[Samba] force user broken - 3.2.11
Last month, I updated to Fedora 10 with samba 3.2.11-0.30.fc10 via a complete reinstall. Using x86-64. We are now experiencing a problem on a share with the force user parameter. [zz] comment = Test Share path = /home/zz force user = zzadminp create mask = 0770 directory mask = 0770 The primary group of zzadminp above is admplus. If user markoren with primary group ntadmin writes a file to the above share, the file owner is markoren and the file group is admplus. -rwxrw 1 markoren admplus 94 2009-05-12 19:51 MAOtestfilezz8.txt Samba is setting the primary group of the forced user properly, but is not setting the forced user as the owner. Mark Orenstein East Granby School System (USA) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Version 3.2.0pre3-9.fc9 smbclient problem
I recently installed Fedora 9 for use as a squid server. We use smb_auth basic authorization and have run into a problem with it. I believe that I have tracked the problem down to smbclient when the USER environmental variable contains the userid and password. smb_auth.sh in squid uses the USER environmental variable. Below are test results for Version 3.0.28a-0.fc8 and Version 3.2.0pre3-9.fc9. Note that typing in the password or putting it on the command line works for both versions. However, USER="smbauth%test1234" fails with Version 3.2.0pre3-9.fc9 [EMAIL PROTECTED] ~]$ smbclient -V Version 3.0.28a-0.fc8 [EMAIL PROTECTED] ~]$ USER="smbauth" [EMAIL PROTECTED] ~]$ smbclient "//hssrv01/netlogon" -c "get proxyauth -" Password: Domain=[EGHSLIB] OS=[Unix] Server=[Samba 3.0.28a-0.fc8] allow getting file \proxyauth of size 6 as - (5.9 kb/s) (average 5.9 kb/s) [EMAIL PROTECTED] ~]$ smbclient "//hssrv01/netlogon" test1234 -c "get proxyauth -" Domain=[EGHSLIB] OS=[Unix] Server=[Samba 3.0.28a-0.fc8] allow getting file \proxyauth of size 6 as - (5.9 kb/s) (average 5.9 kb/s) [EMAIL PROTECTED] ~]$ USER="smbauth%test1234" [EMAIL PROTECTED] ~]$ export USER [EMAIL PROTECTED] ~]$ smbclient "//hssrv01/netlogon" -c "get proxyauth -" Domain=[EGHSLIB] OS=[Unix] Server=[Samba 3.0.28a-0.fc8] allow getting file \proxyauth of size 6 as - (5.9 kb/s) (average 5.9 kb/s) [EMAIL PROTECTED] ~]$ [EMAIL PROTECTED] ~]$ smbclient -V Version 3.2.0pre3-9.fc9 [EMAIL PROTECTED] ~]$ USER="smbauth" [EMAIL PROTECTED] ~]$ smbclient "//hssrv01/netlogon" -c "get proxyauth -" Enter smbauth's password: Domain=[EGHSLIB] OS=[Unix] Server=[Samba 3.0.28a-0.fc8] allow getting file \proxyauth of size 6 as - (6.0 kb/s) (average inf kb/s) [EMAIL PROTECTED] ~]$ smbclient "//hssrv01/netlogon" test1234 -c "get proxyauth -" Domain=[EGHSLIB] OS=[Unix] Server=[Samba 3.0.28a-0.fc8] allow getting file \proxyauth of size 6 as - (6.0 kb/s) (average inf kb/s) [EMAIL PROTECTED] ~]$ USER="smbauth%test1234" [EMAIL PROTECTED] ~]$ export USER [EMAIL PROTECTED] ~]$ smbclient "//hssrv01/netlogon" -c "get proxyauth -" session setup failed: NT_STATUS_LOGON_FAILURE [EMAIL PROTECTED] ~]$ Mark Orenstein East Granby, CT, USA School System -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Version 3.2.0pre3-9.fc9 smbclient problem
I recently installed Fedora 9 for use as a squid server. We use smb_auth basic authorization and have run into a problem with it. I believe that I have tracked the problem down to smbclient when the USER environmental variable contains the userid and password. smb_auth.sh in squid uses the USER environmental variable. Below are test results for Version 3.0.28a-0.fc8 and Version 3.2.0pre3-9.fc9. Note that typing in the password or putting it on the command line works for both versions. However, USER="smbauth%test1234" fails with Version 3.2.0pre3-9.fc9 [EMAIL PROTECTED] ~]$ smbclient -V Version 3.0.28a-0.fc8 [EMAIL PROTECTED] ~]$ USER="smbauth" [EMAIL PROTECTED] ~]$ smbclient "//hssrv01/netlogon" -c "get proxyauth -" Password: Domain=[EGHSLIB] OS=[Unix] Server=[Samba 3.0.28a-0.fc8] allow getting file \proxyauth of size 6 as - (5.9 kb/s) (average 5.9 kb/s) [EMAIL PROTECTED] ~]$ smbclient "//hssrv01/netlogon" test1234 -c "get proxyauth -" Domain=[EGHSLIB] OS=[Unix] Server=[Samba 3.0.28a-0.fc8] allow getting file \proxyauth of size 6 as - (5.9 kb/s) (average 5.9 kb/s) [EMAIL PROTECTED] ~]$ USER="smbauth%test1234" [EMAIL PROTECTED] ~]$ export USER [EMAIL PROTECTED] ~]$ smbclient "//hssrv01/netlogon" -c "get proxyauth -" Domain=[EGHSLIB] OS=[Unix] Server=[Samba 3.0.28a-0.fc8] allow getting file \proxyauth of size 6 as - (5.9 kb/s) (average 5.9 kb/s) [EMAIL PROTECTED] ~]$ [EMAIL PROTECTED] ~]$ smbclient -V Version 3.2.0pre3-9.fc9 [EMAIL PROTECTED] ~]$ USER="smbauth" [EMAIL PROTECTED] ~]$ smbclient "//hssrv01/netlogon" -c "get proxyauth -" Enter smbauth's password: Domain=[EGHSLIB] OS=[Unix] Server=[Samba 3.0.28a-0.fc8] allow getting file \proxyauth of size 6 as - (6.0 kb/s) (average inf kb/s) [EMAIL PROTECTED] ~]$ smbclient "//hssrv01/netlogon" test1234 -c "get proxyauth -" Domain=[EGHSLIB] OS=[Unix] Server=[Samba 3.0.28a-0.fc8] allow getting file \proxyauth of size 6 as - (6.0 kb/s) (average inf kb/s) [EMAIL PROTECTED] ~]$ USER="smbauth%test1234" [EMAIL PROTECTED] ~]$ export USER [EMAIL PROTECTED] ~]$ smbclient "//hssrv01/netlogon" -c "get proxyauth -" session setup failed: NT_STATUS_LOGON_FAILURE [EMAIL PROTECTED] ~]$ Mark Orenstein East Granby, CT, USA School System -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain Member Server pam_mkhomedir help
Thanks to a reply yesterday by Udo Rader, I have been trying to get pam_mkhomedir working to automatically create home directories on a domain member server (DMS). I have not been successful getting the home directory automatically created. Note that if I manually allocate the home directory for a user, the user is successful in logging in and using the home directory so I think my samba DMS setup is correct. The DMS setup is Fedora 8 64 bit and samba 3.0.28 connecting to a similar samba PDC. selinux is disabled. Below is a part of smb.conf, /etc/pam.d/system-auth and the log output Any help/suggestions are appreciated smb.conf security = domain idmap domains = EGHSLIB idmap config EGHSLIB:backend = rid idmap config EGHSLIB:range = 1 - 4 idmap config EGHSLIB:baserid = 1000 template homedir = /home/%U /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired pam_env.so authsufficientpam_unix.so nullok try_first_pass authrequisite pam_succeed_if.so uid >= 500 quiet authrequired pam_deny.so account required pam_unix.so account sufficientpam_localuser.so account sufficientpam_succeed_if.so uid < 500 quiet account required pam_permit.so passwordrequisite pam_cracklib.so try_first_pass retry=3 passwordsufficientpam_unix.so md5 shadow nullok try_first_pass use_authtok passwordrequired pam_deny.so session required /lib64/security/pam_mkhomedir.so skel=/etc/skel umask=0077 # session required pam_mkhomedir.so skel=/etc/skel umask=0077 session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so /var/lib/messages Apr 8 07:59:06 mssrv01 winbindd[2785]: [2008/04/08 07:59:06.957241, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache() Apr 8 07:59:06 mssrv01 winbindd[2785]: initialize_winbindd_cache: clearing cache and re-creating with version number 1 Apr 8 08:03:09 mssrv01 smbd[2825]: [2008/04/08 08:03:09.745144, 0] smbd/service.c:make_connection_snum(1003) Apr 8 08:03:09 mssrv01 smbd[2825]: '/home/maoms08' does not exist or permission denied when connecting to [maoms08] Error was No such file or directory Apr 8 08:03:46 mssrv01 smbd[2830]: [2008/04/08 08:03:46.314890, 0] smbd/service.c:make_connection_snum(1003) Apr 8 08:03:46 mssrv01 smbd[2830]: '/home/maoms08' does not exist or permission denied when connecting to [maoms08] Error was No such file or directory Apr 8 08:03:50 mssrv01 smbd[2830]: [2008/04/08 08:03:50.711436, 0] smbd/service.c:make_connection_snum(1003) Apr 8 08:03:50 mssrv01 smbd[2830]: '/home/maoms08' does not exist or permission denied when connecting to [maoms08] Error was No such file or directory -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain Member Server /home/user creation - help needed
For almost 10 years our school has been using samba as a PDC to provide a network drive for each of our students,. Now I need to install a domain member server (DMS) to share the load. I am running samba 3.0.28 on Fedora 7 using the tdbsam backend on the PDC. I have successfully brought up a samba DMS using winbind and the idmap_rid backend. I want to have all new students use the DMS for their roaming profiles and for their network drive. Upon first logon of a new user, a directory is automatically created for the user in the profile share on the DMS. However, I dont know how to cause the home directory to be created on the DMS for the network drive. On XP Pro, the user home share shows up on the DMS, but is not accessible because the directory does not exist. If at this point, I copy the roaming profile directory for the user (which is empty) to the home directory, then the home directory is now present with the proper ownership and the home drive is now usable by the user. e.g. on the DMS, with userid mark cp a /var/samba/profiles/mark /home The [homes] share on the DMS is [homes] Path = /home/%U comment = Home Directories browseable = no writable = yes available = yes public = no So my question is how can I get the home directory for a user created with the proper ownership the first time the user signs in? Is there any kind of script that can be invoked on the DMS? Is there any way winbind can create the home directory when it creates the UID/GID for the user? Mark Orenstein East Granby, CT School System -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SID Question/Issue
Since about 1998 we have been running a samba PDC to serve student PC's in our high school and middle school. We also have had a backup server, normally not running samba, which rsyncs from the samba PDC several times per day. If we have a failure and needed to get the backup running, it is a simple script basically changing the IP address and activating samba on the backup server. Now we want to turn the backup server into a domain member server which I assume means that it needs its own SID. So the question is how do I create a new SID? Is there a utility or should I uninstall/reinstall samba? Or is there another way? We still are simple and use smbpasswd. Mark Orenstein East Granby, CT School System -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.23a Cannot join network
Today, I updated our samba PDC from 3.0.22-1.fc5 to 3.0.23a-1.fc5.1 and I can no longer add XP Pro PC's to the domain. I am still using the smbpasswd support. Prior to this update(this morning), I had no problem adding PC's to the domain. The message that I get at the client is "The user name cannot be found". I see that the passwd file has been updated with the machine name and the smbpasswd file has also been updated with the machine name. However, in the entry in the smbpasswd file, there is no password information in either password field. I would expect that the second password field would have a password in it. The first two entries were created with 22 while the last was created with 23a with the error message at the client. crxp15$:2109::5C3C18C8FA7E287A00EC5120384D0F8E:[W ]:LCT-44D0ED49: crxp16$:2110::6ED17F35BD8C6E658C376829E5516156:[W ]:LCT-44D0ED83: TEGX260XPXX$:2111:::[DW ]:LCT-: I ended up bringing down the server and bringing up it's backup (it's summer and no one is at school right now) which still had 3.0.22-1.fc5 on it and had no problem with the PC joining the domain. The smb.conf file has not changed for several months. Also, selinux is in permissive mode on 23a. Any help is appreciated. Mark Orenstein East Granby, CT, USA School System -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Bugzilla 190298 - kernel oplocks issue
Hi Jeremy, Please see bugzilla bug 190298 at bugzilla.redhat.com. Dave Jones comment is below. "if this is the case, the samba developers (who know a lot more about what's going on with this issue than I do) should bring this up upstream, as the Fedora kernel has no changes in this area to the best of my knowledge, and this is far more likely to get this resolved quicker." In the meantime, I have put in kernel oplocks = no in all our samba servers and this has circumvented the hangs. Besides Mavis typing, we have also run into this problem with another lab package and kernel oplocks = no has also circumvented the hang for this other package. Regards, Mark Orenstein East Granby (CT,USA) School System -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd/oplock.c:oplock_timeout_handler(375) after samba
> On Fri, Apr 28, 2006 at 10:12:05AM -0400, [EMAIL PROTECTED] > wrote: >> > On Mon, Apr 24, 2006 at 05:14:14PM -0400, >> [EMAIL PROTECTED] >> > wrote: >> >> I recently upgraded from samba 3.0.10-1.fc3 to 3.0.21b-2 running on >> FC5. >> >> Today was the first day of a typing class which uses the network >> version >> >> of Mavis Beacon Typing which depends on file sharing. >> >> >> >> The users are hanging and then getting an error message during >> logging >> >> into the product. In /var/log/message, I can see the following >> message >> >> for each user similar to: >> >> >> >> >> >> [2006/04/24 09:45:24.177906, 0] >> >> smbd/oplock.c:oplock_timeout_handler(375) >> >> Oplock break failed for file mavis/Mavis15EEVNet/Mav15UserData/Ali >> >> Johnson.rec -- replying anyway >> >> >> >> Each user has a different filename for the above message. >> >> >> >> Below is the smb.conf share. Note the force user. >> > >> > I would suggest upgrading to 3.0.22 as there were some fixes >> > in this area. >> > >> > Jeremy. >> > >> Hi Jeremy, >> >> Last night I updated to Version 3.0.22-1.fc5. Kernel is >> 2.6.15-1.2054_FC5. >> I reenabled oplocks on the mavis share and when the class tried to >> execute >> the Mavis typing program, it again locked up. >> >> Based on Leonid Zeitlin's note in a similar thread, I then disabled >> kernel >> oplocks and had the class try again. They were all able to get in with >> no >> oplock errors on the log. >> >> The only software accessing these files is samba so I question whether >> it >> is a kernel problem. Also, with kernel oplocks = no, the oplocks on >> logon.bat have disappeared. > > No, it is a kernel problem - Samba is about the only application > that *uses* the kernel lease mechanism so it's not suprising that > only we notice. I'm guessing FC5 has a bug here. > > Jeremy. > Ok. So do I report it or does the samba team report it to the Fedora project. Mark Orenstein East Granby (CT,USA) School System -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd/oplock.c:oplock_timeout_handler(375) after samba
> On Mon, Apr 24, 2006 at 05:14:14PM -0400, [EMAIL PROTECTED] > wrote: >> I recently upgraded from samba 3.0.10-1.fc3 to 3.0.21b-2 running on FC5. >> Today was the first day of a typing class which uses the network version >> of Mavis Beacon Typing which depends on file sharing. >> >> The users are hanging and then getting an error message during logging >> into the product. In /var/log/message, I can see the following message >> for each user similar to: >> >> >> [2006/04/24 09:45:24.177906, 0] >> smbd/oplock.c:oplock_timeout_handler(375) >> Oplock break failed for file mavis/Mavis15EEVNet/Mav15UserData/Ali >> Johnson.rec -- replying anyway >> >> Each user has a different filename for the above message. >> >> Below is the smb.conf share. Note the force user. > > I would suggest upgrading to 3.0.22 as there were some fixes > in this area. > > Jeremy. > Hi Jeremy, Last night I updated to Version 3.0.22-1.fc5. Kernel is 2.6.15-1.2054_FC5. I reenabled oplocks on the mavis share and when the class tried to execute the Mavis typing program, it again locked up. Based on Leonid Zeitlin's note in a similar thread, I then disabled kernel oplocks and had the class try again. They were all able to get in with no oplock errors on the log. The only software accessing these files is samba so I question whether it is a kernel problem. Also, with kernel oplocks = no, the oplocks on logon.bat have disappeared. Regards, Mark Orenstein East Granby (CT,USA) School System -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbd/oplock.c:oplock_timeout_handler(375) after samba upgrade
I recently upgraded from samba 3.0.10-1.fc3 to 3.0.21b-2 running on FC5. Today was the first day of a typing class which uses the network version of Mavis Beacon Typing which depends on file sharing. The users are hanging and then getting an error message during logging into the product. In /var/log/message, I can see the following message for each user similar to: [2006/04/24 09:45:24.177906, 0] smbd/oplock.c:oplock_timeout_handler(375) Oplock break failed for file mavis/Mavis15EEVNet/Mav15UserData/Ali Johnson.rec -- replying anyway Each user has a different filename for the above message. Below is the smb.conf share. Note the force user. [MAVISTYPE] comment = Mavis Beacon Typing available = yes path = "/home/mavistype" public = no guest only = no writable = yes browseable = yes only user = no force user = mavistype As a workaround, I have added the following to the share and will know tomorrow (Tuesday) whether it worked. csc policy = disable oplocks = no level2 oplocks = no I don't know why this oplock break is occuring because to the best of my knowledge, each user is using a separate file. I really need some help here. In searching the log, I also noticed the following has occured multiple times since the upgrade /var/log/messages and in several /var/log/samba/log. files. Apr 24 07:28:40 hssrv01 smbd[11138]: [2006/04/24 07:28:40.384041, 0] smbd/oplock.c:oplock_timeout_handler(375) Apr 24 07:28:40 hssrv01 smbd[11138]: Oplock break failed for file logon.bat -- replying anyway The netlogon share is below. Note that it omits share modes = no [netlogon] path = /home/netlogon writeable = no guest only = no Could either of these possibly be related to the "reset on zero vc" parameter? When did this parameter go into samba? Mark Orenstein East Granby (CT, USA) School System -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3.0.1 - can't join new XP Pro pc to domain]
When adding machines to a Samba-2.2 controlled domain, the add user script was used to create the UNIX identity of the Machine Trust Account. Samba-3 introduces a new add machine script that must be specified for this purpose. Samba-3 will not fall back to using the add user script in the absence of an add machine script. > We have a very simple samba PDC setup using smbpasswd. About 10 days > ago, I migrated from RH8/Samba2.2.7 to Fedora/Samba3.0.1 successfully. > Now all morning, I've been trying to add another XP Pro PC to the > domain without success. The following message appears after typing in > the root id/password as part of joining the domain. > > The following error occured attempting to join the domain "JAVA" The > user name could not be found. > > In /var/log/samba, after doing this, I now see a zero length > log.PCNAME file and a zero length log.192.168.3.72 file. where the ip > address is that of the pc. > > I am successful in joining this PC to another domain which is still > 2.2.7. > > When I migrated, I did not change any entries in smb.conf. This PC > has the registry SignOrSeal patch applied. In smb.conf, I have the > following statement > > add user script = /usr/sbin/useradd -d /dev/null -g machines -c > 'Machine Account' -s /bin/false -M %u > > which again was carried forward from samba2.2.7. > > Please help. > > Mark Orenstein > East Granby, CT School System > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3.0.1 - can't join new XP Pro pc to domain
We have a very simple samba PDC setup using smbpasswd. About 10 days ago, I migrated from RH8/Samba2.2.7 to Fedora/Samba3.0.1 successfully. Now all morning, I've been trying to add another XP Pro PC to the domain without success. The following message appears after typing in the root id/password as part of joining the domain. The following error occured attempting to join the domain "JAVA" The user name could not be found. In /var/log/samba, after doing this, I now see a zero length log.PCNAME file and a zero length log.192.168.3.72 file. where the ip address is that of the pc. I am successful in joining this PC to another domain which is still 2.2.7. When I migrated, I did not change any entries in smb.conf. This PC has the registry SignOrSeal patch applied. In smb.conf, I have the following statement add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u which again was carried forward from samba2.2.7. Please help. Mark Orenstein East Granby, CT School System -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba