Re: [Samba] Slow Directory Access after upgrade to 3.5.6
set local master to yes and domain master to no On Tue, Sep 27, 2011 at 12:07 PM, Mike 1100...@gmail.com wrote: On Tue, Sep 27, 2011 at 4:35 AM, sghaida saddam.abugha...@gmail.comwrote: hello again, can you make the os level 15 or 20 in order to force SAMBA not to become preferred master by election. and check if you will still have the same issue Would the following configuration be acceptable to test your suggestion: domain master = yes local master = yes os level = 15 Thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] some clients cannot login
hello , kindly add to smb.conf log level = 3 passdb:5 auth:10 and attach log file so i could have a better understanding of the problem regards On Thu, Feb 11, 2010 at 2:34 PM, Osmany osm...@oc.quimefa.cu wrote: I have a problem that's happening randomly in my network. Starting a couple of weeks ago, some clients (All of my clients are running Windows XP)on my network cannot login to their sessions and windows brings out an error saying that the domain controller is not available or is blocked. I don't understand why this is happening, seeing that other clients can perfectly log in their computers in domain sessions. In the same server I have a dns(bind9) with a dynamic zone that is automatically updated by the dhcp. Does anyone have any experience on this? Can anyone help me solve this? this is the output of testparm: Processing section [homes] Processing section [netlogon] Processing section [Profiles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = OC.QUIMEFA.CU netbios name = PDC interfaces = 127.0.0.0/8, eth2 bind interfaces only = Yes passdb backend = ldapsam:ldap://localhost passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 server signing = auto socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon path = logon home = domain logons = Yes os level = 35 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=oc,dc=quimefa,dc=cu ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=oc,dc=quimefa,dc=cu ldap ssl = no ldap user suffix = ou=Users panic action = /usr/share/samba/panic-action %d [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon admin users = root write list = @Domain Admins create mask = 0755 guest ok = Yes browseable = No [Profiles] comment = Roaming Profile Share path = /home/samba/profiles read only = No profile acls = Yes browseable = No [printers] comment = All Printers path = /var/spool/samba admin users = root write list = root read only = No create mask = 0600 guest ok = Yes printable = Yes use client driver = Yes browseable = No [print$] comment = Printer Drivers Share path = /var/lib/samba/printers admin users = root write list = root create mask = 0664 directory mask = 0775 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net rpc join failed ?
1. what kind of domain controller you are trying to join ?? 2.. does the machine that you are trying to join has valid A and PTR records in the dns 3. before trying to join the domain did you try the following kinit [principal] and checked if the ticket is created by the principal name or not using klist 4. kindly send krb configuration + samba configuration reagrds On Thu, Feb 11, 2010 at 7:13 AM, Annada Prasana Prusty annadapras...@gmail.com wrote: Hi, i have further investigated. i got this error message get_trust_pw_clear: could not fetch clear text trust account password for domain my_domain. It is looking for machine password inside secrets.tdb with key = SECRETS/MACHINE_PASSWORD/MY_DOMAIN, but there is no record at the same offset. But tdbdump shows the record inside tdb file, even in hexdump also shows the record in different offset. So i am not able to trace it, where is the problem. I have tried with old samba versions also, but the same result. Please help. Thanks Annada === On Fri, Feb 5, 2010 at 7:48 PM, Annada Prasana Prusty annadapras...@gmail.com wrote: Hi, I am using samba-3.4.5. I am trying for join to domain controller, with security=domain in smb.conf. But it fails with following debug messages. * rpccli_netlogon_set_trust_password: unable to setup creds (NT_STATUS_ACCESS_DENIED) ! rpc command function failed ! (NT_STATUS_ACCESS_DENIED) .. get_schannel_session_key: could not fetch trust account password for domain 'MYDOMAIN' net_rpc_join_ok: failed to get schannel session key for server MYSERVER for domain MYDOMAIN. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO. unable to join domain MYDOMAIN return code = -1.* Can you please help , where is the problem. Thanks Annada -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Server not found in kerberos database (with net ads join)
Does the machine you are trying to add has a valid A/PTR records on the dns if you are using windows dns after creating an entry in the dns Principal will be auto created by windows kerberos i think this is the problem if the problem didnt solve could you attach kerberos and smb conf files regards for providing On Wed, Feb 10, 2010 at 10:35 PM, Joel Therrien joel_therr...@uml.edu wrote: Hi All, After running into a few issues in trying to join my debian (squeeze) box to a windows 2008 server, I am running into this (hopefully last) problem... When I try to do te net join command, I get the following nanoelecfs:/home/joel# net join ads -S XX.XX.XX.XX dn 'DC=FS,DC=UML,DC=EDU' -U USERNAME Enter EEng_LDAP's password: [2010/02/10 15:20:10, 0] libads/sasl.c:819(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in Kerberos database Failed to join domain: failed to connect to AD: Server not found in Kerberos database ADS join did not work, falling back to RPC... Enter USERNAME's password: Could not connect to server XX.XX.XX.XX Connection failed: NT_STATUS_BAD_NETWORK_NAME I have the following debain package installed for samba (2:3.4.5~dfsg-1) on top of this, I have no idea why I need to specify the domain path as well as the specific IP address of the server. But without those, I don't even get this far... not specifying the server specifically results in a can't find domain controller. And if it matters, yes, the DNS I use is actually the same machine as the domain controller I am trying to connect to. Well, any thoughts would be appreciated. Joel Therrien -- Asst. Prof. Joel M. Therrien Ph: 978-934-3324 Fax: 978-934-3027 joel_therr...@uml.edu Dept. of Electrical Computer Engineering U. Massachusetts-Lowell 1 University Ave Lowell, MA 01854 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Strange problem with Samba as AD member
the problem cause could be kerberos clock skew kerberos server time vs. and machines time On Thu, May 28, 2009 at 11:12 AM, Masopust, Christian christian.masop...@siemens.com wrote: Dear all, I've a real strange problem with one of my Samba-servers. Most of the time a lot of users get the message about trust relationship failure when trying to access the share on this server. Below you find part of a log where the user can access the share and a few seconds later it's no longer possible. net ads testjoin shows that join of the samba-server is still valid, removing and rejoining the server from AD didn't help. Some additional information: - samba-server and users facing this problem are located on a remote site (with its own DC) - access to another samba-server at the remote site for users facing the problem works at any time! - access to the share on the samba-server having the problems from my site (different DC) works at any time! [2009/05/28 10:49:57, 1, pid=31019, effective(0, 0), real(0, 0)] smbd/sesssetup.c:reply_spnego_kerberos(474) Username WW300\SK16963C$ is invalid on this system [2009/05/28 10:49:57, 1, pid=31019, effective(0, 0), real(0, 0)] smbd/session.c:session_claim(112) Re-using invalid record [2009/05/28 10:49:57, 1, pid=31019, effective(51043, 2700), real(0, 0)] smbd/service.c:make_connection_snum() sk16963c (:::163.242.60.65) connect to service views_copl initially as user sk1u04w8 (uid=51043, gid=2700) (pid 31019) [2009/05/28 10:50:06, 1, pid=31019, effective(0, 0), real(0, 0)] smbd/service.c:close_cnum(1323) sk16963c (:::163.242.60.65) closed connection to service views_copl [2009/05/28 10:50:07, 0, pid=31024, effective(0, 0), real(0, 0)] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(3352) cli_rpc_pipe_open_schannel: failed to get schannel session key from server SKZAAM100A.WW300.SIEMENS.NET for domain WW300. [2009/05/28 10:50:07, 0, pid=31024, effective(0, 0), real(0, 0)] auth/auth_domain.c:connect_to_domain_password_server(187) connect_to_domain_password_server: unable to open the domain client session to machine SKZAAM100A.WW300.SIEMENS.NET. Error was : NT_STATUS_ACCESS_DENIED. [2009/05/28 10:50:07, 0, pid=31024, effective(0, 0), real(0, 0)] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(3352) cli_rpc_pipe_open_schannel: failed to get schannel session key from server SKZAAM100A.WW300.SIEMENS.NET for domain WW300. [2009/05/28 10:50:07, 0, pid=31024, effective(0, 0), real(0, 0)] auth/auth_domain.c:connect_to_domain_password_server(187) connect_to_domain_password_server: unable to open the domain client session to machine SKZAAM100A.WW300.SIEMENS.NET. Error was : NT_STATUS_ACCESS_DENIED. any idea what can cause this problem? thanks a lot, christian p.s.: here's the global-section of my smb.conf # Global parameters [global] workgroup = WW300 netbios name = SK16822C server string = Samba %v CC-View-Server security = ADS realm = WW300.SIEMENS.NET password server = * client use spnego = yes username map = /etc/samba/smbusers smb ports = 139 log file = /var/log/samba/log.%m debug pid = Yes debug uid = Yes name resolve order = host wins bcast deadtime = 15 machine password timeout = 0 os level = 0 preferred master = No local master = No domain master = No browse list = No dns proxy = No wins support = No wins server = ip-of wins-server ldap ssl = no eventlog list = Security, Application, Syslog, Apache utmp = Yes idmap uid = 20-23 idmap gid = 5-6 template homedir = /home/%U template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes hide dot files = No dos filetime resolution = Yes fake directory create times = Yes host msdfs = no msdfs root = no load printers = no printing = bsd browsable = no restrict anonymous = 2 null passwords = no guest account = nobody kernel oplocks = No oplocks =No level2 oplocks = No ___ Christian Masopust SIEMENS AG SIS SDE SVI CON IPB Tel: +43 (0) 5 1707 26866 E-mail: christian.masop...@siemens.com Addr: Austria, 1210 Vienna, Siemensstraße 90-92, B. 33, Rm. 243 Leader of the RUGA http://www.rational-ug.org/groups.php?groupid=119 Firma: Siemens Aktiengesellschaft Österreich, Rechtsform: Aktiengesellschaft, Sitz: Wien, Firmenbuchnummer: FN 60562 m, Firmenbuchgericht: Handelsgericht Wien, DVR 0001708 ___
Re: [Samba] SMBD not authenticating against Active Directory
hello, add the following to samba socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap config TESTDOMAIN: default = yes idmap config TESTDOMAIN: backend = rid idmap config TESTDOMAIN: range = 10777216-57554431 idmap alloc TESTDOMAIN: range = 10777216-57554431 winbind nested groups = yes winbind use default domain = no prefered master = no and remove the following idmap backend = ad idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 if you still facing the same problem please send the new log once again regards, Saddam Abu Ghaida On Sun, Nov 30, 2008 at 6:13 AM, Kums [EMAIL PROTECTED] wrote: Hi Saddam, Please find the Samba log file attached with the below log level settings. Sorry for the delay in response. Regards, -Kums On Fri, Nov 28, 2008 at 7:22 PM, saddam abu ghaida [EMAIL PROTECTED] wrote: could you add the following and send the generated log files os level = 3 passdb:5 auth:10 winbind:5 * spnego has something to do with this failure regards, saddam abu ghaida On Thu, Nov 27, 2008 at 2:01 AM, Kums [EMAIL PROTECTED] wrote: Hi, Iam trying to setup Samba version 3.2.3 on Redhat (RHEL5) server to use Active Directory for authentication. I followed the instructions from article in following website: http://technet.microsoft.com/en-au/magazine/dd228986.aspx Setup Winbind + Samba + Kerberos and it seems to work fine. I can see the users in Active Directory through winbind as well as authenticate users using NTLM authentication. Problem is that Iam unable to access Samba share from Windows clients as AD user. Analyzing the network traffic on SMBD port gives: --- 10.849969 192.168.97.2 - 192.168.97.5 SMB Session Setup AndX Request, NTLMSSP_AUTH, User: TESTDOMAIN\testuser 10.853302 192.168.97.5 - 192.168.97.2 SMB Session Setup AndX Response, Error:STATUS_LOGON_FAILURE -- I can however access the Samba share as local user in the Samba server via smbpasswd: --- 166.059746 192.168.97.2 - 192.168.97.5 SMB Session Setup AndX Request, NTLMSSP_AUTH, User: D1950-01\kums 166.068297 192.168.97.5 - 192.168.97.2 SMB Session Setup AndX Response 166.068500 192.168.97.2 - 192.168.97.5 SMB Tree Connect AndX Request, Path: \\192.168.97.5\global 166.068787 192.168.97.5 - 192.168.97.2 SMB Tree Connect AndX Response --- Winbind gives following error, not sure if this is significant for I can access the AD via wbinfo [2008/11/26 15:22:58, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(626) cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot find KDC for requested realm Please see attached for configuration detail + detailed error log. Googling helped me to get so far, but not completely resolve this issue. Please advise. Thanks in Advance, -Kums -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMBD not authenticating against Active Directory
could you add the following and send the generated log files os level = 3 passdb:5 auth:10 winbind:5 * spnego has something to do with this failure regards, saddam abu ghaida On Thu, Nov 27, 2008 at 2:01 AM, Kums [EMAIL PROTECTED] wrote: Hi, Iam trying to setup Samba version 3.2.3 on Redhat (RHEL5) server to use Active Directory for authentication. I followed the instructions from article in following website: http://technet.microsoft.com/en-au/magazine/dd228986.aspx Setup Winbind + Samba + Kerberos and it seems to work fine. I can see the users in Active Directory through winbind as well as authenticate users using NTLM authentication. Problem is that Iam unable to access Samba share from Windows clients as AD user. Analyzing the network traffic on SMBD port gives: --- 10.849969 192.168.97.2 - 192.168.97.5 SMB Session Setup AndX Request, NTLMSSP_AUTH, User: TESTDOMAIN\testuser 10.853302 192.168.97.5 - 192.168.97.2 SMB Session Setup AndX Response, Error:STATUS_LOGON_FAILURE -- I can however access the Samba share as local user in the Samba server via smbpasswd: --- 166.059746 192.168.97.2 - 192.168.97.5 SMB Session Setup AndX Request, NTLMSSP_AUTH, User: D1950-01\kums 166.068297 192.168.97.5 - 192.168.97.2 SMB Session Setup AndX Response 166.068500 192.168.97.2 - 192.168.97.5 SMB Tree Connect AndX Request, Path: \\192.168.97.5\global 166.068787 192.168.97.5 - 192.168.97.2 SMB Tree Connect AndX Response --- Winbind gives following error, not sure if this is significant for I can access the AD via wbinfo [2008/11/26 15:22:58, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(626) cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot find KDC for requested realm Please see attached for configuration detail + detailed error log. Googling helped me to get so far, but not completely resolve this issue. Please advise. Thanks in Advance, -Kums -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
