Re: [Samba] Samba on Windows?
On 01/04/13 04:18 PM, fromsamba.bitbucke...@spamgourmet.com wrote: When trying to copy files to/from a Windows file server from/to another Windows machine, at times the Windows Explorer application will just hang. This could be due the server being less than responsive, or some other reason. It ends up being really annoying as Explorer just stops responding due to, presumably, being stuck waiting for a response from the remote server. There are times when just clicking a file will then cause Explorer to hang, as though its requesting info for the file and not getting a response. Every time I run into this, I think, why wouldn't this all be threaded? Why would a background thread do all the network communications asynchronously so that the UI didn't freeze up like this? Then I think, why not just write a simple CIFS/SMB client which is asynchronous and which doesn't hang due to the remote server not responding. Also, something that doesn't send any unnecessary requests. i.e., give me the list of files, let me pick which ones to copy, and copy. Don't request any additional info about the files (as I think happens when you right-click a file). But why write a CIFS/SMB client, when Samba has already done it? I know Samba is intended for Linux, allowing Linux users to interoperate with Windows. But has anyone ever attempted building/using the Samba code on Windows? Could Samba be used to do the protocol stuff in a Windows application? Seems like there's no reason to re-invent the wheel and dig through the MS protocol documentation, if Samba could be re-used for this purpose. Does this seem feasible? Or is this ill-advised? :) Why not just replace your Windows server and switch your client(s) to Linux? It's probably a lot less work. If you have a program that you must use that only runs on Windows, try wine or a virtual machine. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
Yes I am Polish but I didn't have time yet to investigate the problem. Maybe it is language related... I can check it also (I have some non-polish xp's). I'll let you know. Daniel W dniu 2012-01-27 13:19, BartekR pisze: Hello ! I've upgraded samba to 3.6.1 during migration to new hardware. Problem remains the same. Offtop. Are You Polish ? Nobody else reported similar problem. Perhaps it is language related (language specyfic Windows update). Thanks! BartekR W dniu 2012-01-26 21:59, Daniel Deptuła pisze: Hello! I'm afraid I have the same problem in my network. We have a domain where Samba (3.5.11) is the PDC. Clients include Windows XP's and 7's. I recently noticed that many stations are not visible in the browselist. I'll investigate it and let you know about the results. Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
Hello ! I've upgraded samba to 3.6.1 during migration to new hardware. Problem remains the same. Offtop. Are You Polish ? Nobody else reported similar problem. Perhaps it is language related (language specyfic Windows update). Thanks! BartekR W dniu 2012-01-26 21:59, Daniel Deptuła pisze: Hello! I'm afraid I have the same problem in my network. We have a domain where Samba (3.5.11) is the PDC. Clients include Windows XP's and 7's. I recently noticed that many stations are not visible in the browselist. I'll investigate it and let you know about the results. Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
Hello! I'm afraid I have the same problem in my network. We have a domain where Samba (3.5.11) is the PDC. Clients include Windows XP's and 7's. I recently noticed that many stations are not visible in the browselist. I'll investigate it and let you know about the results. Daniel W dniu 2012-01-25 10:50, BartekR pisze: Hello ! I would like to refresh this topic beacuse I have discovered something new. This problem relates only to machines with WINDOWS XP with automatic system update enabled. Win XP sp2 (fresh install) with disabled updates does not dissapear! So should i try to uninstall some of updates ?Is there any way to find the one responsible for this problem? Thanks ! BartekR -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
Hello ! I would like to refresh this topic beacuse I have discovered something new. This problem relates only to machines with WINDOWS XP with automatic system update enabled. Win XP sp2 (fresh install) with disabled updates does not dissapear! So should i try to uninstall some of updates ?Is there any way to find the one responsible for this problem? Thanks ! BartekR -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 windows 7 roaming profile not saved
On Fri, Dec 30, 2011 at 11:22 AM, steve st...@steve-ss.com wrote: Hi Version 4.0.0alpha18-GIT-bfc7481 In smb.conf I have: [profiles] path = /usr/local/samba/var/profiles read only = no The profiles are set to \\DOMAIN\profiles\%USERNAME% using dsa.msc When a user first logs on, there is a message: 'You cannot access your files and files created in this profile will be deleted when you log off. To fix this, log off and try logging on later.' I seem to recall the samba howto giving an example root prexec command to have the folders created automatically. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 windows 7 roaming profile not saved
The permissions on /usr/local/samba/var/profiles are: drwxr-xr-x 6 root root 4096 Dec 30 16:31 profiles Any ideas anyone? I have the profiles folder set to 1777 (drwxrwxrwt) bernd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba + Heimdal + windows
The only way to have Windows clients use Samba in the way that you want is to use Samba4, as an AD DC. With Samba 3.x, Windows clients will not use kerberos. We have a migration script from Samba3, but not from Heimdal (but due to recent requests, I'm going to see what I can do about that). If you have sambaNTPassword fields in your OpenLDAP server, then these can be migrated to AD, and will provide the arcfour-hmac-md5 Kerberos key (which is the most important one anyway, as it is the most used). The Samba3 migration command is 'samba-tool domain samba3upgrade'. I hope this helps, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Thanks for your reply. Does it mean i need to use samba4 and have to use inbuilt kerberos and ldap server because this link says ldap backend is not supported. http://wiki.samba.org/index.php/Samba4/LDAP_Backend#.28De.29motivation If yes how would i migrate all the user from openldap to samba4? Thanks Brijesh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba + Heimdal + windows
On Mon, 2011-11-21 at 11:25 +1300, brijesh patel wrote: Does it mean i need to use samba4 and have to use inbuilt kerberos and ldap server because this link says ldap backend is not supported. Correct. http://wiki.samba.org/index.php/Samba4/LDAP_Backend#.28De.29motivation If yes how would i migrate all the user from openldap to samba4? The 'samba-tool domain samba3upgrade' will migrate machine accounts, users, and groups. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba + Heimdal + windows
On Mon, 2011-11-14 at 16:53 +1300, brijesh patel wrote: Hi, I am sure someone may have already asked this question but i can't find any useful documentation about this. I would like to use our existing kerberos (openldap) setup to authenticate users against windows machines. So far i have managed to authenticate users against ldap password with samba but i don't have any success if i use kerberos with samba. Here is my kerberos related part of smb.conf file [global] workgroup = TEST netbios name = pdc security = user enable privileges = yes interfaces = 10.0.0.1 server string = Samba Server %v encrypt passwords = Yes realm = REALM client use spnego = yes I have created a key for samba server called cifs/test.com. FYI i haven't done any configuration on windows client( do i need to do anything on those machines?) Any help would be appreciated. The only way to have Windows clients use Samba in the way that you want is to use Samba4, as an AD DC. With Samba 3.x, Windows clients will not use kerberos. We have a migration script from Samba3, but not from Heimdal (but due to recent requests, I'm going to see what I can do about that). If you have sambaNTPassword fields in your OpenLDAP server, then these can be migrated to AD, and will provide the arcfour-hmac-md5 Kerberos key (which is the most important one anyway, as it is the most used). The Samba3 migration command is 'samba-tool domain samba3upgrade'. I hope this helps, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba (CentOS) + Windows 7 Ultimate 64 = no login
I've given up on my CentOS server as I did get a Samba setup working, but in doing so broke my apache setup. I need to take a more detailed look at what would be my optimum staging setup which offers me the best versioning process for my code. Thanks for your help everyone! Regards, Paul Gardner,Webbed IT Logo Webbed IT. On 07/09/2011 19:21, Dale Schroeder wrote: On 09/06/2011 2:09 PM, phpMagpie wrote: Update: I tried the following tutorial http://www.samba.org/samba/docs/man/Samba-Guide/simple.html#id2550946 *I changed my smb.conf to:* [global] workgroup = WEBBEDIT security = SHARE [HTML] path = /var/www/html read only = No guest ok = Yes Shortened version of what I use with 3.5.11 on Debian: [global] workgroup = WEBBEDIT security = User map to guest = Bad User unix passwd sync = Yes [html] path = /var/www/html read only = No valid users = your_login admin users = your_login Ensure that your Win7, linux, and samba username and password combinations are identical. If this config works, you can fine tune with other parameters as needed. Dale The first validation step is to run 'smbclient -L localhost -U%'. *It should have returned something like:* Sharename Type Comment - --- Plans Disk IPC$ IPC IPC Service (Samba 3.0.20) ADMIN$ IPC IPC Service (Samba 3.0.20) ServerComment - --- webbedit.lan Samba 3.0.20 Workgroup Master - WEBBEDIT SERVER *Mine returned this:* Domain=[WEBBEDIT] OS=[Unix] Server=[Samba 3.5.4-68.el6_0.2] Sharename Type Comment - --- HTML Disk IPC$IPC IPC Service (Samba 3.5.4-68.el6_0.2) Domain=[WEBBEDIT] OS=[Unix] Server=[Samba 3.5.4-68.el6_0.2] Server Comment ---- WorkgroupMaster ---- Now the tutorial is on an earlier version so some changes may be required, but it's clear to see from my output that a domain is being set rather than a Workgroup. Any ideas? Paul. -- View this message in context: http://samba.2283325.n4.nabble.com/Samba-CentOS-Windows-7-Ultimate-64-no-login-tp3793880p3794292.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba (CentOS) + Windows 7 Ultimate 64 = no login
From: phpMagpie phpmag...@webbedit.co.uk Date: Tue, 6 Sep 2011 12:09:26 -0700 (PDT) The first validation step is to run 'smbclient -L localhost -U%'. *It should have returned something like:* Sharename Type Comment - --- Plans Disk IPC$ IPC IPC Service (Samba 3.0.20) ADMIN$ IPC IPC Service (Samba 3.0.20) (snip) *Mine returned this:* Domain=[WEBBEDIT] OS=[Unix] Server=[Samba 3.5.4-68.el6_0.2] Sharename Type Comment - --- HTML Disk IPC$IPC IPC Service (Samba 3.5.4-68.el6_0.2) (snip) Now the tutorial is on an earlier version so some changes may be required, but it's clear to see from my output that a domain is being set rather than a Workgroup. Any ideas? In short, Domain printed here is same as Workgroup. domain and workgroup sometimes have same meaning in Windows network architecture for example network browsing function. If you know the detail, please search :-) --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba (CentOS) + Windows 7 Ultimate 64 = no login
On 09/06/2011 2:09 PM, phpMagpie wrote: Update: I tried the following tutorial http://www.samba.org/samba/docs/man/Samba-Guide/simple.html#id2550946 *I changed my smb.conf to:* [global] workgroup = WEBBEDIT security = SHARE [HTML] path = /var/www/html read only = No guest ok = Yes Shortened version of what I use with 3.5.11 on Debian: [global] workgroup = WEBBEDIT security = User map to guest = Bad User unix passwd sync = Yes [html] path = /var/www/html read only = No valid users = your_login admin users = your_login Ensure that your Win7, linux, and samba username and password combinations are identical. If this config works, you can fine tune with other parameters as needed. Dale The first validation step is to run 'smbclient -L localhost -U%'. *It should have returned something like:* Sharename Type Comment - --- Plans Disk IPC$ IPC IPC Service (Samba 3.0.20) ADMIN$ IPC IPC Service (Samba 3.0.20) ServerComment - --- webbedit.lan Samba 3.0.20 Workgroup Master - WEBBEDIT SERVER *Mine returned this:* Domain=[WEBBEDIT] OS=[Unix] Server=[Samba 3.5.4-68.el6_0.2] Sharename Type Comment - --- HTML Disk IPC$IPC IPC Service (Samba 3.5.4-68.el6_0.2) Domain=[WEBBEDIT] OS=[Unix] Server=[Samba 3.5.4-68.el6_0.2] Server Comment ---- WorkgroupMaster ---- Now the tutorial is on an earlier version so some changes may be required, but it's clear to see from my output that a domain is being set rather than a Workgroup. Any ideas? Paul. -- View this message in context: http://samba.2283325.n4.nabble.com/Samba-CentOS-Windows-7-Ultimate-64-no-login-tp3793880p3794292.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba (CentOS) + Windows 7 Ultimate 64 = no login
From: phpMagpie phpmag...@webbedit.co.uk Date: Tue, 6 Sep 2011 09:25:28 -0700 (PDT) (snip) Here is my /etc/samba/smb.conf: [global] workgroup = WEBBEDIT netbios name = smbserver security = SHARE load printers = No default service = global path = /home available = No encrypt passwords = yes [html] writeable = yes admin users = smbuser path = /var/www/html force user = root valid users = smbuser public = yes available = yes How do you want to configure? Your smb.conf is something inconsistent. If you want to access the share without password, try: [global] workgroup = WEBBEDIT netbios name = smbserver security = SHARE [html] writeable = yes public = yes path = /var/www/html Anyway, security = share will be obsolated, and is not recommended. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba (CentOS) + Windows 7 Ultimate 64 = no login
I am happy to do away with my configuration and use something more conventional. Can you point me in the direction of a good tutorial? All I want is to have full access to /var/www/html on my CentOS box from my Windows 7 machine. I am just as happy to do away with the password requirement as this is only ro be used on my small internal network. Thanks again, Paul. -- View this message in context: http://samba.2283325.n4.nabble.com/Samba-CentOS-Windows-7-Ultimate-64-no-login-tp3793880p3794189.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba (CentOS) + Windows 7 Ultimate 64 = no login
Update: I tried the following tutorial http://www.samba.org/samba/docs/man/Samba-Guide/simple.html#id2550946 *I changed my smb.conf to:* [global] workgroup = WEBBEDIT security = SHARE [HTML] path = /var/www/html read only = No guest ok = Yes The first validation step is to run 'smbclient -L localhost -U%'. *It should have returned something like:* Sharename Type Comment - --- Plans Disk IPC$ IPC IPC Service (Samba 3.0.20) ADMIN$ IPC IPC Service (Samba 3.0.20) ServerComment - --- webbedit.lan Samba 3.0.20 Workgroup Master - WEBBEDIT SERVER *Mine returned this:* Domain=[WEBBEDIT] OS=[Unix] Server=[Samba 3.5.4-68.el6_0.2] Sharename Type Comment - --- HTML Disk IPC$IPC IPC Service (Samba 3.5.4-68.el6_0.2) Domain=[WEBBEDIT] OS=[Unix] Server=[Samba 3.5.4-68.el6_0.2] Server Comment ---- WorkgroupMaster ---- Now the tutorial is on an earlier version so some changes may be required, but it's clear to see from my output that a domain is being set rather than a Workgroup. Any ideas? Paul. -- View this message in context: http://samba.2283325.n4.nabble.com/Samba-CentOS-Windows-7-Ultimate-64-no-login-tp3793880p3794292.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4, Windows 7, Roaming profiles and Folder redirection
Just wanted to say thanks for the help! I've now got it working. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4, Windows 7, Roaming profiles and Folder redirection
John H Terpstra wrote: On 07/21/2011 10:07 AM, Tanuki uk wrote: Hello, I'm quite new to Samba administration and I've inherited a working samba setup with roaming profiles however the login and logout times for users has been growing and I'm starting to think it's time do something about it. I'm thinking redirect some folders to a samba share on the network will speed up the login and logout times. The increasing logon and logoff times are most frequently caused by people storing files on their desktops (a VERY bad practice in corporate environments) - the entire desktop is written to the server when the user logs off from a machine. This is particularly problematic when people log onto multiple machines at the same time. Additionally, the files that are stored under My Documents are also copied from the profile server to the workstation at logon and are written back to the profile server at logoff. PS: I came across one site where users had up to 120GB files in their My Documents and up to 20GB on their desktop. Needless to say, they could not afford the long logon and logoff times. :-) --- Yeppers In my Win7 setup, I have my domain user sharing some files with the local user (which was setup first), so: domainuser in their 'homedir: (along with registry, and 'appdata/roaming') is: lrwxrwxrwx 1 18 2011-02-14 17:40 Contacts - Documents/Contacts/ lrwxrwxrwx 1 17 2010-01-26 03:55 Desktop - Documents/Desktop/ lrwxrwxrwx 1 16 2010-07-08 13:59 Documents - ../law/Documents/ lrwxrwxrwx 1 19 2011-02-14 17:37 Downloads - Documents/Downloads/ lrwxrwxrwx 1 19 2011-06-27 16:19 Favorites - Documents/Favorites/ lrwxrwxrwx 1 15 2011-06-27 16:36 Links - Documents/Links/ lrwxrwxrwx 1 15 2011-07-12 04:25 Music - Documents/Music/ lrwxrwxrwx 1 18 2010-07-08 13:59 Pictures - Documents/Pictures/ The ../law (local user) has: %lrwxrwxrwx 2011-02-14 17:40 Contacts - Documents/Contacts/ %lrwxrwxrwx 2010-02-08 14:41 Cookies - Appdata/Roaming/Microsoft/Windows/Cookies/ lrwxrwxrwx 2010-04-01 22:25 Desktop - Documents/Desktop/ lrwxrwxrwx 2010-04-06 00:13 Documents - //Bliss/home/law/Documents/ lrwxrwxrwx 2011-02-14 17:37 Downloads - Documents/Downloads/ lrwxrwxrwx 2011-06-27 16:19 Favorites - Documents/Favorites/ %lrwxrwxrwx 2011-07-12 04:26 Links - Documents/Links/ lrwxrwxrwx 2011-07-12 04:27 Music - Documents/Music/ lrwxrwxrwx 2010-04-06 00:15 Pictures - Documents/Pictures/ %lrwxrwxrwx 2010-02-08 14:44 Recent - AppData/Roaming/Microsoft/Windows/Recent/ %lrwxrwxrwx 2010-02-08 14:45 SendTo - AppData/Roaming/Microsoft/Windows/SendTo/ %lrwxrwxrwx 2010-02-08 14:45 Start Menu - AppData/Roaming/Microsoft/Windows/Start Menu/ Note: the % entries were attempts to provide compat with XP, client, BUT, the XP client doesn't understand 'mklink' style symlinks... (I think the kernel doesn't understand them, so even if you created them, they wouldn't work). instead, you have ntfs hardlinks, and 'junctions', which are more limited but can be made to work -- like my 'Documents directory, is a separate Share I can mount it by //Bliss/Documents, and it will mount the user-specific share, for their doc dir, (same dir as //Bliss/home/law/Documents in above). I then can mount it at a rootdir -- something junctions seemed to have some requirement for)... Since things work 'flakey' (links are sometimes turned into files, so windows will try to access things via other means), I setup cross-user links for dirs I wanted shared -- don't share the appdirs! (it isn't that you can't, or that it won't work, but it isn't reliable, and you have to keep the apps on the different clients in sync if you don't or you have a workstation that doesn't read a profile in on login for some reason (I've had it happen more than once), but it *DOES* write the full profile out on logout), and if that workstation was recently reformatted and doesn't have all the same settings as the more current workstations, your 'unconfig'ed settings 'overwrite' your newer settings .. then when they login on the new workstations...they get settings that don't make sense or are months old or in a default config. Backups and keeping a recent lsm snapshot going in the background can allow quick recovery, it can still be a royal pain and certainly a nightmare on a larger site. The things that work well -- keeping my Desktop inside Documents, and keeping Documents on the network share -- that way it's never updated via the roaming profile. Still have some 'wayward', ill behaved apps (Adobe apps in particular, but also some personal backup SW, -- Thunderbird 3.x or above ... that download huge amounts of data into the user's local-roaming profile. (Adobe 2-3G, Backup SW .. varies, Tbird -- will download an entire network-share of email (IMAP) -- designed so network users could share 1 mail depot, into their appdir -- by default. Supposedly easy to turn off, but have had it
Re: [Samba] Samba 3.4, Windows 7, Roaming profiles and Folder redirection
Hi John, Happy to help. Here's the Microsoft Knowledgebase reference for User Shell Folders: http://support.microsoft.com/kb/931087 Marc On Jul 21, 2011, at 5:40 PM, John H Terpstra wrote: Marc, Thank you for posting this information. It would help significantly if you could also provide Microsoft Knowledgebase references for the registry changes. Cheers, John T. On 07/21/2011 06:22 PM, Marc Cain wrote: Here are the key steps that need to be applied for Windows 7 and WinXp folder redirection in Samba 3.x environments. Feel free to email me off list if you need any more detail: -- For Windows 7 be sure to create a proper default user profile on the workstation using sysprep. It's crucial to the initial profile creation. The first time a user logs onto the domain have a logon script (vbscript works great for this) do the following: -- Copy the applicable folder(s) from the users local profile to locations on the server that are outside the user's remote profile path; for instance to a folder in their home directory. -- Alter the paths in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders to point to these new locations. The most critical folders, and maybe the only ones you really need to redirect, are Application Data(AppData) and Desktop, though you can redirect anything that's list in User Shell Folders including Downloads. -- Make sure the workstation's local GroupPolicy is set to not roam the folders you've redirected. Windows will continue to copy them up and down from the server's profile folder if you don't set this: User Configuration\Administrative Templates\System\User Profiles \Exclude directories in roaming profile - You will want to look at a couple of other settings in the Local GroupPolicy and tweak to your preferences Computer Configuration\Administrative Templates\System\User Profiles User Configuration\Administrative Templates\System\User Profiles Here's the path structure we use: Profile: \\sambaserver\profiles\username\WinXP \\sambaserver\profiles\username\WinXP.V2 Redirected: \\sambaserver\homes\username\redirectedfolders\Desktop \\sambaserver\homes\username\redirectedfolders\Favorites \\sambaserver\homes\username\redirectedfolders\WinXP\AppData \\sambaserver\homes\username\redirectedfolders\WinXP.V2\AppData The first logon can be long depending on network performance and the number of installed apps, up to a couple of minutes due to the copying of data from local to remote drives. Subsequent logons should only take 5 to 10 seconds (again depending on network performance) since the system is only copying a few megabytes worth of data to and from the profile folder. There are a couple of critical timeout issues that may need to be addressed if you experience long Welcome screens after the initial logon: When the following local GPO is left in its default setting Samba domain logons are delayed for 30 seconds: Computer Configuration\Administrative Templates\System\User Profiles\Set maximum wait time for the network if the user has a roaming user profile or remote home directory. Enable this and set the value to 0 to work around this timeout. A 30 second timeout can occur if you set the local GPO to Run logon scripts synchronously. The fix was to apply an old Vista reg setting. Can be Googled as Vista Run logon scripts synchronously. . Marc On Jul 21, 2011, at 8:07 AM, Tanuki uk wrote: Hello, I'm quite new to Samba administration and I've inherited a working samba setup with roaming profiles however the login and logout times for users has been growing and I'm starting to think it's time do something about it. I'm thinking redirect some folders to a samba share on the network will speed up the login and logout times. Our setup has 25 Windows 7 workstations and about 10 laptop users(also on windows 7) all connecting to one Samba server. The laptops are often not on the main office network so i was planning to use offline file sync for the network drive i would be redirecing to, is this a bad idea for some reason? I've had a look around at various documentation and details seem quite scarce. However all the documentation I've found is targeted at Windows XP or suggests using domain wide Group Policy Objects (GPO's). My understanding is that GPO's can only be used if you have a Windows AD server or Samba 4 however I don't have a Windows server and Samba 4 is abit too bleeding edge for a production deployment(?). If anyone can point me to some good documentation it would be really useful, I would love to see an updated The Official Samba HOWTO and Reference Guide or similar. Thought's comments or insights are also more then welcome. Thanks, Tanuki -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4, Windows 7, Roaming profiles and Folder redirection
On 21.07.2011, at 17:07, Tanuki uk wrote: Hello, I'm quite new to Samba administration and I've inherited a working samba setup with roaming profiles however the login and logout times for users has been growing and I'm starting to think it's time do something about it. I'd be curious what you are going to do. I personally inherited a similar situation a year ago, where the roaming profiles were supposed to allow the users to work from different locations in a 50 people company spread around two buildings on three floors. As far as I understand the roaming profiles, one has to log out in order to log in. This was the first problem - people used to log into one PC, then into another, and then wonder where their desktop items have gone (last logout overwrites the previous). Could be something has been set wrong, I did not investigate. Also they had these huge long loading and unloading times. Also, they do not have everywhere the same software (some licenses are expensive). So I stopped using roaming profiles and introduced Remote desktop. Now people, who happen to be somewhere in the company and need to access their PC, just open Remote desktop, remember the last three digits of their IP address (192.168.1.*) and they are on their PC, all apps open as they have left them, etc. But of course, this is one scenario, which might not be good in all cases. Our users work 80% of their time on their PC and then it happens they need to work for a couple of hours on another PC, which happens to be free at this moment. Just thought it might help to share it with you. Geert. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4, Windows 7, Roaming profiles and Folder redirection
Here are the key steps that need to be applied for Windows 7 and WinXp folder redirection in Samba 3.x environments. Feel free to email me off list if you need any more detail: -- For Windows 7 be sure to create a proper default user profile on the workstation using sysprep. It's crucial to the initial profile creation. The first time a user logs onto the domain have a logon script (vbscript works great for this) do the following: -- Copy the applicable folder(s) from the users local profile to locations on the server that are outside the user's remote profile path; for instance to a folder in their home directory. -- Alter the paths in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders to point to these new locations. The most critical folders, and maybe the only ones you really need to redirect, are Application Data(AppData) and Desktop, though you can redirect anything that's list in User Shell Folders including Downloads. -- Make sure the workstation's local GroupPolicy is set to not roam the folders you've redirected. Windows will continue to copy them up and down from the server's profile folder if you don't set this: User Configuration\Administrative Templates\System\User Profiles \Exclude directories in roaming profile - You will want to look at a couple of other settings in the Local GroupPolicy and tweak to your preferences Computer Configuration\Administrative Templates\System\User Profiles User Configuration\Administrative Templates\System\User Profiles Here's the path structure we use: Profile: \\sambaserver\profiles\username\WinXP \\sambaserver\profiles\username\WinXP.V2 Redirected: \\sambaserver\homes\username\redirectedfolders\Desktop \\sambaserver\homes\username\redirectedfolders\Favorites \\sambaserver\homes\username\redirectedfolders\WinXP\AppData \\sambaserver\homes\username\redirectedfolders\WinXP.V2\AppData The first logon can be long depending on network performance and the number of installed apps, up to a couple of minutes due to the copying of data from local to remote drives. Subsequent logons should only take 5 to 10 seconds (again depending on network performance) since the system is only copying a few megabytes worth of data to and from the profile folder. There are a couple of critical timeout issues that may need to be addressed if you experience long Welcome screens after the initial logon: When the following local GPO is left in its default setting Samba domain logons are delayed for 30 seconds: Computer Configuration\Administrative Templates\System\User Profiles\Set maximum wait time for the network if the user has a roaming user profile or remote home directory. Enable this and set the value to 0 to work around this timeout. A 30 second timeout can occur if you set the local GPO to Run logon scripts synchronously. The fix was to apply an old Vista reg setting. Can be Googled as Vista Run logon scripts synchronously. . Marc On Jul 21, 2011, at 8:07 AM, Tanuki uk wrote: Hello, I'm quite new to Samba administration and I've inherited a working samba setup with roaming profiles however the login and logout times for users has been growing and I'm starting to think it's time do something about it. I'm thinking redirect some folders to a samba share on the network will speed up the login and logout times. Our setup has 25 Windows 7 workstations and about 10 laptop users(also on windows 7) all connecting to one Samba server. The laptops are often not on the main office network so i was planning to use offline file sync for the network drive i would be redirecing to, is this a bad idea for some reason? I've had a look around at various documentation and details seem quite scarce. However all the documentation I've found is targeted at Windows XP or suggests using domain wide Group Policy Objects (GPO's). My understanding is that GPO's can only be used if you have a Windows AD server or Samba 4 however I don't have a Windows server and Samba 4 is abit too bleeding edge for a production deployment(?). If anyone can point me to some good documentation it would be really useful, I would love to see an updated The Official Samba HOWTO and Reference Guide or similar. Thought's comments or insights are also more then welcome. Thanks, Tanuki -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4, Windows 7, Roaming profiles and Folder redirection
On 07/21/2011 10:07 AM, Tanuki uk wrote: Hello, I'm quite new to Samba administration and I've inherited a working samba setup with roaming profiles however the login and logout times for users has been growing and I'm starting to think it's time do something about it. I'm thinking redirect some folders to a samba share on the network will speed up the login and logout times. The increasing logon and logoff times are most frequently caused by people storing files on their desktops (a VERY bad practice in corporate environments) - the entire desktop is written to the server when the user logs off from a machine. This is particularly problematic when people log onto multiple machines at the same time. Additionally, the files that are stored under My Documents are also copied from the profile server to the workstation at logon and are written back to the profile server at logoff. PS: I came across one site where users had up to 120GB files in their My Documents and up to 20GB on their desktop. Needless to say, they could not afford the long logon and logoff times. :-) Our setup has 25 Windows 7 workstations and about 10 laptop users(also on windows 7) all connecting to one Samba server. The laptops are often not on the main office network so i was planning to use offline file sync for the network drive i would be redirecing to, is this a bad idea for some reason? Should work OK so long as you can educate your users NOT to use the desktop and traditional My Documents to store large volumes of files. Both the Desktop and My Documents folders can be redirected to a network share in the users' home directory - that will help resolve some of the problems. Make sure that you disable the copying of these folders as part of the profile. Refer to the Microsoft knowledge-base for info on how to do that. I've had a look around at various documentation and details seem quite scarce. However all the documentation I've found is targeted at Windows XP or suggests using domain wide Group Policy Objects (GPO's). My understanding is that GPO's can only be used if you have a Windows AD server or Samba 4 however I don't have a Windows server and Samba 4 is abit too bleeding edge for a production deployment(?). If anyone can point me to some good documentation it would be really useful, I would love to see an updated The Official Samba HOWTO and Reference Guide or similar. Thought's comments or insights are also more then welcome. I have no intention to update the Official Samba HOWTO and Reference Guide - it was enough work the first time and when I wrote the update for Samba 3.0.20. If you wish to do that please be my guest! Please check out the Samba3 by Example book I wrote - it has some now-aging info that can still be useful on setting up folder redirection. Additionally, it might be worth your while to check the Samba Wiki for updated info that users have contributed. Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4, Windows 7, Roaming profiles and Folder redirection
On 07/21/2011 11:31 AM, Geert Mak wrote: On 21.07.2011, at 17:07, Tanuki uk wrote: Hello, I'm quite new to Samba administration and I've inherited a working samba setup with roaming profiles however the login and logout times for users has been growing and I'm starting to think it's time do something about it. I'd be curious what you are going to do. I personally inherited a similar situation a year ago, where the roaming profiles were supposed to allow the users to work from different locations in a 50 people company spread around two buildings on three floors. As far as I understand the roaming profiles, one has to log out in order to log in. This was the first problem - people used to log into one PC, then into another, and then wonder where their desktop items have gone (last logout overwrites the previous). Could be something has been set wrong, I did not investigate. You are somewhat correct. The profile gets read by each machine that logs onto the network. Conversely, when a users logs off a machine its profile is written back to the profile server. Also they had these huge long loading and unloading times. A profile includes the files on the desktop and in the My Documents folder. Obviously, as this volume of data grows the logon and logoff times will increase. Also, they do not have everywhere the same software (some licenses are expensive). So I stopped using roaming profiles and introduced Remote desktop. Now people, who happen to be somewhere in the company and need to access their PC, just open Remote desktop, remember the last three digits of their IP address (192.168.1.*) and they are on their PC, all apps open as they have left them, etc. Nice solution! - John T. But of course, this is one scenario, which might not be good in all cases. Our users work 80% of their time on their PC and then it happens they need to work for a couple of hours on another PC, which happens to be free at this moment. Just thought it might help to share it with you. Geert. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4, Windows 7, Roaming profiles and Folder redirection
Marc, Thank you for posting this information. It would help significantly if you could also provide Microsoft Knowledgebase references for the registry changes. Cheers, John T. On 07/21/2011 06:22 PM, Marc Cain wrote: Here are the key steps that need to be applied for Windows 7 and WinXp folder redirection in Samba 3.x environments. Feel free to email me off list if you need any more detail: -- For Windows 7 be sure to create a proper default user profile on the workstation using sysprep. It's crucial to the initial profile creation. The first time a user logs onto the domain have a logon script (vbscript works great for this) do the following: -- Copy the applicable folder(s) from the users local profile to locations on the server that are outside the user's remote profile path; for instance to a folder in their home directory. -- Alter the paths in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders to point to these new locations. The most critical folders, and maybe the only ones you really need to redirect, are Application Data(AppData) and Desktop, though you can redirect anything that's list in User Shell Folders including Downloads. -- Make sure the workstation's local GroupPolicy is set to not roam the folders you've redirected. Windows will continue to copy them up and down from the server's profile folder if you don't set this: User Configuration\Administrative Templates\System\User Profiles \Exclude directories in roaming profile - You will want to look at a couple of other settings in the Local GroupPolicy and tweak to your preferences Computer Configuration\Administrative Templates\System\User Profiles User Configuration\Administrative Templates\System\User Profiles Here's the path structure we use: Profile: \\sambaserver\profiles\username\WinXP \\sambaserver\profiles\username\WinXP.V2 Redirected: \\sambaserver\homes\username\redirectedfolders\Desktop \\sambaserver\homes\username\redirectedfolders\Favorites \\sambaserver\homes\username\redirectedfolders\WinXP\AppData \\sambaserver\homes\username\redirectedfolders\WinXP.V2\AppData The first logon can be long depending on network performance and the number of installed apps, up to a couple of minutes due to the copying of data from local to remote drives. Subsequent logons should only take 5 to 10 seconds (again depending on network performance) since the system is only copying a few megabytes worth of data to and from the profile folder. There are a couple of critical timeout issues that may need to be addressed if you experience long Welcome screens after the initial logon: When the following local GPO is left in its default setting Samba domain logons are delayed for 30 seconds: Computer Configuration\Administrative Templates\System\User Profiles\Set maximum wait time for the network if the user has a roaming user profile or remote home directory. Enable this and set the value to 0 to work around this timeout. A 30 second timeout can occur if you set the local GPO to Run logon scripts synchronously. The fix was to apply an old Vista reg setting. Can be Googled as Vista Run logon scripts synchronously. . Marc On Jul 21, 2011, at 8:07 AM, Tanuki uk wrote: Hello, I'm quite new to Samba administration and I've inherited a working samba setup with roaming profiles however the login and logout times for users has been growing and I'm starting to think it's time do something about it. I'm thinking redirect some folders to a samba share on the network will speed up the login and logout times. Our setup has 25 Windows 7 workstations and about 10 laptop users(also on windows 7) all connecting to one Samba server. The laptops are often not on the main office network so i was planning to use offline file sync for the network drive i would be redirecing to, is this a bad idea for some reason? I've had a look around at various documentation and details seem quite scarce. However all the documentation I've found is targeted at Windows XP or suggests using domain wide Group Policy Objects (GPO's). My understanding is that GPO's can only be used if you have a Windows AD server or Samba 4 however I don't have a Windows server and Samba 4 is abit too bleeding edge for a production deployment(?). If anyone can point me to some good documentation it would be really useful, I would love to see an updated The Official Samba HOWTO and Reference Guide or similar. Thought's comments or insights are also more then welcome. Thanks, Tanuki -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
Hi! Since there is no clean solution for this I wrote simple perl script. Simplified algorithm: 1. Load /etc/hosts 2. Use arping to check every ip from /etc/hosts (belonging to local network) for presence. 3. If there is an arp response check this host by issuing smbclient. 4. If there is an smb response (even error response from server) workstation gets added. Results are visible two way: 1. There is an directory in /tmp (tmpfs) where script creates or remove windows style links (lnk) to machines. Then this directory is shared by smb so windows clients can map it as windows drive. 2. Script replaces original browse.dat . It creates and remove workstation definitions from this file. It is both : very simple and VERY unclean. Thanks for everyone trying to help Me ! Bartek R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
So it is impossible to solve this issue ? I don't have any other ideas except some kind of nasty workaround: Ill write perl script. It would periodically check every machine in /etc/ethers for presence and smb/nmb activity. Depending on that it will maintain directory with windows-style shortcuts pointing to active machines. I will share this directory throu samba and map them on workstations as drive L , L as list. Thanks BartekR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
On Wed, May 11, 2011 at 7:58 AM, BartekR bojle...@gmail.com wrote: So it is impossible to solve this issue ? Maybe :) Try running: = net config server /autodisconnect:-1 = on the XP workstations. Check the network device in device manager and make sure that power management isn't allowed to turn it off. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
W dniu 2011-05-11 15:41, Chris Smith pisze: On Wed, May 11, 2011 at 7:58 AM, BartekRbojle...@gmail.com wrote: So it is impossible to solve this issue ? Maybe :) Try running: = net config server /autodisconnect:-1 = on the XP workstations. No success. Check the network device in device manager and make sure that power management isn't allowed to turn it off. It was one of first things checked by my. I did not wrote about this because I found it obvious. Thanks. BartekR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
BartekR wrote: So it is Windows XP workstations to blame or maybe there is another thing that i should check ? The command nmblookup -MS -- - lists the status of all master browsers on your network. That will tell you if the problem is caused by your server losing its master status, or by something else. Moray. To err is human; to purr, feline. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
W dniu 08.05.2011 21:48, Chris Smith pisze: On Sun, May 8, 2011 at 1:59 PM, BartekRbojle...@gmail.com wrote: So it is Windows XP workstations to blame or maybe there is another thing that i should check ? I run several Samba installations with no such issues with XP. So unless your XP installs are tweaked in some weird fashion I wouldn't suspect off-hand that they are the problem. I find it strange that they are in the browse list for a while and then disappear. No, this machines run Windows XP provided by their manufacturer (Dell, HP, Lenovo and others). They have automatic updates turned on. In your scenario these are the changes I would make: 1) running Samba as a DC, even though you aren't using it for centralized authentication (I suspect, but have no proof, that it's more likely to remain the LMB/DMB). You'll need to also add domain logons = yes to the settings in the previous post. Done. 2) eliminating the added hosts and lmhosts entries since you state you have adequate DNS support and are running a WINS server as well (this will eliminate any possible conflicts in that area). name resolve order = wins host bcast As You wrote below. Am I correct ? 3) make sure that your DHCP server (you seem to have enough systems that manual configuration would be undesirable) provides the proper information for NetBIOS and WINS. And fix the name resolve order in smb.conf (you have a typo - hosts instead of host). For example: testparm does not report this as error. Are You sure ? dhcpd.conf: option netbios-name-servers 192.168.7.1; option netbios-node-type 2; option netbios-scope ; In smb.conf: name resolve order = wins host bcast Done. 4) double-check that all systems are registering themselves with the WINS server (peek at wins.dat). Is it normal that workstation gets registered more than one time ? Take a look: # cat /var/lib/samba/wins.dat VERSION 1 0 ROMEKH#00 1305251800 192.168.7.120 44R ENELPC#20 1304963990 192.168.7.1 66R JAREKK#00 1305219664 192.168.7.112 24R DAREKP#00 1305243373 192.168.7.111 64R BELPHEGOR#00 1305210919 192.168.7.1 192.168.111.1 212.106.129.190 66R BOZENAM#00 1305293717 192.168.7.102 24R HENRYKK#20 1305292133 192.168.7.101 24R JACEKS#20 1305217962 192.168.7.110 64R DRUK-KOLOR#00 1305217858 192.168.7.150 44R ENELPC#1b 1305210919 192.168.7.1 192.168.111.1 212.106.129.190 66R MIREKJ#20 1305290607 192.168.7.122 24R BARTEKR#20 1305251870 192.168.7.121 44R ENELPC#00 1305251870 0.0.0.0 c4R ENELPC#1c 1305210919 192.168.7.1 e4R ROMEKH#20 1305251800 192.168.7.120 44R HENRYKK#00 1305292134 192.168.7.101 24R JACEKS#00 1305290475 192.168.7.110 64R BELPHEGOR#03 1305210919 192.168.7.1 192.168.111.1 212.106.129.190 66R __MSBROWSE__#01 1305051023 0.0.0.0 c4R JAREKK#20 1305219664 192.168.7.112 24R BOZENAM#20 1305293717 192.168.7.102 24R MIREKJ#00 1305290608 192.168.7.122 24R DAREKP#20 1305243373 192.168.7.111 64R BELPHEGOR#20 1305210919 192.168.7.1 192.168.111.1 212.106.129.190 66R ENELPC#1e 1305251870 0.0.0.0 e6R BARTEKR#00 1305251870 192.168.7.121 44R ENELPC#03 1304963990 192.168.7.1 66R Thanks a lot Chris Bartek R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
# nmblookup -MS -- - INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 doing parameter show add printer wizard = no doing parameter workgroup = ENELPC doing parameter server string = Serwer doing parameter netbios name = belphegor handle_netbios_name: set global_myname to: BELPHEGOR doing parameter load printers = no doing parameter printcap name = /etc/printcap doing parameter printing = cups doing parameter Map to guest = Bad User doing parameter username map = /etc/samba/smbusers doing parameter guest account = nobody doing parameter log file = /var/log/samba/samba.%m doing parameter max log size = 1 doing parameter local master = yes doing parameter domain logons = yes doing parameter wins support = yes doing parameter wins proxy = no doing parameter dns proxy = no doing parameter passdb backend = tdbsam doing parameter security = user doing parameter os level = 32 doing parameter domain master = yes doing parameter preferred master = yes pm_process() returned Yes lp_servicenumber: couldn't find homes set_server_role: role = ROLE_DOMAIN_PDC Substituting charset 'UTF-8' for LOCALE added interface eth0 ip=fe80::21e:c9ff:fe4b:112%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth0 ip=192.168.7.1 bcast=192.168.7.255 netmask=255.255.255.0 added interface lo ip=::1 bcast=::1 netmask=::::::: added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 bind succeeded on port 0 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 1 SO_BROADCAST = 1 Could not test socket option TCP_NODELAY. Could not test socket option TCP_KEEPCNT. Could not test socket option TCP_KEEPIDLE. Could not test socket option TCP_KEEPINTVL. IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 114688 SO_RCVBUF = 114688 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 Could not test socket option TCP_QUICKACK. Socket opened. lang_tdb_init: /usr/lib/samba/pl_PL.UTF-8.msg: Nie ma takiego pliku ani katalogu querying __MSBROWSE__ on 192.168.7.255 Sending a packet of len 50 to (192.168.7.255) on port 137 read_udp_v4_socket: ip 192.168.7.1 port 35072 read: 62 parse_nmb: packet id = 13392 Received a packet of len 62 from (192.168.7.1) port 137 nmb packet from 192.168.7.1(137) header: id=13392 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=__MSBROWSE__01 rr_type=32 rr_class=1 ttl=259200 answers 0 char .. hex E000C0A80701 Got a positive name query response from 192.168.7.1 ( 192.168.7.1 ) 192.168.7.1 __MSBROWSE__01 Looking up status of 192.168.7.1 Sending a packet of len 50 to (192.168.7.1) on port 137 read_udp_v4_socket: ip 192.168.7.1 port 35072 read: 265 parse_nmb: packet id = 19307 Received a packet of len 265 from (192.168.7.1) port 137 nmb packet from 192.168.7.1(137) header: id=19307 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=__MSBROWSE__01 rr_type=33 rr_class=1 ttl=0 answers 0 char .BELPHEGOR hex 0942454C504845474F52202020202020 answers 10 char .d.BELPHEGOR hex 00640042454C504845474F5220202020 answers 20 char .d.BELPHEGOR hex 202003640042454C504845474F522020 answers 30 char d...__MSBRO hex 2020202020640001025F5F4D5342524F answers 40 char WSE__ENELPChex 5753455F5F0201E400454E454C504320 answers 50 char .d.ENELP hex 20202020202020201D6400454E454C50 answers 60 char C .d.ENE hex 432020202020202020201B6400454E45 answers 70 char LPC ...E hex 4C50432020202020202020201CE40045 answers 80 char NELPC .. hex 4E454C50432020202020202020201EE4 answers 90 char .ENELPChex 00454E454C5043202020202020202020 answers a0 char hex 00E4 answers b0 char hex answers c0 char hex answers d0 char . hex 00 BELPHEGOR#00: flags = 0x64 BELPHEGOR#03: flags = 0x64 BELPHEGOR#20: flags = 0x64 __MSBROWSE__#01: flags = 0xe4 ENELPC#1d: flags = 0x64 ENELPC#1b: flags = 0x64 ENELPC#1c: flags = 0xe4 ENELPC#1e: flags = 0xe4 ENELPC#00: flags = 0xe4 BELPHEGOR00 - HACTIVE BELPHEGOR03 - HACTIVE
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
On Mon, May 9, 2011 at 10:41 AM, BartekR bojle...@gmail.com wrote: name resolve order = wins host bcast As You wrote below. Am I correct ? 3) make sure that your DHCP server (you seem to have enough systems that manual configuration would be undesirable) provides the proper information for NetBIOS and WINS. And fix the name resolve order in smb.conf (you have a typo - hosts instead of host). For example: testparm does not report this as error. Are You sure ? Yes, I'm sure but you don't have to take my word for it. Read the man page for smb.conf: http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html Basically testparm tests the parameters: the left hand side, and not the values: the right hand side. You'll find you can put all kinds of nonsense on the right hand side of most statements and get no errors (try it). Is it normal that workstation gets registered more than one time ? Yes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
Hallo, Chris, Du meintest am 08.05.11: information for NetBIOS and WINS. And fix the name resolve order in smb.conf (you have a typo - hosts instead of host). In smb.conf: name resolve order = wins host bcast host and hosts are allowed. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
Lastest log with log level = 3 (cat log.nmbd |grep BARTEKR -B1) [2011/05/09 20:23:30.422987, 3] nmbd/nmbd_namelistdb.c:250(add_name_to_subnet) add_name_to_subnet: Added netbios name BARTEKR20 with first IP 192.168.7.121 ttl=299211 nb_flags=44 to subnet WINS_SERVER_SUBNET -- [2011/05/09 20:23:30.423636, 3] nmbd/nmbd_namelistdb.c:250(add_name_to_subnet) add_name_to_subnet: Added netbios name BARTEKR00 with first IP 192.168.7.121 ttl=299211 nb_flags=44 to subnet WINS_SERVER_SUBNET -- [2011/05/09 20:24:11.164635, 3] nmbd/nmbd_incomingdgrams.c:116(process_host_announce) process_host_announce: from BARTEKR00 IP 192.168.7.121 to ENELPC1d for server BARTEKR. [2011/05/09 20:24:11.164742, 3] nmbd/nmbd_serverlistdb.c:156(create_server_on_workgroup) create_server_on_workgroup: Created server entry BARTEKR of type 40011003 (Laptop) on workgroup ENELPC. -- [2011/05/09 20:24:51.415816, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR20 IP 192.168.7.121 [2011/05/09 20:24:51.417316, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR00 IP 192.168.7.121 -- [2011/05/09 20:25:21.430720, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR20 IP 192.168.7.121 [2011/05/09 20:25:21.432032, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR00 IP 192.168.7.121 -- [2011/05/09 20:27:51.453606, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR20 IP 192.168.7.121 [2011/05/09 20:27:51.455130, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR00 IP 192.168.7.121 -- [2011/05/09 20:30:21.473853, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR20 IP 192.168.7.121 [2011/05/09 20:30:21.475211, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR00 IP 192.168.7.121 -- [2011/05/09 20:32:51.497253, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR20 IP 192.168.7.121 [2011/05/09 20:32:51.518887, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR00 IP 192.168.7.121 -- [2011/05/09 20:35:21.516859, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR20 IP 192.168.7.121 [2011/05/09 20:35:21.518229, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR00 IP 192.168.7.121 -- [2011/05/09 20:37:50.537670, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR20 IP 192.168.7.121 [2011/05/09 20:37:50.553865, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR00 IP 192.168.7.121 -- [2011/05/09 20:40:20.560281, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR20 IP 192.168.7.121 [2011/05/09 20:40:20.561679, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR00 IP 192.168.7.121 -- [2011/05/09 20:42:50.581834, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR20 IP 192.168.7.121 [2011/05/09 20:42:50.583208, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR00 IP 192.168.7.121 -- [2011/05/09 20:45:20.601792, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR20 IP 192.168.7.121 [2011/05/09 20:45:20.603141, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR00 IP 192.168.7.121 -- [2011/05/09 20:47:50.624163, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR20 IP 192.168.7.121 [2011/05/09 20:47:50.643811, 3] nmbd/nmbd_winsserver.c:859(wins_process_name_refresh_request) wins_process_name_refresh_request: Name refresh for name BARTEKR00 IP 192.168.7.121 -- [2011/05/09 20:50:20.644343, 3]
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
W dniu 07.05.2011 22:25, Chris Smith pisze: Try changing the above parameters. Eliminate, or comment out: === # socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 === Change the rest to either: or preferably this: === security = user os level = 32 domain master = yes preferred master = yes === Tested twice. No success. XP Workstation keeps disappearing as usual :/ You can still have guest shares with security = user, see: http://blog.realcomputerguy.com/2010/12/samba-and-guest-shares-with-security.html So security = share is some kind of outdated option ? I used it in past without any problems. The smb.conf man page states that preferred master is best used with domain master. It doesn't hurt to have a domain controller even you don't join any systems to it. Thanks for this information too. My manual for smb.conf is shorter from what i remember from past. I have no preciseful option descriptions. One more time: Thanks! Bartek R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
So it is Windows XP workstations to blame or maybe there is another thing that i should check ? Bartek R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
On Sun, May 8, 2011 at 1:59 PM, BartekR bojle...@gmail.com wrote: So it is Windows XP workstations to blame or maybe there is another thing that i should check ? I run several Samba installations with no such issues with XP. So unless your XP installs are tweaked in some weird fashion I wouldn't suspect off-hand that they are the problem. I find it strange that they are in the browse list for a while and then disappear. In your scenario these are the changes I would make: 1) running Samba as a DC, even though you aren't using it for centralized authentication (I suspect, but have no proof, that it's more likely to remain the LMB/DMB). You'll need to also add domain logons = yes to the settings in the previous post. 2) eliminating the added hosts and lmhosts entries since you state you have adequate DNS support and are running a WINS server as well (this will eliminate any possible conflicts in that area). 3) make sure that your DHCP server (you seem to have enough systems that manual configuration would be undesirable) provides the proper information for NetBIOS and WINS. And fix the name resolve order in smb.conf (you have a typo - hosts instead of host). For example: dhcpd.conf: option netbios-name-servers 192.168.7.1; option netbios-node-type 2; option netbios-scope ; In smb.conf: name resolve order = wins host bcast What netbios-node-type 2 does is set the systems to P-node, eliminating a lot of broadcast noise, but WINS must be operational. If P node doesn't work that tells you WINS isn't fully functional. Netbios-scope is basically unused today but I always unset it just to be sure. Eliminating the hosts and lmhosts entries mean that there is no need for lmhosts in the name resolve order. And with the order as I have it Samba will use WINS first (most desirable), DNS second, and then broadcasts (least desirable, and not very useful in P-node anyway). 4) double-check that all systems are registering themselves with the WINS server (peek at wins.dat). If the above doesn't ameliorate the problem it may at least assist in troubleshooting further. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
On Sat, May 7, 2011 at 3:38 PM, BartekR bojle...@gmail.com wrote: socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 security = share os level = 255 domain master = no preferred master = yes Try changing the above parameters. Eliminate, or comment out: === # socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 === Change the rest to either: === security = user os level = 32 domain master = no # preferred master = yes === or preferably this: === security = user os level = 32 domain master = yes preferred master = yes === You can still have guest shares with security = user, see: http://blog.realcomputerguy.com/2010/12/samba-and-guest-shares-with-security.html The smb.conf man page states that preferred master is best used with domain master. It doesn't hurt to have a domain controller even you don't join any systems to it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 / Windows error and system errors while mapping network drive on some PC's
Same here with samba 3.5.6 (debian lenny backported) We are scanning to folders from xerox printers. The share is a nfs mounted folder, i can read/write ok. I cant generate a level 10 debug atm, this is on my production server. so i cant reload/restart samba for the level 10. but here also... upgrade from Samba 3.2.4 to 3.5.6 upgrading seems to create the problem. Louis -Oorspronkelijk bericht- Van: dresche...@gmail.com [mailto:samba-boun...@lists.samba.org] Namens John Drescher Verzonden: 2011-04-15 18:55 Aan: Dodson, Eric (COT) CC: samba@lists.samba.org Onderwerp: Re: [Samba] Samba 3.5.8 / Windows error and system errors while mapping network drive on some PC's On Fri, Apr 15, 2011 at 12:36 PM, Dodson, Eric (COT) ericn.dod...@ky.gov wrote: Problem: We have a share defined using Samba 3.5.8 on AIX 6.1. Several people can map a Windows Network Drive to the share and it works fine. Several other people get Windows errors or system errors when trying to map a drive to the same share. Command line errors (from the net use command): System error 59 or System error 64 Windows Explorer error: The specified network name is no longer available. I can map the drive fine from my PC. I can go to another PC and try to map a drive to the same share using my same Samba ID and password as defined in Samba on AIX and I get the above errors. All of the PC's have matching XP Pro 2002 SP3 and anti-virus versions. I need help in determining the cause of the problem and the solution. The only pattern I have seen so far is that the older PC's work and the newer PC's (same brand) don't work. The newer PC's have a network cards from different vendors. I have upgraded a PC with errors to the newest network driver and still have the same errors. It seems to be a PC-specific problem. Maybe it's related to policy differences or installed Microsoft Update differences, etc. I have had our AIX admin upgrade from Samba 3.2.0 to 3.5.8 and we still have the same errors. I have had our AIX admin set the log level from 1 to 3 and add the %m option to the log file setting. I have captured a Samba log file on AIX from my working PC and compared it to a log from an erroring PC: 1. The log.computer_name file that works contains a Got user entry (below) showing my Samba ID, my actual domain name, and my computer name. The log.computer_name file from the computer getting Windows drive mapping errors does not have this type of entry: [ ] libsmb/ntlmssp.c:747(ntlmssp_server_auth) Got user=[MyUserName] domain=[MyDomainName] workstation=[MyComputerName] len1=24 len2=24 2. The log.computer_name file from the computer getting Windows drive mapping errors ends with two additional entries (below). The log.computer_name file that works does not end with these two entries (timestamps removed for comparison): [ ] smbd/connection.c:31(yield_connection) Yielding connection to [ ] smbd/server.c:902(exit_server_common) Server exit (failed to receive smb request) The smb.conf file from AIX 6.1 (actual IP's replaced): [global] unix charset = CP850 display charset = CP850 workgroup = INSP server string = InSp guest account = guest log level = 3 log file = /var/log.%m max log size = 3000 load printers = No domain master = Yes dns proxy = No wins server = IP1..., IP2..., IP3..., IP4... ldap ssl = no [MyShare] path = /MyShare read only = No create mask = 0775 I have done a lot of searching on the errors and only found suggestions to upgrade Samba and upgrade network drivers. This is my first post, so please let me know if additional information would help. Is the WINS server entered in the windows client? Is the nmbd daemon running? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 / Windows error and system errors while mapping network drive on some PC's
to establish a session with that server, unless it has client-side SMB signing enabled. By default, client-side SMB signing is enabled on workstations, servers, and domain controllers. Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers. If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled. Using SMB packet signing can impose up to a 15 percent performance hit on file service transactions. __ -Original Message- From: John Drescher [mailto:dresche...@gmail.com] Sent: Friday, April 15, 2011 12:55 PM To: Dodson, Eric (COT) Cc: samba@lists.samba.org Subject: Re: [Samba] Samba 3.5.8 / Windows error and system errors while mapping network drive on some PC's On Fri, Apr 15, 2011 at 12:36 PM, Dodson, Eric (COT) ericn.dod...@ky.gov wrote: Problem: We have a share defined using Samba 3.5.8 on AIX 6.1. Several people can map a Windows Network Drive to the share and it works fine. Several other people get Windows errors or system errors when trying to map a drive to the same share. Command line errors (from the net use command): System error 59 or System error 64 Windows Explorer error: The specified network name is no longer available. Is the WINS server entered in the windows client? Is the nmbd daemon running? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 / Windows error and system errors while mapping network drive on some PC's
On Fri, Apr 15, 2011 at 12:36:04PM -0400, Dodson, Eric (COT) wrote: Problem: We have a share defined using Samba 3.5.8 on AIX 6.1. Several people can map a Windows Network Drive to the share and it works fine. Several other people get Windows errors or system errors when trying to map a drive to the same share. Sorry, but the amount of information you are able to give us is not sufficient to diagnose the problem. What is needed is a network trace and full, unmodified debug level 10 logs of smbd. You should make a contract with someone from http://www.samba.org/samba/support/ including an NDA so that you can send the information there. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 / Windows error and system errors while mapping network drive on some PC's
On Fri, Apr 15, 2011 at 12:36 PM, Dodson, Eric (COT) ericn.dod...@ky.gov wrote: Problem: We have a share defined using Samba 3.5.8 on AIX 6.1. Several people can map a Windows Network Drive to the share and it works fine. Several other people get Windows errors or system errors when trying to map a drive to the same share. Command line errors (from the net use command): System error 59 or System error 64 Windows Explorer error: The specified network name is no longer available. I can map the drive fine from my PC. I can go to another PC and try to map a drive to the same share using my same Samba ID and password as defined in Samba on AIX and I get the above errors. All of the PC's have matching XP Pro 2002 SP3 and anti-virus versions. I need help in determining the cause of the problem and the solution. The only pattern I have seen so far is that the older PC's work and the newer PC's (same brand) don't work. The newer PC's have a network cards from different vendors. I have upgraded a PC with errors to the newest network driver and still have the same errors. It seems to be a PC-specific problem. Maybe it's related to policy differences or installed Microsoft Update differences, etc. I have had our AIX admin upgrade from Samba 3.2.0 to 3.5.8 and we still have the same errors. I have had our AIX admin set the log level from 1 to 3 and add the %m option to the log file setting. I have captured a Samba log file on AIX from my working PC and compared it to a log from an erroring PC: 1. The log.computer_name file that works contains a Got user entry (below) showing my Samba ID, my actual domain name, and my computer name. The log.computer_name file from the computer getting Windows drive mapping errors does not have this type of entry: [ ] libsmb/ntlmssp.c:747(ntlmssp_server_auth) Got user=[MyUserName] domain=[MyDomainName] workstation=[MyComputerName] len1=24 len2=24 2. The log.computer_name file from the computer getting Windows drive mapping errors ends with two additional entries (below). The log.computer_name file that works does not end with these two entries (timestamps removed for comparison): [ ] smbd/connection.c:31(yield_connection) Yielding connection to [ ] smbd/server.c:902(exit_server_common) Server exit (failed to receive smb request) The smb.conf file from AIX 6.1 (actual IP's replaced): [global] unix charset = CP850 display charset = CP850 workgroup = INSP server string = InSp guest account = guest log level = 3 log file = /var/log.%m max log size = 3000 load printers = No domain master = Yes dns proxy = No wins server = IP1..., IP2..., IP3..., IP4... ldap ssl = no [MyShare] path = /MyShare read only = No create mask = 0775 I have done a lot of searching on the errors and only found suggestions to upgrade Samba and upgrade network drivers. This is my first post, so please let me know if additional information would help. Is the WINS server entered in the windows client? Is the nmbd daemon running? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba, LDAP, Windows XP - force passwordchange on first login
Hello Götz, This settings should work ok: sambaPwdCanChange=1 sambaPwdLastSet=0 sambaPwdMustChange=0 Your sambaMaxPwdAge must point to some usefull, sambaMaxPwdAge: 5184000. To administrate this try http://ldapadmin.sourceforge.net/ Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Götz Reinicke - IT-Koordinator Gesendet: Dienstag, 1. Februar 2011 15:53 An: samba@lists.samba.org Betreff: [Samba] Samba, LDAP, Windows XP - force passwordchange on first login Hello, I was looking for the right ldap attribute and setting to force users to change there password when they log in for the first time. Can somewone point me to the syntax or doc I did not found yet? samba 3.5.4 and openldap-2.4.19 Thanks and regards, -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + Winbind + Windows 2003 AD
as req. I will resend part of first message: My Samba config: http://pastebin.com/ZqaA0Ypn After the join I'm able to lookup peoples with # wbinfo -u [...] XX hds XXX [...] # wbinfo -g [...] bg XX bg hds bg XXX [...] Now the problem, getent only returns the local users and not the users from the AD The funny thing is that if a user is local on the UNIX and in the AD, I can login with the password from both local and AD, so I know that it can lookup people and passwords # getent passwd hs ; echo $? 2 When I debug on getent it returns 2, witch means that it can't find the user. I know there can be a problem with this if the resolv-names is not working # ping addc.UNDERVISNING.LOCAL PING addc.birke-gym.dk (10.3.17.1) 56(84) bytes of data. 64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=1 ttl=128 time=0.211 ms 64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=2 ttl=128 time=0.207 ms # ping mail.UNDERVISNING.LOCAL PING mail.birke-gym.dk (127.0.1.1) 56(84) bytes of data. 64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=1 ttl=64 time=0.099 ms 64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=2 ttl=64 time=0.094 ms My krb5-conf: Med Venlig Hilsen / Best Regards Henrik Dige Semark Den 19-07-2010 01:49, Necos Secon skrev: I accidentally deleted the first set of messages in my email for this thread, but does your DNS resolve properly? What does your resolv.conf look like? Also, what do these files look like: krb5.conf smb.conf There's an option in smb.conf, winbind enum users, which needs to be set in order for getent to function properly. There is a corresponding option for groups as well. Look at them and let us know. Date: Mon, 19 Jul 2010 01:12:41 +0200 From:h...@semark.dk To:esiot...@gmail.com CC:samba@lists.samba.org Subject: Re: [Samba] Samba + Winbind + Windows 2003 AD Hi Micheal Sorry for not sending that information in the first place, but I though that it was so basic that it wasn't necessary. My nsswitch.conf: # cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat winbind group: compat winbind shadow: compat winbind hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files services: db files ethers: db files protocols: db files rpc:db files netgroup: nis I will mean that it is the way to do this (and it works just fine on the UNIX servers that run there own Domain Controller) Med Venlig Hilsen / Best Regards Henrik Dige Semark Den 18-07-2010 17:03, Michael Wood skrev: On 18 July 2010 01:34, Henrik Dige Semarkh...@semark.dk wrote: Hey out there. I have to join my UNIX server with an existing Win2k3 AD network. My system info: Debian Lenny Samba - 3.4.8 Winbind - 3.4.8 Windows Server 2003 with 2000-style-AD My problem is that, I have en UNIX server that have to run auth up against our existing windows 2003 AD. I have successfully joined my UNIX server to the AD, without problems. # net ads join -U Administrator Enter Administrator's password: Using short domain name -- TEST Joined 'MAIL' to realm 'TEST.LOCAL' My Samba config:http://pastebin.com/ZqaA0Ypn After the join I'm able to lookup peoples with # wbinfo -u [...] # wbinfo -g [...] Now the problem, getent only returns the local users and not the users from the AD The funny thing is that if a user is local on the UNIX and in the AD, I can login with the password from both local and AD, so I know that it can lookup people and passwords # getent passwd hs ; echo $? 2 When I debug on getent it returns 2, witch means that it can't find the user. Do you have winbind specified in your nsswitch.conf file as mentioned here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html#id2654732 _ The New Busy is not the old busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + Winbind + Windows 2003 AD
Hi, I found a working Winbind version which is 3.4.7 coming with SLES-11 SP1. I managed to configure Winbind with backend AD to authenticate and authorize users based on Winbind and SFU3.5. Thanks for this Opensoure product. Tobias Mit freundlichen Grüßen Tobias Mucke LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 Message sent from handheld via BlackBerry Server. Von: Mucke, Tobias, FCI4 An: 'samba@lists.samba.org' samba@lists.samba.org Gesendet: Mon Jul 19 18:09:24 2010 Betreff: AW: Re: [Samba] Samba + Winbind + Windows 2003 AD Hi Michael, which version of Samba do you have? Are you able to post your Samba configuration? Thank you. Tobias Mit freundlichen Grüßen Tobias Mucke LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 Message sent from handheld via BlackBerry Server. Von: Michael Lyon mjl...@gmail.com An: Mucke, Tobias, FCI4; samba@lists.samba.org samba@lists.samba.org Gesendet: Mon Jul 19 14:22:37 2010 Betreff: Re: [Samba] Samba + Winbind + Windows 2003 AD I'm in a 2k8 r2 domain with SFU and home shells managed through the ADUC console. I'm using Samba/WInbind and use samba shares as user home directories that are mounted at login-time on Windows 7 machines. This is a first attempt as we migrated to Windows 2k8r2 in order to have better support for Win7 clients, as we had too many issues with Samba as our PDC. Mike On Mon, Jul 19, 2010 at 3:08 AM, Mucke, Tobias, FCI4 tobias.mu...@mbda-systems.de wrote: Hi, I'am afraid this is a general issue with Winbind. I am experiencing the same problems and my logs look quite similar to Henrik's logs. I am using Samba 3.5.4 and tried to resolve this issue without luck. In fact I have a working lab environment with Winbind 3.5.4, AD based on Windows Server 2008 R2 with IDMU. I set idmap backend = ad and winbind nss info = rfc2307. Unfortunately I was not able to port this setup back to the actual production environment with Winbind 3.5.4 and AD based on Windows Server 2003 with SFU 3.5. Besides AD versions there is another large difference between the production and the lab. In production the domain structure is far more complex ... Actually I am deploying a lab more close to the actual production environment. Another important thing to me would be a configuration example of somebody out there using Winbind in an actual version 3.5.x with backend ad and SFU for Shell and Home Directories. Anybody? Thank you. Tobias LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Necos Secon Gesendet: Montag, 19. Juli 2010 01:50 An: samba@lists.samba.org Betreff: Re: [Samba] Samba + Winbind + Windows 2003 AD I accidentally deleted the first set of messages in my email for this thread, but does your DNS resolve properly? What does your resolv.conf look like? Also, what do these files look like: krb5.conf smb.conf There's an option in smb.conf, winbind enum users, which needs to be set in order for getent to function properly. There is a corresponding option for groups as well. Look at them and let us know. Date: Mon, 19 Jul 2010 01:12:41 +0200 From: h...@semark.dk To: esiot...@gmail.com CC: samba@lists.samba.org Subject: Re: [Samba] Samba + Winbind + Windows 2003 AD Hi Micheal Sorry for not sending
Re: [Samba] Samba + Winbind + Windows 2003 AD
Hi, I'am afraid this is a general issue with Winbind. I am experiencing the same problems and my logs look quite similar to Henrik's logs. I am using Samba 3.5.4 and tried to resolve this issue without luck. In fact I have a working lab environment with Winbind 3.5.4, AD based on Windows Server 2008 R2 with IDMU. I set idmap backend = ad and winbind nss info = rfc2307. Unfortunately I was not able to port this setup back to the actual production environment with Winbind 3.5.4 and AD based on Windows Server 2003 with SFU 3.5. Besides AD versions there is another large difference between the production and the lab. In production the domain structure is far more complex ... Actually I am deploying a lab more close to the actual production environment. Another important thing to me would be a configuration example of somebody out there using Winbind in an actual version 3.5.x with backend ad and SFU for Shell and Home Directories. Anybody? Thank you. Tobias LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Necos Secon Gesendet: Montag, 19. Juli 2010 01:50 An: samba@lists.samba.org Betreff: Re: [Samba] Samba + Winbind + Windows 2003 AD I accidentally deleted the first set of messages in my email for this thread, but does your DNS resolve properly? What does your resolv.conf look like? Also, what do these files look like: krb5.conf smb.conf There's an option in smb.conf, winbind enum users, which needs to be set in order for getent to function properly. There is a corresponding option for groups as well. Look at them and let us know. Date: Mon, 19 Jul 2010 01:12:41 +0200 From: h...@semark.dk To: esiot...@gmail.com CC: samba@lists.samba.org Subject: Re: [Samba] Samba + Winbind + Windows 2003 AD Hi Micheal Sorry for not sending that information in the first place, but I though that it was so basic that it wasn't necessary. My nsswitch.conf: # cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat winbind group: compat winbind shadow: compat winbind hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files services: db files ethers: db files protocols: db files rpc:db files netgroup: nis I will mean that it is the way to do this (and it works just fine on the UNIX servers that run there own Domain Controller) Med Venlig Hilsen / Best Regards Henrik Dige Semark Den 18-07-2010 17:03, Michael Wood skrev: On 18 July 2010 01:34, Henrik Dige Semarkh...@semark.dk wrote: Hey out there. I have to join my UNIX server with an existing Win2k3 AD network. My system info: Debian Lenny Samba - 3.4.8 Winbind - 3.4.8 Windows Server 2003 with 2000-style-AD My problem is that, I have en UNIX server that have to run auth up against our existing windows 2003 AD. I have successfully joined my UNIX server to the AD, without problems. # net ads join -U Administrator Enter Administrator's password: Using short domain name -- TEST Joined 'MAIL' to realm 'TEST.LOCAL' My Samba config: http://pastebin.com/ZqaA0Ypn After the join I'm able to lookup peoples with # wbinfo -u [...] # wbinfo -g [...] Now the problem, getent only returns the local users and not the users from the AD The funny thing is that if a user is local on the UNIX and in the AD, I can login with the password from both local and AD, so I know that it can lookup people and passwords # getent passwd hs ; echo $? 2 When I debug on getent it returns 2, witch means that it can't find the user. Do you have winbind specified in your nsswitch.conf file as mentioned here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.h tml#id2654732 _ The New Busy is not the old busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go
Re: [Samba] Samba + Winbind + Windows 2003 AD
I'm in a 2k8 r2 domain with SFU and home shells managed through the ADUC console. I'm using Samba/WInbind and use samba shares as user home directories that are mounted at login-time on Windows 7 machines. This is a first attempt as we migrated to Windows 2k8r2 in order to have better support for Win7 clients, as we had too many issues with Samba as our PDC. Mike On Mon, Jul 19, 2010 at 3:08 AM, Mucke, Tobias, FCI4 tobias.mu...@mbda-systems.de wrote: Hi, I'am afraid this is a general issue with Winbind. I am experiencing the same problems and my logs look quite similar to Henrik's logs. I am using Samba 3.5.4 and tried to resolve this issue without luck. In fact I have a working lab environment with Winbind 3.5.4, AD based on Windows Server 2008 R2 with IDMU. I set idmap backend = ad and winbind nss info = rfc2307. Unfortunately I was not able to port this setup back to the actual production environment with Winbind 3.5.4 and AD based on Windows Server 2003 with SFU 3.5. Besides AD versions there is another large difference between the production and the lab. In production the domain structure is far more complex ... Actually I am deploying a lab more close to the actual production environment. Another important thing to me would be a configuration example of somebody out there using Winbind in an actual version 3.5.x with backend ad and SFU for Shell and Home Directories. Anybody? Thank you. Tobias LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Necos Secon Gesendet: Montag, 19. Juli 2010 01:50 An: samba@lists.samba.org Betreff: Re: [Samba] Samba + Winbind + Windows 2003 AD I accidentally deleted the first set of messages in my email for this thread, but does your DNS resolve properly? What does your resolv.conf look like? Also, what do these files look like: krb5.conf smb.conf There's an option in smb.conf, winbind enum users, which needs to be set in order for getent to function properly. There is a corresponding option for groups as well. Look at them and let us know. Date: Mon, 19 Jul 2010 01:12:41 +0200 From: h...@semark.dk To: esiot...@gmail.com CC: samba@lists.samba.org Subject: Re: [Samba] Samba + Winbind + Windows 2003 AD Hi Micheal Sorry for not sending that information in the first place, but I though that it was so basic that it wasn't necessary. My nsswitch.conf: # cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat winbind group: compat winbind shadow: compat winbind hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files services: db files ethers: db files protocols: db files rpc:db files netgroup: nis I will mean that it is the way to do this (and it works just fine on the UNIX servers that run there own Domain Controller) Med Venlig Hilsen / Best Regards Henrik Dige Semark Den 18-07-2010 17:03, Michael Wood skrev: On 18 July 2010 01:34, Henrik Dige Semarkh...@semark.dk wrote: Hey out there. I have to join my UNIX server with an existing Win2k3 AD network. My system info: Debian Lenny Samba - 3.4.8 Winbind - 3.4.8 Windows Server 2003 with 2000-style-AD My problem is that, I have en UNIX server that have to run auth up against our existing windows 2003 AD. I have successfully joined my UNIX server to the AD, without problems. # net ads join -U Administrator Enter Administrator's password: Using short domain name -- TEST Joined 'MAIL' to realm 'TEST.LOCAL' My Samba config: http://pastebin.com/ZqaA0Ypn After the join I'm able to lookup peoples with # wbinfo -u [...] # wbinfo -g [...] Now the problem, getent only returns the local users and not the users from the AD The funny thing is that if a user is local on the UNIX and in the AD, I can login with the password from both local and AD, so I know that it can lookup people and passwords # getent passwd hs ; echo $? 2 When I debug on getent it returns 2, witch means that it can't find the user. Do you have winbind specified in your nsswitch.conf file as mentioned here: http
Re: [Samba] Samba + Winbind + Windows 2003 AD
Hi Michael, which version of Samba do you have? Are you able to post your Samba configuration? Thank you. Tobias Mit freundlichen Grüßen Tobias Mucke LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 Message sent from handheld via BlackBerry Server. Von: Michael Lyon mjl...@gmail.com An: Mucke, Tobias, FCI4; samba@lists.samba.org samba@lists.samba.org Gesendet: Mon Jul 19 14:22:37 2010 Betreff: Re: [Samba] Samba + Winbind + Windows 2003 AD I'm in a 2k8 r2 domain with SFU and home shells managed through the ADUC console. I'm using Samba/WInbind and use samba shares as user home directories that are mounted at login-time on Windows 7 machines. This is a first attempt as we migrated to Windows 2k8r2 in order to have better support for Win7 clients, as we had too many issues with Samba as our PDC. Mike On Mon, Jul 19, 2010 at 3:08 AM, Mucke, Tobias, FCI4 tobias.mu...@mbda-systems.de wrote: Hi, I'am afraid this is a general issue with Winbind. I am experiencing the same problems and my logs look quite similar to Henrik's logs. I am using Samba 3.5.4 and tried to resolve this issue without luck. In fact I have a working lab environment with Winbind 3.5.4, AD based on Windows Server 2008 R2 with IDMU. I set idmap backend = ad and winbind nss info = rfc2307. Unfortunately I was not able to port this setup back to the actual production environment with Winbind 3.5.4 and AD based on Windows Server 2003 with SFU 3.5. Besides AD versions there is another large difference between the production and the lab. In production the domain structure is far more complex ... Actually I am deploying a lab more close to the actual production environment. Another important thing to me would be a configuration example of somebody out there using Winbind in an actual version 3.5.x with backend ad and SFU for Shell and Home Directories. Anybody? Thank you. Tobias LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Necos Secon Gesendet: Montag, 19. Juli 2010 01:50 An: samba@lists.samba.org Betreff: Re: [Samba] Samba + Winbind + Windows 2003 AD I accidentally deleted the first set of messages in my email for this thread, but does your DNS resolve properly? What does your resolv.conf look like? Also, what do these files look like: krb5.conf smb.conf There's an option in smb.conf, winbind enum users, which needs to be set in order for getent to function properly. There is a corresponding option for groups as well. Look at them and let us know. Date: Mon, 19 Jul 2010 01:12:41 +0200 From: h...@semark.dk To: esiot...@gmail.com CC: samba@lists.samba.org Subject: Re: [Samba] Samba + Winbind + Windows 2003 AD Hi Micheal Sorry for not sending that information in the first place, but I though that it was so basic that it wasn't necessary. My nsswitch.conf: # cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat winbind group: compat winbind shadow: compat winbind hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files services: db files ethers: db files protocols: db files rpc:db files netgroup: nis I will mean that it is the way to do this (and it works just fine
Re: [Samba] Samba + Winbind + Windows 2003 AD
In all honesty, this is my first time using a binary samba package (I am a native slackware user that converted to Fedora simply because it was easier from start-to-finish FWIW) []# smbd -V Version 3.4.7-58.fc12 Here's my smb.conf global section: [global] workgroup = WORKGROUPNAME realm = ad.university.edu server string = Samba Server Version %v netbios name = vm-srvname security = ADS password server = * passdb backend = tdbsam admin users = @WORKGROUPNAME+Domain Admins log level = 2 log file = /var/log/samba/log.%m max log size = 5000 interfaces = eth0 lo socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288 SO_SNDBUF=524288 load printers = No #printing = printcap name = /etc/printcap client use spnego = yes client ntlmv2 auth = yes winbind use default domain = yes winbind separator = + winbind nested groups = Yes winbind enum users = yes winbind enum groups = yes winbind nss info = rfc2307 allow trusted domains = yes idmap uid = 1-9 idmap gid = 1-9 #idmap backend = ad idmap domains = WORKGROUPNAME idmap config WORKGROUPNAME:backend = ad idmap config WORKGROUPNAME:schema_mode = rfc2307 idmap config WORKGROUPNAME:range = 1000-75999 #template shell = /bin/bash #template homedir = /home/share #server signing = enabled ;dead time = 15 getwd cache = yes nt acl support = yes acl map full control = no store dos attributes = yes map acl inherit = yes local master = yes master browser = no dns proxy = no unix extensions = no guest account = nobody Mike On Mon, Jul 19, 2010 at 11:09 AM, Mucke, Tobias, FCI4 tobias.mu...@mbda-systems.de wrote: Hi Michael, which version of Samba do you have? Are you able to post your Samba configuration? Thank you. Tobias Mit freundlichen Grüßen Tobias Mucke LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 Message sent from handheld via BlackBerry Server. Von: Michael Lyon mjl...@gmail.com An: Mucke, Tobias, FCI4; samba@lists.samba.org samba@lists.samba.org Gesendet: Mon Jul 19 14:22:37 2010 Betreff: Re: [Samba] Samba + Winbind + Windows 2003 AD I'm in a 2k8 r2 domain with SFU and home shells managed through the ADUC console. I'm using Samba/WInbind and use samba shares as user home directories that are mounted at login-time on Windows 7 machines. This is a first attempt as we migrated to Windows 2k8r2 in order to have better support for Win7 clients, as we had too many issues with Samba as our PDC. Mike On Mon, Jul 19, 2010 at 3:08 AM, Mucke, Tobias, FCI4 tobias.mu...@mbda-systems.de wrote: Hi, I'am afraid this is a general issue with Winbind. I am experiencing the same problems and my logs look quite similar to Henrik's logs. I am using Samba 3.5.4 and tried to resolve this issue without luck. In fact I have a working lab environment with Winbind 3.5.4, AD based on Windows Server 2008 R2 with IDMU. I set idmap backend = ad and winbind nss info = rfc2307. Unfortunately I was not able to port this setup back to the actual production environment with Winbind 3.5.4 and AD based on Windows Server 2003 with SFU 3.5. Besides AD versions there is another large difference between the production and the lab. In production the domain structure is far more complex ... Actually I am deploying a lab more close to the actual production environment. Another important thing to me would be a configuration example of somebody out there using Winbind in an actual version 3.5.x with backend ad and SFU for Shell and Home Directories. Anybody? Thank you. Tobias LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto: samba-boun...@lists.samba.org] Im Auftrag von Necos Secon Gesendet: Montag, 19
Re: [Samba] Samba + Winbind + Windows 2003 AD
Ah, I'm a Slackware user myself (and I still do sometimes use their binaries for samba when I don't need AD support). I'm not sure if the Fedora package is compiled with AD support, but an ldd `which smbd` will answer that question. You do have the proper options that I mentioned enabled, so this might be an issue elsewhere. Have you tried reinitializing the kerberos ticket with kinit? The other thing to be sure to check is the clock skew. By default, it's 5 minutes in Windows 2003 and higher (not sure about other versions off-hand). Use an ntpdate script (or some other method) to keep the clocks in sync. Hopefully, that helps some. Date: Mon, 19 Jul 2010 11:22:15 -0500 From: mjl...@gmail.com To: samba@lists.samba.org Subject: Re: [Samba] Samba + Winbind + Windows 2003 AD In all honesty, this is my first time using a binary samba package (I am a native slackware user that converted to Fedora simply because it was easier from start-to-finish FWIW) []# smbd -V Version 3.4.7-58.fc12 Here's my smb.conf global section: [global] workgroup = WORKGROUPNAME realm = ad.university.edu server string = Samba Server Version %v netbios name = vm-srvname security = ADS password server = * passdb backend = tdbsam admin users = @WORKGROUPNAME+Domain Admins log level = 2 log file = /var/log/samba/log.%m max log size = 5000 interfaces = eth0 lo socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288 SO_SNDBUF=524288 load printers = No #printing = printcap name = /etc/printcap client use spnego = yes client ntlmv2 auth = yes winbind use default domain = yes winbind separator = + winbind nested groups = Yes winbind enum users = yes winbind enum groups = yes winbind nss info = rfc2307 allow trusted domains = yes idmap uid = 1-9 idmap gid = 1-9 #idmap backend = ad idmap domains = WORKGROUPNAME idmap config WORKGROUPNAME:backend = ad idmap config WORKGROUPNAME:schema_mode = rfc2307 idmap config WORKGROUPNAME:range = 1000-75999 #template shell = /bin/bash #template homedir = /home/share #server signing = enabled ;dead time = 15 getwd cache = yes nt acl support = yes acl map full control = no store dos attributes = yes map acl inherit = yes local master = yes master browser = no dns proxy = no unix extensions = no guest account = nobody Mike On Mon, Jul 19, 2010 at 11:09 AM, Mucke, Tobias, FCI4 tobias.mu...@mbda-systems.de wrote: Hi Michael, which version of Samba do you have? Are you able to post your Samba configuration? Thank you. Tobias Mit freundlichen Grüßen Tobias Mucke LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 Message sent from handheld via BlackBerry Server. Von: Michael Lyon mjl...@gmail.com An: Mucke, Tobias, FCI4; samba@lists.samba.org samba@lists.samba.org Gesendet: Mon Jul 19 14:22:37 2010 Betreff: Re: [Samba] Samba + Winbind + Windows 2003 AD I'm in a 2k8 r2 domain with SFU and home shells managed through the ADUC console. I'm using Samba/WInbind and use samba shares as user home directories that are mounted at login-time on Windows 7 machines. This is a first attempt as we migrated to Windows 2k8r2 in order to have better support for Win7 clients, as we had too many issues with Samba as our PDC. Mike On Mon, Jul 19, 2010 at 3:08 AM, Mucke, Tobias, FCI4 tobias.mu...@mbda-systems.de wrote: Hi, I'am afraid this is a general issue with Winbind. I am experiencing the same problems and my logs look quite similar to Henrik's logs. I am using Samba 3.5.4 and tried to resolve this issue without luck. In fact I have a working lab environment with Winbind 3.5.4, AD based on Windows Server 2008 R2 with IDMU. I set idmap backend = ad and winbind nss info = rfc2307. Unfortunately I was not able to port this setup back to the actual production environment with Winbind 3.5.4 and AD based on Windows Server 2003 with SFU 3.5. Besides AD versions there is another large difference between the production and the lab. In production the domain structure is far more complex ... Actually I am deploying a lab more close to the actual production
Re: [Samba] Samba + Winbind + Windows 2003 AD
Hi Henrik, I am also fighting with Winbind for a few days now experiencing some weird behaviour. Regarding your explanation I assume you have SFU running in your AD Domain. Do you really have a RFC2307 complaint schema in AD or do you still stick to SFU schema? For debugging the winbind it was helpful to me to start it in a shell as a foreground process with debugging on, e. g. /usr/sbin/winbindd -SFi -d3 Now you should be able to see the different Winbind behaviour regarding the login and getent. Good luck. Tobias Mucke LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Henrik Dige Semark Sent: Sunday, July 18, 2010 1:35 AM To: samba@lists.samba.org Subject: [Samba] Samba + Winbind + Windows 2003 AD Hey out there. I have to join my UNIX server with an existing Win2k3 AD network. My system info: Debian Lenny Samba - 3.4.8 Winbind - 3.4.8 Windows Server 2003 with 2000-style-AD My problem is that, I have en UNIX server that have to run auth up against our existing windows 2003 AD. I have successfully joined my UNIX server to the AD, without problems. # net ads join -U Administrator Enter Administrator's password: Using short domain name -- TEST Joined 'MAIL' to realm 'TEST.LOCAL' My Samba config: http://pastebin.com/ZqaA0Ypn After the join I'm able to lookup peoples with # wbinfo -u [...] XX hds XXX [...] # wbinfo -g [...] bg XX bg hds bg XXX [...] Now the problem, getent only returns the local users and not the users from the AD The funny thing is that if a user is local on the UNIX and in the AD, I can login with the password from both local and AD, so I know that it can lookup people and passwords # getent passwd hs ; echo $? 2 When I debug on getent it returns 2, witch means that it can't find the user. I know there can be a problem with this if the resolv-names is not working # ping addc.UNDERVISNING.LOCAL PING addc.birke-gym.dk (10.3.17.1) 56(84) bytes of data. 64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=1 ttl=128 time=0.211 ms 64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=2 ttl=128 time=0.207 ms # ping mail.UNDERVISNING.LOCAL PING mail.birke-gym.dk (127.0.1.1) 56(84) bytes of data. 64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=1 ttl=64 time=0.099 ms 64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=2 ttl=64 time=0.094 ms Is there anyone that can see where I have done something rung in my samba-config.? -- Med Venlig Hilsen / Best Regards Henrik Dige Semark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + Winbind + Windows 2003 AD
Hi Tobias To be honest I don't really know that mutch about the Windows AD, I'm not an Windows guy, when I talked with the Windows AD Administrator he told my that it was an RFC2307 schema and not an old SFU, but I have just now logged on to the AD server and it doesn't seams like any schemas is loaded at all. My winbind debugging: http://pastebin.com/WjDRvp8q Winbind debugging while getent passwd USER: http://pastebin.com/0B24yePY I don't know way there is a lot of UVROOT.LOCAL, my server is only joined to UNDERVISNING.LOCAL, but the windows AD server do know UVROOT also. -- Med Venlig Hilsen / Best Regards Henrik Dige Semark Den 18-07-2010 08:58, Mucke, Tobias, FCI4 skrev: Hi Henrik, I am also fighting with Winbind for a few days now experiencing some weird behaviour. Regarding your explanation I assume you have SFU running in your AD Domain. Do you really have a RFC2307 complaint schema in AD or do you still stick to SFU schema? For debugging the winbind it was helpful to me to start it in a shell as a foreground process with debugging on, e. g. /usr/sbin/winbindd -SFi -d3 Now you should be able to see the different Winbind behaviour regarding the login and getent. Good luck. Tobias Mucke LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Henrik Dige Semark Sent: Sunday, July 18, 2010 1:35 AM To: samba@lists.samba.org Subject: [Samba] Samba + Winbind + Windows 2003 AD Hey out there. I have to join my UNIX server with an existing Win2k3 AD network. My system info: Debian Lenny Samba - 3.4.8 Winbind - 3.4.8 Windows Server 2003 with 2000-style-AD My problem is that, I have en UNIX server that have to run auth up against our existing windows 2003 AD. I have successfully joined my UNIX server to the AD, without problems. # net ads join -U Administrator Enter Administrator's password: Using short domain name -- TEST Joined 'MAIL' to realm 'TEST.LOCAL' My Samba config: http://pastebin.com/ZqaA0Ypn After the join I'm able to lookup peoples with # wbinfo -u [...] XX hds XXX [...] # wbinfo -g [...] bg XX bg hds bg XXX [...] Now the problem, getent only returns the local users and not the users from the AD The funny thing is that if a user is local on the UNIX and in the AD, I can login with the password from both local and AD, so I know that it can lookup people and passwords # getent passwd hs ; echo $? 2 When I debug on getent it returns 2, witch means that it can't find the user. I know there can be a problem with this if the resolv-names is not working # ping addc.UNDERVISNING.LOCAL PING addc.birke-gym.dk (10.3.17.1) 56(84) bytes of data. 64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=1 ttl=128 time=0.211 ms 64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=2 ttl=128 time=0.207 ms # ping mail.UNDERVISNING.LOCAL PING mail.birke-gym.dk (127.0.1.1) 56(84) bytes of data. 64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=1 ttl=64 time=0.099 ms 64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=2 ttl=64 time=0.094 ms Is there anyone that can see where I have done something rung in my samba-config.? -- Med Venlig Hilsen / Best Regards Henrik Dige Semark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + Winbind + Windows 2003 AD
On 18 July 2010 01:34, Henrik Dige Semark h...@semark.dk wrote: Hey out there. I have to join my UNIX server with an existing Win2k3 AD network. My system info: Debian Lenny Samba - 3.4.8 Winbind - 3.4.8 Windows Server 2003 with 2000-style-AD My problem is that, I have en UNIX server that have to run auth up against our existing windows 2003 AD. I have successfully joined my UNIX server to the AD, without problems. # net ads join -U Administrator Enter Administrator's password: Using short domain name -- TEST Joined 'MAIL' to realm 'TEST.LOCAL' My Samba config: http://pastebin.com/ZqaA0Ypn After the join I'm able to lookup peoples with # wbinfo -u [...] # wbinfo -g [...] Now the problem, getent only returns the local users and not the users from the AD The funny thing is that if a user is local on the UNIX and in the AD, I can login with the password from both local and AD, so I know that it can lookup people and passwords # getent passwd hs ; echo $? 2 When I debug on getent it returns 2, witch means that it can't find the user. Do you have winbind specified in your nsswitch.conf file as mentioned here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html#id2654732 -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + Winbind + Windows 2003 AD
Hi Micheal Sorry for not sending that information in the first place, but I though that it was so basic that it wasn't necessary. My nsswitch.conf: # cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat winbind group: compat winbind shadow: compat winbind hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files services: db files ethers: db files protocols: db files rpc:db files netgroup: nis I will mean that it is the way to do this (and it works just fine on the UNIX servers that run there own Domain Controller) Med Venlig Hilsen / Best Regards Henrik Dige Semark Den 18-07-2010 17:03, Michael Wood skrev: On 18 July 2010 01:34, Henrik Dige Semarkh...@semark.dk wrote: Hey out there. I have to join my UNIX server with an existing Win2k3 AD network. My system info: Debian Lenny Samba - 3.4.8 Winbind - 3.4.8 Windows Server 2003 with 2000-style-AD My problem is that, I have en UNIX server that have to run auth up against our existing windows 2003 AD. I have successfully joined my UNIX server to the AD, without problems. # net ads join -U Administrator Enter Administrator's password: Using short domain name -- TEST Joined 'MAIL' to realm 'TEST.LOCAL' My Samba config: http://pastebin.com/ZqaA0Ypn After the join I'm able to lookup peoples with # wbinfo -u [...] # wbinfo -g [...] Now the problem, getent only returns the local users and not the users from the AD The funny thing is that if a user is local on the UNIX and in the AD, I can login with the password from both local and AD, so I know that it can lookup people and passwords # getent passwd hs ; echo $? 2 When I debug on getent it returns 2, witch means that it can't find the user. Do you have winbind specified in your nsswitch.conf file as mentioned here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html#id2654732 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + Winbind + Windows 2003 AD
I accidentally deleted the first set of messages in my email for this thread, but does your DNS resolve properly? What does your resolv.conf look like? Also, what do these files look like: krb5.conf smb.conf There's an option in smb.conf, winbind enum users, which needs to be set in order for getent to function properly. There is a corresponding option for groups as well. Look at them and let us know. Date: Mon, 19 Jul 2010 01:12:41 +0200 From: h...@semark.dk To: esiot...@gmail.com CC: samba@lists.samba.org Subject: Re: [Samba] Samba + Winbind + Windows 2003 AD Hi Micheal Sorry for not sending that information in the first place, but I though that it was so basic that it wasn't necessary. My nsswitch.conf: # cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat winbind group: compat winbind shadow: compat winbind hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files services: db files ethers: db files protocols: db files rpc:db files netgroup: nis I will mean that it is the way to do this (and it works just fine on the UNIX servers that run there own Domain Controller) Med Venlig Hilsen / Best Regards Henrik Dige Semark Den 18-07-2010 17:03, Michael Wood skrev: On 18 July 2010 01:34, Henrik Dige Semarkh...@semark.dk wrote: Hey out there. I have to join my UNIX server with an existing Win2k3 AD network. My system info: Debian Lenny Samba - 3.4.8 Winbind - 3.4.8 Windows Server 2003 with 2000-style-AD My problem is that, I have en UNIX server that have to run auth up against our existing windows 2003 AD. I have successfully joined my UNIX server to the AD, without problems. # net ads join -U Administrator Enter Administrator's password: Using short domain name -- TEST Joined 'MAIL' to realm 'TEST.LOCAL' My Samba config: http://pastebin.com/ZqaA0Ypn After the join I'm able to lookup peoples with # wbinfo -u [...] # wbinfo -g [...] Now the problem, getent only returns the local users and not the users from the AD The funny thing is that if a user is local on the UNIX and in the AD, I can login with the password from both local and AD, so I know that it can lookup people and passwords # getent passwd hs ; echo $? 2 When I debug on getent it returns 2, witch means that it can't find the user. Do you have winbind specified in your nsswitch.conf file as mentioned here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html#id2654732 _ The New Busy is not the old busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.4 Windows 7 offline folders
On Fri, Jan 22, 2010 at 12:54 AM, Martin Hochreiter linux...@wavenet.atwrote: Am 2010-01-21 23:42, schrieb Jeremy Allison: On Thu, Jan 21, 2010 at 07:50:53PM +, nf-vale wrote: Is this issue only related with Windows 7 clients or does it affect other Windows versions too (I'm using Samba 3.4.3 version)? The offline files bug was only reported against a specific version of Windows Vista, but I wouldn't be surprised if it affected other versions too. Jeremy. Hi to all! I can only tell report the issue on Windows 7 32 bit only. We don't use vista and Windows XP is still working without problems. As I told you - with 3.4.5 we didn't had any issues yet. regards Martin I'm having problems with Samba 3.4.7 from Debian Testing. XP is not having any problems, but Windows 7 32-bit and 64-bit are having issues. What can I send to help pinpoint the problem? Thanks, Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.4 Windows 7 offline folders
On Wed, Apr 21, 2010 at 06:45:24PM -0600, Robert LeBlanc wrote: On Fri, Jan 22, 2010 at 12:54 AM, Martin Hochreiter linux...@wavenet.atwrote: Am 2010-01-21 23:42, schrieb Jeremy Allison: On Thu, Jan 21, 2010 at 07:50:53PM +, nf-vale wrote: Is this issue only related with Windows 7 clients or does it affect other Windows versions too (I'm using Samba 3.4.3 version)? The offline files bug was only reported against a specific version of Windows Vista, but I wouldn't be surprised if it affected other versions too. Jeremy. Hi to all! I can only tell report the issue on Windows 7 32 bit only. We don't use vista and Windows XP is still working without problems. As I told you - with 3.4.5 we didn't had any issues yet. regards Martin I'm having problems with Samba 3.4.7 from Debian Testing. XP is not having any problems, but Windows 7 32-bit and 64-bit are having issues. What can I send to help pinpoint the problem? Log a bug at bugzilla.samba.org documenting the problem and how to reproduce. Thanks ! Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba vs. Windows
On Mon, Apr 12, 2010 at 10:30:18AM -0400, Smith, Keenan C. wrote: We have a fairly vanilla Samba configuration that recently replaced a Windows 2003 server and among other things, serves large (64 MB) files. Permissions are all 777. When running an application attempting to do a single read of these files from a share, we discovered that they were not being served properly. We also found that copying them to the local drive or changing the ownership of the files to the person running the application seemed to address the problem. By properly I mean that the entire file was not being transferred to the workstations. We found that there's a 64 MB limit for a single read on 32-bit Windows. That explained why the enter file wasn't being served. However, why would changing the ownership of the file or copying it locally make a difference? Is the 64MB limit only on network services? Does changing the ownership the file somehow change the properties of the file, making it readable? Also, we found the running the same application from Linux through an NFS mount or from a Windows workstation to a Windows server, the file was served as expected. It seems like Windows-to-Windows somehow enables buffered reading where Windows-to-Samba does not. We can't find any obvious Samba settings that would make this work and it doesn't seem to be a Windows issue. Can you please create a network trace of the Windows-Windows transfer as well as of the Samba-Windows transfer? Please file a bug with https://bugzilla.samba.org/ and upload the network traces there. Information on how to create useful network traces can be found under http://wiki.samba.org/index.php/Capture_Packets Thanks, Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba vs. Windows
On Mon, Apr 12, 2010 at 10:30 AM, Smith, Keenan C. keenan.sm...@jhuapl.edu wrote: All, We have a fairly vanilla Samba configuration that recently replaced a Windows 2003 server and among other things, serves large (64 MB) files. Permissions are all 777. When running an application attempting to do a single read of these files from a share, we discovered that they were not being served properly. We also found that copying them to the local drive or changing the ownership of the files to the person running the application seemed to address the problem. By properly I mean that the entire file was not being transferred to the workstations. We found that there's a 64 MB limit for a single read on 32-bit Windows. That explained why the enter file wasn't being served. However, why would changing the ownership of the file or copying it locally make a difference? Is the 64MB limit only on network services? Does changing the ownership the file somehow change the properties of the file, making it readable? Also, we found the running the same application from Linux through an NFS mount or from a Windows workstation to a Windows server, the file was served as expected. It seems like Windows-to-Windows somehow enables buffered reading where Windows-to-Samba does not. We can't find any obvious Samba settings that would make this work and it doesn't seem to be a Windows issue. Has anybody seen anything like this or have any ideas for a solution? I have had a problem with large buffered reads and writes under XP. It turned out to be caused by the following know bug in XP. http://support.microsoft.com/kb/913872 Not sure if this causing your problem. I solved the problem by requesting a smaller buffer. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba / Lucid / Windows 7 problem
On 2010-03-24 02:10, David Harrison wrote: Here is my smbldap-tools configuration in smb.conf: add machine script = /usr/sbin/smbldap-useradd -w %u Is your add machine script directive similar/the same? Hi David Mine looked like this: add machine script = /usr/sbin/smbldap-useradd -i -w %m I removed the -i and I can join the domain, thanks. That doesn't solve the actual problem I guess, but since I don't think I need interdomain trust accounts anyway, close enough. Mvh. Torkil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba / Lucid / Windows 7 problem
On 03/29/2010 6:38 AM, Torkil Svensgaard wrote: On 2010-03-24 02:10, David Harrison wrote: Here is my smbldap-tools configuration in smb.conf: add machine script = /usr/sbin/smbldap-useradd -w %u Is your add machine script directive similar/the same? Hi David Mine looked like this: add machine script = /usr/sbin/smbldap-useradd -i -w %m I removed the -i and I can join the domain, thanks. That doesn't solve the actual problem I guess, but since I don't think I need interdomain trust accounts anyway, close enough. Mvh. Torkil For the last system that I had to add, the solution was the exact opposite. The system would not join the domain until I added the -i. I have no explanation. Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4 Windows 95/98 logon problem
Anybody else having the same problem? Better yet any solution? I know Windows 95 clients are not that common anymore and that what we will try to do as well. But, it is sometimes hard because of some legacy hardware requirements. From: Selcuk Ozturk soz...@yahoo.com To: samba@lists.samba.org Sent: Mon, March 22, 2010 7:05:57 AM Subject: Re: [Samba] Samba 3.4 Windows 95/98 logon problem The domain controller is an old NT4, not the samba server. The password there works fine because the machines can connect to the PDC's shares no problem. The key here is the security = domain setting. When I change it to security = server it works fine. Both settings should be essentially same except domain is less demanding on the PDC and more fault tolerant. Under both settings, the NT4 PDC is asked to validate the password. But, the first one does not work while the second does. Selcuk From: Pascal Valois pascal.val...@devinci.fr To: samba@lists.samba.org Sent: Sun, March 21, 2010 1:37:10 PM Subject: Re: [Samba] Samba 3.4 Windows 95/98 logon problem try to reset the password for the users using w95/98. it usually works. Le 21/03/2010 13:42, selcuko a écrit : Hi, we have just upgraded one of our very old Linux/Samba servers to version 3.4.2. After the upgrade, the Windows 95/98 clients cannot login to the server anymore. In the log I see 'NT_STATUS_ACCESS_DENIED' messages for these clients. The samba server is setup to use an NT4 PDC as the password server. The security = domain. The Windows 2000 and up clients don't have any problems. But, the Win 9x cannot login. We also have other older samba servers. Various versions up till 3.0.20. The win 9x machines don't have any problems logging into those servers. -- Pascal Valois Service Informatique Pole Universitaire Léonard de Vinci -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba / Lucid / Windows 7 problem
Are you sure this is a Windows 7 fault? By the looks of the Samba log smbldap-tools is causing the grief. Have you confirmed smbldap-useradd is working from the terminal? You could also try adding the machine account to your LDAP server prior to joining it to the domain from the desktop. David On Tue, Mar 23, 2010 at 9:32 PM, Torkil Svensgaard tor...@drcmr.dk wrote: Hi list I'm running a Samba PDC on Ubuntu Lucid (3.4.7) and am unable to join Windows 7 machines to the domain. I have applied the registry changes described at http://wiki.samba.org/index.php/Windows7 Windows XP machines can join with no problems. Samba log: stty: standard input: Inappropriate ioctl for device Use of uninitialized value $pass in chomp at /usr/sbin/smbldap-useradd line 324. stty: standard input: Inappropriate ioctl for device stty: standard input: Inappropriate ioctl for device Use of uninitialized value $pass2 in chomp at /usr/sbin/smbldap-useradd line 330. stty: standard input: Inappropriate ioctl for device Use of uninitialized value $pass in string ne at /usr/sbin/smbldap-useradd line 334. Use of uninitialized value $pass2 in string ne at /usr/sbin/smbldap-useradd line 334. Windows 7 reports: A device attached to the system is not functioning. Any ideas? Thanks, Torkil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba / Lucid / Windows 7 problem
No, I'm not sure, but given that Windows XP machines can join with no problems (and thus smdldap-useradd is working, in this case), at the very least Windows 7 is doing something differently. The Windows 7 machine actually does end up on the LDAP server, as subsequent attempts to join complain about The specified account already exists. In this case there are no errors from smbldap-useradd in the log. Thanks, Torkil On 2010-03-23 10:22, David Harrison wrote: Are you sure this is a Windows 7 fault? By the looks of the Samba log smbldap-tools is causing the grief. Have you confirmed smbldap-useradd is working from the terminal? You could also try adding the machine account to your LDAP server prior to joining it to the domain from the desktop. David On Tue, Mar 23, 2010 at 9:32 PM, Torkil Svensgaardtor...@drcmr.dk wrote: Hi list I'm running a Samba PDC on Ubuntu Lucid (3.4.7) and am unable to join Windows 7 machines to the domain. I have applied the registry changes described at http://wiki.samba.org/index.php/Windows7 Windows XP machines can join with no problems. Samba log: stty: standard input: Inappropriate ioctl for device Use of uninitialized value $pass in chomp at /usr/sbin/smbldap-useradd line 324. stty: standard input: Inappropriate ioctl for device stty: standard input: Inappropriate ioctl for device Use of uninitialized value $pass2 in chomp at /usr/sbin/smbldap-useradd line 330. stty: standard input: Inappropriate ioctl for device Use of uninitialized value $pass in string ne at /usr/sbin/smbldap-useradd line 334. Use of uninitialized value $pass2 in string ne at /usr/sbin/smbldap-useradd line 334. Windows 7 reports: A device attached to the system is not functioning. Any ideas? Thanks, Torkil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba / Lucid / Windows 7 problem
You could try turning up the log level in smb.conf so that you can see what Windows 7 is passing to Samba, and in turn what it is sending to smbldap-tools (sorry I don't know what level this will require). For reference, at one site with quite a few Windows 7 clients I am running Ubuntu Server 9.10 with the Samba 3.3 packages from Sernet and smbldap-tools. I had some initial issues with Windows registry settings, but never any issue with smbldap-tools and Windows 7. David On Tue, Mar 23, 2010 at 10:37 PM, Torkil Svensgaard tor...@drcmr.dk wrote: No, I'm not sure, but given that Windows XP machines can join with no problems (and thus smdldap-useradd is working, in this case), at the very least Windows 7 is doing something differently. The Windows 7 machine actually does end up on the LDAP server, as subsequent attempts to join complain about The specified account already exists. In this case there are no errors from smbldap-useradd in the log. Thanks, Torkil On 2010-03-23 10:22, David Harrison wrote: Are you sure this is a Windows 7 fault? By the looks of the Samba log smbldap-tools is causing the grief. Have you confirmed smbldap-useradd is working from the terminal? You could also try adding the machine account to your LDAP server prior to joining it to the domain from the desktop. David On Tue, Mar 23, 2010 at 9:32 PM, Torkil Svensgaardtor...@drcmr.dk wrote: Hi list I'm running a Samba PDC on Ubuntu Lucid (3.4.7) and am unable to join Windows 7 machines to the domain. I have applied the registry changes described at http://wiki.samba.org/index.php/Windows7 Windows XP machines can join with no problems. Samba log: stty: standard input: Inappropriate ioctl for device Use of uninitialized value $pass in chomp at /usr/sbin/smbldap-useradd line 324. stty: standard input: Inappropriate ioctl for device stty: standard input: Inappropriate ioctl for device Use of uninitialized value $pass2 in chomp at /usr/sbin/smbldap-useradd line 330. stty: standard input: Inappropriate ioctl for device Use of uninitialized value $pass in string ne at /usr/sbin/smbldap-useradd line 334. Use of uninitialized value $pass2 in string ne at /usr/sbin/smbldap-useradd line 334. Windows 7 reports: A device attached to the system is not functioning. Any ideas? Thanks, Torkil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba / Lucid / Windows 7 problem
My initial assumption about Windows XP was wrong, I can't join with that either, it just seemed that way. I failed to notice that removing the machine from the domain from within XP didn't actually remove it from the LDAP server and thus when I rejoined it apparently used the existing account instead of creating a new one through smdldap-useradd. The problem lies elsewhere, one of the lines in smbldap-useradd that fails looks like this: chomp( $pass = STDIN ); I presume an autogenerated password shold be passed to the script through some sort of STDIN redirection but that fails. Thanks, Torkil On 2010-03-23 10:42, David Harrison wrote: You could try turning up the log level in smb.conf so that you can see what Windows 7 is passing to Samba, and in turn what it is sending to smbldap-tools (sorry I don't know what level this will require). For reference, at one site with quite a few Windows 7 clients I am running Ubuntu Server 9.10 with the Samba 3.3 packages from Sernet and smbldap-tools. I had some initial issues with Windows registry settings, but never any issue with smbldap-tools and Windows 7. David On Tue, Mar 23, 2010 at 10:37 PM, Torkil Svensgaardtor...@drcmr.dk wrote: No, I'm not sure, but given that Windows XP machines can join with no problems (and thus smdldap-useradd is working, in this case), at the very least Windows 7 is doing something differently. The Windows 7 machine actually does end up on the LDAP server, as subsequent attempts to join complain about The specified account already exists. In this case there are no errors from smbldap-useradd in the log. Thanks, Torkil On 2010-03-23 10:22, David Harrison wrote: Are you sure this is a Windows 7 fault? By the looks of the Samba log smbldap-tools is causing the grief. Have you confirmed smbldap-useradd is working from the terminal? You could also try adding the machine account to your LDAP server prior to joining it to the domain from the desktop. David On Tue, Mar 23, 2010 at 9:32 PM, Torkil Svensgaardtor...@drcmr.dk wrote: Hi list I'm running a Samba PDC on Ubuntu Lucid (3.4.7) and am unable to join Windows 7 machines to the domain. I have applied the registry changes described at http://wiki.samba.org/index.php/Windows7 Windows XP machines can join with no problems. Samba log: stty: standard input: Inappropriate ioctl for device Use of uninitialized value $pass in chomp at /usr/sbin/smbldap-useradd line 324. stty: standard input: Inappropriate ioctl for device stty: standard input: Inappropriate ioctl for device Use of uninitialized value $pass2 in chomp at /usr/sbin/smbldap-useradd line 330. stty: standard input: Inappropriate ioctl for device Use of uninitialized value $pass in string ne at /usr/sbin/smbldap-useradd line 334. Use of uninitialized value $pass2 in string ne at /usr/sbin/smbldap-useradd line 334. Windows 7 reports: A device attached to the system is not functioning. Any ideas? Thanks, Torkil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba / Lucid / Windows 7 problem
Here is my smbldap-tools configuration in smb.conf: add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u ldap passwd sync = yes Is your add machine script directive similar/the same? David On Tue, Mar 23, 2010 at 11:38 PM, Torkil Svensgaard tor...@drcmr.dk wrote: My initial assumption about Windows XP was wrong, I can't join with that either, it just seemed that way. I failed to notice that removing the machine from the domain from within XP didn't actually remove it from the LDAP server and thus when I rejoined it apparently used the existing account instead of creating a new one through smdldap-useradd. The problem lies elsewhere, one of the lines in smbldap-useradd that fails looks like this: chomp( $pass = STDIN ); I presume an autogenerated password shold be passed to the script through some sort of STDIN redirection but that fails. Thanks, Torkil On 2010-03-23 10:42, David Harrison wrote: You could try turning up the log level in smb.conf so that you can see what Windows 7 is passing to Samba, and in turn what it is sending to smbldap-tools (sorry I don't know what level this will require). For reference, at one site with quite a few Windows 7 clients I am running Ubuntu Server 9.10 with the Samba 3.3 packages from Sernet and smbldap-tools. I had some initial issues with Windows registry settings, but never any issue with smbldap-tools and Windows 7. David On Tue, Mar 23, 2010 at 10:37 PM, Torkil Svensgaardtor...@drcmr.dk wrote: No, I'm not sure, but given that Windows XP machines can join with no problems (and thus smdldap-useradd is working, in this case), at the very least Windows 7 is doing something differently. The Windows 7 machine actually does end up on the LDAP server, as subsequent attempts to join complain about The specified account already exists. In this case there are no errors from smbldap-useradd in the log. Thanks, Torkil On 2010-03-23 10:22, David Harrison wrote: Are you sure this is a Windows 7 fault? By the looks of the Samba log smbldap-tools is causing the grief. Have you confirmed smbldap-useradd is working from the terminal? You could also try adding the machine account to your LDAP server prior to joining it to the domain from the desktop. David On Tue, Mar 23, 2010 at 9:32 PM, Torkil Svensgaardtor...@drcmr.dk wrote: Hi list I'm running a Samba PDC on Ubuntu Lucid (3.4.7) and am unable to join Windows 7 machines to the domain. I have applied the registry changes described at http://wiki.samba.org/index.php/Windows7 Windows XP machines can join with no problems. Samba log: stty: standard input: Inappropriate ioctl for device Use of uninitialized value $pass in chomp at /usr/sbin/smbldap-useradd line 324. stty: standard input: Inappropriate ioctl for device stty: standard input: Inappropriate ioctl for device Use of uninitialized value $pass2 in chomp at /usr/sbin/smbldap-useradd line 330. stty: standard input: Inappropriate ioctl for device Use of uninitialized value $pass in string ne at /usr/sbin/smbldap-useradd line 334. Use of uninitialized value $pass2 in string ne at /usr/sbin/smbldap-useradd line 334. Windows 7 reports: A device attached to the system is not functioning. Any ideas? Thanks, Torkil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4 Windows 95/98 logon problem
The domain controller is an old NT4, not the samba server. The password there works fine because the machines can connect to the PDC's shares no problem. The key here is the security = domain setting. When I change it to security = server it works fine. Both settings should be essentially same except domain is less demanding on the PDC and more fault tolerant. Under both settings, the NT4 PDC is asked to validate the password. But, the first one does not work while the second does. Selcuk From: Pascal Valois pascal.val...@devinci.fr To: samba@lists.samba.org Sent: Sun, March 21, 2010 1:37:10 PM Subject: Re: [Samba] Samba 3.4 Windows 95/98 logon problem try to reset the password for the users using w95/98. it usually works. Le 21/03/2010 13:42, selcuko a écrit : Hi, we have just upgraded one of our very old Linux/Samba servers to version 3.4.2. After the upgrade, the Windows 95/98 clients cannot login to the server anymore. In the log I see 'NT_STATUS_ACCESS_DENIED' messages for these clients. The samba server is setup to use an NT4 PDC as the password server. The security = domain. The Windows 2000 and up clients don't have any problems. But, the Win 9x cannot login. We also have other older samba servers. Various versions up till 3.0.20. The win 9x machines don't have any problems logging into those servers. -- Pascal Valois Service Informatique Pole Universitaire Léonard de Vinci -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4 Windows 95/98 logon problem
we have just upgraded one of our very old Linux/Samba servers to version 3.4.2. After the upgrade, the Windows 95/98 clients cannot login to the server anymore. In the log I see 'NT_STATUS_ACCESS_DENIED' messages for these clients. The key word here is very old. Meanwhile, some Samba defaults changed. The default for client lanman auth is now No. If you have Windows 9x clients, you should have the following in your smb.conf file: client lanman auth = Yes From the smb.conf (5) man page: --- client lanman auth (G) This parameter determines whether or not smbclient(8) and other samba client tools will attempt to authenticate itself to servers using the weaker LANMAN password hash. If disabled, only server which support NT password hashes (e.g. Windows NT/2000, Samba, etc... but not Windows 95/98) will be able to be connected from the Samba client. The LANMAN encrypted response is easily broken, due to its case-insensitive nature, and the choice of algorithm. Clients without Windows 95/98 servers are advised to disable this option. Disabling this option will also disable the client plaintext auth option. Likewise, if the client ntlmv2 auth parameter is enabled, then only NTLMv2 logins will be attempted. Default: client lanman auth = no --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4 Windows 95/98 logon problem
I am not at all familiar with the use of Windows 9x clients, but I suppose that you also need to include the following: lanman auth = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4 Windows 95/98 logon problem
Thanks for the response. I have tried both client lanman auth = Yes and lanman auth = Yes. They don't help. I think they do work when the security = server but not when security = domain. Selcuk From: Miguel Medalha miguelmeda...@sapo.pt To: selcuko soz...@yahoo.com Cc: samba@lists.samba.org Sent: Sun, March 21, 2010 9:08:10 AM Subject: Re: [Samba] Samba 3.4 Windows 95/98 logon problem we have just upgraded one of our very old Linux/Samba servers to version 3.4.2. After the upgrade, the Windows 95/98 clients cannot login to the server anymore. In the log I see 'NT_STATUS_ACCESS_DENIED' messages for these clients. The key word here is very old. Meanwhile, some Samba defaults changed. The default for client lanman auth is now No. If you have Windows 9x clients, you should have the following in your smb.conf file: client lanman auth = Yes From the smb.conf (5) man page: --- client lanman auth (G) This parameter determines whether or not smbclient(8) and other samba client tools will attempt to authenticate itself to servers using the weaker LANMAN password hash. If disabled, only server which support NT password hashes (e.g. Windows NT/2000, Samba, etc... but not Windows 95/98) will be able to be connected from the Samba client. The LANMAN encrypted response is easily broken, due to its case-insensitive nature, and the choice of algorithm. Clients without Windows 95/98 servers are advised to disable this option. Disabling this option will also disable the client plaintext auth option. Likewise, if the client ntlmv2 auth parameter is enabled, then only NTLMv2 logins will be attempted. Default: client lanman auth = no --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4 Windows 95/98 logon problem
Please search the list archives. I am sure that your question has already been addressed here. It is possible to make it work. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4 Windows 95/98 logon problem
On 2010/03/21 05:42 (GMT-0700) selcuko composed: we have just upgraded one of our very old Linux/Samba servers to version 3.4.2. After the upgrade, the Windows 95/98 clients cannot login to the server anymore. In the log I see 'NT_STATUS_ACCESS_DENIED' messages for these clients. The samba server is setup to use an NT4 PDC as the password server. The security = domain. The Windows 2000 and up clients don't have any problems. But, the Win 9x cannot login. We also have other older samba servers. Various versions up till 3.0.20. The win 9x machines don't have any problems logging into those servers. Maybe http://lists.samba.org/archive/samba/2010-March/154376.html has your answer. -- The wise are known for their understanding, and pleasant words are persuasive. Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4 Windows 95/98 logon problem
try to reset the password for the users using w95/98. it usually works. Le 21/03/2010 13:42, selcuko a écrit : Hi, we have just upgraded one of our very old Linux/Samba servers to version 3.4.2. After the upgrade, the Windows 95/98 clients cannot login to the server anymore. In the log I see 'NT_STATUS_ACCESS_DENIED' messages for these clients. The samba server is setup to use an NT4 PDC as the password server. The security = domain. The Windows 2000 and up clients don't have any problems. But, the Win 9x cannot login. We also have other older samba servers. Various versions up till 3.0.20. The win 9x machines don't have any problems logging into those servers. -- Pascal Valois Service Informatique Pole Universitaire Léonard de Vinci -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and Windows 7 do they work together?
John Drescher wrote: Yes. They work fine together. You need samba-3.3.X or greater. 3.4.X does not allow printing under 64 bit clients but 3.3 or 3.5 are good. I was about to upgrade from 3.3 to 3.4 until I read that. Is the 64-bit printing issue going to be fixed in the 3.4 series? Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and Windows 7 do they work together?
Yes. They work fine together. You need samba-3.3.X or greater. 3.4.X does not allow printing under 64 bit clients but 3.3 or 3.5 are good. I was about to upgrade from 3.3 to 3.4 until I read that. Is the 64-bit printing issue going to be fixed in the 3.4 series? Fixed in the 3.5 series although I have not verified that. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and Windows 7 do they work together?
Are there any changes I need to implement on the Windows 7 Clients to get them to see Samba Shares?? Seeing the shares even worked with the unsupported/deprecated 3.0.36 with no changes. Joining the domain requires 3.3.X and above and the registry entries. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and Windows 7 do they work together?
On 03/04/2010 03:22 AM, Moray Henderson wrote: John Drescher wrote: Yes. They work fine together. You need samba-3.3.X or greater. 3.4.X does not allow printing under 64 bit clients but 3.3 or 3.5 are good. I was about to upgrade from 3.3 to 3.4 until I read that. Is the 64-bit printing issue going to be fixed in the 3.4 series? Suggest you visit the samba web site: http://www.samba.org In the right column is a link to the release notes for 3.4.6 I think it says something like: o Fix printing with 64 bit clients (bug #6888). - John T. Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and Windows 7 do they work together?
On Thu, Mar 04, 2010 at 09:22:56AM +, Moray Henderson wrote: John Drescher wrote: Yes. They work fine together. You need samba-3.3.X or greater. 3.4.X does not allow printing under 64 bit clients but 3.3 or 3.5 are good. I was about to upgrade from 3.3 to 3.4 until I read that. Is the 64-bit printing issue going to be fixed in the 3.4 series? Yes, it was fixed in 3.4.6 (now out). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and Windows 7 do they work together?
Jeremy Allison wrote: Yes. They work fine together. You need samba-3.3.X or greater. 3.4.X does not allow printing under 64 bit clients but 3.3 or 3.5 are good. I was about to upgrade from 3.3 to 3.4 until I read that. Is the 64-bit printing issue going to be fixed in the 3.4 series? Yes, it was fixed in 3.4.6 (now out). Great - thanks for all your hard work! Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and Windows 7 do they work together?
On Tue, Mar 2, 2010 at 1:20 PM, Ally Biggs bluechr...@hotmail.co.uk wrote: Hello everyone I am new to this mailing list, I wish to setup a PDC at home using Samba and LDAP, my main concern is that I have a few Windows 7 machines which will be joining the Domain. I researched a few forums and have seen that people have been having trouble with getting 7 and Samba to work. Has anyone had any sucess in setting up a Domain controller to work with Windows 7. Yes. They work fine together. You need samba-3.3.X or greater. 3.4.X does not allow printing under 64 bit clients but 3.3 or 3.5 are good. To logon the domain you will need the registry entries for samba 3.4.X, 3.3.X http://wiki.samba.org/index.php/Windows7 John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA and Windows 2008 TSE licence Server
You are probably right. Remember that a Samba domain is based on a Windows NT technology, more than ten years old. Almost everything Microsoft now relies on Active Directory. Create an Active Directory domain with a Windows domain controller, and make your Samba Server a member. Samba works beautifully in an AD domain, just not as controller. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of Mercier Sent: Friday, February 12, 2010 6:41 AM To: samba@lists.samba.org Subject: [Samba] SAMBA and Windows 2008 TSE licence Server Hi all! I can't use the TSE licence server in Windows 2008 server. This Server is member of my Samba Domain. My TSE licence server is actived and my licences added, but when i want configure the TSE service and launch the Licence diagnostic the diagnostic failed. I think my problem is due to my Windows Server is not an Active Directory controller. What are the solutions : quit the domain? Activate AD on the server with an other domain? I would like my licence diagnostic work when my server join my Samba Domain. Please do you have any idea? Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA and Windows 2008 TSE licence Server
On Fri, Feb 12, 2010 at 3:40 PM, Mercier julien.merc...@pays-saint-marcellin.fr wrote: I can't use the TSE licence server in Windows 2008 server. This Server is member of my Samba Domain. My TSE licence server is actived and my licences added, but when i want configure the TSE service and launch the Licence diagnostic the diagnostic failed. I think my problem is due to my Windows Server is not an Active Directory controller. What are the solutions : quit the domain? Activate AD on the server with an other domain? I would like my licence diagnostic work when my server join my Samba Domain. you would have the same problem in an AD with a windows 2003 license server. You need a 2008 license server. At least, this happened to us, the 2008 TS would not use the 2003 license server and the event log message was quite clear about why. It's been a while so I no longer have the details handy, but upgrading to 2008 really means 'upgrade'. -- natxo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba access Windows Vista and Seven
From: Claudio Guzman [mailto:cguzm...@gmail.com] need to update some settings or install any special protocol? best regards http://wiki.samba.org/index.php/Windows7 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.4 Windows 7 offline folders
Just to let you know, I tested this feature with a Windows 7 Ultimate 32 bits and samba 3.4.3 and didn't found any problems :) Nelson Vale On Friday 22 January 2010 06:54:00 Martin Hochreiter wrote: Am 2010-01-21 23:42, schrieb Jeremy Allison: On Thu, Jan 21, 2010 at 07:50:53PM +, nf-vale wrote: Is this issue only related with Windows 7 clients or does it affect other Windows versions too (I'm using Samba 3.4.3 version)? The offline files bug was only reported against a specific version of Windows Vista, but I wouldn't be surprised if it affected other versions too. Jeremy. Hi to all! I can only tell report the issue on Windows 7 32 bit only. We don't use vista and Windows XP is still working without problems. As I told you - with 3.4.5 we didn't had any issues yet. regards Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.4 Windows 7 offline folders
Is this issue only related with Windows 7 clients or does it affect other Windows versions too (I'm using Samba 3.4.3 version)? On Thursday 21 January 2010 07:58:32 Martin Hochreiter wrote: We did fix a bug in this recently (with Microsoft's help). But it should definately be fixed in 3.4.4. I'll take a look at this once I'm back with my full test environment (next week). In the meantime can you log a bug at bugzilla.samba.org so this problem doesn't get lost. Thanks, Jeremy. Jeremy, we don't had the issue with Samba 3.4.5 the last 2 days anymore. If it occurs again somewhere on our clients i will open a bug ticket. Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.4 Windows 7 offline folders
On Thu, Jan 21, 2010 at 07:50:53PM +, nf-vale wrote: Is this issue only related with Windows 7 clients or does it affect other Windows versions too (I'm using Samba 3.4.3 version)? The offline files bug was only reported against a specific version of Windows Vista, but I wouldn't be surprised if it affected other versions too. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.4 Windows 7 offline folders
Am 2010-01-21 23:42, schrieb Jeremy Allison: On Thu, Jan 21, 2010 at 07:50:53PM +, nf-vale wrote: Is this issue only related with Windows 7 clients or does it affect other Windows versions too (I'm using Samba 3.4.3 version)? The offline files bug was only reported against a specific version of Windows Vista, but I wouldn't be surprised if it affected other versions too. Jeremy. Hi to all! I can only tell report the issue on Windows 7 32 bit only. We don't use vista and Windows XP is still working without problems. As I told you - with 3.4.5 we didn't had any issues yet. regards Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.4 Windows 7 offline folders
We did fix a bug in this recently (with Microsoft's help). But it should definately be fixed in 3.4.4. I'll take a look at this once I'm back with my full test environment (next week). In the meantime can you log a bug at bugzilla.samba.org so this problem doesn't get lost. Thanks, Jeremy. Jeremy, we don't had the issue with Samba 3.4.5 the last 2 days anymore. If it occurs again somewhere on our clients i will open a bug ticket. Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.4 Windows 7 offline folders
We did fix a bug in this recently (with Microsoft's help). But it should definately be fixed in 3.4.4. I'll take a look at this once I'm back with my full test environment (next week). In the meantime can you log a bug at bugzilla.samba.org so this problem doesn't get lost. Thanks, Jeremy. Thank you Jeremey ... as we use offline folders intensive it's a little bit annoying for us, you can imagine - we will do some testing today with the newer 3.4.5 and if the situation is unchanged, I'll open a ticket. regards Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.4 Windows 7 offline folders
On Mon, Jan 18, 2010 at 09:46:24PM +0100, Martin Hochreiter wrote: Hi! Is it possible that Samba 3.4 has some problems with offline folder synchronisation on windows 7 clients? I can't get it really working. I added this entries according to another user experiencing similar problems to the share: [homes] [...] create mask = 0611 oplocks = yes level2 oplocks = yes map archive = yes map system = yes map hidden = yes So windows 7 starts the sync at least (before it cancels it immediately after starting it) but a problem remains: If I change one file offline OR online windows 7 complains a conflict because the 2 files have changed on serverside and offline!? I read that you can check if the samba version is too old for offline folders by searching for that lines in the samba log: ... I have that lines although I have Samba 3.4.4 call_nt_transact_ioctl(0x901af): Currently not implemented. can somebody give me a hint please how I get windows 7 Samba offline folders working? We did fix a bug in this recently (with Microsoft's help). But it should definately be fixed in 3.4.4. I'll take a look at this once I'm back with my full test environment (next week). In the meantime can you log a bug at bugzilla.samba.org so this problem doesn't get lost. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.2 Windows 7 (using samba wiki) no domain join possible
Ralf Hornik Mailings r...@best.homeunix.org wrote: using http://wiki.samba.org/index.php/Windows7 and trying to join I get this Error Message: More data available with no log entries on the smb side. It does not seem that the Windows machine talks to samba. Mapping shares work well insteed. No ideas? I use 64bit Windows 7 with 64bit dwords in the registry. Could this be the poroblem? I see any body else uses samba 3.4.2 with windows 7 so I estimate my problem istn't really complex ;-). But I dont see any changes in logfiles on samba side, when I try to join. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and Windows Server 2003 Native Functional Level
On Fri, Aug 21, 2009 at 08:46:24AM -0400, William O'Leary wrote: Anyone? :) I have a mix of Solaris 9 and 10 machines running versions of samba from 2.2.12 to 3.0.24. I would like to know if I upgrade all of my Domain Controllers to 2003, and change the functional level to 2003 Native, what version of Samba at a minimum would I need to be running so that things still work. Samba 2 will definitely not work, normally W2k3 DCs require SMB signing which Samba 2 does not do. 3.0.24 *should* work, but it is end of life. So if you're facing difficulties, you're on your own. 3.3 and 3.4 are actively maintained, 3.2 is security fixes only. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.0 + windows 7
On Sun, Aug 16, 2009 at 07:52:59PM +0300, Eero Volotinen wrote: What is status of Windows 7 with samba 3.4.0 version? We're trying to make sure that 3.4.1 will work seamlessly with Win7 RTM code (at least I'm considering any such bug a show-stopper for 3.4.1). So 3.4.1 might slip a little for this - this is Karolin's final decision of course. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and Windows Server 2008 64bit
On Thu, Feb 12, 2009 at 01:13:47PM -0500, Darrell A. Sullivan, II wrote: Failure Information: Failure Reason: An Error occured during Logon. Status: 0xc002002e Sub Status: 0x0 I looked up the 0xc002002e error and that is evidently RPC_NT_PROCNUM_OUT_OF_RANGE. This sounds a lot like https://bugzilla.samba.org/show_bug.cgi?id=6100 Can you please send a debug level 10 log of the pdc smbd, so that we can be sure about that? Thanks, Volker pgphQm8czliZ1.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba, Solaris, Windows 2008 - Kerberos Guess Realm Wrong?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Paul, I just wanted to state that I am seeing this issue as well. Haven't tried your hack yet but I plan to if a better solution won't be provided. Thanks for reporting this to the list! Jelmer Jaarsma Paul Sobey wrote: On Wed, 12 Nov 2008, Paul Sobey wrote: On Wed, 5 Nov 2008, Paul Sobey wrote: I've just built Samba 3.2.4 on Solaris 10, with ADS support. Domain join to a Windows 2008 domain works perfectly, having pre-created the servername in the appropriate OU. In my winbind logs, I see the following (domain name obfuscated): [2008/11/05 11:28:06, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(619) Doing kerberos session setup [2008/11/05 11:28:06, 1] libsmb/clikrb5.c:ads_krb5_mk_req(680) ads_krb5_mk_req: krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot resolve network address for KDC in requested realm) [2008/11/05 11:28:06, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(626) cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot resolve network address for KDC in requested realm The realm is guessed wrongly - only the short name of the domain, rather than the fully qualified realm name, as specified in krb5.conf. My AD full name is foo.bar.com, short name FOO. My question is - when guessing the principal for the target DC, why does Samba guess 'FOO', rather than 'FOO.BAR.COM'? I have a Linux machine joined to the same domain running 3.0.28 which correctly guesses the realm. Not sure whether this helps diagnose, but I just upgraded my Linux desktop to Samba 3.2.4 and now get exactly the same error - winbind is refusing to authenticate me at all. In my pam.conf I have krb5_auth set to try and make winbind authenticate my via kerberos. How can I troubleshoot this? It seems Samba 3.2.4 gets the Kerberos realm wrong when authenticating against Windows 2008. I thought it was a Solaris issue before but it seems to be OS independent. Is anybody else seeing it? Not sure whether this helps anybody, but by patching the source of libsmb/cliconnect.c with the following, ie hard coding the proper name of the Kerberos realm, the error goes away. 893a894 DEBUG(3,(cli_session_setup_spnego: dest_realm is %s\n, dest_realm)); 895a897,900 DEBUG(3,(cli_session_setup_spnego: hacking realm!\n, dest_realm)); realm = SMB_STRDUP(FOO.BAR.COM); strupper_m(realm); DEBUG(3,(cli_session_setup_spnego: realm is now %s\n, realm)); 896a902 DEBUG(3,(cli_session_setup_spnego: getting realm from cache\n, realm)); To reiterate - under 3.2.4 code, 'realm' gets set to 'FOO', rather than 'FOO.BAR.COM'. Difference in winbind logs: Bad version: [2008/11/12 15:49:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(839) got [EMAIL PROTECTED] [2008/11/12 15:49:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(880) cli_session_setup_spnego: got a bad server principal, trying to guess ... [2008/11/12 15:49:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(908) cli_session_setup_spnego: guessed server [EMAIL PROTECTED] [2008/11/12 15:49:17, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(619) Doing kerberos session setup [2008/11/12 15:49:17, 1] libsmb/clikrb5.c:ads_krb5_mk_req(680) ads_krb5_mk_req: krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot resolve network address for KDC in requested realm) [2008/11/12 15:49:17, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(626) cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot resolve network address for KDC in requested realm [2008/11/12 15:49:17, 4] winbindd/winbindd_cm.c:cm_prepare_connection(843) failed kerberos session setup with Cannot resolve network address for KDC in requested realm [2008/11/12 15:49:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(804) Doing spnego session setup (blob length=124) Hacked version: [2008/11/12 18:23:55, 3] libsmb/cliconnect.c:cli_session_setup_spnego(839) got [EMAIL PROTECTED] [2008/11/12 18:23:55, 3] libsmb/cliconnect.c:cli_session_setup_spnego(880) cli_session_setup_spnego: got a bad server principal, trying to guess ... [2008/11/12 18:23:55, 3] libsmb/cliconnect.c:cli_session_setup_spnego(894) cli_session_setup_spnego: dest_realm is FOO [2008/11/12 18:23:55, 3] libsmb/cliconnect.c:cli_session_setup_spnego(897) cli_session_setup_spnego: hacking realm! [2008/11/12 18:23:55, 3] libsmb/cliconnect.c:cli_session_setup_spnego(900) cli_session_setup_spnego: realm is now FOO.BAR.COM [2008/11/12 18:23:55, 3] libsmb/cliconnect.c:cli_session_setup_spnego(914) cli_session_setup_spnego: guessed server [EMAIL PROTECTED] [2008/11/12 18:23:55, 2]
Re: [Samba] Samba, Solaris, Windows 2008 - Kerberos Guess Realm Wrong?
On Wed, 12 Nov 2008, Paul Sobey wrote: On Wed, 5 Nov 2008, Paul Sobey wrote: I've just built Samba 3.2.4 on Solaris 10, with ADS support. Domain join to a Windows 2008 domain works perfectly, having pre-created the servername in the appropriate OU. In my winbind logs, I see the following (domain name obfuscated): [2008/11/05 11:28:06, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(619) Doing kerberos session setup [2008/11/05 11:28:06, 1] libsmb/clikrb5.c:ads_krb5_mk_req(680) ads_krb5_mk_req: krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot resolve network address for KDC in requested realm) [2008/11/05 11:28:06, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(626) cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot resolve network address for KDC in requested realm The realm is guessed wrongly - only the short name of the domain, rather than the fully qualified realm name, as specified in krb5.conf. My AD full name is foo.bar.com, short name FOO. My question is - when guessing the principal for the target DC, why does Samba guess 'FOO', rather than 'FOO.BAR.COM'? I have a Linux machine joined to the same domain running 3.0.28 which correctly guesses the realm. Not sure whether this helps diagnose, but I just upgraded my Linux desktop to Samba 3.2.4 and now get exactly the same error - winbind is refusing to authenticate me at all. In my pam.conf I have krb5_auth set to try and make winbind authenticate my via kerberos. How can I troubleshoot this? It seems Samba 3.2.4 gets the Kerberos realm wrong when authenticating against Windows 2008. I thought it was a Solaris issue before but it seems to be OS independent. Is anybody else seeing it? Not sure whether this helps anybody, but by patching the source of libsmb/cliconnect.c with the following, ie hard coding the proper name of the Kerberos realm, the error goes away. 893a894 DEBUG(3,(cli_session_setup_spnego: dest_realm is %s\n, dest_realm)); 895a897,900 DEBUG(3,(cli_session_setup_spnego: hacking realm!\n, dest_realm)); realm = SMB_STRDUP(FOO.BAR.COM); strupper_m(realm); DEBUG(3,(cli_session_setup_spnego: realm is now %s\n, realm)); 896a902 DEBUG(3,(cli_session_setup_spnego: getting realm from cache\n, realm)); To reiterate - under 3.2.4 code, 'realm' gets set to 'FOO', rather than 'FOO.BAR.COM'. Difference in winbind logs: Bad version: [2008/11/12 15:49:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(839) got [EMAIL PROTECTED] [2008/11/12 15:49:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(880) cli_session_setup_spnego: got a bad server principal, trying to guess ... [2008/11/12 15:49:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(908) cli_session_setup_spnego: guessed server [EMAIL PROTECTED] [2008/11/12 15:49:17, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(619) Doing kerberos session setup [2008/11/12 15:49:17, 1] libsmb/clikrb5.c:ads_krb5_mk_req(680) ads_krb5_mk_req: krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot resolve network address for KDC in requested realm) [2008/11/12 15:49:17, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(626) cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot resolve network address for KDC in requested realm [2008/11/12 15:49:17, 4] winbindd/winbindd_cm.c:cm_prepare_connection(843) failed kerberos session setup with Cannot resolve network address for KDC in requested realm [2008/11/12 15:49:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(804) Doing spnego session setup (blob length=124) Hacked version: [2008/11/12 18:23:55, 3] libsmb/cliconnect.c:cli_session_setup_spnego(839) got [EMAIL PROTECTED] [2008/11/12 18:23:55, 3] libsmb/cliconnect.c:cli_session_setup_spnego(880) cli_session_setup_spnego: got a bad server principal, trying to guess ... [2008/11/12 18:23:55, 3] libsmb/cliconnect.c:cli_session_setup_spnego(894) cli_session_setup_spnego: dest_realm is FOO [2008/11/12 18:23:55, 3] libsmb/cliconnect.c:cli_session_setup_spnego(897) cli_session_setup_spnego: hacking realm! [2008/11/12 18:23:55, 3] libsmb/cliconnect.c:cli_session_setup_spnego(900) cli_session_setup_spnego: realm is now FOO.BAR.COM [2008/11/12 18:23:55, 3] libsmb/cliconnect.c:cli_session_setup_spnego(914) cli_session_setup_spnego: guessed server [EMAIL PROTECTED] [2008/11/12 18:23:55, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(619) Doing kerberos session setup [2008/11/12 18:23:55, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(604) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Thu, 13 Nov 2008 04:23:55 GMT [2008/11/12 18:23:55, 3] libsmb/clikrb5.c:ads_krb5_mk_req(713) ads_krb5_mk_req: server marked as OK to
Re: [Samba] Samba, Solaris, Windows 2008 - Kerberos Guess Realm Wrong?
On Wed, 5 Nov 2008, Paul Sobey wrote: I've just built Samba 3.2.4 on Solaris 10, with ADS support. Domain join to a Windows 2008 domain works perfectly, having pre-created the servername in the appropriate OU. In my winbind logs, I see the following (domain name obfuscated): [2008/11/05 11:28:06, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(619) Doing kerberos session setup [2008/11/05 11:28:06, 1] libsmb/clikrb5.c:ads_krb5_mk_req(680) ads_krb5_mk_req: krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot resolve network address for KDC in requested realm) [2008/11/05 11:28:06, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(626) cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot resolve network address for KDC in requested realm The realm is guessed wrongly - only the short name of the domain, rather than the fully qualified realm name, as specified in krb5.conf. My AD full name is foo.bar.com, short name FOO. My question is - when guessing the principal for the target DC, why does Samba guess 'FOO', rather than 'FOO.BAR.COM'? I have a Linux machine joined to the same domain running 3.0.28 which correctly guesses the realm. Not sure whether this helps diagnose, but I just upgraded my Linux desktop to Samba 3.2.4 and now get exactly the same error - winbind is refusing to authenticate me at all. In my pam.conf I have krb5_auth set to try and make winbind authenticate my via kerberos. How can I troubleshoot this? It seems Samba 3.2.4 gets the Kerberos realm wrong when authenticating against Windows 2008. I thought it was a Solaris issue before but it seems to be OS independent. Is anybody else seeing it? Cheers, Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC windows XP logon scripts
Koen Linders schrieb: Server:Debian etch (kernel 2.6.18-4-686) Samba 3.0.24 (PDC) Workstations: Windows XP Pro SP2 fully updated I want to have my windows xp users to login locally to their machine, but still have them automaticly check the netlogon share or something like that to apply network mappings and policies per group or user. I have this working when the user logs onto the domain. He gets a profile (which i keep local through gpedit.msc). I also know of a way to apply all those things locally to every machine, but obviously i want to have this another way. Domain login could be ok if it's a new user, but i'm talking about +- 50 workstations with local profiles already in use. And it would be the best to manage them centrally via the server. Anyway to apply this some way? I've been searching a lot, and it seems to me at the moment i have to change everything to every workstations (policy and network drive mapping) without having to do a lot of jiggling locally with their profiles. I rather don't. I guess i'm not the only one who encountered this problem. Any suggestions would be very welcome. Thx for reading, Koen Linders Hi, Logon-scripts are one of the features of domain-logons. you can not get them easily from windows without logging into the domain. This is a windows-function, not a samba-thing. perhaps you would be able to emulate it with a script on every workstation that knows the domaincontroler, the share where the logonscripts are stored, and the user actualy logged in, and which is run for everyone logging localy on to the workstation. You'll have to write this script, distribute it to every wonrstation by hand and make shure it gets run. It is much less trouble to move the actualy used profiles into the domain, there are many howto's on this topic in the net, and ,afaik, even in the docs on samba.org Christoph -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC windows XP logon scripts
I would really suggest using a domain, it greatly reduces management overheads and just generally makes life easier. It isn't too difficult to deal with swapping profiles and the like around. Last time I had to migrate about 80 machines I wrote a vb script to rename the machine, join it to the domain and migrate the local user profile to the domain user. I don't have a copy of it at the moment, but the basic parts of it are fairly well documented. Good luck. *Michael Heydon - IT Administrator * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Koen Linders wrote: Server:Debian etch (kernel 2.6.18-4-686) Samba 3.0.24 (PDC) Workstations: Windows XP Pro SP2 fully updated I want to have my windows xp users to login locally to their machine, but still have them automaticly check the netlogon share or something like that to apply network mappings and policies per group or user. I have this working when the user logs onto the domain. He gets a profile (which i keep local through gpedit.msc). I also know of a way to apply all those things locally to every machine, but obviously i want to have this another way. Domain login could be ok if it's a new user, but i'm talking about +- 50 workstations with local profiles already in use. And it would be the best to manage them centrally via the server. Anyway to apply this some way? I've been searching a lot, and it seems to me at the moment i have to change everything to every workstations (policy and network drive mapping) without having to do a lot of jiggling locally with their profiles. I rather don't. I guess i'm not the only one who encountered this problem. Any suggestions would be very welcome. Thx for reading, Koen Linders -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba