[Samba] Samba benefits.
Hi, First of all, excuse me if this topic could be already posted in the past but I can't believed on that. I'm working for a big company which have some plants in America and Europe.Americans plants works prevalently with MS Server while Europe plants works on both MS and Linux-Samba.Our rightly compromise was to keep both systems work togheter (samba domain member). My samba file server running fine and it doesn't gave me any problems. Actually someone start a challenge between Ms and Samba, so I have report benefits about it and I'm asking you if you have some links where I can find technical informations about performance benefints and any others stuff to confirm that Samba is better than W3K. I already know that are two OS quite differents and some things are better for Samba and others are better for W3K, and just in front of the fact the first one is totally free.This is ones of the big benefits! I hope you have got the picture. Thanks a lot. Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba HA on two nodes
I have been using a samba 2 node cluster for over a year now; it has been very successful. I have a PDC/LDAP Master BDC/LDAP Slave configuration. I have heartbeat configured, and DRBD Raid1 over LAN for the home directories/profiles. In the smbldap.conf I have the profiles & home pointing to the clusters virtual IP as DRBD can only have one partition mount on the cluster at any one time. This means if the BDC handles a logon without the share mounted; it will use the share mounted on the PDC. :S To me it has proven itself to be a very successful overall configuration. Regards, Adrian Sender. - From: David Schlenk <[EMAIL PROTECTED]> To: HENRY Vincent <[EMAIL PROTECTED]> Cc: samba@lists.samba.org Subject: Re: [Samba] Samba HA on two nodes Sent: Thursday, 24 November 2005 1:58:07 AM On Nov 21, 2005, at 5:42 AM, HENRY Vincent wrote: Is anybody succeed to run a configuration on a two node clusters with Samba installed on each machine? I compiled two versions on different directories (/usr/local/samba1 and samba2). At this point, I can run 2 samba's on one node in case of failure but problems are on Active Directory authentication for the Fallback node. Yes, I am, but it does not do file sharing, just printing. What I did was set up a logical IP on both machines and if the fallback node detected that the other node's primary IP went down, it would turn on that interface and start samba. Not exactly the most perfect setup but it seems to work pretty well. I use regularly scheduled rsyncs to keep the various tdbs and printer drivers in sync. For file serving you'd probably want to add a stonith device and then have both machines attached to a scsi array. There's still that array being the single point of failure, but it's better than nothing. David Schlenk Operating Systems Analyst Bethel University [EMAIL PROTECTED] --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group mapping: different SIDs
> > net getlocalsid > > SID for domain PDC is: S-1-5-21-4166838278-3756557259-2095403906 > > net getlocalsid DOMAIN > >SID for domain DOMAIN is: S-1-5-21-2018781741-1218799122-1862565094 > The group mapping shows > > Domain Users (S-1-5-21-4166838278-3756557259-2095403906-513) -> -1 > > Domain Admins (S-1-5-21-4166838278-3756557259-2095403906-512) -> -1 As indicated by the SID, these two groups are local groups, only stored on the Samba machine. > > domadmins (S-1-5-21-2018781741-1218799122-1862565094-512) -> ntadmin > > domusers (S-1-5-21-2018781741-1218799122-1862565094-513) -> users These two groups will *probably* (assuming the SID is correct) map anyone in the domain's "Domain Admins" group to the local "ntadmin" user group. There are two "Domain Admins" groups here - one belongs to the domain itself and is probably the one you want to map, the other only affects the local machine, it's a local group. > - the mapping relating of the self-defined ntgroups "domadmins" and > "domusers" would have no effect in the domain? Assuming you've used the correct SID, in theory anyone in the domain's "Domain Admins" group will be mapped to the "ntadmin" UNIX group. I say in theory, because I was unable to get group mapping to fully work (it seems that if you run winbind the group mapping is for the most part ignored.) > How can I check the domain a pdc is in? Can I do this with "net rpc > testjoin"? When I run this it says "Join to 'DOMAIN' is OK" > Can I fix that by deleting the mappings for "domadmins" and > "domusers" and then mapping the "built-in" ntgroups "Domain Admins" > and "Domain Users" with the correct SID as an additional parameter or > would that cause chaos? That would cause chaos, because I think Samba requires the local groups to be present - I believe that you can add users to the local "Domain Admins" group to give them admin access to Samba. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Thu, Nov 24, 2005 at 10:31:01PM +0100, Jeroen van Meeuwen wrote: > > So you can't use DNS for that sixteenth field of netbios names (like > > <1C>, <1B>, etc). Or can you? > > Dynamic DNS is a setup primarily for networks with DHCP. Using DHCP, you can > only have 1 IP lease per physical interface. This IP, along with the > system's hostname, are registered in DNS, and that's were we resolve the > names you currently use in a Netbios/WINS environment. I understood this part. What I didn't understand is how a DNS server can answer queries like "DOMAIN<1C>" and "DOMAIN<1B>". -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] pdc machine (nt) changes sometimes
Hi all, Here my problem, I'm in a network of 3000 machines. We have about 100 Linux boxes (Ubuntu Breezy). My PDC is a NT4. When something bad happen, my "brilliants" network administrators changes the PDC to another machine. Well, the windows machines, at boot time, discover in the network the PDC to authenticate. I'm authenticating on LDAP, but I need the WINS and Master Browser to navigate in the windows network. How can do the same thing? I'm having this problem with pam_mount too. I have to map the personal areas, and this areas are migrated with the PDC, in the pam_mount.conf the server are set static. Well, thanks everybody. Marcos Antonio Dellazari (45) 3520-6795 Prognus Software Livre www.prognus.com.br -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Reg.Quota for directories
Hi, How to setup quota system for directories in samba server installed in redhat fedora linux. Regards Ramesh J -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] caracter set problem
Hi, I'm from Brazil, and I'm having a problem with special caracters when mounting shares upon Windows XP and 2003. Even using the options codepage=850 and iocharset=utf-8 some caracters like ã, â, ç, á are gone. I've tried a lot of combinations of codepages and charsets, but the best result is the sample above. Thanks in advance Marcos Antonio Dellazari 55 - (45) 3520-6795 Prognus Software Livre www.prognus.com.br -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Req:Deatils about samba interface
hi all, i want to know some information about samba, if any one have time please send the details 1--> how the program on one server can use to read/write "stuff" on other server 2-->i would like to know it is easy/difficult to accessing the stuff, 3--> which posix interface would be used. Regards srr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File extensions
There is a way to denied copy for example mp3 files to a shared directory defined in samba ? ? Thanx ! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] The "single WINS" problem
> > On Thu, Nov 24, 2005 at 10:04:10PM +0100, Jeroen van Meeuwen wrote: > > The Netbios names that are set in smbd/nmbd, are already registered with DNS > > when the network comes up (Dynamic DNS). This will only work properly if you > > have one single Netbios name per machine (Or run several instances on a > > multi-homed box). > > So you can't use DNS for that sixteenth field of netbios names (like > <1C>, <1B>, etc). Or can you? Dynamic DNS is a setup primarily for networks with DHCP. Using DHCP, you can only have 1 IP lease per physical interface. This IP, along with the system's hostname, are registered in DNS, and that's were we resolve the names you currently use in a Netbios/WINS environment. What I said, though, is not entirely true. I could of course add interfaces with different MAC addresses, which would be considered spoofing, and thus lease more IP's and register more DNS records. Or I create interface aliases with static IPs and configure a static IN A record. I could also use a multi-homed box with several NICs, thus lease more IPs, thus registering more DNS records. In all these setups, I also could run several instances of smbd/nmbd, each bound to one interface (or one IP, if you will). Kind regards, Jeroen van Meeuwen -- kanarip -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Group mapping: different SIDs
Hi, I have the following situation concerning group mapping: when I enter > net getlocalsid I get > SID for domain PDC is: S-1-5-21-4166838278-3756557259-2095403906 when I enter > net getlocalsid DOMAIN I get >SID for domain DOMAIN is: S-1-5-21-2018781741-1218799122-1862565094 The group mapping shows > net groupmap list > Domain Users (S-1-5-21-4166838278-3756557259-2095403906-513) -> -1 > Domain Admins (S-1-5-21-4166838278-3756557259-2095403906-512) -> -1 > [...] > domadmins (S-1-5-21-2018781741-1218799122-1862565094-512) -> ntadmin > domusers (S-1-5-21-2018781741-1218799122-1862565094-513) -> users > [...] Does this mean that - the pdc itself is not in the domain (because of the different sid from the domain sid)? - the mapping relating of the self-defined ntgroups "domadmins" and "domusers" would have no effect in the domain? How can I check the domain a pdc is in? Can I do this with "net rpc testjoin"? Can I fix that by deleting the mappings for "domadmins" and "domusers" and then mapping the "built-in" ntgroups "Domain Admins" and "Domain Users" with the correct SID as an additional parameter or would that cause chaos? Thanks in advance. Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Thu, Nov 24, 2005 at 10:04:10PM +0100, Jeroen van Meeuwen wrote: > The Netbios names that are set in smbd/nmbd, are already registered with DNS > when the network comes up (Dynamic DNS). This will only work properly if you > have one single Netbios name per machine (Or run several instances on a > multi-homed box). So you can't use DNS for that sixteenth field of netbios names (like <1C>, <1B>, etc). Or can you? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] The "single WINS" problem
> Subject: Re: [Samba] The "single WINS" problem > > On Thu, Nov 24, 2005 at 09:38:29PM +0100, Jeroen van Meeuwen wrote: > > > > > Subject: [Samba] The "single WINS" problem > > > > > > Everybody encourages Samba admins to enable WINS whenever possible, > and > > > I agree that it helps a lot to solve these networks' problems. It's so > > > good that, when it fails, it's a disaster. > > > > > > How are people coping with the samba limitation of not being able to > > > replicate the WINS database and thus its inability to have more than one > > > WINS server in a domain? > > > > > > > I'm in a hybrid environment using both linux and Windows, and I prefer not > > Who is the PDC? Linux or Windows? > In fact, there is no real PDC, but I understand what you mean. My two Windows 2003 boxes are Domain Controllers, DNS runs on a bind-9.3.1 linux box. > > to use WINS. It would mess up the DDNS environment I currently have set up, > > since at some point Windows still gives WINS a higher priority over DNS. > > Linux, of course, doesn't really care ;) > > So you use DNS for netbios name resolution? Or have you configured samba > to not use netbios? Is it a single network (i.e., broadcast name > resolution works)? The Netbios names that are set in smbd/nmbd, are already registered with DNS when the network comes up (Dynamic DNS). This will only work properly if you have one single Netbios name per machine (Or run several instances on a multi-homed box). Windows boxes (NT 5.1 and later) are used to primarily look up 'simple hostnames' (hostnames without a DNS suffix, whether in a Netbios context or not), suffixed with the system DNS Domain suffix (list), or connection specific domain suffix (set by, for example, DHCP). I find that Windows is 'confused' as soon as I also provide a WINS server (but hey, didn't I expect at least one undocumented feature??). Kind regards, Jeroen van Meeuwen -- kanarip -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Thu, Nov 24, 2005 at 09:38:29PM +0100, Jeroen van Meeuwen wrote: > > > Subject: [Samba] The "single WINS" problem > > > > Everybody encourages Samba admins to enable WINS whenever possible, and > > I agree that it helps a lot to solve these networks' problems. It's so > > good that, when it fails, it's a disaster. > > > > How are people coping with the samba limitation of not being able to > > replicate the WINS database and thus its inability to have more than one > > WINS server in a domain? > > > > I'm in a hybrid environment using both linux and Windows, and I prefer not Who is the PDC? Linux or Windows? > to use WINS. It would mess up the DDNS environment I currently have set up, > since at some point Windows still gives WINS a higher priority over DNS. > Linux, of course, doesn't really care ;) So you use DNS for netbios name resolution? Or have you configured samba to not use netbios? Is it a single network (i.e., broadcast name resolution works)? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] The "single WINS" problem
> Subject: [Samba] The "single WINS" problem > > Everybody encourages Samba admins to enable WINS whenever possible, and > I agree that it helps a lot to solve these networks' problems. It's so > good that, when it fails, it's a disaster. > > How are people coping with the samba limitation of not being able to > replicate the WINS database and thus its inability to have more than one > WINS server in a domain? > I'm in a hybrid environment using both linux and Windows, and I prefer not to use WINS. It would mess up the DDNS environment I currently have set up, since at some point Windows still gives WINS a higher priority over DNS. Linux, of course, doesn't really care ;) Kind regards, Jeroen van Meeuwen -- kanarip -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] The "single WINS" problem
Everybody encourages Samba admins to enable WINS whenever possible, and I agree that it helps a lot to solve these networks' problems. It's so good that, when it fails, it's a disaster. How are people coping with the samba limitation of not being able to replicate the WINS database and thus its inability to have more than one WINS server in a domain? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind memroy leack?
Hello, since two days ago i've noticed that the winbind process take too much memory and it continue growing constantly. I have to restart it every day when it grows to 1.5GB. I'm using the last stable release from samba (3.0.20b-24) with ldap backend.Is there any one who can help me to discover what is wrong with winbind? i always have above 3 winbind processes running and netstat shows me above 160 conections with state CONNECTED from winbind, the logs seems to be right there is no error of any kind. TIA. Marco Rodriguez M. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Performance Problem / failed to verify PAC server signature
Doug VanLeuven wrote: Then I converted it to your system of using a ktpass.exe generated keytab using rc4-hmac. Stopped samba edit smb.conf and remove "use kerberos keytab = yes" Deleted the existing computer account in AD Deleted the existing mapped user account in AD Deleted /etc/krb5.keytab Edit krb5.conf and add rc4-hmac as -first- enctype in list for default_tgs_enctypes, default_tkt_enctypes, permitted_enctypes Deleted samba's private.tdb Deleted samba's winbindd_cache.tdb (just in case) Created a new windows user account to be used for mapping in ktpass.exe Ran ktpass.exe on domain controller with "-DesOnly" Read the new keytab and write /etc/krb5.conf with it Typo: should be /etc/krb5.keytab Run "net ads join" Ethereal trace on port 88 show rc4-hmac negotiated tickets Using a ktpass.exe generated keytab, the AD computer account and the AD mapped user account attribute userAccountControl must agree on the flag UF_USE_DES_KEY_ONLY. They either both indicate it or they both don't indicate it, but they can't be mixed. We'll be enjoying Thanksgiving holiday here. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Propblem in Managing File Permission
Hai All, My Problem is Managing File permission in Samba Share... Through Windows XP... Details I am having a Samba File server that managing 6 TB Volume, i divided it to 6 equal Volumes... so each share is.. 1 TB, and assigned each volume for different Projects... in each projects more then 500 Ppls are working... About the servers performance.. and load balancing... everything is working fine.. with me My problem is Setting the permission only... in each project... not all but many peoples need.. full permission.. So in group wise.. i assigned it to for particular folders here is my problems starts while the ppl who having full permission, create a folder or file.. the ownership comes as in their name only... so none other cant open it... Till i change the ownership.. to "domain administrator" in Linux using chown command and reset the permissions from Windows... Help me if anyone have the idea to overcome this situation.. i cant use "force user =" option... because.. that giving the same access to all users... My Samba servers and all WindowsXP Clients are Authenticating through Windows 2003 ADS samba version samba-3.0.14a-1 is recompiled with "--with-acl-support" is running in Red Hat Enterprise Linux ES (2.6.9-11.EL) Here is my smb.conf configuration file... # Global Settings ==# [global] workgroup = MYDOMAIN server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 security = ads encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no #== Share Definitions ==# #ldap idmap suffix = ou=emplist,dc=dqe,dc=com password server = 172.16.20.200 realm = MYDOMAIN.COM idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash template homedir = /home/%D/%U allow trusted domains = no idmap backend = idmap_rid:DQE=16777216-33554431 winbind use default domain = yes [vol01] path = /vol01_1000 writable = yes public = yes nt acl support = yes create mask = 0755 security mask = 0755 inherit permissions = yes inherit acls = yes force security mode = 0 directory security mask = 0777 force directory security mode = 0 #=# Please Share Your knowledge to solve this problem... Thank You in Advance, Regards, Jerrynikki. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] login script never executed
On Thursday 24 November 2005 09:18, [EMAIL PROTECTED] wrote: > The logon script is now really never executed. > > I've done some more tests : > - I've tested to set the parameters "home directory" "home dir drive" > and "profile path" in tdbsam, these 3 parameters work fine. > - I've tested to mount the netlogon share from a PC not member of the > domain (as guest), it's OK. And tested to run it from a DOS prompt > (C:\>\\server\netlogon\logon.bat), it's OK. > - I've "rm -rf" the netlogon directory, recreated it, and put a logon > script written on a Windows PC. > - I've made sure the session password is verified on the Samba server > and not from a locally cached password. I've setup the number of cached > password to 0, unplugged the network cable to check I have a "no domain > controller found error", replugged the cable and opened my session. > > Still no luck, can't get this logon script to work. > Has anyone some ideas ? Have you checked the worked example network configurations that have network logon scripts in the book "Samba-3 by Example"? You can download a PDF of the book from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf If you still have problems with the examples in this book please let me know so I can correct any mistakes made in the book. - John T. > > Thanks > > [EMAIL PROTECTED] wrote: > > Hello > > > > I have a really strange problem with logon scripts. > > I'm using a version 3.0.20b .deb found on samba.org on a Debian Sarge, > > and a tdbsam backend. > > > > 1) I had no "logon script" in the smb.conf file just the per user > > setting in the tdbsam. Full path to logon script given in tdbsam (e.g. > > \\server\netlogon\logon.bat). I can mount the netlogon share, access > > rigths are good, and I can check the file has DOS style CR/LF. > > What I tested : > > - I change the login script setting in tdbsam (e.g. > > \\server\netlogon\logon2.bat) > > - I open a session on a PC member of the domain (Windows XP SP2) > > - the login script is executed > > - I logoff then I logon again > > - the login script is not executed and will never be executed again when > > I logon > > - I change the login script setting in tdbsam (e.g. > > \\server\netlogon\logon3.bat) > > - the first time I open a session the script is executed > > - it's never executed again, unless I change the setting again > > > > 2) I tried to set logon script parameter in tdbsam with a relative path > > (e.g. logon.bat), never worked as expected. > > > > 3) I tried to set a "login script" parameter in smb.conf (with a > > relative path from the netlogon share) without removing the "login > > script" parameter in tdbsam. Same result a in part 1, only works for the > > first logon after a parameter change. > > > > 4) I tried to set a "login script" parameter in smb.conf removing the > > logon script parameter from tdbsam, never worked. > > > > > > Same thing with another user user on the same computer, same thing on > > another computer. > > > > If I go in /var/log/samba/testpc.log I have lines : > > - connect to service netlogon initially as user testuser > > - closed connection to service netlogon > > I always have these, the login script being executed or not. > > > > > > Has anyone some suggestions on this one ? > > > > Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] login script never executed
The logon script is now really never executed. I've done some more tests : - I've tested to set the parameters "home directory" "home dir drive" and "profile path" in tdbsam, these 3 parameters work fine. - I've tested to mount the netlogon share from a PC not member of the domain (as guest), it's OK. And tested to run it from a DOS prompt (C:\>\\server\netlogon\logon.bat), it's OK. - I've "rm -rf" the netlogon directory, recreated it, and put a logon script written on a Windows PC. - I've made sure the session password is verified on the Samba server and not from a locally cached password. I've setup the number of cached password to 0, unplugged the network cable to check I have a "no domain controller found error", replugged the cable and opened my session. Still no luck, can't get this logon script to work. Has anyone some ideas ? Thanks [EMAIL PROTECTED] wrote: > Hello > > I have a really strange problem with logon scripts. > I'm using a version 3.0.20b .deb found on samba.org on a Debian Sarge, > and a tdbsam backend. > > 1) I had no "logon script" in the smb.conf file just the per user > setting in the tdbsam. Full path to logon script given in tdbsam (e.g. > \\server\netlogon\logon.bat). I can mount the netlogon share, access > rigths are good, and I can check the file has DOS style CR/LF. > What I tested : > - I change the login script setting in tdbsam (e.g. > \\server\netlogon\logon2.bat) > - I open a session on a PC member of the domain (Windows XP SP2) > - the login script is executed > - I logoff then I logon again > - the login script is not executed and will never be executed again when > I logon > - I change the login script setting in tdbsam (e.g. > \\server\netlogon\logon3.bat) > - the first time I open a session the script is executed > - it's never executed again, unless I change the setting again > > 2) I tried to set logon script parameter in tdbsam with a relative path > (e.g. logon.bat), never worked as expected. > > 3) I tried to set a "login script" parameter in smb.conf (with a > relative path from the netlogon share) without removing the "login > script" parameter in tdbsam. Same result a in part 1, only works for the > first logon after a parameter change. > > 4) I tried to set a "login script" parameter in smb.conf removing the > logon script parameter from tdbsam, never worked. > > > Same thing with another user user on the same computer, same thing on > another computer. > > If I go in /var/log/samba/testpc.log I have lines : > - connect to service netlogon initially as user testuser > - closed connection to service netlogon > I always have these, the login script being executed or not. > > > Has anyone some suggestions on this one ? > > Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] test please ignore
test please ignore -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] No account in domain for workstation after upgrade
Hi, I'm trying to upgrade an old samba-ldap PDC (2.2.x) to a newer one. I use the same machine, so i've dumped the ldap database and imported it on the new config (using the perl script provided in samba to convert accounts), edited all my config files, and then started the new PDC. All seems to run fine, smbldap-tools still works, but there is a problem on windows workstations. When a user try to login it fails saying that they cannoct contact the PDC or the workstation is not allowed to login. In samba's logs i've got the following error message : [2005/10/24 12:16:32, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: ISABELLE$ [2005/10/24 12:16:32, 0] rpc_server/srv_netlog_nt.c:get_md4pw(261) get_md4pw: Workstation ISABELLE$: no account in domain But the account exist in ldap, and looks fine. The only solution i've found do far is to rejoin the domain on the workstation "using network id wizard". Is there any way to solve it on the server side ? Your advise will be much appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] connecting from Windows XP x64 Edition
Hi, I'm having exactly the same problem in my environment. We're running Samba on 5 Solaris 9 servers (both Sparc and x86) and I receive the same error message when I try to connect from a Windows XP 64 bit client. I've changed the SECURITY parameter to USER in the smb.conf file and that gives me the ability to authenticate on the local machine, but I need to have this working in a domain environment. Any suggestions or help would be much appreciated. Thx, Tommy Magnusson >> Hi there, >> >> I have a problem connecting from a Windows XP x64 Edition machine >> >> >> (nettle) to a Samba server (zeus). >> >> When I open an Explorer window and enter "\\zeus\work" in the address >> >> >> line, I receive an error message: "Widnows cannot find '\\zeus\work'. >> >> >> Check the spelling and try again, or try searching for the item by >> >> >> clicking the Start button and then clicking Search." >> >> Okay, Windows wants me to search for zeus, and I will do so. Look, it is >> >> >> found! But when I click on zeus in the "Search Results - Computers" >> >> >> window, Windows x64 says: "\\zeus is not accessible. You might not have >> permission to use this network resource. Contact the administrator of >> >> this server to find out if you have access permissions. The >> >> request is not supported." >> >> Of course I checked with the administrator of zeus and nettle (luckily >> >> >> that's me) and made sure I am allowed to access the share on zeus. And >> >> >> of course there is no Firewall or anything the like running on nettle. >> >> But now things become really strange: nettle actually is a dual-boot >> >> >> system, and when it is running Windows XP (32 bit), it can connect to >> >> >> zeus' shares instantly. But even when running XP x64, it can connect to >> other Samba servers running the same version and other versions of Samba. >> >> The whole issue is driving me nuts ... I double-checked the other >> >> >> servers' Samba configuration with that of zeus - to no avail. >> >> That's where I am now, so I ask you: Do you know about this problem or >> >> >> maybe even have a solution? Or perhaps you can at least give me some >> >> >> advice on how to proceed to further "debug" this issue. >> >> Here's the info about zeus: >> >> zeus# pkg_info | grep samba >> samba-3.0.20b,1 A free SMB and CIFS client and server for UNIX >> zeus# uname -a >> FreeBSD zeus 5.4-STABLE FreeBSD 5.4-STABLE #2: Thu Apr 7 19:19:51 CEST >> 2005 root at baghira:/usr/obj/usr/src/sys/GENERIC i386 >> >> And that's nettle: >> >> Microsoft Windows [Version 5.2.3790] >> (C) Copyright 1985-2003 Microsoft Corp. >> >> One of the other Samba servers that nettle can reach while running x64 >> >> >> looks like this: >> >> ollik:root # pkg_info | grep samba >> samba-3.0.11,1 A free SMB and CIFS client and server for UNIX >> ollik:root # uname -a >> FreeBSD ollik 5.4-PRERELEASE FreeBSD 5.4-PRERELEASE #2: Fri Feb 25 >> >> 19:00:04 CET 2005 root at ollikn:/usr/obj/usr/src/sys/MOD64 amd64 >> >> Thanks in advance for your help. >> >> Bye, K&K, >> T-Zee >> -- Tommy Magnusson Fox Technologies Kungsängsv. 19 753 23 Uppsala, Sweden +46 18 16 00 00 (Main) +46 18 16 00 10 (Support) +46 18 12 43 34 (Fax) -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[samba] FAILED with error NT_STATUS_UNSUCCESSFUL
Hi List, The last couple of days we have been having intermittent problems with our samba domain. We have 3.0.14a (from source) on a Suse Linux box. Samba has been working great since we used it but now we seem to get the issue of some people not being able to connect to a share ,this is the error: [2005/11/24 11:30:00, 0] auth/auth_sam.c:check_sam_security(324) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' [2005/11/24 11:30:00, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [wq0mjo] -> [wq0mjo] FAILED with error NT_STATUS_UNSUCCESSFUL [2005/11/24 11:30:00, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580) Returning domain sid for domain UNI-STAFF -> S-1-5-21-82148923-2461359520-1342846908 [2005/11/24 11:30:00, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened The weird thing is, 2 minutes later it works, then doesnt?!! Could this be a local network probelm we are having, we have a large flat class B network! Kind Regards -- Daniel Wilson Systems Manager Student and Learning Support University of Sunderland Tel: 0191 515 2695 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrading problems
I'm having a problem to upgrade the Samba version from 2.0.8 to 3.0.10 from sunfreeware.com. All works fine witch the exception of one application called StateMate. It works fine with the old Samba 2.0.8 but when I use Samba 3.0.10 I only get Segmentaion Fault when I try to start the application. Perhaps the oplocks or something makes the application to segmentation fault. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with ls and find on NetApp Server (The Trace)
[EMAIL PROTECTED]:/dir/on/filer> strace ls
execve("/bin/ls", ["ls"], [/* 60 vars */]) = 0
uname({sys="Linux", node="mond", ...}) = 0
brk(0) = 0x805b000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=65435, ...}) = 0
old_mmap(NULL, 65435, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40018000
close(3)= 0
open("/lib/tls/librt.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\35"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=39969, ...}) = 0
old_mmap(NULL, 33384, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x
40028000
madvise(0x40028000, 33384, MADV_SEQUENTIAL|0x1) = 0
old_mmap(0x4002f000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYW
RITE, 3, 0x6000) = 0x4002f000
close(3)= 0
open("/lib/libacl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\22"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=31307, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0
x40031000
old_mmap(NULL, 24244, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x
40032000
madvise(0x40032000, 24244, MADV_SEQUENTIAL|0x1) = 0
old_mmap(0x40037000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYW
RITE, 3, 0x4000) = 0x40037000
close(3)= 0
open("/lib/libselinux.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\37"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=66853, ...}) = 0
old_mmap(NULL, 56136, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x
40038000
madvise(0x40038000, 56136, MADV_SEQUENTIAL|0x1) = 0
old_mmap(0x40045000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYW
RITE, 3, 0xd000) = 0x40045000
close(3)= 0
open("/lib/tls/libc.so.6", O_RDONLY)= 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0L\1\000"..., 512)
= 51
2
fstat64(3, {st_mode=S_IFREG|0755, st_size=1359489, ...}) = 0
old_mmap(NULL, 1137708, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) =
0x40046000
madvise(0x40046000, 1137708, MADV_SEQUENTIAL|0x1) = 0
mprotect(0x40155000, 27692, PROT_NONE) = 0
old_mmap(0x40156000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENY
WRITE, 3, 0x10f000) = 0x40156000
old_mmap(0x4015a000, 7212, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONY
MOUS, -1, 0) = 0x4015a000
close(3)= 0
open("/lib/tls/libpthread.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300G\0"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=90783, ...}) = 0
old_mmap(NULL, 70124, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x
4015c000
madvise(0x4015c000, 70124, MADV_SEQUENTIAL|0x1) = 0
old_mmap(0x4016a000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYW
RITE, 3, 0xd000) = 0x4016a000
old_mmap(0x4016c000, 4588, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONY
MOUS, -1, 0) = 0x4016c000
close(3)= 0
open("/lib/libattr.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\v\0\000"..., 512)
= 51
2
fstat64(3, {st_mode=S_IFREG|0644, st_size=14256, ...}) = 0
old_mmap(NULL, 12816, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x
4016e000
madvise(0x4016e000, 12816, MADV_SEQUENTIAL|0x1) = 0
old_mmap(0x40171000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYW
RITE, 3, 0x2000) = 0x40171000
close(3)= 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0
x40172000
mprotect(0x40156000, 4096, PROT_READ) = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0x401726a0, limit:1048575,
seg_
32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
usea
ble:1}) = 0
munmap(0x40018000, 65435) = 0
set_tid_address(0x401726e8) = 4678
rt_sigaction(SIGRTMIN, {0x40160720, [], SA_SIGINFO}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY})
= 0
_sysctl({{CTL_KERN, KERN_VERSION}, 2, 0xbfffee88, 35, (nil), 0}) = 0
access("/etc/selinux/", F_OK) = -1 ENOENT (No such file or
directory)
brk(0) = 0x805b000
brk(0x807c000) = 0x807c000
open("/proc/mounts", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40
018000
read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 632
read(3, "", 1024) = 0
close(3)= 0
munmap(0x40018000, 4096)= 0
open("/usr/lib/locale/locale-archive", O_RDONLY|
[Samba] Problems with ls and find on NetApp Server
Hello, we are using Samba Client to connect to cifs shares of a Network Appliance file server. In 80 % of the cases i do a ls, I always get an [EMAIL PROTECTED]:/dir/on/filer> ls ls: reading directory .: Cannot allocate memory error. Using ls on local filesystem or on Win2k smb shares works without a problem. I have a attached a trace to this message. (See attached file: strace.txt) We use Samba 3.0.20b on SuSE Linux 9.2 with 2.6.8 Kernel. I hope that someone can help me out with this Problem. Kind regards Christoph Rademacher IT Department dba Luftfahrtgesellschaft mbh Terminal 1, Modul A, Terminalstrasse West, D85356 München - Flughafen E-Mail: [EMAIL PROTECTED] Telefon: +49 (0) 89 975 91423 Telefax: +49 (0) 89 975 91211 Internet: http://www.flydba.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba + cups
Hi to all! I have some problem using samba 3.0.20d and cups. I set cups to authenticate users (authentication http basic) for /, /jobs and /admin. When a windows user (authenticated in samba like print user) try to print, the print job is rejected by cups (cups logs contain username="" and error=401 Unauthorized). When a windows user (authenticated in samba like printer admin) try to print, the print job is accepted in cups (cups logs contain username="root" and job queued by 'root'). My question is: how cups get credential by samba? (or how samba pass username and password to cups?) I need to set up a print server in a lan windows/linux and so I want to set cups to authenticate users (else linux workstations can print without control) (windows workstations are authenticated by samba). I googled a lot but without results, I think that only here I can get this information. Thanks to all, Fabio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Performance Problem / failed to verify PAC server signature
Christoph Kaegi wrote: On 23.11-02:22, Doug VanLeuven wrote: Well, no. Maybe. Yes. Been a while since I confronted moving between des & arc4. in source/libads/ldap.c #ifndef ENCTYPE_ARCFOUR_HMAC acct_control |= UF_USE_DES_KEY_ONLY; #endif I have in source/include/config.h: /* Whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type is available */ /* #undef HAVE_ENCTYPE_ARCFOUR_HMAC_MD5 */ Heimdal kerberos defines rc4-hmac this way. From MIT site: Supported Encryption Types arcfour-hmac rc4-hmac arcfour-hmac-md5 RC4 with HMAC/MD5 These are all synonyms. And my MIT 1.4 says in krb5.h: [...] #define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f #define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 #define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/ [...] That last define of CKSUMTYPE_HMAC_MD5_ARCFOUR seems doesn't look promising. About 20 lines before that you should see #define ENCTYPE_ARCFOUR_HMAC0x0017 #define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018 So your compiled samba will have rc4-hmac support. Does that mean, that my Kerberos library doesn't support the encryption type that I need? (I checked also krb5-1.4.3, which has the same definition) So my experience is if it is defined in the include file at compile time, all accounts are created arc4 capable. I don't see any flags in the "smbd -b" build options that confirm this either way What is an arc4 capable Unix account? Not arc4 capable Unix, arc4-hmac capable Windows computer account. This is the default state of windows accounts and a flag is neccessary to force des-only usage. In Active Directory In domain wherever computer accounts get setup cn= userAccountControl: 0x11000 The two set bits mean: UF_WORKSTATION_TRUST_ACCOUNT | UF_DONT_EXPIRE_PASSWD This account is arc4 capable. An account that is des only has this value: userAccountControl: 0x211000 UF_WORKSTATION_TRUST_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_USE_DES_KEY_ONLY userAccountControl exists in user accounts too. ktpass.exe: +des (des only - default for command) -des (not des only) Also, I use this samba option: use kerberos keytab = yes Which means samba creates /etc/krb5.keytab entries for you when you join the domain. If you use that option, your keytab file will probably only have des entries in it from when you joined and only des-cbc-crc and des-cbc-md5 were allowed. I rejoined, deleted the AD computer account, recreated it several times. All funny things are happening, including: -- 8< -- [2005/11/23 14:32:47, 0] lib/fault.c:fault_report(36) === [2005/11/23 14:32:47, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 20569 (3.0.21rc1) Please read the Trouble-Shooting section of the Samba3-HOWTO [2005/11/23 14:32:47, 0] lib/fault.c:fault_report(39) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2005/11/23 14:32:47, 0] lib/fault.c:fault_report(40) === [2005/11/23 14:32:47, 0] lib/util.c:smb_panic2(1554) PANIC: internal error -- 8< -- after a successful join... Bummer, shouldn't happen. But it could be the kerberos. I was curious, so I dragged out an old des only machine used in testing last year. RH9 with a custom 1.3.5 MIT kerberos. Ethereal traces on port 88 show machine using only des Compiled and installed samba 3.0.21pre3 SVN 11739 Ran it in des-only mode without issue, but had no easy way to check redirected folders. Then I converted it to your system of using a ktpass.exe generated keytab using rc4-hmac. Stopped samba edit smb.conf and remove "use kerberos keytab = yes" Deleted the existing computer account in AD Deleted the existing mapped user account in AD Deleted /etc/krb5.keytab Edit krb5.conf and add rc4-hmac as -first- enctype in list for default_tgs_enctypes, default_tkt_enctypes, permitted_enctypes Deleted samba's private.tdb Deleted samba's winbindd_cache.tdb (just in case) Created a new windows user account to be used for mapping in ktpass.exe Ran ktpass.exe on domain controller with "-DesOnly" Read the new keytab and write /etc/krb5.conf with it Run "net ads join" Ethereal trace on port 88 show rc4-hmac negotiated tickets Using a ktpass.exe generated keytab, the AD computer account and the AD mapped user account attribute userAccountControl must agree on the flag UF_USE_DES_KEY_ONLY. They either both indicate it or they both don't indicate it, but they can't be mixed. We'll be enjoying Thanksgiving holiday here. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] changing file attribute on windows shares from linux
Hello, all When in linux we mount a windows share from a Win-2k server how we can change the attributes of files and folders of that share ? (The attributes such as read/write/change/delete/change ownership ... , there are 13 attributes) Thanks Send instant messages to your online friends http://uk.messenger.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] USAGE OF ADD USER TO GROUP SCRIPT
Craig White wrote: > > what the various scripts do is entirely under your control and they > could actually modify the posix attributes/group memberships if desired. > > samba provides the scripts as hooks to the UNIX/Linux system and with > the variables that are passed via the scripts, you should be able to do > what you want. > > You probably should be using ldap passdb as once you get through the > learning curve of ldap, you can get single source account management for > both samba and posix attributes. > > Craig Hi Thanks for the reply Craig. How you describe the scripts is how I would have thought that they worked. However, the "Add User to Group Script" option definately does not work (for me) as in it is never called by Samba. I don't know if it makes a difference but the groups that I am adding to are marked as "LOCAL" groups as in: net groupmap ntgroup="Samba Test Group" type=l unixgroup=testgrp When I've tried domain groups (even though this simple server is a standalone) when I try to add a member to one of those I get some horrible error from samba whittering on about the user not being in the group. I guess that is something to do with the fact the server is not really a domain server (member or PDC). At the moment I am not even going to bother with LDAP on the grounds if I cannot get a trivial example test server working then there's no point. All I'll have is a lovely LDAP'ified Samba server that still doesn't call "Add User to Group" scripts to put people in the groups now stored in LDAP. Defeatist I know. Unless you're implying that the only way these scripts all work (as in get called by samba) is if it is working against ldap passdb? Many thanks Hugo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] machine certificate for samba host
My samba server is member of an ad domain. In that domain, windows clients can easily get their machine certificates via windows means. How can I get a machine certificate from the AD server for the smaba machine? Thanks Norbert Wegener -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
