Re: [Samba] RE Samba (winbind) troubles
hijacked the winbind threat.. but.. Really,. If you want my opinion and you probably don't, people need to stop thinking NT server if they connect to a samba4 AD server and start thinking AD server, they are totally different. . Novell NDS is much better the MS its (nds kopied) AD but thats not the issue. Als big point is, not thinking in AD, its making better manuals/howtos based on realworld examples. Im working with Novell/Windows/ over 20 years now. Linux about 15. and really, the manuals and howtos arent easy to read, sorry.. that is for me since im dutch. There are to many senarios, and combined with the wiki, its a mess in my head... Some howto's simplified would be nice. like for example. ( choose ) - Single server setup, with samba4 AD, choose internal dns or bind. etc.. - 2 Samba4 DC servers, using bind, etc. etc. - 1 samba4 server, added to windows AD. - 1 windows server, added to samba4 ad. - 2 samba4 DC servers and remote 1 samba DC server. These 5 are are the start of all other senarios. ( some extra's ) - samba4 setup with DRDB or GLUSTER ( sinds its default in most distros ) ( management ) GUI - Windows tools CLI - some needed commands as example. etc .. Put the pro/cons in a matrix what works what not. and i preferred something like this with for example the sernet packages. This way is always the same, no compiling needed, so less questions here, and bugs are faster found. looks a win win for me. and if a setup if make for example with ubuntu, is usable for all debian bases install. same for centos/redhet. Im using this stratigy for al my servers i install and manage. bugs are very fast found and fixed with upstream packages. I dont compile on any production server, as should everyone else. Any suggestions samba team? please do so, lets make the best software even better. My now running setup, is done by howto ( make my own at the time ), and is running sinds 2004, with 0 errors, ok, some failing hardware, but samba never let me down. I still use the manual to install new servers in my environment now. I've been testing samba4 since alpha 8, and for now, im still not running it. Why, setting up samba4 is to complex in my situation, yes, documentation is good, but for me its to much. but if its for me, how about other people,... what would you like to see to simpilfy the samba4 install. A simple thing as installing samba4 and adding it as DC to a windows domain. really try it with only the wiki info. Such a simple thing like this, is very complex explaind in the wiki. but ok this is my point of view. I do like samba, but wiki/howtos are lots to improve. I promise to the samba communitie, when i start my install, ill document it and make a nice howto of it. A howto everyone can read and understand. ( will be debian/ubuntu base, with sernet packages ) Still samba team/sernet team, thanks for providing this software, lets make it better with all of us. there al lots of very good people here on the mailing which have the knowlidge to make such howtos. ow... and sorry for my bad english.. ;-) i dont write much in english these days. Best regards, Louis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE Samba (winbind) troubles
On Wed, 2013-07-24 at 09:09 +0200, L.P.H. van Belle wrote: hijacked the winbind threat.. but.. Don't feel threatened. There _are_ alternatives. I do like samba, but wiki/howtos are lots to improve. To be fair, it's not just Samba. It's most open source stuff. There are too many hobbyists and armchair users. As joe public, what we should be doing is not criticising the devs for their poor documentation. We should be writing it ourselves at our own level. Let the devs enjoy their C and let's thank them for the code. It's not down to them to document it for end users. I doubt that Microsoft would allow their coders anywhere near the end user documentation department. Anyway, hopefully complex DC's and windows domains will soon be a thing of the past. You don't need winbind for Cloud. You won't need sysadmins either. Just someone who can read the quickstart guide. Just my €0.02 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE Samba (winbind) troubles
From: steve On Wed, 2013-07-24 at 09:09 +0200, L.P.H. van Belle wrote: I do like samba, but wiki/howtos are lots to improve. To be fair, it's not just Samba. It's most open source stuff. There are too many hobbyists and armchair users. As joe public, what we should be doing is not criticising the devs for their poor documentation. We should be writing it ourselves at our own level. Let the devs enjoy their C and let's thank them for the code. It's not down to them to document it for end users. It's a little hard to write documentation when all you've got is a million questions and no answers. The only people who actually have the answers are the developers. I wish developers would routinely budget, oh, 10% of their time to writing docs. I spend at least twice that much on documenting my own software, because I find it helps me write better organized code if I first have to explain what it's going to do, or how to use it. Write the manual first, then implement it, modifying the manual as you discover logical flaws during the process of writing and debugging. I doubt that Microsoft would allow their coders anywhere near the end user documentation department. I don't know what they do at Microsoft, but there must be some organized way of getting the software writers to convey the information to the people who actually write the documentation. In my opinion (as someone who's been spending a big chunk of his life reading documentation lately), the MSDN content ranges from marginal to excellent, while Linux-land documentation ranges from practically non-existent (e.g., ALSA) to very good (the kernel man pages). So far, I think Samba's docs get about a C-, but that's because I know next to nothing about networking; they may look much better to someone who already knows all about SMB from the Windows world. -- Ciao, Paul D. DeRocco Paulmailto:pdero...@ix.netcom.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE Samba (winbind) troubles
On Wed, 2013-07-24 at 01:26 -0700, Paul D. DeRocco wrote: From: steve On Wed, 2013-07-24 at 09:09 +0200, L.P.H. van Belle wrote: I do like samba, but wiki/howtos are lots to improve. To be fair, it's not just Samba. It's most open source stuff. There are too many hobbyists and armchair users. As joe public, what we should be doing is not criticising the devs for their poor documentation. We should be writing it ourselves at our own level. Let the devs enjoy their C and let's thank them for the code. It's not down to them to document it for end users. It's a little hard to write documentation when all you've got is a million questions and no answers. The only people who actually have the answers are the developers. Hi That's not the case. They are too far removed from being an end user let alone a beginner. You're just about to solve an issue that you have raised in this thread. As soon as you have it solved then document it in your own words: your own notes in case you get the issue again. It's a small step from there to tidy it up a bit and blog or wiki it. You have the opportunity of using the non jargon, non technical language end users hate. Other end users will hit the blog like it's going out of fashion. There's a demand for this level of documentation. Salu2 Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE Samba (winbind) troubles
Look, your still not getting the point steve. Yes, you made some good howtos, i've read them. But because there are so many options, so many roads to rome... It hard to decide what to use. Yes, developers needs to be developers, but if the developers dont document. Who can make then the documentation, so yes, the devs need to do some documentation. And what er is, is good, thats not the point. My point is, there are lots of people installing samba4, on different ways. I would be nice if there are some guideline howto setup such a thing. Ans yes, even microsoft of novell have such guidelines. But thats not the point. Im asking here, if the people how really understand samba4, and this can be dev of communitie people. can make some simple howtos. As i already sad, im going to make one, like the one before. For example look at my old setup. http://lists.samba.org/archive/samba/2005-December/114817.html Its still usable, ok, the layout is bit messed up, but it still works. ( dont be to hard on it, it was my first howto. ) and, is stated in 2005... quote I try to give a complete solution for this how-to, this is because lots of people where asking the same things on the samba list and lots of people make the same mistakes. and all these same questions are taking precious time of the dev's. Samba4 can be much much better in use, when there are beter howto's. Which dont need compiling to make it more accessable for others, and most important, no compiling software on production servers, its not safe and not needed! Keep things as standard as it can be, you live gets so much easier if you do. For example, my backups, are just /etc /home/MYDATA. and my ldap export. If i have a crash, happend 1 time, i just reinstall my server, put back my configs. and reset rights if needed, im always up and running within 1-2 hours. ( with about 40-60GB data ) Even if my building burns out. ( ok ,tape restore takes 1,5 hours, so, total restore time 3-4 hours ) I can replicate every installation very easy because of no compiling, and keep it as standard as i can. Debian is a star of keeping the install files original, and use include.d dirs for extra settings. This is power in upgradeing and reinstalls. Thats my point. So lets help one and other, im looking for sernet based howtos, please e-mail them to me if you have one. I'll try to make a new big howto for samba. Louis -Oorspronkelijk bericht- Van: st...@steve-ss.com [mailto:samba-boun...@lists.samba.org] Namens steve Verzonden: woensdag 24 juli 2013 11:08 Aan: samba@lists.samba.org Onderwerp: Re: [Samba] RE Samba (winbind) troubles On Wed, 2013-07-24 at 01:26 -0700, Paul D. DeRocco wrote: From: steve On Wed, 2013-07-24 at 09:09 +0200, L.P.H. van Belle wrote: I do like samba, but wiki/howtos are lots to improve. To be fair, it's not just Samba. It's most open source stuff. There are too many hobbyists and armchair users. As joe public, what we should be doing is not criticising the devs for their poor documentation. We should be writing it ourselves at our own level. Let the devs enjoy their C and let's thank them for the code. It's not down to them to document it for end users. It's a little hard to write documentation when all you've got is a million questions and no answers. The only people who actually have the answers are the developers. Hi That's not the case. They are too far removed from being an end user let alone a beginner. You're just about to solve an issue that you have raised in this thread. As soon as you have it solved then document it in your own words: your own notes in case you get the issue again. It's a small step from there to tidy it up a bit and blog or wiki it. You have the opportunity of using the non jargon, non technical language end users hate. Other end users will hit the blog like it's going out of fashion. There's a demand for this level of documentation. Salu2 Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re : samba Digest, Vol 119, Issue 11
Chers correspondants, Bonjour ! Merci pour votre correspondance que vous envoyez à mon compte depuis une très longue période. Néanmoins je dois vous dire que je comprends la langue anglaise que trés partiellement, aussi je ne retiens de vos écrits que très peu de choses. Par conséquent, je vous demanderais de voir la possibilité de me transmettre vos numéros en langue française et je remercie infiniment ham...@yahoo.fr --- En date de : Dim 11.11.12, samba-requ...@lists.samba.org samba-requ...@lists.samba.org a écrit : De: samba-requ...@lists.samba.org samba-requ...@lists.samba.org Objet: samba Digest, Vol 119, Issue 11 À: samba@lists.samba.org Date: Dimanche 11 novembre 2012, 20h00 Send samba mailing list submissions to samba@lists.samba.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.samba.org/mailman/listinfo/samba or, via email, send a message with subject or body 'help' to samba-requ...@lists.samba.org You can reach the person managing the list at samba-ow...@lists.samba.org When replying, please edit your Subject line so it is more specific than Re: Contents of samba digest... Today's Topics: 1. Re: Problem with Remote Announce (Nick Howitt) 2. Question about filtering (Enrico Scantamburlo) 3. [SAMBA4 RC1] Strange internal DNS behaviour (Szymon Zycinski) 4. Problem with filtering (Enrico Scantamburlo) 5. Re: samba4 documentation (Andrew Bartlett) 6. Re: Question about filtering (Andrew Bartlett) 7. Re: samba4 documentation (Jos? Neto) 8. Re: SYSVOL ACLs and GPOs (Andrew Bartlett) 9. ANNOUNCE: cifs-utils release 5.8 is ready for download (Jeff Layton) ___ samba mailing list samba@lists.samba.org https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE Samba, ldap and machine accounts - SOLVED
Yiha! Finally I got all peaces together. Not that easy, sometime a pain in the ass, but informative. May be I'll put all together in a doc ... we will see :) The last peace I missed was, that in the ldap tree the profile and home directory paths where wrong; I hadn't changed the default setting in the smbldap-tool config file. Cheers . Götz Am 19.07.10 16:05, schrieb Götz Reinicke - IT-Koordinator: Hi, thanks for pointing me into the right direction! I corrected the missing DHCP/WINS settings and now I can log in to the XP client. But now I do get a message, that the server profile can't be found and the users home share is not connected to. As fas as I can see, the paths are there and the permissions are right. Any hints on that? More kotaus and best regards, Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE Samba, ldap and machine accounts
Hi, thanks for pointing me into the right direction! I corrected the missing DHCP/WINS settings and now I can log in to the XP client. But now I do get a message, that the server profile can't be found and the users home share is not connected to. As fas as I can see, the paths are there and the permissions are right. Any hints on that? More kotaus and best regards, Götz Am 15.07.10 17:30, schrieb Stéphane PURNELLE: With theses parameters, your PDC act as a wins server. If you make ps ax | gre ppnmbd you will sees 2 nmbd process. And for client you must configure client for connect to wins server. If you have a dhcp, add wins address to the configuration or if you work with static ip and wins reccord to the ip configuration on your client. Other tips : be sure that in your ldap tree, you have a account for your workstation like workstation-nameC$ --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 15/07/2010 17:22:39: Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de Envoyé par : samba-boun...@lists.samba.org 15/07/2010 17:23 A samba@lists.samba.org cc Objet Re: [Samba] RE Samba, ldap and machine accounts Hi, I never got into that wins topic. In the config of the samba server there is: grep wins /etc/samba/smb.conf name resolve order = wins bcast hosts wins proxy = yes wins support = yes What may I check/setup? THX . Götz Am 15.07.10 16:32, schrieb Stéphane PURNELLE: Have you a wins server ? --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 15/07/2010 15:27:25: Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de Envoyé par : samba-boun...@lists.samba.org 15/07/2010 15:27 A samba@lists.samba.org cc Objet [Samba] Samba, ldap and machine accounts Hi, some time a go I started to try a migration form our old samba PDC with smbpasswd user backend to a new ldap based. I got to the point, that users can login to shares and now I'd liked to set up the server as an PDC with ldap and machine accounts too. The smbldap-toosl are installed and configured and I can add a machine to ldap to a certain point. The ldap entry is created, but when I restart the XP client there is a pop-up at the login window with the message, that the domain is not available. (The domain I joined a few minutes ago.) I restarted the samba server, I restarted the xp client, waited some time over night for the browser announcement to finish. Deleted the cached files on the sambe server in /var/cache/samba/ ... May be I missed something or deleted something I shouln't ... The server is centos 5.5, openldap-2.3.43, samba-3.0.33. The Client is windows xp SP3 with all latest patches and no modifications to the registry or anything else. In the logfiles is not clue to me. Any suggestion or help is appreciate! Thanks a lot and best regards, -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE Samba, ldap and machine accounts
Have you a wins server ? --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 15/07/2010 15:27:25: Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de Envoyé par : samba-boun...@lists.samba.org 15/07/2010 15:27 A samba@lists.samba.org cc Objet [Samba] Samba, ldap and machine accounts Hi, some time a go I started to try a migration form our old samba PDC with smbpasswd user backend to a new ldap based. I got to the point, that users can login to shares and now I'd liked to set up the server as an PDC with ldap and machine accounts too. The smbldap-toosl are installed and configured and I can add a machine to ldap to a certain point. The ldap entry is created, but when I restart the XP client there is a pop-up at the login window with the message, that the domain is not available. (The domain I joined a few minutes ago.) I restarted the samba server, I restarted the xp client, waited some time over night for the browser announcement to finish. Deleted the cached files on the sambe server in /var/cache/samba/ ... May be I missed something or deleted something I shouln't ... The server is centos 5.5, openldap-2.3.43, samba-3.0.33. The Client is windows xp SP3 with all latest patches and no modifications to the registry or anything else. In the logfiles is not clue to me. Any suggestion or help is appreciate! Thanks a lot and best regards, Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE Samba, ldap and machine accounts
Hi, I never got into that wins topic. In the config of the samba server there is: grep wins /etc/samba/smb.conf name resolve order = wins bcast hosts wins proxy = yes wins support = yes What may I check/setup? THX . Götz Am 15.07.10 16:32, schrieb Stéphane PURNELLE: Have you a wins server ? --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 15/07/2010 15:27:25: Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de Envoyé par : samba-boun...@lists.samba.org 15/07/2010 15:27 A samba@lists.samba.org cc Objet [Samba] Samba, ldap and machine accounts Hi, some time a go I started to try a migration form our old samba PDC with smbpasswd user backend to a new ldap based. I got to the point, that users can login to shares and now I'd liked to set up the server as an PDC with ldap and machine accounts too. The smbldap-toosl are installed and configured and I can add a machine to ldap to a certain point. The ldap entry is created, but when I restart the XP client there is a pop-up at the login window with the message, that the domain is not available. (The domain I joined a few minutes ago.) I restarted the samba server, I restarted the xp client, waited some time over night for the browser announcement to finish. Deleted the cached files on the sambe server in /var/cache/samba/ ... May be I missed something or deleted something I shouln't ... The server is centos 5.5, openldap-2.3.43, samba-3.0.33. The Client is windows xp SP3 with all latest patches and no modifications to the registry or anything else. In the logfiles is not clue to me. Any suggestion or help is appreciate! Thanks a lot and best regards, Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE Samba, ldap and machine accounts
With theses parameters, your PDC act as a wins server. If you make ps ax | gre ppnmbd you will sees 2 nmbd process. And for client you must configure client for connect to wins server. If you have a dhcp, add wins address to the configuration or if you work with static ip and wins reccord to the ip configuration on your client. Other tips : be sure that in your ldap tree, you have a account for your workstation like workstation-nameC$ --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 15/07/2010 17:22:39: Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de Envoyé par : samba-boun...@lists.samba.org 15/07/2010 17:23 A samba@lists.samba.org cc Objet Re: [Samba] RE Samba, ldap and machine accounts Hi, I never got into that wins topic. In the config of the samba server there is: grep wins /etc/samba/smb.conf name resolve order = wins bcast hosts wins proxy = yes wins support = yes What may I check/setup? THX . Götz Am 15.07.10 16:32, schrieb Stéphane PURNELLE: Have you a wins server ? --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 15/07/2010 15:27:25: Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de Envoyé par : samba-boun...@lists.samba.org 15/07/2010 15:27 A samba@lists.samba.org cc Objet [Samba] Samba, ldap and machine accounts Hi, some time a go I started to try a migration form our old samba PDC with smbpasswd user backend to a new ldap based. I got to the point, that users can login to shares and now I'd liked to set up the server as an PDC with ldap and machine accounts too. The smbldap-toosl are installed and configured and I can add a machine to ldap to a certain point. The ldap entry is created, but when I restart the XP client there is a pop-up at the login window with the message, that the domain is not available. (The domain I joined a few minutes ago.) I restarted the samba server, I restarted the xp client, waited some time over night for the browser announcement to finish. Deleted the cached files on the sambe server in /var/cache/samba/ ... May be I missed something or deleted something I shouln't ... The server is centos 5.5, openldap-2.3.43, samba-3.0.33. The Client is windows xp SP3 with all latest patches and no modifications to the registry or anything else. In the logfiles is not clue to me. Any suggestion or help is appreciate! Thanks a lot and best regards, Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Samba freezes server when writing 50MB MS Word document (sometimes)
Volker Lendecke Volker.Lendecke at SerNet.DE writes: On Sat, Jul 11, 2009 at 09:14:21AM +0200, Sebastian Scholz wrote: Hi list for a couple of days we have the problem that our samba pdc server (ubuntu 8.04 LTS [kernel 2.6.24-24] with 3.0.28a samba package) freezes sometimes when someone saves a specific word document (about 50MB) from MS Word. It's not always the same person. Saving the document - as nearly any huge MS Office document - takes some time, about one minute (guessed). First the server gets really slow. Some user programs on clients fail to write. The CPU usage of the smb process of the user writing the document goes up to nearly 100%. After a while it's not possible to log on to the server - even locally. It asks for a password but there won't be a prompt. Sometimes there is nothing on the console/screen. Hitting a button does not change a thing. It's not possible to kill the process. Another thing is that there are a couple of smbd processes for one user (see attached user smbd log). If it's not possible to kill smbd, even with -9, this really sounds like a kernel problem. Look for example at https://bugs.launchpad.net/linux/+bug/254326 Volker Hi Volker thanks for your reply. You are right, it sounds more or less like that. The difference is that the kernel was running for quite a while without any problems and we are using a different board (Intel server board S3210SHLX with Core2Duo CPU). Being Saturday today it was possible to install the lasted Ubuntu server kernel update 8.04.3 (Linux xx 2.6.24-24-server #1 SMP Tue Jun 30 21:03:25 UTC 2009 i686 GNU/Linux). I tried to reproduce the fail but with just me in the office and no real traffic it's hard to do so. Maybe it just helped. I will wait and see. Regards Sebastian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Samba Windows resolve issue
Does anybody have a clue what the issue might be? Maybe even a hint as to what I could look into? Is there more information that I could supply that would help? I am stumped and my endusers are frustrated. Thanks again - Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: Samba Windows resolve issue
Quoting Doug Coats dcoats...@gmail.com: Does anybody have a clue what the issue might be? Maybe even a hint as to what I could look into? Is there more information that I could supply that would help? Your choice appears to be between a quick response from someone who doesn't know what they are talking about, or you can wait a bit and hear from someone who does. I'm not clear on the topology of your network. It sounds like you have two subnets (lets call them A and B). Your clients are on A, your H3 server is on subnet B, and H1 is a router between the two. But then I see two interfaces listed for H3. Depending on the topology, the following may or may not apply. I would worry that things like broadcasts stop at subnet boundaries. (Note that I use DNS not WINS, so I must speculate). I believe you'll need to have one master browser per subnet. Encouraging H1 to be the master browser seems like the best choice. What you don't want is machines fighting over who is master. I am thinking that whatever machine is routing between subnets should either be the master for both, or for neither. I see you have H3 configured as a domain master (ie a PDC), does testparm agree with that? If so, is that what you intend. You described this machine as a file server, which suggests to me that you didn't want this machine acting as a domain controller. Next, you have H3 configured as a WINS proxy, yet H1 is your server and is on subnet B (as well as A). I wouldn't think a proxy would be needed. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: Samba Windows resolve issue
On Tue, Jul 7, 2009 at 3:44 PM, Doug Coatsdcoats...@gmail.com wrote: Does anybody have a clue what the issue might be? Maybe. Maybe even a hint as to what I could look into? ip forwarding? routes? Is there more information that I could supply that would help? ifconfig and route from h1 and h3 would help but this a samba list, and your problem has nothing to do with samba. It's a network issue. Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Samba Interactive mode in OpenWRT
On Thu, Jun 25, 2009 at 10:50:02AM -0700, Kunal Punjabi wrote: The samba server is only waiting for samba connections if I use the -i (interactive) mode. Any idea how I can get my samba server to listen for and accept requests automatically (in non-interactive mode)? I found that smbd -i (to start the service and put it in the background) seems to work and the server is waiting for incoming connections. Although samba.init contains a command: smbd -D in its Start() function, that does not start the service. why do I not need this option under uClinux (smbd -D just seems to work and cause the service to start)? Sorry, I have no experience with nClinux. In general, I would strongly recommend using Samba on a CPU with proper memory protection, running without a MMU seems a bit risky to me. The way I would attack this is to run strace -f -o smbd.trace smbd -D and analyze smbd.strace the socket calls like socket(), bind() and listen() for spurious errors. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: Samba Interactive mode in OpenWRT
On Fri, Jun 26, 2009 at 10:19 AM, Volker Lendeckevolker.lende...@sernet.de wrote: On Thu, Jun 25, 2009 at 10:50:02AM -0700, Kunal Punjabi wrote: The samba server is only waiting for samba connections if I use the -i (interactive) mode. Any idea how I can get my samba server to listen for and accept requests automatically (in non-interactive mode)? I found that smbd -i (to start the service and put it in the background) seems to work and the server is waiting for incoming connections. Although samba.init contains a command: smbd -D in its Start() function, that does not start the service. why do I not need this option under uClinux (smbd -D just seems to work and cause the service to start)? Sorry, I have no experience with nClinux. In general, I would strongly recommend using Samba on a CPU with proper memory protection, running without a MMU seems a bit risky to me. Openwrt is a open source firmware for residential firewall devices http://en.wikipedia.org/wiki/OpenWrt In this case there are very limited resources. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Samba - PANIC: sys_setgroups failed
Honestly, I don't think that is the issue. I have two other Solaris 10 boxes running the same version of Samba and they see to be working as expected (I can map to the share and read/write). I'm about to re-configure Samba and see if that will help. Nothing else seems to work. Jamen McGranahan Vanderbilt University Christian McHugh christian.mch...@nau.edu wrote in message news:200906230835.32740.christian.mch...@nau.edu... On Tuesday 23 June 2009 07:24:26 am Jamen McGranahan wrote: [2009/06/22 09:31:44, 0] lib/util.c:smb_panic(1673) PANIC (pid 5473): sys_setgroups failed [2009/06/22 09:31:44, 0] lib/util.c:log_stack_trace(1827) unable to produce a stack trace on this platform [2009/06/22 09:31:44, 0] lib/fault.c:dump_core(231) dumping core in /usr/local/samba/var/cores/smbd Is your user in more than 16 groups? Solaris does not seem to like users with more than 16 groups. Christian McHugh Northern Arizona University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Samba PDC autolocking domain administrator account
Stefan Oberwahrenbrock oberwahrenbr...@transdata.net wrote in news:xns9c26809018cb9oberwahrenbrocktr...@80.91.229.13: Hello! It turned out, that after all there were differences in the setup of the test and production system - I just was not aware of them at first: The test system was built installing a plain default NT PDC. The default NT PDC installation does not make use of a lockout after bad login attempts policy at all - if you want to use such policy, you have to enable and configure it. The production system was configurered to use this policy with defaults (LogoutThreshold 5). During migration of both systems thesettings were also correctly migrated... Thus, with e. g. disabed account policy bad lockout attempt (pdbedit), the domain-administrator does not get locked any more. Nevertheless, Samba locking down the administrator is unexpected and unwanted - in my eyes. With NT the administrator account is not affected by the automatic locking mechanism. I think especially for users with migration background (NT 4.0 - Samba), it would be nice, to have the same behaviour with Samba PDC. In our case, the problem ist not, that the admins do not remember the password of the domain-admin. Instead, some users have the password for the local administrator on their local PC. If they logon as local administrator and try to connect to a share on some other machine, the Samba PDC obviously tries to authenticate the password(hash) of the local-admin-session against the domain-administrator account. With bad lockout attempt set to 5, the result is a lockeddown domain- administrator account (Password of local and domain administrator differ of course!). The only workaround I know, is do disable bad lockout attempt completely or to set it the a relativ high value (e. g. 15). With these settings, the local-admin-users users trying to connect to a share do get a new window where they can provide a correct login, after windows noticed, that the first automatical connect attempts did not work. Does anyone know, if the special handling of the domain-administrator- account is a topic for future releases of Samba? Is there someone else, who sees the problem like I do (Or am I still just to NT4.0-affected ;-)) Greetings, Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: [samba-user] Re: 2 copies of smbd running?
Am Mittwoch, 17. Juni 2009 schrieb Herwig Bauernfeind: Chuck McKinnis schrieb: Is this normal? Absolutely. Basically you have one parent smbd.exe daemon and one for each user attached to the server. In addition there are usually 2 instances of nmbd.exe. Thanks Herwig. I can see that logic, just could not find it anywhere in the documentation. I only have 1 instance of nmbd.exe. Do I have a problem? I don't think so, I am not entirely sure when the 2nd instance of nmbd.exe is started. When nmbd is also running as a wins server (wins support = Yes) and dns proxy = Yes has also been set, nmbd spawns a 2nd copy of itself for dns name lookup... See 'man smb.conf' --- dns proxy option for details. Cheers, Günter PS - If you would like some help in the Rexx area, I don't think I have forgotten everything yet. Send me an email if I can help. Thanks for your offer. I am in the process of cleaning the code and putting it into the netlabs svn. I have indeed a problem with redirection of output in smbmon and files that are open and cannot be closed, although they should be. As soon as I have put everything to svn, I'd gladly drop you a note so you can take a look at that. Kind regards, Herwig - To unsubscribe, e-mail: samba-user-unsubscr...@netlabs.org For additional commands, e-mail: samba-user-h...@netlabs.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE: Samba with ADS
On Monday 15 June 2009 8:14:39 pm James Zuelow wrote: -Original Message- From: samba-bounces+james_zuelow=ci.juneau.ak...@li sts.samba.org [mailto:samba-bounces+james_zuelow=ci.juneau. ak...@lists.samba .org] On Behalf Of McGranahan, Jamen Sent: Monday, 15 June, 2009 07:50 To: samba@lists.samba.org Subject: [Samba] Samba with ADS Environment: Sun Solaris 9 sparc Software: Samba-3.3.3, KRB5-1.6.3, OpenLDAP-2.4.11 Problem: Am trying to create shares with Samba so that users can map to folders on this server using Active Directory. I am successful in creating a Kerberos ticket; I can join the domain; and wbinfo -u and -g give me users in the AD. However, getent passwd only gives me a list of users on the server and not in the AD. The winbindd.log file has a lot of these lines: --8-- snip --8-- If you have any advice and/or guidance, I would greatly appreciate it. Thank you! The getent passwd trouble may be a red herring. If you do not have these lines in smb.conf Winbind enum users = Yes Winbind enum groups = Yes Then wbinfo -u will work, but getent passwd will not. Generally you want to leave enumumerating users and groups turned off (the default) on larger domains. In my experience having them turned on can delay share access, restart times, etc. However enumerating users and groups so that getent passwd works is not necessary for shares to work correctly or users to map drives in AD. (At least this is true for Debian, I don't know about Solaris.) James -- It's been a very long time since I installed and ran Samba on Solaris. That said, are nsswitch.conf and resolv.conf correctly configured? Is your Solaris clock synced with the AD server? And, as James suggested, are Winbind enum users and Winbind enum groups set to Yes? HTH. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE: Samba with ADS
Environment: Sun Solaris 9 sparc Software: Samba-3.3.3, KRB5-1.6.3, OpenLDAP-2.4.11 Problem: Am trying to create shares with Samba so that users can map to folders on this server using Active Directory. I am successful in creating a Kerberos ticket; I can join the domain; and wbinfo -u and -g give me users in the AD. However, getent passwd only gives me a list of users on the server and not in the AD. The winbindd.log file has a lot of these lines: [2009/06/15 10:41:59, 0] winbindd/winbindd.c:request_len_recv(616) request_len_recv: Invalid request size received: 2088 (expected 2096) [2009/06/15 10:43:29, 0] winbindd/winbindd.c:request_len_recv(616) request_len_recv: Invalid request size received: 2088 (expected 2096) [2009/06/15 10:47:54, 0] winbindd/winbindd.c:request_len_recv(616) request_len_recv: Invalid request size received: 2088 (expected 2096) [2009/06/15 10:47:54, 0] winbindd/winbindd.c:request_len_recv(616) request_len_recv: Invalid request size received: 2088 (expected 2096) [2009/06/15 10:47:54, 0] winbindd/winbindd.c:request_len_recv(616) request_len_recv: Invalid request size received: 2088 (expected 2096) If you have any advice and/or guidance, I would greatly appreciate it. Thank you! I don't think you need to use winbind. In all of my situations, winbind only got in the way, and I always have more success with winbind disabled. It's been a while since I read what winbind was for - I think it's meant to keep track of UID/username mappings, to ensure consistency among multiple samba servers if you have more than one. For this purpose, I just use the regular passwd files or NIS, both of which I think are more reliable and simpler to manage. Instead of winbind, I just use net join -w DOMAIN -U administrator and use smb.conf like this: [global] workgroup = DOMAIN realm = DOMAIN.COM server string = Samba Server security = DOMAIN log file = /var/samba/log/log.%m max log size = 50 unix extensions = No load printers = No printcap name = /dev/null dns proxy = No wins server = 192.168.x.y ldap ssl = no create mask = 0660 security mask = 0660 directory mask = 0770 directory security mask = 0770 [share] path = /share read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE: Samba with ADS
-Original Message- From: samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba.org [mailto:samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba .org] On Behalf Of McGranahan, Jamen Sent: Monday, 15 June, 2009 07:50 To: samba@lists.samba.org Subject: [Samba] Samba with ADS Environment: Sun Solaris 9 sparc Software: Samba-3.3.3, KRB5-1.6.3, OpenLDAP-2.4.11 Problem: Am trying to create shares with Samba so that users can map to folders on this server using Active Directory. I am successful in creating a Kerberos ticket; I can join the domain; and wbinfo -u and -g give me users in the AD. However, getent passwd only gives me a list of users on the server and not in the AD. The winbindd.log file has a lot of these lines: --8-- snip --8-- If you have any advice and/or guidance, I would greatly appreciate it. Thank you! The getent passwd trouble may be a red herring. If you do not have these lines in smb.conf Winbind enum users = Yes Winbind enum groups = Yes Then wbinfo -u will work, but getent passwd will not. Generally you want to leave enumumerating users and groups turned off (the default) on larger domains. In my experience having them turned on can delay share access, restart times, etc. However enumerating users and groups so that getent passwd works is not necessary for shares to work correctly or users to map drives in AD. (At least this is true for Debian, I don't know about Solaris.) James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Samba and LDAP
Pete Clapham peteclap...@sbcglobal.net wrote in message news:992435.73367...@web80508.mail.mud.yahoo.com... Hi, all -- I am trying to set up an additional domain server within my network using SAMBA and LDAP. There's a problem that I think is with LDAP. If any of you have set up a system like this, I would appreciate your expertise. What documentation are you using? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Samba share of a NFS mount
On Tue, 05 May 2009 07:42:33 +0800, Michael Heydon micha...@jaswin.com.au wrote: Tim Boyer wrote: The easiest way to do so is to NFS mount the directory on my Samba server, and export the directory as a Samba share. It's been a while and I don't remember the specifics, but there are problems relating to locking when you do this. From memory it is OK as long as the samba server is the only NFS client accessing that share, but as soon as you have an NFS client accessing files that the samba clients have open things start to get messy. The proper way to do it is to run a samba server on the NFS server itself. *Michael Heydon - IT Administrator * micha...@jaswin.com.au mailto:micha...@jaswin.com.au I think that's the consensus. Dang, and here I was trying my best to avoid doing things the proper way... Thanks, Michael. -- tim boyer t...@denmantire.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: Samba does not change UNIX password after OpenLDAP server upgraded
David Markey wrote: 2009/04/30 23:38:42, 2] passdb/pdb_ldap.c:ldapsam_modify_entry(1590) ldap password change requested, but LDAP server does not support it -- ignoring 1st, are the ldap libraries samba is compiled with the same as the ldap server? The LDAP libraries on the Samba server are OpenLDAP 2.2 while the LDAP server is OpenLDAP 2.4 Are the 2.2 libraries supposed to work with the 2.4 server? 2nd, possibly change password-hash {CRYPT} to password-hash {SSHA} im not sure if password-crypt-salt-format $1$%.2s is needed with {SSHA} I will setup a test environment to further investigate the problem. I do not want to mess up the production system. I'll update you with my findings. Thanks! John Du wrote: David Markey wrote: John Du wrote: David Markey wrote: John Du wrote: David Markey wrote: I would imagine that you'll need to re-jig your ACLs in slapd.conf, Please supply logs. Thank you very much. I can use /opt/IDEALX/sbin/smbldap-passwd to change both the Windows and UNIX password. If the problem is ACL related, wouldn't I have the same problem with this tool? When samba changes passwords, does the process run as root or as the user making the passwords change? If you're using smbldap-passwd and unix password sync, it's done as root. ldap passwd sync is done as the LDAP dn that you've configured in smb.conf. It's much preferable to use ldap passwd sync. I did not make myself clear. When I say I can use smbldap-passwd to change password, I mean I can run the tool from the command line as root. If I use smbldap-passwd and unix passwd sync in smb.conf, I get a you do not have permission to change password message when attempting to change password. So at this time I am still using ldap passwd sync in smb.conf and that is when it only changes the Windows password. Does the userPassword attribute require different ACL than sambaNTPassword? Also the dn I put in smb.conf is the root DN of the LDAP database. That is strange, LDAP password updates are done via EXOP, have you defined a password hash in slapd.conf? Re: smbldap-passwd, you need to have a proper passwd chat in smb.conf, Let us see some logs, smb.conf and maybe slapd.conf and perhaps slapd logs. My thanks to David and all who have responded to my questions. I have identified where and what the problem is but I am not sure it is a Samba problem or OpenLDAP problem. I am trying to give you a clear picture. 1. unix passwd sync works perfectly. I replaced ldap passwd sync = Yes with: unix password sync = Yes passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u passwd chat = Changing UNIX password for*\nNew password* %n\n *Retype new password* %n\n No changes on the OpenLDAP side. Users can change their Windows and LDAP password correctly all the time. 2. ldap passwd sync = Yes does not change the LDAP password but it changes the Windows password OK. 2.1 OpenLDAP with some ACLs defined. When the OpenLDAP server has some ACLs defined, the samba server logs the following: 2009/04/30 23:38:42, 2] passdb/pdb_ldap.c:ldapsam_modify_entry(1590) ldap password change requested, but LDAP server does not support it -- ignoring The LDAP password is not changed. 2.2 When no ACLs are defined in slapd.conf. [2009/04/30 23:43:03, 10] lib/smbldap.c:smbldap_extended_operation(1525) Extended operation failed with error: 80 (Internal (implementation specific) error) (password hash failed) [2009/04/30 23:43:03, 0] passdb/pdb_ldap.c:ldapsam_modify_entry(1651) ldapsam_modify_entry: LDAP Password could not be changed for user johndu: Internal (implementation specific) error password hash failed Hash is defined in slapd.conf as follows: password-hash {CRYPT} password-crypt-salt-format $1$%.2s The Windows user will get a the user name or old password is incorrect message in this case. The LDAP root DN is used all the time everywhere. I can mail the complete log files to you if they can help you to determine the cause of the problem. There seems to be some compatibility issues between the LDAP server and the Samba server. Logically I think if the IDEALX tool works the samba server's internal LDAP functions should work as well. Let me know if you any further information from me. Wish you all to have a good weekend! John Thanks! Thanks again. John Du wrote: John Du wrote: Hi, I have been running Samba with OpenLDAP for a few years. We recently upgrade the OpenLDAP server from 2.2.13 to 2.4.11. When users change their passwords now, only the Windows password is changed the UNIX password is
Re: [Samba] Re: Samba does not change UNIX password after OpenLDAP server upgraded
2009/04/30 23:38:42, 2] passdb/pdb_ldap.c:ldapsam_modify_entry(1590) ldap password change requested, but LDAP server does not support it -- ignoring 1st, are the ldap libraries samba is compiled with the same as the ldap server? 2nd, possibly change password-hash {CRYPT} to password-hash {SSHA} im not sure if password-crypt-salt-format $1$%.2s is needed with {SSHA} John Du wrote: David Markey wrote: John Du wrote: David Markey wrote: John Du wrote: David Markey wrote: I would imagine that you'll need to re-jig your ACLs in slapd.conf, Please supply logs. Thank you very much. I can use /opt/IDEALX/sbin/smbldap-passwd to change both the Windows and UNIX password. If the problem is ACL related, wouldn't I have the same problem with this tool? When samba changes passwords, does the process run as root or as the user making the passwords change? If you're using smbldap-passwd and unix password sync, it's done as root. ldap passwd sync is done as the LDAP dn that you've configured in smb.conf. It's much preferable to use ldap passwd sync. I did not make myself clear. When I say I can use smbldap-passwd to change password, I mean I can run the tool from the command line as root. If I use smbldap-passwd and unix passwd sync in smb.conf, I get a you do not have permission to change password message when attempting to change password. So at this time I am still using ldap passwd sync in smb.conf and that is when it only changes the Windows password. Does the userPassword attribute require different ACL than sambaNTPassword? Also the dn I put in smb.conf is the root DN of the LDAP database. That is strange, LDAP password updates are done via EXOP, have you defined a password hash in slapd.conf? Re: smbldap-passwd, you need to have a proper passwd chat in smb.conf, Let us see some logs, smb.conf and maybe slapd.conf and perhaps slapd logs. My thanks to David and all who have responded to my questions. I have identified where and what the problem is but I am not sure it is a Samba problem or OpenLDAP problem. I am trying to give you a clear picture. 1. unix passwd sync works perfectly. I replaced ldap passwd sync = Yes with: unix password sync = Yes passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u passwd chat = Changing UNIX password for*\nNew password* %n\n *Retype new password* %n\n No changes on the OpenLDAP side. Users can change their Windows and LDAP password correctly all the time. 2. ldap passwd sync = Yes does not change the LDAP password but it changes the Windows password OK. 2.1 OpenLDAP with some ACLs defined. When the OpenLDAP server has some ACLs defined, the samba server logs the following: 2009/04/30 23:38:42, 2] passdb/pdb_ldap.c:ldapsam_modify_entry(1590) ldap password change requested, but LDAP server does not support it -- ignoring The LDAP password is not changed. 2.2 When no ACLs are defined in slapd.conf. [2009/04/30 23:43:03, 10] lib/smbldap.c:smbldap_extended_operation(1525) Extended operation failed with error: 80 (Internal (implementation specific) error) (password hash failed) [2009/04/30 23:43:03, 0] passdb/pdb_ldap.c:ldapsam_modify_entry(1651) ldapsam_modify_entry: LDAP Password could not be changed for user johndu: Internal (implementation specific) error password hash failed Hash is defined in slapd.conf as follows: password-hash {CRYPT} password-crypt-salt-format $1$%.2s The Windows user will get a the user name or old password is incorrect message in this case. The LDAP root DN is used all the time everywhere. I can mail the complete log files to you if they can help you to determine the cause of the problem. There seems to be some compatibility issues between the LDAP server and the Samba server. Logically I think if the IDEALX tool works the samba server's internal LDAP functions should work as well. Let me know if you any further information from me. Wish you all to have a good weekend! John Thanks! Thanks again. John Du wrote: John Du wrote: Hi, I have been running Samba with OpenLDAP for a few years. We recently upgrade the OpenLDAP server from 2.2.13 to 2.4.11. When users change their passwords now, only the Windows password is changed the UNIX password is not changed anymore. Samba server does not log any errors The samba configuration file did not change when the LDAP server was upgraded. I do have ldap passwd sync =Yes in smb.conf and it used to work fine. Has anyone seen this? If I use unix password sync = Yes passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n instead of
Re: [Samba] Re: Samba does not change UNIX password after OpenLDAP server upgraded
Am Samstag, 2. Mai 2009 05:31 schrieb John Du: David Markey wrote: ... My thanks to David and all who have responded to my questions. I have identified where and what the problem is but I am not sure it is a Samba problem or OpenLDAP problem. I am trying to give you a clear picture. 1. unix passwd sync works perfectly. I replaced ldap passwd sync = Yes with: unix password sync = Yes passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u passwd chat = Changing UNIX password for*\nNew password* %n\n *Retype new password* %n\n No changes on the OpenLDAP side. Users can change their Windows and LDAP password correctly all the time. 2. ldap passwd sync = Yes does not change the LDAP password but it changes the Windows password OK. 2.1 OpenLDAP with some ACLs defined. When the OpenLDAP server has some ACLs defined, the samba server logs the following: 2009/04/30 23:38:42, 2] passdb/pdb_ldap.c:ldapsam_modify_entry(1590) ldap password change requested, but LDAP server does not support it -- ignoring The LDAP password is not changed. 2.2 When no ACLs are defined in slapd.conf. [2009/04/30 23:43:03, 10] lib/smbldap.c:smbldap_extended_operation(1525) Extended operation failed with error: 80 (Internal (implementation specific) error) (password hash failed) [2009/04/30 23:43:03, 0] passdb/pdb_ldap.c:ldapsam_modify_entry(1651) ldapsam_modify_entry: LDAP Password could not be changed for user johndu: Internal (implementation specific) error password hash failed Hash is defined in slapd.conf as follows: password-hash {CRYPT} password-crypt-salt-format $1$%.2s # if crypt, then with MD5 password-crypt-salt-format '$1$%.8s' The Windows user will get a the user name or old password is incorrect message in this case. The LDAP root DN is used all the time everywhere. I can mail the complete log files to you if they can help you to determine the cause of the problem. There seems to be some compatibility issues between the LDAP server and the Samba server. Logically I think if the IDEALX tool works the samba server's internal LDAP functions should work as well. Let me know if you any further information from me. Wish you all to have a good weekend! John -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: Samba does not change UNIX password after OpenLDAP server upgraded
David Markey wrote: John Du wrote: David Markey wrote: John Du wrote: David Markey wrote: I would imagine that you'll need to re-jig your ACLs in slapd.conf, Please supply logs. Thank you very much. I can use /opt/IDEALX/sbin/smbldap-passwd to change both the Windows and UNIX password. If the problem is ACL related, wouldn't I have the same problem with this tool? When samba changes passwords, does the process run as root or as the user making the passwords change? If you're using smbldap-passwd and unix password sync, it's done as root. ldap passwd sync is done as the LDAP dn that you've configured in smb.conf. It's much preferable to use ldap passwd sync. I did not make myself clear. When I say I can use smbldap-passwd to change password, I mean I can run the tool from the command line as root. If I use smbldap-passwd and unix passwd sync in smb.conf, I get a you do not have permission to change password message when attempting to change password. So at this time I am still using ldap passwd sync in smb.conf and that is when it only changes the Windows password. Does the userPassword attribute require different ACL than sambaNTPassword? Also the dn I put in smb.conf is the root DN of the LDAP database. That is strange, LDAP password updates are done via EXOP, have you defined a password hash in slapd.conf? Re: smbldap-passwd, you need to have a proper passwd chat in smb.conf, Let us see some logs, smb.conf and maybe slapd.conf and perhaps slapd logs. My thanks to David and all who have responded to my questions. I have identified where and what the problem is but I am not sure it is a Samba problem or OpenLDAP problem. I am trying to give you a clear picture. 1. unix passwd sync works perfectly. I replaced ldap passwd sync = Yes with: unix password sync = Yes passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u passwd chat = Changing UNIX password for*\nNew password* %n\n *Retype new password* %n\n No changes on the OpenLDAP side. Users can change their Windows and LDAP password correctly all the time. 2. ldap passwd sync = Yes does not change the LDAP password but it changes the Windows password OK. 2.1 OpenLDAP with some ACLs defined. When the OpenLDAP server has some ACLs defined, the samba server logs the following: 2009/04/30 23:38:42, 2] passdb/pdb_ldap.c:ldapsam_modify_entry(1590) ldap password change requested, but LDAP server does not support it -- ignoring The LDAP password is not changed. 2.2 When no ACLs are defined in slapd.conf. [2009/04/30 23:43:03, 10] lib/smbldap.c:smbldap_extended_operation(1525) Extended operation failed with error: 80 (Internal (implementation specific) error) (password hash failed) [2009/04/30 23:43:03, 0] passdb/pdb_ldap.c:ldapsam_modify_entry(1651) ldapsam_modify_entry: LDAP Password could not be changed for user johndu: Internal (implementation specific) error password hash failed Hash is defined in slapd.conf as follows: password-hash {CRYPT} password-crypt-salt-format $1$%.2s The Windows user will get a the user name or old password is incorrect message in this case. The LDAP root DN is used all the time everywhere. I can mail the complete log files to you if they can help you to determine the cause of the problem. There seems to be some compatibility issues between the LDAP server and the Samba server. Logically I think if the IDEALX tool works the samba server's internal LDAP functions should work as well. Let me know if you any further information from me. Wish you all to have a good weekend! John Thanks! Thanks again. John Du wrote: John Du wrote: Hi, I have been running Samba with OpenLDAP for a few years. We recently upgrade the OpenLDAP server from 2.2.13 to 2.4.11. When users change their passwords now, only the Windows password is changed the UNIX password is not changed anymore. Samba server does not log any errors The samba configuration file did not change when the LDAP server was upgraded. I do have ldap passwd sync =Yes in smb.conf and it used to work fine. Has anyone seen this? If I use unix password sync = Yes passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n instead of ldappasswd sync, what access control do I have to add to the slapd.conf file? Thank you very much for your help! John I forgot to mention that the Samba version is 3.0.28 on EHEL4 kernel 2.6.9-42.0.2. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Samba does not change UNIX password after OpenLDAP server upgraded
John Du wrote: Hi, I have been running Samba with OpenLDAP for a few years. We recently upgrade the OpenLDAP server from 2.2.13 to 2.4.11. When users change their passwords now, only the Windows password is changed the UNIX password is not changed anymore. Samba server does not log any errors The samba configuration file did not change when the LDAP server was upgraded. I do have ldap passwd sync =Yes in smb.conf and it used to work fine. Has anyone seen this? If I use unix password sync = Yes passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n instead of ldappasswd sync, what access control do I have to add to the slapd.conf file? Thank you very much for your help! John I forgot to mention that the Samba version is 3.0.28 on EHEL4 kernel 2.6.9-42.0.2. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: Samba does not change UNIX password after OpenLDAP server upgraded
I would imagine that you'll need to re-jig your ACLs in slapd.conf, Please supply logs. John Du wrote: John Du wrote: Hi, I have been running Samba with OpenLDAP for a few years. We recently upgrade the OpenLDAP server from 2.2.13 to 2.4.11. When users change their passwords now, only the Windows password is changed the UNIX password is not changed anymore. Samba server does not log any errors The samba configuration file did not change when the LDAP server was upgraded. I do have ldap passwd sync =Yes in smb.conf and it used to work fine. Has anyone seen this? If I use unix password sync = Yes passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n instead of ldappasswd sync, what access control do I have to add to the slapd.conf file? Thank you very much for your help! John I forgot to mention that the Samba version is 3.0.28 on EHEL4 kernel 2.6.9-42.0.2. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: Samba does not change UNIX password after OpenLDAP server upgraded
David Markey wrote: I would imagine that you'll need to re-jig your ACLs in slapd.conf, Please supply logs. Thank you very much. I can use /opt/IDEALX/sbin/smbldap-passwd to change both the Windows and UNIX password. If the problem is ACL related, wouldn't I have the same problem with this tool? When samba changes passwords, does the process run as root or as the user making the passwords change? Thanks again. John Du wrote: John Du wrote: Hi, I have been running Samba with OpenLDAP for a few years. We recently upgrade the OpenLDAP server from 2.2.13 to 2.4.11. When users change their passwords now, only the Windows password is changed the UNIX password is not changed anymore. Samba server does not log any errors The samba configuration file did not change when the LDAP server was upgraded. I do have ldap passwd sync =Yes in smb.conf and it used to work fine. Has anyone seen this? If I use unix password sync = Yes passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n instead of ldappasswd sync, what access control do I have to add to the slapd.conf file? Thank you very much for your help! John I forgot to mention that the Samba version is 3.0.28 on EHEL4 kernel 2.6.9-42.0.2. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: Samba does not change UNIX password after OpenLDAP server upgraded
John Du wrote: David Markey wrote: I would imagine that you'll need to re-jig your ACLs in slapd.conf, Please supply logs. Thank you very much. I can use /opt/IDEALX/sbin/smbldap-passwd to change both the Windows and UNIX password. If the problem is ACL related, wouldn't I have the same problem with this tool? When samba changes passwords, does the process run as root or as the user making the passwords change? If you're using smbldap-passwd and unix password sync, it's done as root. ldap passwd sync is done as the LDAP dn that you've configured in smb.conf. It's much preferable to use ldap passwd sync. Thanks again. John Du wrote: John Du wrote: Hi, I have been running Samba with OpenLDAP for a few years. We recently upgrade the OpenLDAP server from 2.2.13 to 2.4.11. When users change their passwords now, only the Windows password is changed the UNIX password is not changed anymore. Samba server does not log any errors The samba configuration file did not change when the LDAP server was upgraded. I do have ldap passwd sync =Yes in smb.conf and it used to work fine. Has anyone seen this? If I use unix password sync = Yes passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n instead of ldappasswd sync, what access control do I have to add to the slapd.conf file? Thank you very much for your help! John I forgot to mention that the Samba version is 3.0.28 on EHEL4 kernel 2.6.9-42.0.2. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: Samba does not change UNIX password after OpenLDAP server upgraded
David Markey wrote: John Du wrote: David Markey wrote: I would imagine that you'll need to re-jig your ACLs in slapd.conf, Please supply logs. Thank you very much. I can use /opt/IDEALX/sbin/smbldap-passwd to change both the Windows and UNIX password. If the problem is ACL related, wouldn't I have the same problem with this tool? When samba changes passwords, does the process run as root or as the user making the passwords change? If you're using smbldap-passwd and unix password sync, it's done as root. ldap passwd sync is done as the LDAP dn that you've configured in smb.conf. It's much preferable to use ldap passwd sync. I did not make myself clear. When I say I can use smbldap-passwd to change password, I mean I can run the tool from the command line as root. If I use smbldap-passwd and unix passwd sync in smb.conf, I get a you do not have permission to change password message when attempting to change password. So at this time I am still using ldap passwd sync in smb.conf and that is when it only changes the Windows password. Does the userPassword attribute require different ACL than sambaNTPassword? Also the dn I put in smb.conf is the root DN of the LDAP database. Thanks! Thanks again. John Du wrote: John Du wrote: Hi, I have been running Samba with OpenLDAP for a few years. We recently upgrade the OpenLDAP server from 2.2.13 to 2.4.11. When users change their passwords now, only the Windows password is changed the UNIX password is not changed anymore. Samba server does not log any errors The samba configuration file did not change when the LDAP server was upgraded. I do have ldap passwd sync =Yes in smb.conf and it used to work fine. Has anyone seen this? If I use unix password sync = Yes passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n instead of ldappasswd sync, what access control do I have to add to the slapd.conf file? Thank you very much for your help! John I forgot to mention that the Samba version is 3.0.28 on EHEL4 kernel 2.6.9-42.0.2. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: Samba does not change UNIX password after OpenLDAP server upgraded
On 1 mai 09, at 01:45, John Du wrote: David Markey wrote: John Du wrote: David Markey wrote: I would imagine that you'll need to re-jig your ACLs in slapd.conf, Please supply logs. Thank you very much. I can use /opt/IDEALX/sbin/smbldap-passwd to change both the Windows and UNIX password. If the problem is ACL related, wouldn't I have the same problem with this tool? When samba changes passwords, does the process run as root or as the user making the passwords change? If you're using smbldap-passwd and unix password sync, it's done as root. ldap passwd sync is done as the LDAP dn that you've configured in smb.conf. It's much preferable to use ldap passwd sync. I did not make myself clear. When I say I can use smbldap-passwd to change password, I mean I can run the tool from the command line as root. If I use smbldap-passwd and unix passwd sync in smb.conf, I get a you do not have permission to change password message when attempting to change password. So at this time I am still using ldap passwd sync in smb.conf and that is when it only changes the Windows password. Does the userPassword attribute require different ACL than sambaNTPassword? Also the dn I put in smb.conf is the root DN of the LDAP database. That's weird. The root DN has complete access to the DB (ACLs do not apply to it). However, maybe you can definitely rule out an ACL problem by puting 'access to * by * write' as your first backend specific ACL and test. If you have the same problem with this setting then it is not ACL related. Regards, Thierry Thanks! Thanks again. John Du wrote: John Du wrote: Hi, I have been running Samba with OpenLDAP for a few years. We recently upgrade the OpenLDAP server from 2.2.13 to 2.4.11. When users change their passwords now, only the Windows password is changed the UNIX password is not changed anymore. Samba server does not log any errors The samba configuration file did not change when the LDAP server was upgraded. I do have ldap passwd sync =Yes in smb.conf and it used to work fine. Has anyone seen this? If I use unix password sync = Yes passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n instead of ldappasswd sync, what access control do I have to add to the slapd.conf file? Thank you very much for your help! John I forgot to mention that the Samba version is 3.0.28 on EHEL4 kernel 2.6.9-42.0.2. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Samba configuration options when using with FUSE file system
Jeremy, Thank you very much for the back reference. Your solution works like a charm. -- James Casey On Fri, 2009-04-24 at 00:12 -0700, Jeremy Allison wrote: On Thu, Apr 23, 2009 at 11:44:00AM -0500, Jim Casey wrote: It seems that metadata operations involved in writing new files into the same directory become increasingly expensive as the number of files grows larger. Determining whether a file exists in a directory (in our case this will never be true since we are always writing new files) seems like it should be a simple operation, but in fact seems to involve a huge number of opendir-readdir-closedir calls. I am using Samba to share a FUSE filesystem for which these directory operations are very expensive compared to file systems like ext3. Are there configuration options in Samba that would help us out in this case, perhaps by caching directory information or some such? Thank you for any assistance you are able to provide. See my post on large numbers of files in a directory: http://lists.samba.org/archive/samba-technical/2005-February/039409.html Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Samba configuration options when using with FUSE file system
On Thu, Apr 23, 2009 at 11:44:00AM -0500, Jim Casey wrote: It seems that metadata operations involved in writing new files into the same directory become increasingly expensive as the number of files grows larger. Determining whether a file exists in a directory (in our case this will never be true since we are always writing new files) seems like it should be a simple operation, but in fact seems to involve a huge number of opendir-readdir-closedir calls. I am using Samba to share a FUSE filesystem for which these directory operations are very expensive compared to file systems like ext3. Are there configuration options in Samba that would help us out in this case, perhaps by caching directory information or some such? Thank you for any assistance you are able to provide. See my post on large numbers of files in a directory: http://lists.samba.org/archive/samba-technical/2005-February/039409.html Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: samba Digest, Vol 76, Issue 10
On Sat, Apr 11, 2009 at 08:44:01AM +0200, Alex Thurley wrote: I wonder if somebody has a correctly working SMB service in Mac OS X Server 10.5.x. I've got here lots of This process has forked.. and Broken Pipe errors as described in this post: http://www.afp548.com/forum/viewtopic.php?showtopic=22295 Would be nice if a Samba-guru could point us to the right direction. This seems to come from a samba module called odsam that is not part of upstream Samba. The corresponding patch is available from http://www.opensource.apple.com/darwinsource/10.5.6/samba-187.8/patches/auth-module-open-directory but has not been submitted by Apple for upstream Samba. In fact, it carries a Copyright (C) 2003-2007 Apple Inc. All Rights Reserved. which to me seems quite interesting for GPL code :-) Please contact your Apple support for help with this issue. Thanks, Volker pgp2FgRzCQyQi.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: samba Digest, Vol 76, Issue 10
Dear List, I wonder if somebody has a correctly working SMB service in Mac OS X Server 10.5.x. I've got here lots of This process has forked.. and Broken Pipe errors as described in this post: http://www.afp548.com/forum/viewtopic.php?showtopic=22295 Would be nice if a Samba-guru could point us to the right direction. Thanks, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: samba Digest, Vol 76, Issue 10
On Sat, Apr 11, 2009 at 10:06:21AM +0200, Volker Lendecke wrote: On Sat, Apr 11, 2009 at 08:44:01AM +0200, Alex Thurley wrote: I wonder if somebody has a correctly working SMB service in Mac OS X Server 10.5.x. I've got here lots of This process has forked.. and Broken Pipe errors as described in this post: http://www.afp548.com/forum/viewtopic.php?showtopic=22295 Would be nice if a Samba-guru could point us to the right direction. This seems to come from a samba module called odsam that is not part of upstream Samba. The corresponding patch is available from http://www.opensource.apple.com/darwinsource/10.5.6/samba-187.8/patches/auth-module-open-directory but has not been submitted by Apple for upstream Samba. In fact, it carries a Copyright (C) 2003-2007 Apple Inc. All Rights Reserved. which to me seems quite interesting for GPL code :-) The All Rights Reserved bit is rather silly, being as it's GPL code :-). Can't go upstream with that (C) I'm afraid. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: samba Digest, Vol 76, Issue 10
2009/4/10 Alex Thurley alex.thur...@bonn-is.de: Dear List, I wonder if somebody has a correctly working SMB service in Mac OS X Server 10.5.x. I've got here lots of This process has forked.. This is because a call to the Security framework touches a part of CoreFoundation that is unhappy that Samba forks without a subsequent exec. It's annoying but harmless. and Broken Pipe errors as described in this post: http://www.afp548.com/forum/viewtopic.php?showtopic=22295 Not really enough info to say what is happening here. the broken pipe means that the client disconnected unexpectedly, but it's not clear why. As some of the posters in that thread note, there is a bug in the streams module where we return an error for reads after the end-of-file (we ought to succeed but return no data). Would be nice if a Samba-guru could point us to the right direction. Volker's suggestion to file a Radar with Apple is spot on. -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Samba logs fill up disk with inotify errors, smbd 100% CPU
Günter Kukkukk wrote: looks like a buggy kernel. There have been kernel issues with inotify: http://ubuntuforums.org/showthread.php?t=655504 https://bugzilla.novell.com/show_bug.cgi?id=463372 Google will return more results... Cheers, Günter Thanks for the reply. After more than a week with notify:inotify = false in [global], the problem has not re-appeared. I'll still give it another week, but it does indeed point to some inotify kernel issue. Now, I have two options: 1) provided that the latest Ubuntu 8.04 kernel solves the issue, I update the kernel on the system. This would require stopping and messing up with the system, which may not be all that safe. 2) I leave notify:inotify = false in [global], since that seems to fix it. However, what risk am I taking ? What does this option do (or what does it not do ?), and what may be the problem with leaving it that way ? I'm looking forward to any comments on this ! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: Samba logs fill up disk with inotify errors, smbd 100% CPU
On Thu, Mar 26, 2009 at 10:59:39AM +0100, Stephane Carre wrote: 2) I leave notify:inotify = false in [global], since that seems to fix it. However, what risk am I taking ? What does this option do (or what does it not do ?), and what may be the problem with leaving it that way ? Your users will not automatically see files show up in their explorer Windows when they are created from Unix processes. They will have to press F5 to get the updated view. Files dropped there via other Samba clients should still show up automatically, this is handled by Samba itself. Volker pgpzTBHXZYM5r.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: samba
disculpen, el samba esta sobre una distribucion de ubuntu, el directorio activo esta sobre windows server 2003, la idea es que se pueda compartir una carpeta en linux donde los usuarios validos a acceder a ella sean los usuarios del directorio activo de windows salu2s -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Samba mailing list questions regarding Group Policy
Nick Pappin wrote: Can someone clarify Samba's abilities/limitations in regards to running Samba as a PDC with Windows XP user/machine policies (Group Policy/NT Policy... whatever kind is possible). A couple specifics that would be helpful to touch on: - Can I apply different settings to certain groups of users/computers? If so will they still receive the all encompassing settings that apply to all users/computers? - What kinds of settings can I change? am I limited to NT4 .POL templates that I can find on the net? Can I modify any/all registry keys under HKLocalMachine and/or HKCurrentUser? Or can I use adm type files that I see people talking about? Thanks P.S. Any good howto links would be much appreciated! Nick, This is not a subject that fits the samba-technical horizon. Please keep this discussion on the samba list. Samba3 is like NT4. Any policy that can be implemented under NT4 will work nicely with Samba3 domains. The methods that can be used to control Windows client user and group restrictions (policies) includes the following: a) Use of the NTConfig.pol file (stored in the root of the Netlogon share) b) Use of Roaming Profiles (stored in the Profiles share) c) Use of Mandatory Roaming Profiles (stored in the Profiles share) d) Use of Network Default User Profiles (stored in the root of the Netlogon share) e) Use of Samba's smarts to limit how each of these may be reached. In this case your share path for the profiles share, or for the NetLogon share can make use of: path = /home/profiles/%g or path = /home/profiles/%a or path = /home/netlogon/%g Please update yourself on the Microsoft KB articles regarding Mandatory v's User, v's Group profiles settings. Each profile (NTUser.DAT file) contains a copy of the HKCU (current user) profile tree. Anything that can be edited in that registry tree can be handled through one of the above mechanisms. None of the above (other than the path switching logic) involves Samba. All use nothing other than NT4 profile handling configuration and controls. I hope this helps. - John T. -- John H Terpstra If at first you don't succeed, don't go sky-diving! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Samba LDAP troubleshooting
Brad C bradleydanec...@gmail.com wrote in message news:2d2102ba0903130148g251b0e70l7fc2f48894730...@mail.gmail.com... Hello On the topic, anyone have a good book to recommend on Samba, I feel I am only using 10% of its capability and not really well at that... something is staring me in the face and Im missing it. The best books I have seen are the Official How To and Samba by Example. Both are available in the Learn Samba section at www.samba.org. You can purchase Samba by Example in book stores. It is also available online at Amazon or Barnes and Noble. Samba by Example gives you step by step instructions re: setting up various types of Samba machines. The Official How To explains a lot of the concepts re: how Samba works. You can use Samba by Example to learn how to set up a PDC. You can then use the Offical How To in order to get a deeper understanding of how SID's work or how Linux to Windows user mapping works. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: Samba LDAP troubleshooting
Hi Jamrock, Thanks for the advice. Kind Regards Brad On Fri, Mar 13, 2009 at 2:35 PM, jamrock news_jamr...@yahoo.com wrote: Brad C bradleydanec...@gmail.com wrote in message news:2d2102ba0903130148g251b0e70l7fc2f48894730...@mail.gmail.com... Hello On the topic, anyone have a good book to recommend on Samba, I feel I am only using 10% of its capability and not really well at that... something is staring me in the face and Im missing it. The best books I have seen are the Official How To and Samba by Example. Both are available in the Learn Samba section at www.samba.org. You can purchase Samba by Example in book stores. It is also available online at Amazon or Barnes and Noble. Samba by Example gives you step by step instructions re: setting up various types of Samba machines. The Official How To explains a lot of the concepts re: how Samba works. You can use Samba by Example to learn how to set up a PDC. You can then use the Offical How To in order to get a deeper understanding of how SID's work or how Linux to Windows user mapping works. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Fw: Antwort: RE: [Samba] Re: Samba + Vista Issue
So it seems we've found the problem - just in case someone else encounters it. We had previously joined the Server with net ads join, and the attributes were still present in active directory, and the vista client tryed to force a kerberos blob on the samba server - which was promptly ignored/rejected. The solution was deleting the AD entry for the server and re-joining. Mit freundlichen Grüßen Howard ALLISON samba-bounces+howard.allison=pva.sozvers...@lists.samba.org wrote on 26.11.2008 11:02:13: Howard Allison howard.alli...@pva.sozvers.at Gesendet von: samba-bounces +howard.allison=pva.sozvers...@lists.samba.org 26.11.2008 11:02 An samba list samba@lists.samba.org Kopie Thema RE: [Samba] Re: Samba + Vista Issue Hi, Name resolution is working correctly, this is something I checked very early in my investigation. If I use net use with the ip address the drive is mapped straight away. If I use net use with the dns name I am prompted to enter my credentials. Regards Adam -Original Message- From: samba-bounces+adam.stirk=brantano.co...@lists.samba.org [mailto:samba-bounces+adam.stirk=brantano.co...@lists.samba.org] On Behalf Of Peter Slickers Sent: 18 November 2008 23:34 To: samba list Subject: [Samba] Re: Samba + Vista Issue Adam Stirk wrote: I'm experiencing a problem with samba v3.2.4 and windows vista. If I access my samba share via the ip address e.g. \\192.168.0.1\share file:///\\192.168.0.1\share windows will authenticate against the samba server and bring the share up, but if I use the dns name e.g. \\server.domain.local\share file:///\\server.domain.local\share i'm faced with the logon box. I guess that name resolution is not working properly. Please open the command line interface on your Vista box and type the following commands: ping server.domain.local ping server If that is successful, try the 'net use' command: net use server Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Hi, we're having exactly the same problem here - only with Vista... and solutions found? I've tryed all of the usual Vista fixes to no avail, DNS works fine Thanks Howard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- VERTRAULICHKEIT: Diese Nachricht ist ausschließlich für denjenigen bestimmt, an den sie adressiert ist und kann vertrauliche Informationen enthalten. Falls Sie nicht der Empfänger dieser Nachricht sind, weisen wir Sie darauf hin, dass die unberechtigte Weitergabe oder Verwendung sowie das unberechtigte Verteilen oder Kopieren dieser Nachricht strikt untersagt sind. Falls Sie diese Nachricht irrtümlich erhalten haben, vernichten Sie sie bitte sofort. CONFIDENTIALITY: This message is intended only for the use of the individuality or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure. If you are not the intended recipient you are notified that any dissemination, distribution, use or copying of this communication is strictly prohibited. If you received this message in error, please immediately destroy this message. To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Samba AD auth - Backup?
Mark Adams m...@campbell-lange.net wrote in message news:20090227122641.ga4...@campbell-lange.net... Hi All, I haven't been able to track down any info on this so would be appreciative of any input. Links to any info on this would also be appreciated. Samba 3.2.5, Debian 5.0 Question 1; Is there any way of setting up a backup windows domain controller in the samba config? so if they main dc is not available, it automatically queries the backup? Take a look at Samba by Example chapter 5 Making Happy Users. Great info. on setting up PDC's and BDC's. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: samba can not contact the ldap server
robert rottermann rob...@redcor.ch wrote in message news:499bffca.8070...@redcor.ch... hi there, I am working trough a tutorial on setting up samba and ldbap on a suses 11.1 box everything worked fine so far but now samba can not contact the the ldap server. all command trying it issue the following error message. Failed to issue the StartTLS instruction: Can't contact LDAP server how can I trace down what causes this? Have you configured nss_ldap? You could try testing Samba without ssl enabled in LDAP or the smb.conf. If it can connect without using ssl then you need to trouble shoot ssl. If it cannot connect without ssl then you need to look at your nss_ldap settings. Setting up nss_ldap involves configuring the /etc/ldap.conf and /etc/nsswitch.conf files. I would recommend using Samba by Example. It is available at www.samba.org in the Learn Samba section. Take a look at Chapter 5 Making Happy Users. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Samba password problem when in domain
Koen Vermeer k.vermeer at i-optics.net writes: In our network, I have set up a samba server in a workgroup. We're now migrating to a domain, using SBS 2003. When I locally login on XP and access the samba server, it works just fine. But, when I login on the domain and then try to access the same samba box, it doesn't accept my password. An extra observation: When I login on the domain as another user and then try to access the samba server as the original user, it does accept my password. Best, Koen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.28a on Ubuntu LTS 8.01 and Vista sp1 offline files (now testing with Samba 3.2.7).
No, 3.2.7 didn't help. Still creating these .tmp files We're testing with a cloned VM and a new Vista SP1 VM to see if it's the PC. It worked fine, but when the suspect PC goes back tp syncing against a Vista PC with Shares no .tmp files are created. So this must be something the Samba is/isn't doing. On 16/01/2009, Jeremy Allison j...@samba.org wrote: On Fri, Jan 16, 2009 at 08:28:36PM +, Gavin Henry wrote: Hi All, We're really having problems with Offline Files/Folders and Vista sp1 laptops/desktops. We working with Microsoft just now to debug this as we're registered partners (for testing Samba/LDAP etc.). We now have a massive thread going in the private Vista 4-hr response support forums and we're on to log files debugging Vista side. We've cleared CSC etc. applied the following: http://blogs.technet.com/filecab/archive/2007/03/16/using-offline-files-with-samba-emc-servers-nas-devices.aspx We applied the registry patch and oplocks settings (even though most are on by default). The map settings olny allowed directories to be shown for some reason though, so we disabled. For now the customer has switched back to doing offline files against a Vista Desktop that is sharing out folders and there are no .tmp files being created anymore, so must be something Samba side. We also compiled up 3.2.7 and are now running it in the hope 3.0.28a is somehow missing the patch that Jeremy did in 2007 to fix this previously. Did this help ? Jeremy. -- Sent from my mobile device http://www.suretecsystems.com/services/openldap/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.2.5 and vscan-clamav.so
Hi Andrzej, try the patch create by me and Leonardo available in https://sourceforge.net/tracker/?func=detailatid=310590aid=2521012group_id=10590 and post your comments. This solution worked fine for us. We use Samba 3.2.5, Samba-vscan and Clamav on a Debian Etch amd64 server. Clever Jr. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.2.5 and vscan-clamav.so
Hello Thomas I know that is old module but it is very handy. I patched samba-vscan with your patch but I can't compile it: ~/samba-3.2.5/source/include/proto.h: In function ‘vfs_scannedonly_init’: ~/samba-3.2.5/source/include/proto.h:5216: error: ‘scannedonly_op_tuples’ undeclared (first use in this function) ~/samba-3.2.5/source/include/proto.h:5216: error: (Each undeclared identifier is reported only once ~/samba-3.2.5/source/include/proto.h:5216: error: for each function it appears in.) ~/samba-3.2.5/source/include/proto.h:5216: error: incompatible types in return ~/samba-3.2.5/source/include/proto.h: At top level: ~/samba-3.2.5/source/include/proto.h:10185: error: conflicting types for ‘smb_register_vfs’ ~/samba-3.2.5/source/include/proto.h:5216: error: previous implicit declaration of ‘smb_register_vfs’ was here :( I build dazuko, it should be a little bit faster than samba-vscan, and I hope it will work for me. However samba-vscan have got nice features like notification via winpopup or possibility of using libclamav instead clamd, which dazuko haven't got. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba on quad core vs dual core
Samba will use all the cores you can give it - so long as you have at least more clients than cores. Jeremy. While I have found that to be true in my environment, I have also found that MOST smbd's end up on Core 0 MOST of the time. This is true even if I am hammering a 10 Gigabit network adapter (i.e., sending out 700 MB/sec via Samba distributed to 30 users), with total CPU utilization only about 70 percent of one core. Maybe this is optimal behavior. I tried to start a thread on this list a while back about understanding what WOULD be optimal, and nobody had much to say. I think it would be an interesting discussion. NFS seems to make use of multicores in a more even way. That doesn't mean the NFS behavior is better. Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba on quad core vs dual core
On Tue, Dec 09, 2008 at 03:17:53PM -0500, Andy Liebman wrote: Samba will use all the cores you can give it - so long as you have at least more clients than cores. Jeremy. While I have found that to be true in my environment, I have also found that MOST smbd's end up on Core 0 MOST of the time. This is true even if I am hammering a 10 Gigabit network adapter (i.e., sending out 700 MB/sec via Samba distributed to 30 users), with total CPU utilization only about 70 percent of one core. Maybe this is optimal behavior. I tried to start a thread on this list a while back about understanding what WOULD be optimal, and nobody had much to say. I think it would be an interesting discussion. NFS seems to make use of multicores in a more even way. That doesn't mean the NFS behavior is better. smbd is a userspace process, so we don't do anything clever w.r.t. distributing ourselves across cores, only let the OS do it's stuff. I'm guessing in your case you're seeing the effects of the OS accumulating the network interrupt traffic on the one processor that's handling that card. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba on quad core vs dual core
On Tue, Dec 09, 2008 at 03:17:53PM -0500, Andy Liebman wrote: Samba will use all the cores you can give it - so long as you have at least more clients than cores. Jeremy. While I have found that to be true in my environment, I have also found that MOST smbd's end up on Core 0 MOST of the time. This is true even if I am hammering a 10 Gigabit network adapter (i.e., sending out 700 MB/sec via Samba distributed to 30 users), with total CPU utilization only about 70 percent of one core. Have you measured how much you can pump out over that adapter using raw tcp using, say, iperf or so? My guess would be that 700MBytes/second are not way off what it can do. Maybe this is optimal behavior. I tried to start a thread on this list a while back about understanding what WOULD be optimal, and nobody had much to say. If you really only use 70% of one core, then my feeling would be that this is indeed what you should expect for cache locality. But to say for sure a *lot* deeper investigations are necessary. Volker pgpN5HSmsd737.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba on quad core vs dual core
John Drescher wrote: On Mon, Dec 8, 2008 at 2:21 PM, John Drescher [EMAIL PROTECTED] wrote: On Mon, Dec 8, 2008 at 2:14 PM, Mark Nienberg [EMAIL PROTECTED] wrote: For a new file server that doesn't really do much other than run samba, is there any advantage to quad core CPUs vs dual core? Say the two options are equivalent in price. I have not seen much on my gigabit network (servers and clients). The cpu usage is generally low even on single core servers with 5 TB of software raid 5. With that said I did order a q9950 and a new motherboard to replace a single core system today but that was because of a stability problem and not for performance reasons. $450 US for the mobo (asus p5q pro + CPU is certainly not going to break the budget. I guess what I'm wondering is will samba actually use all those cores or will it just use one, in which case maybe I'd be better of with a faster dual core than a quad. You're right though, that the server I am replacing is an older single core chip and it doesn't have any trouble keeping up with demand, so probably any recent chip will work fine. Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba on quad core vs dual core
On Mon, Dec 08, 2008 at 02:28:19PM -0800, Mark Nienberg wrote: I guess what I'm wondering is will samba actually use all those cores or will it just use one, in which case maybe I'd be better of with a faster dual core than a quad. You're right though, that the server I am replacing is an older single core chip and it doesn't have any trouble keeping up with demand, so probably any recent chip will work fine. Samba will use all the cores you can give it - so long as you have at least more clients than cores. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba on quad core vs dual core
Jeremy Allison wrote: On Mon, Dec 08, 2008 at 02:28:19PM -0800, Mark Nienberg wrote: I guess what I'm wondering is will samba actually use all those cores or will it just use one, in which case maybe I'd be better of with a faster dual core than a quad. You're right though, that the server I am replacing is an older single core chip and it doesn't have any trouble keeping up with demand, so probably any recent chip will work fine. Samba will use all the cores you can give it - so long as you have at least more clients than cores. Jeremy. Excellent. Thanks for the information. Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba on quad core vs dual core
I guess what I'm wondering is will samba actually use all those cores or will it just use one, in which case maybe I'd be better of with a faster dual core than a quad. You're right though, that the server I am replacing is an older single core chip and it doesn't have any trouble keeping up with demand, so probably any recent chip will work fine. Each user gets its own samba process (and threads) so if there are more then 2 logged in users samba will definitely make use of the extra cores. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Samba + Vista Issue
I have not found a solution so far. The only thing that I have found is that my home Vista computer not attached to a domain connecting via IP DNS works fine. My company laptop attached to a domain IP works fine but not DNS. I will at some other point try another vista computer that is attached to the domain at work. If it doesn't I will try the same computer as a workgroup. If you want to try out my theory, can you let me know the results. Regards Adam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Allison Sent: 26 November 2008 10:02 To: samba list Subject: RE: [Samba] Re: Samba + Vista Issue Hi, Name resolution is working correctly, this is something I checked very early in my investigation. If I use net use with the ip address the drive is mapped straight away. If I use net use with the dns name I am prompted to enter my credentials. Regards Adam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Slickers Sent: 18 November 2008 23:34 To: samba list Subject: [Samba] Re: Samba + Vista Issue Adam Stirk wrote: I'm experiencing a problem with samba v3.2.4 and windows vista. If I access my samba share via the ip address e.g. \\192.168.0.1\share file:///\\192.168.0.1\share windows will authenticate against the samba server and bring the share up, but if I use the dns name e.g. \\server.domain.local\share file:///\\server.domain.local\share i'm faced with the logon box. I guess that name resolution is not working properly. Please open the command line interface on your Vista box and type the following commands: ping server.domain.local ping server If that is successful, try the 'net use' command: net use server Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Hi, we're having exactly the same problem here - only with Vista... and solutions found? I've tryed all of the usual Vista fixes to no avail, DNS works fine Thanks Howard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Samba + Vista Issue
Hi, Name resolution is working correctly, this is something I checked very early in my investigation. If I use net use with the ip address the drive is mapped straight away. If I use net use with the dns name I am prompted to enter my credentials. Regards Adam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Slickers Sent: 18 November 2008 23:34 To: samba list Subject: [Samba] Re: Samba + Vista Issue Adam Stirk wrote: I'm experiencing a problem with samba v3.2.4 and windows vista. If I access my samba share via the ip address e.g. \\192.168.0.1\share file:///\\192.168.0.1\share windows will authenticate against the samba server and bring the share up, but if I use the dns name e.g. \\server.domain.local\share file:///\\server.domain.local\share i'm faced with the logon box. I guess that name resolution is not working properly. Please open the command line interface on your Vista box and type the following commands: ping server.domain.local ping server If that is successful, try the 'net use' command: net use server Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Hi, we're having exactly the same problem here - only with Vista... and solutions found? I've tryed all of the usual Vista fixes to no avail, DNS works fine Thanks Howard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba conect/disconect/reconect when browsing or when freeze open/save dialogs
I test this socket options, but the problem persist. Anyone have an idea, why winxp station freeze for ~30 seconds the first time (and other times) access to samba network ? 2008/11/19 hamacker [EMAIL PROTECTED]: My smb.conf does not have this line : socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 So, SO_KEEPALIVE sounds good for my problem. Is it corrent add this line ? About socket options , I found this comment on google search : http://lists.samba.org/archive/samba/2007-February/129652.html Remove it completely. Sockey options should not be needed with Linux kernels 2.4 or layter. Check out your networking hardware - NICs, HUBs, Switches and cables - the quality of these have a significant impact on network performance. To resolv my problem, I really need socket options or not ? thanks a lot. 2008/11/19 hamacker [EMAIL PROTECTED]: Hi everybody, Recently, I change my server to anoter, but I copied all accounts linux/samba users to new one. I migrate from Ubuntu Server 8.04 to 8.10 server It's the same old smb.conf of old machine, but one new problem. When logon is OK, but wait 5 minutes or less and when connect remote drive for second time by explorer, windows says that not respoding, but wait 30 seconds and reconect drive again, no error, but some users dont wait, kill explorer/word/excell process thinking. I inspect samba logs, looking for timout, but it's normal, none message error. My samba version is Version 3.2.3, my distro is Ubuntu Server 8.10 [amd64] updated. My smb.conf (PCD) is : [global] unix charset = UTF8 workgroup = VIDY2005 server string = %h server (Samba %v) interfaces = 192.168.1.2, lo bind interfaces only = Yes obey pam restrictions = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Please*retype*new*password* %n\n *password*successfully*updated* username map = /etc/samba/smbusers unix password sync = Yes lanman auth = Yes client lanman auth = Yes syslog = 0 log file = /var/log/samba/log.%m.%U max log size = 1 max xmit = 65535 name resolve order = hosts wins bcast time server = Yes deadtime = 15 printcap name = cups add user script = /usr/sbin/useradd -m '%u' rename user script = /usr/sbin/usermod -l '%unew' '%uold' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/bin/gpasswd -a '%u' '%g' delete user from group script = /usr/bin/gpasswd -d '%u' '%g' set primary group script = /usr/sbin/usermod -g '%g' '%u' add machine script = /usr/sbin/adduser -n -r -g machines -c Samba machine -d /dev/null -s /bin/false %u logon script = scripts\%u.bat logon path = \\%L\profiles\%U logon home = /home/samba/netlogon domain logons = Yes os level = 100 preferred master = Yes domain master = Yes dns proxy = No wins server = 192.168.1.14 panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash admin users = @info, @ntadmin, gladiston, root, robson, administrador create mask = 0777 force create mode = 0777 force security mode = 0777 directory mask = 0777 force directory mode = 0777 force directory security mode = 0777 cups options = raw preserve case = No short preserve case = No veto files = /*.eml/*.nws/*.{*}/ hide files = /thumbs.db/Thumbs.db/autorun.inf/Autorun.inf/ veto oplock files = /*.odt/*.doc/*.xls/*.mdb/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Samba + Vista Issue
Hi, Name resolution is working correctly, this is something I checked very early in my investigation. If I use net use with the ip address the drive is mapped straight away. If I use net use with the dns name I am prompted to enter my credentials. Regards Adam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Slickers Sent: 18 November 2008 23:34 To: samba list Subject: [Samba] Re: Samba + Vista Issue Adam Stirk wrote: I'm experiencing a problem with samba v3.2.4 and windows vista. If I access my samba share via the ip address e.g. \\192.168.0.1\share file:///\\192.168.0.1\share windows will authenticate against the samba server and bring the share up, but if I use the dns name e.g. \\server.domain.local\share file:///\\server.domain.local\share i'm faced with the logon box. I guess that name resolution is not working properly. Please open the command line interface on your Vista box and type the following commands: ping server.domain.local ping server If that is successful, try the 'net use' command: net use server Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba conect/disconect/reconect when browsing or when freeze open/save dialogs
My smb.conf does not have this line : socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 So, SO_KEEPALIVE sounds good for my problem. Is it corrent add this line ? About socket options , I found this comment on google search : http://lists.samba.org/archive/samba/2007-February/129652.html Remove it completely. Sockey options should not be needed with Linux kernels 2.4 or layter. Check out your networking hardware - NICs, HUBs, Switches and cables - the quality of these have a significant impact on network performance. To resolv my problem, I really need socket options or not ? thanks a lot. 2008/11/19 hamacker [EMAIL PROTECTED]: Hi everybody, Recently, I change my server to anoter, but I copied all accounts linux/samba users to new one. I migrate from Ubuntu Server 8.04 to 8.10 server It's the same old smb.conf of old machine, but one new problem. When logon is OK, but wait 5 minutes or less and when connect remote drive for second time by explorer, windows says that not respoding, but wait 30 seconds and reconect drive again, no error, but some users dont wait, kill explorer/word/excell process thinking. I inspect samba logs, looking for timout, but it's normal, none message error. My samba version is Version 3.2.3, my distro is Ubuntu Server 8.10 [amd64] updated. My smb.conf (PCD) is : [global] unix charset = UTF8 workgroup = VIDY2005 server string = %h server (Samba %v) interfaces = 192.168.1.2, lo bind interfaces only = Yes obey pam restrictions = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Please*retype*new*password* %n\n *password*successfully*updated* username map = /etc/samba/smbusers unix password sync = Yes lanman auth = Yes client lanman auth = Yes syslog = 0 log file = /var/log/samba/log.%m.%U max log size = 1 max xmit = 65535 name resolve order = hosts wins bcast time server = Yes deadtime = 15 printcap name = cups add user script = /usr/sbin/useradd -m '%u' rename user script = /usr/sbin/usermod -l '%unew' '%uold' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/bin/gpasswd -a '%u' '%g' delete user from group script = /usr/bin/gpasswd -d '%u' '%g' set primary group script = /usr/sbin/usermod -g '%g' '%u' add machine script = /usr/sbin/adduser -n -r -g machines -c Samba machine -d /dev/null -s /bin/false %u logon script = scripts\%u.bat logon path = \\%L\profiles\%U logon home = /home/samba/netlogon domain logons = Yes os level = 100 preferred master = Yes domain master = Yes dns proxy = No wins server = 192.168.1.14 panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash admin users = @info, @ntadmin, gladiston, root, robson, administrador create mask = 0777 force create mode = 0777 force security mode = 0777 directory mask = 0777 force directory mode = 0777 force directory security mode = 0777 cups options = raw preserve case = No short preserve case = No veto files = /*.eml/*.nws/*.{*}/ hide files = /thumbs.db/Thumbs.db/autorun.inf/Autorun.inf/ veto oplock files = /*.odt/*.doc/*.xls/*.mdb/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba + Vista Issue
Adam Stirk wrote: I'm experiencing a problem with samba v3.2.4 and windows vista. If I access my samba share via the ip address e.g. \\192.168.0.1\share file:///\\192.168.0.1\share windows will authenticate against the samba server and bring the share up, but if I use the dns name e.g. \\server.domain.local\share file:///\\server.domain.local\share i'm faced with the logon box. I guess that name resolution is not working properly. Please open the command line interface on your Vista box and type the following commands: ping server.domain.local ping server If that is successful, try the 'net use' command: net use server Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba integration with nfs4 and kerberos
The kerberos is used for auth of the nfs4 and not of the samba users. Thus , I wish samba to kinit for the user logged in to use the nfs4 share. Is this possible? Benjamin Coddington wrote: Since authenticating to samba is frequently done via ntlm, you don't have credentials (no password, no keys) to kinit. If you're willing to add additional keytypes, you can use kcrap (www.spock.org/kcrap/) to at least authenticate ntlm to samba to kerberos. This runs an additional daemon on your kdc which looks up the equivalent arcfour-hmac key. From there its just an extra step to have the daemon send a TGT, and save it in a cache for gssd to find. I could probably send you a patch to do just that -- without any claims of security or completeness. B -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba LDAP, with XP and Linux clients
Dave, I went through the same process that you did, for the same reason if I understand you right - I wanted to have one central user database for authenticating both Windows clients and Linux (ie. posix) clients. My (Samba/Posix) LDAP server is implemented on Hardy Xubuntu and I use the smbldap-tools commands for creating user accounts, changing passwords, etc. and avoid using any other commands, but use Luma to check the LDAP data and change simple attribute values. I have recorded the process that I used in https://help.ubuntu.com/community/OpenLDAP-SambaPDC-OrgInfo-Posix . Maybe this might be of some help. Regards, David Collins - Forwarded message -- From: Dave Beach [EMAIL PROTECTED] To: samba@lists.samba.org Date: Thu, 2 Oct 2008 10:11:42 -0400 Subject: [Samba] Samba LDAP, with XP and Linux clients Hello - I'm not sure if this is the right place to ask, so if not I will be grateful to learn of a more appropriate mailing list. I have a Slackware box (2.6.26 kernel) running Samba 3.0.25b (yes, I know, I'll upgrade soon). This machine provides DC functionality for several Windows XP workstations in my house. I recently changed the backend password database to OpenLDAP (v2.3.33) specifically because I wanted to start introducing Linux clients to the domain as well. I thought everything went well with the database migration, and all the XP clients seemed to continue to interact with the DC normally (it may be relevant here to note that I only use local profiles on the workstations, and no roaming profiles at all). I brought up a Debian (v4.0.x) workstation, and am having problems authenticating on it with a valid domain username. My experiences are causing me to question whether I fully understand my own OpenLDAP implementation and Samba reconfiguration, along with the necessary additions of things like NSS, PAM, etc. I'd like to have a fairly detailed discussion of configurations and steps for just about all of these things, which is why I'm not sure this is exactly the right mailing list. I'd also be very willing to take a discussion offline to e-mail with anyone who may be willing to help out. So, before I post stuff that may be wildly off-topic, I thought I'd ask. Please let me know. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba 4 named.txt Configure Server-side DNS
On Fri, 2008-09-26 at 17:00 +0200, mustafa evelioglu wrote: I'm using debian etch, and my bind 9.3. Problem with: tkey-gssapi-credential DNS/krb.realm; tkey-domain KRB.REALM; Did I understand it. I'm not sure. Do I must upgrade to bind 9.5 or install 9.5? Yes. This option is only supported in the most recent versions of BIND. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba with 2 NICs
Avery Payne wrote: hamacker wrote: I did that. I test, and everything is OK. It's not misconfiguration. When 2 NICs bonded (or 2 NICs only enabled), WinXP can logon into domain and win95/98 can not. If I disable one NIC then any OS can logon into domain. I can't understand why WinXP can logon and win95/98 is not, if enable 2 NICs on my system. The TCP/IP stack in Win95/98 was not exactly, um, state of the art (ping of doom anyone?). It could be something as simple as the Win95/98 stack doesn't support multihomed hosts properly. Try the following: * Make Win95/98 point to just ONE address only; use an LMHOSTS file with just ONE IP entry specified for the Samba server. * Make your Samba install a WINS server, and point the Win95/98 boxes at it. This isn't supposed to matter, but then again, I've seen modern Win2k3 networks running WINS to help things along... Another thought; are you using a managed switch? A simple layer 2 switch will get very confused if it sees the same MAC address twice on different ports, and will usually start multicasting over every switch port. You might be getting duplicates/already ACKed packets twice or something to that effect. I'm agreeing with parent post that the XP stack is probably better able to handle it when strange things start happening at the layer 2 level because you're bonding at layer 3. My Win XP box seems to ACK both channels on an unmanaged switch with a bonded server feeding it. I have no proof to back that up, but I find it fitting when the connection always maxes out at 50% like it's hit a glass ceiling. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba with 2 NICs
Scott Lovenberg wrote: Avery Payne wrote: hamacker wrote: [snip] I can't understand why WinXP can logon and win95/98 is not, if enable 2 NICs on my system. The TCP/IP stack in Win95/98 was not exactly, um, state of the art (ping of doom anyone?). It could be something as simple as the Win95/98 stack doesn't support multihomed hosts properly. [snip] Another thought; are you using a managed switch? A simple layer 2 switch will get very confused if it sees the same MAC address twice on different ports, and will usually start multicasting over every switch port. [snip] Easy way to test it - use a hub and see if the problem goes away. :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba with 2 NICs
Yes, I use switch. My Wins Server is a Windows 2000 in same network. I don't have any hub to execute a test. Hummm...LMHOSTS, it was long time ago, someone remember that ? maybe I can logon using 192.168.1.2 and not domain name. I will try at monday. 2008/9/19 Avery Payne [EMAIL PROTECTED]: Scott Lovenberg wrote: Avery Payne wrote: hamacker wrote: [snip] I can't understand why WinXP can logon and win95/98 is not, if enable 2 NICs on my system. The TCP/IP stack in Win95/98 was not exactly, um, state of the art (ping of doom anyone?). It could be something as simple as the Win95/98 stack doesn't support multihomed hosts properly. [snip] Another thought; are you using a managed switch? A simple layer 2 switch will get very confused if it sees the same MAC address twice on different ports, and will usually start multicasting over every switch port. [snip] Easy way to test it - use a hub and see if the problem goes away. :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba server as part of AD domain keeps asking for username and password
Sorry, My german is not that good so I´ll stick to english. I had a similar problem which was cause by samba not being able to recognize machines (AWM013 is a machine account or a user?), we have a unix heavy samba enviroment with user in both AD and unix both computers only in AD. We had problems when the computer account tried to gain access to IPC$? but where denied because the account not being recognized by samba. If you to allow guest for bad users that would go away, security might be solvable by mapping guest to nobody? Not that I would run this in production but it´s a way to test. Also if wbinfo -u or -g doesn´t work to set a valid user account in winbind to use when connecting to the domain. /Henrik 2008/9/5 Andreas Ladanyi [EMAIL PROTECTED] Hallo Hendrik, Dein Beitrag ist leider nur bei mir gelandet ! Weder bei Wolfgang, noch auf der Mailingliste :-( Zum testen finde ich den parameter: map to guest = Bad User ok, aber nicht unbedingt fürs Produktivsystem. Was meinst Du ? Sollte ein öffentliches share public=yes oder guest ok = yes nicht dazu führen, dass Du eben kein Passwort Popup bekommst ? Sonst macht das ja irgendwo keinen Sinn oder ? Grüße, Andy -Ursprüngliche Nachricht- Von: Henrik Beckman [EMAIL PROTECTED] Gesendet: 04.09.08 22:06:33 An: Andreas Ladanyi [EMAIL PROTECTED] Betreff: Re: [Samba] Re: Samba server as part of AD domain keeps asking for username and password On Thu, Sep 4, 2008 at 8:45 PM, Andreas Ladanyi [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] schrieb: Hi Andy, Thanks for the answer but I've tryed this already. With guest ok = yes And/or valid users = TESTDOM\awm013 awm013 testdom\awm013 AWM013 I haven't set the winbind seperator so it should be ok to use \ And also with guest ok = yes I still get the password promt. Thanks Wolfgang Hi Wolfgang, The error message is: Username TESTDOM\AWM013 is invalid on this system -- -- There it is [2008/08/29 11:40:00, 3] smbd/error.c:error_packet_set(106) error packet at smbd/sesssetup.c(444) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE The username is invalid !! Is AWM013 really a user with unix attributes in the Active Directory ? You are working with winbind. Which backend do you use to save you unix user information ? Windows Server 2003 R2 ? Iam wondering i cant read an idmap backend = parameter in your smb.conf ! What is the result of wbinfo -u and wbinfo -g and wbinfo -t ??? Bye, Andy Is awm013 a computer? If so try guest = Ok and map to guest = Bad User. Also as Andy asks does wbinfo -u and -g work, otherwise what user does winbindd use? Do you have 2008 server as password servers? /Henrik _ Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! http://smartsurfer.web.de/?mc=100071distributionid=0066 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba server as part of AD domain keeps asking for username and password
Hallo Wolfgang, [woma] comment = test folder for ads path = /home/woma browseable = yes read only = No guest ok = no create mask = 0770 directory mask = 0770 guest ok = no - Result is you have to authenticate if you want to access this share ! So you have to to define a valid user list: valid user = DOMAIN\user or @DOMAIN\group or both ! The \ between DOMAIN and user or group is given by the parameter: winbind separator = Default ist: \ If you set guest ok = yes then i'am sure you will have no use/password prompt ! Then you dont need a valid user = .. list. bye, Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Samba server as part of AD domain keeps asking for username and password
Hi Andy, Thanks for the answer but I've tryed this already. With guest ok = yes And/or valid users = TESTDOM\awm013 awm013 testdom\awm013 AWM013 I haven't set the winbind seperator so it should be ok to use \ And also with guest ok = yes I still get the password promt. Thanks Wolfgang -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andreas Ladanyi Sent: Donnerstag, 4. September 2008 13:08 To: samba@lists.samba.org Subject: [Samba] Re: Samba server as part of AD domain keeps asking for username and password Hallo Wolfgang, [woma] comment = test folder for ads path = /home/woma browseable = yes read only = No guest ok = no create mask = 0770 directory mask = 0770 guest ok = no - Result is you have to authenticate if you want to access this share ! So you have to to define a valid user list: valid user = DOMAIN\user or @DOMAIN\group or both ! The \ between DOMAIN and user or group is given by the parameter: winbind separator = Default ist: \ If you set guest ok = yes then i'am sure you will have no use/password prompt ! Then you dont need a valid user = .. list. bye, Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba server as part of AD domain keeps asking for username and password
[EMAIL PROTECTED] schrieb: Hi Andy, Thanks for the answer but I've tryed this already. With guest ok = yes And/or valid users = TESTDOM\awm013 awm013 testdom\awm013 AWM013 I haven't set the winbind seperator so it should be ok to use \ And also with guest ok = yes I still get the password promt. Thanks Wolfgang Hi Wolfgang, The error message is: Username TESTDOM\AWM013 is invalid on this system There it is [2008/08/29 11:40:00, 3] smbd/error.c:error_packet_set(106) error packet at smbd/sesssetup.c(444) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE The username is invalid !! Is AWM013 really a user with unix attributes in the Active Directory ? You are working with winbind. Which backend do you use to save you unix user information ? Windows Server 2003 R2 ? Iam wondering i cant read an idmap backend = parameter in your smb.conf ! What is the result of wbinfo -u and wbinfo -g and wbinfo -t ??? Bye, Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.29 - 3.0.30 Trust Relationship Failure
On Tue, Jun 24, 2008 at 12:08 PM, Aaron Browne [EMAIL PROTECTED] wrote: Recently built 3.0.30 for testing and cannot establish a Trust Relationship with our Windows 2003 domain controller. Joining the domain seems to work but shares are unavailable. Working backwards, I ended up identifying Samba 3.0.28a as a working build. Any version after that does not work. I did see two other posts that look similar in behaviour but not 100% sure if they are the same. Have reviewed release notes etc http://lists.samba.org/archive/samba/2008-May/141006.html http://lists.samba.org/archive/samba/2008-June/141128.html Short error log from 3.0.29 below. Cheers, Aaron *snip* Chasing this a bit more I applied only the NETLOGON patches introduced in Samba 2.0.29 to support Windows 2008 and the problem arises. http://gitweb.samba.org/?p=samba.git;a=commitdiff;h=20c499dada296ffe5ee533730316a8ec963c6284;hp=a3b5ba12ccff9184af348148c6e9fb73218aa1bb I have log level 10 for Samba 2.0.28a (working) and Samba 2.0.29 (not working) if needed. Any clues? Cheers, Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba + Vista SP1 usernames with @ not working
Andrei Mikhailovsky schrieb: Hi I was wondering if anyone came across an issue with Vista with SP1 and usernames that have @ in their usernames (example [EMAIL PROTECTED]). The login to samba network stopped working once i have installed SP1. The message I get is: The local Session Manager service failed to logon The data area passed to a system call is too small From the server side i don't really seen any errors and the same username on pre SP1 workstation works without problems. Googleing for the problem does not show anything useful Thanks for any suggestions Andrei Hi Andrei, i am not sure i can help you, but i know domain user and domain group are represented as form like: DOMAIN/user or DOMAIN/group on samba site. What is your log level in smb.conf ? I recommend you to have a look at the logfile(s). In my case: tail -f logfile is the first utility if something goes wrong. Try to locate the error message. We use samba 3.0.31 in security=ads mode and vista(with and without SP1) in one domain and it works. Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SAMBA / CUPS
Hi I think this is pretty well documented in Samba Official Howto §21 - Setting Device Modes on New Printers François Dear all, I am new to CUPS. I found an installation of CUPS with SAMBA that we will deploy soon but there are a couple of problems I need to solve beforehand and your help would be really appreciated. I have RedHat 5.1 installation with the following : CUPS 1.3.7 and SAMBA 3.0.25b My smb.conf relevant details looks like this : [global] ## GLOBAL SETTINGS netbios name = TASSIN server string = Samba Print Server workgroup = DOM NAME security = domain encrypt passwords = yes password server = P Z ## WINBIND SETTINGS idmap uid = 1-2 idmap gid = 1-2 winbind separator = / ## LOG SETTINGS log level = 2 log file = /var/log/samba/log.%m max log size = 1000 ## NETWORK SETTINGS wins server = X , Y name resolve order = hosts wins interfaces = Z smb ports = 139 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 hosts allow = 10. 127. 172. 193. 192. include = /etc/samba/jessie.conf include = /etc/samba/janey.conf ## DOMAIN SETTINGS domain master = no local master = no preferred master = no os level = 0 ## PRINTER SETTINGS load printers = yes printing = cups printcap name = cups cups options = raw [printers] comment = All printers path = /var/spool/samba browseable = no public = yes guest ok = yes writable = yes printable = yes use client driver = no printer admin = filled in properly [print$] comment = Printer drivers path = /var/lib/samba/printers browseable = yes guest ok = no read only = yes write list = filled in properly create mask = 0664 directory mask = 0775 We use windows clients and I am trying to set all printers in duplex mode. My problem is that I do it with a correct domain user but the setting sometimes is kept and sometimes is lost after sometime. Can someone tell me where these settings are stored ? Many thanks Konrad -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- François Legal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.2 and trust relationships
Anybody successful in getting Samba 3.2 to build two way trusts to a 2008 AD Forest. I can get one way working and the domain list populates on client workstations in both domains but AD users in the Samba domain can not authenticate back to the 2008 domain. Thanks Douglas Sterner -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: samba 3.0.25a/3.0.30 Solaris 10
Guys, I have compiled version 3.0.30 with no optional flags for Solaris 10. On expiring the password with the following command: ./pdbedit -P maximum password age -C 300 When I reconnect it just keeps on prompting for the password it just cycles and asks for the password again. The samba log looks like this: [2008/07/03 12:19:51, 1] auth/auth_sam.c:sam_account_ok(178) sam_account_ok: Account for user 'sebea' password expired!. [2008/07/03 12:19:51, 1] auth/auth_sam.c:sam_account_ok(179) sam_account_ok: Password expired at 'Thu, 03 Jul 2008 12:18:17 BST' (1215083897) unix time. [2008/07/03 12:20:00, 1] auth/auth_sam.c:sam_account_ok(178) sam_account_ok: Account for user 'sebea' password expired!. [2008/07/03 12:20:00, 1] auth/auth_sam.c:sam_account_ok(179) sam_account_ok: Password expired at 'Thu, 03 Jul 2008 12:18:17 BST' (1215083897) unix time. My Solaris 8 samba version 3.0.25a works fine - it appears to be a problem with Solaris 10? Any input would be much appreciated. Kind regards, Sean -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: 02 July 2008 17:58 To: Beaven, S. (Sean) Cc: samba@lists.samba.org Subject: Re: [Samba] RE: samba 3.0.25a On Wed, Jul 02, 2008 at 04:20:10PM +0200, [EMAIL PROTECTED] wrote: Dear All, I have having difficulty getting samba to prompt for a new password when the old one has expired ( I have forced the expiry by using pdbedit -P maximum password age -C 300). I can reset the password (smbpasswd) on the Solaris 8 (Generic_117350-53) samba server, but not from the client side (windows XP). It prompts for a new password, but just sits there. The logs say the password has expired. I would appreciate some feedback. I have now reset the expiry to a day and see it this works (tommorow that is) as perhaps 5 mins is not enough. I have also installed the sol 10 version (same version of samba) on another server sun box and it just keeps on prompting for a passwd - it does not even prompt me to change my passwd. I am sure it is something very silly I have overlooked. If you need any more info please do not hesitate to contact me. Jim did some work on this post 3.0.25. You might want to try a newer version first. Jeremy. -- The information in this Internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this Internet email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this Internet email are subject to the terms and conditions expressed in any applicable governing ING terms of business or client engagement letter. Authorised by the Dutch Central Bank and regulated by the Financial Services Authority for the conduct of UK business. Visit us at www.ing.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: samba 3.0.25a
Dear All, I have having difficulty getting samba to prompt for a new password when the old one has expired ( I have forced the expiry by using pdbedit -P maximum password age -C 300). I can reset the password (smbpasswd) on the Solaris 8 (Generic_117350-53) samba server, but not from the client side (windows XP). It prompts for a new password, but just sits there. The logs say the password has expired. I would appreciate some feedback. I have now reset the expiry to a day and see it this works (tommorow that is) as perhaps 5 mins is not enough. I have also installed the sol 10 version (same version of samba) on another server sun box and it just keeps on prompting for a passwd - it does not even prompt me to change my passwd. I am sure it is something very silly I have overlooked. If you need any more info please do not hesitate to contact me. Regards, Sean Beaven UNIX Support ING Bank n.v. UK Region, 60 London Wall, London EC2M 5TQ *: +44 (0)20 7767 6945 *: [EMAIL PROTECTED] -- The information in this Internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this Internet email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this Internet email are subject to the terms and conditions expressed in any applicable governing ING terms of business or client engagement letter. Authorised by the Dutch Central Bank and regulated by the Financial Services Authority for the conduct of UK business. Visit us at www.ing.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: samba 3.0.25a
On Wed, Jul 02, 2008 at 04:20:10PM +0200, [EMAIL PROTECTED] wrote: Dear All, I have having difficulty getting samba to prompt for a new password when the old one has expired ( I have forced the expiry by using pdbedit -P maximum password age -C 300). I can reset the password (smbpasswd) on the Solaris 8 (Generic_117350-53) samba server, but not from the client side (windows XP). It prompts for a new password, but just sits there. The logs say the password has expired. I would appreciate some feedback. I have now reset the expiry to a day and see it this works (tommorow that is) as perhaps 5 mins is not enough. I have also installed the sol 10 version (same version of samba) on another server sun box and it just keeps on prompting for a passwd - it does not even prompt me to change my passwd. I am sure it is something very silly I have overlooked. If you need any more info please do not hesitate to contact me. Jim did some work on this post 3.0.25. You might want to try a newer version first. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba oplocks not breaking
Volker Lendecke wrote: If both processes are Samba, the kernel oplock break mechanism should not be involved at all. At least it is supposed to work so that the oplock break is done with messages between the smbds. Kernel oplocks are only for interop with NFS and local unix processes. So if you're seeing kernel oplock breaks for files just held by Samba, Samba has a bug. If you can reproduce it, please file a bug at bugzilla.samba.org and upload a debug level 10 log of both smbd processes involved. Please also with debug hires timestamps = yes. I am not quite clear on this. It would appear other Unix processes and other Samba processes are denied access to the file: 2008/06/19 15:24:08, 0] smbd/oplock.c:oplock_timeout_handler(351) Oplock break failed for file cur/config.xml -- replying anyway [2008/06/19 15:24:51, 0] smbd/oplock.c:oplock_timeout_handler(351) Oplock break failed for file cur/profiles.xml -- replying anyway [2008/06/19 15:25:21, 0] smbd/oplock.c:oplock_timeout_handler(351) Oplock break failed for file cur/profiles/vpac.xml -- replying anyway [2008/06/19 15:25:51, 0] smbd/oplock.c:oplock_timeout_handler(351) Oplock break failed for file cur/hosts.xml -- replying anyway [2008/06/19 15:26:21, 0] smbd/oplock.c:oplock_timeout_handler(351) Oplock break failed for file cur/hosts/vpac.xml -- replying anyway [2008/06/19 15:26:51, 0] smbd/oplock.c:oplock_timeout_handler(351) Oplock break failed for file cur/packages.xml -- replying anyway [2008/06/19 15:27:21, 0] smbd/oplock.c:oplock_timeout_handler(351) Oplock break failed for file cur/packages/winscp.xml -- replying anyway Something strange going on here. Yes, you are right, I probably will need to reproduce this with a higher level of debugging. Will try that now. In one of my other messages I quoted the kernel stack trace, but I have been told that cannot be trusted; it could be using old data. Brian May -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba oplocks not breaking
Brian May wrote: Yes, you are right, I probably will need to reproduce this with a higher level of debugging. Will try that now. In one of my other messages I quoted the kernel stack trace, but I have been told that cannot be trusted; it could be using old data. https://bugzilla.samba.org/show_bug.cgi?id=5557 Brian May -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba docs
On Sat, 31 May 2008, John H Terpstra wrote: On Saturday 31 May 2008 14:36:44 Gerald (Jerry) Carter wrote: Miguel Medalha wrote: | The tarball of the daily docs build is still unavailable after | several weeks. The link to | http://www.samba.org/~samba-bugs/docs/samba-docs-latest.tar.bz2 is | broken. Is this on purpose or just an overlook? oversight. I'm trying to get it resolved. We moved the docs from svn to git and some update scripts got overlooked. Jerry, Are the Samba docs being update daily still? It seems the PDF's on the web site are a bit old. Along those lines, are the TOSHARG2 and samba by example on the website getting updates to reflect the changes to then newer versions of samba or are the man pages and release notes the only current reference? Just curious. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.25b on centos 5.1 a lot of signal 11 very unstable!!!
On Tue, 26 Feb 2008 22:12:53 -0800, Alberto Moreno wrote: The only problem is this new server, i read about some changes with samba 3.0.25b and oldest version, since we add this server to the domain we had been having problems, we enable the roaming profile to our windows clients, but some times the server doesn't update the user profile, on other situations we lost the profile, example firefox settings, or if the user update some excel file next day appear with no changes. Roaming profiles are just problematic, even on native Windows servers. I have seen several roaming profiles implode on WinXP client boxes. I've also seen bad behavior with Win2k client/server setups as well. Symptoms include the client creating new profiles, ignoring existing profiles, or dialogs indicating profile corruption. We have almost 3GB of core dumps since we setup samba inside winbind folder, look this is my smb.conf file: [ lots of stuff snipped out ] lib/fault.c:dump_core(181) dumping core in /var/log/samba/cores/ winbindd [ even more stuff snipped out] [0x645c97] #19 winbindd [0x6443f2] #20 winbindd [0x615368] #21 winbindd(main+0x94d) [0x615dbd] #22 /lib/libc.so.6(__ libc_start_main+0xdc) [0x21fdec] #23 winbindd [0x614061] : 13 Time(s) -- Hope this info give some point to start debugging this problem, does someone see what is causing the problem? Thanks all for your time, if u need more info please let me know, thanks!!! I'm no Samba or programming expert, but that last line looks like a libc segfault. Sig 11 errors a long time ago used to implicate RAM issues, usually due to bad contacts or faulty RAM chips.This may sound silly but try powering down the machine, unseating and reseating all of your RAM. If it continues, try reducing the RAM and see if the issue goes away (due to a bad RAM stick). Just my .02 cents. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba 3.0.25b on centos 5.1 a lot of signal 11 very unstable!!!
I've found that if I delete anything from a roaming profile on the client-side, I need to delete the server-side copy entirely, then log out to save a new roaming profile. On Tue, 27 May 2008 18:29:34 + (UTC), Avery Payne wrote: On Tue, 26 Feb 2008 22:12:53 -0800, Alberto Moreno wrote: The only problem is this new server, i read about some changes with samba 3.0.25b and oldest version, since we add this server to the domain we had been having problems, we enable the roaming profile to our windows clients, but some times the server doesn't update the user profile, on other situations we lost the profile, example firefox settings, or if the user update some excel file next day appear with no changes. Roaming profiles are just problematic, even on native Windows servers. I have seen several roaming profiles implode on WinXP client boxes. I've also seen bad behavior with Win2k client/server setups as well. Symptoms include the client creating new profiles, ignoring existing profiles, or dialogs indicating profile corruption. We have almost 3GB of core dumps since we setup samba inside winbind folder, look this is my smb.conf file: [ lots of stuff snipped out ] lib/fault.c:dump_core(181) dumping core in /var/log/samba/cores/ winbindd [ even more stuff snipped out] [0x645c97] #19 winbindd [0x6443f2] #20 winbindd [0x615368] #21 winbindd(main+0x94d) [0x615dbd] #22 /lib/libc.so.6(__ libc_start_main+0xdc) [0x21fdec] #23 winbindd [0x614061] : 13 Time(s) -- Hope this info give some point to start debugging this problem, does someone see what is causing the problem? Thanks all for your time, if u need more info please let me know, thanks!!! I'm no Samba or programming expert, but that last line looks like a libc segfault. Sig 11 errors a long time ago used to implicate RAM issues, usually due to bad contacts or faulty RAM chips.This may sound silly but try powering down the machine, unseating and reseating all of your RAM. If it continues, try reducing the RAM and see if the issue goes away (due to a bad RAM stick). Just my .02 cents. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba segs when serving files from a windows partition on OpenBSD-4.2
On Tue, 13 May 2008, Jeremy Allison wrote: On Tue, May 13, 2008 at 05:56:56PM +0100, Stephen Borrill wrote: As a data point, I'm getting crashes on NetBSD 3.1 and samba 3.0.28a on a FFSv2 partition. Removing the lib/replace/repdir_getdirentries.c gets it working (even without directory name cache size = 0). I'm not sure of the canonical way to remove it, the patch at https://bugzilla.samba.org/attachment.cgi?id=2905 does not work, nor does removing repdir.m4 entirely. I ended up editing source/Makefile and removing the .o files from LIBREPLACE_OBJ. We'll remove lib/replace/repdir_getdirentries.c for 3.0.29 and 3.2 final. Thanks. Great. Have you a canonical patch for 3.0.28a and I'll commit it to pkgsrc? -- Stephen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba segs when serving files from a windows partition on OpenBSD-4.2
On Tue, Apr 29, Jeremy Allison wrote: On Mon, Apr 28, 2008 at 09:05:29PM +0100, Edd Barrett wrote: I am sure that the OpenBSD team will be interested in fixing these bugs if they still exist, as they take pride making good quality code. I can't speak for NetBSD or FreeBSD. As for the directory name cache size = 0 it does not work for me. On OpenBSD. I used this configuration: [global] workgroup = MYGROUP server string = Samba Server security = share log file = /var/log/smbd.%m directory name cache size = 0 [public] comment = Public Stuff path = /mnt/hot/sd0i public = yes writable = yes printable = no I tested this with samba-latest.tgz from your web-page. If I change the path to someplace else on a UFS slice, all is well. Did you remove the lib/replace/repdir_getdirentries.c code as well ? The aborts will still trigger even with directory name cache size = 0 if that code is in place. As a data point, I'm getting crashes on NetBSD 3.1 and samba 3.0.28a on a FFSv2 partition. Removing the lib/replace/repdir_getdirentries.c gets it working (even without directory name cache size = 0). I'm not sure of the canonical way to remove it, the patch at https://bugzilla.samba.org/attachment.cgi?id=2905 does not work, nor does removing repdir.m4 entirely. I ended up editing source/Makefile and removing the .o files from LIBREPLACE_OBJ. I note the changes in OpenBSD and NetBSD to fix the seekdir() problem, but they didn't seem to help me. -- Dr. Stephen Borrill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba segs when serving files from a windows partition on OpenBSD-4.2
On Tue, May 13, 2008 at 05:56:56PM +0100, Stephen Borrill wrote: As a data point, I'm getting crashes on NetBSD 3.1 and samba 3.0.28a on a FFSv2 partition. Removing the lib/replace/repdir_getdirentries.c gets it working (even without directory name cache size = 0). I'm not sure of the canonical way to remove it, the patch at https://bugzilla.samba.org/attachment.cgi?id=2905 does not work, nor does removing repdir.m4 entirely. I ended up editing source/Makefile and removing the .o files from LIBREPLACE_OBJ. We'll remove lib/replace/repdir_getdirentries.c for 3.0.29 and 3.2 final. Thanks. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba segs when serving files from a windows partition on OpenBSD-4.2
On Tue, May 13, 2008 at 10:20:47AM -0700, Jeremy Allison wrote: https://bugzilla.samba.org/attachment.cgi?id=2905 does not work, nor does removing repdir.m4 entirely. I ended up editing source/Makefile and removing the .o files from LIBREPLACE_OBJ. We'll remove lib/replace/repdir_getdirentries.c for 3.0.29 and 3.2 final. Thanks. Certain? I think mbalmer wanted to send a Samba-patch for systems without his bugfix (i.e. all bsd systems in production right now). Or did I miss that patch? Volker pgpD5HF5OLqPU.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba segs when serving files from a windows partition on OpenBSD-4.2
On Tue, May 13, 2008 at 09:44:03PM +0200, Volker Lendecke wrote: On Tue, May 13, 2008 at 10:20:47AM -0700, Jeremy Allison wrote: https://bugzilla.samba.org/attachment.cgi?id=2905 does not work, nor does removing repdir.m4 entirely. I ended up editing source/Makefile and removing the .o files from LIBREPLACE_OBJ. We'll remove lib/replace/repdir_getdirentries.c for 3.0.29 and 3.2 final. Thanks. Certain? I think mbalmer wanted to send a Samba-patch for systems without his bugfix (i.e. all bsd systems in production right now). Or did I miss that patch? I thouhgt the patch he wanted was removing that code, but I could be mistaken. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba segs when serving files from a windows partition on OpenBSD-4.2
On Tue, May 13, 2008 at 01:10:29PM -0700, Jeremy Allison wrote: Certain? I think mbalmer wanted to send a Samba-patch for systems without his bugfix (i.e. all bsd systems in production right now). Or did I miss that patch? I thouhgt the patch he wanted was removing that code, but I could be mistaken. Right now I've got a little chat with mbalmer on irc. It seems that we can indeed remove that code completely. Volker pgpu2IcNNWm2W.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [samba 3.0.28a,1] Unable to connect to CUPS
On Sat, 10 May 2008 16:39:41 +0200, Gilles [EMAIL PROTECTED] wrote: I don't have CUPS installed on this FreeBSD 6.3 host, but don't provide printer access to SMB clients anyway, but still, I get the following error in log.smbd when starting up Samba: For those seeing the same error, it's apparently solved by adding this line to [global]: printcap name = /etc/printcap HTH, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [samba 3.0.28a,1) PANIC: tdb_reopen_all failed
On Sat, 10 May 2008 16:30:47 +0200, Volker Lendecke [EMAIL PROTECTED] wrote: Is it possible that a cronjob is kicking in deleting /var/db/samba/locking.tdb? Thanks but no, there's no such thing. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba-LDAP interdomain trust
On 4/2/07, Allysson Steve Mota Lacerda stevelacerda wrote: When I try to login on the trusting domain (LABI) using an account of the trusted domain (ADMIN) the following message is shown: A device connected to the system is not functioning . My log on to is set to ADMIN. I had this problem a time ago because the SIDs of my users were wrong but I've fixed it. As I understand it, that error is what you get when you can't connect to the domain. From Windows' point of view the connection to the domain controller is a virtual device, and it's not working. That's the error my users get because my interdomain trusts aren't working. I believe this is the way windows reports the error and you can't change that from inside samba (TooMuchCoffeeGuy will correct me if I'm wrong ;)). It causes problems because the Hell Desk sends the flying monkeys out to repair the malfunctioning device and they can't find one. According to log.smbd, the user has an user SID refering to the trusted domain but the group SID is from the trusting domain. I don't use groups and the sambaPrimaryGroupSID field was empty. Even when I change the sambaPrimaryGroupSID value the message is the same. [2007/04/03 16:20:02, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [facomp] - [facomp] -[facomp] succeeded [2007/04/03 16:20:02, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004) _net_sam_logon: user ADMIN\facomp has user sid S-1-5-21-2439387625-709437076-297468561-23822 but group sid S-1-5-21-2029413396-4276977753-1550331494-513. The conflicting domain portions are not supported for NETLOGON calls I'm honestly pretty far out of my depth here, but that's the same error I log also, and I believe it's because my domain trusts don't work. My theory at this point is that the workstation sees the user SID is not from the local domain, it attempts to query the remote domain that the SID belongs to, and when that fails the group sid defaults to 513 in the local domain (513 is the default local users group rid in Microsoft-land) and you are seeing the end of an error cascade at that point. In both log.nmbd files I got the following messages: [2007/04/02 17:01:58, 0] nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(486) get_domain_master_name_node_status_fail: Doing a node status request to the domain master browser at IP IP_OF_THE_OTHER_DOMAIN_PDC failed. Cannot get workgroup name. I have two domains running on a single server (different NICs) and they share the WINS server. Can anyone help me? -- Allysson Steve Mota Lacerda stevelacerda http://www.stevelacerda.net I do not believe I've been much help, except to say that I've got the same problems, in my 4 samba based domains that behave much the same way. Sorry! If you figure it out, let me know... --Charlie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba Volunteer job postings at http://news.samba.org/
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: === The Samba Team is looking for people to help keep our user community information current, covering development news, releases, general news, and events. The scope of the positions will be to: * Gather stories, summaries, and content for the bi-weekly Samba Mashup Report (community newsletter) * Work on the active content at http://news.samba.org/ We are looking initially for two volunteers to help us. If you are interested in helping, please send a short mail to [EMAIL PROTECTED] describing why you think you would be a good match. === There was a glitch in the wbe-editor email alias that has been resolved now. I'm assuming that the lack of response is just due to email bouncing back :-) cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIHvrvIR7qMdg1EfYRApMNAKDLAVXKzgcZLUpdh0I0BTPpNlvBxgCg6tlJ QcWzkQM69WwvJUcHhS+tAJ8= =W1I2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.2.0-pre3 packages in Debian - version of Samba in Debian lenny
Quoting Volker Lendecke ([EMAIL PROTECTED]): 3.0.28a has known bugs in particular with trusts, so you will inevitably have to backport stuff from 3.0.28b that will be done by then. And, I have to agree with Jerry, having to live with .28a for the next decade in Debian might be not the best thing. heh, Debian releases are not supported for a decade..:-). We're just dropping support for sarge (which was out in 2005) right now. So, in short, we're roughly targeting a 3-year support timeframe. When it comes at samba, the supported releases are currently: - 3.0.14a which came with Debian sarge - 3.0.24 which came with Debian etch (both were updated with security fixes, of course) Of course, if 3.0.x releases come out, these will be included in lenny. Such updates do not break the philosophy of the current soft freeze if I correctly understand the policy of the Samba Team for the next releases. So, in short, Debian will be released with whatever 3.0.x version will be current as of the day of the hard freeze of the distribution. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba