I did go over the swat help text, I must have missed this). I went ahead and rebooted the server and tried it again, but it's still a no-go. Aaron, in the smb.conf you showed me, you did not have "winbind nested groups = yes" ?!? I don't remember if you've told me, but are you using the default Samba 3.0.22 that comes with Ubuntu 6.06? Could there be something wrong with my Winbind setup? Something that has to do with nss_winbind maybe? Is there any way I can test this from the Samba server, using wbinfo maybe? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Does Samba/Winbind not follow nested groups in AD?!?
Here's the situation: We have users who are members of groups and those groups are sometimes members of a 2nd level of groups. If a folder has permissions assigned to a 2nd level group, then the user can not access the share. Doing a "getent group | grep user | grep 2nd_level_group" also returns nothing. Samba seems to not be recognizing that a user is a member of a group under another group. Is there any way to enable Samba, or Winbind, to follow down the group hierarchy? James Dinkel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] authenticating NT users with space in username?
Are you sure you are not looking at the user's full name? I'm pretty sure Windows does not allow usernames with spaces. James Dinkel -Original Message- From: poisonpill I know it's ridiculous, but I have a userbase where every username has a space in it. IE: "temp user". Is it possible to use samba to authenticate these users? So far I have been able to accept usernames without spaces flawlessly, but not the ones with spaces. Any help would be appreciated, thanks! -- View this message in context: http://www.nabble.com/authenticating-NT-users-with-space-in-username--tf 2756812.html#a7687140 Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Fwd: Re: [Samba] Migrating to samba from windows NT domain]
Yes, this would be possible; 1. Vampire your accounts on to a new Samba DC 2. Disconnect it from network 3. Denote your NT Dc's 4. Rejoin them to the Samba Domain NOTE: As the other person said, while possible, this would be a bitch of a job. You said you need to maintain your NT server anyway, why not just put the files and printers and what not on samba and leave the user accounts to NT for the time being. Hell you could even throw your NT hosts inside a virtualisation product to throw in some redundance / fault tolerance. Short answer be prepared for a lot of planning, testing, backing up, recovering before you attempt this. Otherwise rethink your mode of attack. Cheers, On 11/30/06, James Watkins < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > wrote: On Saturday 25 November 2006 10:18, Pere Rodr�guez wrote: > Unfortunately I have running various services in PDC and BDC servers > that I must remain after the migrations, so I can't stop PDC and BDC > servers permanently after the migration to Samba. > Can I deactivate PDC and BDC services in Windows NT servers? According to this document: http://www.microsoft.com/technet/archive/winntas/proddocs/concept/xcp01. mspx?mfr=true <http://www.microsoft.com/technet/archive/winntas/proddocs/concept/xcp01 .mspx?mfr=true> (scroll down to the section "Removing a Computer from a Domain") it is not possible to remove a BDC from a domain without reinstalling the OS. However, there are commercial products which claim to be able to 'demote' a BDC to a standalone server, allowing the administrator to rejoin it to the same, or presumably another domain as a member server. Note: I have never used any of these products and cannot comment on how well they work, if at all. I think you may have a lot of work on your hands here since samba is not able to join a domain as a BDC when the PDC is on NT so it's not a simple demote-promote exercise. You may need to create a whole new samba-based domain. I'm not an expert at this so I can't offer you much practical advice but if you decide to go ahead with it, I wish you the very best of luck. Cheers, James. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba <https://lists.samba.org/mailman/listinfo/samba> -- IK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Strange behaviour with shares
That snippet of code doesn't tell much. And the file should be smb.conf, not samba.conf. Could you post the entire contents of the file smb.conf located at /etc/samba? If what you say is accurate, then my guess is there is a section called [share installs] in the smb.conf. James Dinkel -Original Message- From: sp4mmed Hotmail I have recently discovered a rather strange happening with regards to shares on one of our servers. A user wanted to access a folder on our public directory and typed in the following in their explorer: "\\server\share installs" What happened then is the strange part: they came face-to-face with the root folder of the server! I'm not an expert and the shares were set up by a techie who has since left the company, so I couldn't ask him what he had done. Here is a snippet of the samba.conf file that pertains to the above share: [server] path = /shares/share read only = No create mask = 0777 force create mode = 0777 directory mask = 0777 force directory mode = 0777 guest only = Yes guest ok = Yes As I said, I am not an expert, but the create mask, directory mode, etc seem a little strange to me. Our samba server version is 3.0.23a-1 If anyone has any suggestions or needs any further information with regards to this, please let me know. I would hate to think that I have a broken server implementation here. (Although I wouldn't be too surprised!) Many thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating to samba from windows NT domain
On Saturday 25 November 2006 10:18, Pere Rodríguez wrote: > Unfortunately I have running various services in PDC and BDC servers > that I must remain after the migrations, so I can't stop PDC and BDC > servers permanently after the migration to Samba. > > Can I deactivate PDC and BDC services in Windows NT servers? According to this document: http://www.microsoft.com/technet/archive/winntas/proddocs/concept/xcp01.mspx?mfr=true (scroll down to the section "Removing a Computer from a Domain") it is not possible to remove a BDC from a domain without reinstalling the OS. However, there are commercial products which claim to be able to 'demote' a BDC to a standalone server, allowing the administrator to rejoin it to the same, or presumably another domain as a member server. Note: I have never used any of these products and cannot comment on how well they work, if at all. I think you may have a lot of work on your hands here since samba is not able to join a domain as a BDC when the PDC is on NT so it's not a simple demote-promote exercise. You may need to create a whole new samba-based domain. I'm not an expert at this so I can't offer you much practical advice but if you decide to go ahead with it, I wish you the very best of luck. Cheers, James. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Access to home drive
Does the /home/%U folder exist, and does the user have rwx access to it? I found that just having the /home folder exist is not enough. Since users' home folders do not get created when authenticating to an NT domain, you have to create them somehow. I did this by putting "preexec = mkdir --mode=700 /export/homes/%S" under my [homes] share. I also put "path = /home/%S" as suggested in the Samba howto to use %S instead of %U, though I don't know why. James Dinkel -Original Message- From: Chandra Sornam Hi Samba Experts I raised this problem where its still waiting to be resolved. Would be greatly appreciated if I can get some feedback. I did get a bit of help but looked like it ended on the person's too hard basket. Thanks Chandra Have installed Samba 3 on a Linux box with Centos OS to be a file server. Getting its authentication from a NT4 PDC. Have created samba shares and members of the NT4 PDC group can successfully access the group. The only problem is users cannot authenticate their home share onmor the Linux server. A webinfo -r of the domain user gives the uid of the group the user is a member of. The user can access the share successfully as well. Have gone through the smb.conf and other config files, and done extensive search on the net to figure out the problem but have hit a blank wall. There are no noticeable errors in the log files that I can see either. Samba Config file as below [global] workgroup = domain netbios aliases = test server string = test File Server security = DOMAIN password server = scnz-nt02 scnz-nt01 client lanman auth = No client plaintext auth = No log file = /var/log/samba/%m.log max log size = 50 smb ports = 139 445 enable privileges = yes name resolve order = wins host lmhosts bcast server signing = auto socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = No local master = No domain master = No dns proxy = No wins server = 172.16.21.10 172.16.10.10 ldap ssl = no default service = files idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 winbind enum users = yes winbind enum groups = yes template shell = /bin/bash admin users = chansorn, nathmawk cups options = raw winbind use default domain = no [homes] comment = Home Directories path = /home/%U valid users = %S read only = No browseable = No writeable = yes create mode = 0775 [AESData] comment = AESData path = /data/AESData read only = no force directory mode = 0770 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Very slow changing permissions from Windows client
How do I get this "network trace" that Jeremy is asking about? James Dinkel -Original Message- From: Jeremy Allison On Fri, Nov 17, 2006 at 07:50:08AM -0600, James A. Dinkel wrote: > Our samba server authenticates to Windows 2000 Active Directory and I have ea support enabled on the share and on the file system. The OS is Debian Stable, fully updated and using Samba 3.0.23c from Backports. > > Now copying and accessing files is plenty fast, but when setting up permissions on directories that contain 100 GB or so of files and subdirectories takes like 60 minutes from the time I hit Ok to the time the permission are applied and the box goes away. This is being set from a Windows client by the way (not using setfacl on the linux box or anything). > > Any idea why this could be so slow? Setting permissions on the same directories on the old Windows file server would take maybe a minute. > > This is my first time posting on any mailing list, so just let me know if I do something stupid :) I think this is the Windows client code recursively setting ACL's in everything under the directory you're changing. I'd be interested in a network trace showing the difference between doing this against a Windows server vs a Samba server. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Shadow Copy Client blank, with error in logs
Ok, I figured this out, too. I expected that THIS was a permissions issue. I add o+x permission to the folder containing the snapshots and all is well. I still wish though, that there was a better way to taking care of the nested drive mappings than having to create a symlink for every drive mapping... :( James Dinkel -Original Message- From: James A. Dinkel Well, it looks like this only fixed it for admin users. The Previous Versions is still showing up blank for regular valid users. I'll look more into it, and try to get a debug 10 log tomorrow. James Dinkel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Shadow Copy Client blank, with error in logs
Well, it looks like this only fixed it for admin users. The Previous Versions is still showing up blank for regular valid users. I'll look more into it, and try to get a debug 10 log tomorrow. James Dinkel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Shadow Copy Client blank, with error in logs
Is this a bug?!
Ok, upon further investigation, I've discovered that the Previous
Versions does not work when access the share through a "nested" drive
mapping. By "nested" I mean we have the H: drive in Windows mapped to
\\SambaServer\share\DepartmentFolder. If I create a drive mapping, say
X: drive to \\SambaServer\share, then the Previous Version show up when
going through the X: drive (or the UNC path) but NOT when going through
the H: drive.
However, I have found a fix for this (I'll get to it in a little bit),
but it's sloppy. This is a big problem for us, because all our users
have the H: drive mapped to a folder below the share based on what
department they are in.
So the fix is: I created a symlink under the nested folder
("DepartmentFolder" in this case) that pointed to the same folder in the
snapshot. I gave the symlink the "@GMT-" name that the shadow_copy
module requires, and of course created script that destroys and creates
this link along with the snapshots.
I don't know if this is an issue with the Previous Versions client, but
I would think the shadow_copy module could be patched so that it knows
to look back at the root of the file share for the snapshot.
James Dinkel
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] suggestion: hide Unix UGO permissions when mode is 0
I had been thinking this would be a good idea, but figured if it could be easily done, then it would be done already. Then I came across this article: http://www.suse.de/~agruen/acl/linux-acls/online/ which has this to say: --- The mapping between POSIX and Windows ACLs described here is found in this form in the SuSE and the UnitedLinux products, while the official version of Samba has not yet integrated all the improvements recently made: [snip] * Minimal POSIX ACLs consist of three ACL entries defining the permissions for the owner, owning group, and others. These entries are required. Windows ACLs may contain any number of entries including zero. If one of the POSIX ACL entries contains no permissions and omitting the entry does not result in a loss of information, the entry is hidden from Windows clients. If a Windows client sets an ACL in which required entries are missing, the permissions of that entry are cleared in the corresponding POSIX ACL. -- So if it has already been done in Suse, why hasn't this been implemented upstream? This article is 3 years old and this seems like a good idea to me. James Dinkel Network Engineer Butler County of Kansas There are 10 types of people in the world: those who understand binary, and those who don't. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] what OS do you use for Samba?
Oh I wish I would have known that. I've already got the Ubuntu server set up and moved one department over to it. I'm planning on upgrading to Etch when it comes out anyway, so I think I'll stick to that plan and use this repo at that point. James Dinkel -Original Message----- From: James Zuelow [mailto:[EMAIL PROTECTED] Oh, I've been busy and don't usually get into the OS discussions. But you don't have to use backports for Samba on Debian Sarge. I'm not sure why anyone would even do that, since the Samba team maintain their own Sarge apt repository. If you still have a Sarge box to test, add this to your /etc/apt/sources.list deb http://us5.samba.org/samba/ftp/Binary_Packages/Debian sarge samba And you'll track the latest stable release. I have a production Debian Sarge server that does just this. Just don't do it with Etch, since in a few days time you'll get the same package from Debian that you got from Samba, except that the Debian packages have a few files moved from samba to samba-common. That confuses apt. So with Etch I'd recommend staying plain vanilla Debian in sources.list until it goes stable and the version number freezes. Then you can move to using the Samba team repository. Ubuntu is cool too, especially the LTS version -- you probably won't go wrong either way. James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Shadow Copy Client blank, with error in logs
One computer will show the previous versions of files just fine, but every other computer I've installed the Microsoft Shadow Copy Client on will not show any previous versions. The Previous Versions tab is just blank. In the samba log, I get this: [2006/11/28 12:02:02, 0] modules/vfs_shadow_copy.c:shadow_copy_opendir(81) shadow_copy_opendir: SMB_VFS_NEXT_OPENDIR() failed for [Folder/file.txt] This is logging in as the same user on each machine. James Dinkel Network Engineer Butler County of Kansas There are 10 types of people in the world: those who understand binary, and those who don't. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] what OS do you use for Samba?
At this point, I've decided to go with Ubuntu Server 6.06. I had tried out Debian, but the packages are so old and I wasn't sure about messing with the backports repository. The partition containing the file share is on a SAN, so if for some reason I don't like Ubuntu, I can just set up a Debian server (probably after Etch comes out) and attach the SAN lun to the new server. Thanks for all your input. I just wanted to be sure I didn't put something in place that turned out to have some funky distro-specifi weirdness that caused problems. It sounds, though, like at least a few people are using Ubuntu without any hassles. James Dinkel Network Engineer Butler County of Kansas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] need unix to windows solution
I've tried setting up Windows Services for Unix and it is a pain in the rump, and I am a MUCH more experienced Windows admin than a linux admin. Setting up Samba and creating a mount to a Windows share was MUCH easier. Anyway, on linux I know you use the smbmount command or use "mount -t smbfs" but I would expect this to be different on Solaris. James Dinkel Network Engineer Butler County of Kansas There are 10 types of people in the world: those who understand binary, and those who don't. -Original Message- From: Robert Mortimer > Hello, I am looking for a solution that will allow me to create a mount > point on solaris to a directory(ies) on a Windows 2000 SP3 server. Can > someone tell me how to do this using Samba? Did you try reading the docs? Depending on what you want you can also use windows services for Unix to mount an nfs service or SCP for a copy now and again. > > This is an urgent need. > Thanks for your help. > Jim Russell > Oracle DBA > 919-483-8794 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Permissions on Domain Admin created files
If you are using Samba version 3.0.20 or later, you can set the "inherit owner = yes" on the share. James Dinkel -Original Message- From: Julian Pilfold-Bagwell I have a PDC that serves 800 users all of whom have their own home directory. From time to time, members of the Domain Admins group scan pages for the users and save them into the users home directories but the permissions for the file are created with the admin as owner. Is there any way of forcing ownership of a file or directory to the owner of the home folder rather than the admin who created the file. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] script for VFS module shadow_copy
Here's my script for rotating shadow copy snapshots. Just submitting it for other's benefit. I use the admsnap command because this is attached to am EMC Clarion CX300 and I wanted to use the snapshot abilities on the CX300 instead of lvm snapshots, but it can probably be easily adapted to use the lvm snapshot commands instead. A little info on the script: In order to do addition snapshots, I copy this file and change the Snap#, Session#, and /dev/sdX. The first time the script is run, it will give some errors about destroying the old stuff, but it still creates the new stuff fine and subsequent runs go without errors. Also be sure you've created the mount folder beforehand. I had to use symlinks because the share is not the root of the volume. I didn't want to use the root of the volume because I have multiple shares that I want stored on this volume (/export is the root of this volume, by the way). To keep track of what symlink needs to be destroyed, a variable is written to a file and then read from the file next time as the old name. - #!/bin/bash # Creating Shadow Copies # remove the old shadow copy umount -f /dev/sdc1 /usr/admsnap/admsnap deactivate -s Session1 /usr/admsnap/admsnap stop -s Session1 -o /dev/sdb # remove the old symlink read OLDSHADOW /etc/samba/SnapScripts/.Session1Name --- Some improvements that could be made: I should use variables for the Snap and Session number and for the /dev name. I could then define the variables at the beginning which would make this easy to duplicate, or have the variables passed to the script at the commandline (don't especially like this though, since I'm limited to only 8 snapshots on a CX300 anyway). Putting in these variables would be easy, I just haven't done it and tested it yet. I would also like to put the $SHADOWNAME into the mount location, so IF an old symlink gets left behind, it won't point to a valid mount point (there-by reporting a previous version to the client with a wrong date). Putting this in the script would be easy, but I have entries in fstab to mount the snapshots on boot (in the unlikely event it is ever rebooted). One solution to this would probably be to use awk and sed (no idea how to use these) to dynamically add and remove the fstab entries. James Dinkel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Very slow changing permissions from Windows client
Our samba server authenticates to Windows 2000 Active Directory and I have ea support enabled on the share and on the file system. The OS is Debian Stable, fully updated and using Samba 3.0.23c from Backports. Now copying and accessing files is plenty fast, but when setting up permissions on directories that contain 100 GB or so of files and subdirectories takes like 60 minutes from the time I hit Ok to the time the permission are applied and the box goes away. This is being set from a Windows client by the way (not using setfacl on the linux box or anything). Any idea why this could be so slow? Setting permissions on the same directories on the old Windows file server would take maybe a minute. This is my first time posting on any mailing list, so just let me know if I do something stupid :) James Dinkel Network Engineer Butler County of Kansas There are 10 types of people in the world: those who understand binary, and those who don't. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AutoCad and ArcView
Thanks for all the replies yesterday. Back to the initial question -- does anyone else have more references or a working .conf file that is designed, tested and working in an environment where large files (40-200MB) are being R/W constantly. Server OS: FC 5. Samba Version: Samba version 3.0.21b-2 Clients WinXP exclusively (with most recent updates) Total Clients 4 (sometimes a 5th) Thanks in advance -- James C. McLaughlin Montrose County IT Office: (970) 252-4598 Cell: (970) 209-8329 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] AutoCad and ArcView
Jean-Sebastien Pilon wrote: > 1. Are the files constantly accessed by the applications ( like an excel > file opened on a share ) ? Yup > > 2. What RAID settings does your controller support other than 5? >I know IBM servers use 5E, 5EE and 1E which are a little more > interesting than plain 5 Vanilla Controller 1/5 >A raid 10 could be interesting too for file serving where writes are > as common as reads. > After doing some research I found you probably hit the nail right on the head for our RAID config. Raid 5 is great for smaller files. Where as RAID 10 is designed for large file transfers. We recently acquired a new adaptec controller The (ASR2130SLP) which does support RAID 10. ## >On Wed, 2006-11-15 at 13:05 -0500, Aaron Kincer wrote: >> Can you be more specific than "burned through"? Hard Drive Failed. error 32. -->Multi-bit ECC / Both Drives >> What brand of hardware are you running? 5 Fujitsu 320GB Drives Intel Server Board SE7501CW2 Vanilla Intel Controller Card -- I will look up the #'s later. Sorry >> I am unconvinced that your OS and/or Samba are the cause of your hardware issues. Never would I think that -- just wondering if anyone else had been using a SAMBA server in a like environment and had some information on how they had set up a smooth running server. These things are like cars. Lets get under the hood and do some tweaking -- knowwhatImean? Nothing wrong with adding a little extra pep by tweaking conf files, hosts lists, remove bottlenecks, etc...etc... >> I've seen data intensive servers running RAID 5 run for many years with no problems. Our backup server for this system is 1/2 the machine and ran fine for 2 weeks while we waited on hardware. Quite a bit slower and lots of complaints about access speeds etc...but nary an issue. > I would be more inclined to believe you've got a faulty backplane that is providing irregular power that might be zapping your drives than software related. Hmmmare there any packages out there that can be installed to monitor this? Anyone know if Nagios monitors items of that detail -- or have the ability? I will havet to look into that. > Out of curiosity--what is the same slot in your array that suffered the failed drive? Magic Number is 4 JM -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AutoCad and ArcView
Hello all, Just curious if anyone else has a SAMBA server that is serving up AutoCad and ArcView files to users on Windows. We are utilizing a RAID 5 setup on dual 2.8 GHZ 4 GB RAM Intel Controller card (all latest firmware, BIOS etc...etc..) Only 4 users are accessing the server, but it seems after a few days the server starts to choke up, lock files, and it causes a hardware issue. (We have burned through 2 320GB drives in 2 months) It is possible of course that the controller card is failing, but to take some of the stress off of the machine does anyone have a tweaked smb.conf that has NO issues with serving up files of this size all day (80-200MB) Thanks in advance -- James C. McLaughlin Montrose County IT Office: (970) 252-4598 Cell: (970) 209-8329 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: help with samba
On Oct 29, 2006, at 5:49 PM, julio cruz wrote: Hi James: I hope you can give me a hand in diagnosing the problem with my samba. - I recently installed FC6 and installation worked fine - I installed Samba as well to talk with the other computer used by my kids - my computer can talk with their win XP and read/write files with no problem - their windows XP can "see" my computer [FC6] but cannot access [read/write] files and printer. Is there something I overlook? Maybe you didn't set up the right user accounts? Try working through this example: http://us2.samba.org/samba/docs/man/Samba-Guide/simple.html#AccountingOffice If this doesn't help, please post your smb.conf file and the recent entries from your log.smbd logfile. -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows != Samba - NETBIOS name handling
Hi, I'm using samba just for its "net join" functionality. Computer accounts and kerberos keytabs are created by Samba in Active Directory via "net ads join", then used by UNIX clients to authorise and authenticate via LDAP and Kerberos. Samba works perfectly until the computers hostname is longer than 15 characters. Then any attempt to join the domain fails with: [EMAIL PROTECTED] etc]# net ads join -U Administrator Administrator's password: [2006/11/01 13:14:34, 0] libads/ldap.c:ads_join_realm(1763) ads_join_realm: ads_add_machine_acct failed (uk1-sysstg-sqlsyslogtest): Internal (implementation specific) error ads_join_realm: Internal (implementation specific) error Looking at packet trace output suggests it's because of NETBIOS name length limitations. So I specify a legal NETBIOS name in smb.conf, and the join succeeds. The problem is now that this computer is _completely_ identified to AD by this NETBIOS name. Both the kerberos tickets and the DNS name for this computer are linked to the NETBIOS name, even though this is different from the UNIX hostname. If this were a Microsoft AD limitation, I could write this off, but it seems this is a Samba problem. From: http://technet2.microsoft.com/WindowsServer/en/library/8ec96981-6b1a-48ec-bd3e-d8d43bc814311033.mspx?mfr=true --- --- To ensure interoperability between NetBIOS and DNS naming in Windows, a new naming parameter called the NetBIOS computer name was introduced. The value of this parameter, which is not required in a Windows 2000 or Windows Server 2003 environment, is derived from the first 15 characters of the DNS full computer name. When the full computer name is a combination of the computer name and the primary DNS suffix for the computer, the impact of renaming and making the transition from a NetBIOS namespace to a DNS namespace can be minimal. Users continue to focus on the short computer name. If this name is 15 characters or less, it can be made identical to the NetBIOS computer name. The administrator can then also assign a DNS domain name for each computer. This can be done using remote administration tools. -- -- It seems Windows allows the NETBIOS name and computer DNS name to be separate, but Samba doesn't. A look inside the AD properties for a computer account shows these can be different, but a samba join forces them to be the same. I've also tried pre-creating the computer accounts in AD - this still happens. Is there any way round this issue? (And no "rename 100+ production servers" suggestions please ;-) ) thanks James Masson -- Redhat EL4 samba-client-3.0.10-1.4E.9 samba-common-3.0.10-1.4E.9 also tried with samba.org samba-3.0.22-1 --- smb.conf workgroup = TESTING ; netbios name = UK1-SYSSTG-SQLS realm = TESTING.LOCAL.INVALID security = ads use kerberos keytab = True --- Windows 2003 R2 ** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the authors employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. ___ This message has been checked for all known viruses by UUNET delivered through the MessageLabs Virus Control Centre. For further information visit http://www.uk.uu.net/products/security/virus/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] dmapi doesn't work on aix; possible fix included
On 29/10/06, J Raynor <[EMAIL PROTECTED]> wrote:
I'm running samba 3.0.23c on aix 5.3 TL4. I'm using Tivoli HSM 5.3.4.0
on a JFS2 filesystem. Samba compiled fine, and I set "dmapi support =
yes" in smb.conf, but samba wouldn't recognize offline files ("migrated
files" in tsm terminology). After setting a higher log level I think
I've tracked down the problem. The patch is at the bottom of this email.
The first problem is this snippet in dmapi_file_flags() in smbd/dmapi.c:
err = dm_path_to_handle(CONST_DISCARD(char *, path),
&dm_handle, &dm_handle_len);
if (err < 0) {
DEBUG(DMAPI_TRACE, ("dm_path_to_handle(%s): %s\n",
path, strerror(errno)));
if (errno != EPERM) {
return 0;
}
On AIX, dm_path_to_handle() is returning EACCES instead of EPERM, so it
hits the return 0. Is EPERM supposed to be the only allowed error, or
is this something that's likely implementation dependent?
This code was originally written for Linux and IRIX. IIRC in Linux there was
a problem where the process capabilities were reset across fork() because
Samba changes its effective user ID. So when we get a permission error
we go back and try to re-acquire our capabilities.
Changing the if-condition to (errno != EPERM && errno != EACCES) lets
things continue on. The rest of the problem in dmapi_file_flags() is
that things are running with the effective uid of the user, so dmapi
calls are failing. The posix capability DMAPI_ACCESS_CAPABILITY is
Note that DMAPI_ACCESS_CAPABILITY is not a real capability, it's just
a name for whatever capability set is needed to do DMAPI operations on
the current platform.
supposed to allow the functions to work, but to my knowledge AIX doesn't
have posix capabilties.
This is well beyond my knowledge of AIX. I used capabilities for this,
rather than
(un)become_root for performance reasons. If there's no other way to achieve the
functionality, then I guess this is fine.
I'd prefer a feature-based test for whether this is necessary, rather
than a platform-
based test. Something like
#if !defined(HAVE_POSIX_CAPABILITIES)
become_root();
#endif
I used become_root/unbecome_root around the dmapi calls, and this
appeared to get things to work. Samba's log messages are indicating
that files are offline, and Windows Explorer is picking up on this and
changing the file icons to indicate that the files are offline. However,
I don't know if my solution is entirely correct. Here's the patch:
*** dmapi.c.origSat Oct 28 02:33:13 2006
--- dmapi.c Sat Oct 28 11:12:54 2006
***
*** 246,252
DEBUG(DMAPI_TRACE, ("dm_path_to_handle(%s): %s\n",
path, strerror(errno)));
! if (errno != EPERM) {
return 0;
}
--- 246,252
DEBUG(DMAPI_TRACE, ("dm_path_to_handle(%s): %s\n",
path, strerror(errno)));
! if (errno != EPERM && errno != EACCES) {
return 0;
}
***
*** 259,266
--- 259,274
set_effective_capability(DMAPI_ACCESS_CAPABILITY);
+ #ifdef AIX
+ become_root();
+ #endif
+
err = dm_path_to_handle(CONST_DISCARD(char *, path),
&dm_handle, &dm_handle_len);
+
+ #ifdef AIX
+ unbecome_root();
+ #endif
if (err < 0) {
DEBUG(DMAPI_TRACE,
("retrying dm_path_to_handle(%s): %s\n",
***
*** 269,276
--- 277,293
}
}
+ #ifdef AIX
+ become_root();
+ #endif
+
err = dm_get_eventlist(dmapi_session, dm_handle, dm_handle_len,
DM_NO_TOKEN, DM_EVENT_MAX, &events, &nevents);
+
+ #ifdef AIX
+ unbecome_root();
+ #endif
+
if (err < 0) {
DEBUG(DMAPI_TRACE, ("dm_get_eventlist(%s): %s\n",
path, strerror(errno)));
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
James Peach | [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re: [Samba] PLEASE HELP - MAC NEWBIE - MAC OS X 10.4.8 (Intel) compiling errors of Samba 3.0.23.c
On 24/10/06, Steven Thomas Smith <[EMAIL PROTECTED]> wrote: Hi, I'm a newbie having the same problems as reported at http://www.mail-archive.com/samba@lists.samba.org/msg78809.html. I'm writing to ask if these bug fixes have been implemented yet, and how to download if they have! The changes are in the svn repository but not yet in any released Samba version. I'm used to downloading tarballs, but have no idea how to navigate through subversion http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/. You can get the bleeding edge source via anonymous rsync: rsync --recursive rsync://rsync.samba.org/ftp/unpacked/samba . -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] CIDR prefix with a non-multiple of 8
> > Is anyone aware of this problem and if so has it been corrected in the > 3.0 series? > My interfaces option has a /23 and works with 3.0.14a and 3.0.23c, so I would guess it has been fixed. James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re: [Samba] PLEASE HELP - MAC NEWBIE - MAC OS X 10.4.8 (Intel) - Bus Error
On 12/10/06, Dan <[EMAIL PROTECTED]> wrote: Here is what I got: (gdb) run -U administrator%"MYPASS" -I 10.1.0.11 -L 10.2.0.9 Starting program: /usr/bin/smbclient -U administrator%"MYPASS" -I 10.1.0.11 -L 10.2.0.9 Reading symbols for shared libraries . done Domain=[MY_DOMAIN] OS=[Unix] Server=[Samba 3.0.23c] Sharename Type Comment - --- Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x 0x000a11fd in rpccli_srvsvc_NetShareEnum () ooh! null pointer dereference! Can you please open a bug at bugzilla.samba.org? Assign it to [EMAIL PROTECTED] and hopefully I'll be able to do something about it in the next few days. -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re: [Samba] PLEASE HELP - MAC NEWBIE - MAC OS X 10.4.8 (Intel) - Bus Error
On 12/10/06, Dan <[EMAIL PROTECTED]> wrote: Unfortunately I can not find a core file any where on the system. There is a directory /private/var/log/cores with smbd and nmbd folders but all are empty. Any thing else I can do to get the core file or needed info? try running smbclient under gdb gdb /path/to/smbclient (gdb) run -with -whatever -args -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re: [Samba] PLEASE HELP - MAC NEWBIE - MAC OS X 10.4.8 (Intel) - Bus Error
On 11/10/06, Dan <[EMAIL PROTECTED]> wrote: I was able to get things to compile but with warnings of "unrecognized option '--pie'". Add --disable-pie to your configure line. Unfortunately configure tests generally can't detect warnings, so -pie gets enabled when it probably shouldn't be. When I run things I still can not login to shares and when I run smbclient I get a "Bus Error". Could this be related to the compile warnings? Maybe a gcc thing? I don't see any glibc files on the system. Any help is greatly appreciated. Here is the output from the smbclient: This smells like a bug. When this happens, smbclient should drop a core file in /cores. It will be called /cores/core.$pid. Can you use gdb to get a stack trace of where it crashes? -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re: [Samba] PLEASE HELP - MAC NEWBIE - MAC OS X 10.4.8 (Intel) compiling errors of Samba 3.0.23.c - FIXED
On 11/10/06, Dan <[EMAIL PROTECTED]> wrote: I figured out what I was doing wrong. Obviously the old configure file will not work. I ran the make-tarball.sh script to reproduce the configure and everything builds fine. yep :) I usually do a ./autogen.sh && ./configure --foo -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PLEASE HELP - MAC NEWBIE - MAC OS X 10.4.8 (Intel) compiling errors of Samba 3.0.23.c
On 11/10/06, Dan <[EMAIL PROTECTED]> wrote: Hello, I am trying to compile the latest samba 3.0.23c on MAC Intel OS X 10.4.8 and I am getting errors with the krb5 stuff. I have searched the net and found other people with the same error but didn't see any solution. Has anyone successfully compiled it on 10.4.8 Intel? Any help would be greatly appreciated as I am new to the mac platform but have lots of linux experience. The errors are below: Compiling libsmb/clikrb5.c libsmb/clikrb5.c: In function 'krb5_locate_kdc': libsmb/clikrb5.c:378: error: 'krb5_krbhst_handle' undeclared (first use in this function) libsmb/clikrb5.c:378: error: (Each undeclared identifier is reported only once libsmb/clikrb5.c:378: error: for each function it appears in.) libsmb/clikrb5.c:378: error: parse error before 'hnd' libsmb/clikrb5.c:379: error: 'krb5_krbhst_info' undeclared (first use in this function) libsmb/clikrb5.c:379: error: 'hinfo' undeclared (first use in this function) libsmb/clikrb5.c:388: error: 'KRB5_KRBHST_KDC' undeclared (first use in this function) libsmb/clikrb5.c:388: error: 'hnd' undeclared (first use in this function) libsmb/clikrb5.c:917:2: error: #error UNKNOWN_KRB5_AP_REQ_FREE_FUNCTION libsmb/clikrb5.c:959:2: error: #error UNKOWN_KRB5_AP_REQ_DECODING_FUNCTION make: *** [libsmb/clikrb5.o] Error 1 metze just checked in a change to fix this. If you try the latest code from the subversion repository, it should build. -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Fwd: Re: [Samba] Authenticating Linux Against AD with Winbind]
[EMAIL PROTECTED] wrote: > Thanks everyone for the help. I'm now a step further. I changed my > smb.conf with the values James mentioned: > > server = ads > realm = > > > I then used a "net ads join" instead of a "net rpc join" and > I get the > following: > > Using short domain name -- GARNET > [2006/10/10 15:40:42, 0] libads/kerberos.c:get_service_ticket(335) > get_service_ticket: kerberos_kinit_password TESTMAIL2$@ domain>@ failed: Client not found in Kerberos database > free(): invalid pointer 0xb74c43a0! > free(): invalid pointer 0xbfffcf08! > Segmentation fault Try this: kinit administrator@ If you've renamed your builtin domain admin account, change the name. You should be prompted for the password. This will jumpstart your kerberos tickets. You can try rejoining the domain (it doesn't hurt in my experience -- just updates the machine account) and see if you still get the errors. Usually you only have to do this once - kerberos just sort of works after you set it up. James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Authenticating Linux Against AD with Winbind
> > Thanks for the reply. I'm a bit confused, though. The how-to > doesn't say > anything about either of these options. Actually, I checked a > number of > different how-tos and docs and some include them, while others don't. > (??) Also, sorry for my lack of knowledge but realm refers to the > kerberos realm, correct? We don't use kerberos and I was under the > impression that it wasn't necessary, since some docs (such as the one > I'm using) don't mention anything about it. > > Thanks for your help, > Jason Aaron has already replied with some good advice. I think what happened is that you were following a howto that has assumptions about the state of your samba install - it concerns only a small piece of the puzzle. The documentation included with Samba is actually very good. If you are just starting out, I suggest that you install swat and then look at your configuration through the swat web pages. Go to the Globals section (change to 'advanced' view to see all of the options -- you may not need that amount of detail though). You'll notice a hyperlink to the left of every option. Clicking on the hyperlink will display a description of the option in another browser window. For example, the description for "server" includes: === SECURITY = ADS In this mode, Samba will act as a domain member in an ADS realm. To operate in this mode, the machine running Samba will need to have Kerberos installed and configured and Samba will need to be joined to the ADS realm using the net utility. Note that this mode does NOT make Samba operate as a Active Directory Domain Controller. Read the chapter about Domain Membership in the HOWTO for details. === Note that this isn't an all-inclusive "set this in your particular setup" -- but it does tell you that you're going to need Kerberos, and does point you at the right chapter in the howto if you're still not sure. James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Authenticating Linux Against AD with Winbind
You're trying to authenticate against active directory: > I'm trying to set up a Linux box to authenticate users against AD But your config doesn't agree with you: > security = server And you may have cut them out, but I see no realm entry to specify the AD domain. James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re: [Samba] smbd hanging on OS X 10.4.8
On 06/10/06, nicerobot <[EMAIL PROTECTED]> wrote: Right, -i was intentional so that I can watch what it's doing from the command-line, so that I can see the messages as a smbclient attempts to connect. But it is actually hanging before it ever gets to a point in the initialization that it will be capable of responding to connection requests so I'll never see any debugging messages beyond the point where it hangs. Can you ktrace the process whilst it is hung? Is it making any system calls? -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd hanging on OS X 10.4.8
On 05/10/06, nicerobot <[EMAIL PROTECTED]> wrote: Hi, If process all my mounts prior to the "..." bit below. It looks as if it's hanging while processing some printer config. On that assumption Can you please describe exactly what problem is occurring and the steps that you take to trigger it? and since I don't and never have had any printers attached, I've commented out the '[printers]' section from smb.conf. No section contains a 'printable = yes'. I've tried with all sections containing 'printable = no'. The '[global]' section includes 'load printers = no'. Still it hangs. Any clue or tips on things to try are greatly appreciated. Apple hasn't been able to reproduce the problem and haven't been able to come up with any recommendations that I haven't already tried. Thanks $ smbd -V Version 3.0.10 $ smbd -i -d 100 -s /etc/smb.conf ... lp_servicenumber: couldn't find printers lp_file_list_changed() file /etc/smb.conf -> /etc/smb.conf last mod_time: Mon Oct 2 13:46:25 2006 added interface ip=192.168.1.20 bcast=192.168.1.255 nmask=255.255.255.0 Netbios name list:- my_netbios_names[0]="DODO" loaded services fcntl_lock 6 8 0 1 3 fcntl_lock: Lock call successful Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Opening cache file at /private/var/samba/gencache.tdb namecache_enable: enabling netbios namecache, timeout 30 seconds reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Control/Print] sorted_tree_add: Enter sorted_tree_find_child: Did not find [HKLM] sorted_tree_birth_child: First child of node [NULL]! [HKLM] sorted_tree_find_child: Did not find [SYSTEM] sorted_tree_birth_child: First child of node [HKLM]! [SYSTEM] sorted_tree_find_child: Did not find [CurrentControlSet] sorted_tree_birth_child: First child of node [SYSTEM]! [CurrentControlSet] sorted_tree_find_child: Did not find [Control] sorted_tree_birth_child: First child of node [CurrentControlSet]! [Control] sorted_tree_find_child: Did not find [Print] sorted_tree_birth_child: First child of node [Control]! [Print] sorted_tree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree sorted_tree_add: Exit reghook_dump_cache: Starting cache dump now... ROOT/: [HKLM] (NULL) ROOT/HKLM/: [SYSTEM] (NULL) ROOT/HKLM/SYSTEM/: [CurrentControlSet] (NULL) ROOT/HKLM/SYSTEM/CurrentControlSet/: [Control] (NULL) ROOT/HKLM/SYSTEM/CurrentControlSet/Control/: [Print] (data) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hello and question on Mac OS X Server use of Samba
On 25/09/06, Jaime Magiera <[EMAIL PROTECTED]> wrote: Hi, I'm new to the list (and samba). It's a great technology and I look forward to learning more about it. I have an OS X Server that utilizes the built-in Samba to allow for Windows client connectivity. The OSXS gets the majority of its users from an LDAP server elsewhere on the campus. On OSXS, it's expected that the Windows users will be local or that the server will be a KDC or that the server will be bound to an AD. Regrettably, my server is not bound not an AD, nor is it a Kerberos KDC for the University and the users are not local but from the campus-wide LDAP server. The only option I can think of for Windows clients to use Samba is to re-kerberize the Samba service itself to the University KDC. I can get the keytabs. However, I've been told by folks on other lists that there on some tweaks on OSXS that make Samba configuration a little different. You can definitely configure Samba to talk to the campus-wide LDAP server to resolve user names. Check the official howto and the "by example" books on samba.org. Does anyone here have experience (re)kerberizing Samba on an OSX Server? Or any suggestions how I could solve this conundrum I'm in? Or, if I'm misunderstanding something about how Samba works? AFAIK, windows clients will only do Kerberos authentication to AD member servers. -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linux Samba to Mac OSX: resource fork lock problems?
On 22/09/06, William Yang <[EMAIL PROTECTED]> wrote: I am seeking a better workaround than I currently have for the problem. Using OS X 10.3.x and 10.4.x (and possibly other versions) as workstations, and Gentoo Linux (kernel 2.6.16) with Samba 3.0.22, I have the following sequence of events. The symptom is most prevalent when dealing with multi MB files: 1. Resource fork (._ file) gets locked 2. File associated with resource fork also gets locked. 3. File gets unlocked 4. Resource fork never gets unlocked. Because the resource fork never gets unlocked, this causes problems with migration of data off the Mac to the server and occasionally results in a file being deleted unexpectedly. Can you please confirm that this behaviour is present in the most recent 10.4 update? If it is, could you please get a network trace of this behaviour and file a bug with Apple? I'm not too familiar with tcpdump syntax, but it would be best to capture entire packets (-s 0) in both directions (do you need to "in.pcap port 139" as well?). See http://developer.apple.com/bugreporter/ for how to file an Apple bug. thanks, -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Write list problem
>> >> > Possibly. After upgrading all my Debian Sarge systems from 3.0.22 to > 3.0.23c, I had to replace the "+" with the default "\" to get it to > work, but I don't think it's a universal problem. Maybe it's a Debian > thing. Unlike you, valid users worked fine for me. (My > biggest headache has been username mapping in a security = ADS setting.) > I do not see this behavior on my 3.0.23c Debian installations. Samba 3.0.23c debs from Samba.org, installed on both Debian Etch (Testing) and Debian Sarge (Stable) Both of them use "winbind separator = +" Valid users also works as expected in my installations, both with domain users and domain groups specified. James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems Connecting Novell/SuSE Enterprise Desktop 10 to Active Directory
Samba List; Has anybody tried to connect SLED10 into an MS Active Directory environment? I am getting Samba 'winbind' errors when I use YaST Windows Domain Membership'. I have to edit /etc/samba/smb.conf and set up the proxy settings first to authenticate into Active Directory. When I run 'Windows Domain Membership' and join my domain it says I have successfully jointed but I get error a Samba 'winbind' error message later in the script. I have installed all SLED10 patches including Samba, LDAP and kernel patches. Modifications to smb.conf file winbind separator = + winbind use default domain = Yes winbind cache time = 600 winbind enum users = no winbind enum groups = no netbios name = MY MACHINE NAME workgroup = DOMAIN NAME password server = NAME OF PASSWORD SERVER client use spnego = yes domain master = no And help would be appreciated. Jim Waters -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 3.0.23c Debian packages installation error
[EMAIL PROTECTED] wrote: > The latest Debian 3.0.23c-1 packages will not install on my Etch test > machine. The packages seem to be fighting over who owns files. If I > try to install them individually, dependencies kick in and I get the > same result. > > Ideas? > Uninstall the previous version before re-installing resolves the issue for Etch. For some reason apt doesn't like upgrading in place on Etch. Sarge did not have an upgrade issue. James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.23c Debian packages installation error
The latest Debian 3.0.23c-1 packages will not install on my Etch test machine. The packages seem to be fighting over who owns files. If I try to install them individually, dependencies kick in and I get the same result. Ideas? James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 - The following packages will be upgraded: samba samba-common winbind 3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 0B/7427kB of archives. After unpacking 16.4kB of additional disk space will be used. Do you want to continue [Y/n]? y Preconfiguring packages ... (Reading database ... 163305 files and directories currently installed.) Preparing to replace samba-common 3.0.23c-1 (using .../samba-common_3.0.23c-1_i386.deb) ... Unpacking replacement samba-common ... dpkg: error processing /var/cache/apt/archives/samba-common_3.0.23c-1_i386.deb (--unpack): trying to overwrite `/usr/share/man/man5/smbpasswd.5.gz', which is also in package samba dpkg-deb: subprocess paste killed by signal (Broken pipe) Preparing to replace samba 3.0.23c-1 (using .../samba_3.0.23c-1_i386.deb) ... Stopping Samba daemons: nmbd smbd. Unpacking replacement samba ... dpkg: error processing /var/cache/apt/archives/samba_3.0.23c-1_i386.deb (--unpack): trying to overwrite `/usr/bin/profiles', which is also in package samba-common dpkg-deb: subprocess paste killed by signal (Broken pipe) Preparing to replace winbind 3.0.23c-1 (using .../winbind_3.0.23c-1_i386.deb) ... Stopping the Winbind daemon: winbindd. Unpacking replacement winbind ... dpkg: error processing /var/cache/apt/archives/winbind_3.0.23c-1_i386.deb (--unpack): trying to overwrite `/usr/lib/samba/idmap/rid.so', which is also in package samba dpkg-deb: subprocess paste killed by signal (Broken pipe) Starting the Winbind daemon: winbindd. Errors were encountered while processing: /var/cache/apt/archives/samba-common_3.0.23c-1_i386.deb /var/cache/apt/archives/samba_3.0.23c-1_i386.deb /var/cache/apt/archives/winbind_3.0.23c-1_i386.deb E: Sub-process /usr/bin/dpkg returned an error code (1) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] fam error
On 09/09/06, Willy Offermans <[EMAIL PROTECTED]> wrote: On Mon, Sep 04, 2006 at 10:27:35PM +1000, James Peach wrote: > On 04/09/06, Willy Offermans <[EMAIL PROTECTED]> wrote: > >Dear Samba Friends, > > > >I got the following error again and again: > > > > > >. > >Sep 4 10:58:18 sun smbd[94479]: [2006/09/04 10:58:18, 0] > >smbd/notify_fam.c:fam_check_reconnect(136) > >Sep 4 10:58:18 sun smbd[94479]: failed to connect to FAM service > >Sep 4 10:58:23 sun smbd[94479]: [2006/09/04 10:58:23, 0] > >smbd/notify_fam.c:fam_check_reconnect(136) > >Sep 4 10:58:23 sun smbd[94479]: failed to connect to FAM service > >Sep 4 10:58:24 sun smbd[94479]: [2006/09/04 10:58:24, 0] > >smbd/notify_fam.c:fam_check_reconnect(136) > >Sep 4 10:58:24 sun smbd[94479]: failed to connect to FAM service > >Sep 4 10:58:25 sun smbd[94479]: [2006/09/04 10:58:25, 0] > >smbd/notify_fam.c:fam_check_reconnect(136) > >Sep 4 10:58:25 sun smbd[94479]: failed to connect to FAM service > >Sep 4 10:58:25 sun smbd[94479]: [2006/09/04 10:58:25, 0] > >smbd/notify_fam.c:fam_check_reconnect(136) > >Sep 4 10:58:25 sun smbd[94479]: failed to connect to FAM service > >Sep 4 11:23:22 sun smbd[94479]: [2006/09/04 11:23:22, 0] > >smbd/notify_fam.c:fam_check_reconnect(136) > >Sep 4 11:23:22 sun smbd[94479]: failed to connect to FAM service > >. > > > > > >I'm using samba-3.0.23b,1 on FreeBSD 6.1 > > I've only ever tested the FAM support on IRIX. smbd will automatically > attempt to use FAM if it appears to be available, but it shouldn't > > >I did not specify anything with respect to fam in my > >/usr/local/etc/smb.conf file. > > > >I have only noticed that a new directory has been created in /tmp/ > > > >drwx-- 2 root wheel 512 Sep 4 08:45 /tmp/fam-root/ > > > >This directory is empty and updated once and a while. I mean the > >directory is recreated at a later time. Attributes and owner do not > >change. > > > >In the clients log files I find the following: > > > > > > > >[2006/09/04 11:36:41, 0] smbd/notify_fam.c:fam_check_reconnect(136) > > failed to connect to FAM service > > Socket directory /tmp/fam-root has different owner > > Failed to remove unsafe path /tmp/fam-root > >... > > > > > >It seems that the client tries to access /tmp/fam-root but has not the > >right user priviliges. > > > >Can someone help me out and explain what is going on? How can I solve > >the problem? > > You can disable FAM support by setting "fam change notify = no" in > smb.conf. This > will get rid of the messages, but obviously you won't get FAM support. > I'd have to dig > into the FAM implementation on FreeBSD to be more helpful, and I won't > be able to > do that for a couple of weeks. > > -- > James Peach | [EMAIL PROTECTED] Well, since the error message is only annoying and __not__ critical at the moment, I will just be patient then. Yes, FAM can be disabled without losing any functionality. It is merely a performance optimisation. I do not know how fam is implemented into samba and if calling the fam function in FreeBSD needs special considerations. I expected that the samba developer, responsible for the fam implementation, would have a look. I do not know if I reach that person via this mailing list. Yes, that's me. I just don't have the facility to do anything about this for couple of weeks. -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] fam error
On 04/09/06, Willy Offermans <[EMAIL PROTECTED]> wrote: Dear Samba Friends, I got the following error again and again: . Sep 4 10:58:18 sun smbd[94479]: [2006/09/04 10:58:18, 0] smbd/notify_fam.c:fam_check_reconnect(136) Sep 4 10:58:18 sun smbd[94479]: failed to connect to FAM service Sep 4 10:58:23 sun smbd[94479]: [2006/09/04 10:58:23, 0] smbd/notify_fam.c:fam_check_reconnect(136) Sep 4 10:58:23 sun smbd[94479]: failed to connect to FAM service Sep 4 10:58:24 sun smbd[94479]: [2006/09/04 10:58:24, 0] smbd/notify_fam.c:fam_check_reconnect(136) Sep 4 10:58:24 sun smbd[94479]: failed to connect to FAM service Sep 4 10:58:25 sun smbd[94479]: [2006/09/04 10:58:25, 0] smbd/notify_fam.c:fam_check_reconnect(136) Sep 4 10:58:25 sun smbd[94479]: failed to connect to FAM service Sep 4 10:58:25 sun smbd[94479]: [2006/09/04 10:58:25, 0] smbd/notify_fam.c:fam_check_reconnect(136) Sep 4 10:58:25 sun smbd[94479]: failed to connect to FAM service Sep 4 11:23:22 sun smbd[94479]: [2006/09/04 11:23:22, 0] smbd/notify_fam.c:fam_check_reconnect(136) Sep 4 11:23:22 sun smbd[94479]: failed to connect to FAM service . I'm using samba-3.0.23b,1 on FreeBSD 6.1 I've only ever tested the FAM support on IRIX. smbd will automatically attempt to use FAM if it appears to be available, but it shouldn't I did not specify anything with respect to fam in my /usr/local/etc/smb.conf file. I have only noticed that a new directory has been created in /tmp/ drwx-- 2 root wheel 512 Sep 4 08:45 /tmp/fam-root/ This directory is empty and updated once and a while. I mean the directory is recreated at a later time. Attributes and owner do not change. In the clients log files I find the following: [2006/09/04 11:36:41, 0] smbd/notify_fam.c:fam_check_reconnect(136) failed to connect to FAM service Socket directory /tmp/fam-root has different owner Failed to remove unsafe path /tmp/fam-root ... It seems that the client tries to access /tmp/fam-root but has not the right user priviliges. Can someone help me out and explain what is going on? How can I solve the problem? You can disable FAM support by setting "fam change notify = no" in smb.conf. This will get rid of the messages, but obviously you won't get FAM support. I'd have to dig into the FAM implementation on FreeBSD to be more helpful, and I won't be able to do that for a couple of weeks. -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with large files corrupting during transfer
Ramsey Wes - wramse wrote: Files >2.8gb are corrupting during the transfer. That 2.8gb file is the largest we've gotten to go through successfully. The next largest file is 5.7gb, and corrupts without fail. The 1st section of the file looks normal, the next large chunk is corrupt, and the remainder of the file is simply binary trash. It looks to me like 2(+) users are accessing the file while it is writing to cache, which would explain this, but I have no way to prove it. I tried adding 'oplocks = no' and 'strict locking = yes', but neither fixed the problem. If more info is needed, please let me know. Hi, I'm afraid I can't help you but I can tell you that I had a similar problem that I gave up on some time ago. I found that windows 2k could transfer the files perfectly well to my samba box so I guess it must be an NT problem. I posted this to the list: http://lists.samba.org/archive/samba/2006-May/120717.html and only received one reply: http://lists.samba.org/archive/samba/2006-May/120748.html Having verified that I was running SP6, I lost interest and tried to persuade my boss to fund an upgrade to our windows servers instead. I'm assured that the upgrade will happen some time this year :-) but I'd still be very interested to hear from you if you manage to fix the problem. Good luck, James. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA as Domain Controller using FreeBSD 6.1
Hello everyone! Good Day! I am using FreeBSD 6.1/6.x version of Operating System. I plan to switch my existing PDC Win2k Advanced server to FreeBSD with the power of Samba. Anybody may I know of how would you setup SAMBA as PDC in FreeBSD 6.x? I know this is not good question for asking HOWTO but the good procedures and right samba configurations might lead me up during installation process. I am hoping for your kind consideration and favorable response. Great many thanks. Regards, James G. Corteciano -- ___ Get your free email from http://mymail.bsdmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and unix permissions mismatch
Our DCs are Win2003 but we dealt with the same problem on Linux member servers. We use filesystem ACLs to control access. The owner/group of a shared directory is nobody:nobody. The default ACL is: default:user::rwx default:group::--- default:other::--- plus numerous default:group::rwx entries. One for each group The reason for the group::--- is because the primary group is "Domain Users" and we want to make sure that files don't default to allowing access to this group. -James > -Original Message- > On Behalf Of BJörn Lindqvist > Sent: Tuesday, August 01, 2006 6:30 AM > To: samba@lists.samba.org > Subject: [Samba] Samba and unix permissions mismatch > > > I have just managed to get my first Samba/LDAP PDC up and running. But > I have one big security problem -- users logging in to the PDC using > ssh can access all shares. > > User credentials, both for ssh login and for Samba access, > are retrieved > from the LDAP directory. All shares are stored in the /var/lib/samba > directory. The directories permissions look like this: > > drwxrwx--- 2 root Domain Users 4096 25 jul 15.11 Common > drwxrwx--- 2 root Domain Users 4096 13 jun 16.59 Customers > drwxrwx--- 2 root Domain Users 4096 13 jun 16.32 Sales > ... and so on. > > Each share is owned by root in the "Domain Users" group. In the Unix > world, each directory can only be owned by one user in one group. But > in the Samba world, directories and shares aren't owned by any > single group, instead a number of groups have access to the directory > or share. That is why the shares has to be owned by the Unix group > "Domain Users," which is a meta group in which all users of the PDC > belong. > > Obviously, this arrangement isn't very nice. Every user that logs in > via ssh can access all shares. Yet all shares need to be owned by the > group "Domain Users" otherwise some groups of users can't access some > shares. The Sales share, for example, should really be owned by both > the Managers and the Accountants groups. > > So how do I fix this? There doesn't seem to be any easy way. > > Thanks in advance. > > -- > Mvh Björn Lindqvist > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Missing winbindd_privileged/pipe
I have a test machine that was running 3.0.22 (Debian testing), providing NTLM authentication for a Squid installation. Today I upgraded Squid to the current Debian testing version, and NTLM authentication stopped working. When I took a look at the /var/run/samba/winbindd_privileged directory permissions, they were fine. Then tried to look at the pipe itself, and it was gone. ! /tmp/.winbind/pipe was still there though. Restarting samba and winbind did not restore the pipe. I had to re-install samba. A quick Google search didn't generate a whole lot of results, so I don't think this is a common problem. Any reason that the pipe would be deleted? And how would a missing pipe be re-generated without a re-install of samba? James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] pam winbind seems to have trouble with idmap backend = ldap
Environment is samba-3.0.10-1.4E.6 RedHat ES4, kernel 2.6.9-34.0.2.ELsmp AD domain Win2003 SP2 Native mode This system was initially setup in ads security mode, joined to a Win 2003 AD domain and configured to use winbind for both samba file shares and authz/authn for sshd and local logins. In this configuration the winbind idmap was the default local database. Everything worked fine. Users could login via ssh and access controls on files were properly working, samba file sharing worked properly, etc. In an effort to synchronize the uid/gid to sid mapping across multiple machines we configured a system to use idmap backend = ldap. Initially it seemed that this new configuration was working. After deleting the winbind cache and local database and restarting smb/winbind, getent passwd populated the ldap directory with mapping info and samba file sharing worked fine. The problem is that now ssh and console logins don't work for AD accounts, only local accounts. The short version is, with idmap... commented out, fileshares and ssh work for AD accounts. With idmap... file shares work but ssh does not. Errors while using ssh are included below. -- smb.conf -- [global] workgroup = AC_COMPUTING server string = JAMESDIRTEST log file = /var/log/samba/%m.log log level = 3 passdb:5 auth:10 winbind:3 max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no security = ads idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash template homedir = /home/%U username map = /etc/samba/smbusers winbind use default domain = yes realm = EVERGREEN.EDU password server = EVDC1 EVDC2 winbind enum users=yes winbind enum groups=yes client schannel = no client use spnego = no ldap admin dn = cn=manager,ou=users,dc=sambaidmap,dc=evergreen,dc=edu ldap idmap suffix = ou=idmap ldap suffix = dc=sambaidmap,dc=evergreen,dc=edu #idmap backend = ldap:"ldap://adappmode.evergreen.edu:5"; [setup-staging] comment = Local Install Setup path = /setup-staging valid users = @"Network Services GG" @"Admin Computing GG" public = no writable = yes printable = no create mask = 0775 force group = Network Services GG ... more shares... -- -- nsswitch.conf - passwd: files winbind shadow: files group: files winbind hosts: files dns bootparams: files ethers: files netmasks: files networks: files protocols: files rpc:files services: files netgroup: files publickey: files automount: files aliases:files -- -- pam.d/sshd #%PAM-1.0 authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authsufficient/lib/security/$ISA/pam_winbind.so use_first_pass authrequired /lib/security/$ISA/pam_deny.so authrequired pam_nologin.so # # account required /lib/security/$ISA/pam_unix.so broken_shadow account sufficient/lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_winbind.so account required /lib/security/$ISA/pam_permit.so # # passwordrequisite /lib/security/$ISA/pam_cracklib.so retry=3 passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordsufficient/lib/security/$ISA/pam_winbind.so use_authtok passwordrequired /lib/security/$ISA/pam_deny.so # # session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so -- -- tail of var/log/messages -- Jul 25 11:14:25 jamesdirtest winbind: winbindd startup succeeded Jul 25 11:14:25 jamesdirtest smb: smbd startup succeeded Jul 25 11:14:25 jamesdirtest smb: nmbd startup succeeded Jul 25 11:14:41 jamesdirtest smbd[6416]: [2006/07/25 11:14:41, 0] smbd/service.c:set_current_service(51) Jul 25 11:14:41 jamesdirtest smbd[6416]: chdir (/setup-staging) failed Jul 25 11:14:41 jamesdirtest smbd[6416]: [2006/07/25 11:14:41, 0] smbd/service.c:set_current_service(51) Jul 25 11:14:41 jamesdirtest smbd[6416]: chdir (/setup-staging) failed Jul 25 11:15:06 jamesdirtest sshd(pam_unix)[6418]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=jamesdirtest.evergreen.edu user=james_su Jul 25 11:15:06 jamesdirtest pam_winbind[6418]: request failed: Wrong Password, PAM error was 7, NT error was NT_STATUS_WRONG_PASSWORD Jul 25 11:15:06 jam
Re: [Samba] USRMGR and 3.0.23a
Here's the output from 'net groupmap list verbose': Domain Admins SID : S-1-5-21-1882045844-2771900506-1057560041-512 Unix gid : 512 Unix group: Domain Admins Group type: Domain Group Comment : Netbios Domain Administrators Domain Users SID : S-1-5-21-1882045844-2771900506-1057560041-513 Unix gid : 513 Unix group: Domain Users Group type: Domain Group Comment : Netbios Domain Users Domain Guests SID : S-1-5-21-1882045844-2771900506-1057560041-514 Unix gid : 514 Unix group: Domain Guests Group type: Domain Group Comment : Netbios Domain Guests Users Domain Computers SID : S-1-5-21-1882045844-2771900506-1057560041-515 Unix gid : 515 Unix group: Domain Computers Group type: Domain Group Comment : Netbios Domain Computers accounts Administrators SID : S-1-5-32-544 Unix gid : 544 Unix group: Administrators Group type: Well-known Group Comment : Netbios Domain Members can fully administer the computer/sambaDomainName Account Operators SID : S-1-5-32-548 Unix gid : 548 Unix group: Account Operators Group type: Well-known Group Comment : Netbios Domain Users to manipulate users accounts Print Operators SID : S-1-5-32-550 Unix gid : 550 Unix group: Print Operators Group type: Well-known Group Comment : Netbios Domain Print Operators Backup Operators SID : S-1-5-32-551 Unix gid : 551 Unix group: Backup Operators Group type: Well-known Group Comment : Netbios Domain Members can bypass file security to back up files Replicators SID : S-1-5-32-552 Unix gid : 552 Unix group: Replicators Group type: Well-known Group Comment : Netbios Domain Supports file replication in a sambaDomainName faculty SID : S-1-5-21-1882045844-2771900506-1057560041-5001 Unix gid : 2000 Unix group: faculty Group type: Domain Group Comment : students SID : S-1-5-21-1882045844-2771900506-1057560041-3001 Unix gid : 1000 Unix group: students Group type: Domain Group Comment : Unless I'm missing something stupid, I thought this looked correct. -James >>> "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> 07/24/06 10:57 AM >>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Money wrote: > I still have the problem with domain groups in 3.0.23a with the patch listed > on the website applied. The 'net rpc info' command shows(still): > > Domain Name: MATH_CS > Domain SID: S-1-5-21-1882045844-2771900506-1057560041 > Sequence number: 1153750888 > Num users: 5 > Num domain groups: 0 > Num local groups: 0 Remind me what the output of 'net groupmap list verbose' is ? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFExN/bIR7qMdg1EfYRAh6mAJ92nMBuxaIEW4RYF7uR4v0R+ycfwgCglt1M T1lSvTTXOz9us43xSGFWeCQ= =yY7M -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] USRMGR and 3.0.23a
I still have the problem with domain groups in 3.0.23a with the patch listed on the website applied. The 'net rpc info' command shows(still): Domain Name: MATH_CS Domain SID: S-1-5-21-1882045844-2771900506-1057560041 Sequence number: 1153750888 Num users: 5 Num domain groups: 0 Num local groups: 0 -James >>> "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> 07/24/06 8:02 AM >>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: > No. But I have reproduced the error you reported though. > I expect it is specific to ldapsam. Attached is a patch. > For what it's worth, I have no problem running usrmgr.exe > with the one exception noted. I've posted a more complete patch to http://www.samba.org/samba/patches/ There was a problem manipulating local group membership as well as viewing it. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFExLbLIR7qMdg1EfYRAhcGAJ9ORybTX0E6YBBljtFSl/49IpLBBACgsdJB THxJt+O6XQ+Lo8SNVvmjYIU= =LS65 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Re: USRMGR, groups, and ldap
Also, I just checked that if I downgrade to 3.0.22, that the groups start working correctly. Maybe there is something that I need to do to get the groups to work when I go to version 3.0.23? -James >>> "James Money" <[EMAIL PROTECTED]> 07/22/06 8:37 PM >>> usrmgr.exe is located on the local winxp machine's c: drive. However, I don't think this is just an usrmgr.exe issue. If I run 'net rpc info' on the samba server, it returns: Domain Name: MATH_CS Domain SID: S-1-5-21-1882045844-2771900506-1057560041 Sequence number: 1153614529 Num users: 5 Num domain groups: 0 Num local groups: 0 which is wrong for the number of local and domain groups. Also, 'net rpc group' returns no groups as well. -James >>> "Jamrock" <[EMAIL PROTECTED]> 07/21/06 2:52 PM >>> "James Money" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Yes, I see all the ldap groups from the machine. Matter of fact, I have > several machines already using ldap for authentication on the unix side. > > -James > > >>>> "Jamrock" <[EMAIL PROTECTED]> 07/21/06 9:57 AM >>> > "James Money" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] >> I currently have samba version 3.0.23 installed using ldap as the >> backend. I am experiencing the same problems as Holger Wesser > mentioned >> in his posting "USRMGR.exe not working properly". However, it appears >> that the fix of creating the group mappings does not work. They appear >> to be mapped correctly on my setup. My net groupmap list is: >> >> Domain Admins (S-1-5-21-1882045844-2771900506-1057560041-512) -> > Domain >> Admins >> Domain Users (S-1-5-21-1882045844-2771900506-1057560041-513) -> Domain >> Users >> Domain Guests (S-1-5-21-1882045844-2771900506-1057560041-514) -> > Domain >> Guests >> Domain Computers (S-1-5-21-1882045844-2771900506-1057560041-515) -> >> Domain Computers >> Administrators (S-1-5-32-544) -> Administrators >> Account Operators (S-1-5-32-548) -> Account Operators >> Print Operators (S-1-5-32-550) -> Print Operators >> Backup Operators (S-1-5-32-551) -> Backup Operators >> Replicators (S-1-5-32-552) -> Replicators >> >> >> However, there are no groups listed in usrmgr.exe or any of the dialog >> boxes for adding users/groups in XP. The users are listed correctly in >> usrmgr.exe but with none of the group memberships. >> >> In addition, net rpc group members "Administrators" reports: >> Couldn't list alias members >> >> I was hoping for some direction on how to diagnose and correct the >> problem. >> -James > > Can the workstations read the group information from LDAP? This issue > is > sometimes caused by the incorrect configuration of nss_ldap. > > Make sure you can see the ldap group entries when you type > > getent group > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba Is usrmgr.exe located on a share on the Samba server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Re: USRMGR, groups, and ldap
usrmgr.exe is located on the local winxp machine's c: drive. However, I don't think this is just an usrmgr.exe issue. If I run 'net rpc info' on the samba server, it returns: Domain Name: MATH_CS Domain SID: S-1-5-21-1882045844-2771900506-1057560041 Sequence number: 1153614529 Num users: 5 Num domain groups: 0 Num local groups: 0 which is wrong for the number of local and domain groups. Also, 'net rpc group' returns no groups as well. -James >>> "Jamrock" <[EMAIL PROTECTED]> 07/21/06 2:52 PM >>> "James Money" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Yes, I see all the ldap groups from the machine. Matter of fact, I have > several machines already using ldap for authentication on the unix side. > > -James > > >>>> "Jamrock" <[EMAIL PROTECTED]> 07/21/06 9:57 AM >>> > "James Money" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] >> I currently have samba version 3.0.23 installed using ldap as the >> backend. I am experiencing the same problems as Holger Wesser > mentioned >> in his posting "USRMGR.exe not working properly". However, it appears >> that the fix of creating the group mappings does not work. They appear >> to be mapped correctly on my setup. My net groupmap list is: >> >> Domain Admins (S-1-5-21-1882045844-2771900506-1057560041-512) -> > Domain >> Admins >> Domain Users (S-1-5-21-1882045844-2771900506-1057560041-513) -> Domain >> Users >> Domain Guests (S-1-5-21-1882045844-2771900506-1057560041-514) -> > Domain >> Guests >> Domain Computers (S-1-5-21-1882045844-2771900506-1057560041-515) -> >> Domain Computers >> Administrators (S-1-5-32-544) -> Administrators >> Account Operators (S-1-5-32-548) -> Account Operators >> Print Operators (S-1-5-32-550) -> Print Operators >> Backup Operators (S-1-5-32-551) -> Backup Operators >> Replicators (S-1-5-32-552) -> Replicators >> >> >> However, there are no groups listed in usrmgr.exe or any of the dialog >> boxes for adding users/groups in XP. The users are listed correctly in >> usrmgr.exe but with none of the group memberships. >> >> In addition, net rpc group members "Administrators" reports: >> Couldn't list alias members >> >> I was hoping for some direction on how to diagnose and correct the >> problem. >> -James > > Can the workstations read the group information from LDAP? This issue > is > sometimes caused by the incorrect configuration of nss_ldap. > > Make sure you can see the ldap group entries when you type > > getent group > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba Is usrmgr.exe located on a share on the Samba server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: USRMGR, groups, and ldap
Yes, I see all the ldap groups from the machine. Matter of fact, I have several machines already using ldap for authentication on the unix side. -James >>> "Jamrock" <[EMAIL PROTECTED]> 07/21/06 9:57 AM >>> "James Money" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I currently have samba version 3.0.23 installed using ldap as the > backend. I am experiencing the same problems as Holger Wesser mentioned > in his posting "USRMGR.exe not working properly". However, it appears > that the fix of creating the group mappings does not work. They appear > to be mapped correctly on my setup. My net groupmap list is: > > Domain Admins (S-1-5-21-1882045844-2771900506-1057560041-512) -> Domain > Admins > Domain Users (S-1-5-21-1882045844-2771900506-1057560041-513) -> Domain > Users > Domain Guests (S-1-5-21-1882045844-2771900506-1057560041-514) -> Domain > Guests > Domain Computers (S-1-5-21-1882045844-2771900506-1057560041-515) -> > Domain Computers > Administrators (S-1-5-32-544) -> Administrators > Account Operators (S-1-5-32-548) -> Account Operators > Print Operators (S-1-5-32-550) -> Print Operators > Backup Operators (S-1-5-32-551) -> Backup Operators > Replicators (S-1-5-32-552) -> Replicators > > > However, there are no groups listed in usrmgr.exe or any of the dialog > boxes for adding users/groups in XP. The users are listed correctly in > usrmgr.exe but with none of the group memberships. > > In addition, net rpc group members "Administrators" reports: > Couldn't list alias members > > I was hoping for some direction on how to diagnose and correct the > problem. > -James Can the workstations read the group information from LDAP? This issue is sometimes caused by the incorrect configuration of nss_ldap. Make sure you can see the ldap group entries when you type getent group -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] USRMGR, groups, and ldap
I currently have samba version 3.0.23 installed using ldap as the backend. I am experiencing the same problems as Holger Wesser mentioned in his posting "USRMGR.exe not working properly". However, it appears that the fix of creating the group mappings does not work. They appear to be mapped correctly on my setup. My net groupmap list is: Domain Admins (S-1-5-21-1882045844-2771900506-1057560041-512) -> Domain Admins Domain Users (S-1-5-21-1882045844-2771900506-1057560041-513) -> Domain Users Domain Guests (S-1-5-21-1882045844-2771900506-1057560041-514) -> Domain Guests Domain Computers (S-1-5-21-1882045844-2771900506-1057560041-515) -> Domain Computers Administrators (S-1-5-32-544) -> Administrators Account Operators (S-1-5-32-548) -> Account Operators Print Operators (S-1-5-32-550) -> Print Operators Backup Operators (S-1-5-32-551) -> Backup Operators Replicators (S-1-5-32-552) -> Replicators However, there are no groups listed in usrmgr.exe or any of the dialog boxes for adding users/groups in XP. The users are listed correctly in usrmgr.exe but with none of the group memberships. In addition, net rpc group members "Administrators" reports: Couldn't list alias members I was hoping for some direction on how to diagnose and correct the problem. -James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] USRMGR, groups, and ldap
I currently have samba version 3.0.23 installed using ldap as the backend. I am experiencing the same problems as Holger Wesser mentioned in his posting "USRMGR.exe not working properly". However, it appears that the fix of creating the group mappings does not work. They appear to be mapped correctly on my setup. My net groupmap list is: Domain Admins (S-1-5-21-1882045844-2771900506-1057560041-512) -> Domain Admins Domain Users (S-1-5-21-1882045844-2771900506-1057560041-513) -> Domain Users Domain Guests (S-1-5-21-1882045844-2771900506-1057560041-514) -> Domain Guests Domain Computers (S-1-5-21-1882045844-2771900506-1057560041-515) -> Domain Computers Administrators (S-1-5-32-544) -> Administrators Account Operators (S-1-5-32-548) -> Account Operators Print Operators (S-1-5-32-550) -> Print Operators Backup Operators (S-1-5-32-551) -> Backup Operators Replicators (S-1-5-32-552) -> Replicators However, there are no groups listed in usrmgr.exe or any of the dialog boxes for adding users/groups in XP. The users are listed correctly in usrmgr.exe but with none of the group memberships. In addition, net rpc group members "Administrators" reports: Couldn't list alias members I was hoping for some direction on how to diagnose and correct the problem. -James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] winbind periodically does 44 extraneous lookups, causing 10-15 second lag
> winbind enum groups = yes > > Does anyone know why this is happening, and what I could do > to remove or > minimize the initial large delay? I see a similar behavior with the Debian 3.0.14a and 3.0.22 packages. My guess is that you won't see this if you don't enumerate groups. See http://samba.org/samba/docs/man/Samba3-HOWTO/idmapper.html If I understand winbind correctly, your setup is asking winbind to refresh all of the groups, not just ask which groups the user may be a member of. James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
