[Samba] slow perf without winbind nested groups = no and ldpa backend
Helo samba list, We are using a samba (3.0.25b-1.el5_1.2) PDC ( users are in an LDAP backend ). The perfs were bad and there were errors until I set winbind nested groups = no in smb.conf. I saw this post http://lists.samba.org/archive/samba-technical/2005-May/040946.html saying What I would like to do is to make clear that people should always use idmap_ldap when they use ldapsam. I have no needs for winbind and no idmap backend is set. am I wrong ? what is the link with winbind nested groups option ? thanks in advance for your answers. jmp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Samba Translation Dok to German, first file, deutsche Übersetzung Der Samba Doku erste Datei + traduction en francais
I hope we are going to do the same thing in French soon with university students ( DESS traduction Montpellier I will meet then tomorrow )that should be interested by the project. ( I will meet them tomorrow ) The chosen format depends on the student that are going to do the work and theirs teachers. Cheers, J'espère que nous allons faire la même chose en français bientôt avec les étudiants ( DESS traduction de Montpellier que je rencontre demain) qui devraient être intéressés par le projet. Le format choisi dépendra des étudiants et de leurs professeurs. Cordialement Jean-Marc Pouchoulon. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] De la part de Stefan G. Weichinger Envoyé : mardi 11 novembre 2003 11:25 À : [EMAIL PROTECTED] Cc : Bäcker; Hendrik; Schmidt, Jochen Objet : Re: [Samba] Samba Translation Dok to German, first file, deutsche Übersetzung Der Samba Doku erste Datei Hi, Andrew Bartlett, 11. November 2003 um 10:58 you wrote: AB On Tue, 2003-11-11 at 20:32, rruegner wrote: Hi, we decide t make translation in html first, afterwards convert it to other types later. Dont forget its Gnu so anyone can convert it to what ever he wants AB Sounds like a auful lot of work, and the end result won't match the AB original in formatting, and other important aspects. There is a lot of AB extra information in the XML that can't be represented in HTML. AB Given that you are already working in HTML, is the raw XML really that AB much harder to deal with? That way you can ensure that you really are AB just translating the text, and not altering the format, references etc. I have no problem in doing all this work in XML. Right now I am editing the files in my web-editor, changing nothing of the meta-infos that are in. The files on the project page are converted to plain html right now, but we could also use OpenOffice, as suggested, to work in another format. I agree with you that it makes no sense to alter formats without good reasons. regards, Stefan G. Weichinger mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Test Samba 3.0.1pre2 smb panic xp client
Hi , I've just tried Samba 3.0.1pre2 on redhat 9 with xpclient. I can connect ( very slow ) but I have : [2003/11/10 14:37:51, 0] lib/util.c:smb_panic(1400) PANIC: init_unistr2_from_datablob: malloc fail [2003/11/10 14:37:51, 0] lib/util.c:smb_panic(1408) BACKTRACE: 20 stack frames: #0 smbd(smb_panic+0x11c) [0x81bc78c] #1 smbd(init_sam_user_info20A+0x3e) [0x816668e] #2 smbd [0x81341a4] #3 smbd(_samr_query_userinfo+0x2d1) [0x8134671] #4 smbd [0x812be0e] #5 smbd(api_rpcTNP+0x159) [0x81459b9] #6 smbd(api_pipe_request+0xaf) [0x814577f] #7 smbd [0x813ef56] #8 smbd [0x813f2a9] #9 smbd [0x813f6dc] #10 smbd(write_to_pipe+0xf2) [0x813f632] #11 smbd [0x8089f2e] #12 smbd(reply_trans+0x52d) [0x808a8dd] #13 smbd [0x80c7c56] #14 smbd [0x80c7e29] #15 smbd(process_smb+0x8f) [0x80c803f] #16 smbd(smbd_process+0x167) [0x80c8c77] #17 smbd(main+0x4bf) [0x8227b4f] #18 /lib/tls/libc.so.6(__libc_start_main+0xe4) [0x420156a4] #19 smbd(chroot+0x35) [0x8076b91] [2003/11/10 14:37:52, 0] lib/util_sock.c:get_peer_addr(940) No problem for me , I came back to en old rpm I compile from cvs. Jean-marc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Samba3 LDAP Can't join domain with Win2k Pro
I tried to add with a pdbedit -a -uAdministrator -U0 -G0 -d99 I get an error message : Unable to find user... the user must be present in the ldap, pdbedit is going to add the samba attributes. I create an Administrator account in my /etc/passwd and tried again with the pdbedit command, it asked me to type password this time (Woot!!!) but at this end : samba found the user as a unix other. Ok [...] smbldap_open: already connected to the LDAP server ldapsam_modify_entry: Failed to add user dn= uid=Administrator,ou=Users with: No such object ldapsam_add_sam_account: failed to modify/add user with uid = Administrator (dn = uid=Administrator,ou=Users) Unable to add user! (does it already exist?) But in your smb.conf yo have ldap backend, so samba try to find the user in the ldap to add samba attributes. Une idée ? Il faut à samba un utilisateur unix ( soit dans /etc/passwd soit dans l'annuaire avec les attributs posix account positionnés ). Ensuite si tu choisis ldap comme backend samba doit trouver l'utilisateur dans l'annuaire. ( avec ou sans posix account ) En résumé Il y a deux niveaux distincts : 1 au niveau unix ( uid gid shell group dans /etc/passwd ou posixaccount, contrôlé par /etc/nsswitch.conf ) 1 au niveau samba ( dans le cas du backend ldap c'est pdbedit -a qui rajoute les attributs samba nécessaires dans l'annuaire) Dans ton cas ton user administrator existe au niveau unix mais il doit avoir une entrée dans l'annuaire avec uid=administrator. ( pdbedit fait le travail et rajoute les éléments samba nécessaires ) J'espère que c'est plus clair. A way to restart with an empty LDAP may be ? Non thanks all (et specialement Jean Marc) De rien. Jean-Marc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Samba3 LDAP Can't join domain with Win2k Pro
Correction : sn: Administrator uid: Administrator uidNumber: 1000 gidNumber: 513 uidnumber: 0 gidnumber: 0 But this not mandatory. Sambasid = 1000 and Samabagroupsid = 1001 is the important thing for samba. A+ Jean-marc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : RE : [Samba] Samba 3 pre01 security=domain problem to accessfromxpclient
how do you propagate the Unix accounts from your PDCBDC to your member server in order to allow user auth from Samba ? Ldap posixaccount Also, one of the problem I encountered is that I tried to specify an auth methods = string, even when specifying guest, sam. But it failed. So removing it helped a lot. I try to play with that without any success. Could anyone tell me more about security = domain versus security = server ? I found few things but nothing explained in details. I understand only that in security = domain the auth is done One time. The problem is probably on the xp client. Can someone can explain the registry keys involved in communication between sambaAnd xp ? ( for instance, I change only requiresignorseal=dword: and it works well with samba 3 as DC ) Thanks jean-marc -Original Message- From: jean-marc pouchoulon [mailto:[EMAIL PROTECTED] Sent: mercredi 22 octobre 2003 14:54 To: 'jean-marc pouchoulon'; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE : [Samba] Samba 3 pre01 security=domain problem to accessfromxpclient Just one more thing With security = server it works. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ists.samba .org] De la part de jean-marc pouchoulon Envoyé : mercredi 22 octobre 2003 14:50 À : [EMAIL PROTECTED] Cc : [EMAIL PROTECTED] Objet : [Samba] Samba 3 pre01 security=domain problem to access fromxpclient I try to implement a new server using domain auth ( server , pdc , bdc are on redhat 9 samba3pre1) Smb.conf of server: [global] workgroup = DOMAIN netbios name = G4 server string = %h server (Samba %v) security = domain password server = SERV2 SERV3 (PDC and BDC) wins support = no wins proxy = no wins server = ip_address_of_wins_server domain master = no local master = no preferred master = no os level = 0 log level = 99 log file = /var/log/samba/log.%m socket options = TCP_NODELAY IPTOS_LOWDELAY [homes] comment = Espace Partagé pour les utilisateurs browseable = yes path = %H writable = yes create mode = 0700 Net join to DOMAIN was done without problem. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Samba3+ldapsam+Win9x userlist, Bug596?! sniffing info
Thereby sorry for being impolite :-(, but at present I'm running samba 3.0.1pre1 with ldapsam in the production servers, and Win9x clients couldn't get list of users and groups from Samba DCs (Bug596). I have 3 choices: - -- Switch back to 2.2.7 (not very nice:-(, I would need group support for policy) - -- Switch to tdbsam with fam/rsync/ssh-ing password and group mappings (very ugly and error prone :-() - -- Wait, in hope of a solution/workaround Please give me an advice, which one could harm less. Thanks for not shooting me for bore you with my problems. Same questions for me ( luckily the xp client works in my basic conf but I have needs from my win98's users). I can see with ethereal that after the groups name will be return by the server. After there is a 'SMB Transaction Response, Error: General failure' 51 8.613145 serv1 - client SMB Transaction Response 00 00 e8 6e 48 e2 00 07 e9 06 b7 37 08 00 45 10 ...nH..7..E. 0010 01 a0 23 50 40 00 40 06 76 6b ac 1d a0 3e ac 1d [EMAIL PROTECTED]@.vk. 0020 a7 13 00 8b 04 03 cd d9 58 bf 00 19 92 a7 50 18 X.P. 0030 88 e0 e0 f1 00 00 00 00 01 74 ff 53 4d 42 25 00 .t.SMB%. 0040 00 00 00 80 01 c8 00 00 00 00 00 00 00 00 00 00 0050 00 00 01 00 61 20 64 00 82 3c 0a 00 00 3c 01 00 a d... 0060 00 00 00 38 00 00 00 3c 01 38 00 00 00 00 00 3d ...88.= 0070 01 00 05 00 02 03 10 00 00 00 3c 01 00 00 1d 00 ... 0080 00 00 24 01 00 00 00 00 00 00 00 00 00 00 01 00 ..$. 0090 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 02 00a0 00 00 36 00 36 00 01 00 00 00 d7 07 00 00 30 00 ..6.6.0. 00b0 30 00 01 00 00 00 ed 07 00 00 26 00 26 00 01 00 0. 00c0 00 00 03 02 00 00 16 00 16 00 01 00 00 00 1b 00 00d0 00 00 00 00 00 00 1b 00 00 00 41 00 64 00 6d 00 ..A.d.m. 00e0 69 00 6e 00 69 00 73 00 74 00 72 00 61 00 74 00 i.n.i.s.t.r.a.t. 00f0 65 00 75 00 72 00 73 00 20 00 64 00 75 00 20 00 e.u.r.s. .d.u. . 0100 44 00 6f 00 6d 00 61 00 69 00 6e 00 65 00 00 00 D.o.m.a.i.n.e... 0110 00 00 18 00 00 00 00 00 00 00 18 00 00 00 55 00 ..U. 0120 74 00 69 00 6c 00 69 00 73 00 61 00 74 00 65 00 t.i.l.i.s.a.t.e. 0130 75 00 72 00 73 00 20 00 64 00 75 00 20 00 44 00 u.r.s. .d.u. .D. 0140 6f 00 6d 00 61 00 69 00 6e 00 65 00 00 00 13 00 o.m.a.i.n.e. 0150 00 00 00 00 00 00 13 00 00 00 49 00 6e 00 76 00 ..I.n.v. 0160 69 00 74 00 65 00 73 00 20 00 64 00 75 00 20 00 i.t.e.s. .d.u. . 0170 44 00 6f 00 6d 00 61 00 69 00 6e 00 65 00 00 00 D.o.m.a.i.n.e... 0180 00 00 0b 00 00 00 00 00 00 00 0b 00 00 00 73 00 ..s. 0190 6d 00 62 00 6d 00 61 00 63 00 68 00 69 00 6e 00 m.b.m.a.c.h.i.n. 01a0 65 00 00 00 00 00 04 00 00 00 00 00 00 00 e. 52 8.614780 client - serv1 SMB Transaction Request 00 07 e9 06 b7 37 00 00 e8 6e 48 e2 08 00 45 00 .7...nH...E. 0010 00 b8 51 11 40 00 80 06 09 a2 ac 1d a7 13 ac 1d [EMAIL PROTECTED] 0020 a0 3e 04 03 00 8b 00 19 92 a7 cd d9 5a 37 50 18 ...Z7P. 0030 1c d4 51 5a 00 00 00 00 00 8c ff 53 4d 42 25 00 ..QZ...SMB%. 0040 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 0050 00 00 01 00 61 20 64 00 02 3d 10 00 00 3c 00 00 a d..=. 0060 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 50 ...P 0070 00 3c 00 50 00 02 00 26 00 ff 75 49 00 00 5c 00 ..P.uI..\. 0080 50 00 49 00 50 00 45 00 00 00 05 00 00 03 10 00 P.I.P.E. 0090 00 00 3c 00 00 00 1e 00 00 00 24 00 00 00 00 00 .$. 00a0 33 00 00 00 00 00 0c 00 00 00 00 00 00 00 16 99 3... 00b0 97 3f db 5d 00 00 04 00 00 00 00 00 00 00 30 75 .?.]..0u 00c0 00 00 00 e8 03 00 .. 53 8.614790 serv1 - client TCP netbios-ssn 1027 [ACK] Seq=3453573687 Ack=1676087 Win=35040 Len=0 00 00 e8 6e 48 e2 00 07 e9 06 b7 37 08 00 45 10 ...nH..7..E. 0010 00 28 23 51 40 00 40 06 77 e2 ac 1d a0 3e ac 1d .([EMAIL PROTECTED]@.w.. 0020 a7 13 00 8b 04 03 cd d9 5a 37 00 19 93 37 50 10 Z7...7P. 0030 88 e0 c7 77 00 00 ...w.. 54 13.262490 serv1 - client SMB Transaction Response, Error: General failure 00 00 e8 6e 48 e2 00 07 e9 06 b7 37 08 00 45 10 ...nH..7..E. 0010 02 64 23 52 40 00 40 06 75 a5 ac 1d a0 3e ac 1d [EMAIL PROTECTED]@.u.. 0020 a7 13 00 8b 04 03 cd d9 5a 37 00 19 93 37 50 18 Z7...7P. 0030 88 e0 3e ad 00 00 00 00 02 38 ff 53 4d 42 25 03 8.SMB%. 0040 00 1f 00 80 01 88 00 00 00 00 00 00 00 00 00 00 0050 00 00 01 00 61 20 64 00 02 3d 0a 00 00 00 02 00 a d..=.. 0060 00 00 00 38 00 00 00 00 02 38 00 00 00 00 00 01 ...8.8.. 0070 02 00 05 00 02 03 10 00 00 00 68 06 00 00 1e 00 ..h. 0080 00 00 50 06 00 00 00 00 00 00 40 a3
[Samba] Logon path, logon home, logion drive, %u %U samba 3pre1 mix env win 98 and win XP config questions ( easy answers )
I set logon path = \\serv1\profile\%U logon drive = H: logon home = \\serv1\%U\.profiles For a user lambda The profile from the win98 client are store in /home/lambda/.profiles./ But the H drive is mapped for the xp clients on /home/lambda/.profiles./ If I set logon home = \\serv1\%U\ the H drive is set correctly but the profile for the xp is straightly stored in the /home/lambda What I don't understand ? Thanks Jean-Marc Pouchoulon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] smbpasswd problem
I am also unable to add any user other than administrator, if I try this Get_Pwnam_internals didn't find user [user]! Failed initialise SAM_ACCOUNT for user user. Failed to modify password entry for user Does your user exist en /etc/passwd or ldap with posix account attribute? Try pdbedit -a user to add your user. Jean-Marc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 pre01 security=domain problem to access from xpclient
I try to implement a new server using domain auth ( server , pdc , bdc are on redhat 9 samba3pre1) Smb.conf of server: [global] workgroup = DOMAIN netbios name = G4 server string = %h server (Samba %v) security = domain password server = SERV2 SERV3 (PDC and BDC) wins support = no wins proxy = no wins server = ip_address_of_wins_server domain master = no local master = no preferred master = no os level = 0 log level = 99 log file = /var/log/samba/log.%m socket options = TCP_NODELAY IPTOS_LOWDELAY [homes] comment = Espace Partagé pour les utilisateurs browseable = yes path = %H writable = yes create mode = 0700 Net join to DOMAIN was done without problem. From the PDC I can do : smbclient //G4/user -U user%pass smb: \ ls . D0 Wed Oct 22 14:08:53 2003 .. D0 Wed Oct 22 13:06:18 2003 .kde DH0 Wed Oct 22 10:30:07 2003 .bash_logoutH 24 Wed Oct 22 11:15:33 2003 .bash_profile H 191 Wed Oct 22 11:15:33 2003 .bashrc H 124 Wed Oct 22 11:15:33 2003 .gtkrc H 120 Wed Oct 22 11:15:33 2003 .bash_history H5 Wed Oct 22 14:08:53 2003 I try from my xpclient to connect to the g4 server: I have in log : [2003/10/22 14:29:34, 5] auth/auth.c:check_ntlm_password(268) check_ntlm_password: winbind authentication for user [user] FAILED with error NT_STATUS_WRO NG_PASSWORD I can't log and I am suprised to see 'winbind authentication' If I set the server g4 as a BDC there is no problem. I access the home share from xp. Wrong config ? Jean-Marc Pouchoulon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Samba 3 pre01 security=domain problem to access fromxpclient
Just one more thing With security = server it works. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] De la part de jean-marc pouchoulon Envoyé : mercredi 22 octobre 2003 14:50 À : [EMAIL PROTECTED] Cc : [EMAIL PROTECTED] Objet : [Samba] Samba 3 pre01 security=domain problem to access fromxpclient I try to implement a new server using domain auth ( server , pdc , bdc are on redhat 9 samba3pre1) Smb.conf of server: [global] workgroup = DOMAIN netbios name = G4 server string = %h server (Samba %v) security = domain password server = SERV2 SERV3 (PDC and BDC) wins support = no wins proxy = no wins server = ip_address_of_wins_server domain master = no local master = no preferred master = no os level = 0 log level = 99 log file = /var/log/samba/log.%m socket options = TCP_NODELAY IPTOS_LOWDELAY [homes] comment = Espace Partagé pour les utilisateurs browseable = yes path = %H writable = yes create mode = 0700 Net join to DOMAIN was done without problem. From the PDC I can do : smbclient //G4/user -U user%pass smb: \ ls . D0 Wed Oct 22 14:08:53 2003 .. D0 Wed Oct 22 13:06:18 2003 .kde DH0 Wed Oct 22 10:30:07 2003 .bash_logoutH 24 Wed Oct 22 11:15:33 2003 .bash_profile H 191 Wed Oct 22 11:15:33 2003 .bashrc H 124 Wed Oct 22 11:15:33 2003 .gtkrc H 120 Wed Oct 22 11:15:33 2003 .bash_history H5 Wed Oct 22 14:08:53 2003 I try from my xpclient to connect to the g4 server: I have in log : [2003/10/22 14:29:34, 5] auth/auth.c:check_ntlm_password(268) check_ntlm_password: winbind authentication for user [user] FAILED with error NT_STATUS_WRO NG_PASSWORD I can't log and I am suprised to see 'winbind authentication' If I set the server g4 as a BDC there is no problem. I access the home share from xp. Wrong config ? Jean-Marc Pouchoulon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : RE : [Samba] Xp without netbios - few questions with samba 3 - smbldap_open: cannot access LDAP when not root
Thanks for all your answers.
I am not sure how well this would work in the absence of Active
Directory and the AD DNS entries.
The registry entry HKEY_CURRENT_USER/VOLATILE ENVIRONNEMENT store the
LOGONSERVER for a user. With a new user I can't log to the domain.
Tghat's clear now.
The error message smbldap_open: cannot access LDAP when not root.. Has
no explain ? Link with netbios ?
From this it appears you have configured Samba-3 to use ldapsam and
have not provided the administrative password for
LDAP in your secrets.tdb file. Use the smbpasswd command with the '-w'
option to set that.
I am sure that the password is store in secrets.tdb.
In fact the problem happens every time I search for a group in my xp
client (I found the group):
So no link with netbios.
ldapsam_search_one_group: searching
for:[((objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-1
-XXX-XXX-513))]
[2003/10/14 16:50:03, 0] lib/smbldap.c:smbldap_open(799)
smbldap_open: cannot access LDAP when not root..
In smbldap.c I found :
#ifndef NO_LDAP_SECURITY
if (geteuid() != 0) {
DEBUG(0, (smbldap_open: cannot access LDAP when not
root..\n));
return LDAP_INSUFFICIENT_ACCESS;
}
#endif
Bug ?
Jean-Marc Pouchoulon.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Samba 3 Production
In production for two month( ldap backend - Redhat 9). It is stable in that configuration. Few minor questions and problems, but it works. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] De la part de Bert Rapp Envoyé : mardi 21 octobre 2003 0:06 À : [EMAIL PROTECTED] Objet : [Samba] Samba 3 Production Is anyone using Samba 3 in a production environment? If so what version and how stable is it? -- Bert Rapp North Trail RV Center 239.693.8200 __ There are 10 types of people in this world, those who understand binary and those who don't. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Samba3 LDAP Can't join domain with Win2k Pro
You must have for each users uid and gid store in local /etc/passwd or in ldap. But you must have them elsewhere. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] De la part de Nicko Envoyé : lundi 20 octobre 2003 23:18 À : [EMAIL PROTECTED] Objet : [Samba] Samba3 LDAP Can't join domain with Win2k Pro Hy all, I tried since 2 weeks ... Still doesn't work... With Win98 Client it work perflectly but i can't join with Win2k Pro. Same message in Win2k Client : username or password incorrect. I try with root / Administrator / new account / everything... I change password for root / Administrator. My config : - RedHat 9.0 - Samba 3.0 - OpenLDAP 2.0 (RPM from RH9) - Populating the OpenLDAP schema with the smbldap-tools from IdealX (0.8.1) and smbldap-useradd to create users. - Linux is configured to use LDAP too for users accounts (authconfig) And it's seems that NT user must exist in Linux box (useradd), i dont understand why ... Any idea ? Thanks Nicko -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Samba3 LDAP Can't join domain with Win2k Pro
Bonsoir, So when i create an user account with the script from IdealX (smbldap-useradd.pl), i can log with this user on my Linux Box it's normal, but if i want to use this account on Samba Network i have to create the same account in /etc/passwd with useradd ? use pdbedit -a username to add samba attribute to the user ( the user must exist in the backend - ldap for me ). So i have to create a root account too in my Ldap ? And an Administrator Account in my /etc/passwd ? Have a look at http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html In the [SAMBA_3_0] and [HEAD] only a few basic entries are required: nobody and administrator BUT an account with uidNumber=0 (root or administrator) MUST be present if you need add XP/W2K ws. The reason: an administrative account is demanded in the ws side in the join process, and that account must have a uidNumber=0 in the unix world. Remember that in the ldapsam backend the rid mapping is algorthmic based: rid='2*uidNumber+1000' and primaryGroup='2*uidNumber+100+1', so a root or any administrative account must have a rid of 1000, and a sambaSID like: sambaSID: S-1-5-21-298858960-1863792627-3661451959-1000 sambaPrimaryGroupSID: S-1-5-21-298858960-1863792627-3661451959-1001 The root/administrator (uidNumber=0) SHOULD be present in the NT's Admins group (rid=512). Jean-Marc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Xp without netbios - few questions with samba 3 - smbldap_open: cannot access LDAP when not root
Hi, On samba 3 winserver enabled On xp I can work with smb on 2 ways 1 ) smb over tcpip without netbios. I was suprised because I can logged onto the domain. Xp client found the primary domain controler. I am not able to add permissions ( only the local machine domain is visible ). How xp client found the DC ( cache DC name on the client , wins answer on port 445 ?) 2 ) smb over netbios. Samba works with port 139. Ok clear for me. 2 bis ) smb over netbios with value coming from the dhcp. I was also suprised that samba use port 445. It's true that the only parameter is the netbios node type (h-node). It works. But why 1) way is not working to retrieveusers? I can see in the log : [2003/10/20 15:00:49, 0] lib/smbldap.c:smbldap_open(799) smbldap_open: cannot access LDAP when not root.. I have this message only in this case. Jean-Marc Pouchoulon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Xp without netbios - few questions with samba 3 - smbldap_open: cannot access LDAP when not root
Bonsoir John Refer to the Samba-HOWTO-Collection.pdf - chapter 10.3.2, see also chapter 6.2.5.2. On review of the information I refer you to above, it is clear that we need to provide more information. I guess that means there is more writing to be done. :( I Read them carefully ( and cris hertel book implementing cifs too), but maybe I misunderstood or you misunderstood my basic english. New formula for my question : I have no windows 2000 dns , how the xp client found the domain if it has no netbios layer? using wins ? I think wins was working on port tcp 137 and was linked with netbios. No netbios no wins no ? No wins no DC ? The error message smbldap_open: cannot access LDAP when not root.. Has no explain ? Link with netbios ? jean-marc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : RE : RE : RE : [Samba] samba-3 PDC BDC fail-over with 2LDAPserversfails
Rpm found : openldap-2.0.27-8 nss_ldap-202-5 ldd /usr/sbin/smbd libcom_err.so.3 = /usr/kerberos/lib/libcom_err.so.3 (0x40027000) libk5crypto.so.3 = /usr/kerberos/lib/libk5crypto.so.3 (0x40029000) libkrb5.so.3 = /usr/kerberos/lib/libkrb5.so.3 (0x40039000) libgssapi_krb5.so.2 = /usr/kerberos/lib/libgssapi_krb5.so.2 (0x40098000) liblber.so.2 = /usr/lib/liblber.so.2 (0x400ab000) libldap.so.2 = /usr/lib/libldap.so.2 (0x400b6000) libcups.so.2 = /usr/lib/libcups.so.2 (0x400e1000) libssl.so.4 = /lib/libssl.so.4 (0x400fb000) libcrypto.so.4 = /lib/libcrypto.so.4 (0x4013) libnsl.so.1 = /lib/libnsl.so.1 (0x40222000) libcrypt.so.1 = /lib/libcrypt.so.1 (0x40237000) libpam.so.0 = /lib/libpam.so.0 (0x40264000) libresolv.so.2 = /lib/libresolv.so.2 (0x4026c000) libdl.so.2 = /lib/libdl.so.2 (0x4027e000) libpopt.so.0 = /usr/lib/libpopt.so.0 (0x40282000) libc.so.6 = /lib/tls/libc.so.6 (0x4200) libsasl.so.7 = /usr/lib/libsasl.so.7 (0x4028b000) libz.so.1 = /usr/lib/libz.so.1 (0x40296000) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000) libgdbm.so.2 = /usr/lib/libgdbm.so.2 (0x402a4000) ldd /usr/sbin/nmbd libcrypt.so.1 = /lib/libcrypt.so.1 (0x40027000) libresolv.so.2 = /lib/libresolv.so.2 (0x40054000) libnsl.so.1 = /lib/libnsl.so.1 (0x40066000) libdl.so.2 = /lib/libdl.so.2 (0x4007c000) libpopt.so.0 = /usr/lib/libpopt.so.0 (0x4008) libcom_err.so.3 = /usr/kerberos/lib/libcom_err.so.3 (0x40088000) libk5crypto.so.3 = /usr/kerberos/lib/libk5crypto.so.3 (0x4008a000) libkrb5.so.3 = /usr/kerberos/lib/libkrb5.so.3 (0x4009a000) libgssapi_krb5.so.2 = /usr/kerberos/lib/libgssapi_krb5.so.2 (0x400f8000) liblber.so.2 = /usr/lib/liblber.so.2 (0x4010b000) libldap.so.2 = /usr/lib/libldap.so.2 (0x40117000) libc.so.6 = /lib/tls/libc.so.6 (0x4200) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000) libsasl.so.7 = /usr/lib/libsasl.so.7 (0x40142000) libssl.so.4 = /lib/libssl.so.4 (0x4014d000) libcrypto.so.4 = /lib/libcrypto.so.4 (0x40182000) libgdbm.so.2 = /usr/lib/libgdbm.so.2 (0x40274000) libpam.so.0 = /lib/libpam.so.0 (0x4027b000) libz.so.1 = /usr/lib/libz.so.1 (0x40283000) Does this give you what you want ? -Message d'origine- De : Andrew Bartlett [mailto:[EMAIL PROTECTED] Envoyé : mercredi 15 octobre 2003 8:55 À : jean-marc pouchoulon Cc : 'Andrew Bartlett'; [EMAIL PROTECTED] Objet : Re: RE : RE : RE : [Samba] samba-3 PDC BDC fail-over with 2LDAPserversfails On Wed, 2003-10-15 at 16:50, jean-marc pouchoulon wrote: It is quite possible that your LDAP libs do not support that syntax. What exactly is the version are you using? Netscape Directory server 4.16. I mean on the client - the libraries that Samba links against. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : RE : [Samba] samba-3 PDC BDC fail-over with 2 LDAP serversfails
Bonsoir Andrew, I've just tried to test failover with the two syntax. I use ssh tunnel to connect to ldapserver ( using 127.0.0.1 ) With passdb backend = ldapsam:ldap://127.0.0.1:10389/, ldapsam:ldap://127.0.0.1:13389, guest it works after more slowly but it works. I think after 8 times as I can see in log: Connection to LDAP Server failed for the 8 try! [2003/10/13 17:53:36, 0] lib/smbldap.c:smbldap_search(924) smbldap_search: LDAP server is down! [2003/10/13 17:53:36, 0] lib/smbldap.c:smbldap_search_suffix(1075) smbldap_search_suffix: Problem during the LDAP search: (unknown) (Can't contact LDAP server) [2003/10/13 17:53:36, 0] passdb/pdb_ldap.c:ldapsam_setsampwent(939) ldapsam_setsampwent: LDAP search failed: Can't contact LDAP server [2003/10/13 17:53:36, 2] lib/smbldap.c:smbldap_search_suffix(1066) smbldap_search_suffix: searching for:[((uid=*)(objectclass=sambaSamAccount))] [2003/10/13 17:53:39, 2] passdb/pdb_ldap.c:ldapsam_setsampwent(948) ldapsam_setsampwent: 1388 entries in the base! As I can see in the log , samba try to connect at every stage to the first ldapserver ( there is multiple 'Connection to LDAP Server failed for the 8 try!' ) with this syntax : passdb backend = ldapsam:ldap://127.0.0.1:10389 ldap://127.0.0.1:13389;, guest I am not able to connect to the domain second ldap if I stop the first one. I try to search '8 try' in my old cvs samba code without success. The rpm source is different. Thanks for your previous answers. Jean-Marc. -Message d'origine- De : Andrew Bartlett [mailto:[EMAIL PROTECTED] Envoyé : vendredi 10 octobre 2003 10:12 À : jean-marc pouchoulon Cc : 'Rauno Tuul'; [EMAIL PROTECTED] Objet : Re: RE : [Samba] samba-3 PDC BDC fail-over with 2 LDAP serversfails On Tue, 2003-10-07 at 19:58, jean-marc pouchoulon wrote: PDC (also master-ldap) smb.conf passdb backend = ldapsam:ldaps://master-ldap.lan ldapsam:ldaps://slave-ldap.lan Beware of the comma : use passdb backend = ldapsam:ldaps://master-ldap.lan, ldapsam:ldaps://slave-ldap.lan, guest Nope. The comma doesn't matter. passdb backend = ldapsam:ldaps://ldap1 ldaps://ldap2 is what you want. That way, OpenLDAP gets to process the 'ldap url' in whatever way they like - which is how we get this support. BTW, the first ldap server in that list should be the 'closest' server, as OpenLDAP will bind it that first. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Can't add machine account with 3.0.0; ldapsam backend (RESENT)
# pdbedit -v -a -m -u tardis
ldapsam_modify_entry: Failed to add user dn=
uid=tardis$,ou=Machines,dc=amazing-internet,dc=net with: Object class
violation
object class 'sambaSamAccount' requires attribute 'sambaSID'
Did you create the machine account in /etc/passwd or in ldap
before using pdbedit ?
Extract from a python script I've done what am I doing in the ldap
before pdbedit -a -m.
def cre_ldif_machine(last_uidnumber):
Cette fonction crée un fichier d'enregistrement ldap d'un
compte machine pour samba
sys.stdout = open('/etc/samba/bin/machine.ldif', 'w')
print dn: uid=%s,ou=pc,o=test,c=fr % sys.argv[1]
print objectclass: account
print objectclass: posixaccount
print objectclass: shadowaccount
print uid:%s % sys.argv[1]
print cn: Samba machine %s % sys.argv[1]
print uidnumber: %s %last_uidnumber
print gidnumber:504
print homedirectory:/dev/null
print loginshell:/bin/false
sys.stdout.close()
Are you sure to have the right object class and attribute ?
Jean-Marc
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Can't add machine account with 3.0.0; ldapsam backend (RESENT)
they sould be created on the fly as they were with 3.0.0beta1. As I can see, with 3.0 stable this is not done. pdbedit -a -m testonsddd$ -D99 ... ldapsam_modify_entry: Failed to add user dn= uid=testonsddd$,ou=pc,o=g,c=fr with: Object c lass violation But a AddMachine script make it for me without any problem. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Machine accounts
Can someone clarify how do I add machine accounts and user accounts? Do they have to exist already in /etc/passwd? Pdbedit is reading your smb.conf and specially the backend you choose. What is your backend in smb.conf ? I think your are using ldapbackend. Machine account must exist in /etc/passwd or on ldap.( as user accounts ) With ldap pdbedit is going to the job , if the ldap record exist ( pdbedit just add samba attribute ), both for users and machine. Smbpasswd continue to work with 3.0 version. Hope this help Jean-Marc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : RE : [Samba] Winbind ldap samba 3 BDC getent passwd
Bonjour,
On Samba3 rpm, redhat 9
I decided to do a strace on a 'getent passwd' command and have a
look.
(Wbinfo -u and wbinfo -g works )
I can see a time out.
connect(5, {sa_family=AF_UNIX,
path=/var/cache/samba/winbindd_privileged/pipe}, 110) = 0
close(4)= 0
select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout)
ls -al /var/cache/samba/winbindd_privileged/pipe
srwxrwxrwx1 root root0 oct 13 13:37
/var/cache/samba/winbindd_privileged/pipe
What is the role of winbindd_privileged/pipe ?
I have a few problem with redhat 9 , unlinked with samba , does
winbind work on other site with RH 9 ?
thanks
Jean-Marc
Whole trace :
read(3, , 4096) = 0
open(/etc/ld.so.cache, O_RDONLY) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=62909, ...}) = 0
old_mmap(NULL, 62909, PROT_READ, MAP_PRIVATE, 4, 0) = 0x40279000
close(4)= 0
open(/lib/libnss_winbind.so.2, O_RDONLY) = 4
read(4, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260\20...,
512) = 512
fstat64(4, {st_mode=S_IFREG|0755, st_size=13828, ...}) = 0
old_mmap(NULL, 22236, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) =
0x40295000
old_mmap(0x40298000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
4, 0x3000) = 0x40298000
old_mmap(0x40299000, 5852, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40299000
close(4)= 0
munmap(0x40279000, 62909) = 0
getpid()= 2069
getpid()= 2069
getpid()= 2069
lstat64(/tmp/.winbindd, {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
lstat64(/tmp/.winbindd/pipe, {st_mode=S_IFSOCK|0777, st_size=0, ...})
= 0
socket(PF_UNIX, SOCK_STREAM, 0) = 4
fcntl64(4, F_GETFD) = 0
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
connect(4, {sa_family=AF_UNIX, path=/tmp/.winbindd/pipe}, 110) = 0
getpid()= 2069
getpid()= 2069
select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout)
write(4, \6\0\0\0\0\0\0\25\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0...,
1568) = 1568
read(4, \24\5\0\0\1\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0...,
1300) = 1300
getpid()= 2069
getpid()= 2069
select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout)
write(4, \6\0\0(\0\0\0\25\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0...,
1568) = 1568
read(4, 9\5\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0...,
1300) = 1300
read(4, /var/cache/samba/winbindd_privil..., 37) = 37
lstat64(/var/cache/samba/winbindd_privileged, {st_mode=S_IFDIR|0750,
st_size=4096, ...}) = 0
lstat64(/var/cache/samba/winbindd_privileged/pipe,
{st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
socket(PF_UNIX, SOCK_STREAM, 0) = 5
fcntl64(5, F_GETFD) = 0
fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
connect(5, {sa_family=AF_UNIX,
path=/var/cache/samba/winbindd_privileged/pipe}, 110) = 0
close(4)= 0
select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout)
write(5, \6\0\0\6\0\0\0\25\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0...,
1568) = 1568
read(5, \24\5\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0...,
1300) = 1300
getpid()= 2069
getpid()= 2069
select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout)
write(5, \6\0\0\10\0\0\0\25\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0...,
1568) = 1568
read(5, \24\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0...,
1300) = 1300
close(3)= 0
munmap(0x40024000, 4096)= 0
getpid()= 2069
getpid()= 2069
select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout)
write(5, \6\0\0\7\0\0\0\25\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0...,
1568) = 1568
read(5, \24\5\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0...,
1300) = 1300
munmap(0x40025000, 4096)= 0
exit_group(0)
-Message d'origine-
De :
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] De la part de jean-marc pouchoulon
Envoyé : jeudi 2 octobre 2003 9:15
À : 'Gerald (Jerry) Carter'
Cc : [EMAIL PROTECTED]
Objet : RE : [Samba] Winbind ldap samba 3 BDC getent passwd answerdon't
retrieve domain users,can't login on the domain with users that are not
on /ect/passwd + typoerror ?
Hi ,
I've just upgraded to the last samba rpm on a redhat 9 and I
have a new problem on winbind wbinfo -u and wbinfo -g this time don't
return user or group. getent passwd don't return the users but I think
this time it's a direct inheritance of the previous line.
I can see in the log a 'lookupsid' with an unknow sid number
I can suppose this sid number come from the install ( net getlocalsid
and netgetlocalsid DOMAIN give
RE : RE : [Samba] samba-3 PDC BDC fail-over with 2 LDAP serversfails
I can't test it very well in a prod env, but if i stop one ( the first in order ) ldap server and I made a research with my xp PC , I have no result. But I use nestcape directory server. Jean-Marc -Message d'origine- De : Andrew Bartlett [mailto:[EMAIL PROTECTED] Envoyé : vendredi 10 octobre 2003 10:12 À : jean-marc pouchoulon Cc : 'Rauno Tuul'; [EMAIL PROTECTED] Objet : Re: RE : [Samba] samba-3 PDC BDC fail-over with 2 LDAP serversfails On Tue, 2003-10-07 at 19:58, jean-marc pouchoulon wrote: PDC (also master-ldap) smb.conf passdb backend = ldapsam:ldaps://master-ldap.lan ldapsam:ldaps://slave-ldap.lan Beware of the comma : use passdb backend = ldapsam:ldaps://master-ldap.lan, ldapsam:ldaps://slave-ldap.lan, guest Nope. The comma doesn't matter. passdb backend = ldapsam:ldaps://ldap1 ldaps://ldap2 is what you want. That way, OpenLDAP gets to process the 'ldap url' in whatever way they like - which is how we get this support. BTW, the first ldap server in that list should be the 'closest' server, as OpenLDAP will bind it that first. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] samba-3 PDC BDC fail-over with 2 LDAP servers fails
PDC (also master-ldap) smb.conf passdb backend = ldapsam:ldaps://master-ldap.lan ldapsam:ldaps://slave-ldap.lan Beware of the comma : use passdb backend = ldapsam:ldaps://master-ldap.lan, ldapsam:ldaps://slave-ldap.lan, guest Jean-Marc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] How to solve samba passwd expiration??
Thanks It's solve my problem too, but
Pdbedit -L user gave :
Password can change: lun, 06 oct 2003 16:13:21 GMT
Password must change: ven, 13 déc 1901 21:45:51 GMT
If I use another time
pdbedit -v -P 'maximum password age' -C 100
After a smbpasswd I have :
Password can change: lun, 06 oct 2003 16:13:00 GMT
Password must change: lun, 06 oct 2003 16:14:40 GMT
And I must change my password at every connection.
Bug ?
-Message d'origine-
De :
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] De la part de Gerald (Jerry) Carter
Envoyé : lundi 6 octobre 2003 16:08
À : [EMAIL PROTECTED]
Cc : [EMAIL PROTECTED]
Objet : Re: [Samba] How to solve samba passwd expiration??
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Zhao You Bing wrote:
| Now my samba 3.0 will give passwd expiration message about 2-3 week
| and it does nothing with the unix passwd age, Is there a solution
| now??
|
Remove the ${lockdir}/account_policy.tdb
cheers, jerry
~ --
~ Hewlett-Packard- http://www.hp.com
~ SAMBA Team -- http://www.samba.org
~ GnuPG Key http://www.plainjoe.org/gpg_public.asc
~ You can never go home again, Oatman, but I guess you can shop there.
~--John Cusack - Grosse Point Blank (1997)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/gXdNIR7qMdg1EfYRAkKMAKDapsGt9SFAwx+n55BlHuJmSNN3awCeNK6m
Dm5Q7kijWT2ZNc0ZwHAmlNc=
=D/3g
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Password is expired at every connexion Samba 3 stable redhat9
Hi, My password expired at every connexion. I use pdbedit pdbedit -P 'maximum password age' -C 100 to force the max password age. account policy value for maximum password age was 100 account policy value for maximum password age is now 100 I can't use it to resolve my own user problem. pdbedit -r -P 'maximum password age' -C 100 Username not specified! (use -u option) then pdbedit -rv -P 'maximum password age' -C 100 -u user give me Incompatible or insufficient options on command line! Usage: [OPTION...] This is not coherent or I don't understand. I can change directly the date in the ldap , but at every smbpasswd user the expire date change to immediatly. Thanks in advance for your help. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Create machine account samba 3 - can I delete machine in /etc/passwd ( I use ldap backend ) ?
Hi, The idea is to avoid to have machines accounts in /etc/passwd and store all on the ldap. I must have a machine account in /etc/passwd ( normal way ) to create the account with pdbedit -a -m machine_account. In fact once it is created , I can delete the account in the localmachine and machine can connect without any problems. ( the account stay only in the ldap ). I 've done it. What kind of probleme can I have if I delete account machines in the /etc/passwd ? There is no attribute of posix account object store in the ldap for the machine . Must I create them ? Jean-Marc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Winbind ldap samba 3 BDC getent passwd answer don't retrieve domain users, can't login on the domain with users that are not on /ect/passwd + typo error ?
:49, 10] nsswitch/winbindd.c:client_write(502) client_write: wrote 1300 bytes. [2003/10/02 08:08:49, 10] nsswitch/winbindd.c:winbind_client_read(455) client_read: read 1568 bytes. Need 0 more for a full request. [2003/10/02 08:08:49, 10] nsswitch/winbindd.c:process_request(305) process_request: request fn GETPWNAM [2003/10/02 08:08:49, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(112) [ 1945]: getpwnam toto [2003/10/02 08:08:49, 5] nsswitch/winbindd_acct.c:wb_getpwnam(392) wb_getpwnam: Did not find user (toto) [2003/10/02 08:08:49, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(124) winbindd_getpwnam: lookup for \toto failed [2003/10/02 08:08:49, 10] nsswitch/winbindd.c:client_write(502) client_write: wrote 1300 bytes. [2003/10/02 08:09:01, 5] lib/smbldap.c:smbldap_close(856) The connection to the LDAP server was closed [2003/10/02 08:09:01, 5] sam/idmap_ldap.c:ldap_idmap_close(982) The connection to the LDAP server was closed [2003/10/02 08:09:01, 10] nsswitch/winbindd.c:winbind_client_read(455) client_read: read 0 bytes. Need 1568 more for a full request. [2003/10/02 08:09:01, 5] nsswitch/winbindd.c:winbind_client_read(462) read failed on sock 9, pid 1914: EOF -Message d'origine- De : Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Envoyé : mercredi 1 octobre 2003 0:32 À : jean-marc pouchoulon Cc : [EMAIL PROTECTED] Objet : Re: [Samba] Winbind ldap samba 3 BDC getent passwd answer don't retrieve domain users, can't login on the domain with users that are not on /ect/passwd + typo error ? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jean-marc pouchoulon wrote: | Helo, | | On redhat 9 - samba 3 stable - Using the rpm from 24 september. | I try to configure a bdc. | | Smb.conf is : | | idmap backend = ldap:ldap://ip_address | ldap idmap suffix = ou=personnes,ou=ac-ville,ou=educ | winbind uid = 1-2 | winbind gid = 1-2 | # allow enumeration of winbind users and groups | winbind enum users = yes | winbind enum groups = yes | # give winbind users a real shell (only needed if they have | telnet access) | template shell = /bin/bash | | | wbinfo -u and -g are working. | | Nsswitch.conf is : | | passwd: files winbind | shadow: files | group: files winbind | | | But getent passwd and getent group did give back only the users | located in /etc/passwd and /etc/group There's a buh in the RPM for RedHat 9 that doesn't create the symlink to /lib/libnss_winbind.so.2. I'll build new RPMS this week. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ You can never go home again, Oatman, but I guess you can shop there. ~--John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/egRJIR7qMdg1EfYRAk6EAJ4w2/VrMvtQJu2elsAD9nL/LlnUXwCgwnfP Rv8CN3cCW0vOtxjw70kC0Ls= =gCnF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] winbind and getent - fix ...
Thanks for your answer. But it didn't work. There is no ldap request except for user with posix account. ( I can see these users using getent ) I think there is no appeal by libnss library to winbind but I don't understatnd why. Jean-marc -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] De la part de C.Lee Taylor Envoyé : vendredi 26 septembre 2003 12:31 À : [EMAIL PROTECTED]; [EMAIL PROTECTED] Objet : [Samba] winbind and getent - fix ... Greetings ... Sorry for cross posting, but I have seen this problem on both lists ... Okay, I am not sure if this is a problem only on RedHat using the rpm, because I tried only with rpm installations ... Install Samba3 from rom on RedHat 9. Configure and join domain, kewl. Test winbind with wbinfo -u and -g, also kewl, but no answer from getent passwd ... put in winbind in nsswitch.conf in the right places. Finally found that the rpm was not installing/creating the sym-link in /lib from libnss_winbind.so to libnss_winbind.so.2 ... after this, I was able to getent passwd ... Hope this helps. Thanks Mailed Lee -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
TR : RE : [Samba] winbind and getent - fix ...
But it didn't work. Was this, to do with winbind and getent passwd? Wbinfo -u -g works( list users's domain), getent passwd don't give me back info on user's domain. ( just local users in /etc/passwd and ldap users with posix account set) There is no ldap request except for user with posix account. ( I can see these users using getent ) I don't think there will be any LDAP requested when doing a getent passwd with winbind, but I could be wrong .. I use ldapbackend for idmap. Maybe I don't understand the whole process. I don't think this was meant for me, but I if it's the problem that I had, on RedHat 9 using the rpm from the Samba.org webpage, then do ... cd /lib ln -s libnss_winbind.so libnss_winbind.so.2 I did without any result And make sure that you have winbind at the end of the line passwd, group and hosts in /etc/nsswitch.conf, ie ... passwd: files winbind group: files winbind I've Done it. I'v got Passwd: files winbind ldap If I delete all except winbind, no users were return by getent passwd. It's certainly not a samba problem, but I don't understand why there is no calls to winbind library. Jean-Marc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind ldap samba 3 BDC getent passwd answer don't retrieve domain users, can't login on the domain with users that are not on /ect/passwd + typo error ?
Helo, On redhat 9 - samba 3 stable - Using the rpm from 24 september. I try to configure a bdc. Smb.conf is : idmap backend = ldap:ldap://ip_address ldap idmap suffix = ou=personnes,ou=ac-ville,ou=educ winbind uid = 1-2 winbind gid = 1-2 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes # give winbind users a real shell (only needed if they have telnet access) template shell = /bin/bash wbinfo -u and -g are working. Nsswitch.conf is : passwd: files winbind shadow: files group: files winbind But getent passwd and getent group did give back only the users located in /etc/passwd and /etc/group On login with a user that don't have local entry I have init_sam_from_ldap: Entry found for user: test1 [2003/09/25 11:30:41, 1] auth/auth_util.c:make_server_info_sam(818) User test1 in passdb, but getpwnam() fails! [2003/09/25 11:30:41, 0] auth/auth_sam.c:check_sam_security(459) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2003/09/25 11:30:41, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: Authentication for user [test1] - [test1] FAILED with error NT_STATUS_N O_SUCH_USER [2003/09/25 11 Do I must create the user in local ? I want to use winbind to avoid it. Any help would be greatly appreciated. Ps Maybe , there is a typo error on the Samba Project Documentation. P69 idmapbackend = ldapsam:ldap://slave-ldap.quenya.org If use ldapsam instead of ldap I have [2003/09/25 13:25:25, 0] sam/idmap.c:idmap_init(136) idmap_init: could not load remote backend 'ldapsam'. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Re: Winbind ldap samba 3 BDC getent passwd answer don'tretrieve domain users, can't login on the domain with users that are not on /ect/passwd
I going to remove the rpm and try the last cvs, bug ?: Wed Sep 24 01:24:13 2003 1d 13h 26m ago fixing a bug in the retry loop for winbindd_pam_auth[_crap]() Author: jerry Modified: source/nsswitch/winbindd_pam.c -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Samba 3 as PDC with LDAP as passwd backend
So what should I add the the LDAP server to make a proper PDC ? Here it is. dn: sambaDomainName=DOMAIN,o=,c=Country sambadomainname: DOMAIN sambaalgorithmicridbase: 1000 objectclass: sambaDomain creatorsname: cn=Directory Master createtimestamp: 20030818142849Z sambasid: S-1-5-21-XX-XXX- modifiersname: cn=Directory Master modifytimestamp: 20030818171356Z I didn't create this. I think (not sure) pdbedit -a create it when you add the first user. Jean-Marc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : RE : [Samba] Samba 3 as PDC with LDAP as passwd backend
net getlocalsid gives : SID for domain WOODY is: S-1-5-21-3032950689-949544758-3596382992 what is the answer of net getlocalsid YOURDOMAINNAME command. This is the sid of the domain. It seems that domain name sid and local name sid can/must? be the same on the PDC. I learnt that two machines on the same network can't have the same sid, so on the PDC sid of the domain and sid of the server must be different. ( if I am wrong tell it to me please ) BTW, is it true that if I use 'pdbedit + the LDAP backend', I don't need smbpasswd for account management(and I don't need to create local unix accounts?) and probably that I don't even need pdbedit other than the initial setup as I can use the NT frondend ? You may have your user on a ldap directory ( with nss-ldap) or in /etc/passwd but the users must be present elsewhere.( I remenbered in a mail something like getuid must resolve for samba ) Jean-Marc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] need of a user root in ldap ?
Yes you must, use it to add workstation in domain. SambaSid = siddom-1001 (uid=0 ) Jean-marc -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] De la part de Antoine Jacoutot Envoyé : mardi 16 septembre 2003 13:49 À : [EMAIL PROTECTED] Objet : [Samba] need of a user root in ldap ? Hi ! Is there the need for a root account when using samba-3.0+ldap ? I'm asking this because I cannot add XP workstations to the domain (I made the registry changes), I get an access denied. Under NT, there's no problem, it does not even ask for a login/password as long as the workstation account is created in samba. With XP, I use a user account who is also part of the admins group, but as I said, I get an access denied. Any idea ? Thanks. Antoine -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] need of a user root in ldap ?
So, my question is: why do I have to create a posix user root since my system (/etc/passwd) already has one root ? I though just creating the samba user would be enough... samba reads backend nor /etc/passwd, isn't it ? So root can be in /etc/passwd and he must be in a backend. Jean-Marc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Multiple ldap backend on the same PDC - samba 3 rc3 ?
helo passdb backend= ldapsam:ldap://ip-one/, ldapsam:ldap://ip-two/, guest Will give you two backends. I 'm sorry but no, I've go can't contact ldapserver on my logs if I stop the ldap server with ip-one address. If I use two lines passdb backend= ldapsam:ldap://ip-one/,guest passdb backend= ldapsam:ldap://ip-two/,guest testparm don't say nothing and in my own opinion only the second line is parse. With the cache mechanism on xp client , I am not able to see if it works et whitch ldap server answer. You cab specify the backend if you use the 'pdbedit' tool. eg: pdbedit -Lv -b ldapsam:ldap://ip-two/ will use the second backend. Ok thanks Jean-marc Pouchoulon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] domain admin and primarygroupSID
I'm using samba-3.0RC3. I just figured out that if I wanted a user to be a Domain Admin, his primarygroupSID had to be the group mapped to Domain Admins (sid=512). Is there a way to just add the user to the admin group without modifying his primarygroupSID ? If I understand well your question, just add him to the domain group in the /etc/group/ on your unix system. I've just made a doc in french on sambaRC3. If you want it, I can send it. Jean-marc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] samba 3.0 with ldap / sambaSID
Hello, I'm lloking for a way to convert my company's existing samba2.2 ldap backed service to samba 3.0. What's particulary making me curious is the sambaSID. As I've read it is the unique identifier of a PDC in the windows world. So, how does samba3 generate this? Is it supposed to be changed by the admin or is it determined by samba on the first startup? Any pointer to a doc describing this in more depth would be apreciated. I think the ldif provide here is generated on the first creation account with pdbedit -a dn: sambaDomainName=DOMAIN,o=,c=fr sambadomainname: DOMAIN sambaalgorithmicridbase: 1000 objectclass: sambaDomain creatorsname: cn=dir manager createtimestamp: 20030818142849Z sambasid: S-1-5-21-XX-XXX- modifiersname: cn=Directory Manager modifytimestamp: 20030818171356Z You can find sid domain with : net getlocalsid DOMAINE_NAME SID for domain DOMAIN is: S-1-5-21-XX-XXX-XX He is different from localsid on the same machine: net getlocalsid SID for domain SERV1 is: S-1-5-21-X-- As I migrate fron an alpha version , I change it straighly in the ldap directory. I didn't find any command to change it on the ldap server except an ldapmodify. There is also a command that go back on the last sid. I have a doc ... In french. Jean-Marc Pouchoulon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : RE : [Samba] samba 3.0 with ldap / sambaSID
The Domain SID and the PDC SID will be the same. Here is the output of these on my PDC: frodo:~ # net getlocalsid SID for domain FRODO is: S-1-5-21-1593769616-160655940-3590153233 frodo:~ # net getlocalsid MIDEARTH SID for domain MIDEARTH is: S-1-5-21-1593769616-160655940-3590153233 Something is not clear for me. If local sid and domain sid are the same , what are you doing on BDC ? ( put the same local sid and domain sid on the BDC as on the PDC ? ) Jean-Marc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple ldap backend on the same PDC - samba 3 rc3 ?
How can I have multiple backend on one samba pdc. Samba seems to accept this two lines in the smb.conf. passdb backend = ldapsam:ldap://ip-one/,guest passdb backend = ldapsam:ldap://ip-two/,guest With the cache mechanism on xp client , I am not able to see if it works et whitch ldap server answer. What is the best way to have Multiple ldap backend on the same PDC ? Is it possible. Good week-end. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Bugzilla Bug 232 on samba 3 rc2 - urgent
Hi , We use redhat 8 . Samba is 3rc2 Smb.conf is workgroup = TEST server string = %h server (Samba %v) null passwords = Yes passdb backend = ldapsam:ldap://X.X.X.X /,guest passwd program = /usr/bin/sudo /usr/local/samba/bin/ldapsync.pl %u passwd chat = *Envoyez* %n\n *modifying*entry* unix password sync = Yes log level = 2 log file = /var/log/samba/%m.log name resolve order = wins lmhosts host bcast time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY printcap name = cups machine password timeout = 345600 logon script = logon.bat logon path = \OUTILS\samba\profile\%U domain logons = Yes os level = 64 local master = Yes domain master = Yes [2003/09/05 14:30:18, 0] lib/util_sock.c:get_socket_addr(919) getpeername failed. Error was Noeud final de transport n'est pas connecté( getpeername failed. Error was Transport endpoint is not connected ) [2003/09/05 14:30:18, 5] smbd/reply.c:reply_special(142) init msg_type=0x81 msg_flags=0x0 [2003/09/05 14:30:18, 0] lib/util_sock.c:write_socket_data(388) write_socket_data: write failure. Error = Connexion ré-initialisée par le correspondant [2003/09/05 14:30:18, 0] lib/util_sock.c:write_socket(413) We cant often connect to the DOMAIN. There is a bug 322 assigned to jerry. https://bugzilla.samba.org/show_bug.cgi?id=232. On samba 3b3. Any way to patch or use a tangent behaviour ? Any help would be greatly appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE : Samba 3rc1 cannot add group LDAP error: (Insufficientaccess)
Compiling the last cvs source it works now. Thanks ? to developpers. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE : Samba 3rc1 cannot add group LDAP error: (Insufficientaccess)
Sorry too fast, In fact it works from allow samba group to access to a share. But in mmc I can't add a domain group to the local group. Can someone test that on his own site to confirm? thanks -Message d'origine- De : jean-marc pouchoulon [mailto:[EMAIL PROTECTED] Envoyé : jeudi 28 août 2003 16:39 À : 'jean-marc pouchoulon'; '[EMAIL PROTECTED]' Cc : 'eddie herren'; '[EMAIL PROTECTED]' Objet : RE : Samba 3rc1 cannot add group LDAP error: (Insufficient access) Compiling the last cvs source it works now. Thanks ? to developpers. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3rc1 cannot add group LDAP error: (Insufficientaccess)
Helo,
I am on red hat 8
Compilation is just ./configure
I cannot add any group on an xp client ( I can show the , net groupmap
is correct )
logs are:
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(Insufficient access)ld
apsam_search_one_group: searching
for:[((objectClass=sambaGroupMapping)(gidNumber=1615))]
Coming from smbldap.c
#ifndef NO_LDAP_SECURITY
if (geteuid() != 0) {
DEBUG(0, (smbldap_open: cannot access LDAP when not
root..\n));
return LDAP_INSUFFICIENT_ACCESS;
}
#endif
There is no problem to add users.
Thanks for your help.
Jean-Marc Pouchoulon
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Samba 3rc1 cannot add group LDAP error:(Insufficientaccess)
More infos: I disabled the test , same result , other logs. ldapsam_search_one_group: searching for:[((objectClass=sambaGroupMapping)(|(displayName=Domai n Admins)(cn=Domain Admins)))] [2003/08/27 09:46:03, 2] passdb/pdb_ldap.c:init_group_from_ldap(1677) Entry found for group: 512 [2003/08/27 09:46:03, 0] groupdb/mapping.c:init_group_mapping(139) Failed to open group mapping database [2003/08/27 09:46:03, 0] groupdb/mapping.c:get_domain_group_from_sid(509) failed to initialize group mappingsmbldap_search_suffix: searching for:[((uid=Domain Admins)( objectclass=sambaSamAccount))] [2003/08/27 09:46:03, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1631) ldapsam_search_one_group: searching for:[((objectClass=sambaGroupMapping)(|(displayName=Domai n Admins)(cn=Domain Admins)))] I forget to say that we use netscape directory 4. Jean-marc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] pdbedit -i ldapsam -e tdbsam 'failed to bind to server withdn=' smbldap.c
Ldapsam on netscape 4 directory server System Red hat 8 Except adding group from xp client ( see my last message ) all is working well [EMAIL PROTECTED] source]# pdbedit -i ldapsam -e tdbsam Searching for:[((objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[((objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened Searching for:[((objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[((objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened Searching for:[((objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[((objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened failed to bind to server with dn= Error: Can't contact LDAP server (unknown) Connection to LDAP Server failed for the 1 try! smbldap_open_connection: connection opened failed to bind to server with dn= Error: Can't contact LDAP server (unknown) Thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Samba rc1 problem : PANIC: failed to create UCS2 buffer/usr/local/samba/sbin/nmbd(smb_panic+0xfc) [0x80ae680]
The last patch on cvs had fixed the accent problem. Thanks to the developper. Jean-marc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Error joining samba 3.0rc1 domain
I get the following error trying to join domain: The following error occured attempting to join the domain SAMBA: No mapping between account named and security ID's was done. Did you have that kind of record in your ldap directory : ldapsearch '((objectClass=sambaDomain)(sambaDomainName=TEST))' dn: sambaDomainName=TEST,o=gouvern,c=fr sambadomainname: TEST sambaalgorithmicridbase: 1000 objectclass: sambaDomain sambasid: S-1-5-21-XXX I had the same error message. The domain SID was different from client installation issue from former version. So check your sid. Jean-marc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Samba rc1 problem : PANIC: failed to create UCS2 buffer/usr/local/samba/sbin/nmbd(smb_panic+0xfc) [0x80ae680]
I Think I've got the origin of the problem : Samba doesn't like french accent. We have a workgroup sib réseau every time I clicked on it or every time name resolution is asking a computer name on that workgroup. We have : Received a packet of len 201 from (172.29.160.5) port 138 Conversion error: Illegal multibyte sequence(SEAU) PANIC: failed to create UCS2 buffer BACKTRACE: 12 stack frames: #0 /usr/local/samba/sbin/nmbd(smb_panic+0xfc) [0x80ae680] #1 /usr/local/samba/sbin/nmbd(unix_strupper+0x81) [0x809e70d] #2 /usr/local/samba/sbin/nmbd(strupper_m+0x48) [0x80a8c80] #3 /usr/local/samba/sbin/nmbd [0x8065c75] #4 /usr/local/samba/sbin/nmbd(find_name_on_subnet+0x19) [0x8065db9] #5 /usr/local/samba/sbin/nmbd [0x806a37a] #6 /usr/local/samba/sbin/nmbd [0x806a3b3] #7 /usr/local/samba/sbin/nmbd(run_packet_queue+0x5d) [0x806ae09] #8 /usr/local/samba/sbin/nmbd(strftime+0x177b) [0x805f1a7] #9 /usr/local/samba/sbin/nmbd(main+0x394) [0x805f798] #10 /lib/libc.so.6(__libc_start_main+0xa9) [0x4021239d] #11 /usr/local/samba/sbin/nmbd(chroot+0x31) [0x805e34d] Aborted I think the error Illegal multibyte sequence(SEAU) is in coherence with that explain. I changed the name of the workgroup. For instance there is no problem. The referenced bug is probably different. Thanks for your help. Jean-marc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba rc1 problem : PANIC: failed to create UCS2 buffer/usr/local/samba/sbin/nmbd(smb_panic+0xfc) [0x80ae680]
Helo , System : redhat 8 DS: netcape 4.16 Samba version : RC1. I am upgrading from samba3b3. Everything ( except changing passwd for user xp pro PC and I try to use rc1 to resolve ) seems ok in beta 3. On rc1 I Can't connect For a few second I can do : nmblookup -S l1serv2 added interface ip=172.29.160.100 bcast=172.29.167.255 nmask=255.255.248.0 querying l1serv2 on 172.29.167.255 Got a positive name query response from 172.29.160.100 ( 172.29.160.100 ) 172.29.160.100 l1serv200 Looking up status of 172.29.160.100 L1SERV2 00 - H ACTIVE L1SERV2 03 - H ACTIVE L1SERV2 20 - H ACTIVE RECT00 - GROUP H ACTIVE RECT1b - H ACTIVE RECT1c - GROUP H ACTIVE RECT1e - GROUP H ACTIVE And after a few seconds there is no answer: And I can see in logs [2003/08/19 17:36:05, 3] nmbd/nmbd_winsserver.c:wins_process_name_refresh_request(483) wins_process_name_refresh_request: Name refresh for name SIB R~PSEAU1e IP 172.29.160.27 [2003/08/19 17:36:05, 0] lib/charcnv.c:convert_string_allocate(272) Conversion error: Illegal multibyte sequence(~PSEAU) [2003/08/19 17:36:05, 0] lib/util.c:smb_panic(1462) PANIC: failed to create UCS2 buffer [2003/08/19 17:36:05, 0] lib/util.c:smb_panic(1469) BACKTRACE: 12 stack frames: #0 /usr/local/samba/sbin/nmbd(smb_panic+0xfc) [0x80ae680] #1 /usr/local/samba/sbin/nmbd(unix_strupper+0x81) [0x809e70d] #2 /usr/local/samba/sbin/nmbd(strupper_m+0x48) [0x80a8c80] #3 /usr/local/samba/sbin/nmbd [0x8065c75] #4 /usr/local/samba/sbin/nmbd(find_name_on_subnet+0x19) [0x8065db9] #5 /usr/local/samba/sbin/nmbd(wins_process_name_refresh_request+0xe4) [0x806fca4] #6 /usr/local/samba/sbin/nmbd [0x806acb3] #7 /usr/local/samba/sbin/nmbd(run_packet_queue+0x85) [0x806ae31] #8 /usr/local/samba/sbin/nmbd(strftime+0x177b) [0x805f1a7] #9 /usr/local/samba/sbin/nmbd(main+0x394) [0x805f798] #10 /usr/local/samba/sbin/nmbd(__libc_start_main+0xa4) [0x420158d4] #11 /usr/local/samba/sbin/nmbd(chroot+0x31) [0x805e34d] And I am not able to connect to the domain Smb.conf is [global] workgroup = RECT netbios name = l1serv2 server string = %h server (Samba %v) passwd program = /usr/local/samba/bin/ldapsync.pl %u passwd chat = *Envoyez* %n\n *modifying*entry* unix password sync = yes log level = 2 log file = /var/log/samba/%m.log name resolve order = wins lmhosts host bcast time server = Yes dns proxy = yes socket options = TCP_NODELAY IPTOS_LOWDELAY logon script = logon.bat ;logon script = %U.bat ldap passwd sync = no logon path = \OUTILS\samba\profile\%U security = user encrypt passwords = yes null passwords = yes guest ok = no domain master = Yes local master = no domain logons = Yes os level = 32 wins support = yes # options pour LDAP ldap admin dn = cn=Directory Manager ldap ssl = off passdb backend = ldapsam:ldap://X.X.X.X/ ldap machine suffix = ou=pcdom,o=gouvern,c=fr ldap user suffix = ou= ENo=gouverv,c=fr ldap suffix = o=gouvern,c=fr Any help would be greatly appreciated. Jean-Marc Pouchoulon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Find Samba beta ldap schema for netscape directory server 4
Helo, Does anyone made ldap schema's samba 3 beta for netscape directory 4 ? Jean-Marc Pouchoulon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 302 alpha 2 PDC- set sid for the second server - smbgroupedit- net setlocalsid command
Hi, I had two logon server on Samba 302alpha on a domain DOM to provide failover environment. With smbgroupedit I can map domain group but I must using net setlocalsid MY-SID-DOMAIN on the second server to map the same domains groups with domain SID on the two server. On the other hands I can see net rpc getsid command that fetch the domain sid into the local secrets.tdb. If I set a localSID, different from domainSID i have: smbgroupedit -s pdb_generate_sam_sid: Mismatched SIDs as a pdc/bdc. Is there is a problem to have identical local sid on two differents server ? Does I use the good way to provide failover? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] samba 302 alpha cupsaddmdriver failed
Answering to myself. Using rpcclient 227a version with smbserver 30alpha2 provides the same error. I've made un mistake it works.( except on ldap parameter coming with 302 alpha ) Ignoring unknown parameter passdb backend Unknown parameter encountered: ldap machine suffix Ignoring unknown parameter ldap machine suffix Unknown parameter encountered: ldap user suffix Ignoring unknown parameter ldap user suffix cmd = setdriver lx98 lx98 Succesfully set lx98 to driver lx98. bug with 302alpha ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
