Re: [Samba] Samba 4 internal DNS - how to modify SOA record
Hey guys, Just wanted to update this thread, I upgrade my samba installation to 4.1 and updated SOA record. Now dynamic DNS works fine for me!! Thanks for implementing the feature!!! Cheers!! 2013/8/9 Rustam K. rkovh...@gmail.com I thought I would update this email thread. So far editing the records via ADSI messes up ldb database, if you do that zones won't load anymore, just like Dmitry stated in his first email. I had to revert to a snapshot to get samba back, up and running. I am curious If I have to modify record manually via ldbmodify(ldbedit), would it understand hex/binary? because when I run ldbedit it shows me nothing compared to hex in my previous email, what is this format? # record 50 dn: DC=@,DC=officenet.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=officenet,DC=local objectClass: top objectClass: dnsNode . (cut) dnsRecord:: BAABAAXwAAB6AAADhAAAwKj6Aw== dnsRecord:: BAABAAXwAABuAAACWAAAwKj6Bg== dnsRecord:: GwACAAXwAAB6AAAjKzcAGQMHc3J2LXdpbglvZmZpY2VuZXQFbG9jYW wA dnsRecord:: GgACAAXwAACGAAADhAArtw0IGAMGYWxmYWRjCW9mZmljZW5ldAVsb2NhbA A= dnsRecord:: TgAGAAXwAAC9AAAYMDcAvQAAA4QAAAJYAAFRgAAaAwhzcn YtYWxmYQlvZmZpY2VuZXQFbG9jYWwAHAMKaG9zdG1hc3RlcglvZmZpY2VuZXQFbG9jYWwA Cheers 2013/8/9 Rustam K. rkovh...@gmail.com Hi, thanks for the follow up. I found the SOA record via ADSI edit : DC=@,DC=officenet.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=officenet,DC=local DC=@,DC=_msdcs.officenet.local,CN=MicrosoftDNS,DC=ForestDnsZones,DC=officenet,DC=local there are two of them,and every one of them has attribute dnsRecord which is in hex, and it has string srv-alfa (apart from hostmaster email ttl etc) which I need to change to alfadc 4E 00 06 00 05 F0 00 00 BE 00 00 00 00 00 00 00 00 00 00 00 1C 30 37 00 00 00 00 BE 00 00 03 84 00 00 02 58 00 01 51 80 00 00 00 00 1A 03 08 73 72 76 2D 61 6C 66 61 09 6F 66 66 69 63 65 6E 65 74 05 6C 6F 63 61 6C 00 1C 03 0A 68 6F 73 74 6D 61 73 74 65 72 09 6F 66 66 69 63 65 6E 65 74 05 6C 6F 63 61 6C 00 This is where I am headed, and I'll try not to screw it up. Cheers 2013/8/9 Nico Kadel-Garcia nka...@gmail.com On Thu, Aug 8, 2013 at 4:14 AM, Kai Blin k...@samba.org wrote: On 2013-08-08 10:02, Rustam K. wrote: Hello, I run samba 4.0.7, samba tool can't do the job, at least help/syntax doesn't show that I can Ah, yes. Apparently this functionality only exists in 4.1 and master, sorry. Should you try and run with that the command syntax is samba-tool dns update SOA fqdn_dns fqdn_email serial refresh retry expire minimumttl HTH, Kai Rustam, I do hope that if you're manipulating your SOA directly, that you've actually looked up the guidelines for manipulating them? Just so you don't get surprised by things like the wraparound values for the serial numbers, or what reasonable values are for TTL's. -- Rustam -- Rustam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba release series
On Sat, Oct 12, 2013 at 08:14:37AM +1300, Andrew Bartlett wrote: On Fri, 2013-10-11 at 11:27 +0200, Karolin Seeger wrote: On Fri, Oct 11, 2013 at 10:17:31AM +0100, Rowland Penny wrote: On 11/10/13 09:55, Karolin Seeger wrote: Hi, with today's release of Samba 4.1.0, Samba 4.0 has been turned into the maintenance mode and Samba 3.6 into the security fixes only mode. Samba 3.5 is officially unsupported now. For more details on the modi and other release planning information, please see https://wiki.samba.org/index.php/Samba_Release_Planning Cheers, Karolin HI, My, but the release page has gone posh ;-) but shouldn't the 'started' column really be 'released' and I think a few of the boxes require filling in Sure, will do that as soon as possible. While we are talking about the release pages, I wonder with the new colour table on that page, should we remove the Branch policy page, and just fold the text into this page? That way, we don't have two pages to keep updated. (I'm happy to do it, just wanted to ask first). +1 Karolin -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 internal DNS and reverse zones
Hi All, I currently have another thread open on squid authentication with Samba 4 and am going to try authenticating against kerberos instead of NTLM. According to the docs for the web filter I'm using, it's essential for Kerberos to be able to resolve reverse DNS so I've spent the last weekend trying to get this working. Various different documents and howtos exist but none of them worked out of the box. The Samba wiki suggests creating the zones with the RSAT DNS tool and various people I've come across have commented that from that point onwards records were added by Windows clients joining. I couldn't get this working so I tried the script on Michael Kuron's site as it threw up messages about GSS failing before DHCP server would eventually hang. While it ran, it would add entries consisting of the mac address as it failed to pick up the name of the machine. Is there an easy way to achieve this or do I carry on plugging away with the script? Should, as come people have claimed, reverse entries just happen if you manually create zones. It's tricy to get a definitive answer on this and where people claim it's worked, they don't seem to advertise the method. Thanks, Julian http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ -- Borden Grammar School, Avenue of Remembrance, Sittingbourne, Kent, ME10 4DB. Tel: 01795 424192 This e-mail is from Borden Grammar School Trust. This e-mail, together with any files transmitted with it, are confidential, and are intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised dissemination or copying of this e-mail or its attachments, and any use or disclosure of any information contained in them, is strictly prohibited, and may also be illegal. If you are not the intended recipient you must not use, disclose, distribute, copy, print or relay this e-mail. Please note that any views expressed by an individual within this e-mail, do not necessarily reflect the views of the Borden Grammar School Trust. Borden Grammar School Trust has taken reasonable precautions to ensure no viruses are present in this e-mail, the Academy cannot accept responsibility for any loss or damage arising from the use of this e-mail and/or files attached. Registered office: Borden Grammar School, Avenue of Remembrance, Sittingbourne, Kent, ME10 4DB Registered in England: 07827591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 internal DNS - how to modify SOA record
Hi, guys... What line command for modify SOA record? Thanks! Jacó Ramos 2013/10/14 Rustam K. rkovh...@gmail.com Hey guys, Just wanted to update this thread, I upgrade my samba installation to 4.1 and updated SOA record. Now dynamic DNS works fine for me!! Thanks for implementing the feature!!! Cheers!! 2013/8/9 Rustam K. rkovh...@gmail.com I thought I would update this email thread. So far editing the records via ADSI messes up ldb database, if you do that zones won't load anymore, just like Dmitry stated in his first email. I had to revert to a snapshot to get samba back, up and running. I am curious If I have to modify record manually via ldbmodify(ldbedit), would it understand hex/binary? because when I run ldbedit it shows me nothing compared to hex in my previous email, what is this format? # record 50 dn: DC=@,DC=officenet.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=officenet,DC=local objectClass: top objectClass: dnsNode . (cut) dnsRecord:: BAABAAXwAAB6AAADhAAAwKj6Aw== dnsRecord:: BAABAAXwAABuAAACWAAAwKj6Bg== dnsRecord:: GwACAAXwAAB6AAAjKzcAGQMHc3J2LXdpbglvZmZpY2VuZXQFbG9jYW wA dnsRecord:: GgACAAXwAACGAAADhAArtw0IGAMGYWxmYWRjCW9mZmljZW5ldAVsb2NhbA A= dnsRecord:: TgAGAAXwAAC9AAAYMDcAvQAAA4QAAAJYAAFRgAAaAwhzcn YtYWxmYQlvZmZpY2VuZXQFbG9jYWwAHAMKaG9zdG1hc3RlcglvZmZpY2VuZXQFbG9jYWwA Cheers 2013/8/9 Rustam K. rkovh...@gmail.com Hi, thanks for the follow up. I found the SOA record via ADSI edit : DC=@,DC=officenet.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=officenet,DC=local DC=@,DC=_msdcs.officenet.local,CN=MicrosoftDNS,DC=ForestDnsZones,DC=officenet,DC=local there are two of them,and every one of them has attribute dnsRecord which is in hex, and it has string srv-alfa (apart from hostmaster email ttl etc) which I need to change to alfadc 4E 00 06 00 05 F0 00 00 BE 00 00 00 00 00 00 00 00 00 00 00 1C 30 37 00 00 00 00 BE 00 00 03 84 00 00 02 58 00 01 51 80 00 00 00 00 1A 03 08 73 72 76 2D 61 6C 66 61 09 6F 66 66 69 63 65 6E 65 74 05 6C 6F 63 61 6C 00 1C 03 0A 68 6F 73 74 6D 61 73 74 65 72 09 6F 66 66 69 63 65 6E 65 74 05 6C 6F 63 61 6C 00 This is where I am headed, and I'll try not to screw it up. Cheers 2013/8/9 Nico Kadel-Garcia nka...@gmail.com On Thu, Aug 8, 2013 at 4:14 AM, Kai Blin k...@samba.org wrote: On 2013-08-08 10:02, Rustam K. wrote: Hello, I run samba 4.0.7, samba tool can't do the job, at least help/syntax doesn't show that I can Ah, yes. Apparently this functionality only exists in 4.1 and master, sorry. Should you try and run with that the command syntax is samba-tool dns update SOA fqdn_dns fqdn_email serial refresh retry expire minimumttl HTH, Kai Rustam, I do hope that if you're manipulating your SOA directly, that you've actually looked up the guidelines for manipulating them? Just so you don't get surprised by things like the wraparound values for the serial numbers, or what reasonable values are for TTL's. -- Rustam -- Rustam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba is still crashing
On Sun, Oct 13, 2013 at 11:11:29PM -0600, Wayne Andersen wrote: I have had a problem for a couple of weeks now. I get very regular crashes on two of my three Domain Controllers. I just updated to 4.1.0 and I am still getting the same problem. This looks like https://bugzilla.samba.org/show_bug.cgi?id=10052 Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 DNS failing on one server
I have two samba 4 AD DC running using the internal DNS. On one of them, DNS will fail after a short time (10-15 minutes). Restarting samba on this AD DC corrects the issue temporarily. This behavior started about 2 weeks ago. We had not made any changes to either system during this time so it is a complete mystery. I unfortunately used the latest version of samba from git (4.2) for creating these systems. I am in the process of building a new 4.1 server and will join it to the domain as an AD DC (hoping that this will work correctly). In /etc/krb5.conf, the server with failing dns is also listed as the admin_server for the realm. No idea what the effect of this is if I can point to the other server and still resolve dns. First though, what log files I should even be looking at for the DNS issues. I can run all the tests for a properly operating DNS and they all return the correct values (up until DNS fails). e.g. host -t SRV _ldap._tcp.ncs.k12.de.us host -t SRV _kerberos._udp.ncs.k12.de.us host -t A ncssamba1.ncs.k12.de.us all return correct information. kinit also works correctly, smbclient -L server -U% returns the correct information. I am running nslcd on both servers and that is also working. Completely lost on what to try to fix this dns issue. Sincerely, Dave Hopkins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Samba 4.0.9 | Win 7 x64 | Office 2007 x86 | Folder Redirection | Local Cache] : Word-documents, Corrupt
Hello, First of all I would like to thank the Samba Project Group for this state of the art software. I would like to thank every body for helping each other out. Please ignore my poor English writing. It is not my native language. Although: I do the best I can. We use Samba for a while now. We started with version 4.0.6 and updated each time. Now we are at version 4.0.9 and we are planning to update our installation to version 4.1.0. We use Samba 4 as Active Directory Domain Controller. We also got some shares on this same Samba server. We use the share 'profiles' for the user profiles. Everything seems to work well but sometime we got issues with Word-documents. These files get corrupted while working for 45 minutes to a couple of hours. Before we decided to work with roaming profiles I read the Samba-documents about this option. We decided to use folder redirection including local cache (we use desktops and notebooks). I tried a lot of things to solve this issue (with the Word-documents): - re-installed notebook (also replaced HDD; I installed a SSD) - tested network wiring - ran HDD checks (server) - tested switches - changed smb.conf (oplocks, locks, et cetera) - added registry key 'RoundUpWriteTimeOnSync' to client computers at boot time - - REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\NetCache /v RoundUpWriteTimeOnSync /t REG_DWORD /d 0001 /f Maybe there is somebody who is able to help us with this issue. I have listed our /opt/samba/etc/smb.conf file at the end. Thanks in advance. Bouke [global] workgroup = TH01 realm = TH01.INET netbios name = COMSRV01A server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 guest account = nobody map to guest = bad user #printing = cups #printcap name = cups kernel oplocks = no [netlogon] path = /opt/samba/var/locks/sysvol/th01.inet/scripts read only = No [sysvol] path = /opt/samba/var/locks/sysvol read only = No [profiles] comment = Profiles path = /data/profiles browsable = no read only = no writable = yes directory mask = 0700 create mask = 0600 # # oplocks are disabled for this share # oplocks = False level2 oplocks = False # # 'blocking locks' set to 'no' for Word documents # blocking locks = no # # do not oplock the following files # veto oplock files = /*.doc*/*.DOC*/*.xls*/*.XLS*/*.txt/*.TXT/*.log/*.LOG/*.csv/*.CSV/*.*-ms/*. *-MS/ # csc policy = documents [pdf-prints] comment = PDF Files path = /data/pdf browsable = yes read only = no writable = yes directory mask = 0775 create mask = 0664 [wpkg] comment = Software Deployment path = /opt/wpkg browsable = no read only = no write list = 300,administrator,root directory mask = 0755 create mask = 0644 guest ok = yes strict locking = no oplocks = False level2 oplocks = False blocking locks = no veto oplock files = /*.log/*.LOG/ [packages] comment = Software Packages path = /extra/packages browsable = no read only = no write list = 300,administrator,root create mask = 0644 directory mask = 0755 guest ok = yes [wsus] comment = WSUS path = /extra/wsus browsable = no read only = no writelist = 300,administrator,root create mask = 0644 directory mask = 0755 guest ok = yes [log] comment = Log Files path = /data/log browsable = no read only = no force create mode = 0664 force directory mode = 0775 guest ok = yes [printers] comment = All Printers path = /opt/samba/var/spool browsable = no public = yes guest ok = yes writable = no printable = yes # Windows clients look for this share name as a source of downloadable # printer drivers [print$] comment = Printer Drivers path = /opt/samba/lib/printers browseable = yes guest ok = no read only = yes write list = root -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba login using upn
When I try to use t...@realm.com, it gives NT_STATUS_NO_SUCH_USER. Can you please let me know if there is patch or configuration needed for samba 3.5 to support login using the UPN instead of the samaccountname? On Sun, Oct 13, 2013 at 11:35 PM, Angelica Delgado angelicadel...@gmail.com wrote: I want to know if we can configure samba to authenticate to active directory using the user principal name (upn). Currently, it is working using the samaccountname but we need to use the upn. I am using samba 3.5 Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba is still crashing
You are correct, it was the same issue. There is a patch associated with the problem and it corrected it for me on both servers. Wayne Andersen On 10/14/2013 04:48 AM, Volker Lendecke wrote: On Sun, Oct 13, 2013 at 11:11:29PM -0600, Wayne Andersen wrote: I have had a problem for a couple of weeks now. I get very regular crashes on two of my three Domain Controllers. I just updated to 4.1.0 and I am still getting the same problem. This looks like https://bugzilla.samba.org/show_bug.cgi?id=10052 Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4.1.0
I am using samba 4.1.0 on Fedora 19 x64. I compiled from source and provisioned from scratch. I joined the domain with a Windows 7 Pro x64 machine. I do see the shares on the server, but I do not have the security tab to set permissions on the folders. The unix filesystem rights are set to root:root to 770. I do not know what the problem is. I did not experience this issue on previous versions on samba 4. Is this a knonw bug? -- View this message in context: http://samba.2283325.n4.nabble.com/Samba-4-1-0-tp4654968.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA + open LDAP + password hashing
Hi everybody, I'm running an Ubuntu server as fileserver for Osx clients using netatalk and now I need to add support to samba for windows clients. Every user has an account on open LDAP user base and every account has a password stored using SSHA hashing. I would like to know if I can use the same user base with samba and how to configure it to use ssha instead of NT/LM or if there is an alternative. Thanks Bye *Alberto* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba login using upn
I want to know if we can configure samba to authenticate to active directory using the user principal name (upn). Currently, it is working using the samaccountname but we need to use the upn. I am using samba 3.5 Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba is still crashing
I have had a problem for a couple of weeks now. I get very regular crashes on two of my three Domain Controllers. I just updated to 4.1.0 and I am still getting the same problem. I have added panic action = /bin/sleep 9 to my config. Here is a back trace for the crash. (gdb) bt #0 0x003c3424 in __kernel_vsyscall () #1 0xb76fa363 in __waitpid_nocancel () at ../sysdeps/unix/syscall-template.S:82 #2 0xb7693eb3 in do_system (line=0x15b3d90 /bin/sleep 9) at ../sysdeps/posix/system.c:149 #3 0x006a67ed in system (line=0x15b3d90 /bin/sleep 9) at pt-system.c:29 #4 0x0081fc28 in smb_panic_s3 (why=0x964ea1 internal error) at ../source3/lib/util.c:798 #5 0x0095356d in smb_panic (why=0x964ea1 internal error) at ../lib/util/fault.c:159 #6 0x00953237 in fault_report (sig=11) at ../lib/util/fault.c:77 #7 0x00953248 in sig_fault (sig=11) at ../lib/util/fault.c:88 #8 signal handler called #9 0x003db680 in get_dcs_insite (ctx=0xad33f398, ldb=0xad59be60, sitedn=0xad50e948, list=0xad33f458, dofqdn=false) at ../dfs_server/dfs_server_ad.c:236 #10 0x003dbcf0 in get_dcs (ctx=0xad33d668, ldb=0xad59be60, searched_site=0xad2e7f18 Default-First-Site-Name, need_fqdn=false, pset_list=0xbfba3034, flags=0) at ../dfs_server/dfs_server_ad.c:345 #11 0x003dc760 in dodc_referral (lp_ctx=0xad6e8860, sam_ctx=0xad59be60, client=0xacffa098, r=0xad33d668, domain_name=0xad33d6e9 CORP) at ../dfs_server/dfs_server_ad.c:559 #12 0x003dd3e9 in dfs_server_ad_get_referrals (lp_ctx=0xad6e8860, sam_ctx=0xad59be60, client=0xacffa098, r=0xad33d668) at ../dfs_server/dfs_server_ad.c:880 #13 0x00dd1ecd in dfs_samba4_get_referrals (handle=0xad4270f8, r=0xad33d668) at ../source3/modules/vfs_dfs_samba4.c:118 #14 0x00d3f075 in smb_vfs_call_get_dfs_referrals (handle=0xad4270f8, r=0xad33d668) at ../source3/smbd/vfs.c:1442 #15 0x00d67a1f in setup_dfs_referral (orig_conn=0xad274248, dfs_path=0xad33d608 \\CORP, max_referral_level=3, ppdata=0xad1ee3fc, pstatus=0xbfba31dc) at ../source3/smbd/msdfs.c:1102 #16 0x00d20d73 in call_trans2getdfsreferral (conn=0xad274248, req=0xad33d528, pparams=0xad1ee3f4, total_params=14, ppdata=0xad1ee3fc, total_data=0, max_data_bytes=4096) at ../source3/smbd/trans2.c:8570 #17 0x00d217ff in handle_trans2 (conn=0xad274248, req=0xad33d528, state=0xad1ee3b0) at ../source3/smbd/trans2.c:8837 #18 0x00d221cb in reply_trans2 (req=0xad33d528) at ../source3/smbd/trans2.c:9022 #19 0x00d5303c in switch_message (type=50 '2', req=0xad33d528) at ../source3/smbd/process.c:1557 #20 0x00d531cc in construct_reply (sconn=0xace3a9c0, inbuf=0x0, size=86, unread_bytes=0, seqnum=0, encrypted=false, deferred_pcd=0x0) at ../source3/smbd/process.c:1593 #21 0x00d53cba in process_smb (sconn=0xace3a9c0, inbuf=0xad33d498 , nread=86, unread_bytes=0, seqnum=0, encrypted=false, deferred_pcd=0x0) at ../source3/smbd/process.c:1844 #22 0x00d54bca in smbd_server_connection_read_handler (sconn=0xace3a9c0, fd=44) at ../source3/smbd/process.c:2433 #23 0x00d54c40 in smbd_server_connection_handler (ev=0x14138e0, fde=0x156bab0, flags=1, private_data=0xace3a9c0) at ../source3/smbd/process.c:2450 #24 0x0083b82c in run_events_poll (ev=0x14138e0, pollrtn=1, pfds=0xad198ce0, num_pfds=3) at ../source3/lib/events.c:257 #25 0x0083baf7 in s3_event_loop_once (ev=0x14138e0, location=0xec5c18 ../source3/smbd/process.c:3627) at ../source3/lib/events.c:326 #26 0x008a8133 in _tevent_loop_once (ev=0x14138e0, location=0xec5c18 ../source3/smbd/process.c:3627) at ../lib/tevent/tevent.c:530 #27 0x00d581ab in smbd_process (ev_ctx=0x14138e0, msg_ctx=0x1413960, sock_fd=44, interactive=false) at ../source3/smbd/process.c:3627 #28 0x004376d1 in smbd_accept_connection (ev=0x14138e0, fde=0xad132a98, flags=1, private_data=0xad1a1cb8) at ../source3/smbd/server.c:621 #29 0x0083b82c in run_events_poll (ev=0x14138e0, pollrtn=1, pfds=0xad198ce0, num_pfds=6) at ../source3/lib/events.c:257 #30 0x0083baf7 in s3_event_loop_once (ev=0x14138e0, location=0x43bf6e ../source3/smbd/server.c:943) at ../source3/lib/events.c:326 #31 0x008a8133 in _tevent_loop_once (ev=0x14138e0, location=0x43bf6e ../source3/smbd/server.c:943) at ../lib/tevent/tevent.c:530 #32 0x004383de in smbd_parent_loop (ev_ctx=0x14138e0, parent=0x1416630) at ../source3/smbd/server.c:943 #33 0x00439c70 in main (argc=4, argv=0xbfba3c34) at ../source3/smbd/server.c:1577 Please let me know what other info I should provide. Does this warrant a bug report? -- Wayne Andersen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.10 - 4.1.0 - master can no longer join existing Win2003 domain?
On Fri, 2013-10-11 at 10:54 -0700, Mauricio Alvarez wrote: Hello, I can NO LONGER join the existing win 2003 domain (functional level win 2003, I also have installed Group Policy Client Side Extensions for Windows Server 2003). I am running on Ubuntu Server 13.04. I have tried Samba 4.0.10, 4.1.0 and also, in desperation, samba-master. I managed to join the domain with samba 4.0.8 (not sure if it was .8 or .9, it was in mid-September), downloaded via git, compiled and followed the wiki. All was running OK for some time, until I found out it wan no longer replicating. Then I noticed WERR_VERSION_MISMATCH errors when running drs showrepl. Since I was no longer able to demote the Samba4 DC, I decided to manualy delete from the Win2003, delete the samba4 directories and start over. Now when I try join the domain it fails with ERROR(type 'exceptions.AttributeError'): uncaught exception - 'drsuapi.DsBindInfoFallBack' object has no attribute 'supported_extensions' To make any progress we need the full backtrace. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.10 - 4.1.0 - master can no longer join existing Win2003 domain?
Andrew, thank goodness! I am completely lost and run out of ideas... I just checked the output from samba-master, it looks just the same as the message I posted on Oct. 10 -- Samba4 can't join domain - drsuapi.DsBindInfoFallBack object has no attribute. OK if I dont repost so I dont clutter the list? Thanks for now! Let me know if you need more debugging info. And please keep in mind (maybe it has something to do with my problem) I have installed Group Policy Preference Client Side Extensions for W2k3 server). To make any progress we need the full backtrace. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba release series
Hi, with today's release of Samba 4.1.0, Samba 4.0 has been turned into the maintenance mode and Samba 3.6 into the security fixes only mode. Samba 3.5 is officially unsupported now. For more details on the modi and other release planning information, please see https://wiki.samba.org/index.php/Samba_Release_Planning Cheers, Karolin -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba release series
On Fri, Oct 11, 2013 at 10:17:31AM +0100, Rowland Penny wrote: On 11/10/13 09:55, Karolin Seeger wrote: Hi, with today's release of Samba 4.1.0, Samba 4.0 has been turned into the maintenance mode and Samba 3.6 into the security fixes only mode. Samba 3.5 is officially unsupported now. For more details on the modi and other release planning information, please see https://wiki.samba.org/index.php/Samba_Release_Planning Cheers, Karolin HI, My, but the release page has gone posh ;-) but shouldn't the 'started' column really be 'released' and I think a few of the boxes require filling in Sure, will do that as soon as possible. Karolin -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Password Policy IPA
Hello, We currently have Samba 3 and IPA running together. There are issues with IPA and Samba understanding the password policy IPA has for a given user. Currently we are attempting to match a policy in Samba using pdbedit -P pdbedit -P min password length -C 8 pdbedit -P bad lockout attempt -C 6 pdbedit -P lockout duration -C 60 pdbedit -P password history -C 10 **not working pdbedit -P reset count minutes -C 1 pdbedit -P maximum password age -C 90 pdbedit -P minimum password age -C 1 Here is our IPA policy: Max lifetime (days): 90 Min lifetime (hours): 1 History size (number of passwords): 10 Character classes: 3 Min length: 8 Max failures: 6 Failure reset interval (seconds): 60 Lockout duration (seconds): 600 There are certain admin users however that shouldn't have their password expire every 90 days. I'm assuming if I set the above pdbedit commands then ALL users who login to Windows will have to change their password after 90 days. That's what I want but certain admin users should not. Is there a way to exclude users from a password policy in Samba? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
Hi guys, When run join in DC root@samba4:~# samba-tool domain join jacoramos.net.br DC -Uadministrador --realm=jacoramos.net.br --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'jacoramos.net.br' Found DC win2003.jacoramos.net.br Password for [WORKGROUP\administrador]: workgroup is JACORAMOS realm is jacoramos.net.br checking sAMAccountName Adding CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Adding CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br Adding CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br Adding SPNs to CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Setting account password for SAMBA4$ Enabling account Adding DNS account CN=dns-SAMBA4,CN=Users,DC=jacoramos,DC=net,DC=br with dns/ SPN Join failed - cleaning up checking sAMAccountName Deleted CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Deleted CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br Deleted CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - 052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1169, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1072, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 616, in join_add_objects ctx.samdb.add(msg) root@samba4:~# --- Anyone have any ideas? -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
Wild guess: The errors I see all have to do with an account that doesn't have a password, the password is expired etc. Are you *sure* the account you're using to join with is valid, and works properly in other contexts? Do some google searches on: [SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0] and you'll see what I mean. That doesn't mean that's the problem, but that's what I get out of it - perhaps incorrectly. -Greg JR Hi guys, JR When run join in DC JR root@samba4:~# samba-tool domain join jacoramos.net.br DC -Uadministrador JR --realm=jacoramos.net.br --dns-backend=BIND9_DLZ JR Finding a writeable DC for domain 'jacoramos.net.br' JR Found DC win2003.jacoramos.net.br JR Password for [WORKGROUP\administrador]: JR workgroup is JACORAMOS JR realm is jacoramos.net.br JR checking sAMAccountName JR Adding CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br JR Adding JR CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Adding CN=NTDS JR Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Adding SPNs to CN=SAMBA4,OU=Domain JR Controllers,DC=jacoramos,DC=net,DC=br JR Setting account password for SAMBA4$ JR Enabling account JR Adding DNS account JR CN=dns-SAMBA4,CN=Users,DC=jacoramos,DC=net,DC=br with JR dns/ SPN JR Join failed - cleaning up JR checking sAMAccountName JR Deleted CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br JR Deleted CN=NTDS JR Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Deleted JR CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - JR 052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, JR line 175, in _run JR return self.run(*args, **kwargs) JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line JR 552, in run JR machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 1169, in join_DC JR ctx.do_join() JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 1072, in do_join JR ctx.join_add_objects() JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 616, in join_add_objects JR ctx.samdb.add(msg) JR root@samba4:~# JR --- JR Anyone have any ideas? JR -- JR *O homem não foi criado para ser feliz nem para vencer, mas para viver JR para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes JR * JR * JR $whoami* JR- Perito Forense Computacional JR- Pentester JR- Esp. em Segurança de Redes de Computadores com enfâse a Perícia JRForense Computacional - FACID JR- Bacharel em Ciência da Computação - UESPI JR- Administrador de Redes de Computadores JR- CCNA Modulo II JR- Lattes: *http://lattes.cnpq.br/1591329268136905* JR Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se JR você não for o destinatário ou a pessoa autorizada a receber esta mensagem, JR não deve usar, copiar ou divulgar as informações nela contida ou tomar JR qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
Hi Greg My passwords are correct and account i am using to join with is valid, and works properly! Grato Jacó Ramos 2013/10/11 Gregory Sloop gr...@sloop.net Wild guess: The errors I see all have to do with an account that doesn't have a password, the password is expired etc. Are you *sure* the account you're using to join with is valid, and works properly in other contexts? Do some google searches on: [SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0] and you'll see what I mean. That doesn't mean that's the problem, but that's what I get out of it - perhaps incorrectly. -Greg JR Hi guys, JR When run join in DC JR root@samba4:~# samba-tool domain join jacoramos.net.br DC -Uadministrador JR --realm=jacoramos.net.br --dns-backend=BIND9_DLZ JR Finding a writeable DC for domain 'jacoramos.net.br' JR Found DC win2003.jacoramos.net.br JR Password for [WORKGROUP\administrador]: JR workgroup is JACORAMOS JR realm is jacoramos.net.br JR checking sAMAccountName JR Adding CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br JR Adding JR CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Adding CN=NTDS JR Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Adding SPNs to CN=SAMBA4,OU=Domain JR Controllers,DC=jacoramos,DC=net,DC=br JR Setting account password for SAMBA4$ JR Enabling account JR Adding DNS account JR CN=dns-SAMBA4,CN=Users,DC=jacoramos,DC=net,DC=br with JR dns/ SPN JR Join failed - cleaning up JR checking sAMAccountName JR Deleted CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br JR Deleted CN=NTDS JR Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Deleted JR CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - JR 052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, JR line 175, in _run JR return self.run(*args, **kwargs) JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line JR 552, in run JR machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 1169, in join_DC JR ctx.do_join() JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 1072, in do_join JR ctx.join_add_objects() JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 616, in join_add_objects JR ctx.samdb.add(msg) JR root@samba4:~# JR --- JR Anyone have any ideas? JR -- JR *O homem não foi criado para ser feliz nem para vencer, mas para viver JR para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes JR * JR * JR $whoami* JR- Perito Forense Computacional JR- Pentester JR- Esp. em Segurança de Redes de Computadores com enfâse a Perícia JRForense Computacional - FACID JR- Bacharel em Ciência da Computação - UESPI JR- Administrador de Redes de Computadores JR- CCNA Modulo II JR- Lattes: *http://lattes.cnpq.br/1591329268136905* JR Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se JR você não for o destinatário ou a pessoa autorizada a receber esta mensagem, JR não deve usar, copiar ou divulgar as informações nela contida ou tomar JR qualquer ação baseada nessas informações. -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
With SAMBA_INTERNAL works properly! Grato. Jacó Ramos 2013/10/11 Jacó Ramos j4c0r4...@gmail.com Hi Greg My passwords are correct and account i am using to join with is valid, and works properly! Grato Jacó Ramos 2013/10/11 Gregory Sloop gr...@sloop.net Wild guess: The errors I see all have to do with an account that doesn't have a password, the password is expired etc. Are you *sure* the account you're using to join with is valid, and works properly in other contexts? Do some google searches on: [SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0] and you'll see what I mean. That doesn't mean that's the problem, but that's what I get out of it - perhaps incorrectly. -Greg JR Hi guys, JR When run join in DC JR root@samba4:~# samba-tool domain join jacoramos.net.br DC -Uadministrador JR --realm=jacoramos.net.br --dns-backend=BIND9_DLZ JR Finding a writeable DC for domain 'jacoramos.net.br' JR Found DC win2003.jacoramos.net.br JR Password for [WORKGROUP\administrador]: JR workgroup is JACORAMOS JR realm is jacoramos.net.br JR checking sAMAccountName JR Adding CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br JR Adding JR CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Adding CN=NTDS JR Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Adding SPNs to CN=SAMBA4,OU=Domain JR Controllers,DC=jacoramos,DC=net,DC=br JR Setting account password for SAMBA4$ JR Enabling account JR Adding DNS account JR CN=dns-SAMBA4,CN=Users,DC=jacoramos,DC=net,DC=br with JR dns/ SPN JR Join failed - cleaning up JR checking sAMAccountName JR Deleted CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br JR Deleted CN=NTDS JR Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Deleted JR CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - JR 052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, JR line 175, in _run JR return self.run(*args, **kwargs) JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line JR 552, in run JR machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 1169, in join_DC JR ctx.do_join() JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 1072, in do_join JR ctx.join_add_objects() JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 616, in join_add_objects JR ctx.samdb.add(msg) JR root@samba4:~# JR --- JR Anyone have any ideas? JR -- JR *O homem não foi criado para ser feliz nem para vencer, mas para viver JR para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes JR * JR * JR $whoami* JR- Perito Forense Computacional JR- Pentester JR- Esp. em Segurança de Redes de Computadores com enfâse a Perícia JRForense Computacional - FACID JR- Bacharel em Ciência da Computação - UESPI JR- Administrador de Redes de Computadores JR- CCNA Modulo II JR- Lattes: *http://lattes.cnpq.br/1591329268136905* JR Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se JR você não for o destinatário ou a pessoa autorizada a receber esta mensagem, JR não deve usar, copiar ou divulgar as informações nela contida ou tomar JR qualquer ação baseada nessas informações. -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de
Re: [Samba] Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
Jaco, I am also having problems joining an existing Win2k3 domain using samba 4.0.10. Today I tried 4.1.0, same story (I get a drsuapi.DsBindInfoFallBack object has no attribute--see a few messages above in the mailing list). Now in desperation I am trying samba-head. What concerns me is that previous version of samba4 I could bind OK to the domain (but then had problems with replication, so I had to start over). By the way, are you running in Win2003 functional level? Did you install Group Policy Client Side Extensions for Windows Server 2003 (KB943729)? Hi Greg My passwords are correct and account i am using to join with is valid, and works properly! Grato Jacó Ramos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
On 11/10/13 16:36, Jacó Ramos wrote: With SAMBA_INTERNAL works properly! Grato. Jacó Ramos 2013/10/11 Jacó Ramos j4c0r4...@gmail.com Hi Greg My passwords are correct and account i am using to join with is valid, and works properly! Grato Jacó Ramos 2013/10/11 Gregory Sloop gr...@sloop.net Wild guess: The errors I see all have to do with an account that doesn't have a password, the password is expired etc. Are you *sure* the account you're using to join with is valid, and works properly in other contexts? Do some google searches on: [SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0] and you'll see what I mean. That doesn't mean that's the problem, but that's what I get out of it - perhaps incorrectly. -Greg JR Hi guys, JR When run join in DC JR root@samba4:~# samba-tool domain join jacoramos.net.br DC -Uadministrador JR --realm=jacoramos.net.br --dns-backend=BIND9_DLZ JR Finding a writeable DC for domain 'jacoramos.net.br' JR Found DC win2003.jacoramos.net.br JR Password for [WORKGROUP\administrador]: JR workgroup is JACORAMOS JR realm is jacoramos.net.br JR checking sAMAccountName JR Adding CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br JR Adding JR CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Adding CN=NTDS JR Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Adding SPNs to CN=SAMBA4,OU=Domain JR Controllers,DC=jacoramos,DC=net,DC=br JR Setting account password for SAMBA4$ JR Enabling account JR Adding DNS account JR CN=dns-SAMBA4,CN=Users,DC=jacoramos,DC=net,DC=br with JR dns/ SPN JR Join failed - cleaning up JR checking sAMAccountName JR Deleted CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br JR Deleted CN=NTDS JR Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Deleted JR CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - JR 052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, JR line 175, in _run JR return self.run(*args, **kwargs) JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line JR 552, in run JR machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 1169, in join_DC JR ctx.do_join() JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 1072, in do_join JR ctx.join_add_objects() JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 616, in join_add_objects JR ctx.samdb.add(msg) JR root@samba4:~# JR --- JR Anyone have any ideas? JR -- JR *O homem não foi criado para ser feliz nem para vencer, mas para viver JR para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes JR * JR * JR $whoami* JR- Perito Forense Computacional JR- Pentester JR- Esp. em Segurança de Redes de Computadores com enfâse a Perícia JRForense Computacional - FACID JR- Bacharel em Ciência da Computação - UESPI JR- Administrador de Redes de Computadores JR- CCNA Modulo II JR- Lattes: *http://lattes.cnpq.br/1591329268136905* JR Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se JR você não for o destinatário ou a pessoa autorizada a receber esta mensagem, JR não deve usar, copiar ou divulgar as informações nela contida ou tomar JR qualquer ação baseada nessas informações. -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. Hi, I had a similar problem when I tried to add a second DC to my small domain, the first DC was using bind 9 and I tried to add the second DC with the internal DNS server and it failed very similarly to the OP. I had to install bind 9 on the second DC before it would join, I also seem to remember somebody else having the same problem. Does this mean that if are joining another DC, it has to be configured like the first DC ? Rowland -- To unsubscribe
Re: [Samba] Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
My Windows 2003 domain an forest functional Level is 2003. And not have Group Policy Client Side Extensions for Windows Server 2003 (KB943729) Grato. Jacó Ramos 2013/10/11 Mauricio Alvarez maurialvarez...@rocketmail.com Jaco, I am also having problems joining an existing Win2k3 domain using samba 4.0.10. Today I tried 4.1.0, same story (I get a drsuapi.DsBindInfoFallBack object has no attribute--see a few messages above in the mailing list). Now in desperation I am trying samba-head. What concerns me is that previous version of samba4 I could bind OK to the domain (but then had problems with replication, so I had to start over). By the way, are you running in Win2003 functional level? Did you install Group Policy Client Side Extensions for Windows Server 2003 (KB943729)? Hi Greg My passwords are correct and account i am using to join with is valid, and works properly! Grato Jacó Ramos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
I need start bind9 before to domain join with BIND9_DLZ ? Thanks! Jacó Ramos 2013/10/11 Jacó Ramos j4c0r4...@gmail.com My Windows 2003 domain an forest functional Level is 2003. And not have Group Policy Client Side Extensions for Windows Server 2003 (KB943729) Grato. Jacó Ramos 2013/10/11 Mauricio Alvarez maurialvarez...@rocketmail.com Jaco, I am also having problems joining an existing Win2k3 domain using samba 4.0.10. Today I tried 4.1.0, same story (I get a drsuapi.DsBindInfoFallBack object has no attribute--see a few messages above in the mailing list). Now in desperation I am trying samba-head. What concerns me is that previous version of samba4 I could bind OK to the domain (but then had problems with replication, so I had to start over). By the way, are you running in Win2003 functional level? Did you install Group Policy Client Side Extensions for Windows Server 2003 (KB943729)? Hi Greg My passwords are correct and account i am using to join with is valid, and works properly! Grato Jacó Ramos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4.0.10 - 4.1.0 - master can no longer join existing Win2003 domain?
Hello, I can NO LONGER join the existing win 2003 domain (functional level win 2003, I also have installed Group Policy Client Side Extensions for Windows Server 2003). I am running on Ubuntu Server 13.04. I have tried Samba 4.0.10, 4.1.0 and also, in desperation, samba-master. I managed to join the domain with samba 4.0.8 (not sure if it was .8 or .9, it was in mid-September), downloaded via git, compiled and followed the wiki. All was running OK for some time, until I found out it wan no longer replicating. Then I noticed WERR_VERSION_MISMATCH errors when running drs showrepl. Since I was no longer able to demote the Samba4 DC, I decided to manualy delete from the Win2003, delete the samba4 directories and start over. Now when I try join the domain it fails with ERROR(type 'exceptions.AttributeError'): uncaught exception - 'drsuapi.DsBindInfoFallBack' object has no attribute 'supported_extensions' I tried google but I have no idea what this error means. All versions of Samba4 I tried give same error. I am sure I am doing exactly all the steps I did when I managed to join the domain the first time, and also on the Wiki. I am probably missing something. Can anybody please please please help or at least point me in the right direction? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.10 - 4.1.0 - master can no longer join existing Win2003 domain?
Hi Maurico... # rm /usr/local/samba/private/sam.ldb and repeat samba-tool domain join ... Thanks Jacó Ramos 2013/10/11 Mauricio Alvarez maurialvarez...@rocketmail.com Hello, I can NO LONGER join the existing win 2003 domain (functional level win 2003, I also have installed Group Policy Client Side Extensions for Windows Server 2003). I am running on Ubuntu Server 13.04. I have tried Samba 4.0.10, 4.1.0 and also, in desperation, samba-master. I managed to join the domain with samba 4.0.8 (not sure if it was .8 or .9, it was in mid-September), downloaded via git, compiled and followed the wiki. All was running OK for some time, until I found out it wan no longer replicating. Then I noticed WERR_VERSION_MISMATCH errors when running drs showrepl. Since I was no longer able to demote the Samba4 DC, I decided to manualy delete from the Win2003, delete the samba4 directories and start over. Now when I try join the domain it fails with ERROR(type 'exceptions.AttributeError'): uncaught exception - 'drsuapi.DsBindInfoFallBack' object has no attribute 'supported_extensions' I tried google but I have no idea what this error means. All versions of Samba4 I tried give same error. I am sure I am doing exactly all the steps I did when I managed to join the domain the first time, and also on the Wiki. I am probably missing something. Can anybody please please please help or at least point me in the right direction? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 DC slow users bulk load
it is much clearer, thanks again for your help On Oct 11, 2013 5:23 AM, Andrew Bartlett abart...@samba.org wrote: On Mon, 2013-10-07 at 23:46 +0300, Nikos Mitas wrote: sorry, but can you give me more details about 'full build tree' ? What I was suggesting is that the perf.data file isn't something I can use directly. I need you to run 'perf report -g' on it, and do some of the investigation, because it relies on system-specific symbols. I hope this is clearer. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.10 - 4.1.0 - master can no longer join existing Win2003 domain?
Hi Jacó Hi Maurico... # rm /usr/local/samba/private/sam.ldb Did an rm -rf /usr/local/samba instead, nothing was working and couldn't demote. Then recompiled. and repeat samba-tool domain join ... Nothing is working. As I said, I tried recompiling three times with three different versions. I am following same steps I made the first time (when it actually joined the domain). Compile, check /etc/krb5.conf, kinit, check klist, then attempt joining the domain. There's an error message drsuapi.DsBindInfoFallBack. Anybody, what does it mean? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba release series
On Fri, 2013-10-11 at 11:27 +0200, Karolin Seeger wrote: On Fri, Oct 11, 2013 at 10:17:31AM +0100, Rowland Penny wrote: On 11/10/13 09:55, Karolin Seeger wrote: Hi, with today's release of Samba 4.1.0, Samba 4.0 has been turned into the maintenance mode and Samba 3.6 into the security fixes only mode. Samba 3.5 is officially unsupported now. For more details on the modi and other release planning information, please see https://wiki.samba.org/index.php/Samba_Release_Planning Cheers, Karolin HI, My, but the release page has gone posh ;-) but shouldn't the 'started' column really be 'released' and I think a few of the boxes require filling in Sure, will do that as soon as possible. While we are talking about the release pages, I wonder with the new colour table on that page, should we remove the Branch policy page, and just fold the text into this page? That way, we don't have two pages to keep updated. (I'm happy to do it, just wanted to ask first). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.1.0 Available for Download
On 2013-10-11 9:49 AM, samba-requ...@lists.samba.org samba-requ...@lists.samba.org wrote: REMOVED COMPONENTS == The Samba Web Administration Tool (SWAT) has been removed. Details why SWAT has been removed can be found on the samba-technical mailing list: https://lists.samba.org/archive/samba-technical/2013-February/090572.html Just curious what was decided about this comment (he has a very excellent point): I have yet to make the jump to Samba4, so I have not seen the version of SWAT designed for it. For me, the primary benefit of SWAT in Samba3 was the ability to use the help link for any parameter to see what that parameter did, what the default was, and what its proper syntax was. For reference, I ran man smb.conf. Viewing full screen, I pressed the Page Down key 34 times and was still in the 1st third of the alphabetical listing of parameters. It's no small wonder that I never used man smb.conf to configure Samba. SWAT was my friend. So, if Samba4 has anywhere near the number of parameters as Samba3, I would be greatly disappointed to see SWAT go away entirely. An html version of the samba-doc package that contained all parameters with links to their definitions/descriptions would be a welcome and suitable replacement. Thanks, Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3 EOL ?
Hi, The page https://wiki.samba.org/index.php/Samba_Release_Planning doesn't really tell the date until samba 3 will receive security updates. It seems that it could end already in 9 months. I find it unlikely that most users will have switched by that time. The 9 month rule is fine for a switch from 3.x to 3.x+1, but the switch from 3 to 4 is special. Please consider a longer support. Klaus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 and squid ntlm auth
Hi List, Looking for assistance with a squid authentication problem against Samba 4. The squid proxy we're using worked fine on our old Samba 3 domain with 500+ users but keeps freezing on our new Samba 4 domain. I've joined the proxy using net ads join and the samba 4 network is a clean build as we wanted to leave any baggage from the old one behind. What we now have is a situation where Samba 4 authenticates squid using NTLM perfectly up until around 120 users are using it. Once we get above 120, it starts to down and as we approach 140 it dies altogether. At this point, we restart samba and it works perfectly well for a period of about 5 minutes with the 140+ users connected at which point it will either slow to a crawl then fall over or sometimes will just fall over. The network has three Samba 4 Domain controllers. replication works across the three and at any given time, they are running at around 25% CPU load and consuming around 500MB of RAM. All three are 3GHz, quad core Xeons with between 4 and 12GB of RAM. The odd thing is that at no point when Samba seems to be hanging, do we lose access to shares on our fileserver and I also have Owncloud authenticating via a read only LDAP proxy which is caching. The really odd thing is that I'm not seeing any obvious messages on either squid, the samba 3 install or the DCs that points towards any major problem. Given the numbers issue, I thought maybe I was hitting a ulimit wall but the hard and soft limits are both unlimited. Does anyone have a similar setup and any info on where to go from here, i.e. which logs to check, etc.? The OS details are as follows: DC1 and DC1 - centos 6.4 Samba 4.0.10 (compiled from source) with internal DNS DC3 - Debian Squeeze with Samba 4.0.10 (compiled from source) with Bind 9.8 with dlz Squid proxy - Debian squeeze with Squid 2.7 Stable 9.2 from .deb package Clients Windows 7 XP SP3 Cheers, Julian -- Borden Grammar School, Avenue of Remembrance, Sittingbourne, Kent, ME10 4DB. Tel: 01795 424192 This e-mail is from Borden Grammar School Trust. This e-mail, together with any files transmitted with it, are confidential, and are intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised dissemination or copying of this e-mail or its attachments, and any use or disclosure of any information contained in them, is strictly prohibited, and may also be illegal. If you are not the intended recipient you must not use, disclose, distribute, copy, print or relay this e-mail. Please note that any views expressed by an individual within this e-mail, do not necessarily reflect the views of the Borden Grammar School Trust. Borden Grammar School Trust has taken reasonable precautions to ensure no viruses are present in this e-mail, the Academy cannot accept responsibility for any loss or damage arising from the use of this e-mail and/or files attached. Registered office: Borden Grammar School, Avenue of Remembrance, Sittingbourne, Kent, ME10 4DB Registered in England: 07827591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 EOL ?
On Thu, 2013-10-10 at 17:00 +0200, Klaus Hartnegg wrote: Hi, The page https://wiki.samba.org/index.php/Samba_Release_Planning doesn't really tell the date until samba 3 will receive security updates. It seems that it could end already in 9 months. I find it unlikely that most users will have switched by that time. The 9 month rule is fine for a switch from 3.x to 3.x+1, but the switch from 3 to 4 is special. Please consider a longer support. The switch from 3 to 4 is not special. That is why longer support won't be required. If you are not interested in the new AD features, then Samba 4.0 is just the next generation of the same file server code that you find in Samba 3.6. Think of it like a 3.7 in that respect. Also, Samba 3.6 already has a very, very long support life, because Samba 4.0 took quite some time to finally release. I hope this clarifies things, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Crashing
Ok this is the backtrace I am getting. #0 0x00205424 in __kernel_vsyscall () #1 0x008d8363 in __waitpid_nocancel () from /lib/libc.so.6 #2 0x00871eb3 in do_system () from /lib/libc.so.6 #3 0x00bda7ed in system () from /lib/libpthread.so.0 #4 0x00a69ab5 in smb_panic_s3 (why=0xcbdb5d internal error) at ../source3/lib/util.c:823 #5 0x00cac76c in smb_panic (why=0xcbdb5d internal error) at ../lib/util/fault.c:159 #6 0x00cac45f in fault_report (sig=11) at ../lib/util/fault.c:77 #7 0x00cac470 in sig_fault (sig=11) at ../lib/util/fault.c:88 #8 signal handler called #9 0x00bfe56d in get_dcs_insite (ctx=0xaec93610, ldb=0x1c38830, sitedn=0xaef02218, list=0xaecd7740, dofqdn=true) at ../dfs_server/dfs_server_ad.c:224 #10 0x00bfed10 in get_dcs (ctx=0xaec91850, ldb=0x1c38830, searched_site=0xae98f908 Default-First-Site-Name, need_fqdn=true, pset_list=0xbf844824, flags=0) at ../dfs_server/dfs_server_ad.c:345 #11 0x00bff780 in dodc_referral (lp_ctx=0xaefaa1c0, sam_ctx=0x1c38830, client=0xaee60cf0, r=0xaec91850, domain_name=0xaec918e1 corp.clima-tech.com) at ../dfs_server/dfs_server_ad.c:559 #12 0x00c00409 in dfs_server_ad_get_referrals (lp_ctx=0xaefaa1c0, sam_ctx=0x1c38830, client=0xaee60cf0, r=0xaec91850) at ../dfs_server/dfs_server_ad.c:880 #13 0x004a7e75 in dfs_samba4_get_referrals (handle=0xaeef8df0, r=0xaec91850) at ../source3/modules/vfs_dfs_samba4.c:118 #14 0x004121f9 in smb_vfs_call_get_dfs_referrals (handle=0xaeef8df0, r=0xaec91850) at ../source3/smbd/vfs.c:1449 #15 0x0043a5ca in setup_dfs_referral (orig_conn=0xae77a8d0, dfs_path=0xaec917a0 \\corp.clima-tech.com, max_referral_level=3, ppdata=0xae9ca24c, pstatus=0xbf8449c8) at ../source3/smbd/msdfs.c:1071 #16 0x003f3942 in call_trans2getdfsreferral (conn=0xae77a8d0, req=0xaec91700, pparams=0xae9ca244, total_params=44, ppdata=0xae9ca24c, total_data=0, max_data_bytes=4096) at ../source3/smbd/trans2.c:8551 #17 0x003f43d1 in handle_trans2 (conn=0xae77a8d0, req=0xaec91700, state=0xae9ca200) at ../source3/smbd/trans2.c:8818 #18 0x003f4da0 in reply_trans2 (req=0xaec91700) at ../source3/smbd/trans2.c:9003 #19 0x00426055 in switch_message (type=50 '2', req=0xaec91700) at ../source3/smbd/process.c:1556 #20 0x004261e5 in construct_reply (sconn=0xaf34e018, inbuf=0x0, size=116, unread_bytes=0, seqnum=0, encrypted=false, deferred_pcd=0x0) at ../source3/smbd/process.c:1592 #21 0x00426c89 in process_smb (sconn=0xaf34e018, inbuf=0xaec91650 , nread=116, unread_bytes=0, seqnum=0, encrypted=false, deferred_pcd=0x0) at ../source3/smbd/process.c:1843 #22 0x00427b99 in smbd_server_connection_read_handler (sconn=0xaf34e018, fd=45) at ../source3/smbd/process.c:2432 #23 0x00427c0f in smbd_server_connection_handler (ev=0x1c3a8d0, fde=0xaf3b23b0, flags=1, private_data=0xaf34e018) at ../source3/smbd/process.c:2449 #24 0x00a84ef0 in run_events_poll (ev=0x1c3a8d0, pollrtn=1, pfds=0xaeba7da0, num_pfds=3) at ../source3/lib/events.c:257 #25 0x00a851bb in s3_event_loop_once (ev=0x1c3a8d0, location=0x5980a0 ../source3/smbd/process.c:3625) at ../source3/lib/events.c:326 #26 0x0021a0c3 in _tevent_loop_once (ev=0x1c3a8d0, location=0x5980a0 ../source3/smbd/process.c:3625) at ../lib/tevent/tevent.c:530 #27 0x0042af84 in smbd_process (ev_ctx=0x1c3a8d0, msg_ctx=0x1c3a950, sock_fd=45, interactive=false) at ../source3/smbd/process.c:3625 #28 0x009f4515 in smbd_accept_connection (ev=0x1c3a8d0, fde=0xb70564c8, flags=1, private_data=0xaf1be5c0) at ../source3/smbd/server.c:621 #29 0x00a84ef0 in run_events_poll (ev=0x1c3a8d0, pollrtn=1, pfds=0xaeba7da0, num_pfds=6) at ../source3/lib/events.c:257 #30 0x00a851bb in s3_event_loop_once (ev=0x1c3a8d0, location=0x9f8c06 ../source3/smbd/server.c:946) at ../source3/lib/events.c:326 #31 0x0021a0c3 in _tevent_loop_once (ev=0x1c3a8d0, location=0x9f8c06 ../source3/smbd/server.c:946) at ../lib/tevent/tevent.c:530 #32 0x009f50dc in smbd_parent_loop (ev_ctx=0x1c3a8d0, parent=0x1c3d7f8) at ../source3/smbd/server.c:946 #33 0x009f6964 in main (argc=3, argv=0xbf8453d4) at ../source3/smbd/server.c:1568 Wayne Andersen System Administrator Clima-Tech Corporation On 10/02/2013 05:58 PM, Jeremy Allison wrote: On Wed, Oct 02, 2013 at 06:20:34AM -0600, Wayne Andersen wrote: I have Samba 4.0.9 installed on three Centos servers. On my primary DC I am getting faults and core dumps. Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.083800, 0] ../lib/util/fault.c:72(fault_report) Oct 2 06:10:37 dc1 smbd[1195]: === Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.084493, 0] ../lib/util/fault.c:73(fault_report) Oct 2 06:10:37 dc1 smbd[1195]: INTERNAL ERROR: Signal 11 in pid 1195 (4.0.9) Oct 2 06:10:37 dc1 smbd[1195]: Please read the Trouble-Shooting section of the Samba HOWTO Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.084928, 0] ../lib/util/fault.c:75(fault_report) Oct 2 06:10:37 dc1 smbd[1195]:
Re: [Samba] Samba 4 and squid ntlm auth
On Thu, 2013-10-10 at 16:36 +0100, Julian Pilfold-Bagwell wrote: Hi List, Looking for assistance with a squid authentication problem against Samba 4. The squid proxy we're using worked fine on our old Samba 3 domain with 500+ users but keeps freezing on our new Samba 4 domain. I've joined the proxy using net ads join and the samba 4 network is a clean build as we wanted to leave any baggage from the old one behind. What we now have is a situation where Samba 4 authenticates squid using NTLM perfectly up until around 120 users are using it. Once we get above 120, it starts to down and as we approach 140 it dies altogether. At this point, we restart samba and it works perfectly well for a period of about 5 minutes with the 140+ users connected at which point it will either slow to a crawl then fall over or sometimes will just fall over. The network has three Samba 4 Domain controllers. replication works across the three and at any given time, they are running at around 25% CPU load and consuming around 500MB of RAM. All three are 3GHz, quad core Xeons with between 4 and 12GB of RAM. The odd thing is that at no point when Samba seems to be hanging, do we lose access to shares on our fileserver and I also have Owncloud authenticating via a read only LDAP proxy which is caching. The really odd thing is that I'm not seeing any obvious messages on either squid, the samba 3 install or the DCs that points towards any major problem. Given the numbers issue, I thought maybe I was hitting a ulimit wall but the hard and soft limits are both unlimited. Does anyone have a similar setup and any info on where to go from here, i.e. which logs to check, etc.? The OS details are as follows: DC1 and DC1 - centos 6.4 Samba 4.0.10 (compiled from source) with internal DNS DC3 - Debian Squeeze with Samba 4.0.10 (compiled from source) with Bind 9.8 with dlz Squid proxy - Debian squeeze with Squid 2.7 Stable 9.2 from .deb package My guess is that the single thread that is doing the lookups in the sam.ldb and the subsequent authentication is choking on the constant barrage of NTLM authentication traffic. You might want to look into using kerberos, rather than NTLM authentication, now you have an AD domain. This will not need to place load on the DC for each page load. However, we should cope with lots of authentication, so if you have the skill, running 'perf record -g PID' on the busy PID could be quite illuminating, once analyzed with 'perf report -g'. Please don't try and mail me the perf.data output (it needs the build tree and symbols), but examine it and tell me where the CPU is being used and what callers responsible for it (screen-shots are OK in this specific instance). Also, just have a look at a wireshark trace of the success and failure modes, and see if you can show a difference. If the traces are not massive, these you can mail to me. Either way, the wireshark 'service response time' over DCE/RPC would be particularly interesting to see. I hope this helps, Andrew Bartlett Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 DC slow users bulk load
On Mon, 2013-10-07 at 23:46 +0300, Nikos Mitas wrote: sorry, but can you give me more details about 'full build tree' ? What I was suggesting is that the perf.data file isn't something I can use directly. I need you to run 'perf report -g' on it, and do some of the investigation, because it relies on system-specific symbols. I hope this is clearer. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 DC slow users bulk load
Hello again, all three samba4 DC's have 16 GB RAM each and 2 sockets with 4 cores each (total 8 cores each) the three DC's and the identity manager are in the same VLAN. but today i noticed that during bulk load only one core is busy 100% and the rest are idle. i was unable to run samba under TDB_NO_FSYNC=1 today. maybe tomorrow. this is the link for the perf.data file: http://www.sendspace.com/file/9g46ll this is my smb.conf: # Global parameters [global] workgroup = NKMITAS realm = nkmitas.gr netbios name = SAMBA4DC3 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate [netlogon] path = /usr/local/samba/var/locks/sysvol/nkmitas.gr/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No thanks for your help On Oct 6, 2013 11:49 PM, Andrew Bartlett abart...@samba.org wrote: On Sun, 2013-10-06 at 13:48 +0300, Nikos Mitas wrote: Hello, i have successfully installed samba 4 on three vmware VM's and everything works fine (join pc to domain, user login, dns updates, ntp), but i am facing some performance problems during users bulk loading. my environment: 1st DC: RedHat Linux v6.4,samba 4.1rc4,dns 9.9.3P2,ntp 2nd DC:RedHat Linux v6.4,samba 4.1rc4,dns 9.9.3P2,ntp 3rd DC:RedHat Linux v6.4,samba 4.1rc4,ntp to bulk load the users (around 20.000 accounts) i am using IBM Tivoli Identity Manager to automatically create the AD accounts into Samba but the performance is poor. 120 users per hour at most. Any ideas what to check or what needs to be tuned? We need to work out what specifically is slow, so we can deal with it. If you can capture the ldap server task under 'perf record -g -p PID' that might give some clues. It shouldn't take 30 seconds to add a user, but at this size many O(n^2) things blow up badly, and we may need to re-investigate better approaches in some cases. Also, ensure you have plenty of memory, and for the period of the import, run samba under TDB_NO_FSYNC=1. This makes samba unsafe against a poweroff event (equivalent to linking with libeatmydata), so don't use this in production, but it will make things much, much faster for the initial import. Andrew Bartlett Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 DC slow users bulk load
On Mon, 2013-10-07 at 22:52 +0300, Nikos Mitas wrote: Hello again, all three samba4 DC's have 16 GB RAM each and 2 sockets with 4 cores each (total 8 cores each) the three DC's and the identity manager are in the same VLAN. but today i noticed that during bulk load only one core is busy 100% and the rest are idle. i was unable to run samba under TDB_NO_FSYNC=1 today. maybe tomorrow. this is the link for the perf.data file: http://www.sendspace.com/file/9g46ll this is my smb.conf: The pref.data file isn't any use to me without your full build tree, so the best way to use it is to then run 'perf report -g' and investigate where the highest CPU users are, and what calls them. (it is curses-based tool). The 100% busy CPU is because the LDAP server is single-threaded, so that isn't really unexpected. I hope this helps you make some more progress chasing this down. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 DC slow users bulk load
sorry, but can you give me more details about 'full build tree' ? 2013/10/7 Andrew Bartlett abart...@samba.org On Mon, 2013-10-07 at 22:52 +0300, Nikos Mitas wrote: Hello again, all three samba4 DC's have 16 GB RAM each and 2 sockets with 4 cores each (total 8 cores each) the three DC's and the identity manager are in the same VLAN. but today i noticed that during bulk load only one core is busy 100% and the rest are idle. i was unable to run samba under TDB_NO_FSYNC=1 today. maybe tomorrow. this is the link for the perf.data file: http://www.sendspace.com/file/9g46ll this is my smb.conf: The pref.data file isn't any use to me without your full build tree, so the best way to use it is to then run 'perf report -g' and investigate where the highest CPU users are, and what calls them. (it is curses-based tool). The 100% busy CPU is because the LDAP server is single-threaded, so that isn't really unexpected. I hope this helps you make some more progress chasing this down. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 4 DC slow users bulk load
Hello, i have successfully installed samba 4 on three vmware VM's and everything works fine (join pc to domain, user login, dns updates, ntp), but i am facing some performance problems during users bulk loading. my environment: 1st DC: RedHat Linux v6.4,samba 4.1rc4,dns 9.9.3P2,ntp 2nd DC:RedHat Linux v6.4,samba 4.1rc4,dns 9.9.3P2,ntp 3rd DC:RedHat Linux v6.4,samba 4.1rc4,ntp to bulk load the users (around 20.000 accounts) i am using IBM Tivoli Identity Manager to automatically create the AD accounts into Samba but the performance is poor. 120 users per hour at most. Any ideas what to check or what needs to be tuned? Thanks for your time Nikos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 DC slow users bulk load
On Sun, 2013-10-06 at 13:48 +0300, Nikos Mitas wrote: Hello, i have successfully installed samba 4 on three vmware VM's and everything works fine (join pc to domain, user login, dns updates, ntp), but i am facing some performance problems during users bulk loading. my environment: 1st DC: RedHat Linux v6.4,samba 4.1rc4,dns 9.9.3P2,ntp 2nd DC:RedHat Linux v6.4,samba 4.1rc4,dns 9.9.3P2,ntp 3rd DC:RedHat Linux v6.4,samba 4.1rc4,ntp to bulk load the users (around 20.000 accounts) i am using IBM Tivoli Identity Manager to automatically create the AD accounts into Samba but the performance is poor. 120 users per hour at most. Any ideas what to check or what needs to be tuned? We need to work out what specifically is slow, so we can deal with it. If you can capture the ldap server task under 'perf record -g -p PID' that might give some clues. It shouldn't take 30 seconds to add a user, but at this size many O(n^2) things blow up badly, and we may need to re-investigate better approaches in some cases. Also, ensure you have plenty of memory, and for the period of the import, run samba under TDB_NO_FSYNC=1. This makes samba unsafe against a poweroff event (equivalent to linking with libeatmydata), so don't use this in production, but it will make things much, much faster for the initial import. Andrew Bartlett Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 install packages for Ubuntu 10
Save yourself a lot of pain. Update to Ubuntu 12, at least, to keep your Samba 4 releases up to date. On Thu, Oct 3, 2013 at 10:03 PM, Derek Lewis dle...@mtu.edu wrote: Hello, I want to upgrade my current samba 3.7 that I compiled, to samba 4, and wondered if I can get binaries compatible with Ubuntu 10? Sent from my iPhone -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA + open LDAP + password hashing
Many thanks for the answer, you solved a doubt I had for a long time. What do you mean when you say other than kerberos ? Can you point me to some documentation or how to for setting up samba + kerberos + ldap? Thanks *Alberto Aldrigo* Il 02/10/13 20:57, Andrew Bartlett ha scritto: On Wed, 2013-10-02 at 11:46 +0200, Alberto Aldrigo | Ca' Tron RE wrote: Hi everybody, I'm running an Ubuntu server as fileserver for Osx clients using netatalk and now I need to add support to samba for windows clients. Every user has an account on open LDAP user base and every account has a password stored using SSHA hashing. I would like to know if I can use the same user base with samba and how to configure it to use ssha instead of NT/LM or if there is an alternative. No, there is no alternative (other than Kerberos). The encryption types are incompatible. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA + open LDAP + password hashing
On Thu, 2013-10-03 at 09:41 +0200, Alberto Aldrigo | Ca' Tron RE wrote: Many thanks for the answer, you solved a doubt I had for a long time. What do you mean when you say other than kerberos ? Can you point me to some documentation or how to for setting up samba + kerberos + ldap? Thanks The easiest way to do Samba + kerberos + ldap is to set up Samba as an AD DC. That said, I shouldn't have mentioned Kerberos in the context of your original query, as it still has the same issues of needing those password types, which you don't have. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 install packages for Ubuntu 10
Hello, I want to upgrade my current samba 3.7 that I compiled, to samba 4, and wondered if I can get binaries compatible with Ubuntu 10? Sent from my iPhone -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA + open LDAP + password hashing
Hi everybody, I'm running an Ubuntu server as fileserver for Osx clients using netatalk and now I need to add support to samba for windows clients. Every user has an account on open LDAP user base and every account has a password stored using SSHA hashing. I would like to know if I can use the same user base with samba and how to configure it to use ssha instead of NT/LM or if there is an alternative. Thanks Bye *Alberto* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Crashing
I have Samba 4.0.9 installed on three Centos servers. On my primary DC I am getting faults and core dumps. Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.083800, 0] ../lib/util/fault.c:72(fault_report) Oct 2 06:10:37 dc1 smbd[1195]: === Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.084493, 0] ../lib/util/fault.c:73(fault_report) Oct 2 06:10:37 dc1 smbd[1195]: INTERNAL ERROR: Signal 11 in pid 1195 (4.0.9) Oct 2 06:10:37 dc1 smbd[1195]: Please read the Trouble-Shooting section of the Samba HOWTO Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.084928, 0] ../lib/util/fault.c:75(fault_report) Oct 2 06:10:37 dc1 smbd[1195]: === Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.085268, 0] ../source3/lib/util.c:810(smb_panic_s3) Oct 2 06:10:37 dc1 smbd[1195]: PANIC (pid 1195): internal error Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.087348, 0] ../source3/lib/util.c:921(log_stack_trace) Oct 2 06:10:37 dc1 smbd[1195]: BACKTRACE: 32 stack frames: Oct 2 06:10:37 dc1 smbd[1195]:#0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x2b) [0xdd2bc5] Oct 2 06:10:37 dc1 smbd[1195]:#1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x7f) [0xdd2a23] Oct 2 06:10:37 dc1 smbd[1195]:#2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x2a) [0xb2c76c] Oct 2 06:10:37 dc1 smbd[1195]:#3 /usr/local/samba/lib/libsamba-util.so.0(+0x1745f) [0xb2c45f] Oct 2 06:10:37 dc1 smbd[1195]:#4 /usr/local/samba/lib/libsamba-util.so.0(+0x17470) [0xb2c470] Oct 2 06:10:37 dc1 smbd[1195]:#5 [0x521400] Oct 2 06:10:37 dc1 smbd[1195]:#6 /usr/local/samba/lib/private/libdfs_server_ad.so(+0x1d10) [0x3efd10] Oct 2 06:10:37 dc1 smbd[1195]:#7 /usr/local/samba/lib/private/libdfs_server_ad.so(+0x2780) [0x3f0780] Oct 2 06:10:37 dc1 smbd[1195]:#8 /usr/local/samba/lib/private/libdfs_server_ad.so(dfs_server_ad_get_referrals+0x38d) [0x3f1409] Oct 2 06:10:37 dc1 smbd[1195]:#9 /usr/local/samba/lib/private/libsmbd_base.so(+0x1a1e75) [0x8cfe75] Oct 2 06:10:37 dc1 smbd[1195]:#10 /usr/local/samba/lib/private/libsmbd_base.so(smb_vfs_call_get_dfs_referrals+0x3d) [0x83a1f9] Oct 2 06:10:37 dc1 smbd[1195]:#11 /usr/local/samba/lib/private/libsmbd_base.so(setup_dfs_referral+0xea) [0x8625ca] Oct 2 06:10:37 dc1 smbd[1195]:#12 /usr/local/samba/lib/private/libsmbd_base.so(+0xed942) [0x81b942] Oct 2 06:10:37 dc1 smbd[1195]:#13 /usr/local/samba/lib/private/libsmbd_base.so(+0xee3d1) [0x81c3d1] Oct 2 06:10:37 dc1 smbd[1195]:#14 /usr/local/samba/lib/private/libsmbd_base.so(reply_trans2+0x8eb) [0x81cda0] Oct 2 06:10:37 dc1 smbd[1195]:#15 /usr/local/samba/lib/private/libsmbd_base.so(+0x120055) [0x84e055] Oct 2 06:10:37 dc1 smbd[1195]:#16 /usr/local/samba/lib/private/libsmbd_base.so(+0x1201e5) [0x84e1e5] Oct 2 06:10:37 dc1 smbd[1195]:#17 /usr/local/samba/lib/private/libsmbd_base.so(+0x120c89) [0x84ec89] Oct 2 06:10:37 dc1 smbd[1195]:#18 /usr/local/samba/lib/private/libsmbd_base.so(+0x121b99) [0x84fb99] Oct 2 06:10:37 dc1 smbd[1195]:#19 /usr/local/samba/lib/private/libsmbd_base.so(+0x121c0f) [0x84fc0f] Oct 2 06:10:37 dc1 smbd[1195]:#20 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x481) [0xdedef0] Oct 2 06:10:37 dc1 smbd[1195]:#21 /usr/local/samba/lib/libsmbconf.so.0(+0x371bb) [0xdee1bb] Oct 2 06:10:37 dc1 smbd[1195]:#22 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf3) [0x3530c3] Oct 2 06:10:37 dc1 smbd[1195]:#23 /usr/local/samba/lib/private/libsmbd_base.so(smbd_process+0x120c) [0x852f84] Oct 2 06:10:37 dc1 smbd[1195]:#24 /usr/local/samba/sbin/smbd(+0x8515) [0x496515] Oct 2 06:10:37 dc1 smbd[1195]:#25 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x481) [0xdedef0] Oct 2 06:10:37 dc1 smbd[1195]:#26 /usr/local/samba/lib/libsmbconf.so.0(+0x371bb) [0xdee1bb] Oct 2 06:10:37 dc1 smbd[1195]:#27 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf3) [0x3530c3] Oct 2 06:10:37 dc1 smbd[1195]:#28 /usr/local/samba/sbin/smbd(+0x90dc) [0x4970dc] Oct 2 06:10:37 dc1 smbd[1195]:#29 /usr/local/samba/sbin/smbd(main+0x1723) [0x498964] Oct 2 06:10:37 dc1 smbd[1195]:#30 /lib/libc.so.6(__libc_start_main+0xe6) [0xb7130ce6] Oct 2 06:10:37 dc1 smbd[1195]:#31 /usr/local/samba/sbin/smbd(+0x3eb1) [0x491eb1] Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.092166, 0] ../source3/lib/dumpcore.c:317(dump_core) Oct 2 06:10:37 dc1 smbd[1195]: dumping core in /usr/local/samba/var/cores/smbd These just started today. For the most part things seem to be working except for the fact that I tried adding a new user yesterday which is unable to log in. -- Wayne Andersen System Administrator Clima-Tech Corporation direct 208-947-1849 cell 208-440-2912 -- To unsubscribe from this list go to the
Re: [Samba] SAMBA + open LDAP + password hashing
On Wed, 2013-10-02 at 11:46 +0200, Alberto Aldrigo | Ca' Tron RE wrote: Hi everybody, I'm running an Ubuntu server as fileserver for Osx clients using netatalk and now I need to add support to samba for windows clients. Every user has an account on open LDAP user base and every account has a password stored using SSHA hashing. I would like to know if I can use the same user base with samba and how to configure it to use ssha instead of NT/LM or if there is an alternative. No, there is no alternative (other than Kerberos). The encryption types are incompatible. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA RESOURCE
Hi everybody: I have a problem with samba 4.0.9 Why when I put browseable = no in a shared resource, it still appears from a windows client? Thanks Diego Donoso -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Crashing
On Wed, Oct 02, 2013 at 06:20:34AM -0600, Wayne Andersen wrote: I have Samba 4.0.9 installed on three Centos servers. On my primary DC I am getting faults and core dumps. Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.083800, 0] ../lib/util/fault.c:72(fault_report) Oct 2 06:10:37 dc1 smbd[1195]: === Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.084493, 0] ../lib/util/fault.c:73(fault_report) Oct 2 06:10:37 dc1 smbd[1195]: INTERNAL ERROR: Signal 11 in pid 1195 (4.0.9) Oct 2 06:10:37 dc1 smbd[1195]: Please read the Trouble-Shooting section of the Samba HOWTO Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.084928, 0] ../lib/util/fault.c:75(fault_report) Oct 2 06:10:37 dc1 smbd[1195]: === Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.085268, 0] ../source3/lib/util.c:810(smb_panic_s3) Oct 2 06:10:37 dc1 smbd[1195]: PANIC (pid 1195): internal error Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.087348, 0] ../source3/lib/util.c:921(log_stack_trace) Oct 2 06:10:37 dc1 smbd[1195]: BACKTRACE: 32 stack frames: Oct 2 06:10:37 dc1 smbd[1195]:#0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x2b) [0xdd2bc5] Oct 2 06:10:37 dc1 smbd[1195]:#1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x7f) [0xdd2a23] Oct 2 06:10:37 dc1 smbd[1195]:#2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x2a) [0xb2c76c] Oct 2 06:10:37 dc1 smbd[1195]:#3 /usr/local/samba/lib/libsamba-util.so.0(+0x1745f) [0xb2c45f] Oct 2 06:10:37 dc1 smbd[1195]:#4 /usr/local/samba/lib/libsamba-util.so.0(+0x17470) [0xb2c470] Oct 2 06:10:37 dc1 smbd[1195]:#5 [0x521400] Oct 2 06:10:37 dc1 smbd[1195]:#6 /usr/local/samba/lib/private/libdfs_server_ad.so(+0x1d10) [0x3efd10] Oct 2 06:10:37 dc1 smbd[1195]:#7 /usr/local/samba/lib/private/libdfs_server_ad.so(+0x2780) [0x3f0780] Oct 2 06:10:37 dc1 smbd[1195]:#8 /usr/local/samba/lib/private/libdfs_server_ad.so(dfs_server_ad_get_referrals+0x38d) [0x3f1409] Oct 2 06:10:37 dc1 smbd[1195]:#9 /usr/local/samba/lib/private/libsmbd_base.so(+0x1a1e75) [0x8cfe75] Oct 2 06:10:37 dc1 smbd[1195]:#10 /usr/local/samba/lib/private/libsmbd_base.so(smb_vfs_call_get_dfs_referrals+0x3d) [0x83a1f9] Oct 2 06:10:37 dc1 smbd[1195]:#11 /usr/local/samba/lib/private/libsmbd_base.so(setup_dfs_referral+0xea) [0x8625ca] Oct 2 06:10:37 dc1 smbd[1195]:#12 /usr/local/samba/lib/private/libsmbd_base.so(+0xed942) [0x81b942] Oct 2 06:10:37 dc1 smbd[1195]:#13 /usr/local/samba/lib/private/libsmbd_base.so(+0xee3d1) [0x81c3d1] Oct 2 06:10:37 dc1 smbd[1195]:#14 /usr/local/samba/lib/private/libsmbd_base.so(reply_trans2+0x8eb) [0x81cda0] Oct 2 06:10:37 dc1 smbd[1195]:#15 /usr/local/samba/lib/private/libsmbd_base.so(+0x120055) [0x84e055] Oct 2 06:10:37 dc1 smbd[1195]:#16 /usr/local/samba/lib/private/libsmbd_base.so(+0x1201e5) [0x84e1e5] Oct 2 06:10:37 dc1 smbd[1195]:#17 /usr/local/samba/lib/private/libsmbd_base.so(+0x120c89) [0x84ec89] Oct 2 06:10:37 dc1 smbd[1195]:#18 /usr/local/samba/lib/private/libsmbd_base.so(+0x121b99) [0x84fb99] Oct 2 06:10:37 dc1 smbd[1195]:#19 /usr/local/samba/lib/private/libsmbd_base.so(+0x121c0f) [0x84fc0f] Oct 2 06:10:37 dc1 smbd[1195]:#20 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x481) [0xdedef0] Oct 2 06:10:37 dc1 smbd[1195]:#21 /usr/local/samba/lib/libsmbconf.so.0(+0x371bb) [0xdee1bb] Oct 2 06:10:37 dc1 smbd[1195]:#22 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf3) [0x3530c3] Oct 2 06:10:37 dc1 smbd[1195]:#23 /usr/local/samba/lib/private/libsmbd_base.so(smbd_process+0x120c) [0x852f84] Oct 2 06:10:37 dc1 smbd[1195]:#24 /usr/local/samba/sbin/smbd(+0x8515) [0x496515] Oct 2 06:10:37 dc1 smbd[1195]:#25 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x481) [0xdedef0] Oct 2 06:10:37 dc1 smbd[1195]:#26 /usr/local/samba/lib/libsmbconf.so.0(+0x371bb) [0xdee1bb] Oct 2 06:10:37 dc1 smbd[1195]:#27 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf3) [0x3530c3] Oct 2 06:10:37 dc1 smbd[1195]:#28 /usr/local/samba/sbin/smbd(+0x90dc) [0x4970dc] Oct 2 06:10:37 dc1 smbd[1195]:#29 /usr/local/samba/sbin/smbd(main+0x1723) [0x498964] Oct 2 06:10:37 dc1 smbd[1195]:#30 /lib/libc.so.6(__libc_start_main+0xe6) [0xb7130ce6] Oct 2 06:10:37 dc1 smbd[1195]:#31 /usr/local/samba/sbin/smbd(+0x3eb1) [0x491eb1] Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.092166, 0] ../source3/lib/dumpcore.c:317(dump_core) Oct 2 06:10:37 dc1 smbd[1195]: dumping core in /usr/local/samba/var/cores/smbd These just started today. For the most part things seem to be working except for the fact that I tried adding a new user yesterday which is unable to log in. Add the line: panic action
[Samba] Samba 4.1rc4 not replicating zone reverse of Windows 2003 Server
Hi, Run : samba-tool domain join udopiaui.net.br DC -Uadministrador --realm= udopiaui.net.br But, when run: samba-tool dns zonelist samba4 show 2 zones: - udopiaui.net.br - _msdcs.udopiaui.net.br - reverse - - no replicate Any Ideas? Grato. Jacó Ramos -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 and vfs_recycle
Hi, I am trying to get vfs_recycle working on Samba 4, I compiled Samba 4 myself, so the man page for vfs_recycle is in: /usr/local/samba/share/man/man8/vfs_recycle.8 I have the recycle bin working on a share, the problem I have is with lists, for instance, how to list which files to exclude. The man page just says: recycle:exclude = LIST List of files that should not be put into the repository when deleted, but deleted in the normal way. Wildcards such as * and ? are supported. OK, but just how are you supposed to separate the components of the list? with commas, spaces or what? Also, bearing in mind that I am using version 4.1.0rc3, why does the man page have this at the bottom. VERSION This man page is correct for version 3.0.25 of the Samba suite. Slightly out of date, I think ;-) Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [samba]How to config samba4 internal dns?
I tryed bind as backend. But the problem was still the same: can't use samba-tool dns to query. There were same errors in log.samba: ... dnsserver: Failed to find DNS Zones in CN=MicrosoftDNS,DC=ForestDnsZones,DC=dotest,DC=com ... In the end I finded the solution. I config the dns zone in win2003. Change the setting of zone replicated from To all domain controllers in the Active Directory domain dotest.com to To all DNS servers in the Active Directory forest dotest.com. Now it seems samba-tool dns is ok with samba internal dns. 2013/8/31 Sense Zeng opaper...@gmail.com I can't figure out how to fix the internal dns problem. Trying bind. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4.1 LDAP error joining domain as DC
Fresh download of Samba 4.1 RC4 source code. Simple build: ./configure make make install Trying to join an existing domain as a domain controller. The domain and forest are both Windows 2008 R2 operational level. There is a single Windows Server 2012 DC. Running the following command to join: # samba-tool domain join mydomain.com DC -d3 -Umydomain.com\\administrator --dns-backend=BIND9_DLZ GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Finding a writeable DC for domain 'mydomain.com' Found DC win-server.mydomain.com Password for [mydomain.com\administrator]: workgroup is MYDOMAIN realm is mydomain.com checking sAMAccountName Adding CN=smb-server,OU=Domain Controllers,DC=mydomain,DC=com Adding CN=smb-server,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com Adding CN=NTDS Settings,CN=smb-server,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com Using binding ncacn_ip_tcp:win-server.mydomain.com[,seal] Adding SPNs to CN=smb-server,OU=Domain Controllers,DC=mydomain,DC=com Setting account password for smb-server$ Enabling account Adding DNS account CN=dns-smb-server,CN=Users,DC=mydomain,DC=com with dns/ SPN Join failed - cleaning up checking sAMAccountName Deleted CN=smb-server,OU=Domain Controllers,DC=mydomain,DC=com Deleted CN=NTDS Settings,CN=smb-server,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com Deleted CN=smb-server,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - 052D: SvcErr: DSID-031A129B, problem 5003 (WILL_NOT_PERFORM), data 0 File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 1169, in join_DC ctx.do_join() File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 1072, in do_join ctx.join_add_objects() File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 616, in join_add_objects ctx.samdb.add(msg) Anyone have any ideas? Thanks, Pete -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.1 LDAP error joining domain as DC
I tried joining the domain as a member, which worked. I then tried to promote the server to a DC using samba-tool domain dcpromo but it failed with the same error: ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - 052D: SvcErr: DSID-031A129B, problem 5003 (WILL_NOT_PERFORM), data 0 File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 482, in run promote_existing=True) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 1169, in join_DC ctx.do_join() File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 1072, in do_join ctx.join_add_objects() File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 616, in join_add_objects ctx.samdb.add(msg) Pete On Sep 28, 2013, at 12:19 PM, Pete Storkey pstor...@shaw.ca wrote: Fresh download of Samba 4.1 RC4 source code. Simple build: ./configure make make install Trying to join an existing domain as a domain controller. The domain and forest are both Windows 2008 R2 operational level. There is a single Windows Server 2012 DC. Running the following command to join: # samba-tool domain join mydomain.com DC -d3 -Umydomain.com\\administrator --dns-backend=BIND9_DLZ GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Finding a writeable DC for domain 'mydomain.com' Found DC win-server.mydomain.com Password for [mydomain.com\administrator]: workgroup is MYDOMAIN realm is mydomain.com checking sAMAccountName Adding CN=smb-server,OU=Domain Controllers,DC=mydomain,DC=com Adding CN=smb-server,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com Adding CN=NTDS Settings,CN=smb-server,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com Using binding ncacn_ip_tcp:win-server.mydomain.com[,seal] Adding SPNs to CN=smb-server,OU=Domain Controllers,DC=mydomain,DC=com Setting account password for smb-server$ Enabling account Adding DNS account CN=dns-smb-server,CN=Users,DC=mydomain,DC=com with dns/ SPN Join failed - cleaning up checking sAMAccountName Deleted CN=smb-server,OU=Domain Controllers,DC=mydomain,DC=com Deleted CN=NTDS Settings,CN=smb-server,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com Deleted CN=smb-server,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - 052D: SvcErr: DSID-031A129B, problem 5003 (WILL_NOT_PERFORM), data 0 File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 1169, in join_DC ctx.do_join() File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 1072, in do_join ctx.join_add_objects() File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 616, in join_add_objects ctx.samdb.add(msg) Anyone have any ideas? Thanks, Pete -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6.15 Not honouring create mode
Using samba 3 as cluster share for many years now and we now need to for the create mode on files. This seems to not be working in3.6.15. Here is my config [global] workgroup = TAYLORTELEPHONE realm = TAYLORTELEPHONE.COM netbios name = SHR01 server string = Cluster Share interfaces = eth0, eth1, lo security = ADS private dir = /clusterdata/ctdb log file = /var/log/samba/log.%m server signing = auto lpq cache time = 20 clustering = Yes printcap name = /etc/printcap wins server = 192.168.173.16 template homedir = /home/%U template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes winbind offline logon = Yes idmap config * : range = 500-400 idmap config TAYLORTELEPHONE:range = 500-400 idmap config TAYLORTELEPHONE:backend = rid idmap config * : backend = tdb2 admin users = @TAYLORTELEPHONE\Domain Admins inherit acls = Yes map acl inherit = Yes max print jobs = 100 printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j [share] comment = Share Data path = /clustershare/share force user = root force group = Domain Admins read only = No force create mode = 660 force directory mode = 770 vfs objects = recycle recycle:directory_mode = 770 recycle:versions = yes recycle:keeptree = yes recycle:noversions = *.doc|*.xls|*.ppt recycle:excludedir = /tmp|/temp|/cache recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|~*.tmp recycle:repository = .recycle After a file or directory is created this is what I get. drwxrwx--- 28 root domain admins 2048 Sep 26 11:57 . drwxr-xr-x 8 root root 3864 May 7 21:00 .. drwxrwxr-x 2 root domain admins 3864 Sep 26 11:57 test -rwxrw-r-- 1 root domain admins 0 Sep 26 12:03 test.txt Jonn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4.0.9 Build Error
Hi Volker, thanks for the patch! Is working :-) https://bugzilla.samba.org/show_bug.cgi?id=10169 Best regards Tom On 2013-09-25 15:26, Volker Lendecke wrote: From a075eb64952d58749660a87049bb7e3d326c5968 Mon Sep 17 00:00:00 2001 From: Volker Lendecke v...@samba.org Date: Wed, 25 Sep 2013 06:24:19 -0700 Subject: [PATCH] smbd: Fix a 64-bit warning --- source3/smbd/scavenger.c |8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/smbd/scavenger.c b/source3/smbd/scavenger.c index fe4e56e..0ca18c8 100644 --- a/source3/smbd/scavenger.c +++ b/source3/smbd/scavenger.c @@ -480,16 +480,16 @@ static void scavenger_timer(struct tevent_context *ev, ctx-msg.open_persistent_id); if (!ok) { DEBUG(2, (Failed to cleanup share modes and byte range locks - for file %s open %lu\n, + for file %s open %llu\n, file_id_string_tos(ctx-msg.file_id), - ctx-msg.open_persistent_id)); + (unsigned long long)ctx-msg.open_persistent_id)); } status = smbXsrv_open_cleanup(ctx-msg.open_persistent_id); if (!NT_STATUS_IS_OK(status)) { - DEBUG(2, (Failed to cleanup open global for file %s open %lu: + DEBUG(2, (Failed to cleanup open global for file %s open %llu: %s\n, file_id_string_tos(ctx-msg.file_id), - ctx-msg.open_persistent_id, nt_errstr(status))); + (unsigned long long)ctx-msg.open_persistent_id, nt_errstr(status))); } } -- Thomas Zeitinger Kundenbetreuung IT-Quadrat EDV Dienstleistungs- und Handels GmbH Krongasse 8/2 A-1050 Wien Tel: +43 (1) 311 44 00 - 10 Fax: +43 (1) 311 44 00 - 90 thomas.zeitin...@it2.at www.it2.at FN 287345t UID ATU63123113 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.15 Not honouring create mode
On Thu, Sep 26, 2013 at 12:08:39PM -0500, Taylor, Jonn wrote: Using samba 3 as cluster share for many years now and we now need to for the create mode on files. This seems to not be working in3.6.15. [share] comment = Share Data path = /clustershare/share force user = root force group = Domain Admins read only = No force create mode = 660 force directory mode = 770 vfs objects = recycle recycle:directory_mode = 770 recycle:versions = yes recycle:keeptree = yes recycle:noversions = *.doc|*.xls|*.ppt recycle:excludedir = /tmp|/temp|/cache recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|~*.tmp recycle:repository = .recycle After a file or directory is created this is what I get. drwxrwx--- 28 root domain admins 2048 Sep 26 11:57 . drwxr-xr-x 8 root root 3864 May 7 21:00 .. drwxrwxr-x 2 root domain admins 3864 Sep 26 11:57 test -rwxrw-r-- 1 root domain admins 0 Sep 26 12:03 test.txt You're using it wrong. force create mode is in minimal set of bits you'll get on a create. You're getting those. You want to add create mask to remove the bits you don't want. Remember also that the client can always come along after create and change the mode bits also. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.15 Not honouring create mode
On 09/26/2013 01:18 PM, Jeremy Allison wrote: On Thu, Sep 26, 2013 at 12:08:39PM -0500, Taylor, Jonn wrote: Using samba 3 as cluster share for many years now and we now need to for the create mode on files. This seems to not be working in3.6.15. [share] comment = Share Data path = /clustershare/share force user = root force group = Domain Admins read only = No force create mode = 660 force directory mode = 770 vfs objects = recycle recycle:directory_mode = 770 recycle:versions = yes recycle:keeptree = yes recycle:noversions = *.doc|*.xls|*.ppt recycle:excludedir = /tmp|/temp|/cache recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|~*.tmp recycle:repository = .recycle After a file or directory is created this is what I get. drwxrwx--- 28 root domain admins 2048 Sep 26 11:57 . drwxr-xr-x 8 root root 3864 May 7 21:00 .. drwxrwxr-x 2 root domain admins 3864 Sep 26 11:57 test -rwxrw-r-- 1 root domain admins 0 Sep 26 12:03 test.txt You're using it wrong. force create mode is in minimal set of bits you'll get on a create. You're getting those. You want to add create mask to remove the bits you don't want. Remember also that the client can always come along after create and change the mode bits also. Jeremy. Thanks, that fixed it. create mask = 0660 directory mask = 0770 Jonn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 4.0.9 Build Error
Hi there, I tried to build samba 4.0.9 on a Debian Wheezy 7.1 x86 fresh install and got this error: [2717/3935] Compiling source3/smbd/scavenger.c ../source3/smbd/scavenger.c: In function ‘scavenger_timer’: ../source3/smbd/scavenger.c:482:3: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘uint64_t’ [-Werror=format] ../source3/smbd/scavenger.c:490:3: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘uint64_t’ [-Werror=format] cc1: some warnings being treated as errors Waf: Leaving directory `/root/samba-4.0.9/bin' Build failed: - task failed (err #1): {task: cc scavenger.c - scavenger_92.o} make: *** [all] Fehler 1 Never got this befor. Is there something I can do? I need a samba4 on this machine. Thanks and best regards Tom -- Thomas Zeitinger Kundenbetreuung IT-Quadrat EDV Dienstleistungs- und Handels GmbH Krongasse 8/2 A-1050 Wien Tel: +43 (1) 311 44 00 - 10 Fax: +43 (1) 311 44 00 - 90 thomas.zeitin...@it2.at www.it2.at FN 287345t UID ATU63123113 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-tool join domain fails
Anyone? This is from log-level 10: code root@samba-dc1:/# samba-tool domain join intranet.DOMAIN.de DC -Uintranet/admin --realm=intranet.DOMAIN.de INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 pm_process() returned Yes GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered added interface eth0 ip=192.168.200.210 bcast=192.168.200.255 netmask=255.255.255.0 added interface eth0 ip=192.168.200.210 bcast=192.168.200.255 netmask=255.255.255.0 added interface eth0 ip=192.168.200.210 bcast=192.168.200.255 netmask=255.255.255.0 added interface eth0 ip=192.168.200.210 bcast=192.168.200.255 netmask=255.255.255.0 Finding a writeable DC for domain 'intranet.DOMAIN.de' added interface eth0 ip=192.168.200.210 bcast=192.168.200.255 netmask=255.255.255.0 added interface eth0 ip=192.168.200.210 bcast=192.168.200.255 netmask=255.255.255.0 finddcs: searching for a DC by DNS domain intranet.DOMAIN.de finddcs: looking for SRV records for _ldap._tcp.intranet.DOMAIN.de ads_dns_lookup_srv: 2 records returned in the answer section. ads_dns_parse_rr_srv: Parsed wi-pas04.intranet.DOMAIN.de [0, 100, 389] ads_dns_parse_rr_srv: Parsed wi-pas01.intranet.DOMAIN.de [0, 100, 389] finddcs: DNS SRV response 0 at '192.168.200.14' finddcs: DNS SRV response 1 at '10.8.0.1' finddcs: DNS SRV response 2 at '192.168.200.10' finddcs: performing CLDAP query on 192.168.200.14 response-data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x (0) server_type : 0x01fc (508) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : d4836b14-2bf0-4c30-812a-aa7113035d1e forest : 'intranet.DOMAIN.de' dns_domain : 'intranet.DOMAIN.de' pdc_dns_name : 'wi-pas04.intranet.DOMAIN.de' domain_name : 'INTRANET' pdc_name : 'WI-PAS04' user_name: '' server_site : 'Standardname-des-ersten-Standorts' client_site : 'Standardname-des-ersten-Standorts' sockaddr_size: 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x (0) pdc_ip : (null) remaining: DATA_BLOB length=0 next_closest_site: NULL nt_version : 0x0005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0x (65535) lm20_token : 0x (65535) finddcs: Found matching DC 192.168.200.14 with server_type=0x01fc Found DC wi-pas04.intranet.DOMAIN.de Security token SIDs (1): SID[ 0]: S-1-5-18 Privileges (0x): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege
Re: [Samba] samba-tool join domain fails
On 25/09/13 12:37, Axel wrote: Anyone? This is from log-level 10: code root@samba-dc1:/# samba-tool domain join intranet.DOMAIN.de DC -Uintranet/admin --realm=intranet.DOMAIN.de INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 pm_process() returned Yes GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered added interface eth0 ip=192.168.200.210 bcast=192.168.200.255 netmask=255.255.255.0 added interface eth0 ip=192.168.200.210 bcast=192.168.200.255 netmask=255.255.255.0 added interface eth0 ip=192.168.200.210 bcast=192.168.200.255 netmask=255.255.255.0 added interface eth0 ip=192.168.200.210 bcast=192.168.200.255 netmask=255.255.255.0 Finding a writeable DC for domain 'intranet.DOMAIN.de' added interface eth0 ip=192.168.200.210 bcast=192.168.200.255 netmask=255.255.255.0 added interface eth0 ip=192.168.200.210 bcast=192.168.200.255 netmask=255.255.255.0 finddcs: searching for a DC by DNS domain intranet.DOMAIN.de finddcs: looking for SRV records for _ldap._tcp.intranet.DOMAIN.de ads_dns_lookup_srv: 2 records returned in the answer section. ads_dns_parse_rr_srv: Parsed wi-pas04.intranet.DOMAIN.de [0, 100, 389] ads_dns_parse_rr_srv: Parsed wi-pas01.intranet.DOMAIN.de [0, 100, 389] finddcs: DNS SRV response 0 at '192.168.200.14' finddcs: DNS SRV response 1 at '10.8.0.1' finddcs: DNS SRV response 2 at '192.168.200.10' finddcs: performing CLDAP query on 192.168.200.14 response-data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x (0) server_type : 0x01fc (508) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : d4836b14-2bf0-4c30-812a-aa7113035d1e forest : 'intranet.DOMAIN.de' dns_domain : 'intranet.DOMAIN.de' pdc_dns_name : 'wi-pas04.intranet.DOMAIN.de' domain_name : 'INTRANET' pdc_name : 'WI-PAS04' user_name: '' server_site : 'Standardname-des-ersten-Standorts' client_site : 'Standardname-des-ersten-Standorts' sockaddr_size: 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x (0) pdc_ip : (null) remaining: DATA_BLOB length=0 next_closest_site: NULL nt_version : 0x0005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0x (65535) lm20_token : 0x (65535) finddcs: Found matching DC 192.168.200.14 with server_type=0x01fc Found DC wi-pas04.intranet.DOMAIN.de Security token SIDs (1): SID[ 0]: S-1-5-18 Privileges (0x): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]:
Re: [Samba] samba-tool join domain fails
Of course, Rowland Penny schrieb: On 25/09/13 12:37, Axel wrote: Anyone? Join failed - cleaning up checking sAMAccountName ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1104, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1007, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 499, in join_add_objects ctx.samdb.add(rec) /code It seems to be, that all prerequisites fine. DNS, ACL etc., ping works fine... also resolutions of fqdn's Can someone help? Thanks Cheers axel Well I think this: ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 says it all. Does user intranet/admin exist and if so, do they have the right to add a machine to the domain, also have you tried replacing intranet/admin with Administrator? Rowland as i said in my first mail, that is THE Domain Administrator (renamed in my environment to admin). This admin has all rights to this domain since 2005 :) Same problem with another Domain-Administrator Account. I've also tried with Administrator like you suggested. Same issue... Thanks to your reply, axel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4.0.9 Build Error
On 9/25/2013 4:00 AM, Thomas Zeitinger wrote: Hi there, I tried to build samba 4.0.9 on a Debian Wheezy 7.1 x86 fresh install and got this error: [2717/3935] Compiling source3/smbd/scavenger.c ../source3/smbd/scavenger.c: In function ‘scavenger_timer’: ../source3/smbd/scavenger.c:482:3: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘uint64_t’ [-Werror=format] ../source3/smbd/scavenger.c:490:3: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘uint64_t’ [-Werror=format] cc1: some warnings being treated as errors Waf: Leaving directory `/root/samba-4.0.9/bin' Build failed: - task failed (err #1): {task: cc scavenger.c - scavenger_92.o} make: *** [all] Fehler 1 Never got this befor. Is there something I can do? I need a samba4 on this machine. Maybe try the sernet samba4 packages? They have a DEB for wheezy. http://enterprisesamba.com/ You have to register, but the package downloads are free and they support apt-get. I use the sernet packages for CentOS6 with no issues. (I built samba 4.0.6 on CentOS 6 earlier this year, now we just use the sernet packages. It's easier.) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4.0.9 Build Error
Hi Thomas, On 2013-09-25 14:19, Thomas Harold wrote: On 9/25/2013 4:00 AM, Thomas Zeitinger wrote: [...] Maybe try the sernet samba4 packages? They have a DEB for wheezy. http://enterprisesamba.com/ You have to register, but the package downloads are free and they support apt-get. I use the sernet packages for CentOS6 with no issues. (I built samba 4.0.6 on CentOS 6 earlier this year, now we just use the sernet packages. It's easier.) Thanks for the hint, but this is no option. We build already a few instances from source and I don't want to mix the installations. Best regards -- Thomas Zeitinger Kundenbetreuung IT-Quadrat EDV Dienstleistungs- und Handels GmbH Krongasse 8/2 A-1050 Wien Tel: +43 (1) 311 44 00 - 10 Fax: +43 (1) 311 44 00 - 90 thomas.zeitin...@it2.at www.it2.at FN 287345t UID ATU63123113 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-tool join domain fails
On 9/23/2013 12:17 PM, Axel wrote: Hi folks, big problem with my testint environment... my windows 2003-domain exists since 2004 and the credentials are correct, guaranteed. This problem is actually same on Ubuntu 12.04.3 and Debian 7... (I just added Samba4 to an existing Windows 2003 Active Directory domain this morning. So I'm in a similar situation, but my setup worked flawlessly.) Were you able to do: # kinit administrator - Try it with a wrong password, see if it gives the correct error message of kinit: Preauthentication failed while getting initial credentials - Successful kinit outputs nothing If that test doesn't work, then I'd suspect issues in your /etc/krb5.conf file. https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Getting_ready_for_joining_Samba_as_a_DC_to_an_existing_domain -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-tool join domain fails
On 25/09/13 13:18, Axel wrote: Of course, Rowland Penny schrieb: On 25/09/13 12:37, Axel wrote: Anyone? Join failed - cleaning up checking sAMAccountName ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1104, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1007, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 499, in join_add_objects ctx.samdb.add(rec) /code It seems to be, that all prerequisites fine. DNS, ACL etc., ping works fine... also resolutions of fqdn's Can someone help? Thanks Cheers axel Well I think this: ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 says it all. Does user intranet/admin exist and if so, do they have the right to add a machine to the domain, also have you tried replacing intranet/admin with Administrator? Rowland as i said in my first mail, that is THE Domain Administrator (renamed in my environment to admin). This admin has all rights to this domain since 2005 :) Same problem with another Domain-Administrator Account. I've also tried with Administrator like you suggested. Same issue... Thanks to your reply, axel OK, I did this yesterday, but with a samba4 DC joining to another samba4 DC, try this: kinit admin /usr/local/samba/bin/samba-tool domain join intranet.domain.de DC -Uadmin --realm=intranet.domain.de Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4.0.9 Build Error
On Wed, Sep 25, 2013 at 10:00:02AM +0200, Thomas Zeitinger wrote: Hi there, I tried to build samba 4.0.9 on a Debian Wheezy 7.1 x86 fresh install and got this error: [2717/3935] Compiling source3/smbd/scavenger.c ../source3/smbd/scavenger.c: In function ‘scavenger_timer’: ../source3/smbd/scavenger.c:482:3: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘uint64_t’ [-Werror=format] ../source3/smbd/scavenger.c:490:3: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘uint64_t’ [-Werror=format] cc1: some warnings being treated as errors Waf: Leaving directory `/root/samba-4.0.9/bin' Build failed: - task failed (err #1): {task: cc scavenger.c - scavenger_92.o} make: *** [all] Fehler 1 Never got this befor. Is there something I can do? I need a samba4 on this machine. Does the attached patch help? If it does, please open a bug at bugzilla.samba.org and attach it, so that it will get fixed in the next Samba release. Thanks, Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de * visit us on it-sa:IT security exhibitions in Nürnberg, Germany October 8th - 10th 2013, hall 12, booth 333 free tickets available via code 270691 on: www.it-sa.de/gutschein ** From a075eb64952d58749660a87049bb7e3d326c5968 Mon Sep 17 00:00:00 2001 From: Volker Lendecke v...@samba.org Date: Wed, 25 Sep 2013 06:24:19 -0700 Subject: [PATCH] smbd: Fix a 64-bit warning --- source3/smbd/scavenger.c |8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/smbd/scavenger.c b/source3/smbd/scavenger.c index fe4e56e..0ca18c8 100644 --- a/source3/smbd/scavenger.c +++ b/source3/smbd/scavenger.c @@ -480,16 +480,16 @@ static void scavenger_timer(struct tevent_context *ev, ctx-msg.open_persistent_id); if (!ok) { DEBUG(2, (Failed to cleanup share modes and byte range locks - for file %s open %lu\n, + for file %s open %llu\n, file_id_string_tos(ctx-msg.file_id), - ctx-msg.open_persistent_id)); + (unsigned long long)ctx-msg.open_persistent_id)); } status = smbXsrv_open_cleanup(ctx-msg.open_persistent_id); if (!NT_STATUS_IS_OK(status)) { - DEBUG(2, (Failed to cleanup open global for file %s open %lu: + DEBUG(2, (Failed to cleanup open global for file %s open %llu: %s\n, file_id_string_tos(ctx-msg.file_id), - ctx-msg.open_persistent_id, nt_errstr(status))); + (unsigned long long)ctx-msg.open_persistent_id, nt_errstr(status))); } } -- 1.7.9.5 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-tool join domain fails
Yes, this works all the time: root@samba-dc1:~# kinit admin ad...@intranet.domain.de's Password: root@samba-dc1:~# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: ad...@intranet.domain.de IssuedExpires Principal Sep 25 15:31:44 2013 Sep 26 01:31:42 2013 krbtgt/intranet.domain...@intranet.domain.de root@samba-dc1:~# The Security-Monitor on Windows 2003 DC told me (in german): Ereignistyp:Erfolgsüberw. Ereignisquelle:Security Ereigniskategorie:Verzeichnisdienstzugriff Ereigniskennung:566 Datum:25.09.2013 Zeit:15:35:28 Benutzer:INTRANET\admin Computer:WI-PAS01 Beschreibung: Objektvorgang: Objektserver:DS VorgangstypObject Access Objekttyp:organizationalUnit Objektname:OU=Domain Controllers,DC=intranet,DC=domain,DC=de Handlekennung:- Primärer Benutzername:WI-PAS01$ Primäre Domäne:INTRANET Primäre Anmeldekennung:(0x0,0x3E7) Clientbenutzername:admin Clientdomäne:INTRANET Clientanmeldekennung:(0x0,0x5B2D755F) ZugriffeUntergeordnetes Objekt erzeugen Eigenschaften: Untergeordnetes Objekt erzeugen computer Weitere Info:CN=SAMBA-DC1,OU=Domain Controllers,DC=intranet,DC=domain,DC=de Weitere Info2:%{34f6dfb0-e508-4124-a996-d80843a31445} Zugriffsmaske:0x1 and: Ereignistyp:Erfolgsüberw. Ereignisquelle:Security Ereigniskategorie:An-/Abmeldung Ereigniskennung:540 Datum:25.09.2013 Zeit:15:35:28 Benutzer:INTRANET\admin Computer:WI-PAS01 Beschreibung: Erfolgreiche Netzwerkanmeldung: Benutzername:admin Domäne:INTRANET Anmeldekennung:(0x0,0x5B2D755F) Anmeldetyp:3 Anmeldevorgang:Kerberos Authentifizierungspaket:Kerberos Arbeitsstationsname: Anmelde-GUID:{05cd8dd6-7c8b-c9ee-d237-3c482ca39c89} Aufruferbenutzername:- Aufruferdomäne:- Aufruferanmeldekennung:- Aufruferprozesskennung: - Übertragene Dienste: - Quellnetzwerkadresse:192.168.200.210 Quellport:43028 Login from samba-dc1.intranet.domain.de and IP 192.168.200.210 works. NO insufficient user rights! Another test - copying SYSVOL - works too: smbclient -U admin //wi-pas01/SYSVOL -c 'prompt;recurse;mget intranet.domain.de' That's all... Rowland Penny schrieb: On 25/09/13 13:18, Axel wrote: Of course, Rowland Penny schrieb: On 25/09/13 12:37, Axel wrote: Anyone? Join failed - cleaning up checking sAMAccountName ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1104, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1007, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 499, in join_add_objects ctx.samdb.add(rec) /code It seems to be, that all prerequisites fine. DNS, ACL etc., ping works fine... also resolutions of fqdn's Can someone help? Thanks Cheers axel Well I think this: ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 says it all. Does user intranet/admin exist and if so, do they have the right to add a machine to the domain, also have you tried replacing intranet/admin with Administrator? Rowland as i said in my first mail, that is THE Domain Administrator (renamed in my environment to admin). This admin has all rights to this domain since 2005 :) Same problem with another Domain-Administrator Account. I've also tried with Administrator like you suggested. Same issue... Thanks to your reply, axel OK, I did this yesterday, but with a samba4 DC joining to another samba4 DC, try this: kinit admin /usr/local/samba/bin/samba-tool domain join intranet.domain.de DC -Uadmin --realm=intranet.domain.de Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-tool join domain fails
On 25/09/13 14:43, Axel wrote: Yes, this works all the time: root@samba-dc1:~# kinit admin ad...@intranet.domain.de's Password: root@samba-dc1:~# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: ad...@intranet.domain.de IssuedExpires Principal Sep 25 15:31:44 2013 Sep 26 01:31:42 2013 krbtgt/intranet.domain...@intranet.domain.de root@samba-dc1:~# The Security-Monitor on Windows 2003 DC told me (in german): Ereignistyp:Erfolgsüberw. Ereignisquelle:Security Ereigniskategorie:Verzeichnisdienstzugriff Ereigniskennung:566 Datum:25.09.2013 Zeit:15:35:28 Benutzer:INTRANET\admin Computer:WI-PAS01 Beschreibung: Objektvorgang: Objektserver:DS VorgangstypObject Access Objekttyp:organizationalUnit Objektname:OU=Domain Controllers,DC=intranet,DC=domain,DC=de Handlekennung:- Primärer Benutzername:WI-PAS01$ Primäre Domäne:INTRANET Primäre Anmeldekennung:(0x0,0x3E7) Clientbenutzername:admin Clientdomäne:INTRANET Clientanmeldekennung:(0x0,0x5B2D755F) ZugriffeUntergeordnetes Objekt erzeugen Eigenschaften: Untergeordnetes Objekt erzeugen computer Weitere Info:CN=SAMBA-DC1,OU=Domain Controllers,DC=intranet,DC=domain,DC=de Weitere Info2:%{34f6dfb0-e508-4124-a996-d80843a31445} Zugriffsmaske:0x1 and: Ereignistyp:Erfolgsüberw. Ereignisquelle:Security Ereigniskategorie:An-/Abmeldung Ereigniskennung:540 Datum:25.09.2013 Zeit:15:35:28 Benutzer:INTRANET\admin Computer:WI-PAS01 Beschreibung: Erfolgreiche Netzwerkanmeldung: Benutzername:admin Domäne:INTRANET Anmeldekennung:(0x0,0x5B2D755F) Anmeldetyp:3 Anmeldevorgang:Kerberos Authentifizierungspaket:Kerberos Arbeitsstationsname: Anmelde-GUID:{05cd8dd6-7c8b-c9ee-d237-3c482ca39c89} Aufruferbenutzername:- Aufruferdomäne:- Aufruferanmeldekennung:- Aufruferprozesskennung: - Übertragene Dienste: - Quellnetzwerkadresse:192.168.200.210 Quellport:43028 Login from samba-dc1.intranet.domain.de and IP 192.168.200.210 works. NO insufficient user rights! Another test - copying SYSVOL - works too: smbclient -U admin //wi-pas01/SYSVOL -c 'prompt;recurse;mget intranet.domain.de' That's all... Rowland Penny schrieb: On 25/09/13 13:18, Axel wrote: Of course, Rowland Penny schrieb: On 25/09/13 12:37, Axel wrote: Anyone? Join failed - cleaning up checking sAMAccountName ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1104, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1007, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 499, in join_add_objects ctx.samdb.add(rec) /code It seems to be, that all prerequisites fine. DNS, ACL etc., ping works fine... also resolutions of fqdn's Can someone help? Thanks Cheers axel Well I think this: ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 says it all. Does user intranet/admin exist and if so, do they have the right to add a machine to the domain, also have you tried replacing intranet/admin with Administrator? Rowland as i said in my first mail, that is THE Domain Administrator (renamed in my environment to admin). This admin has all rights to this domain since 2005 :) Same problem with another Domain-Administrator Account. I've also tried with Administrator like you suggested. Same issue... Thanks to your reply, axel OK, I did this yesterday, but with a samba4 DC joining to another samba4 DC, try this: kinit admin /usr/local/samba/bin/samba-tool domain join intranet.domain.de DC -Uadmin --realm=intranet.domain.de Rowland Yes, admin can log into the servers, but does he have the right to add workstations to the domain? Also was Administrator renamed or was a new user called admin created? Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-tool join domain fails
Rowland Penny schrieb: On 25/09/13 14:43, Axel wrote: Yes, this works all the time: root@samba-dc1:~# kinit admin ad...@intranet.domain.de's Password: root@samba-dc1:~# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: ad...@intranet.domain.de IssuedExpires Principal Sep 25 15:31:44 2013 Sep 26 01:31:42 2013 krbtgt/intranet.domain...@intranet.domain.de root@samba-dc1:~# The Security-Monitor on Windows 2003 DC told me (in german): Ereignistyp:Erfolgsüberw. Ereignisquelle:Security Ereigniskategorie:Verzeichnisdienstzugriff Ereigniskennung:566 Datum:25.09.2013 Zeit:15:35:28 Benutzer:INTRANET\admin Computer:WI-PAS01 Beschreibung: Objektvorgang: Objektserver:DS VorgangstypObject Access Objekttyp:organizationalUnit Objektname:OU=Domain Controllers,DC=intranet,DC=domain,DC=de Handlekennung:- Primärer Benutzername:WI-PAS01$ Primäre Domäne:INTRANET Primäre Anmeldekennung:(0x0,0x3E7) Clientbenutzername:admin Clientdomäne:INTRANET Clientanmeldekennung:(0x0,0x5B2D755F) ZugriffeUntergeordnetes Objekt erzeugen Eigenschaften: Untergeordnetes Objekt erzeugen computer Weitere Info:CN=SAMBA-DC1,OU=Domain Controllers,DC=intranet,DC=domain,DC=de Weitere Info2:%{34f6dfb0-e508-4124-a996-d80843a31445} Zugriffsmaske:0x1 and: Ereignistyp:Erfolgsüberw. Ereignisquelle:Security Ereigniskategorie:An-/Abmeldung Ereigniskennung:540 Datum:25.09.2013 Zeit:15:35:28 Benutzer:INTRANET\admin Computer:WI-PAS01 Beschreibung: Erfolgreiche Netzwerkanmeldung: Benutzername:admin Domäne:INTRANET Anmeldekennung:(0x0,0x5B2D755F) Anmeldetyp:3 Anmeldevorgang:Kerberos Authentifizierungspaket:Kerberos Arbeitsstationsname: Anmelde-GUID:{05cd8dd6-7c8b-c9ee-d237-3c482ca39c89} Aufruferbenutzername:- Aufruferdomäne:- Aufruferanmeldekennung:- Aufruferprozesskennung: - Übertragene Dienste: - Quellnetzwerkadresse:192.168.200.210 Quellport:43028 Login from samba-dc1.intranet.domain.de and IP 192.168.200.210 works. NO insufficient user rights! Another test - copying SYSVOL - works too: smbclient -U admin //wi-pas01/SYSVOL -c 'prompt;recurse;mget intranet.domain.de' That's all... Rowland Penny schrieb: On 25/09/13 13:18, Axel wrote: Of course, Rowland Penny schrieb: On 25/09/13 12:37, Axel wrote: Anyone? Join failed - cleaning up checking sAMAccountName ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1104, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1007, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 499, in join_add_objects ctx.samdb.add(rec) /code It seems to be, that all prerequisites fine. DNS, ACL etc., ping works fine... also resolutions of fqdn's Can someone help? Thanks Cheers axel Well I think this: ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 says it all. Does user intranet/admin exist and if so, do they have the right to add a machine to the domain, also have you tried replacing intranet/admin with Administrator? Rowland as i said in my first mail, that is THE Domain Administrator (renamed in my environment to admin). This admin has all rights to this domain since 2005 :) Same problem with another Domain-Administrator Account. I've also tried with Administrator like you suggested. Same issue... Thanks to your reply, axel OK, I did this yesterday, but with a samba4 DC joining to another samba4 DC, try this: kinit admin /usr/local/samba/bin/samba-tool domain join intranet.domain.de DC -Uadmin --realm=intranet.domain.de Rowland Yes, admin can log into the servers, but does he have the right to add workstations to the domain? Also was Administrator renamed or was a new user called admin created? Rowland Like i said, admin ist the main domain-administrator and has all rights to this domain. He wasn't created new, just renamed. Axel -- To unsubscribe from this list go to the following URL and read the instructions:
Re: [Samba] samba-tool join domain fails
On 25/09/13 15:36, Axel wrote: Rowland Penny schrieb: On 25/09/13 14:43, Axel wrote: Yes, this works all the time: root@samba-dc1:~# kinit admin ad...@intranet.domain.de's Password: root@samba-dc1:~# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: ad...@intranet.domain.de IssuedExpires Principal Sep 25 15:31:44 2013 Sep 26 01:31:42 2013 krbtgt/intranet.domain...@intranet.domain.de root@samba-dc1:~# The Security-Monitor on Windows 2003 DC told me (in german): Ereignistyp:Erfolgsüberw. Ereignisquelle:Security Ereigniskategorie:Verzeichnisdienstzugriff Ereigniskennung:566 Datum:25.09.2013 Zeit:15:35:28 Benutzer:INTRANET\admin Computer:WI-PAS01 Beschreibung: Objektvorgang: Objektserver:DS VorgangstypObject Access Objekttyp:organizationalUnit Objektname:OU=Domain Controllers,DC=intranet,DC=domain,DC=de Handlekennung:- Primärer Benutzername:WI-PAS01$ Primäre Domäne:INTRANET Primäre Anmeldekennung:(0x0,0x3E7) Clientbenutzername:admin Clientdomäne:INTRANET Clientanmeldekennung:(0x0,0x5B2D755F) ZugriffeUntergeordnetes Objekt erzeugen Eigenschaften: Untergeordnetes Objekt erzeugen computer Weitere Info:CN=SAMBA-DC1,OU=Domain Controllers,DC=intranet,DC=domain,DC=de Weitere Info2:%{34f6dfb0-e508-4124-a996-d80843a31445} Zugriffsmaske:0x1 and: Ereignistyp:Erfolgsüberw. Ereignisquelle:Security Ereigniskategorie:An-/Abmeldung Ereigniskennung:540 Datum:25.09.2013 Zeit:15:35:28 Benutzer:INTRANET\admin Computer:WI-PAS01 Beschreibung: Erfolgreiche Netzwerkanmeldung: Benutzername:admin Domäne:INTRANET Anmeldekennung:(0x0,0x5B2D755F) Anmeldetyp:3 Anmeldevorgang:Kerberos Authentifizierungspaket:Kerberos Arbeitsstationsname: Anmelde-GUID:{05cd8dd6-7c8b-c9ee-d237-3c482ca39c89} Aufruferbenutzername:- Aufruferdomäne:- Aufruferanmeldekennung:- Aufruferprozesskennung: - Übertragene Dienste: - Quellnetzwerkadresse:192.168.200.210 Quellport:43028 Login from samba-dc1.intranet.domain.de and IP 192.168.200.210 works. NO insufficient user rights! Another test - copying SYSVOL - works too: smbclient -U admin //wi-pas01/SYSVOL -c 'prompt;recurse;mget intranet.domain.de' That's all... Rowland Penny schrieb: On 25/09/13 13:18, Axel wrote: Of course, Rowland Penny schrieb: On 25/09/13 12:37, Axel wrote: Anyone? Join failed - cleaning up checking sAMAccountName ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1104, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1007, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 499, in join_add_objects ctx.samdb.add(rec) /code It seems to be, that all prerequisites fine. DNS, ACL etc., ping works fine... also resolutions of fqdn's Can someone help? Thanks Cheers axel Well I think this: ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 says it all. Does user intranet/admin exist and if so, do they have the right to add a machine to the domain, also have you tried replacing intranet/admin with Administrator? Rowland as i said in my first mail, that is THE Domain Administrator (renamed in my environment to admin). This admin has all rights to this domain since 2005 :) Same problem with another Domain-Administrator Account. I've also tried with Administrator like you suggested. Same issue... Thanks to your reply, axel OK, I did this yesterday, but with a samba4 DC joining to another samba4 DC, try this: kinit admin /usr/local/samba/bin/samba-tool domain join intranet.domain.de DC -Uadmin --realm=intranet.domain.de Rowland Yes, admin can log into the servers, but does he have the right to add workstations to the domain? Also was Administrator renamed or was a new user called admin created? Rowland Like i said, admin ist the main domain-administrator and has all rights to this domain. He wasn't created new, just renamed. Axel Well if admin has all the required rights, I wonder if it is a problem with access rights to
Re: [Samba] samba-tool join domain fails
Rowland Penny schrieb: On 25/09/13 15:36, Axel wrote: Rowland Penny schrieb: On 25/09/13 14:43, Axel wrote: Yes, this works all the time: root@samba-dc1:~# kinit admin ad...@intranet.domain.de's Password: root@samba-dc1:~# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: ad...@intranet.domain.de IssuedExpires Principal Sep 25 15:31:44 2013 Sep 26 01:31:42 2013 krbtgt/intranet.domain...@intranet.domain.de root@samba-dc1:~# The Security-Monitor on Windows 2003 DC told me (in german): Ereignistyp:Erfolgsüberw. Ereignisquelle:Security Ereigniskategorie:Verzeichnisdienstzugriff Ereigniskennung:566 Datum:25.09.2013 Zeit:15:35:28 Benutzer:INTRANET\admin Computer:WI-PAS01 Beschreibung: Objektvorgang: Objektserver:DS VorgangstypObject Access Objekttyp:organizationalUnit Objektname:OU=Domain Controllers,DC=intranet,DC=domain,DC=de Handlekennung:- Primärer Benutzername:WI-PAS01$ Primäre Domäne:INTRANET Primäre Anmeldekennung:(0x0,0x3E7) Clientbenutzername:admin Clientdomäne:INTRANET Clientanmeldekennung:(0x0,0x5B2D755F) ZugriffeUntergeordnetes Objekt erzeugen Eigenschaften: Untergeordnetes Objekt erzeugen computer Weitere Info:CN=SAMBA-DC1,OU=Domain Controllers,DC=intranet,DC=domain,DC=de Weitere Info2:%{34f6dfb0-e508-4124-a996-d80843a31445} Zugriffsmaske:0x1 and: Ereignistyp:Erfolgsüberw. Ereignisquelle:Security Ereigniskategorie:An-/Abmeldung Ereigniskennung:540 Datum:25.09.2013 Zeit:15:35:28 Benutzer:INTRANET\admin Computer:WI-PAS01 Beschreibung: Erfolgreiche Netzwerkanmeldung: Benutzername:admin Domäne:INTRANET Anmeldekennung:(0x0,0x5B2D755F) Anmeldetyp:3 Anmeldevorgang:Kerberos Authentifizierungspaket:Kerberos Arbeitsstationsname: Anmelde-GUID:{05cd8dd6-7c8b-c9ee-d237-3c482ca39c89} Aufruferbenutzername:- Aufruferdomäne:- Aufruferanmeldekennung:- Aufruferprozesskennung: - Übertragene Dienste: - Quellnetzwerkadresse:192.168.200.210 Quellport:43028 Login from samba-dc1.intranet.domain.de and IP 192.168.200.210 works. NO insufficient user rights! Another test - copying SYSVOL - works too: smbclient -U admin //wi-pas01/SYSVOL -c 'prompt;recurse;mget intranet.domain.de' That's all... Rowland Penny schrieb: On 25/09/13 13:18, Axel wrote: Of course, Rowland Penny schrieb: On 25/09/13 12:37, Axel wrote: Anyone? Join failed - cleaning up checking sAMAccountName ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1104, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1007, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 499, in join_add_objects ctx.samdb.add(rec) /code It seems to be, that all prerequisites fine. DNS, ACL etc., ping works fine... also resolutions of fqdn's Can someone help? Thanks Cheers axel Well I think this: ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 says it all. Does user intranet/admin exist and if so, do they have the right to add a machine to the domain, also have you tried replacing intranet/admin with Administrator? Rowland as i said in my first mail, that is THE Domain Administrator (renamed in my environment to admin). This admin has all rights to this domain since 2005 :) Same problem with another Domain-Administrator Account. I've also tried with Administrator like you suggested. Same issue... Thanks to your reply, axel OK, I did this yesterday, but with a samba4 DC joining to another samba4 DC, try this: kinit admin /usr/local/samba/bin/samba-tool domain join intranet.domain.de DC -Uadmin --realm=intranet.domain.de Rowland Yes, admin can log into the servers, but does he have the right to add workstations to the domain? Also was Administrator renamed or was a new user called admin created? Rowland Like i said, admin ist the main domain-administrator and has all rights to this domain. He wasn't created new, just renamed. Axel Well if admin has all the required rights, I wonder if it is a problem
Re: [Samba] samba-tool join domain fails
On 25/09/13 16:57, Axel wrote: Rowland Penny schrieb: On 25/09/13 15:36, Axel wrote: Rowland Penny schrieb: On 25/09/13 14:43, Axel wrote: Yes, this works all the time: root@samba-dc1:~# kinit admin ad...@intranet.domain.de's Password: root@samba-dc1:~# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: ad...@intranet.domain.de IssuedExpires Principal Sep 25 15:31:44 2013 Sep 26 01:31:42 2013 krbtgt/intranet.domain...@intranet.domain.de root@samba-dc1:~# The Security-Monitor on Windows 2003 DC told me (in german): Ereignistyp:Erfolgsüberw. Ereignisquelle:Security Ereigniskategorie:Verzeichnisdienstzugriff Ereigniskennung:566 Datum:25.09.2013 Zeit:15:35:28 Benutzer:INTRANET\admin Computer:WI-PAS01 Beschreibung: Objektvorgang: Objektserver:DS VorgangstypObject Access Objekttyp:organizationalUnit Objektname:OU=Domain Controllers,DC=intranet,DC=domain,DC=de Handlekennung:- Primärer Benutzername:WI-PAS01$ Primäre Domäne:INTRANET Primäre Anmeldekennung:(0x0,0x3E7) Clientbenutzername:admin Clientdomäne:INTRANET Clientanmeldekennung:(0x0,0x5B2D755F) ZugriffeUntergeordnetes Objekt erzeugen Eigenschaften: Untergeordnetes Objekt erzeugen computer Weitere Info:CN=SAMBA-DC1,OU=Domain Controllers,DC=intranet,DC=domain,DC=de Weitere Info2: %{34f6dfb0-e508-4124-a996-d80843a31445} Zugriffsmaske:0x1 and: Ereignistyp:Erfolgsüberw. Ereignisquelle:Security Ereigniskategorie:An-/Abmeldung Ereigniskennung:540 Datum:25.09.2013 Zeit:15:35:28 Benutzer:INTRANET\admin Computer:WI-PAS01 Beschreibung: Erfolgreiche Netzwerkanmeldung: Benutzername:admin Domäne:INTRANET Anmeldekennung:(0x0,0x5B2D755F) Anmeldetyp:3 Anmeldevorgang:Kerberos Authentifizierungspaket:Kerberos Arbeitsstationsname: Anmelde-GUID: {05cd8dd6-7c8b-c9ee-d237-3c482ca39c89} Aufruferbenutzername:- Aufruferdomäne:- Aufruferanmeldekennung:- Aufruferprozesskennung: - Übertragene Dienste: - Quellnetzwerkadresse:192.168.200.210 Quellport:43028 Login from samba-dc1.intranet.domain.de and IP 192.168.200.210 works. NO insufficient user rights! Another test - copying SYSVOL - works too: smbclient -U admin //wi-pas01/SYSVOL -c 'prompt;recurse;mget intranet.domain.de' That's all... Rowland Penny schrieb: On 25/09/13 13:18, Axel wrote: Of course, Rowland Penny schrieb: On 25/09/13 12:37, Axel wrote: Anyone? Join failed - cleaning up checking sAMAccountName ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1104, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1007, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 499, in join_add_objects ctx.samdb.add(rec) /code It seems to be, that all prerequisites fine. DNS, ACL etc., ping works fine... also resolutions of fqdn's Can someone help? Thanks Cheers axel Well I think this: ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 says it all. Does user intranet/admin exist and if so, do they have the right to add a machine to the domain, also have you tried replacing intranet/admin with Administrator? Rowland as i said in my first mail, that is THE Domain Administrator (renamed in my environment to admin). This admin has all rights to this domain since 2005 :) Same problem with another Domain-Administrator Account. I've also tried with Administrator like you suggested. Same issue... Thanks to your reply, axel OK, I did this yesterday, but with a samba4 DC joining to another samba4 DC, try this: kinit admin /usr/local/samba/bin/samba-tool domain join intranet.domain.de DC -Uadmin --realm=intranet.domain.de Rowland Yes, admin can log into the servers, but does he have the right to add workstations to the domain? Also was Administrator renamed or was a new user called admin created? Rowland Like i said, admin ist the main domain-administrator and has all rights to this domain. He wasn't created new, just renamed. Axel Well if admin has all the required rights, I
Re: [Samba] samba-tool join domain fails
Rowland Penny schrieb: On 25/09/13 16:57, Axel wrote: Rowland Penny schrieb: On 25/09/13 15:36, Axel wrote: Rowland Penny schrieb: On 25/09/13 14:43, Axel wrote: Yes, this works all the time: root@samba-dc1:~# kinit admin ad...@intranet.domain.de's Password: root@samba-dc1:~# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: ad...@intranet.domain.de IssuedExpires Principal Sep 25 15:31:44 2013 Sep 26 01:31:42 2013 krbtgt/intranet.domain...@intranet.domain.de root@samba-dc1:~# The Security-Monitor on Windows 2003 DC told me (in german): Ereignistyp:Erfolgsüberw. Ereignisquelle:Security Ereigniskategorie:Verzeichnisdienstzugriff Ereigniskennung:566 Datum:25.09.2013 Zeit:15:35:28 Benutzer:INTRANET\admin Computer:WI-PAS01 Beschreibung: Objektvorgang: Objektserver:DS VorgangstypObject Access Objekttyp:organizationalUnit Objektname:OU=Domain Controllers,DC=intranet,DC=domain,DC=de Handlekennung:- Primärer Benutzername:WI-PAS01$ Primäre Domäne:INTRANET Primäre Anmeldekennung:(0x0,0x3E7) Clientbenutzername:admin Clientdomäne:INTRANET Clientanmeldekennung:(0x0,0x5B2D755F) ZugriffeUntergeordnetes Objekt erzeugen Eigenschaften: Untergeordnetes Objekt erzeugen computer Weitere Info:CN=SAMBA-DC1,OU=Domain Controllers,DC=intranet,DC=domain,DC=de Weitere Info2: %{34f6dfb0-e508-4124-a996-d80843a31445} Zugriffsmaske:0x1 and: Ereignistyp:Erfolgsüberw. Ereignisquelle:Security Ereigniskategorie:An-/Abmeldung Ereigniskennung:540 Datum:25.09.2013 Zeit:15:35:28 Benutzer:INTRANET\admin Computer:WI-PAS01 Beschreibung: Erfolgreiche Netzwerkanmeldung: Benutzername:admin Domäne:INTRANET Anmeldekennung:(0x0,0x5B2D755F) Anmeldetyp:3 Anmeldevorgang:Kerberos Authentifizierungspaket:Kerberos Arbeitsstationsname: Anmelde-GUID: {05cd8dd6-7c8b-c9ee-d237-3c482ca39c89} Aufruferbenutzername:- Aufruferdomäne:- Aufruferanmeldekennung:- Aufruferprozesskennung: - Übertragene Dienste: - Quellnetzwerkadresse:192.168.200.210 Quellport:43028 Login from samba-dc1.intranet.domain.de and IP 192.168.200.210 works. NO insufficient user rights! Another test - copying SYSVOL - works too: smbclient -U admin //wi-pas01/SYSVOL -c 'prompt;recurse;mget intranet.domain.de' That's all... Rowland Penny schrieb: On 25/09/13 13:18, Axel wrote: Of course, Rowland Penny schrieb: On 25/09/13 12:37, Axel wrote: Anyone? Join failed - cleaning up checking sAMAccountName ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1104, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1007, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 499, in join_add_objects ctx.samdb.add(rec) /code It seems to be, that all prerequisites fine. DNS, ACL etc., ping works fine... also resolutions of fqdn's Can someone help? Thanks Cheers axel Well I think this: ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 says it all. Does user intranet/admin exist and if so, do they have the right to add a machine to the domain, also have you tried replacing intranet/admin with Administrator? Rowland as i said in my first mail, that is THE Domain Administrator (renamed in my environment to admin). This admin has all rights to this domain since 2005 :) Same problem with another Domain-Administrator Account. I've also tried with Administrator like you suggested. Same issue... Thanks to your reply, axel OK, I did this yesterday, but with a samba4 DC joining to another samba4 DC, try this: kinit admin /usr/local/samba/bin/samba-tool domain join intranet.domain.de DC -Uadmin --realm=intranet.domain.de Rowland Yes, admin can log into the servers, but does he have the right to add workstations to the domain? Also was Administrator renamed or was a new user called admin created? Rowland Like i said, admin ist the main domain-administrator and has all rights to this domain. He wasn't created new, just renamed. Axel Well if admin has
Re: [Samba] samba-tool join domain fails
Top posting: In resolv.conf - remove any DNS servers other than the AD one. Is the AD server actually responding to DNS queries from the S4 box? I have not followed this thread carefully, so my suggestion could easily be wrong - but DNS from the real AD controller is *really* important, and IMO, it shouldn't be getting answers from ANY other servers. [And you should be *sure* it really IS getting answers, rather than a refusal.] -Greg A Rowland Penny schrieb: On 25/09/13 16:57, Axel wrote: Rowland Penny schrieb: On 25/09/13 15:36, Axel wrote: Rowland Penny schrieb: On 25/09/13 14:43, Axel wrote: Yes, this works all the time: root@samba-dc1:~# kinit admin ad...@intranet.domain.de's Password: root@samba-dc1:~# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: ad...@intranet.domain.de IssuedExpires Principal Sep 25 15:31:44 2013 Sep 26 01:31:42 2013 krbtgt/intranet.domain...@intranet.domain.de root@samba-dc1:~# The Security-Monitor on Windows 2003 DC told me (in german): Ereignistyp:Erfolgsüberw. Ereignisquelle:Security Ereigniskategorie:Verzeichnisdienstzugriff Ereigniskennung:566 Datum:25.09.2013 Zeit:15:35:28 Benutzer:INTRANET\admin Computer:WI-PAS01 Beschreibung: Objektvorgang: Objektserver:DS VorgangstypObject Access Objekttyp:organizationalUnit Objektname:OU=Domain Controllers,DC=intranet,DC=domain,DC=de Handlekennung:- Primärer Benutzername:WI-PAS01$ Primäre Domäne:INTRANET Primäre Anmeldekennung:(0x0,0x3E7) Clientbenutzername:admin Clientdomäne:INTRANET Clientanmeldekennung:(0x0,0x5B2D755F) ZugriffeUntergeordnetes Objekt erzeugen Eigenschaften: Untergeordnetes Objekt erzeugen computer Weitere Info:CN=SAMBA-DC1,OU=Domain Controllers,DC=intranet,DC=domain,DC=de Weitere Info2: %{34f6dfb0-e508-4124-a996-d80843a31445} Zugriffsmaske:0x1 and: Ereignistyp:Erfolgsüberw. Ereignisquelle:Security Ereigniskategorie:An-/Abmeldung Ereigniskennung:540 Datum:25.09.2013 Zeit:15:35:28 Benutzer:INTRANET\admin Computer:WI-PAS01 Beschreibung: Erfolgreiche Netzwerkanmeldung: Benutzername:admin Domäne:INTRANET Anmeldekennung:(0x0,0x5B2D755F) Anmeldetyp:3 Anmeldevorgang:Kerberos Authentifizierungspaket:Kerberos Arbeitsstationsname: Anmelde-GUID: {05cd8dd6-7c8b-c9ee-d237-3c482ca39c89} Aufruferbenutzername:- Aufruferdomäne:- Aufruferanmeldekennung:- Aufruferprozesskennung: - Übertragene Dienste: - Quellnetzwerkadresse:192.168.200.210 Quellport:43028 Login from samba-dc1.intranet.domain.de and IP 192.168.200.210 works. NO insufficient user rights! Another test - copying SYSVOL - works too: smbclient -U admin //wi-pas01/SYSVOL -c 'prompt;recurse;mget intranet.domain.de' That's all... Rowland Penny schrieb: On 25/09/13 13:18, Axel wrote: Of course, Rowland Penny schrieb: On 25/09/13 12:37, Axel wrote: Anyone? Join failed - cleaning up checking sAMAccountName ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1104, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1007, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 499, in join_add_objects ctx.samdb.add(rec) /code It seems to be, that all prerequisites fine. DNS, ACL etc., ping works fine... also resolutions of fqdn's Can someone help? Thanks Cheers axel Well I think this: ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 says it all. Does user intranet/admin exist and if so, do they have the right to add a machine to the domain, also have you tried replacing intranet/admin with Administrator? Rowland as i said in my first mail, that is THE Domain Administrator (renamed in my environment to admin). This admin has all rights to this domain since 2005 :) Same problem with another Domain-Administrator Account. I've also tried with Administrator like you suggested. Same issue... Thanks to your reply,
[Samba] Samba as DC Member
Dear all, I have install Windows AD and Linux client PC. In Linux PC, I modify these file to allow AD user logon the Linux Client PC via LDAPS. - /etc/sssd/sssd.conf - /etc/krb5.conf - /etc/pam.d/system-auth-ac - /etc/pam.d/password-auth-ac - /etc/openldap/ldap.conf When I create SAMBA share folder on Linux Client PC, and my Windows PC want to connect to it, Windows prompt a login dialog for access that SAMBA share. My problem is no matter I enter AD user account, or Linux 'root' account, it already said login error and cannot allow me to enter. What wrong of my setting? My Windows AD is: OS: Windows Server 2008 R2 64bit standard edition IP: 192.168.10.1/16 My Windows Client is: OS: Windows 7, 32bit Enterprise. (already join Windows AD domain). IP: 192.168.20.1/16 My Linux Client is: OS: CentOS 6.4, 64bit IP: 192.168.30.1/16 Thank you very much Kevin Tang  [global] # --- Network Related Options - workgroup = MYDOMAIN.COM server string = Samba Server Version %v netbios name = smbstorage interfaces = lo eth* 192.168.30.1/16 hosts allow = 192.168.0.0/16 # --- Logging Options - log file = /var/log/samba/log.%m max log size = 50 # --- Domain Members Options security = domain realm = WINAD.MYDOMAIN.COM password server = winad.mydomain.com # --- Browser Control Options local master = no ; os level = 33 ; preferred master = yes #- Name Resolution --- ; wins support = yes ; wins server = w.x.y.z ; wins proxy = yes ; dns proxy = yes # Share Definitions == [homes] comment = Home Directories browseable = yes writable = yes ; valid users = %S ; valid users = MYDOMAIN\%S [public] comment = Public Stuff path = /home/samba public = yes writable = yes guest ok = yes browseable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba as DC Member
On Mon, 2013-09-23 at 15:51 +0800, kevint...@umac.mo wrote: Dear all, I have install Windows AD and Linux client PC. In Linux PC, I modify these file to allow AD user logon the Linux Client PC via LDAPS. - /etc/sssd/sssd.conf - /etc/krb5.conf - /etc/pam.d/system-auth-ac - /etc/pam.d/password-auth-ac - /etc/openldap/ldap.conf My Linux Client is: OS: CentOS 6.4, 64bit IP: 192.168.30.1/16 Thank you very much Kevin Tang Hi I think you want the client to be a file server no? try in [global] workgroup = MYDOMAIN security = ADS kerberos method = system keytab Make sure /etc/hosts has: 127.0.0.1 centos-client.mydomain.com centos-client localhost and that you can (at least) ping the 2008 box Then try to join the domain: net ads join -UAdministrator That may get you a little closer. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba-tool join domain fails
Hi folks, big problem with my testint environment... my windows 2003-domain exists since 2004 and the credentials are correct, guaranteed. This problem is actually same on Ubuntu 12.04.3 and Debian 7... code root@pa-lnxd-04:~# /usr/local/samba/bin/samba-tool domain join INTRANET.DOMAIN.DE DC -Uintranet/admin --realm=intranet.DOMAIN.de Finding a writeable DC for domain 'INTRANET.DOMAIN.DE' Found DC wi-pas01.intranet.DOMAIN.de Password for [INTRANET\admin]: workgroup is INTRANET realm is intranet.DOMAIN.de checking sAMAccountName Adding CN=PA-LNXD-04,OU=Domain Controllers,DC=intranet,DC=DOMAIN,DC=de Join failed - cleaning up checking sAMAccountName ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 0522: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1104, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1007, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 499, in join_add_objects ctx.samdb.add(rec) /code It seems to be, that all prerequisites fine. DNS, ACL etc., ping works fine... also resolutions of fqdn's Can someone help? Thanks Cheers axel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba as DC Member
Dear Steve, Thank you for your suggestion. Now, my windows client pc can browse to my linux client pc and show me the share folder. But when I want to enter it, it show me permission problem like attachment. I already change my share directory (/samba_share) permission in linux pc to '777', and my smb.conf already set to 'guest ok = yes', 'writable = yes', and 'public = yes'. Do you have any suggestion? Thank you Kevin. From: steve st...@steve-ss.com To: kevint...@umac.mo Cc: samba@lists.samba.org Date: 09/23/2013 04:46 PM Subject:Re: [Samba] Samba as DC Member On Mon, 2013-09-23 at 15:51 +0800, kevint...@umac.mo wrote: Dear all, I have install Windows AD and Linux client PC. In Linux PC, I modify these file to allow AD user logon the Linux Client PC via LDAPS. - /etc/sssd/sssd.conf - /etc/krb5.conf - /etc/pam.d/system-auth-ac - /etc/pam.d/password-auth-ac - /etc/openldap/ldap.conf My Linux Client is: OS: CentOS 6.4, 64bit IP: 192.168.30.1/16 Thank you very much Kevin Tang Hi I think you want the client to be a file server no? try in [global] workgroup = MYDOMAIN security = ADS kerberos method = system keytab Make sure /etc/hosts has: 127.0.0.1 centos-client.mydomain.com centos-client localhost and that you can (at least) ping the 2008 box Then try to join the domain: net ads join -UAdministrator That may get you a little closer. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba with Domain
Hi, I setup Samba to authenticate through Active Directory using DOMAIN. This works...I can get in but my problem is when a user tries to go into a share or user account, he can't even if they are in the same group in unix and also allow in unix to do so. How do I configure Samba to allow this as well Thanks a lot Michael Guinard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 RPMs for RHEL 6
My apologies if this is something of a FAQ, but I would be grateful of some assistance. I am evaluating Samba 4 and would like to be able to create packages for installation on RHEL and CentOS 6.x servers. I've cloned the git repository and checked out tag 4.0.9, then used the ./packaging/RHEL-CTDB/makerpms.sh script to build the RPMs. The process succeeds but the packages, while labelled 4.0.9, are not Samba 4 packages. Closer inspection of the spec file indicates that this is only geared towards Samba 3 builds. Have I missed something in the process of creating these packages? Is there a better way for me to proceed? For the moment, I'm just using make make install on the servers but would like to move away from this mode. Regards, Malcolm. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 RPMs for RHEL 6
Hi You have updated precompiled packages from Sernet at http://enterprisesamba.com/ (for Samba 3 and Samba 4, although you have to register to use the Samba 4 repository). I have tried it and they works fine. Regards. 2013/9/19 Malcolm Cowe malk...@gmail.com My apologies if this is something of a FAQ, but I would be grateful of some assistance. I am evaluating Samba 4 and would like to be able to create packages for installation on RHEL and CentOS 6.x servers. I've cloned the git repository and checked out tag 4.0.9, then used the ./packaging/RHEL-CTDB/**makerpms.sh script to build the RPMs. The process succeeds but the packages, while labelled 4.0.9, are not Samba 4 packages. Closer inspection of the spec file indicates that this is only geared towards Samba 3 builds. Have I missed something in the process of creating these packages? Is there a better way for me to proceed? For the moment, I'm just using make make install on the servers but would like to move away from this mode. Regards, Malcolm. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and automount
On Fri, 2013-09-13 at 09:54 +0100, Rowland Penny wrote: On 13/09/13 09:34, steve wrote: Hi I re-read your post with all the info and found these: DEFAULT_MASTER_MAP_NAME=CN=auto.master,CN=HOME,CN=defaultMigrationContainer30,DC=hh3,DC=site SEARCH_BASE=CN=home,CN=defaultMigrationContainer30,DC=hh3,DC=site HOME home are MY domain, you need to set them to YOUR domain Hi Rowland Yeah, I was being spectacularly thick yesterday. I gave up with the /etc/sysconfig/autofs approach and went for sssd instead. I sensed that this was gonna be a lot simpler with sssd. Thanks for your guidance with the schema. I've put the details and the maps converted for AD here: http://linuxcostablanca.blogspot.com.es/2013/09/samba4-autofs.html HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 4 failed with kerberos error (ubuntu)
Hello! I tried to install samba 4 as described in the samba AD DC HOWTO. Here my configuration: ubuntu 12.04 server 64 bit server /etc/network/interfaces: # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 192.168.1.19 netmask 255.255.252.0 up route add default gw 192.168.1.4 dns-search hofmann-intern.de dns-nameservers 192.168.1.26 /etc/hosts: 127.0.0.1 localhost 192.168.1.19hmsmbctx.hofmann-intern.de hmsmbctx # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters I installed required software: apt-get install build-essential libacl1-dev libattr1-dev \ libblkid-dev libgnutls-dev libreadline-dev python-dev \ python-dnspython gdb pkg-config libpopt-dev libldap2-dev \ dnsutils libbsd-dev attr krb5-user docbook-xsl libcups2-dev acl and run the provisioning script: samba-tool domain provision --use-rfc2307 --interactive with internal-dns Copied /var/lib/samba/private/krb5.conf to /etc/ When i start samba with samba -i -M single I got the following error: root@hmsmbctx:/home/administrator# samba -i -M single samba version 4.0.9-SerNet-Ubuntu-6.precise started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model Attempting to autogenerate TLS self-signed keys for https for hostname 'HMSMBCTX.hfmctx.hofmann-intern.de' TLS self-signed keys generated OK /usr/sbin/samba_dnsupdate: Traceback (most recent call last): /usr/sbin/samba_dnsupdate: File /usr/sbin/samba_dnsupdate, line 506, in module /usr/sbin/samba_dnsupdate: get_credentials(lp) /usr/sbin/samba_dnsupdate: File /usr/sbin/samba_dnsupdate, line 119, in get_credentials /usr/sbin/samba_dnsupdate: creds.get_named_ccache(lp, ccachename) /usr/sbin/samba_dnsupdate: RuntimeError: kinit for HMSMBCTX$@HFMCTX.HOFMANN-INTERN.DE failed (Cannot contact any KDC for requested realm) /usr/sbin/samba_dnsupdate: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED Whats going wrong ? Thx in advance. Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 failed with kerberos error (ubuntu)
It looks like you're not pointing to yourself for DNS. Check to make sure DNS is working correctly (especially the SRV kerberos records for this issue). On Mon, Sep 9, 2013 at 4:31 AM, Alexander Busam a.bu...@hofmann-foerdertechnik.com wrote: Hello! I tried to install samba 4 as described in the samba AD DC HOWTO. Here my configuration: ubuntu 12.04 server 64 bit server /etc/network/interfaces: # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 192.168.1.19 netmask 255.255.252.0 up route add default gw 192.168.1.4 dns-search hofmann-intern.de dns-nameservers 192.168.1.26 /etc/hosts: 127.0.0.1 localhost 192.168.1.19hmsmbctx.hofmann-intern.de hmsmbctx # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters I installed required software: apt-get install build-essential libacl1-dev libattr1-dev \ libblkid-dev libgnutls-dev libreadline-dev python-dev \ python-dnspython gdb pkg-config libpopt-dev libldap2-dev \ dnsutils libbsd-dev attr krb5-user docbook-xsl libcups2-dev acl and run the provisioning script: samba-tool domain provision --use-rfc2307 --interactive with internal-dns Copied /var/lib/samba/private/krb5.**conf to /etc/ When i start samba with samba -i -M single I got the following error: root@hmsmbctx:/home/**administrator# samba -i -M single samba version 4.0.9-SerNet-Ubuntu-6.precise started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model Attempting to autogenerate TLS self-signed keys for https for hostname ' HMSMBCTX.hfmctx.hofmann-**intern.dehttp://HMSMBCTX.hfmctx.hofmann-intern.de ' TLS self-signed keys generated OK /usr/sbin/samba_dnsupdate: Traceback (most recent call last): /usr/sbin/samba_dnsupdate: File /usr/sbin/samba_dnsupdate, line 506, in module /usr/sbin/samba_dnsupdate: get_credentials(lp) /usr/sbin/samba_dnsupdate: File /usr/sbin/samba_dnsupdate, line 119, in get_credentials /usr/sbin/samba_dnsupdate: creds.get_named_ccache(lp, ccachename) /usr/sbin/samba_dnsupdate: RuntimeError: kinit for HMSMBCTX$@ HFMCTX.HOFMANN-**INTERN.DE http://HFMCTX.HOFMANN-INTERN.DE failed (Cannot contact any KDC for requested realm) /usr/sbin/samba_dnsupdate: ../source4/dsdb/dns/dns_**update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED Whats going wrong ? Thx in advance. Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 129, Issue 6
I am Currently out of the office and will return on Monday 9th September. My email will not be monitor , so if you require assistance please email supp...@swift-computing.co.uk. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 TKEY is unacceptable driving me NUTS!
I've installed Samba 4.09 on ubuntu with bind 9.8.1-P1, the former compiled from git source and the latter installed from apt-get. I'm migrating from an existing Windows 2008 SBS domain controller that I want to retire (and be Windows free on the server side), and have followed the instructions on the Samba wiki for setting up Bind and migrating. When I run a samba_dnsupate -verbose -all-names as per the wiki, all updates result in a dns_tkey_negotiategss: TKEY is unacceptable. Syslog produces the following: Sep 6 12:21:32 newdc samba[7735]: [2013/09/06 12:21:32.189272, 0] ../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done) Sep 6 12:21:32 newdc samba[7735]: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT Sep 6 12:23:29 newdc named[7690]: samba b9_putrr: unhandled record type 0 The same TKEY error occurred when I attempt a manual nsupdate. What's odd is that the updates actually appear in the Windows DNS manager when I use nsupdate or samba-tool to add entries. This works for both the new samba DC and the existing windows DC. I was going to chalk this up to gremlins and move on with life, but when I attempt to transfer or seize the naming role, from either samba or the existing Windows DC, I get: sudo /usr/local/samba/bin/samba-tool fsmo transfer --role=naming -Uadministrator ERROR(ldb): uncaught exception - Failed FSMO transfer: WERR_GENERAL_FAILURE File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py, line 268, in run transfer_role(self.outf, role, samdb) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py, line 53, in transfer_role samdb.modify(m) I believe these are related, but I cannot get the TKEY error resolved and have attempted every trick I've been able to find on this mailing list. I've tried the following based on days of googling: 1. Verified that apparmor isn't causing problems by setting the following in it's config: # Samba 4 support /usr/local/samba/private/** rkw, /usr/local/samba/private/dns.keytab rk, /usr/local/samba/private/dns/** rkw, /etc/krb5.conf r, /usr/local/samba/etc/smb.conf r, #Samba 4 BIND libraries /usr/local/samba/lib/bind9/dlz_bind9.so rm, /usr/local/samba/lib/** rm, /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/** rm, # with libdlz_bind9, named needs to access /var/tmp/DNS-${HOSTNAME}_xxx ticke$ /var/tmp/** krw, /tmp/** krw, 2. Regenerated the dns.keytab 3. Ensured that the new DC is listed as the SOA record in the DNS for mydomain.local 4. Added the requested config to my named.com: tkey-gssapi-keytab /usr/local/samba/private/dns.keytab; #tried with and without the line below, no difference tkey-domain MYDOMAIN.LOCAL; 5. Attempted to transfer and seize roles from both Windows and Samba I've run out of ideas here, and would appreciate any help or additional things to attempt. If I cannot seize the naming role, shutting down the windows box results in syslog being flooded with Can't contact OLDDC.mydomain.local-type errors. I want to rid the domain of all memories of SBS so I'm worried that not migrating the naming role will keep some dependency in place. Thanks for any help! Kind Regards, Pat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 129, Issue 7
I am Currently out of the office and will return on Monday 9th September. My email will not be monitor , so if you require assistance please email supp...@swift-computing.co.uk. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 129, Issue 5
I am Currently out of the office and will return on Monday 9th September. My email will not be monitor , so if you require assistance please email supp...@swift-computing.co.uk. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 - nslcd setup on Debian
On Wed, 2013-09-04 at 17:53 +0100, Chris Alavoine wrote: Hi folks, Have been battling with this for a while. I have a Debian 6/Samba 4 install working nicely. Have migrated my old Samba 3 domain and can see all users/groups via AD management tools fine. I am now trying to get the *nix side sorted. Have followed the guide here: https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd Which works up to a point. All users and groups and visible with getent etc, but any new user that are created are not seen. Any existing user/group updates are reflected but if I create a new user and then do getent group | grep user I get nothing, same with id -Gn user or groups user. If I do: samba-tool user list | grep user The user is found and I can see it using RSAT tools from a Windows Server 2008 R2 box. Any suggestions? Your old users had rfc2307 attributes but your new ones do not. When you create the new user, you have to give him rfc2307 attributes such as uidNumber and gidNumber. In later releases, you can use samba-tool to do this. Otherwise you can use ldbedit or ldbmodify. I doubt whether your debian install is recent enough. There are scripts here: http://linuxcostablanca.blogspot.com.es/p/s4bind.html I'd recommend building from source. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 - nslcd setup on Debian
Hi folks, Have been battling with this for a while. I have a Debian 6/Samba 4 install working nicely. Have migrated my old Samba 3 domain and can see all users/groups via AD management tools fine. I am now trying to get the *nix side sorted. Have followed the guide here: https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd Which works up to a point. All users and groups and visible with getent etc, but any new user that are created are not seen. Any existing user/group updates are reflected but if I create a new user and then do getent group | grep user I get nothing, same with id -Gn user or groups user. If I do: samba-tool user list | grep user The user is found and I can see it using RSAT tools from a Windows Server 2008 R2 box. Any suggestions? Thanks, Chris. -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 129, Issue 4
I am Currently out of the office and will return on Monday 9th September. My email will not be monitor , so if you require assistance please email supp...@swift-computing.co.uk. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6.9 on Centos 6.4 and very slow first access to fileserver
Hello good people, I am fighting with following issue: our users are complaining about very slow/delayed displaying of main folders during accessing server using \\dns.name.of.server (using \\IP or \\netbios_name is it with same slowness). But once they are authenticated, displaying contents of (sub-)folders are getting normal. Once the user hit enter key on \\dns.name.of.server it takes approximately 20seconds till the user is requested for credentials. This twenty seconds is delay if user is accessing this server from Windows XP computer. But if he is using Windows 7, the delay is only ~10 second longer (but also it considered as long). Server is in domain role, which means that authentication is passed toward primary controler - which is also samba (same OS, samba version) with LDAP backend. It does not matter to delay if password server directive is defined or not on this domain member server. Here is the corresponding log (log level 3) part: [2013/09/04 22:38:51.733770, 3] libsmb/namequery.c:2533(get_dc_list) get_dc_list: preferred server list: FILEZA, * [2013/09/04 22:38:51.736953, 3] libsmb/namequery_dc.c:204(rpc_dc_name) rpc_dc_name: Returning DC FILEZA (10.31.155.247) for domain COMPANY [2013/09/04 22:38:51.737608, 3] libsmb/cliconnect.c:3172(cli_start_connection) Connecting to host=FILEZA [2013/09/04 22:38:51.756622, 3] lib/util_sock.c:766(open_socket_out_send) Connecting to 10.31.155.247 at port 445 [2013/09/04 22:38:56.820935, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [WORKSTATION]\[username]@[WORKSTATION] with the new password interface [2013/09/04 22:38:56.822654, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [COMPANY]\[username]@[WORKSTATION] [2013/09/04 22:38:56.823888, 3] libsmb/namequery.c:2533(get_dc_list) get_dc_list: preferred server list: FILEZA, * [2013/09/04 22:38:56.830032, 3] libsmb/namequery_dc.c:204(rpc_dc_name) rpc_dc_name: Returning DC FILEZA (10.31.155.247) for domain COMPANY [2013/09/04 22:38:56.831678, 3] libsmb/cliconnect.c:3172(cli_start_connection) Connecting to host=FILEZA [2013/09/04 22:38:56.832574, 3] lib/util_sock.c:766(open_socket_out_send) Connecting to 10.31.155.247 at port 445 [2013/09/04 22:39:01.954252, 0] auth/auth_domain.c:331(domain_client_validate) domain_client_validate: unable to validate password for user username in domain WORKSTATION to Domain controller FILEZA. Error was NT_STATUS_NO_SUCH_USER. [2013/09/04 22:39:01.962686, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [username] - [username] FAILED with error NT_STATUS_NO_SUCH_USER [2013/09/04 22:39:01.963542, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2013/09/04 22:39:01.967732, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) [2013/09/04 22:39:01.992663, 3] libsmb/namequery.c:2533(get_dc_list) get_dc_list: preferred server list: FILEZA, * [2013/09/04 22:39:01.995260, 3] libsmb/namequery_dc.c:204(rpc_dc_name) rpc_dc_name: Returning DC FILEZA (10.31.155.247) for domain COMPANY [2013/09/04 22:39:01.995722, 3] libsmb/cliconnect.c:3172(cli_start_connection) Connecting to host=FILEZA [2013/09/04 22:39:01.995950, 3] lib/util_sock.c:766(open_socket_out_send) Connecting to 10.31.155.247 at port 445 [2013/09/04 22:39:07.057852, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [WORKSTATION]\[username]@[WORKSTATION] with the new password interface [2013/09/04 22:39:07.059742, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [COMPANY]\[username]@[WORKSTATION] [2013/09/04 22:39:07.061071, 3] libsmb/namequery.c:2533(get_dc_list) get_dc_list: preferred server list: FILEZA, * [2013/09/04 22:39:07.068083, 3] libsmb/namequery_dc.c:204(rpc_dc_name) rpc_dc_name: Returning DC FILEZA (10.31.155.247) for domain COMPANY [2013/09/04 22:39:07.069450, 3] libsmb/cliconnect.c:3172(cli_start_connection) Connecting to host=FILEZA [2013/09/04 22:39:07.070099, 3] lib/util_sock.c:766(open_socket_out_send) Connecting to 10.31.155.247 at port 445 [2013/09/04 22:39:07.074267, 3] lib/util_sock.c:766(open_socket_out_send) Connecting to 10.31.155.247 at port 139 [2013/09/04 22:39:12.200887, 0] auth/auth_domain.c:331(domain_client_validate) domain_client_validate: unable to validate password for user username in domain WORKSTATION to Domain controller FILEZA. Error was NT_STATUS_NO_SUCH_USER. [2013/09/04 22:39:12.206915, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [username] - [username] FAILED with error NT_STATUS_NO_SUCH_USER [2013/09/04 22:39:12.207533, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(124) cmd=115
Re: [Samba] Samba 3.6.9 on Centos 6.4 and very slow first access to fileserver
On Wed, Sep 4, 2013 at 4:16 PM, Michal Bruncko michal.brun...@gmail.comwrote: socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 I'd start with commenting out that line and see if things get better.. then check also with (on the samba machine) smbclient //localhost/share -d10 -Uusername and see if you can get any more info. Also from the samba machine check and see if smbclient //10.31.155.247/support -d10 -Uusername is helpful. Maybe something will give you a clue. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 129, Issue 3
I am Currently out of the office and will return on Monday 9th September. My email will not be monitor , so if you require assistance please email supp...@swift-computing.co.uk. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 129, Issue 2
I am Currently out of the office and will return on Monday 9th September. My email will not be monitor , so if you require assistance please email supp...@swift-computing.co.uk. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [samba]wrong record for connetcting share
Hello Ming, Am 29.08.2013 10:08, schrieb ming: I have some question about smbcontrol reload-config ,please explain it to me.Thanks! Connecting samba share by windows,and modify the smb.conf(EX:modify the share record rw to ro). After that,execute smbcontrol -d 10 all reload-config. But it doesn't work on the samba connecting ,it's also the old record. How to let the samba connecting become the new record except samba service restart or disconnect the link. Wait for your write back... I'm not sure, if this matters, but the smbcontrol manpage says: smbcontrol [destination] [message-type] [parameter] What happens if you # smbcontroll all reload-config -d 10 or skip the -d ...? What version of Samba is it? Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba