Re: [Samba] Is the PDC always needed?
If you have installed the pdc and bdc the right way, all clients will try to log on likely to the bdc than the pdc. So you need 2 ldap server(master/master or master/slave) for authentication and syncing. If you need wins you should at and samba4wins. Install it on both servers and replicate the databases between them. On your win clients add it as the first and second wins. Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von David Noriega Gesendet: Montag, 26. März 2012 18:27 An: samba@lists.samba.org Betreff: [Samba] Is the PDC always needed? Maybe my understanding is flawed but I thought the purpose of the BDC was in the case of the PDC going offline, users could still use the system. Just this morning our PDC failed with bad memory, yet users were unable to map their network drive. The PDC is in our office while the file server is in the server room where its been setup as a domain member. On the server room subnet is its own BDC with its own ldap server. Checking the logs I see that the server room BDC is listed as the local domain server. The only thing that comes to mind is the BDC does point to the PDC as the wins server. Is that the issue? Is there a way around it? -- David Noriega System Administrator Computational Biology Initiative High Performance Computing Center University of Texas at San Antonio One UTSA Circle San Antonio, TX 78249 Office: BSE 3.112 Phone: 210-458-7100 http://www.cbi.utsa.edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba and admin users performance
Hello, I have a performance problem when I don't connect using root and/or a user in the admin users. Configuration: Samba 3.5.11 running on SLES11SP1. The share exported is on a GPFS filesystem and the GPFS vfs object is loaded(not loading it doesn't change the described behaviour) clients: Windows 7 and Windows 2008R2 all at latest update level. [testshare] comment = testshare path = /testfs1/testshare read only = no force create mode = 0666 force directory mode = 0777 force security mode = 0666 force directory security mode = 0777 admin users = testuser If I connect using a user other than testuser, I get ~8 MB/s from the clients, and if I look at a trace, I can see that all read operations are in 4K blocks(Read AndX Request/Response). If I connect using root or testuser(which is in the admin users), I get 50MB/s and samba goes up to 60KB blocks when reading. Also during the negotiation, I can clearly see that Max Buffer: 0 is set in the Session Setup AndX Request, NTLMSSP_NEGOTIATE sent by the client, while this is 16644 when connecting as root/testuser. When switching to security = share and using guest access, I can see the same behaviour. Setting force user/group to root gives good performance, setting it to something else kills performance. Is this expected, or am I missing something? Best regards, Stijn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ctdb_recovery_lock: Failed to get recovery lock
Hi, I'm happily progressing toward the successful setup of my two nodes samba cluster : cman, qdisk, clvm, gfs2, ctdb, samba, winbind, ad. And now, I'm in testing phase. When my cluster is up and running, I can transfer each ip address toward on node or the other, seamlessly. They can fence each other. But I still have one big issue : though they have been setup as clones, they don't behave identically : when shutting down node 1, node 0 takes over every part of ctdb setup (ip, recmaster, services). But when I stop ctdb daemon on node 1, though ctdb node 0 correctly stops its children daemons (nmbd, smbd and winbind) and kills itself, node 1 claims : ctdb_recovery_lock: Failed to get recovery lock on '/ctdb/.ctdb.lock' (This directory is clvm + gfs2 shared, writable and correctly accessible from both nodes) This leads node 1 to get banned. Then, (I guess), when being unbanned, reelection occurs, but I get : Recmaster node 1 no longer available. Force reelection I suppose that node 1 can't become recmaster as it can not get the recovery lock. But there's no way I see why this node claims it can take this lock. I don't know if this may help, but : - I removed the lock file, and restarting ctdb recreates it correctly - Every process is ran as root, who can obviously write in this dir - I don't know if it is correct, but this file weights zero byte? Waiting for your advice, I'm heading to reading the source code, in the hope I may understand what's wrong. -- Nicolas Ecarnot -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is the PDC always needed?
On 3/26/2012 9:27 AM, David Noriega wrote: Maybe my understanding is flawed but I thought the purpose of the BDC was in the case of the PDC going offline, users could still use the system. Just this morning our PDC failed with bad memory, yet users were unable to map their network drive. The PDC is in our office while the file server is in the server room where its been setup as a domain member. On the server room subnet is its own BDC with its own ldap server. Checking the logs I see that the server room BDC is listed as the local domain server. The only thing that comes to mind is the BDC does point to the PDC as the wins server. Is that the issue? Is there a way around it? The PDC/BDC controls logging onto the network. Network file shares are different, what server was hosting the network drive? If the PDC also hosted the network drive then they would also go down. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] windows 7 roaming profiles
Hi Samba4 DC and win 7 clients. The user profiles are stored in a profiles share: [profiles] path = /home/CACTUS/profiles read only = No This works OK and the user can logon to different boxes with the same profile. The profile folders such as Desktop, Downloads etc. however, also appear stored on the local disk under c:\users\username. Any file saved e.g. on the Desktop, is not saved to the roaming profile until the user logs off. It seems pointless to have a roaming _and_ a local profile. A few qns: 1. What am I doing wrong? 2. Is it correct that the profile files are not synced until the user logs off? 3. Unless /the profiles folder is world read/write, the user gets logged on with a temporary profile. Correct? Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming profiles not being loaded
Hi Simon, However, a user login in which the profile is defined to be on a samba server that is not the PDC never gets a roaming profile -- instead the user always gets a temporary profile. Looking at the Windows logs, it is complaining about a permissions issue. However, once logged in (with the temporary profile), that user can create and modify files in the profile directory. I have turned logging level to 3, but I don't see anything useful. I have had the same issue as well. I had to run a regkey on each client to disable profile permission checking. The reg key is below: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] CompatibleRUPSecurity=dword:0001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] CompatibleRUPSecurity=dword:0001 Once you run that, your clients should be able to get their roaming profile Sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SMBLDAP PROBLEM
Hello All, I'm having trouble using smbldap, users that i created can't login . Only when I add the them into system (through adduser) I can log in with them, the problem is because I also need to create / home and set permissions but can not because the system does not recognize the group Domain Users (513). I do not understand how this happened as another opportunity to achieve this integration success. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Two problem
Hello list, I have two problem. 1. How I can replicate the netlogon folder and sysvol folder on samba4 and windows server 2003, if I create a security police in samba 4 do not replicate to windows server, I have to copy it manual. 2. My PDC have Windows server 2003 an my BDC samba4, sometime i reboot the PDC, then when i create a user in samba4 do not replicate to windows server, I Shutdown windows server and samba4, firstly I power on windows server after samba4, if a tests again to create user then repicate cool. This order is important to samba4 or I have some problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMBLDAP PROBLEM
Am 2012-03-27 15:08, schrieb Leonam Silva: Hello All, I'm having trouble using smbldap, users that i created can't login . Only when I add the them into system (through adduser) I can log in with them, the problem is because I also need to create / home and set permissions but can not because the system does not recognize the group Domain Users (513). I do not understand how this happened as another opportunity to achieve this integration success. sorry no idea with this smbldap :( but this home-dir create stuff could be done via pam here on a SLE_11 it is: /etc/pam.d/common-session-pc session requiredpam_limits.so session requiredpam_unix2.so session optionalpam_umask.so # added for winbind session sufficient pam_winbind.so # added for AD Integration session optionalpam_mkhomedir.so silent Cheers -- Christian - Please do not 'CC' me on list mails. Just reply to the list :) Der ultimative shop für Sportbekleidung und Zubehör http://www.sc24.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Two problem
In a ADS ord ADS DS you just have DCs replicating each other?! http://technet.microsoft.com/en-us/library/cc755994 http://technet.microsoft.com/en-us/library/cc739941 --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von sandy.napo...@eccmg.cupet.cu Gesendet: Dienstag, 27. März 2012 10:30 An: samba@lists.samba.org Betreff: [Samba] Two problem Hello list, I have two problem. 1. How I can replicate the netlogon folder and sysvol folder on samba4 and windows server 2003, if I create a security police in samba 4 do not replicate to windows server, I have to copy it manual. 2. My PDC have Windows server 2003 an my BDC samba4, sometime i reboot the PDC, then when i create a user in samba4 do not replicate to windows server, I Shutdown windows server and samba4, firstly I power on windows server after samba4, if a tests again to create user then repicate cool. This order is important to samba4 or I have some problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming profiles not being loaded
On Tue, Mar 27, 2012 at 9:01 AM, Sean Crosby richardnixonsh...@gmail.com wrote: Hi Simon, However, a user login in which the profile is defined to be on a samba server that is not the PDC never gets a roaming profile -- instead the user always gets a temporary profile. Looking at the Windows logs, it is complaining about a permissions issue. However, once logged in (with the temporary profile), that user can create and modify files in the profile directory. I have turned logging level to 3, but I don't see anything useful. I have had the same issue as well. I had to run a regkey on each client to disable profile permission checking. The reg key is below: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] CompatibleRUPSecurity=dword:0001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] CompatibleRUPSecurity=dword:0001 Once you run that, your clients should be able to get their roaming profile I recently ran into a similar issue that was solved by adding nt acl support = yes to my [profiles] share. Not sure if that's related but thought I'd share just in case. Took me half a day looking at one of my working systems and the one that was failing till I finally noticed that entry. -- Paul Dugas • p...@dugas.cc • +1.404.932.1355 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 roaming profiles
On 3/27/2012 5:55 AM, steve wrote: Hi Samba4 DC and win 7 clients. The user profiles are stored in a profiles share: [profiles] path = /home/CACTUS/profiles read only = No This works OK and the user can logon to different boxes with the same profile. The profile folders such as Desktop, Downloads etc. however, also appear stored on the local disk under c:\users\username. Any file saved e.g. on the Desktop, is not saved to the roaming profile until the user logs off. It seems pointless to have a roaming _and_ a local profile. A few qns: 1. What am I doing wrong? 2. Is it correct that the profile files are not synced until the user logs off? 3. Unless /the profiles folder is world read/write, the user gets logged on with a temporary profile. Correct? Thanks, Steve 1. looks like your doing nothing wrong. 2. correct. 3. there maybe a few tricks to deal with this but at the moment I do not know what they are. what you might be looking for is to remap user folders, this would be in the group policies. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 roaming profiles
On Tue, Mar 27, 2012 at 7:55 AM, steve st...@steve-ss.com wrote: This works OK and the user can logon to different boxes with the same profile. The profile folders such as Desktop, Downloads etc. however, also appear stored on the local disk under c:\users\username. Any file saved e.g. on the Desktop, is not saved to the roaming profile until the user logs off. this is exactly how roaming profiles work. it syncs at logon and logoff. What you are looking for is called folder redirection, most of the user folders can be redirected, but certain things can't mostly because MS doesn't want to trust a network drive for something like a registry hive. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is the PDC always needed?
The file shares are on a domain member. Is it that having the BDC as a wins proxy and more importantly simply having wins on causing this issue? We are on the university's network and they have their own wins server for their own system wide windows domain. Our users primarily logon from their office machines which are part of the university's domain, not ours(which is only in our computer lab). I'm just confused since the BDC has access to its own ldap server and watching the logs when the setting is up high I see the domain member which hosts the file shares is authenticating on the BDC. Yet why is it when the PDC failed, users couldn't access their file share(which yes is separate from logging onto a windows computer). On Tue, Mar 27, 2012 at 5:33 AM, Jorell jore...@fastmail.net wrote: On 3/26/2012 9:27 AM, David Noriega wrote: Maybe my understanding is flawed but I thought the purpose of the BDC was in the case of the PDC going offline, users could still use the system. Just this morning our PDC failed with bad memory, yet users were unable to map their network drive. The PDC is in our office while the file server is in the server room where its been setup as a domain member. On the server room subnet is its own BDC with its own ldap server. Checking the logs I see that the server room BDC is listed as the local domain server. The only thing that comes to mind is the BDC does point to the PDC as the wins server. Is that the issue? Is there a way around it? The PDC/BDC controls logging onto the network. Network file shares are different, what server was hosting the network drive? If the PDC also hosted the network drive then they would also go down. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- David Noriega System Administrator Computational Biology Initiative High Performance Computing Center University of Texas at San Antonio One UTSA Circle San Antonio, TX 78249 Office: BSE 3.112 Phone: 210-458-7100 http://www.cbi.utsa.edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] NT4 PDC w/Exchange 5.5 migration
Hello, I'm working on migrating an NT4 PDC to a Samba 3 PDC. The tricky part, is that the NT4 server is also running Exchange 5.5 which needs to remain running. So unlike a migrate and toss the NT4 system, I need to migrate, then demote the NT4 PDC to an NT4 Server, then (probably) rejoin the domain as Exchange Server will not run on a non-domain member system. Basically looking for any caveats, tips or hints from anyone who has wrestled (or thought about wrestling) with this. Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is the PDC always needed?
To break the problem into 3 separate parts: 1. Logging in to a domain controller when the domain controller is on a different subnet. 2. Accessing file shares when the domain controller is on a different subnet. 3. LDAP backend. 1. Logging into the domain controller If the clients don't have access to a WINS server (either a real wins server or a proxy to a wins server) they won't be able to find the login server. If you can enable the WINS server on the BDC, you can then configure your windows clients IP settings to use the BDC's IP as the WINS server. it isn't the recommended way to do it but it should help figure out if WINS really is the issue. nbtstat -c should show somthing like MYBDC 20 ip.address.of.bdc MYDOMAIN 1B ip.address.of.bdc MYDOMAIN 1C ip.address.of.bdc 1B and 1C are browser and controller entries. 2. Accessing file shares If you are browsing for file shares access as subnet, you will need WINS access. If manually try to connect via host name (e.g with the windows explorer OR the net use or net view commands) WINS should not be is not needed but DNS needs to be working. So exisiting connections, or connections mapped via login script should be OK. If connecting via hostname doesn't work, try connecting using the name of the IP.(If the server has a name resolution issue, that could potentially cause connection issues- unlikely but it happened to me once.) 3. Authentication Samba doesn't actually care it the BDC and PDC use the same LDAP server(s). You should use either the same LDAP server OR have LDAP servers that synchronize, otherwise changes on one server are not replicated. But- in terms of testing authentication if your user ids and passwords are the same on both machines you probably don't need to worry about this for the moment. But it will cause problems for you at some point. On 03/27/12 11:49, David Noriega wrote: The file shares are on a domain member. Is it that having the BDC as a wins proxy and more importantly simply having wins on causing this issue? We are on the university's network and they have their own wins server for their own system wide windows domain. Our users primarily logon from their office machines which are part of the university's domain, not ours(which is only in our computer lab). I'm just confused since the BDC has access to its own ldap server and watching the logs when the setting is up high I see the domain member which hosts the file shares is authenticating on the BDC. Yet why is it when the PDC failed, users couldn't access their file share(which yes is separate from logging onto a windows computer). On Tue, Mar 27, 2012 at 5:33 AM, Jorelljore...@fastmail.net wrote: On 3/26/2012 9:27 AM, David Noriega wrote: Maybe my understanding is flawed but I thought the purpose of the BDC was in the case of the PDC going offline, users could still use the system. Just this morning our PDC failed with bad memory, yet users were unable to map their network drive. The PDC is in our office while the file server is in the server room where its been setup as a domain member. On the server room subnet is its own BDC with its own ldap server. Checking the logs I see that the server room BDC is listed as the local domain server. The only thing that comes to mind is the BDC does point to the PDC as the wins server. Is that the issue? Is there a way around it? The PDC/BDC controls logging onto the network. Network file shares are different, what server was hosting the network drive? If the PDC also hosted the network drive then they would also go down. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Two Problem
Here is the log [2012/03/27 11:14:18, 0] ../source4/dsdb/repl/drepl_out_helpers.c:714(dreplsrv_op_pull_source_apply_changes_trigger) Failed to commit objects: WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT4 PDC w/Exchange 5.5 migration
On Tue, Mar 27, 2012 at 11:15 AM, Chris Smith smb...@chrissmith.org wrote: Hello, I'm working on migrating an NT4 PDC to a Samba 3 PDC. The tricky part, is that the NT4 server is also running Exchange 5.5 which needs to remain running. So unlike a migrate and toss the NT4 system, I need to migrate, then demote the NT4 PDC to an NT4 Server, then (probably) rejoin the domain as Exchange Server will not run on a non-domain member system. to clarify, this sounds kind of like you are running exchange on the PDC? you can't demote an NT4 PDC to a stand alone or member server, it requires a re-install. I have done exchange 5.5 server migrations in the past, it's not too difficult. setup a new member nt4 server, install exchange on it and join the existing (what's it called? domain, cluster, group, something) and then you can move connectors and public folders and mailboxes to the new one. Also, has upgrading exchange or migrating to something else been considered, like zimbra or Kerio (which is what i use now) that's still Outlook friendly but more flexible? Kerio can even be setup to auth to PAM, so you can switch out how it auths by switching up the PAM config. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT4 PDC w/Exchange 5.5 migration
On Tue, Mar 27, 2012 at 12:28 PM, Chris Weiss cwe...@gmail.com wrote: to clarify, this sounds kind of like you are running exchange on the PDC? Indeed. you can't demote an NT4 PDC to a stand alone or member server, it requires a re-install. Officially, yes. In reality, no. Changing ProductType (under HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions) from LanmanNT to ServerNT accomplishes this. Also, has upgrading exchange or migrating to something else been considered, like zimbra or Kerio (which is what i use now) that's still Outlook friendly but more flexible? There's a custom Exchange/Outlook app that eventually needs to be replaced. The procedure is only a temporary fix to allow new Win7 workstations to join the domain, albeit they wont be able to use the latest version of Outlook. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT4 PDC w/Exchange 5.5 migration
On 03/27/12 12:49, Chris Smith wrote: On Tue, Mar 27, 2012 at 12:28 PM, Chris Weisscwe...@gmail.com wrote: to clarify, this sounds kind of like you are running exchange on the PDC? Indeed. you can't demote an NT4 PDC to a stand alone or member server, it requires a re-install. Officially, yes. In reality, no. Changing ProductType (under HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions) from LanmanNT to ServerNT accomplishes this. Also, has upgrading exchange or migrating to something else been considered, like zimbra or Kerio (which is what i use now) that's still Outlook friendly but more flexible? There's a custom Exchange/Outlook app that eventually needs to be replaced. The procedure is only a temporary fix to allow new Win7 workstations to join the domain, albeit they wont be able to use the latest version of Outlook. Chris So presumably you would use the net vampire command to extract all the account info from the NT server.The samba server is then a BDC, you then promote it to a PDC and make the NT server a BDC (or even a member server.)Since you have to keep the NT4 server as a DC anyway, I don't see how temporarily making it a member server helps anything. I wouldn't count on being able to join it back to a Samba 3.5.x domain. And then your Windows 7 machines run a good chance of trying to authenticate to the NT4 server- which will fail. Windows clients prefer a BDC, but if you are using WINS (and excluding the NT4 server) this may help.Maybe you can disable some of the windows networking services on the NT4 box. Maybe it is easier to just create a new samba domain. It means the Outlook users won't be able to do domain-based authentication to Exchange. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT4 PDC w/Exchange 5.5 migration
On Tue, Mar 27, 2012 at 1:03 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: So presumably you would use the net vampire command to extract all the account info from the NT server. The samba server is then a BDC, you then promote it to a PDC and make the NT server a BDC (or even a member server.) Have already done this. Since you have to keep the NT4 server as a DC anyway, I don't see how temporarily making it a member server helps anything. It doesn't have to be a DC, but does need to at least be a domain member server or Exchange Server will not run. I wouldn't count on being able to join it back to a Samba 3.5.x domain. That was the original sticking point but it now appears I've accomplished this, basically needed to remove the NT4 system (no longer a PDC) from the Samba (3.6.3) domain, join it to a workgroup, then rejoin it to the domain. Even Exchange came up after the reboot, although I'm not sure it's actually usable yet. Seems that there are a bunch of things that vampire didn't handle well and some account membership, group mapping, rights, etc. that need some attending to. Thanks to virtualization I get to make a lot of mistakes along the path to finding out if this is workable or not. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is the PDC always needed?
As I've been looking around the core issue seems to be that the domain member, even though from its point of view, the BDC is the local browser, it still uses the PDC to do authentication(ie turning up the log level I only see 'check_ntlm_password' on the PDC) On Tue, Mar 27, 2012 at 11:19 AM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: To break the problem into 3 separate parts: 1. Logging in to a domain controller when the domain controller is on a different subnet. 2. Accessing file shares when the domain controller is on a different subnet. 3. LDAP backend. 1. Logging into the domain controller If the clients don't have access to a WINS server (either a real wins server or a proxy to a wins server) they won't be able to find the login server. If you can enable the WINS server on the BDC, you can then configure your windows clients IP settings to use the BDC's IP as the WINS server. it isn't the recommended way to do it but it should help figure out if WINS really is the issue. nbtstat -c should show somthing like MYBDC 20 ip.address.of.bdc MYDOMAIN 1B ip.address.of.bdc MYDOMAIN 1C ip.address.of.bdc 1B and 1C are browser and controller entries. 2. Accessing file shares If you are browsing for file shares access as subnet, you will need WINS access. If manually try to connect via host name (e.g with the windows explorer OR the net use or net view commands) WINS should not be is not needed but DNS needs to be working. So exisiting connections, or connections mapped via login script should be OK. If connecting via hostname doesn't work, try connecting using the name of the IP. (If the server has a name resolution issue, that could potentially cause connection issues- unlikely but it happened to me once.) 3. Authentication Samba doesn't actually care it the BDC and PDC use the same LDAP server(s). You should use either the same LDAP server OR have LDAP servers that synchronize, otherwise changes on one server are not replicated. But- in terms of testing authentication if your user ids and passwords are the same on both machines you probably don't need to worry about this for the moment. But it will cause problems for you at some point. On 03/27/12 11:49, David Noriega wrote: The file shares are on a domain member. Is it that having the BDC as a wins proxy and more importantly simply having wins on causing this issue? We are on the university's network and they have their own wins server for their own system wide windows domain. Our users primarily logon from their office machines which are part of the university's domain, not ours(which is only in our computer lab). I'm just confused since the BDC has access to its own ldap server and watching the logs when the setting is up high I see the domain member which hosts the file shares is authenticating on the BDC. Yet why is it when the PDC failed, users couldn't access their file share(which yes is separate from logging onto a windows computer). On Tue, Mar 27, 2012 at 5:33 AM, Jorelljore...@fastmail.net wrote: On 3/26/2012 9:27 AM, David Noriega wrote: Maybe my understanding is flawed but I thought the purpose of the BDC was in the case of the PDC going offline, users could still use the system. Just this morning our PDC failed with bad memory, yet users were unable to map their network drive. The PDC is in our office while the file server is in the server room where its been setup as a domain member. On the server room subnet is its own BDC with its own ldap server. Checking the logs I see that the server room BDC is listed as the local domain server. The only thing that comes to mind is the BDC does point to the PDC as the wins server. Is that the issue? Is there a way around it? The PDC/BDC controls logging onto the network. Network file shares are different, what server was hosting the network drive? If the PDC also hosted the network drive then they would also go down. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- David Noriega System Administrator Computational Biology Initiative High Performance Computing Center University of Texas at San Antonio One UTSA Circle San Antonio, TX 78249 Office: BSE 3.112 Phone: 210-458-7100 http://www.cbi.utsa.edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is the PDC always needed?
There are several factors determining which machine is the local master browser for the subnet- but in general if you have one DC on the subnet it should be the browser.I think the browser provides a list of file and print shares. I don't think it is used for actually locating a DC. (I could be wrong.) I think either WINS or broadcasts are used for locating the actual server and other machines- including the DC (for login) or the master browser (to browse file and print shares.) I don't think the browser issue is relevant to the login issue. testparm -v should verify that the machine is a DC. pdbedit -Lv should show that accounts are setup. Did you look at the event log in the Windows machine? They may show if you are unable to locate an authentication server. Are you able to put a Win machine on the same subnet as the working DC? It may be quicker to head to your local computer supply store to replace the bad RAM. On 03/27/12 13:49, David Noriega wrote: As I've been looking around the core issue seems to be that the domain member, even though from its point of view, the BDC is the local browser, it still uses the PDC to do authentication(ie turning up the log level I only see 'check_ntlm_password' on the PDC) On Tue, Mar 27, 2012 at 11:19 AM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: To break the problem into 3 separate parts: 1. Logging in to a domain controller when the domain controller is on a different subnet. 2. Accessing file shares when the domain controller is on a different subnet. 3. LDAP backend. 1. Logging into the domain controller If the clients don't have access to a WINS server (either a real wins server or a proxy to a wins server) they won't be able to find the login server. If you can enable the WINS server on the BDC, you can then configure your windows clients IP settings to use the BDC's IP as the WINS server. it isn't the recommended way to do it but it should help figure out if WINS really is the issue. nbtstat -c should show somthing like MYBDC20 ip.address.of.bdc MYDOMAIN1B ip.address.of.bdc MYDOMAIN1C ip.address.of.bdc 1B and 1C are browser and controller entries. 2. Accessing file shares If you are browsing for file shares access as subnet, you will need WINS access. If manually try to connect via host name (e.g with the windows explorer OR the net use or net view commands) WINS should not be is not needed but DNS needs to be working. So exisiting connections, or connections mapped via login script should be OK. If connecting via hostname doesn't work, try connecting using the name of the IP.(If the server has a name resolution issue, that could potentially cause connection issues- unlikely but it happened to me once.) 3. Authentication Samba doesn't actually care it the BDC and PDC use the same LDAP server(s). You should use either the same LDAP server OR have LDAP servers that synchronize, otherwise changes on one server are not replicated. But- in terms of testing authentication if your user ids and passwords are the same on both machines you probably don't need to worry about this for the moment. But it will cause problems for you at some point. On 03/27/12 11:49, David Noriega wrote: The file shares are on a domain member. Is it that having the BDC as a wins proxy and more importantly simply having wins on causing this issue? We are on the university's network and they have their own wins server for their own system wide windows domain. Our users primarily logon from their office machines which are part of the university's domain, not ours(which is only in our computer lab). I'm just confused since the BDC has access to its own ldap server and watching the logs when the setting is up high I see the domain member which hosts the file shares is authenticating on the BDC. Yet why is it when the PDC failed, users couldn't access their file share(which yes is separate from logging onto a windows computer). On Tue, Mar 27, 2012 at 5:33 AM, Jorelljore...@fastmail.netwrote: On 3/26/2012 9:27 AM, David Noriega wrote: Maybe my understanding is flawed but I thought the purpose of the BDC was in the case of the PDC going offline, users could still use the system. Just this morning our PDC failed with bad memory, yet users were unable to map their network drive. The PDC is in our office while the file server is in the server room where its been setup as a domain member. On the server room subnet is its own BDC with its own ldap server. Checking the logs I see that the server room BDC is listed as the local domain server. The only thing that comes to mind is the BDC does point to the PDC as the wins server. Is that the issue? Is there a way around it? The PDC/BDC controls logging onto the network. Network file shares are different, what server was hosting the network drive? If the PDC also hosted the network drive then they would also go down. -- To unsubscribe from
Re: [Samba] Is the PDC always needed?
The users of our service are on windows machines that are typically not on our subnet or part of our domain. They simply use windows 'map network drive' function to get to their share. On the BDC, yes testpart reports ROLE_DOMAIN_BDC and pdbedit does list all of our users. Maybe this is part of my misunderstanding, but does the windows machine need to know of the BDC(which they wouldnt as the user is typically on a different subnet)? If they are using the hostname of the file share server, then isnt authentication happening on that server? Users are not logging onto our domain on their machines, simply accessing their share. On Tue, Mar 27, 2012 at 1:01 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: There are several factors determining which machine is the local master browser for the subnet- but in general if you have one DC on the subnet it should be the browser. I think the browser provides a list of file and print shares. I don't think it is used for actually locating a DC. (I could be wrong.) I think either WINS or broadcasts are used for locating the actual server and other machines- including the DC (for login) or the master browser (to browse file and print shares.) I don't think the browser issue is relevant to the login issue. testparm -v should verify that the machine is a DC. pdbedit -Lv should show that accounts are setup. Did you look at the event log in the Windows machine? They may show if you are unable to locate an authentication server. Are you able to put a Win machine on the same subnet as the working DC? It may be quicker to head to your local computer supply store to replace the bad RAM. On 03/27/12 13:49, David Noriega wrote: As I've been looking around the core issue seems to be that the domain member, even though from its point of view, the BDC is the local browser, it still uses the PDC to do authentication(ie turning up the log level I only see 'check_ntlm_password' on the PDC) On Tue, Mar 27, 2012 at 11:19 AM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: To break the problem into 3 separate parts: 1. Logging in to a domain controller when the domain controller is on a different subnet. 2. Accessing file shares when the domain controller is on a different subnet. 3. LDAP backend. 1. Logging into the domain controller If the clients don't have access to a WINS server (either a real wins server or a proxy to a wins server) they won't be able to find the login server. If you can enable the WINS server on the BDC, you can then configure your windows clients IP settings to use the BDC's IP as the WINS server. it isn't the recommended way to do it but it should help figure out if WINS really is the issue. nbtstat -c should show somthing like MYBDC20 ip.address.of.bdc MYDOMAIN1B ip.address.of.bdc MYDOMAIN1C ip.address.of.bdc 1B and 1C are browser and controller entries. 2. Accessing file shares If you are browsing for file shares access as subnet, you will need WINS access. If manually try to connect via host name (e.g with the windows explorer OR the net use or net view commands) WINS should not be is not needed but DNS needs to be working. So exisiting connections, or connections mapped via login script should be OK. If connecting via hostname doesn't work, try connecting using the name of the IP. (If the server has a name resolution issue, that could potentially cause connection issues- unlikely but it happened to me once.) 3. Authentication Samba doesn't actually care it the BDC and PDC use the same LDAP server(s). You should use either the same LDAP server OR have LDAP servers that synchronize, otherwise changes on one server are not replicated. But- in terms of testing authentication if your user ids and passwords are the same on both machines you probably don't need to worry about this for the moment. But it will cause problems for you at some point. On 03/27/12 11:49, David Noriega wrote: The file shares are on a domain member. Is it that having the BDC as a wins proxy and more importantly simply having wins on causing this issue? We are on the university's network and they have their own wins server for their own system wide windows domain. Our users primarily logon from their office machines which are part of the university's domain, not ours(which is only in our computer lab). I'm just confused since the BDC has access to its own ldap server and watching the logs when the setting is up high I see the domain member which hosts the file shares is authenticating on the BDC. Yet why is it when the PDC failed, users couldn't access their file share(which yes is separate from logging onto a windows computer). On Tue, Mar 27, 2012 at 5:33 AM, Jorelljore...@fastmail.net wrote: On 3/26/2012 9:27 AM, David Noriega wrote: Maybe my understanding is flawed but I thought the purpose of the BDC was in the
Re: [Samba] Is the PDC always needed?
Ah. I wasn't clear on the domain authentication issue. Are users unable to see shares? Or are they just unable to authenticate to them once they see them. Also, just to clarify, were the users on the same subnet as the PDC but not the BDC? In smb.conf, verify that the following is set: security=user You can use the smbclient -L command on your BDC to verify the credentials for a windows user. On windows machine, you can use the following to verify credentials: net use \\theserver /user:yourname Assuming credentials are OK, users will still need to use wins to browse resources not on the same subnet (unless the specifically map drives on IP or hostname) On 03/27/12 14:16, David Noriega wrote: The users of our service are on windows machines that are typically not on our subnet or part of our domain. They simply use windows 'map network drive' function to get to their share. On the BDC, yes testpart reports ROLE_DOMAIN_BDC and pdbedit does list all of our users. Maybe this is part of my misunderstanding, but does the windows machine need to know of the BDC(which they wouldnt as the user is typically on a different subnet)? If they are using the hostname of the file share server, then isnt authentication happening on that server? Users are not logging onto our domain on their machines, simply accessing their share. On Tue, Mar 27, 2012 at 1:01 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: There are several factors determining which machine is the local master browser for the subnet- but in general if you have one DC on the subnet it should be the browser.I think the browser provides a list of file and print shares. I don't think it is used for actually locating a DC. (I could be wrong.) I think either WINS or broadcasts are used for locating the actual server and other machines- including the DC (for login) or the master browser (to browse file and print shares.) I don't think the browser issue is relevant to the login issue. testparm -v should verify that the machine is a DC. pdbedit -Lv should show that accounts are setup. Did you look at the event log in the Windows machine? They may show if you are unable to locate an authentication server. Are you able to put a Win machine on the same subnet as the working DC? It may be quicker to head to your local computer supply store to replace the bad RAM. On 03/27/12 13:49, David Noriega wrote: As I've been looking around the core issue seems to be that the domain member, even though from its point of view, the BDC is the local browser, it still uses the PDC to do authentication(ie turning up the log level I only see 'check_ntlm_password' on the PDC) On Tue, Mar 27, 2012 at 11:19 AM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: To break the problem into 3 separate parts: 1. Logging in to a domain controller when the domain controller is on a different subnet. 2. Accessing file shares when the domain controller is on a different subnet. 3. LDAP backend. 1. Logging into the domain controller If the clients don't have access to a WINS server (either a real wins server or a proxy to a wins server) they won't be able to find the login server. If you can enable the WINS server on the BDC, you can then configure your windows clients IP settings to use the BDC's IP as the WINS server. it isn't the recommended way to do it but it should help figure out if WINS really is the issue. nbtstat -c should show somthing like MYBDC20ip.address.of.bdc MYDOMAIN1Bip.address.of.bdc MYDOMAIN1Cip.address.of.bdc 1B and 1C are browser and controller entries. 2. Accessing file shares If you are browsing for file shares access as subnet, you will need WINS access. If manually try to connect via host name (e.g with the windows explorer OR the net use or net view commands) WINS should not be is not needed but DNS needs to be working. So exisiting connections, or connections mapped via login script should be OK. If connecting via hostname doesn't work, try connecting using the name of the IP.(If the server has a name resolution issue, that could potentially cause connection issues- unlikely but it happened to me once.) 3. Authentication Samba doesn't actually care it the BDC and PDC use the same LDAP server(s). You should use either the same LDAP server OR have LDAP servers that synchronize, otherwise changes on one server are not replicated. But- in terms of testing authentication if your user ids and passwords are the same on both machines you probably don't need to worry about this for the moment. But it will cause problems for you at some point. On 03/27/12 11:49, David Noriega wrote: The file shares are on a domain member. Is it that having the BDC as a wins proxy and more importantly simply having wins on causing this issue? We are on the university's network and they have their own wins server for their own system wide windows
[Samba] How do I know if I'm using SMB2?
Hi, I've installed 3.6.3 on a Linux system (SLES 10) and I am connecting from a Windows 7 VM running on my Mac. I added max protocol = SMB2 to my smb.conf and restarted Samba. How can I check and verify that the protocol I'm using is actually SMB2? Thanks, Rob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is the PDC always needed?
Users typically are not on any subnet that has our PDC or BDC nor can they browse for their share. They are directly connecting by giving the full hostname of the server such as \\server.x.x.x\sharename by using the map network drive dialog in windows. On Tue, Mar 27, 2012 at 1:27 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Ah. I wasn't clear on the domain authentication issue. Are users unable to see shares? Or are they just unable to authenticate to them once they see them. Also, just to clarify, were the users on the same subnet as the PDC but not the BDC? In smb.conf, verify that the following is set: security=user You can use the smbclient -L command on your BDC to verify the credentials for a windows user. On windows machine, you can use the following to verify credentials: net use \\theserver /user:yourname Assuming credentials are OK, users will still need to use wins to browse resources not on the same subnet (unless the specifically map drives on IP or hostname) On 03/27/12 14:16, David Noriega wrote: The users of our service are on windows machines that are typically not on our subnet or part of our domain. They simply use windows 'map network drive' function to get to their share. On the BDC, yes testpart reports ROLE_DOMAIN_BDC and pdbedit does list all of our users. Maybe this is part of my misunderstanding, but does the windows machine need to know of the BDC(which they wouldnt as the user is typically on a different subnet)? If they are using the hostname of the file share server, then isnt authentication happening on that server? Users are not logging onto our domain on their machines, simply accessing their share. On Tue, Mar 27, 2012 at 1:01 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: There are several factors determining which machine is the local master browser for the subnet- but in general if you have one DC on the subnet it should be the browser. I think the browser provides a list of file and print shares. I don't think it is used for actually locating a DC. (I could be wrong.) I think either WINS or broadcasts are used for locating the actual server and other machines- including the DC (for login) or the master browser (to browse file and print shares.) I don't think the browser issue is relevant to the login issue. testparm -v should verify that the machine is a DC. pdbedit -Lv should show that accounts are setup. Did you look at the event log in the Windows machine? They may show if you are unable to locate an authentication server. Are you able to put a Win machine on the same subnet as the working DC? It may be quicker to head to your local computer supply store to replace the bad RAM. On 03/27/12 13:49, David Noriega wrote: As I've been looking around the core issue seems to be that the domain member, even though from its point of view, the BDC is the local browser, it still uses the PDC to do authentication(ie turning up the log level I only see 'check_ntlm_password' on the PDC) On Tue, Mar 27, 2012 at 11:19 AM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: To break the problem into 3 separate parts: 1. Logging in to a domain controller when the domain controller is on a different subnet. 2. Accessing file shares when the domain controller is on a different subnet. 3. LDAP backend. 1. Logging into the domain controller If the clients don't have access to a WINS server (either a real wins server or a proxy to a wins server) they won't be able to find the login server. If you can enable the WINS server on the BDC, you can then configure your windows clients IP settings to use the BDC's IP as the WINS server. it isn't the recommended way to do it but it should help figure out if WINS really is the issue. nbtstat -c should show somthing like MYBDC20 ip.address.of.bdc MYDOMAIN1B ip.address.of.bdc MYDOMAIN1C ip.address.of.bdc 1B and 1C are browser and controller entries. 2. Accessing file shares If you are browsing for file shares access as subnet, you will need WINS access. If manually try to connect via host name (e.g with the windows explorer OR the net use or net view commands) WINS should not be is not needed but DNS needs to be working. So exisiting connections, or connections mapped via login script should be OK. If connecting via hostname doesn't work, try connecting using the name of the IP. (If the server has a name resolution issue, that could potentially cause connection issues- unlikely but it happened to me once.) 3. Authentication Samba doesn't actually care it the BDC and PDC use the same LDAP server(s). You should use either the same LDAP server OR have LDAP servers that synchronize, otherwise changes on one server are not replicated. But- in terms of testing authentication if your user ids and passwords are the same on
[Samba] Samba4 - user permissions on shares
Hi all, I installed Samba4 on an Ubuntu Server 11.10 at home for some testing. It is configured as DC and everything seems to work just fine. I managed to add win7 and win xp machines to the domain and to browse the AD settings with the microsoft administrative tools. I also created a simple share and it works. Now I would like to learn how to give specific permissions to my shares. How to give read and write permissions to AD users and groups. Is there any good guide around? Can you give me any good hints?I tried to give an search on google but I got scarce results. Thank you for any advice you could give me, -- Cesare Carli -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How do I know if I'm using SMB2?
On Tue, Mar 27, 2012 at 05:03:49PM -0400, Rob Marshall wrote: Hi, I've installed 3.6.3 on a Linux system (SLES 10) and I am connecting from a Windows 7 VM running on my Mac. I added max protocol = SMB2 to my smb.conf and restarted Samba. How can I check and verify that the protocol I'm using is actually SMB2? No easy way to be sure without looking at the wire traffic. Would a low debug-level message help ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and admin users performance
On Tue, Mar 27, 2012 at 09:13:44AM +0200, Stijn De Smet wrote: Hello, I have a performance problem when I don't connect using root and/or a user in the admin users. Configuration: Samba 3.5.11 running on SLES11SP1. The share exported is on a GPFS filesystem and the GPFS vfs object is loaded(not loading it doesn't change the described behaviour) clients: Windows 7 and Windows 2008R2 all at latest update level. [testshare] comment = testshare path = /testfs1/testshare read only = no force create mode = 0666 force directory mode = 0777 force security mode = 0666 force directory security mode = 0777 admin users = testuser If I connect using a user other than testuser, I get ~8 MB/s from the clients, and if I look at a trace, I can see that all read operations are in 4K blocks(Read AndX Request/Response). If I connect using root or testuser(which is in the admin users), I get 50MB/s and samba goes up to 60KB blocks when reading. Also during the negotiation, I can clearly see that Max Buffer: 0 is set in the Session Setup AndX Request, NTLMSSP_NEGOTIATE sent by the client, while this is 16644 when connecting as root/testuser. When switching to security = share and using guest access, I can see the same behaviour. Setting force user/group to root gives good performance, setting it to something else kills performance. Is this expected, or am I missing something? No it's not expected. Something else is going on here... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How do I know if I'm using SMB2?
Hi Jeremy, Well, since I'd rather not have to look at the actual negotiation, anything would help. I'm just a little surprised there isn't some sort of way to check it...And by offering a low debug-level message are you saying that there is one? Or that you could add one? Thanks, Rob On 3/27/12 8:13 PM, Jeremy Allison wrote: On Tue, Mar 27, 2012 at 05:03:49PM -0400, Rob Marshall wrote: Hi, I've installed 3.6.3 on a Linux system (SLES 10) and I am connecting from a Windows 7 VM running on my Mac. I added max protocol = SMB2 to my smb.conf and restarted Samba. How can I check and verify that the protocol I'm using is actually SMB2? No easy way to be sure without looking at the wire traffic. Would a low debug-level message help ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How do I know if I'm using SMB2?
Never mind...I ran Ethereal and started a capture and right in the Protocol column it said: SMB2. So, problem solved. Thanks, Rob On 3/27/12 9:31 PM, Rob Marshall wrote: Hi Jeremy, Well, since I'd rather not have to look at the actual negotiation, anything would help. I'm just a little surprised there isn't some sort of way to check it...And by offering a low debug-level message are you saying that there is one? Or that you could add one? Thanks, Rob On 3/27/12 8:13 PM, Jeremy Allison wrote: On Tue, Mar 27, 2012 at 05:03:49PM -0400, Rob Marshall wrote: Hi, I've installed 3.6.3 on a Linux system (SLES 10) and I am connecting from a Windows 7 VM running on my Mac. I added max protocol = SMB2 to my smb.conf and restarted Samba. How can I check and verify that the protocol I'm using is actually SMB2? No easy way to be sure without looking at the wire traffic. Would a low debug-level message help ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] 2 GB file size limit with libsmbclient and Filesys::SmbClient perl module?!
Hi, I have a 32-bit installation of Arch Linux and I have developed my own little script (in perl) for downloading files over SMB/CIFS using multiple TCP connections to speed up the transfer. I have googled a lot but could not find any good download accelerator for files hosted over SMB/ CIFS. For example, the DownThemAll firefox add-on allows you to download files hosted over SMB/ CIFS, but is not able to speed it up using multiple parallel connections. That being the motivation for me to write my own script which splits a file into multiple chunks and downloads them in parallel. Now, my script is written in perl and uses Filesys::SmbClient, which in turn, uses libsmbclient for SMB/ CIFS access. Attached is my script tarball. The problem I am facing, is that, I am unable to download files over 2GB in size!!! I know this has to do something with 32-bitness and other parameters like _FILE_OFFSET_BITS=64 etc. while compiling various components, but I am out of my wits end to understand where the problem is. I have no specific 32/64 bitness in my perl script. So I assume it must be a problem either in Filesys::Smbclient or in libsmbclient itself? My environment is as follows: 1) Arch Linux 32 bit. 2) Perl 32 bit (obviously) 3) The SMB/ CIFS share is hosted on a Windows box (and not SAMBA). Everything works fine if I try to download using explorer, which means it's something in the toolchain (perl/libsmbclient) that I am using. 4) Latest versions of everything. Perl is version 5.14, smbclient package is version 3.6.3-4, Filesys::Smbclient is version 3.1 Specifically, when I call a stat() on the file before beginning to download the file, for files over 2GB, the file size is reported as zero! What can be the problem here? Any advice on what can I do to troubleshoot more? Could it be that somewhere, a 64 bit value is getting truncated to a 32 bit value, leaving the size as zero. Thanks and Regards, -Devavrat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Receiving async directory change notifications from a Windows Server host on a Linux client
I'll take a look, thanks! On Thu, Mar 22, 2012 at 11:10 PM, Jeremy Allison j...@samba.org wrote: On Mon, Mar 19, 2012 at 11:30:34AM +0100, Tin Tvrtković wrote: Hello everyone, I need a way to programatically monitor a remote SMB share (hosted on a Windows server) for new files, in an asynchronous (inotify-like) way from a Linux machine. The directory I'd be monitoring might have a large number of files, so I'd like to avoid constant polling. I'm open to just about anything, from parsing smbclient stdout, to writing my own little C wrapper around libsmbclient or a JCIFS Java application. I'd like to know if this kind of async monitoring is even possible, and what would be a good way to go about implementing it? If you're willing to work out of git-master, Volker just added a notify command to smbclient Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 roaming profiles
2. Is it correct that the profile files are not synced until the user logs off? That is the correct working of roaming profiles. If you want the files only on the server, you should look into Folder redirection. The Samba docs contain good info on that. You can use roaming profiles only, folder redirection only, or a combination of both, which I usually consider the more appropriate option. Samba-3 by Example -- Configuration of Default Profile with Folder Redirection http://www.samba.org/samba/docs/man/Samba-Guide/happy.html#redirfold There's another good web page about this issue (Windows System Management: Real Men Don't Click) but it seems unavailable now. I have it in my archives and I will send it to your email address as a .mht file. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 26f7a67 s4 dns: Only do recursive queries when allowed/desired via 06dd4d8 s4 dns: Check smb.conf if we should allow recursion via 533b2e6 s4 dns: Allow changing the dns operation flags in handlers via 8d9da67 s4 dns: Only forward for zones we don't own via a991391 s4 dns: Forward questions we can't answer to another server via 10b14fa s4 dns: Add a simple dns lookup helper via 7566e6a s4 dns: Add a simple async client library from 95ebb11 selftest.py: Add get_interface. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 26f7a676f9a0f6f8c5ae3bef9247c675734f35cd Author: Kai Blin k...@samba.org Date: Tue Mar 27 15:00:01 2012 +0200 s4 dns: Only do recursive queries when allowed/desired If recursive queries are switched off in smb.conf or the client doesn't ask for recursion, don't recurse. Autobuild-User: Kai Blin k...@samba.org Autobuild-Date: Tue Mar 27 17:39:26 CEST 2012 on sn-devel-104 commit 06dd4d8ee1c5440809fa87fd8a1f3cfac8e9036a Author: Kai Blin k...@samba.org Date: Tue Mar 27 14:42:15 2012 +0200 s4 dns: Check smb.conf if we should allow recursion commit 533b2e6612bd6497c1d53c31912bccba0260a3e9 Author: Kai Blin k...@samba.org Date: Tue Mar 27 13:59:03 2012 +0200 s4 dns: Allow changing the dns operation flags in handlers commit 8d9da67185aac48d7d0bc1e7b90262ae9afc6a64 Author: Kai Blin k...@samba.org Date: Tue Mar 27 13:36:16 2012 +0200 s4 dns: Only forward for zones we don't own commit a99139160555072339f8f9cc5912c570158fc236 Author: Kai Blin k...@samba.org Date: Tue Mar 27 08:42:22 2012 +0200 s4 dns: Forward questions we can't answer to another server This makes use of libdns and currently hardcodes the forward server, but it works. :) commit 10b14fa1c03fa9d686e94be20a2700954ae090fa Author: Kai Blin k...@samba.org Date: Mon Mar 26 20:47:42 2012 +0200 s4 dns: Add a simple dns lookup helper commit 7566e6a5347b9d6b2b0b8b27f9211599febd8da1 Author: Kai Blin k...@samba.org Date: Sun Mar 11 10:13:51 2012 +0100 s4 dns: Add a simple async client library --- Summary of changes: lib/param/loadparm.c | 21 + libcli/dns/dns.c | 172 ++ libcli/dns/libdns.h | 53 libcli/dns/wscript_build |5 + source4/dns_server/dns_query.c | 109 ++-- source4/dns_server/dns_server.c | 21 - source4/dns_server/dns_server.h |7 ++ source4/dns_server/dns_update.c |1 + source4/dns_server/dns_utils.c | 28 ++ source4/dns_server/wscript_build |2 +- utils/samba-dig.c| 160 +++ utils/wscript_build |7 ++ wscript_build|2 + 13 files changed, 575 insertions(+), 13 deletions(-) create mode 100644 libcli/dns/dns.c create mode 100644 libcli/dns/libdns.h create mode 100644 libcli/dns/wscript_build create mode 100644 utils/samba-dig.c create mode 100644 utils/wscript_build Changeset truncated at 500 lines: diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index bb59a79..e3792b6 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -1256,6 +1256,22 @@ static struct parm_struct parm_table[] = { .special= NULL, .enum_list = enum_dns_update_settings }, + { + .label = dns forwarder, + .type = P_STRING, + .p_class= P_GLOBAL, + .offset = GLOBAL_VAR(dns_forwarder), + .special= NULL, + .enum_list = NULL + }, + { + .label = dns recursive queries, + .type = P_BOOL, + .p_class= P_GLOBAL, + .offset = GLOBAL_VAR(dns_recursive_queries), + .special= NULL, + .enum_list = NULL + }, {NULL, P_BOOL, P_NONE, 0, NULL, NULL, 0} }; @@ -1536,7 +1552,10 @@ FN_GLOBAL_INTEGER(srv_minprotocol, srv_minprotocol) FN_GLOBAL_INTEGER(cli_maxprotocol, cli_maxprotocol) FN_GLOBAL_INTEGER(cli_minprotocol, cli_minprotocol) FN_GLOBAL_BOOL(paranoid_server_security, paranoid_server_security) + FN_GLOBAL_INTEGER(allow_dns_updates, allow_dns_updates) +FN_GLOBAL_CONST_STRING(dns_forwarder, dns_forwarder) +FN_GLOBAL_BOOL(dns_recursive_queries, dns_recursive_queries) FN_GLOBAL_INTEGER(server_signing, server_signing) FN_GLOBAL_INTEGER(client_signing, client_signing) @@ -3403,6 +3422,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, nsupdate command,
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-03-27-2227/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-03-27-2227/samba3.stderr http://git.samba.org/autobuild.flakey/2012-03-27-2227/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-03-27-2227/samba4.stderr http://git.samba.org/autobuild.flakey/2012-03-27-2227/samba4.stdout The top commit at the time of the failure was: commit 26f7a676f9a0f6f8c5ae3bef9247c675734f35cd Author: Kai Blin k...@samba.org Date: Tue Mar 27 15:00:01 2012 +0200 s4 dns: Only do recursive queries when allowed/desired If recursive queries are switched off in smb.conf or the client doesn't ask for recursion, don't recurse. Autobuild-User: Kai Blin k...@samba.org Autobuild-Date: Tue Mar 27 17:39:26 CEST 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3be2af1 Add DEBUG statements to show when access has been denied and why. from 26f7a67 s4 dns: Only do recursive queries when allowed/desired http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3be2af1df94443a2dc21d4f5f58ce11b83e4306f Author: Richard Sharpe realrichardsha...@gmail.com Date: Tue Mar 27 20:32:11 2012 -0700 Add DEBUG statements to show when access has been denied and why. Autobuild-User: Richard Sharpe sha...@samba.org Autobuild-Date: Wed Mar 28 07:07:26 CEST 2012 on sn-devel-104 --- Summary of changes: source3/smbd/nttrans.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index fc52ee5..20379ac 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1868,11 +1868,13 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn, if ((security_info_wanted SECINFO_SACL) !(fsp-access_mask SEC_FLAG_SYSTEM_SECURITY)) { + DEBUG(10, (Access to SACL denied.\n)); return NT_STATUS_ACCESS_DENIED; } if ((security_info_wanted (SECINFO_DACL|SECINFO_OWNER|SECINFO_GROUP)) !(fsp-access_mask SEC_STD_READ_CONTROL)) { + DEBUG(10, (Access to DACL, OWNER, or GROUP denied.\n)); return NT_STATUS_ACCESS_DENIED; } -- Samba Shared Repository