[Samba] Samba4 AD returning incomplete results, can't edit much, and unable to reindex sam.ldb
Not sure if this is best sent to samba or samba-technical. If an admin thinks this is best sent to technical, let me know and I'll resend it there. Hi all, Well I've managed to land myself in a bit of a heap. I've been successfully running Samba4 at two schools I administer as well as my home test network, starting with alpha17 and now on beta8. Group Policy works a charm. But lately at one of the schools it seems sam.ldb has got messed up. In ADUC, I can browse all users, groups and machines fine, everything and everyone authenticates and operates fine, and I can view all current group memberships for a user and existing users in a group, but if searching for users to add to a group, or to add groups to a user, only a small subset of users/groups (respectively) shows in the search results, and if I type the name of any other user/group manually, I get told by ADUC that they do not exist. I only see 6 out of about 90 users, and 22 out of about 65 groups (all the builtins seem to show as part of that 22). This means my AD is more or less stuck from an administrative point of view. I can generally not change user or group memberships without difficulty. This looks like it happened while I was on leave for a few weeks, so backups of non-corrupt data have been overwritten - I only had a two-week rotation/retention policy on /srv/adsrv/var contents (changed since!). So in ADUC I can view group members or view user groups but can't modify the bulk of them. samba-tool behaves the opposite - "samba-tool group listmembers (groupname)" only lists users if they're in the same set of 6, but addmember succeeds - if I use addmember, while listmembers still doesn't show the newly added member to a group, opening the group in ADUC does list the member. I can't discern any pattern or common element exclusive to those 6 users. If I do a 'ldbsearch -H sam.ldb "objectClass=*"', out of the user records returned, only the same 6 that show up in AD searches show up in the results (amongst other machine and non-user objects). samba-tool dbcheck --cross-ncs returns "Checked 3229 objects (0 errors)", but samba-tool dbcheck --reindex fails with: === Re-indexing... Invalid data for index DC=_kerberos._tcp.Default-First-Site-Name._sites.dc,DC=_msdcs.ad.(domain name),CN=MicrosoftDNS,DC=ForestDnsZones,DC=ad,DC=(domain name) ltdb: tdb(/srv/adsrv/var/lib/samba/private/sam.ldb.d/DC=AD,DC=(domain name).ldb): tdb_rec_read bad magic 0x6863733d at offset=1773572 re-indexed database : (1, "attribute 'force_reindex': no matching attribute value while deleting attribute on '@ATTRIBUTES'") === (I have the samba4 tree contained in /srv/adsrv on this server to isolate it from a samba 3 instance doing the file sharing, inspired by "Franky" - this is left over from a configuration to suit alpha17 (the smbd subprocess didn't work back then for shares) and otherwise works fine, also works fine at the other school). I can't browse past the Default-First-Site-Name._sites.dc,DC=_msdcs.ad.(domain name),CN=MicrosoftDNS,DC=ForestDnsZones,DC=ad,DC=(domain name) folder using the Windows-based LDAP_Admin.exe utility, it throws this error: "LDAP error! Operations Error: 2020: schema: metadata tdb not initialized at ../source4/dsdb/samdb/ldb_modules/schema_load.c:117" Based on the advice here: http://lists.samba.org/archive/samba-technical/2010-December/075239.html ... I tried to manually remove the index by doing this: /srv/adsrv/bin/ldbedit -H /srv/adsrv/var/lib/samba/private/sam.ldb -s base -b \@INDEXLIST ... and clearing out the index to the example given in the above link. Or even just removing one entry. However, any modifications fail with a similar error to the above reindex command: === ltdb: tdb(/srv/adsrv/var/lib/samba/private/sam.ldb.d/DC=AD,DC(domain name).ldb): tdb_rec_read bad magic 0x6863733d at offset=1773572 failed to modify @INDEXLIST - ldb_wait: Operations error (1) === ... and the modification doesn't happen. Argh! Any ides as to how I may be able to get out of this? Any help appreciated. Regards, Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Suggestions on group permissions
I have a user community of about 2000 users and a samba server running on AIX that currently hosts a read-only share for the whole company. [Released] path = /mypath guest ok = Yes But now I have been requested to make this share available as read-only for some users and completely inaccessible to everyone else. The number of users who will have access is probably a few hundred and I expect users to be added/removed on a daily basis. Some of the users have unix logins, while others do not. Because of this, I hesitate to mess with user mapping because I would have to manage this every day, unless I do something with a script. Can someone suggest a scheme I can use to deny everyone except for certain users? Someone here in my office suggested we use hosts allow or deny, since the users who will still have access are located on the same subnet. However, there is a distinct possibility that a small number of people on a few other subnets will need access. Is there a way I can specify hosts allow but still allow specific users from other subnets? Forgive me if this question has been asked before. I'm sure it must have been, but I am having trouble doing a search of the archives that will give me advice about this particular problem. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Suggestions on group permissions
I have a user community of about 2000 users and a samba server running on AIX that currently hosts a read-only share for the whole company. [Released] path = /mypath guest ok = Yes But now I have been requested to make this share available as read-only for some users and completely inaccessible to everyone else. The number of users who will have access is probably a few hundred and I expect users to be added/removed on a daily basis. Some of the users have unix logins, while others do not. Because of this, I hesitate to mess with user mapping because I would have to manage this every day, unless I do something with a script. Can someone suggest a scheme I can use to deny everyone except for certain users? Someone here in my office suggested we use hosts allow or deny, since the users who will still have access are located on the same subnet. However, there is a distinct possibility that a small number of people on a few other subnets will need access. Is there a way I can specify hosts allow but still allow specific users from other subnets? Forgive me if this question has been asked before. I'm sure it must have been, but I am having trouble doing a search of the archives that will give me advice about this particular problem. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Compatible version
I am running AIX version 4.2.1.0 and I would like to know which versions if any of SAMBA are compatible with this version of AIX and with Windows XP SP2. Sally -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] keep long printer name
hi everybody, I get a problem on keeping long printer name in samba. We have several printer on NT4. I want to migrate all of them to samba. In NT4, the printer name shows as "HP LaserJet 5000 PCL6" on windows2000 and windows XP client. How can I get that shown on Samba exactly like that? I am using LPRng and samba 3.04. I can use "HP5000PCL" in samba share and it shows on printer share. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Viewing Properties of file marks it Read-Only?
I've got CIFS/9000 (rebadged SAMBA 2.2.3a) running under HP-UX 11.11 using the below configuration. If I use Windows Explorer to right-click on any file (in the SAMBA Share) and view its Properties, the Unix privileges get changed from "-rwxrwxr-x" to "-rwxr--r--" essentially making it Read-Only!! Even if I don't change anything and click CANCEL on the dialogue box? This behavior is certainly unexpected and has already burned me once, as I unknowingly changed a file to Read-Only while users were writing to it!! Is there some additional setting change I can make to the config to stop this from happening? TIA Alan Walters Director of I.T. Royce Medical # Samba config file created using SWAT # from AWalters (192.168.100.16) # Date: 2004/04/23 09:53:58 # Global parameters [global] workgroup = INFOSYS netbios name = ROYCEM2K server string = Samba Server interfaces = 192.168.101.1 security = SHARE encrypt passwords = Yes syslog = 0 log file = /var/opt/samba/log.%m max log size = 1000 local master = No wins server = 192.168.100.8 read only = No hosts allow = 192.168.100.0/255.255.252.0 short preserve case = No dos filetime resolution = Yes [M2KApps] comment = Manage-2000 Applications path = /roi valid users = awalters admin users = awalters hosts allow = 192.168.100.16 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] joining samba domain 3-b3 with windows XP Pro
- Original Message - From: "Xavier Nicollet" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 28, 2003 6:22 PM Subject: Re: [Samba] joining samba domain 3-b3 with windows XP Pro > Gareth Walters: > > [...] > > The user name could not be found. > > > > > > I can do an LDAP search using the filters I got out of the logfile and it > > returns ok, I can connect to a share using the login details in LDAP. > > > > I am just not sure what exactly is failing, the logs don't contain anything > > that looks like an error (to me at least). > You can try: > smbclient //localhost/homes -U myuser > on the server. > Have you changed the key in the register database on Windows ? > Check that the key: "requiresignorseal"=dword: > with regedit. Registry settings have been changed. That smbclient test works as the admin user. Do I need to set up the domain Admins group or is the user with uidnumber=0 already an admin user? ---Gareth -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] joining samba domain 3-b3 with windows XP Pro
G'day all, I have Samba 3 beta 3 running on a RH9 box,(OpenLDAP backend) trying to make it a PDC. Everything seems to be working ok (see shares, browse etc) except I cannot add a machine to the domain. Windows XP Pro as the client, (registry settings changed) after I enter the admin user account details to join the domain I get the following error message... The user name could not be found. I can do an LDAP search using the filters I got out of the logfile and it returns ok, I can connect to a share using the login details in LDAP. I am just not sure what exactly is failing, the logs don't contain anything that looks like an error (to me at least). Any ideas on what is happening? (extra debugging tips etc.) ---Gareth Walters -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba - Windows XP permissions issue
: I have an XP client running office XP. This is sitting on an network along with an IBM RS6000. The RS6000 has SAMBA installed and configured so that the XP client can see the RS6000 as though it is a network device. The user opens a template in Word 2002 which creates a mailmerge document using VBA. The VBA code gets the name of the document and the location for both the document and the data from a control item which it reads in. The document itself is stored on the RS6000 in one directory and the data file is stored in a seperate directory on the RS6000. The document is created and saved without any problems. When it comes to editing the mail merge document we get an error message which says " is a mail merge main document. Word cannot find its data source". I then click on "OK" and try to find the data file. When I find the data file and click on it and open it we go back to the box asking for me to locate the data source. If I try this on my own machine running Windows '98 and Office XP the problem does not occur. If I open a document which has been created on the first machine I still need to locate the data source but when I select it the data source is attached and I can carry on with the editing of the document. If I open a document created on my machine on the first machine then again there isn't a problem. Can you tell me if there is an issue with Samba and Windows XP regarding File and Directory access permissions. Sally Sally Walters-Thomas Systems Development Consultant ADP Dealer Services (UK) Ltd email:[EMAIL PROTECTED] Tel: 0870 2255 237 Fax: 01709 835547 intY has scanned this email for all known viruses (www.inty.com) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba