Re: [Samba] Samba vs ADS problems
Thank you for your help again :) I have managed to fix the problem and still using 3.0.13 version of samba... It apperas that my nsswitch.conf wasnt setup correctly... was missing some winbind entrys Now the group lookups is working nicely Im sorry for taking your time :) Now im sure I have explored most of what can be explored of samba and its components by a normal user :D So some good came of this :) I look forward to see the next releases of samba... Keep up the nice work on this project, a nice alternative to rather expensive MS products that my boss wanted me to explore, and I must say with ACL included it is very nice :) Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Hindbo Jensen wrote: | After installing SuSE 10.0 on another desktop PC which | is running samba 3.0.20 (not 3.0.20a) it made the same error | as the older samba version running on the live server | | However some small changes have occured in the | wbinfo feedback... I can now lookup: | | # wbinfo --user-sids=S-1-5-21-220523388-1957994488-854245398-2749 ... | # wbinfo --user-domgroups=S-1-5-21-220523388-1957994488-854245398-2749 ... | | However the groupname lookup for the user still returns the same | | IT02:/var/log/samba # wbinfo -r tarp+dhj | 17000 ... | So is this all down to the version of samba I use? winbindd itself was rewritten drastically in Samba 3.0.20 in order to providing more scalability. There are rpc infrastructure changes coming in 3.0.21 (pre1 is due out on Monday) for better interoperabilty with newer MS updates | I have attached all the log files in the directory | /var/log/samba + the samba smb.conf Unfortunately, you didn't run winbindd at level 10. That is the critical one. Run winbindd -d 10 manually. And then grab /var/log/samba/log.{winbindd,wb-*} cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDT7osIR7qMdg1EfYRAq3nAJoCalg19lxR8WLvPPktocgXV1BrCQCff0jd d+1yMomkIeD8Y8++xM4sawM= =qqrM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba vs ADS problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Hindbo Jensen wrote: | After installing SuSE 10.0 on another desktop PC which | is running samba 3.0.20 (not 3.0.20a) it made the same error | as the older samba version running on the live server | | However some small changes have occured in the | wbinfo feedback... I can now lookup: | | # wbinfo --user-sids=S-1-5-21-220523388-1957994488-854245398-2749 ... | # wbinfo --user-domgroups=S-1-5-21-220523388-1957994488-854245398-2749 ... | | However the groupname lookup for the user still returns the same | | IT02:/var/log/samba # wbinfo -r tarp+dhj | 17000 ... | So is this all down to the version of samba I use? winbindd itself was rewritten drastically in Samba 3.0.20 in order to providing more scalability. There are rpc infrastructure changes coming in 3.0.21 (pre1 is due out on Monday) for better interoperabilty with newer MS updates | I have attached all the log files in the directory | /var/log/samba + the samba smb.conf Unfortunately, you didn't run winbindd at level 10. That is the critical one. Run winbindd -d 10 manually. And then grab /var/log/samba/log.{winbindd,wb-*} cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDT7osIR7qMdg1EfYRAq3nAJoCalg19lxR8WLvPPktocgXV1BrCQCff0jd d+1yMomkIeD8Y8++xM4sawM= =qqrM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re-2: [Samba] Samba vs ADS problems
Hello Stefan Thank you for your fast responses My boss insisted to access the data somehow (getting the server running) so now it is running as a public guest enabled, read only server However I will keep trying to make it work again as intented I will dig out some winbind 10 log files later :) Stefan Kerkemeier wrote: ok, setfacl outputs the same error if you take a non existing user or group! It seems that your system doesn´t know your groups because of winbind problems. - what happens if you do a 'getent group'? I get a list of groups with members listed beside them... perfectly normal - what samba security context do you use (domain or ads)? I use ADS again we need more informations what`s goiing so please attach a loglevel 10 output of winbind. cheers Stefan Original Message Subject: Re: [Samba] Samba vs ADS problems (12-Okt-2005 15:36) From:Daniel Hindbo Jensen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Yes but if I do add a user its np... the only difrence is the SPACE charactor setfacl -d -m 'u:tarp+hl:rwx' preInstall im not even sure I can post such long mails here? Stefan Kerkemeier wrote: for a detailed error analysis please post a loglevel 10 samba output! Try to add a group to the ACL install:/var/samba # setfacl -d -m 'g:tarp+domain admins:rwx' preInstall setfacl: Option -m: Invalid argument near character 3 your are using an invalid syntax (Invalid argument near character 3 )! cheers Stefan Original Message Subject: [Samba] Samba vs ADS problems (12-Okt-2005 9:24) From:Daniel Jensen [EMAIL PROTECTED] To: samba@lists.samba.org Hello Everyone This samba server was working perfectly without problems. Running as an Domain member vs Win2K ADS One day it stopped working… All that happened 5 days ago was a change of the administrator/root password We adjusted the wbinfo –set-auth-user towards the new password. But nothing have worked since. install:/ # wbinfo -V Version 3.0.13-1.1-SUSE What might be wrong when the following happen? wbinfo -r TARP+hl 1 10001 10010 install:/var/log/samba # wbinfo -n TARP+hl S-1-5-21-220523388-1957994488-854245398-2811 User (1) install:/var/log/samba # wbinfo --user-sids=S-1-5-21-220523388-1957994488-854245398-2811 Could not get group SIDs for user SID S-1-5-21-220523388-1957994488-854245398-2811 Try to add a group to the ACL install:/var/samba # setfacl -d -m 'g:tarp+domain admins:rwx' preInstall setfacl: Option -m: Invalid argument near character 3 Try to add a user to the ACL install:/var/samba # setfacl -d -m 'u:tarp+dhj:rwx' preinstall no errors I hope anyone can help :D Regards Daniel Jensen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba vs ADS problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Jensen wrote: | This samba server was working perfectly without problems. | Running as an Domain member vs Win2K ADS | One day it stopped working… All that happened 5 days ago | was a change of the administrator/root password No hotfixes applied to the dc? What does a level 10 debug log from winbindd say about the failure. (hint: grep for NT_STATUS_ in the log file). cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDTltWIR7qMdg1EfYRAgpWAJ4noCEH6O0Ce2UXcqu6/sAk3bWZlQCgtw8+ YhENA7SgBg45Qddf1xKsVBs= =sSCM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba vs ADS problems
Almost every hotfix out there is applied to the Win 2k ADS This is some logfile entrys when I rolled back to the old setup that didnt work for test purpose... log level 10 for winbind [2005/10/13 12:37:57, 2, pid=12954, effective(0, 0), real(0, 0)] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/10/13 12:37:57, 3, pid=12954, effective(0, 0), real(0, 0)] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2005/10/13 12:37:57, 3, pid=12954, effective(0, 0), real(0, 0)] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2005/10/13 12:37:57, 3, pid=12954, effective(0, 0), real(0, 0)] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 2 840 48018 1 2 2 [2005/10/13 12:37:57, 3, pid=12954, effective(0, 0), real(0, 0)] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 2 840 113554 1 2 2 [2005/10/13 12:37:57, 3, pid=12954, effective(0, 0), real(0, 0)] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 3 6 1 4 1 311 2 2 10 [2005/10/13 12:37:57, 3, pid=12954, effective(0, 0), real(0, 0)] smbd/sesssetup.c:reply_spnego_negotiate(447) Got secblob of size 1186 [2005/10/13 12:37:57, 3, pid=12954, effective(0, 0), real(0, 0)] smbd/sesssetup.c:reply_spnego_kerberos(179) Ticket name is [EMAIL PROTECTED] [2005/10/13 12:37:57, 10, pid=12954, effective(0, 0), real(0, 0)] auth/auth_util.c:auth_add_user_script(74) auth_add_user_script: no 'add user script'. Asking winbindd [2005/10/13 12:37:57, 5, pid=12954, effective(0, 0), real(0, 0)] auth/auth_util.c:auth_add_user_script(81) auth_add_user_script: winbindd_create_user() failed [2005/10/13 12:37:57, 1, pid=12954, effective(0, 0), real(0, 0)] smbd/sesssetup.c:reply_spnego_kerberos(250) Username TARP+dhj is invalid on this system [2005/10/13 12:37:57, 3, pid=12954, effective(0, 0), real(0, 0)] smbd/error.c:error_packet(105) error string = No such file or directory [2005/10/13 12:37:57, 3, pid=12954, effective(0, 0), real(0, 0)] smbd/error.c:error_packet(129) error packet at smbd/sesssetup.c(255) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2005/10/13 12:37:57, 3, pid=12954, effective(0, 0), real(0, 0)] smbd/process.c:timeout_processing(1334) timeout_processing: End of file from client (client has disconnected). [2005/10/13 12:37:57, 3, pid=12954, effective(0, 0), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/10/13 12:37:57, 2, pid=12954, effective(0, 0), real(0, 0)] smbd/server.c:exit_server(609) [2005/10/13 12:37:57, 3, pid=12956, effective(0, 0), real(0, 0)] smbd/oplock.c:init_oplocks(1345) open_oplock_ipc: opening loopback UDP socket. Closing connections On Thu, 2005-10-13 at 08:04 -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Jensen wrote: | This samba server was working perfectly without problems. | Running as an Domain member vs Win2K ADS | One day it stopped working… All that happened 5 days ago | was a change of the administrator/root password No hotfixes applied to the dc? What does a level 10 debug log from winbindd say about the failure. (hint: grep for NT_STATUS_ in the log file). cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDTltWIR7qMdg1EfYRAgpWAJ4noCEH6O0Ce2UXcqu6/sAk3bWZlQCgtw8+ YhENA7SgBg45Qddf1xKsVBs= =sSCM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba vs ADS problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Hindbo Jensen wrote: | Almost every hotfix out there is applied to the Win 2k ADS | | This is some logfile entrys when I rolled back to the old setup that | didnt work for test purpose... log level 10 for winbind This log file is actually from smbd (people seem to be getting them confused a lot lately). This is the problem. ~ Username TARP+dhj is invalid on this system If you look at a level 10 debug from winbindd, I think you seem the samr_connect call failing with access denied. You can try 'client schannel = no' and using 'wbinfo --set-auth-user' to define a set of credentials that winbindd can use to query user and group information. This was outlined in the 3.0.20a release notes. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDTnISIR7qMdg1EfYRAgLHAKCan6nO2CU2FHwiFmRxB4pm66LmyACeO21s m/DR8/1jhMaJZmjLSj2Aj2M= =zXPy -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba vs ADS problems
Hello Gerald Ty for your reply :) I will try to change the setting tomorrow however atm. we are using 3.0.13-1.1-SUSE as we are running SuSE 9.3... however in SuSE 10.0 the 3.0.20 (not 3.0.20a) is included... Would you think if it would be a big improvement to upgrade? Regards Daniel Hindbo Jensen Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Hindbo Jensen wrote: | Almost every hotfix out there is applied to the Win 2k ADS | | This is some logfile entrys when I rolled back to the old setup that | didnt work for test purpose... log level 10 for winbind This log file is actually from smbd (people seem to be getting them confused a lot lately). This is the problem. ~ Username TARP+dhj is invalid on this system If you look at a level 10 debug from winbindd, I think you seem the samr_connect call failing with access denied. You can try 'client schannel = no' and using 'wbinfo --set-auth-user' to define a set of credentials that winbindd can use to query user and group information. This was outlined in the 3.0.20a release notes. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDTnISIR7qMdg1EfYRAgLHAKCan6nO2CU2FHwiFmRxB4pm66LmyACeO21s m/DR8/1jhMaJZmjLSj2Aj2M= =zXPy -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba vs ADS problems
Daniel, You can get 3.0.20a from a SuSE ftp mirror under projects/samba. Frank Daniel Jensen wrote: Hello Gerald Ty for your reply :) I will try to change the setting tomorrow however atm. we are using 3.0.13-1.1-SUSE as we are running SuSE 9.3... however in SuSE 10.0 the 3.0.20 (not 3.0.20a) is included... Would you think if it would be a big improvement to upgrade? Regards Daniel Hindbo Jensen Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Hindbo Jensen wrote: | Almost every hotfix out there is applied to the Win 2k ADS | | This is some logfile entrys when I rolled back to the old setup that | didnt work for test purpose... log level 10 for winbind This log file is actually from smbd (people seem to be getting them confused a lot lately). This is the problem. ~ Username TARP+dhj is invalid on this system If you look at a level 10 debug from winbindd, I think you seem the samr_connect call failing with access denied. You can try 'client schannel = no' and using 'wbinfo --set-auth-user' to define a set of credentials that winbindd can use to query user and group information. This was outlined in the 3.0.20a release notes. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDTnISIR7qMdg1EfYRAgLHAKCan6nO2CU2FHwiFmRxB4pm66LmyACeO21s m/DR8/1jhMaJZmjLSj2Aj2M= =zXPy -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba vs ADS problems
Hello Everyone This samba server was working perfectly without problems. Running as an Domain member vs Win2K ADS One day it stopped working… All that happened 5 days ago was a change of the administrator/root password We adjusted the wbinfo –set-auth-user towards the new password. But nothing have worked since. install:/ # wbinfo -V Version 3.0.13-1.1-SUSE What might be wrong when the following happen? wbinfo -r TARP+hl 1 10001 10010 install:/var/log/samba # wbinfo -n TARP+hl S-1-5-21-220523388-1957994488-854245398-2811 User (1) install:/var/log/samba # wbinfo --user-sids=S-1-5-21-220523388-1957994488-854245398-2811 Could not get group SIDs for user SID S-1-5-21-220523388-1957994488-854245398-2811 Try to add a group to the ACL install:/var/samba # setfacl -d -m 'g:tarp+domain admins:rwx' preInstall setfacl: Option -m: Invalid argument near character 3 Try to add a user to the ACL install:/var/samba # setfacl -d -m 'u:tarp+dhj:rwx' preinstall no errors I hope anyone can help :D Regards Daniel Jensen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba