[Samba] Removing Samba+LDAP, replacing W2k3+AD
Four years ago, I migrated our network from Windows NT based servers to Linux, Samba+LDAP based setups. This setup has worked fine. Last year, we replaced our Exchange 5.5 server - the last real Windows server - with Scalix. This last decision has come back to bite me. Several new thingys that the boss wants, among other things, are forcing me to implement Exchange 2003. Because I know that Exchange 2003 requires AD and my company has three offices separated by a WAN, I'm going to be forced to rip out my Samba underpinnings. The fact is, I don't know the best way to accomplish this. I know the one way that this will work is to bring up an AD domain beside the Samba domain and move things around by hand - but that is going to cause a unbelievable nightmare with user profiles, and machine accounts, and all the other crap that goes along with being part of a domain. So my question is this: Can I bring up a Windows 2k3 machine as a member server in the Samba domain. Promote it to become an AD Domain Controller in mixed mode - retaining the domain SID, user and machine accounts and such so that I do not have to touch my workstations? -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. Please note my new email address: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Integrating W2k3 Terminal Services w/Samba
I've got a Samba (3.0.14a) controlled domain that contains 1 Windows 2003 Server as a member server. I've been thinking about using Terminal Services from that machine to allow roaming users (ie, those outside of the office) to connect to our network and get work done. My only concern at this point how to deal with the lack of an Active Directory and still allow Terminal Services to function. I've done some searching and even ran across a post that said at least one person had it working. I'm not concerned about roaming profiles, I just want the connectivity. No, I haven't tried to make any og this happen, I'm just asking if someone out there already has it working. And if so, how much of a headache it was to get working. Thanks in advance. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. Please note my new email address: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 - Rebuild WINS database
Is there a way - without killing off Samba - to force a rebuild of the WINS database that Samba is maintaining? I've got a couple of completely bogus entries in WINS and I need to get rid of them, but I can't take the Samba server down to do it. I'm hoping that I can issue a couple of commands and poof the WINS database is blown away and it starts to repopulate with good data. If I *HAVE* to take Samba down then I will but I'd prefer not to. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Upgrade issues
Over the last three days I've been upgrading my Samba infrastructure. This involved moving from Red Hat Enterprise 3.0 (Samba 3.0.9) to Ubuntu 5.10(Samba 3.0.14) and some new hardware. For the most part things went well. But I do have some unresolved issues that I would like to get some feedback on. Keep in mind that this entire setup has been working properly for more than two years in this fashion. First a bit of ASCII art: --- | Main Office | |PDC | | Master LDAP | --- | | VPN | | -- | | | | | Office No. 1 | | Office No. 2 | | BDC | | BDC | | Slave LDAP | | Slave LDAP | In the Main Office, we run a 60/40 spit of machines running Windows XP and Windows 2000, leaning heavier toward XP. One laptop (running Windows XP) gave us problems logging onto to the domain for about 20 minutes. After a minor change to the LDAP configuration and a restart of Samba on the PDC, this machine came online. The remaining machines in this office came online with very little issues - the only issue being a slow logon the very first time. In Office No. 1 every machine runs Windows 2000 and everyone of them had to removed and re-added to the domain before logons would work. We kept getting errors stating that the domain controller was unavailable or the computer account password in the domain was incorrect. These errors happened immediately on the windows clients and nothing was recorded in the Samba logs. In Office No. 2 we are running Windows 2000 on one machine and Windows XP Pro on all other machines. The Windows 2000 client exhibited the same symptoms as described in Office No. 1. One of the Windows XP clients exhibited the same symptoms as well. The remaining XP machines worked fine. To cure the troublesome XP client, we had to remove the machine from the domain, delete the LDAP computer account and then rejoin the domain. After that process everything seems to be functional. The upgrade process went like this: On Friday of last week, we had every user turn their computer off as they left for the day. We left all of the servers online through the weekend. On Monday, we upgraded the PDC and checked a few workstations to make sure that things were OK. On Tuesday we were involved in getting the rack in the server room buttoned up - no changes with the exception of a machine or two being taken offline for a few minutes while cables were routed. On Wednesday, we upgraded the Office No. 1 BDC, handled the problem with the Laptop in the Main office and then Upgraded Office No. 2 BDC. Because of the problems seen in both of the remote offices, this morning, we went to every workstation in the main office making sure that they functioned properly. So my question is why did we have the problems in the remote offices? Why could they not contact the domain controller? Why would a removal and rejoin cause the problem to go away? Should I be worried about future occurrences of this phenomena? -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Replacing a Samba+CUPS Print Server
-Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Saturday, December 24, 2005 6:27 PM To: Collins, Kevin Cc: samba@lists.samba.org Subject: Re: [Samba] Replacing a Samba+CUPS Print Server On Fri, 2005-12-23 at 09:06 -0500, Collins, Kevin wrote: I've had a Samba print server in my network for nearly 4 years now. The time has come for me to replace it with a more powerful machine. I have nearly 50 client machines (Windows 2000 and XP) attached to the printers that the existing server has and I don't want to have to touch them during this upgrade. I already have the new server built. Samba and CUPS are both ready for the cut-over, but I'm concerned about the clients loosing connection to the printers once the new server comes online. I have made sure to duplicate the printer's names exactly. I have made sure that the new server has the exact netbios name of the old server. I'm just about ready to take the old server out of the domain and shut Samba off, add the new server to the domain and start Samba up on the new server. But I'm now wonering if there is something else that I need to do before I actually do the cut-over to prevent the clients from loosing printing ability (without my intervention at every machine that is). So, can anyone give me advise, calming words or directions on how to best proceed? Have you transferred all the drivers etc? (Printer drivers uploaded to the print server) My print server is used to supply RAW print queues...I've recreated all of those in CUPS and I can see them from a Workstation. Are you also upgrading Samba at the same time? Yes. From 3.0.9 something (Red Hat Enterprise 3.0) to Samba 3.0.14 something (Ubuntu). Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Replacing a Samba+CUPS Print Server
I've had a Samba print server in my network for nearly 4 years now. The time has come for me to replace it with a more powerful machine. I have nearly 50 client machines (Windows 2000 and XP) attached to the printers that the existing server has and I don't want to have to touch them during this upgrade. I already have the new server built. Samba and CUPS are both ready for the cut-over, but I'm concerned about the clients loosing connection to the printers once the new server comes online. I have made sure to duplicate the printer's names exactly. I have made sure that the new server has the exact netbios name of the old server. I'm just about ready to take the old server out of the domain and shut Samba off, add the new server to the domain and start Samba up on the new server. But I'm now wonering if there is something else that I need to do before I actually do the cut-over to prevent the clients from loosing printing ability (without my intervention at every machine that is). So, can anyone give me advise, calming words or directions on how to best proceed? Thanks, -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.9 == 3.0.14a migration LDIF problem
(This time to the list) Andrew and Craig: Thank you both for replying. Following Andrew's advice, I set out to add the line objectClass: account to all of my computer accounts in the LDIF. (None of them had this declaration) After that was acommplished, I tried to re-import the LDIF. The process got much farther than before, but it again failed a computer account. A little closer investigation revealed a difference in these accounts. And it appears to be coincidental to certain point in time. All of the older accounts are one way and the newer accounts are a different way. Now, I'm wondering which the proper way for me moving forward. Here are the examples: Old computer account === dn: uid=nei-10$,ou=Computers,dc=nesbitt,dc=local uidNumber: 1008 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false objectClass: top objectClass: posixAccount objectClass: sambaSamAccount objectClass: account uid: nei-10$ displayName: NEI-10$ cn: NEI-10$ description: Computer sambaSID: S-1-5-21-3325760187-3909277049-4208064797-3016 sambaPrimaryGroupSID: S-1-5-21-3325760187-3909277049-4208064797-2107 sambaAcctFlags: [W ] sambaLogonTime: 0 sambaLogoffTime: 0 sambaKickoffTime: 0 sambaPwdMustChange: 2147483647 sambaPwdCanChange: 1130941262 sambaNTPassword: 3520D823FF3A3EA0D246ACF5D99F5061 sambaPwdLastSet: 1130941262 modifiersName: cn=Manager,dc=nesbitt,dc=local modifyTimestamp: 20051102142102Z === New computer account: === dn: uid=stargazer$,ou=Computers,dc=nesbitt,dc=local objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount objectClass: account cn: stargazer$ sn: stargazer$ uid: stargazer$ uidNumber: 1081 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false description: Computer creatorsName: cn=Manager,dc=nesbitt,dc=local createTimestamp: 20040309024546Z sambaSID: S-1-5-21-3325760187-3909277049-4208064797-3162 sambaPrimaryGroupSID: S-1-5-21-3325760187-3909277049-4208064797-2107 displayName: stargazer$ sambaPwdMustChange: 2147483647 sambaAcctFlags: [W ] sambaPwdCanChange: 1078869765 sambaLMPassword: F8490F746485FE71A1E92A4788FB2592 sambaNTPassword: F8490F746485FE71A1E92A4788FB2592 sambaPwdLastSet: 1078869765 modifiersName: cn=Manager,dc=nesbitt,dc=local modifyTimestamp: 20040309220245Z === When I run the LDIF import, I get this error: slapadd: dn=uid=stargazer$,ou=Computers,dc=nesbitt,dc=local (line=2415): (65) invalid structural object class chain (inetOrgPerson/account) My gut tells me the new definition minus the objectClass: account is the way to go, but before I do anything else, I'd like to know. John T: If you're reading this, it might not be a bad idea to show the proper basic requirements for each of the account types in LDIF format somewhere in one of your books. I searched through both of them looking for the answer to this and couldn't find it. Maybe it would help someone in the future. Thanks in advance, Kevin -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Thursday, December 01, 2005 4:11 PM To: Collins, Kevin Cc: samba@lists.samba.org Subject: Re: [Samba] Samba 3.0.9 == 3.0.14a migration LDIF problem On Thu, 2005-12-01 at 15:52 -0500, Collins, Kevin wrote: I'm trying to migrate my existing RedHat ES Samba PDC to Ubuntu. I'm certain that is caused by the differing version of OpenLDAP that I'm running, Yes, it is the OpenLDAP upgrade that is causing you pain. dn: uid=magellan$,ou=Computers,dc=nesbitt,dc=local uidNumber: 1040 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false objectClass: top objectClass: posixAccount objectClass: sambaSamAccount Can someone give me a pointer as to what I'm doing wrong? In this specific instance you are missing an objectClass: account Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba LDAP Tools and mkntpwd
I'm in the middle of Samba 3.0.9 == 3.0.14a migration testing. Because I'm using newer tools, I am also using a newer verions of the Samba LDAP Tools. My older version, 0.8.4, used the 'mkntpwd' utility to generate NT passwords. The new version, 0.9.1 defaults to using (what looks like) a Perl module called Crypt::SmbHash. My questions: Do I need to continue to use mkntpwd? Will I need to reset all the passwords for my users if I move to Crypt::SmbHash? Or will it just work if I leave the defaults alone? -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.9 == 3.0.14a migration LDIF problem
I'm trying to migrate my existing RedHat ES Samba PDC to Ubuntu. The RedHat version of Samba is 3.0.9 and the Ubuntu version is 3.0.14a. Everything was going fine until I tried to import the LDIF of the existing LDAP directory. The LDIF actually imports all of the structure (OU and Group definitions) and all of my users, but it fails when it comes to my first machine account with this error: == slapadd: dn=uid=magellan$,ou=Computers,dc=nesbitt,dc=local (line=1437): (65) no structural object class provided == I'm certain that is caused by the differing version of OpenLDAP that I'm running, but for the life of me, I can't find a solution. Here is an example of one of my machine accounts: == -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.9 == 3.0.14a migration LDIF problem
I'm trying to migrate my existing RedHat ES Samba PDC to Ubuntu. The RedHat version of Samba is 3.0.9 and the Ubuntu version is 3.0.14a. Everything was going fine until I tried to import the LDIF of the existing LDAP directory. The LDIF actually imports all of the structure (OU and Group definitions) and all of my users, but it fails when it comes to my first machine account with this error: == slapadd: dn=uid=magellan$,ou=Computers,dc=nesbitt,dc=local (line=1437): (65) no structural object class provided == I'm certain that is caused by the differing version of OpenLDAP that I'm running, but for the life of me, I can't find a solution. Here is an example of one of my machine accounts: == dn: uid=magellan$,ou=Computers,dc=nesbitt,dc=local uidNumber: 1040 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false objectClass: top objectClass: posixAccount objectClass: sambaSamAccount uid: magellan$ displayName: MAGELLAN$ cn: MAGELLAN$ description: Computer sambaSID: S-1-5-21-3325760187-3909277049-4208064797-3080 sambaPrimaryGroupSID: S-1-5-21-3325760187-3909277049-4208064797-2107 sambaAcctFlags: [W ] sambaLogonTime: 0 sambaLogoffTime: 0 sambaKickoffTime: 0 sambaPwdMustChange: 2147483647 sambaPwdCanChange: 1121708732 sambaNTPassword: 763BF0E6707F001EFC3A10BC2BCAA57C sambaPwdLastSet: 1121708732 modifiersName: cn=Manager,dc=nesbitt,dc=local modifyTimestamp: 20050718174532Z == Can someone give me a pointer as to what I'm doing wrong? -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Horrible Linux/Samba vs Windows political battle - can you help?
Gregory, I am the System Manager for a 45 person Consulting Engineering firm that is spread across three locations. We use Samba to provide file/print and authentication services for the entire company. I have one PDC and two BDCs tied together over three VPNs to make it all work. We still have one Windows 2000 server in our network, but that is to support a couple of License Managers for our CAD software and to maintain Anti-Virus on our desktops. It does not serve any other purpose than that. (In fact we've thought about running these services from inside a VMWare virtual machine on one of our Linux boxes.) We moved from a Windows NT/2000 server controlled setup about 4 years ago. Quite frankly, we haven't looked back. We've enjoyed higher stability and performance from the Linux setup. Our Samba servers are running RHEL3, but we're moving those to Debian during our Christmas break. The only problem that we've had is support. By that I mean, I can pick up the phone and call any Computer Consultant firm in the city and get someone who knows Windows. I can't do that for Linux. But what that has made me do is become a better administrator in the first place. I do more research, testing and planning now than I ever have. I found that I was using the outside support as a crutch. Now I'm not. Don't get me wrong, the support isn't non-existent - just look at this mailing list. But it's just not as easy to procure and waiting is almost always involved. Will we ever go back to Windows? Who knows. But I do know one thing. That move will cost us a ton of money. Right now on Linux, I'm getting file and print services, e-mail, content filtering for e-mail, firewalls, routers, on-site and off-site backups/archives and VPNs mostly for just the cost of the hardware (we use Scalix for E-Mail). I dont know if this will help convince your boss that he can trust your decisions, but I hope so. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -Original Message- From: Gregory A. Cain [mailto:[EMAIL PROTECTED] Sent: Monday, September 19, 2005 7:50 PM To: samba@lists.samba.org Subject: [Samba] Horrible Linux/Samba vs Windows political battle - can you help? Greetings, I am currently the IT Manager for a 30-person architectural firm. About 5 months ago we hired a new employee. He is quite good at what he does. He is also extremely opinionated, particularly when it comes to computer software, including server software. I'm running the office server functions on RedHat, Fedora and Trustix servers. He has managed to convince my boss that there are serious problems with these servers and with Linux in general. After having worked here for over 14 years, I would have hoped my boss would have more trust in my choices. In any case, I now find myself in the position of having to defend my position here. My boss has gone as far as to hire an independent consultant to evaluate our whole network infrastructure, simply on the basis of the new employee's statemenets about the worthlessness of Linux. I do not relish being put in this position, however I'm going to take a stand. If there is anyone reading this who works in the field of architecture or engineering, and with CAD or BIM software, who is using Linux as your server software, I would sure be appreciative it if you could write a testimonial for me to help me convince my boss that migrating from Linux to MS would be a horrible mistake. Also, if you know of any other resources that might be helpful to me, I'd greatly appreciate hearing from you. ANY help would be MUCH appreciated!! Thank you. Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + LDAP over the WAN
Since we're on the subject of Samba over the WAN (BTW, I'm running three offices with a Samba 3.0.9 PDC and two Samba 3.0.9 BDCs over an FreeSwan based WAN and it works just fine. The WINS server is a must in my book though.) Last Thursday and Friday, one of the remove office's WAN lines went down. While the outages were significant, nothing major happened because of it. But, it got me thinking about what *could* have happened and that has raised these questions. Background: All servers running RHEL 3.0, up2date'd. Samba version is 3.0.9.something.that.RedHat.Adds OpenLDAP used for ldapsam password backend. Master OpenLDAP server is located in my office, each office has a replica. 1). If someone would have decided to change their password while the line was down, what would have been the net effect? I know the change would not have been applied to the replica LDAP server, but would it have been queued until the Master LDAP server could have been contacted? 2). I know that each workstation in the domain changes its machine password at a random time, what would have happened during this process if the WAN was down? 3). Are there any other problems that could be caused by a WAN outage that can be called disasterous? What would those be? 4). Any recommendations to minimize No. 3 above? -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Question about LDAP migration...
Yesterday I started to build a test network to evaulate our planned move to Samba 3.0.14 and Debian. I started off by duplicating our LDAP directory. On the exisiting Samba PDC/LDAP master machine, I did: slapcat -v -l old.ldif I put the 'old.ldif' file onto a floppy disk, went to the lab's server and performed slapadd -v -l /media/floppy/old.ldif The process stopped on the Administrator user complaining about error No. 65, No Structural Object Class Provided. I took a look at the LDIF file and compared my normal user account to that of the Administrator account. The only difference between the two were the following lines: objectClass: top objectClass: account Both of these lines were missing from the Administrator account's definition. I was able to add just the 'objectClass: account' line to the definition and the import process worked fine after that. My question is this: My existing LDAP directory doesn't have thais definition and I'm able to use the Administrator account without problems. So, why am I getting this error? Additionally, what impact will this change have (if any)? The unmodified Administrator LDAP definition: dn: uid=Administrator,ou=Users,dc=nesbitt,dc=local cn: Administrator objectClass: posixAccount objectClass: sambaSamAccount gidNumber: 512 uid: Administrator homeDirectory: /home/ loginShell: /bin/false gecos: Netbios Domain Administrator sambaPrimaryGroupSID: S-1-5-21-3325760187-3909277049-4208064797-512 sambaPwdMustChange: 2147483647 sambaAcctFlags: [U ] sambaHomePath: \\stargazer\homes sambaProfilePath: \\stargazer\profiles sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaHomeDrive: H: sambaLMPassword: [ *** REMOVED *** ] sambaNTPassword: [ *** REMOVED *** ] sambaSID: S-1-5-21-3325760187-3909277049-4208064797-1000 uidNumber: 0 sambaPwdCanChange: 1078782115 sambaPwdLastSet: 1078782115 modifiersName: cn=Manager,dc=nesbitt,dc=local modifyTimestamp: 20040308214155Z userPassword:: [ *** REMOVED *** ] -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Question about LDAP migration...
My question is this: My existing LDAP directory doesn't have thais definition and I'm able to use the Administrator account without problems. So, why am I getting this error? Additionally, what impact will this change have (if any)? Are you running the same version of ldap server on both machines? This sounds a lot like the changes we had to deal with when going from OLDAP 2.0 - 2.1. I can't remember offhand what we did, but I could be pressed to find it maybe ;) Paul, Thanks for the reply You're right, my existing server is running OpenLDAP 2.0.27 and my lab's server is running OpenLDAP 2.2.23. I guess the biggest concern I have is any problems that may have come into play because of the version differences. I'm using this lab as a practice run for the real upgrade later in the year. I'd like to resolve all o fhte issues now and not then. ;-) Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Off line folders
I may be able to help on this one...we were having a similar problem and just last week cured it. (I hope!) I had to do two things: 1). On the clients having this problem, edit this registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\NetCache\GoOff lineOnSlowLink. If it's not there (as in my case) you may have to add the last key. Make sure it's a DWORD Value when you add it. Then set it's value to 1. Restart the computer. 2). Next define a group policy that determines what a Slow Link is. Run GPEDIT.msc from a command line and then look for the following selection: Computer Configuration-Adminstrative Templates-Network-Offline Files-Configure Slow Link Speed. I set it to a ridulously low speed - 32k - as I never hope to see my 100Mb/s network reduced to that little amount of bandwidth. Since then my users have not been offline once. (Unless of course they actually are disconnected from my network.) I hope I've helped. Kevin -Original Message- From: Graeme Walker [mailto:[EMAIL PROTECTED] Sent: Sunday, January 09, 2005 2:24 PM To: samba@lists.samba.org Subject: [Samba] Off line folders Hi I keep having problems with XP machines connecting to a Samba server (3.0.9), where the users keep going off line, small 20 user network, not network perfomance issues. Disable off line folders and all works. Reason for off line folders, it is a laptop and mydocs sits on server, also acts as a backup and server is backed up. Thanks Graeme -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Slow network and 100% CPU
I don't know if this is your problem, but I had a similar problem with Samba 2.2.8 + LDAP. It turns out that my server was running out of file handles. The culprit was NSCD. I killed it off and things have been fine ever since. Good luck. Kevin -Original Message- From: Stéphane Purnelle [mailto:[EMAIL PROTECTED] Sent: Monday, January 03, 2005 10:02 AM To: samba@lists.samba.org; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Samba] Slow network and 100% CPU Hi, I have a samba server which functioned correctly. Only, since 2 weeks, the users have complained about slowness networks and the server is to 100% CPU on the initial process smbd. My version is 3.0.7 and I have a Windows 2000 WINS server for netbios resolution. The samba server use nscd and ldap for password module. I upgraded to samba 3.0.10 for a test, but the problem is not resolved. I would like to know how to determine if is the samba server or the ldap server or is the nscd or is the wins server or is a conflict between to computers which have the same IP adress cause these problems. I don't found in log a trace that is a samba problem. Sometimes I read connection reset by peer and also in nmbd.log, I can read Failing wins test #1. Any information is very apprecied Thank you -- Stéphane Purnelle [EMAIL PROTECTED] Site Web : http://www.linuxplusvalue.be -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrading Samba Print Server
This weekend I'm planning on replacing my exisiting Print Server with shiny new hardware. (YEA!!!) But I'm concerned about the 50+ users that I have connected to the 10 printers this machine shares. Is there anything I need to do to make this a quick/easy/painless process? I know I'll have to re-create the printer definitions in the CUPS manager, which should be no problem. But I'm more concerned about having to touch every workststation *after* the upgrade to reconnect to the printers. I need to know whatever I need to avoid having to do that. Currently the server is running Red Hat Enterprise 3 + Samba 3.0.9 + CUPS and is a member server in my Samba+LDAP domain. I'm going to be replacing it with Debian Sid + Samba 3.0.10 + CUPS. Any help, tidbits of wisdom, or other info will be welcomed... -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: Re-2: [Samba] Samba 3.0.9 doesn't remove printjobs ?
Can you be a little more specific about the access rights you changed? Were they CUPS rights or Samba rights? What did you change them to? No one here (except for myself) ever accesses the web front-end for CUPS, we simply use the Windows printer queues. Thanks in advance, Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 22, 2004 2:56 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re-2: [Samba] Samba 3.0.9 doesn't remove printjobs ? Original Message Subject: RE: [Samba] Samba 3.0.9 doesn't remove printjobs ? (21-Dez-2004 16:50) From:[EMAIL PROTECTED] To: [EMAIL PROTECTED] Christian: I use SuSe 9.0 and the related Samba builds, so it seems not to be a RH only problem. Now the funny thing: since about 2 days the problem doesn't arise any more! The only related thing I did on the server was to modify access rights and restart the CUPS server because of authorization problems of some users using the CUPS web frontend (but I don't understand the relationship of these things). So, for me it works by now, but I don't know a general solution! Greetings and Merry Christmas Thomas The print jobs are working just fine, they simply seem to be hanging around in the client's queues. Any idea when the updated packages will be out? Kevin -Original Message- From: Christian Merrill [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 10:36 AM To: Collins, Kevin Cc: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: Re: [Samba] Samba 3.0.9 doesn't remove printjobs ? Collins, Kevin wrote: We just upgraded to Samba 3.0.9 (RedHat Enterprise 3 packages) this weekend and are now seeing similar issues on our workstations. I do not see any printing related errors in our logs however. I do however see these backed up print queues on every workstation. We run a mix of Windows 2000 (SP4) and XP Pro (SP2) machines. So it appears, at least in my case, that it's /not/ an XP-SP2 only issue. One other thing to note: We're in the midst of testing/deploying Debian Sarge servers to replace the RedHat boxes. On a whim this morning, I created a print server using one of my already-in-place Debian machines. To my amazement, the printer that I have hanging off of the Debian box does /not/ have this issue. What's odd about this...both of the print servers are running version 3.0.9. I've used the supplied distro's packages and not built from source in either case. So it appears from my simple tests, that something is different in the Debian build of Samba that cures this issue. A couple things that need to be said about this...I've only hung one printer off of the Debian box. In addition, I've only had two workstations printing to it - one XP-SP2 and one W2k-SP4. So it may very well have something to do with load or other such factor. But the problem has not yet appeared with the Debian package. I hope that this gives someone on the development team some clue as to the exact nature of the problem. I'll be available to answer any questions or fill any need for information that I can. Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 14, 2004 12:25 PM To: [EMAIL PROTECTED] Subject: [Samba] Samba 3.0.9 doesn't remove printjobs ? Hello! I'm using samba with CUPS printing (with raw passthru) for a long time now and it worked very well. But after upgrading my samba installation from 3.0.2 to 3.0.9, the printjobs (sent from XP Workstations) aren't removed from the joblist anymore. Means: the job is printed correctly, but opening the printqueue on the XP machine still contains the job (not only mine, but jobs from every user who sent one). When I now delete them manually, they're gone. Since I can't find any remaining SMB or CUPS spool-files, (thought about missing access rights for deletion) I don't know what to look for. The only error message I found is: tdb(/var/lib/samba/printing/Kyocera7000.tdb): rec_read bad magic 0xd9fee666 at offset=26084 in /var/log/samba/smbd (but I got this message sometimes before the upgrade too ...) Thanks for some hints on that (2) problem(s) Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Are you seeing a problem where windows clients are able to print but the print queues never clear? Or are they not even printing? If you are experiencing the former then this is a RH samba problem
RE: [Samba] Samba 3.0.9 doesn't remove printjobs ?
We just upgraded to Samba 3.0.9 (RedHat Enterprise 3 packages) this weekend and are now seeing similar issues on our workstations. I do not see any printing related errors in our logs however. I do however see these backed up print queues on every workstation. We run a mix of Windows 2000 (SP4) and XP Pro (SP2) machines. So it appears, at least in my case, that it's /not/ an XP-SP2 only issue. One other thing to note: We're in the midst of testing/deploying Debian Sarge servers to replace the RedHat boxes. On a whim this morning, I created a print server using one of my already-in-place Debian machines. To my amazement, the printer that I have hanging off of the Debian box does /not/ have this issue. What's odd about this...both of the print servers are running version 3.0.9. I've used the supplied distro's packages and not built from source in either case. So it appears from my simple tests, that something is different in the Debian build of Samba that cures this issue. A couple things that need to be said about this...I've only hung one printer off of the Debian box. In addition, I've only had two workstations printing to it - one XP-SP2 and one W2k-SP4. So it may very well have something to do with load or other such factor. But the problem has not yet appeared with the Debian package. I hope that this gives someone on the development team some clue as to the exact nature of the problem. I'll be available to answer any questions or fill any need for information that I can. Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 14, 2004 12:25 PM To: [EMAIL PROTECTED] Subject: [Samba] Samba 3.0.9 doesn't remove printjobs ? Hello! I'm using samba with CUPS printing (with raw passthru) for a long time now and it worked very well. But after upgrading my samba installation from 3.0.2 to 3.0.9, the printjobs (sent from XP Workstations) aren't removed from the joblist anymore. Means: the job is printed correctly, but opening the printqueue on the XP machine still contains the job (not only mine, but jobs from every user who sent one). When I now delete them manually, they're gone. Since I can't find any remaining SMB or CUPS spool-files, (thought about missing access rights for deletion) I don't know what to look for. The only error message I found is: tdb(/var/lib/samba/printing/Kyocera7000.tdb): rec_read bad magic 0xd9fee666 at offset=26084 in /var/log/samba/smbd (but I got this message sometimes before the upgrade too ...) Thanks for some hints on that (2) problem(s) Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.9 doesn't remove printjobs ?
Christian: The print jobs are working just fine, they simply seem to be hanging around in the client's queues. Any idea when the updated packages will be out? Kevin -Original Message- From: Christian Merrill [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 10:36 AM To: Collins, Kevin Cc: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: Re: [Samba] Samba 3.0.9 doesn't remove printjobs ? Collins, Kevin wrote: We just upgraded to Samba 3.0.9 (RedHat Enterprise 3 packages) this weekend and are now seeing similar issues on our workstations. I do not see any printing related errors in our logs however. I do however see these backed up print queues on every workstation. We run a mix of Windows 2000 (SP4) and XP Pro (SP2) machines. So it appears, at least in my case, that it's /not/ an XP-SP2 only issue. One other thing to note: We're in the midst of testing/deploying Debian Sarge servers to replace the RedHat boxes. On a whim this morning, I created a print server using one of my already-in-place Debian machines. To my amazement, the printer that I have hanging off of the Debian box does /not/ have this issue. What's odd about this...both of the print servers are running version 3.0.9. I've used the supplied distro's packages and not built from source in either case. So it appears from my simple tests, that something is different in the Debian build of Samba that cures this issue. A couple things that need to be said about this...I've only hung one printer off of the Debian box. In addition, I've only had two workstations printing to it - one XP-SP2 and one W2k-SP4. So it may very well have something to do with load or other such factor. But the problem has not yet appeared with the Debian package. I hope that this gives someone on the development team some clue as to the exact nature of the problem. I'll be available to answer any questions or fill any need for information that I can. Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 14, 2004 12:25 PM To: [EMAIL PROTECTED] Subject: [Samba] Samba 3.0.9 doesn't remove printjobs ? Hello! I'm using samba with CUPS printing (with raw passthru) for a long time now and it worked very well. But after upgrading my samba installation from 3.0.2 to 3.0.9, the printjobs (sent from XP Workstations) aren't removed from the joblist anymore. Means: the job is printed correctly, but opening the printqueue on the XP machine still contains the job (not only mine, but jobs from every user who sent one). When I now delete them manually, they're gone. Since I can't find any remaining SMB or CUPS spool-files, (thought about missing access rights for deletion) I don't know what to look for. The only error message I found is: tdb(/var/lib/samba/printing/Kyocera7000.tdb): rec_read bad magic 0xd9fee666 at offset=26084 in /var/log/samba/smbd (but I got this message sometimes before the upgrade too ...) Thanks for some hints on that (2) problem(s) Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Are you seeing a problem where windows clients are able to print but the print queues never clear? Or are they not even printing? If you are experiencing the former then this is a RH samba problem that should have been fixed by now -- please let me know. It also warrants mentioning (per an earlier thread) that our 3.0.9 packages are likely going to be revised in a very short period of time to fix a kerberos related problem. Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Minor annoyances: Samba 3.0.2/Win2k and WinXP
Lueck, Micheal wrote: Collins, Kevin wrote: My network is controlled by a Red Hat ES 3 server running Samba 3.0.2... Samba 3.0.2 IS pretty old these days... I'd suggest taking the time to get up to 3.0.9 and then seeing where you stand. Remember to test on non production servers when at all possible, or stock up on pizza and H2O! ;-) -- Michael Lueck Lueck Data Systems Ok, after some testing, this weekend we upgraded our Samba servers to 3.0.9. In our lab, the symptoms described in the Laptop section of the original posting went away. We did duplicate this with 3.0.2 in our lab, and an upgrade to 3.0.7 is where the problem actually stopped. We went ahead and tested 3.0.9 as well, as this is the version that Red Hat is pushing with up2date. Again, the problem did not manifest itself. The upgrade came off without a hitch. All of my machines were working as normal this morning. Until about 3 minutes ago. One of our Laptop Users were forced offline again. This time, he actually lost work because of the syncing process. So needless to say, it's back on top of my 'Giant List O'things to Fix'. So, besides the information contained in the original post (http://lists.samba.org/archive/samba/2004-December/096759.html), what more is needed to continue down the path to fix this problem? Thanks in advance, Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrade from 3.0.2 -- 3.0.7
I'm contemplating the upgrade for my production network from (Red Hat Enterprises') version 3.0.2 to 3.0.7 (which is the latest from Red Hat). So I start to peruse the changelog and I see this: Syntax errors in the OpenLDAP schema file (samba.schema). as one of 4 bullet items at the top of the Samba 3.0.7 changelog. This has me a bit concerned. My production environment is based on an LDAP backend of for Samba and I need to be sure that the upgrade will not toast my setup. Here are my questions: 1). Can someone give me more detail on the syntax errors that were corrected? 2). Also, what (if any) effect will I see if I use my existing schema/directory with the 3.0.7? 3). What's the proper procedure to upgrade the directory so that it *can* use the updated schema? I've just started investigating the upgrade so forgive me if these questions have been answered somewhere else. Thanks in advance for any help. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Minor annoyances: Samba 3.0.2/Win2k and WinXP
I have three users that are having trouble with my Samba network. This trouble is composed of two (possibly distinct) issues. My network is controlled by a Red Hat ES 3 server running Samba 3.0.2 with an LDAP backend. Issue 1: Laptop users, with Offline Files that are made of their My Documents directories. These directories are stored on the Samba server (so they can be backed up) and sync'ed so they can use them on the road. This issue is intermittent, but when it happens, it *really* happens. The symptoms are the machine will complain that it's Working Offline and ask the user to click an icon in the taskbar to restore the connections. They do, the machine goes back online and things are fine for a varying amount of time (between 10 seconds and days to months). Then the cycle starts all over again. Both of the affected machines are running Windows XP Pro with all of the patches/service packs etc. applied to them. Issue 2: Windows 2000 Pro desktop user. This issue manifests itself as an error message when the user goes to save a file. The error message is: An error occurred while reconnecting Drive Letter: to \\Server\sharename. Microsoft Windows Network: The local device name is already in use. The connection has not been restored. Even though the error message leads the user to believe that something bad has happened, the file he is trying save *is* saved, and no problems exist. This used to happen from time to time, now it has become a normal happening instead of a rare occurrence. I've googled my heart out and have very little info on Issue No. 1, but a lot on Issue No. 2. It seems as though they might be related, but I can't pin any one thing to both of them. All of the info I can find on No. 2, seems to blame either/and a busy network or Microsoft for the problem, but no solution has been offered that actually fixes the problem. I can find evidence of this happening all the way back to 2000 - so I know I'm not alone here. I do have a busy network, but nothing that my systems can not deal with. The biggest problem that I have with all of this is that it only affects these three computers. The remainder of my network appears to be unaffected by them (about 30 computers). So my question is: Does anyone have a solution to this problem? Anyone have a similar issue that we can compare notes on? -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + LDAP PDC on Gentoo
Has anyone got this setup running? Can you point me to a HOWTO? I'm stuck with a problem in smbldap_tools.pm when I do any kind of basic thing. I keep getting this error: == vulcan root # smbldap-usershow.pl Administrator Can't call method search on an undefined value at /usr/lib/perl5/5.8.4/i686-linux/smbldap_tools.pm line 595. == Another thing that's puzzling me is the lack of PAM/NSS/LDAP intermingling. I can't do a getent passwd Administrator and get a positive result. Yet I can cleary see that I have an Administrator account with slapcat: == dn: uid=Administrator,ou=Users,dc=nei-ky,dc=com cn: Administrator sn: Administrator objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount gidNumber: 512 uid: Administrator uidNumber: 998 homeDirectory: /home/ sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\vulcan\homes sambaHomeDrive: H: sambaProfilePath: \erase\me sambaPrimaryGroupSID: S-1-5-21-2155631241-3177187520-276014414-512 sambaLMPassword: XXX sambaNTPassword: XXX sambaAcctFlags: [U ] sambaSID: S-1-5-21-2155631241-3177187520-276014414-2996 loginShell: /bin/false gecos: Netbios Domain Administrator structuralObjectClass: inetOrgPerson entryUUID: a72b1fa4-c3aa-1028-83b5-f53b37bd2261 creatorsName: cn=Manager,dc=nei-ky,dc=com createTimestamp: 20041105191425Z entryCSN: 2004110519:14:25Z#0x0005#0# modifiersName: cn=Manager,dc=nei-ky,dc=com modifyTimestamp: 20041105191425Z == So basically I'm looking for any pointers at all. :) -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba + LDAP PDC on Gentoo - UPDATE
I've been able to get PAM/NSS/LDAP working properly - silly typo. Still failing on the smbldap-tools use though. :( Kevin Has anyone got this setup running? Can you point me to a HOWTO? I'm stuck with a problem in smbldap_tools.pm when I do any kind of basic thing. I keep getting this error: == == == vulcan root # smbldap-usershow.pl Administrator Can't call method search on an undefined value at /usr/lib/perl5/5.8.4/i686-linux/smbldap_tools.pm line 595. == == == Another thing that's puzzling me is the lack of PAM/NSS/LDAP intermingling. I can't do a getent passwd Administrator and get a positive result. Yet I can cleary see that I have an Administrator account with slapcat: == == == dn: uid=Administrator,ou=Users,dc=nei-ky,dc=com cn: Administrator sn: Administrator objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount gidNumber: 512 uid: Administrator uidNumber: 998 homeDirectory: /home/ sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\vulcan\homes sambaHomeDrive: H: sambaProfilePath: \erase\me sambaPrimaryGroupSID: S-1-5-21-2155631241-3177187520-276014414-512 sambaLMPassword: XXX sambaNTPassword: XXX sambaAcctFlags: [U ] sambaSID: S-1-5-21-2155631241-3177187520-276014414-2996 loginShell: /bin/false gecos: Netbios Domain Administrator structuralObjectClass: inetOrgPerson entryUUID: a72b1fa4-c3aa-1028-83b5-f53b37bd2261 creatorsName: cn=Manager,dc=nei-ky,dc=com createTimestamp: 20041105191425Z entryCSN: 2004110519:14:25Z#0x0005#0# modifiersName: cn=Manager,dc=nei-ky,dc=com modifyTimestamp: 20041105191425Z == == == So basically I'm looking for any pointers at all. :) -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, CUPS and Windows Printer Queue
I've had a Samba 3.0.2 Print Server running for nearly 7 months now without too much of a hitch on RedHat Enterprise ES 3.0. Late last week, RedHat issued an Errata that moved Samba from the 3.0.2 base to the 3.0.4 base. So when I did the up2date this weekend as part of my normal maintenance, this server was updated and everything appeared to be fine. Things are working, print jobs are getting sent so for the most part I am happy. But, I am experiencing one problem. The Windows printer queue (I have a mixed set of clients - mostly Windows 2000 and some Windows XP) show active jobs even *after* the job has completed. I've checked the CUPS Web-Management console and there are no active jobs. Yet on my Windows machine, I have 4 printers that show to have a total of 47 print jobs in the queue. Here is a snippet of the Print Server's smb.conf: = [global] # Server Name and description workgroup = nesbitt.local netbios name = valykyrie server string = Samba 3 Print and Backup Server # Samba log information log file = /var/log/samba/%m.log max log size = 7168 # Security information security = user encrypt passwords = yes # To help performance socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Settings for PDC setup local master = no os level = 0 domain master = no preferred master = no domain logons = no # Activate these Network Services wins server = 10.200.8.253 # LDAP Declarations -- Needed to allow the LDAP backend to work ldap suffix = dc=nesbitt,dc=local ldap admin dn = cn=Manager,dc=nesbitt,dc=local passdb backend = ldapsam:ldap://stargazer.nesbitt.local ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap filter = ((uid=%u)(objectClass=sambaSamAccount)) ldap passwd sync = yes # Global settings for printers printing = cups printcap name = cups load printers = yes use client driver = yes # Oplocks settings - disable all oplocks for compatibility reasons oplocks = no level2 oplocks = no kernel oplocks = no [printers] comment = All Printers path = /var/spool/samba public = yes guest ok = yes writeable = no printable = yes = Has anyone experienced this? What other information is needed to help diagnose this issue? Any help would be welcomed... -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba, CUPS and Windows Printer Queue
David, thanks for the response. I don't believe this is our problem...I'm not having Samba lock-up (or at least not yet); I'm simply seeing every print job that has past though the Samba/CUPS queue remain in the Windows printer queue. Things _seem_ to be otherwise unaffected, this may change and I may indeed experience a lock-up in the end, but I haven't yet. Kevin Hi, I cannot help you, but we have experienced a similar problem with 3.0.2a running on Solaris and cups. Old print jobs remain in the queue, connection to the printers is lost, and worse, samba crashes for the user, causing Outlook to lock up. As a quick fix we have deleted the printing lock files in /usr/local/samba/var/locks. Samba.org have said it may be bug 1147, and recommend upgrading to 3.0.5. If you find anything else I would be interested. David -Original Message- From: Collins, Kevin [mailto:[EMAIL PROTECTED] Sent: 26 July 2004 12:51 To: [EMAIL PROTECTED] Subject: [Samba] Samba, CUPS and Windows Printer Queue I've had a Samba 3.0.2 Print Server running for nearly 7 months now without too much of a hitch on RedHat Enterprise ES 3.0. Late last week, RedHat issued an Errata that moved Samba from the 3.0.2 base to the 3.0.4 base. So when I did the up2date this weekend as part of my normal maintenance, this server was updated and everything appeared to be fine. Things are working, print jobs are getting sent so for the most part I am happy. But, I am experiencing one problem. The Windows printer queue (I have a mixed set of clients - mostly Windows 2000 and some Windows XP) show active jobs even *after* the job has completed. I've checked the CUPS Web-Management console and there are no active jobs. Yet on my Windows machine, I have 4 printers that show to have a total of 47 print jobs in the queue. Here is a snippet of the Print Server's smb.conf: = [global] # Server Name and description workgroup = nesbitt.local netbios name = valykyrie server string = Samba 3 Print and Backup Server # Samba log information log file = /var/log/samba/%m.log max log size = 7168 # Security information security = user encrypt passwords = yes # To help performance socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Settings for PDC setup local master = no os level = 0 domain master = no preferred master = no domain logons = no # Activate these Network Services wins server = 10.200.8.253 # LDAP Declarations -- Needed to allow the LDAP backend to work ldap suffix = dc=nesbitt,dc=local ldap admin dn = cn=Manager,dc=nesbitt,dc=local passdb backend = ldapsam:ldap://stargazer.nesbitt.local ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap filter = ((uid=%u)(objectClass=sambaSamAccount)) ldap passwd sync = yes # Global settings for printers printing = cups printcap name = cups load printers = yes use client driver = yes # Oplocks settings - disable all oplocks for compatibility reasons oplocks = no level2 oplocks = no kernel oplocks = no [printers] comment = All Printers path = /var/spool/samba public = yes guest ok = yes writeable = no printable = yes = Has anyone experienced this? What other information is needed to help diagnose this issue? Any help would be welcomed... -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba, CUPS and Windows Printer Queue
Just one more bit of info...the problem disappeared when I rolled-back to 3.0.2. Also (and I don't know if it matters or not), this machine is part of a Samba/LDAP controlled domain. All during this scenario the PDC was running Samba 3.0.2. I've not yet had enough time to take the PDC down to do the upgrade. Could the mixing of the two versions have caused the problem? Kevin Just a bit more information... On the print server, if I delete /var/cache/samba/printing/printername.tdb, the queue for printername is cleared, but the retention starts again. In addition, I can remove the print jobs from the Windows side by right-clicking on the jobs and selecting Cancel. But again, this doesn't not prevent the next job from being retained. I'm not sure if this helps or makes the diagnosis harder, just thought I'd let everyone know. Kevin David, thanks for the response. I don't believe this is our problem...I'm not having Samba lock-up (or at least not yet); I'm simply seeing every print job that has past though the Samba/CUPS queue remain in the Windows printer queue. Things _seem_ to be otherwise unaffected, this may change and I may indeed experience a lock-up in the end, but I haven't yet. Kevin Hi, I cannot help you, but we have experienced a similar problem with 3.0.2a running on Solaris and cups. Old print jobs remain in the queue, connection to the printers is lost, and worse, samba crashes for the user, causing Outlook to lock up. As a quick fix we have deleted the printing lock files in /usr/local/samba/var/locks. Samba.org have said it may be bug 1147, and recommend upgrading to 3.0.5. If you find anything else I would be interested. David -Original Message- From: Collins, Kevin [mailto:[EMAIL PROTECTED] Sent: 26 July 2004 12:51 To: [EMAIL PROTECTED] Subject: [Samba] Samba, CUPS and Windows Printer Queue I've had a Samba 3.0.2 Print Server running for nearly 7 months now without too much of a hitch on RedHat Enterprise ES 3.0. Late last week, RedHat issued an Errata that moved Samba from the 3.0.2 base to the 3.0.4 base. So when I did the up2date this weekend as part of my normal maintenance, this server was updated and everything appeared to be fine. Things are working, print jobs are getting sent so for the most part I am happy. But, I am experiencing one problem. The Windows printer queue (I have a mixed set of clients - mostly Windows 2000 and some Windows XP) show active jobs even *after* the job has completed. I've checked the CUPS Web-Management console and there are no active jobs. Yet on my Windows machine, I have 4 printers that show to have a total of 47 print jobs in the queue. Here is a snippet of the Print Server's smb.conf: = [global] # Server Name and description workgroup = nesbitt.local netbios name = valykyrie server string = Samba 3 Print and Backup Server # Samba log information log file = /var/log/samba/%m.log max log size = 7168 # Security information security = user encrypt passwords = yes # To help performance socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Settings for PDC setup local master = no os level = 0 domain master = no preferred master = no domain logons = no # Activate these Network Services wins server = 10.200.8.253 # LDAP Declarations -- Needed to allow the LDAP backend to work ldap suffix = dc=nesbitt,dc=local ldap admin dn = cn=Manager,dc=nesbitt,dc=local passdb backend = ldapsam:ldap://stargazer.nesbitt.local ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap filter = ((uid=%u)(objectClass=sambaSamAccount)) ldap passwd sync = yes # Global settings for printers printing = cups printcap name = cups load printers = yes use client driver = yes # Oplocks settings - disable all oplocks for compatibility reasons oplocks = no level2 oplocks = no kernel oplocks = no [printers] comment = All Printers path = /var/spool/samba public = yes guest ok = yes writeable = no printable = yes = Has anyone experienced this? What other information is needed to help diagnose this issue? Any help would be welcomed... -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list
RE: [Samba] Enventid 3224: Errors in chaning machine password. ( eventid 3210)
Maybe :-) This is from eventid.net: http://www.eventid.net/display.asp?eventid=3224source=netlogon It points us to this Knowledgebase article: http://support.microsoft.com/default.aspx?scid=kb;en-us;259736 #appliesto If you got time, can you test the solution described there tomorrow (or today depending on when you read this)? I checked the KB article, and followed its advice. My machines were already configured properly, according to this article. I did however note that if I restarted the computers in question, at least for a while, the message goes away. I rebooted both of my problem machines around 9:00 EDT yesterday and (as yet) have not seen the event ID re-occur. Just FYI... Kevin snip -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Enventid 3224: Errors in chaning machine password.
Hi, HEY! I may not going to be able to help, but I want to chime in here and let you know that you're not alone. :( Maybe with both your information and mine, something will pop-out in the Coder's mind or someone else who has been having the same issue. I got a problem using Samba 3.0.2a w Openldap as passwordstore. When my machines tries to reset their machinepasswords, they report the following error: Eventid: 3224 : stub contained bad data while trying to change the machine password. (please relate to the eventid as the text has been partly translated from norwegian) What I am wondering about is the following: a) Has anyone else experienced errors like this one on ther network and found a solution? While looking through my logs this morning, I came across this exact same error in at least two of my machines (I'm trolling through the others now). The two machines in question have been reporting this error message every 4 hours (approx.) since the first week of the month. b) The computer seems to work for now, Both of the machines are working fine (at the moment). but I wonder ho long it will go on without beeing able to change it's machinepassword. Well, mine have been like this for nearly a month now. Not saying they won't die today, but at least they have that long. c) Is it possible to have the machine log when it has successfully changed the password as well? I think this is an automated process that neither an admin nor Samba can control. FYI, my setup is like this: Samba 3.0.2 PDC with LDAP password backend. Workstations are 99% Windows 2000 Pro w/SP4 (I do have one Windows 98SE box and 2 Windows XP Pro w/SP1 machines floating around). One of the machines in question is running Windows 2000, the other (mine) is running Windows XP. What kind of information would the Devel. Team need to solve this? Since it seems to happen about every 4 hours I could run a level 10 log for my machine and try to capture it. Would that help? -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 and clients loosing home folders
I have a Samba 3.0.2 LDAP-based domain that controls my company's three offices. Outside of some minor hiccups (which we are working through - thanks, John Terpstra) I'm only having one real difficulty. At random times, a group of my users are loosing connection to their home folders. A bit about my setup: Platform: Red Hat Enterprise Linux 3.0 ES Samba version: 3.0.2-6.3E (latest up2date version) Windows version: Primarily Windows 2000 Professional, although I do have a handful of Windows 98 and Windows XP Professional machines around. In the LDAP entry for each user I have the following lines which map Windows drive letter H to point to their home directory on the Linux/Samba server: sambaHomeDrive: H: sambaHomePath: \\samba-server\homes\username This has been working for the most part, but like I said at random times (even while the users are actively using files in their directory) the mapping will just disappear. As you can imagine, this causes all kinds of trouble. It seems only to have affected about 5 people (thus far). For example I have never seen this on my desktop (I'm running Windows XP). So my question to the group is: Has anyone here experienced this kind of behavior? If so, what must be done to fix it? Thanks in advance. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] New Samba 3.0 Schema
I'm in the middle of a migration from Samba 2.2.7a to 3.0. I'm trying to create an LDAP enabled back-end like I had in 2.2.7a. During my testing, I've discovered that I no longer can use the user account information in the LDAP directory to gain Unix shell access as I had previously. This may be by design, but I just want to make sure that I didn't miss something. I have done the following so far: -Built the test server (RedHat Enterprise Linux ES 3.0) -Installed Samba -Installed OpenLDAP -Dumped the previous LDAP directory to an LDIF file -Used 'net rpc getsid' to extract the existing Domain SID -Used 'convertSambaAccount' to translate the old LDAP info to new LDAP info -Used 'slapadd' to import the new info in the LDAP directory -Made changes to /etc/openldap/slapd.conf, /etc/openldap/ldap.conf, /etc/ldap.conf to make the new LDAP directory available -Made changes to /etc/pam.d/system-auth to allow the PAM access to the LDAP directory -Ran authconfig to use LDAP as an authentication source -Rebooted the server -Tried to login using user account information in LDAP -Login fails. While this may not be a bad thing, I will need to discover how to re-enable this for 3 of my 10 machines. BTW, most of what I described above is covered in the IDEALX Samba+LDAP PDC Howto. If I'm looking in the wrong place, just let me know. Thanks, -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and Word 2000 problems
About two weeks ago, I posted a message to the list describing an error that I've been getting with Word 2000 documents. The subject line of that mail was: Samba 2.2.7a and Word 2000 = Corrupted (?) files; I submitted it on 10/15/03. I've not heard from anyone with a response to that inquiry, so I'm yelling for help one more time. I've scoured Google, the mailing-list archives, and as many other sources as I can find and nothing that I've come across has been able to cure my problem. Can someone please help me? I've got an increasing number of people loosing work because of this problem. Thanks in advance for any help. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.7a and Word 2000 = Corrupted (?) files
I have a Samba 2.2.7a PDC (with an OpenLDAP backend) that seems to be giving me trouble. Here's the scoop: I have Windows 2000 Pro clients running Word 2000. Over the past several days, a lot of them have had trouble with their documents - most of the time during a save. The most critical of these failures presents the following error message when saving: Word has lost data due to a bad network connection or missing floppy. Documents relying on this data are going to be saved and then closed. The only option on this dialog is to select OK and word commence to save a rescue document. This takes a VERY long time - in excess of 10 minutes. Immediately following that process Word presents us with another error message: There is an unrecoverable disk error file File Name of Current Document. The disk you're working on has a media problem that prevents Word from using it. Try the following: Try Formatting another disk. Save the document to another disk. Then Word goes and saves a files called Rescued Document #.txt in the user's My Documents folder. Looking at this file is worthless as it appears to be hex-code or something. This basically ends up with the user loosing work - a total of about 9 hours over the past three days in this most extreme case. I have scoured the mailing lists, Google'd for possibilities but have been unable to come up with any solution. I'm hoping someone here has run into this and may be able to point me in the right direction. I have included the smb.conf file from the server in question below - in case it helps. The problem files are stored in home, admin and projects shares. == # * # -- Nesbitt Engineering, Inc. Stargazer Samba Configuration -- # * # This is the main Samba configuration file for Stargazer - NEI's Primary # Domain Controller and Lexington office File Server. # # This configuration file is only to be used for an LDAP enabled server that # will be acting as a PDC. Modifications will be required for member servers # and machine that will act as BDCs. # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this file we have used a # # for commentary and a ; for parts of the config file that are # either not enabled yet, or temporarily disabled # # NOTE: Whenever you modify this file you should run the command testparm # to check that you have not made any basic syntactic errors. # - # Fear the Penguin! # -- Kevin L. Collins # Systems Manager # Nesbitt Engineering, Inc. # * # Changelog: # Date - Version - Change #* Info about change # - # 10/14/04 - 1.1 - Added veto oplock files directives to the homes, admin and # projects shares in the hope of solving MS Word problems. # 06/04/03 - 1.0 - Original Creation # * #= Global Settings [global] # Server Name and description workgroup = nesbitt.local netbios name = stargazer server string = Stargazer - Lexington File Server # Samba log information log file = /var/log/samba/%m.log max log size = 0 # Security information security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u passwd chat = *New*Password* %n\n *Retype*New*Password* %n\n *All*authentication*tokens*updated*successfully* # To help performance socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Settings for PDC setup local master = yes os level = 80 domain master = yes preferred master = yes domain logons = yes logon path = # Activate these Network Services wins support = yes time server = yes # LDAP Declarations -- Needed to allow the LDAP backend to work ldap suffix = dc=nesbitt,dc=local ldap admin dn = cn=Manager,dc=nesbitt,dc=local ldap port = 389 ldap server = 127.0.0.1 ldap ssl = no add user script = /usr/local/sbin/smbldap-useradd.pl -w %m domain admin group = @Domain Admins # Oplocks settings - disable all oplocks for compatibility reasons oplocks = no level2 oplocks = no kernel oplocks = no #= Share Definitions === [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = yes writable = no write list = @domain admins share modes = no [homes]
RE: [Samba] Samba + LDAP + Password Expiry = Almost working...
Hi, I hope I'm not showing my ignorance here, but I'm not following you on this one. Could be a little more specific? Kevin -Original Message- From: Kristyan Osborne [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 16, 2003 6:56 PM To: Collins, Kevin; [EMAIL PROTECTED] Subject: RE: [Samba] Samba + LDAP + Password Expiry = Almost working... Hi, Try looking at the parameter passwd chat = The man pages should help you out here. Cheers --- Kristyan Osborne - IT Technician Longhill High School 01273 391672 -Original Message- From: Collins, Kevin [mailto:[EMAIL PROTECTED] Sent: Tue 16/09/2003 17:53 To: '[EMAIL PROTECTED]' Cc: Subject: [Samba] Samba + LDAP + Password Expiry = Almost working... I've got a Samba 2.2.7a domain with an LDAP backend. It's been working for nearly 3 months now without much bother. By the way: Great work and thanks for all of the effort! I have been missing one minor thing from the setup since I moved away from NT 4: Password Expiration. In the past I have posted questions about this on the list and I've gotten two answers: Wait for 3. or Write your own script to do it for you. Well, I sorta went the second route. By sorta I mean that I modified a pre-existing script to make it do what I wanted it to. What I did was this...I started with IDEALX's howto and scripts to get things going. I had Samba configured to use their smbldap-passwd.pl script to modify passwords. That worked, I could change any Windows account password from Windows or the command line and indeed all three passwords for that user are changed (Unix, LM and NT passwords). I later discovered the LDAP entry pwdMustChange while looking at a user account one day. When I set this to a date inside of 14 days from today, Windows begins to barks about Password will expire in X days - Great I thought I found my solution. But the default password change script wouldn't modify this value. So I modified the script to where it would. This is where my confusion starts. When I run my modified script from the command line, I get the password changes I expect and I get the pwdMustChange date changes I expect too. Cool! I thought - things are coming together. But when I turn to my Windows machine (Windows 2000 or XP) and change my password all I get is the password changes and the value for pwdLastSet being changed. HUH? If Samba is being told to run my script in its configuration file with passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u, then why doesn't it work like when I run it from the command line? To put it simply, when I run my script on the command line, it works - exactly the way I want. When Samba is told to change passwords from a Windows machine, it either doesn't use my script or is passing some other information that causes the script to perform differently. In either case, I have spent the better part of two days looking for cure to this and not been able to find a solution. So, I'm hoping that someone here will be able to help me. I have included the smb.conf file and the modified version of the IDEALX smbpasswd.pl script below. Any help is appreciated. If it comes down to it, I (think I) can create a script that will do what I need outside of the IDEALX stuff, but I would prefer not to as they seem to work so well. SMB.CONF --- # * # -- Nesbitt Engineering, Inc. Stargazer Samba Configuration -- # * # This is the main Samba configuration file for Stargazer - NEI's Primary # Domain Controller and Lexington office File Server. # # This configuration file is only to be used for an LDAP enabled server that # will be acting as a PDC. Modifications will be required for member servers # and machine that will act as BDCs. # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this file we have used a # # for commentry and a ; for parts of the config file that are # either not enabled yet, or temporarly disabled # # NOTE: Whenever you modify this file you should run the command testparm # to check that you have not made
RE: [Samba] Samba + LDAP + Password Expiry = Almost working...
Thanks for the info... I've got a custom version of 2.2.7a with your suggestions building right now on a test machine. I'm like you, I think this is a bug in the code and can not see any reason for it to be doing this. In fact, I think your suggestion about a smb.conf parameter setting the number of days for a password to live is the proper way to go. But I don't know everything... :) Kevin -Original Message- From: Rauno Tuul [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 16, 2003 3:07 PM To: 'Collins, Kevin' Cc: '[EMAIL PROTECTED]' Subject: RE: [Samba] Samba + LDAP + Password Expiry = Almost working... Hi, You almost got it... Samba 2 has a weird behaviour, when using LDAP and passwd program. When you change the password from windows, thnings happen like this: 1) samba reads all the user data from LDAP to memory (doesn't read userpassword) 2) executes the passwd program to change userpassword. I this point your script also sets the new pwdMustChange valus. 3) things get tricky here, when samba writes back all the data, he got from LDAP earlier and changes password hashes. So if your script changes the pwdMustChange value, samba puts it back as it was before :P Workaround is to modify pdb_ldap.c and teach samba not to write back pwdMustChange. It can be achieved with commenting out 2 lines. When samba3 calculates new pwdMustChange based on policy. In samba2 you must do it with scripts. btw, your perl script is way too complex. I attached one my e-mail sent to samba-technical ages ago, where this trick is described. Best regards, Rauno Tuul. -Original Message- From: Collins, Kevin [mailto:[EMAIL PROTECTED] I've got a Samba 2.2.7a domain with an LDAP backend. It's been working for nearly 3 months now without much bother. By the way: Great work and thanks for all of the effort! I have been missing one minor thing from the setup since I moved away from NT 4: Password Expiration. In the past I have posted questions about this on the list and I've gotten two answers: Wait for 3. or Write your own script to do it for you. Well, I sorta went the second route. By sorta I mean that I modified a pre-existing script to make it do what I wanted it to. What I did was this...I started with IDEALX's howto and scripts to get things going. I had Samba configured to use their smbldap-passwd.pl script to modify passwords. That worked, I could change any Windows account password from Windows or the command line and indeed all three passwords for that user are changed (Unix, LM and NT passwords). I later discovered the LDAP entry pwdMustChange while looking at a user account one day. When I set this to a date inside of 14 days from today, Windows begins to barks about Password will expire in X days - Great I thought I found my solution. But the default password change script wouldn't modify this value., but I would prefer not to as they seem to work so well. . -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + LDAP + Password Expiry = Almost working...
I've got a Samba 2.2.7a domain with an LDAP backend. It's been working for nearly 3 months now without much bother. By the way: Great work and thanks for all of the effort! I have been missing one minor thing from the setup since I moved away from NT 4: Password Expiration. In the past I have posted questions about this on the list and I've gotten two answers: Wait for 3. or Write your own script to do it for you. Well, I sorta went the second route. By sorta I mean that I modified a pre-existing script to make it do what I wanted it to. What I did was this...I started with IDEALX's howto and scripts to get things going. I had Samba configured to use their smbldap-passwd.pl script to modify passwords. That worked, I could change any Windows account password from Windows or the command line and indeed all three passwords for that user are changed (Unix, LM and NT passwords). I later discovered the LDAP entry pwdMustChange while looking at a user account one day. When I set this to a date inside of 14 days from today, Windows begins to barks about Password will expire in X days - Great I thought I found my solution. But the default password change script wouldn't modify this value. So I modified the script to where it would. This is where my confusion starts. When I run my modified script from the command line, I get the password changes I expect and I get the pwdMustChange date changes I expect too. Cool! I thought - things are coming together. But when I turn to my Windows machine (Windows 2000 or XP) and change my password all I get is the password changes and the value for pwdLastSet being changed. HUH? If Samba is being told to run my script in its configuration file with passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u, then why doesn't it work like when I run it from the command line? To put it simply, when I run my script on the command line, it works - exactly the way I want. When Samba is told to change passwords from a Windows machine, it either doesn't use my script or is passing some other information that causes the script to perform differently. In either case, I have spent the better part of two days looking for cure to this and not been able to find a solution. So, I'm hoping that someone here will be able to help me. I have included the smb.conf file and the modified version of the IDEALX smbpasswd.pl script below. Any help is appreciated. If it comes down to it, I (think I) can create a script that will do what I need outside of the IDEALX stuff, but I would prefer not to as they seem to work so well. SMB.CONF --- # * # -- Nesbitt Engineering, Inc. Stargazer Samba Configuration -- # * # This is the main Samba configuration file for Stargazer - NEI's Primary # Domain Controller and Lexington office File Server. # # This configuration file is only to be used for an LDAP enabled server that # will be acting as a PDC. Modifications will be required for member servers # and machine that will act as BDCs. # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this file we have used a # # for commentry and a ; for parts of the config file that are # either not enabled yet, or temporarly disabled # # NOTE: Whenever you modify this file you should run the command testparm # to check that you have not made any basic syntactic errors. # - # Fear the Penguin! # -- Kevin L. Collins # Systems Manager # Nesbitt Engineering, Inc. # * # Changelog: # Date - Version - Change #* Info about change # - # 06/04/03 - 1.0 - Original Creation # * #= Global Settings [global] # Server Name and description workgroup = nesbitt.local netbios name = stargazer server string = Stargazer - Lexington File Server # Samba log information log file = /var/log/samba/%m.log max log size = 0 # Security information security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u passwd chat = *New*Password* %n\n *Retype*New*Password* %n\n *All*authentication*tokens*updated*successfully* # To help performance socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Settings for PDC setup local master = yes os level = 80 domain master = yes preferred master = yes domain logons = yes
[Samba] Too Many Open Files problem...
I have a problem on the two heaviest-used Samba servers in my company. They both are exhibiting the same problem, just in different ways. Stargazer is my Main File and LDAP directory server - it functions as the PDC for my network. It's running Red Hat Enterprise Linux ES 2.1, a recompiled custom Red Hat ES version of Samba 2.2.7 (to add LDAP functionality), and OpenLDAP 2.0.27. Valykyrie is my Print and Backup server. It's running Red Hat 8.0, a recompiled Red Hat 8 version of Samba 2.2.7 (as above), OpenLDAP 2.0.27 and CUPS 1.1.17. With the exceptions of configuration for Primary LDAP server/LDAP client, the machines are configured roughly the same. Both were constructed using the IDEALX.org Samba+LDAP HOWTO. And both run quite well - for a while. Then, they will quit responding to connection requests an even local logon requests. This doesn't happen at the same time on both machines - it appears that the failures are not connected in any way other than both system logs report Too many open files. On Stargazer it seems to be associated with OpenLDAP (slapd) and Valykyrie's problems seem to stem from nscd. This is shown in the following snippets from each /var/log/messages: STARGAZER: --- Aug 24 20:20:00 stargazer slapd[32271]: warning: cannot open /etc/hosts.allow: Too many open files Aug 24 20:20:00 stargazer slapd[32271]: warning: cannot open /etc/hosts.deny: Too many open files Aug 24 20:20:00 stargazer slapd[32271]: warning: cannot open /etc/hosts.allow: Too many open files Aug 24 20:20:00 stargazer slapd[32271]: warning: cannot open /etc/hosts.deny: Too many open files --- VALYKYRIE: --- Sep 2 03:25:38 valykyrie nscd: 718: while accepting connection: Too many open files --- The reason I post this inquiry here is that both machines are running Samba and as such both depend on these daemons for proper functioning. I am hoping that someone on the list will be able to give a pointer as to the cause of the problem. If I need to ask this elsewhere, please advise me. I have 5 other machines running Samba just not with the load of the these two. The other machines seem to be unaffected by this problem - as yet. Any help will be appreciated... -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Viruses and the list
-Original Message- From: [EMAIL PROTECTED] Looks like it's the Virus is forging my address now... :-( Jeesh. What a waste. If the guys writing viruses would put their energies into REAL code, we'd be so much farther ahead. Later, -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Minor Problem - Samba 2.2.7+LDAP
I've got a Red Hat Enterprise ES Linux Server running Samba 2.2.7a and OpenLDAP 2.0.27 as my PDC in my main office. I have on rare occasions gotten error messages from my users that seem to be tied to MS Office 2000 files (Word in particular) similar this: An error occurred while connecting P: to \\stargazer\projects. Microsoft Windows Network: The local device name is already in use. This connection has not been restored. This is from a Windows 2000 Pro machine running SP2 and Word 2000 as part of Office 2000 Professional SP1. The drive letter P is mapped at logon and is available the entire time that this error message is present. The message (in most cases) is presented when the user goes to save the file in question. 99% of the time the file is correct and current and nothing is lost. There have been times where Word will crash after this error, but the file is still intact. I've got about 20 people using this server and only a handful of them ever see this message. I have oplocks, kernel lock and level2 oplocks disabled in the global section of the samba.conf. Has anyone else seen this before? -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] LDAP winbind
I have been searching a bit for documentation on the use of LDAP in conjunction with winbindd. Can anyone please point me to further documentation (if it exists) on the use of these two products together in Samba 3 and what functionality they provide as a whole solution? I know how winbind works but I am confused about the LDAP backend. Can winbind populate (and keep updated) the LDAP directory? As a little background... I have a Win2k PDC and am adding two new Redhat 9 Samba 3 servers. Does it make any sense to have LDAP in this environment? Winbind too? Jeremy, In my mind, if you already have a W2k PDC, then you shouldn't need LDAP in the mix. I'd point the new RH servers to the PDC with WINBINDD and be done with it. For what it's worth - just my 2 cents. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Disable roaming profiles samba-2.2.7a from RH8.0
I'm trying to definitely disable roaming profiles for my Windows 2000 clients. I've got a PDC with redhat 8 and samba-2.2.7a. To achieve this I've commented out the line logon home logon path. When I ^ What you need to remember is that Samba _by_default_ will enable the roaming profile setting (logon path) and you must tell it not to. What I did on my PDC is instead of commenting out the logon path directive I set it to nothing, i.e.: logon path = It fixed my roaming profile issues. Hope it helps... -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Minor problem with CUPS printing.
Kevin, I have that same message on my win2k machine. I can print, and all is fine. One of the points, is that if you double click on the printer folder, the printers inside that folder do not give you that error. The only ones that I get that error from is the ones that are on the same page as the shares. Steven Steven, I see what you're saying - mine is the same way. That is curious. As I said, this doesn't prevent me from printing, just monitoring/modifying the queue which is what I'd like to do. Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Collins, Kevin Sent: Thursday, July 17, 2003 2:28 PM To: 'Karl Banasky'; '[EMAIL PROTECTED]' Subject: RE: [Samba] Minor problem with CUPS printing. Try printcap name = lpstat in the Global settings. Karl- Karl: Tried that - no dice. Anything else to try? Kevin I've got a Red hat 8.0 machine running the latest up2date version of Samba (2.2.7 with Red Hat's patches) acting as a print server using CUPS. The printing of documents is fine for the most part. But I have noticed one thing that is really nothing more than an annoyance and was wondering if anyone else has seen the problem and possibly a cure. I have all Windows 2000 Pro clients, most of them have all 5 printers that this server controls installed. (The drivers are locally installed and not downloaded from the server - I'm still working on that.) All of the printers installed show up as they should and all of the driver options are available. But the Printers control panel applet keep reporting these printers as Access is denied, unable to connect when you select one of the printers. In addition when you double-click on the one of the printers to see the queue, nothing ever shows up and the same Access is denied, unable to connect is displayed in the title bar of the dialogue box. Since the print jobs are flowing, I'm not *too* concerned about them, but I would like to remove this message and be able to the print queues if that is possible. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Minor problem with CUPS printing. SOLVED
I've gotta send a thinks out to Bob Crandell for this. For while he doesn't know it, his smb.conf helped me fix my problem. His conf file had one extra line in the [global] section concerning printers that mine did not. I added disable spoolss = yes to my conf file and all is well - or at least I get a Ready indication when looking at my printers now. Thanks again to all who responded. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Minor problem with CUPS printing.
Try printcap name = lpstat in the Global settings. Karl- Karl: Tried that - no dice. Anything else to try? Kevin I've got a Red hat 8.0 machine running the latest up2date version of Samba (2.2.7 with Red Hat's patches) acting as a print server using CUPS. The printing of documents is fine for the most part. But I have noticed one thing that is really nothing more than an annoyance and was wondering if anyone else has seen the problem and possibly a cure. I have all Windows 2000 Pro clients, most of them have all 5 printers that this server controls installed. (The drivers are locally installed and not downloaded from the server - I'm still working on that.) All of the printers installed show up as they should and all of the driver options are available. But the Printers control panel applet keep reporting these printers as Access is denied, unable to connect when you select one of the printers. In addition when you double-click on the one of the printers to see the queue, nothing ever shows up and the same Access is denied, unable to connect is displayed in the title bar of the dialogue box. Since the print jobs are flowing, I'm not *too* concerned about them, but I would like to remove this message and be able to the print queues if that is possible. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Replace NT4 PDC
I have an NT4 PDC that I would like to replace with a Samba server. My network also has a box running MS Exchange and Backoffice (not the same box as the PDC). What's the general roadmap for doing this? Phil: Funny you should ask :-) I'm two-thirds of the way down this path as I write this. What I did was create a new domain and do a cut-over. I've a get a semi-complete blog of the server build-up process here: http://web.qx.net/kcollins I will be adding *much* more information to the site over the next month as I complete the cut-over and roll out. I may even try to put a HOWTO on there showing everything I did - step by step. I can tell you what I did and if needed, we can talk details later on... My NT Setup was: I had three offices each with their own NT4 PDC. My main office had a PDC, an Exchange 5.5 box and a print server/BDC. Each of my remote offices had a PDC serving their little part of the world. I had 2 one-way trusts enabled between each of the offices so everyone could *see* everyone else. The first thing I did was to build a lab of 4 or 5 machines, played around with some things and finally settled on building an LDAP enabled PDC here and placing a BDC in each remote office that would be LDAP replicas. This is because Samba 2.2.x doesn't support traditional BDCs nor Domain Trusts. This forced me to re-think and re-design my Domain layout. All of this became obvious in the lab, as did most of the roll-out/cut-over procedures. Because there was so much at stake and I couldn't have the working domain down, I did a side-by-side buildup of the new PDC on new hardware and did a cutover of the main office over the 4th of July weekend. This severed the trusts and pretty much isolated each of my remote offices. This past weekend I rolled out one of the new BDCs in a remote office and brought them back online. I'm planning on pulling the last office in this coming weekend. The tricky-est thing I had to do was transplant Exchange. I did it in a non-typical way that worked, but it's not for the weak-hearted. If you want to know, I'll tell you... If you are fortunate enough to have a spare Exchange box, the process is would be a little more forgiving. Samba 3.x is supposed to be a must more complete replacement for NT4. This would include TRUSTS and PDC/BDCs as well. If you have the time, I would probably wait for 3.x to come out. Circumstances in my situation wouldn't allow it. Give yourself plenty of time - this isn't something you cobble together in a weekend. I did it (planning/lab/roll-out) in about 2-and-a-half months and I feel I rushed it. Make sure your PDC/BDC has plenty of RAM. I've got no less than 768M in my machines and I feel pretty comfortable with that. I've not had to hit the swap once - yet! Good luck and yell if you need anything. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Minor problem with CUPS printing.
I've got a Red hat 8.0 machine running the latest up2date version of Samba (2.2.7 with Red Hat's patches) acting as a print server using CUPS. The printing of documents is fine for the most part. But I have noticed one thing that is really nothing more than an annoyance and was wondering if anyone else has seen the problem and possibly a cure. I have all Windows 2000 Pro clients, most of them have all 5 printers that this server controls installed. (The drivers are locally installed and not downloaded from the server - I'm still working on that.) All of the printers installed show up as they should and all of the driver options are available. But the Printers control panel applet keep reporting these printers as Access is denied, unable to connect when you select one of the printers. In addition when you double-click on the one of the printers to see the queue, nothing ever shows up and the same Access is denied, unable to connect is displayed in the title bar of the dialogue box. Since the print jobs are flowing, I'm not *too* concerned about them, but I would like to remove this message and be able to the print queues if that is possible. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba/CUPS Printing from Windows
I've got a Samba server that is acting as a member server in a Windows NT Domain. I enabled CUPS printing yesterday and have shared the 4 printers to the domain. I then added the printers onto a Windows 2000 client, and can print just fine to any of them. But I have two problems (read annoyances): 1). When I look at any of the printers from Windows (i.e. Control Panel/Printers) I can see the Samba supplied network printers, but when I click on any of them I see a Status of Access denied, unable to connect. on the left hand side of the printers window. 2). Because of No. 1 (I think) when I double-click on a network printer, I can't see any of the jobs in the queue for that printer as I should. Anyone ran into these issues before? I have included the smb.conf below for inspection. I'm running Red Hat 8.0, Samba 2.2.7, CUPS 1.1.17. [global] workgroup = NESBITT_LEX netbios name = valykyrie server string = Linux Backup/Print Server log file = /var/log/samba/%m.log max log size = 50 security = domain password server = file-server1 print-server encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n \ *passwd:*all*authentication*tokens*updated*successfully* pam password change = yes obey pam restrictions = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no os level = 0 domain master = no preferred master = no domain logons = no wins server = 10.200.8.3 dns proxy = no winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind cache time = 10 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes template shell = /bin/bash template homedir = /home/%U printing = cups printcap name = cups load printers = yes #=== Share Definitions = [printers] comment = All Printers path = /var/spool/samba public = yes guest ok = yes writeable = no printable = yes [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 [backup] comment = Backup Files from Last Night path = /backup browsable = yes writeable = yes valid users = names deleted for security reasons create mode = 0777 directory mode = 0777 [cdburn] comment = Files to be written to CD path = /cdburn browsable = yes writeable = yes -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] New Samba Server
On Wednesday, June 18, Seth Hollen wrote: 3ware makes great controllers, but you will be limited to the pci bus bandwidth for the raid arrays. instead of 8x40 I would look for the best cost/size ratio. I think 120GB hard drives can be found for around $100.00 (us) I'd put 3 in a raid5 array for performance. Hi Seth and Tim: One other comment - the Escalade 7500 series cards are PCI-X cards (64-bit) if you can afford the motherboard that has these slots, having that extra bandwidth will be a big performance boost. I'm using the 7500-4LP and 4x120GB Western Digital drives in my backup server right now - it's a sweet setup! :-) Later, -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] More Domain Groups
Hi All: Stuff I'm using: Red Hat Enterprise Linux ES 2.1 Samba 2.2.7 OpenLDAP 2.0.25 I followed the Idealx.org howto to build Samba+LDAP. I have a functioning, replicating domain on my lab workbench right now. Then I began to explore permissions on local shares, etc. when I discovered that to a Windows client, the only domain groups that are available from a Samba PDC are Domain Users and Domain Admins. Upon further reading in the Idealx Howto, I see this comment: In Samba 2.2, only 2 groups are dealed for Microsoft Windows workstations: Domain Admins and Domain Users. All other groups are considered Local Unix Groups. That means that a Samba user will only be a Domain User or Domain Admin. If you only use Samba servers, there is no problem, but if you plan to use Microsoft Windows NT member servers using groups, just forget about it... What this doesn't say is that the local Windows workstations will not be able to see anything but users those two groups. I have several machines sharing data and printers from the local machine. This simply isn't enough groups for me to apply my scheme of local rights. Well, more correctly, this causes me a great deal of administrative overhead maintaining local group definitions as things change. I've googled, read more howtos than I care to mention and have basically fried my brain looking for viable options to solve this problem. So I'm posing the question to the group: Is there anyway I can get additional groups (which are available to Samba) through to the local Windows workstations? -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + LDAP problem...
Ok, after three more days of pulling my hair out, I'm still stuck. I've got what I think is the problem, but I'm sure how to fix it. I'm building a Samba PDC using the IDEALX.org HOWTO. I'm using samba 2.2.7 and openldap 2.0.27 that I compiled from the Red Hat Network. This is being built on Red Hat Enterprise Linux ES 2.1. Ok, So I get to the part of the HOWTO that instructs me to add the administrator account. So I use 'smbldap-useradd.pl -a -m -g 200 administrator', but I get an error stating '/usr/local/sbin/smbldap-useradd.pl: unknown group 200'. This is odd because I can do a 'smbldap-groupshow.pl domain admins' and *see* the 'Domain Admins' group. And that group has a gidNumber of 200! How can I see the group, have it set with the proper information and yet get an error that says it's not there? Below are some files that I think are pertinent. The /etc/openldap/ldap.conf, /etc/openldap/slapd.conf /etc/samba/smb.conf, the base.ldif that is from the IDEALX.org HOWTO. I'm hoping that someone with much more experience than me will be able to help me. Thanks in advance ***begin ldap.conf # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 17:54:38 kurt Exp $ # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URIldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never HOST 127.0.0.1 BASE dc=nesbitt,dc=local ***end ldap.conf ***begin sldap.conf* # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/redhat/rfc822-MailMember.schema include /etc/openldap/schema/redhat/autofs.schema include /etc/openldap/schema/redhat/kerberosobject.schema include /etc/openldap/schema/samba.schema ### # ldbm database definitions ### databaseldbm suffix dc=nesbitt,dc=local rootdn cn=manager,dc=nesbitt,dc=local rootpw a secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd/tools. Mode 700 recommended. directory /var/lib/ldap # Indices to maintain index objectClass,rid,uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial ***end sldap.conf*** ***begin smb.conf*** # * # -- Nesbitt Engineering, Inc. Stargazer Samba Configuration -- # * # This is the main Samba configuration file for Stargazer - NEI's Promary # Domain Controller and Lexington office File Server. # # This configuration file is only to be used for an LDAP enabled server that # will be acting as a PDC. Modifications will be required for member servers # and machine that will act as BDCs. # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this file we have used a # # for commentry and a ; for parts of the config file that are # either not enabled yet, or temporarly disabled # # NOTE: Whenever you modify this file you should run the command testparm # to check that you have not made any basic syntactic errors. # - # Fear the Penguin! # -- Kevin L. Collins # Systems Manager # Nesbitt Engineering, Inc. # * # Changelog: # Date - Version - Change #* Info about change # - # 06/04/03 - 1.0 - Original Creation # * #= Global Settings [global] # Server Name and description workgroup = nesbitt.local netbios name = stargazer server string = Stargazer - Lexington File Server # Samba log information log file = /var/log/samba/%m.log max log size = 0 # Security information security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program =
RE: [Samba] Samba + LDAP problem...
On Friday, June 13, 2003 1:44 PM, Bruno Gimenes Pereti wrote: Hi Kevin, Hi Bruno, and thanks for responding... Below are some files that I think are pertinent. The /etc/openldap/ldap.conf, /etc/openldap/slapd.conf /etc/samba/smb.conf, the base.ldif that is from the IDEALX.org HOWTO. I'm hoping that someone with much more experience than me will be able to help me. I´m not so experience but I think you forgot one thing. Do you have this: passwd: files ldap shadow: files ldap group: files ldap in your /etc/nsswitch.conf and this: authrequired /lib/security/pam_env.so authsufficient/lib/security/pam_unix.so likeauth nullok authsufficient use_first_pass authrequired /lib/security/pam_deny.so account sufficient /lib/security/pam_ldap.so account required /lib/security/pam_unix.so passwordrequired /lib/security/pam_cracklib.so retry=3 passwordsufficient/lib/security/pam_unix.so nullok use_authtok md5 shadow passwordsufficient /lib/security/pam_ldap.so passwordrequired /lib/security/pam_deny.so session required /lib/security/pam_limits.so session sufficient /lib/security/pam_ldap.so session required /lib/security/pam_unix.so in /etc/pam.d/system-auth? In redhat you can do this with authconfig. I did have these set, as I used 'authconfig' to generate the PAM/LDAP integration. What I didn't have (but do now) is some settings in /etc/ldap.conf. Those that look like nns_base_passwd, nss_base_shadow, and nss_base_group or very similar. I have those set now, and the error message that I'm getting is different. On the Windows 2000 machine when I join the domain, I get: The account used is a computer account. Use your global user account, or local user account to access this server. It almost sounds like the administrator account is misconfigured and is appearing to Windows as a computer account instead of a user account. Have you heard of this happening before? I used 'smbldap-useradd.pl -a -m -g 200 administrator' to add the administrator account after I had LDAP up and running. Thanks again for your input. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba + LDAP problem...SOLVED
Bruno, As it turns out, all I had to do was enter this as my username when asked for it during the join-domain process: nesbitt.local\administrator Up until now, I had just been using administrator. GEEESH, How simplistic can it be? Something that small caused me days, no a WEEK of grief! Thanks again for your help. Everything you offered was great advice, and it helped me make certain I had things right. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem joining Samba Domain
I have a small test environment setup with the following: Server Red Hat Enterprise Linux ES 2.1 Samba 2.2.7 - built from source OpenLDAP 2.0.27 - built from source OpenSSL 0.96b - built from source Note: All packages were downloaded from the Red Hat Network as Source RPMs - as far as I know, these are the latest red Hat approved versions. I made the proper changes to the .spec file and recompiled each of them with rpmbuild. Workstation Windows 2000 Server with no service packs I have the Samba machine setup to use LDAP as it's user/group/workstation/password backend following the IDEALX.org HOWTO. This seems to be working as I can access any share on the Samba machine using accounts from the LDAP database. I'm using SSL/TSL to control LDAP transfer traffic as I plan on having three LDAP/Samba Servers in the end. I'm also using a MD5 hashed rootDN password as well - just for a more secure environment. My intention is to load the Windows 2000 machine up as an Exchange 5.5 Server and use the Samba/LDAP users/groups for authentication in this test. This is the last big hurdle I have before going to an nearly pure Samba ran backoffice! (Now if only there was a Linux Exchange clone :-P ) But when I go to have the Windows 2000 machine join the domain, I get this in the machine-name.log: passdb/pdb_ldap.c: ldap_open_connection(200) LDAPS Option Set...! passdb/pdb_ldap.c: ldap_connect_system(246) BIND FAILED: Can't contact LDAP Server. Does anyone have a clue about this? That last part is the most puzzling - the LDAP server is the SAME machine as the Samba Server. I'm thinking it has something to do with authentication, but I can't seem to find anything out-o-whack. I didn't post any .conf files as I did't know the proper way to send those - as attachments or as inline text. If they will help anyone, I can post those at a later time. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba+LDAP PDC - A few questions.
Ok, I've got a Samba/LDAP PDC built. I've got my groups added and even have users in those groups. But now I have a few administrative questions. If these questions have be simple answers, be gentle - I'm a newbie. 1). How do I/Can I script the installation of a generic password into these accounts? I'm looking to put some common password in for all users and then allow the users to change it once they log into the new server/domain. I don't see a method of doing so with 'smbldap-passwd.pl'. 2). I used the following command to add all of my users to the LDAP Directory: 'smbldap-useradd.pl -a -m -A 1 -G group1,group2 username' This successfully created the users, their home folders and placed them in their groups, but it did not change the value for pwdCanChange in the LDAP directory, as shown by 'smbldap-usershow.pl'. I want the users to be able to change their own passwords - at any time - is there something I did wrong when creating the user account? 3). I want every user's password to expire on a 90-cycle. I think I see a slot in the LDAP directory for such an option - pwdMustChange, but by default is set to a huge number - 2147483647. First, what number does that represent? Seconds? Minutes? Days? Months? I've watched it for the past week and it hasn't changed. Which leads me to my next question, will changing this number to O actually cause the respective password to expire? Will setting this number to 90 (or what ever representation needed) allow a 90 day cycle? If not, what must I do to have this 90 day cycle? 4). By default, there are fields in the directory for displayName and description that are both set to System User. Can I change either/both (at least description) to what ever I want while creating the user account? I couldn't find a switch in 'smbldap-useradd.pl' to allow that. I guess I could script it using 'smbldap-usermod.pl', but would prefer it to be done as one step. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How to smbmount a share on a domain
Jim, Try this combination: mount -t smbfs //server/share /mount/point -o username=domain\user,password=password This works for me. Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. (859) 233-3111 x24 I'm running samba 2.2.5 on a RedHat 8 box. I need to mount a share from a PC that is on a domain that the linux box is not a part of. Normally with another PC you would specify your username as DOMAIN\user, how do I do this with smbmount? I've looked at the documentation, google, etc. I can't find anything. Is this even possible? Here's what I've tried: smbmount //dd192/PM /h46/mvpen/jlm17/tmp username=jlm17/ATRIA smbmount //dd192/PM /h46/mvpen/jlm17/tmp username=jlm17/ATRIA smbmount //dd192/PM /h46/mvpen/jlm17/tmp username=jlm17 netbiosname=ATRIA smbmount //dd192/PM /h46/mvpen/jlm17/tmp username=jlm17 netbiosname=ATRIA smbmount //dd192/PM /h46/mvpen/jlm17/tmp username=ATRIA\jlm17 smbmount //dd192/PM /h46/mvpen/jlm17/tmp username=ATRIA\\jlm17 smbmount //dd192/PM /h46/mvpen/jlm17/tmp username=ATRIA/jlm17 smbmount //dd192/PM /h46/mvpen/jlm17/tmp -U ATRIA/jlm17 smbmount //dd192/PM /h46/mvpen/jlm17/tmp -U jlm17 smbmount //dd192/PM /h46/mvpen/jlm17/tmp username=jlm17/ATRIA workgroup=domain smbmount //dd192/PM /h46/mvpen/jlm17/tmp username=jlm17%ATRIA workgroup=domain smbmount //dd192/PM /h46/mvpen/jlm17/tmp username=jlm17%ATRIA smbmount //dd192/PM /h46/mvpen/jlm17/tmp username=ATRIA%jlm17 smbmount //dd192/PM /h46/mvpen/jlm17/tmp -U ATRIA%jlm17 All tries come back with the same error: 8351: session setup failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed Those tries where I've used the -U also say: /h46/mvpen/jlm17/tmp: invalid option -- U This works trivially when logged into a PC locally just by supplying my username as ATRIA\jlm17. Any help would be appreciated. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind usernames without DOMAIN prefix
Matt Kunze wrote: Herb Lewis wrote: winbind use default domain = yes This is for 3.0 samba and may partially work in 2.2.x Thanks, this works perfectly. Now I'm wondering if it is possible to not Do you mind me asking what version of Samba you're using? I would like to add this feature too, but I'm using 2.2.7 and I can't test it readily. Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Throughput Reported by smbclient
Is the throughput reported by smbclient represented in kilobits per second or kilobytes per second? I think this figure is represented as kilobits because of the format of the string. (i.e. 4269.23 kb/s) Because the letters are lowercase (kb) instead of capitals (KB). Is this correct? Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SMBMOUNT Performance between RedHat and SuSE
Hi All, I've got a machine that is acting as my backup server which I call Valykyrie. Up until this weekend, this machine was running RedHat 7.3 and Samba 2.2.5. Because of some political issues, I was forced to rebuild the machine with SuSE 8.1 Professional and Samba 2.2.5. Since the time of the machine coming online with SuSE on Sunday afternoon, my backup process has been running about 4 hours longer than normal. What I have happening is, through a script, Valykyrie mounts the administrative shares of a server's hard drive, copies the data local, compares the data and then moves on to the next drive or the next server and starts over - as shown here: mount -t smbfs -o username=domain_name\admin_username,password=proper-password \ //machine-name/sharename$ /mnt/mount-point cp -a /mnt/mount-point/ /backup diff -r brief /backup/mount-point /mnt/mount-point unmount /mnt/mount-point This cycle repeats for each required share on each server. No gripes about rsync, partial backups, etc. please. This is the way I want it to work. This amounts to about 45GB of data a night. This used to take 8 hours total, now it's taking nearly 12. Nothing changed hardware-wise or in my script, only the distro. Could just the change to SuSE cause this much of a performance loss? Is there anything I can do to increase the performance? I'm not looking for huge improvements, but I need these additional 4 hours back so that my users aren't working on data while the backup is taking place. Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. (859) 233-3111 x24 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] What project should I use ?
Seth: HP sold openmail to Samsung. It's called Samsung Contact now. Here's a link: http://www.samsungcontact.com/en/ Been looking at it for a couple of months now - I'm contemplating an Exchange replacement and this might the one. Intrepid: My $0.02 worth on the SAMBA issue, I'd look to OpenLDAP and SAMBA as being the central authentication process. Never actually done it, but I've been pondering it as well. There's a good article in this month's Linux Journal about OpenLDAP. You might want to pick up a copy of it. (I tried finding it online, but they didn't post it.) Hope this helps. Kevin -Original Message- From: Seth Hollen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 5:14 PM To: 'Intrepid One'; [EMAIL PROTECTED] Subject: RE: [Samba] What project should I use ? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Only commenting on the exchange server replacement. I heard bynari is in financial trounble. Someone recently reccomended HP openmail, actually HP sold it to someone a few years ago. I think samsung? I may be wrong. Seth - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Intrepid One Sent: Wednesday, December 11, 2002 3:45 PM To: [EMAIL PROTECTED] Subject: [Samba] What project should I use ? I am going to list my current plans for rebuilding a Law Firm's network. I hope that someone will be able to tell me which project (samba or samba-tng) would be a better choice, or if staying with MS is the only choice. If my plan could be changed for the better, input would be greatly appreciated: A lot of this information is useless for my questions, but I am throwing it in anyway. - CURRENT SETUP (to be replaced/updated) 1 Server (Proliant 1600: P2-450 (single), RAID5 SCSI storage) *MS Win2000 Server *File and Print Services (file size ranges from 1kb to several 100mb). Currently around 10gb in shared files. *MS Exchange 5.5 Server (Public Store 2.5GB; Private Store 3.0GB). 50 Desktop Users (Compaq Deskpro's w/ P2-300 up to Compaq Evo P4's. DeskPro P2-450 is the most common) *MS Win98-WinXP *WordPerfect 8 *MS Office 97-2000 *MS Outlook (running with Exchange in Corporate Mode) *Several Database Applications 10 Laptop Users *WinME-XP *WordPerfect 8 *MS Office97-2000 *MS Outlook (running with Exchange in Corporate Mode Offline Folders) *Offline Files or Briefcase to keep files on laptop and backed up on server *Several Database Applications Network Hardware: *HUBS (evil slow junky hubs, to be replaced of course). *ISDN (I know... what the heck were they thinking? ISDN? 60 users and an overloaded Exchange Server). (Also soon to be replaced with sDSL or T1). - PLANNED REPLACEMENT (I will focus more on things relating to SAMBA, and some holes will be left as I don't know exactly how to do some things with SAMBA yet, or at least I don't know the best route.) *ALL Clients will be moved to MS Win2000 (wanted to go with OpenSource Software all around but that is not a viable solution for a law office at this time) Main File/Authentication Server (Microsoft would call it a PDC) *Linux or *BSD for OS (probably RedHat Linux as they offer the most corporate support). *Nice powerful system with RAID5 storage, redundant parts, blah blah. Still won't need to be as expensive as a new Win2000 Server. *Will handle authentication either through UN*X password system w/ SAMBA duplicating that(passwords could be pushed to the other servers) or thru' a pam or ldap design. Backup File/Authentication Server *Automated (through scripting) backup of main file server. *Backup Tape System (probably an Ultrium drive). *Backup as many services as possible for Main Server. Test Server *Name says it all. Used to test experimental projects/code. Mail Server *Here is where things get more complicated. I am not asking the SAMBA team for total help here as mail services are not in SAMBA's view. I will be keeping the Exchange 5.5 Server or replacing it with Bynari InsightServer (unless someone knows a better product). I MUST have a single login. *After connecting to the Main Server they should not have to put in another password (for email or backup files). *Exchange uses a directory system (not very compliant but it exist) and most alternatives use LDAP. Therefore I will have to use OpenLDAP at some point in the authentication scheme. That long (hope I don't get made into a troll) email leads up to a few questions. Samba or Samba-TNG or stay with Micro*leech*soft? What is the best route for a single authentication across multiple UN*X servers? Any other experiences with moving an office with my structure to all OSS (Open-Source Software) in the server room. Major Concerns: Single Authentication Seamless Change from users
RE: [Samba] wbinfo -A trouble
Hi Benjamin: 5) Before starting smbd, nmbd winbindd I run 'wbinfo -A admin%password -here is the error I get: I think this is your problem: I believe smbd, nmbd and winbindd all need to be running for this work. Someone correct me if I'm wrong. I hope that helps Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. smime.p7s Description: application/pkcs7-signature
RE: [Samba] Problems authentication with NT PDCs in security = server (was sercurity = user)
James and others: I have attached my HOWTO (in plaintext) to this e-mail. I have also included my smb.conf file. Keep in mind that this all refers to *my* network, so you'll need to substitute things for your setup. One other thing that should be mentioned - this smb.conf file is from my test machine that is going in as a router. This means it has two NICs in it. I have bound Samba to the internal interface and Loopback interface to make it work. General if it breaks, it ain't my fault rules apply :-) I truly hope this helps someone. Kevin -Original Message- From: James Lamanna [mailto:jamesl;appliedminds.net] Sent: Thursday, November 07, 2002 2:31 PM To: 'Collins, Kevin' Subject: RE: [Samba] Problems authentication with NT PDCs in security = server (was sercurity = user) Sure, that would be great. Thanks a lot. --James -Original Message- From: Collins, Kevin [mailto:KCollins;nesbittengineering.com] Sent: Thursday, November 07, 2002 11:25 AM To: 'James Lamanna'; [EMAIL PROTECTED] Subject: RE: [Samba] Problems authentication with NT PDCs in security = server (was sercurity = user) James: I use Winnind to authenticate users from the Windows PDC - I have no UNIX users. Have you looked at this? I've got an informal HOWTO if you'd like it. Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -Original Message- From: James Lamanna [mailto:jamesl;appliedminds.net] Sent: Thursday, November 07, 2002 2:16 PM To: [EMAIL PROTECTED] Subject: [Samba] Problems authentication with NT PDCs in security = server (was sercurity = user) I wanted to avoid having to create a machine account on the PDC and having UNIX accounts for everyone. Try: security = domain password server = network name of dc encrypt passwords = yes workgroup = domainname -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba smb.conf Description: Binary data Samba Server HOWTO Samba and Winbind Install Red Hat Linux 7.3 Vanilla Server with Windows Server packages. This installs Samba 2.2.5a. Download Samba 2.2.6 latest version at this time. I got both the Red Hat RPM and the Source as well. 1). Compile the Source code for Samba 2.2.6 Untar and un-gzip the source file into the /usr/src/samba 2.2.6 directory. #cd /usr/src #tar zxvf path to/samba *.gz filename #cd /usr/src/samba 2.2.6/source directory #make clean fails because Sambas never been compiled before. #rm config.cache fails because Sambas never been compiled before. #./configure --with-winbind This is the difference between the standard Red Hat RPM and the way things need to be. This creates the WINBIND libraries used below. #make compiles the code. 2). At this point I removed the existing Samba 2.2.5a setup and installed the new Samba 2.2.6 with the commands: # rpm -e samba # rpm -e samba-client # rpm -e samba-swat -- This didnt exist by default. # rpm -e samba-common # cd /to where the binary RPM is stored # rpm -ivh samba RPM filename 3). Copy the WINBIND libraries to the proper place so the WINDBINDD daemon can access them when needed. # cd /usr/src/samba 2.2.6/source/nsswitch # cp libnss_winbind.so /lib # ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 4). Edit the /etc/nsswitch.conf file to utilize WINBIND # cd /etc # pico nsswitch.conf Look for a lines reading passwd and group and include winbind in the list of authenticators. ** Reboot the machine for these changes to take effect. ** 5). Configure the smb.conf file in the /etc/samba folder. Be sure to have these lines: winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind cache time = 10 template shell = /bin/bash template homedir = /home/%D/%U These settings allow WINBIND to function properly. Be sure to run testparm after the changes are made. 6). Join the Samba server to the domain with the following command # smbpasswd -j DOMAINNAME -r PDCNAME -U ADMINUSERNAME If this is successful it will return Joined domain: DOMAINNAME 7). Modify the smb startup file # cd /etc/init.d # pico smb -- This starts a console based test editor Make the following changes Add daemon /usr/sbin/winbindd s /etc/samba/smb.conf under the line that reads daemon nmbd D in the start section. Add killproc winbindd after the line killproc nmbd in the stop section. These changes allow the WINBIND daemon to start and stop when the Samba service does. 8). Start Samba # service smb start If things went well, you should see and [ OK ] proclaiming the services started. To test this you can run these commands: # ps -ax | grep mbd -- should return both smbd and nmbd as running # ps -ax | grep winbindd -- should return both winbindd as running At this point the server should be running. A couple of final tests
RE: [Samba] SLOW connections
Fred: I don't know if this is it, but do you have a DNS server or a HOSTS file on the Windows machine(s) pointing to the IP of the Linux box? If not, here is what (I think) is happening: Windows 98 will try to contact a DNS server to locate the network machine and fail with a time out (which takes several seconds). Then it will revert to the WINS service and find the Linux box. Windows cache's WINS resolutions and that's why subsequent connections are peppy. My forward look-up zone was fubared on my DNS server here at work and my Windows machines exhibited the exact same symptoms as you describe. I fixed the zone file and everything began to operate properly. If this isn't it, I'm sorry for feeding you bad information. :-) Kevin L. Collins -Original Message- From: Fred Kuipers [mailto:fred;kuipers.dhs.org] Sent: Friday, November 01, 2002 3:12 PM To: [EMAIL PROTECTED] Subject: [Samba] SLOW connections Hi everyone, I have a small home network with a Samba 2.2.3 server on Linux serving up my files and printers. However, from windows machines (win 98) connecting to a share takes an annoyingly long time (in the order of 10s of seconds) Connecting from a linux box is very quick. I have configured Windows 98 to fully reconnect the share on logon. If I don't, Windows Explorer hangs all over the place (even when simply loading it and it hits the network). After the initial connection, everything is pretty quick. I have run through all the diagnostics and I have no clue why Windows could be so slow connecting. Note on hardware: 10 Mbit network, 1.2 GHz and 350 Mhz windows machines connecting to a 500 mhz linux machine (with 2 eth interfaces)... No CPU usage issues on linux server and full network availability during connections. I have no connectivity troubles with the network. Any thots?? Is this a silly little configuration problem? Thanks in advance. FjK Please Reply All - I'm not on the list. grep -v ^[;#] /etc/samba/smb.conf | grep -v ^$ [global] workgroup = KUIPERS_HOME server string = Samba Server %v printcap name = lpstat load printers = yes printing = cups log file = /var/log/samba/log.%m max log size = 50 security = share encrypt passwords = no smb passwd file = /etc/samba/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no unix password sync = no map to guest = never password level = 0 null passwords = no allow hosts = 192.168.0. os level = 33 preferred master = yes wins support = yes interfaces = eth1 lo dead time = 0 debug level = 0 status = yes [homes] comment = Home Directories browseable = no writable = yes available = yes public = no user = fred val only user = no preexec close = no root preexec close = no [printers] comment = All Printers path = /var/spool/samba browseable = yes public = yes writable = no printable = yes create mode = 0700 print command = lpr-cups -P %p -o raw %s -r # using client side printer dr ivers. available = yes [print$] path = /var/lib/samba/printers browseable = yes read only = yes write list = @adm root [archive] available = yes browseable = yes path = /home/archive public = no guest only = no writable = yes user = fred val only user = no preexec close = no root preexec close = no valid users = fred val force group = users create mask = 775 [MyDocuments] available = yes browseable = yes path = /home/MyDocuments public = no guest only = no writable = yes user = fred val only user = no preexec close = no root preexec close = no valid users = fred val force group = users create mask = 775 [web] available = yes browseable = yes path = /home/httpd public = no guest only = no writable = no allow hosts = 192.168.0. user = fred val only user = no preexec close = no root preexec close = no force group = users -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba smime.p7s Description: application/pkcs7-signature
[Samba] RE: Samba PDCs/BDCs and Trusts WAS: auth to two diff PDCs? (success, sort of)
Andrew Barlett wrote: Domain trusts (in terms of us being a PDC trusting other DCs) are currenetly a work in progress. We hope to have it finished for Samba 3.0. However, why do you need domain trusts? (There are lots of good answers to this question, but make sure you do have one of the answers). Samba 2.2 has always supported being a member server in a domain with domain trusts, for the record. Andrew: Interesting you should ask about the *need* for my three domains and their trusts. Myself and a junior-admin had this same discussion the day I wrote the post. Looking back, it just seemed the logical thing to do. You see, in the beginning the three domains weren't connected - definite need then. When we put the WAN in place we didn't want to rip-out anything, so we used the trusts to bind the domains together - *need* defined as we needed it working ASAP. Personally, I would prefer to keep them separate just for greater user/group control. But, I can also see that I may not *need* the independent PDCs that trust each other, but maybe a PDC and 2 BDCs. I'm looking hard at the latter just so I do not hit any major hurdles when moving to SAMBA. Thinking along those lines I must pose the question: Will a SAMBA BDC function as an NT BDC in that an NT BDC will cache (i.e. store locally) user/group/SID information and only update/sync with the PDC at a specified intervals? If we go with the one domain concept here, I'm going to need the BDCs in each office to basically run the show for that office when it comes to authentication. I do not want logons, etc. being passed to the PDC across a 128K frame line half-way across the state - except in an emergency like the BDC being offline. The reason I ask is that I've not tried to simulate this yet and it really is the only sticking point in the single domain plan (that I can see now). Thanks for your response and I hope that I have not broad-sided you with my theorizing and planning. Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. smime.p7s Description: application/pkcs7-signature
[Samba] RE: Samba PDCs/BDCs and Trusts WAS: auth to two diff PDCs? (success, sort of)
Steven Langasek wrote: Having one PDC and two BDCs also gives you greater fault-tolerance than having three domains with a single PDC each. Samba+LDAP can give you this fault tolerance; it can't give you trust relationships today, without a lot of finagling. Steve Langasek postmodern programmer Steve: I understand the role of/need for the BDC, I'm just concerned about flooding the WAN connections with replication traffic and not being able to send things like e-mail or project files. I can control the replication in NT, but I need to know if I can do the same in SAMBA. With all the tweaks god knows there should be. :-) I've thought about the LDAP course too but haven't given it enough serious thought yet. You know of a good HOWTO? Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. (859) 233-3111 x24 smime.p7s Description: application/pkcs7-signature
RE: Samba PDCs/BDCs and Trusts WAS: auth to two diff PDCs? (success, sort of)
Andrew Barlett wrote: Domain trusts (in terms of us being a PDC trusting other DCs) are currenetly a work in progress. We hope to have it finished for Samba 3.0. However, why do you need domain trusts? (There are lots of good answers to this question, but make sure you do have one of the answers). Samba 2.2 has always supported being a member server in a domain with domain trusts, for the record. Andrew: Interesting you should ask about the *need* for my three domains and their trusts. Myself and a junior-admin had this same discussion the day I wrote the post. Looking back, it just seemed the logical thing to do. You see, in the beginning the three domains weren't connected - definite need then. When we put the WAN in place we didn't want to rip-out anything, so we used the trusts to bind the domains together - *need* defined as we needed it working ASAP. Personally, I would prefer to keep them separate just for greater user/group control. But, I can also see that I may not *need* the independent PDCs that trust each other, but maybe a PDC and 2 BDCs. I'm looking hard at the latter just so I do not hit any major hurdles when moving to SAMBA. Thinking along those lines I must pose the question: Will a SAMBA BDC function as an NT BDC in that an NT BDC will cache (i.e. store locally) user/group/SID information and only update/sync with the PDC at a specified intervals? If we go with the one domain concept here, I'm going to need the BDCs in each office to basically run the show for that office when it comes to authentication. I do not want logons, etc. being passed to the PDC across a 128K frame line half-way across the state - except in an emergency like the BDC being offline. The reason I ask is that I've not tried to simulate this yet and it really is the only sticking point in the single domain plan (that I can see now). Thanks for your response and I hope that I have not broad-sided you with my theorizing and planning. Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. smime.p7s Description: application/pkcs7-signature
RE: Samba PDCs/BDCs and Trusts WAS: auth to two diff PDCs? (succe ss, sort of)
Steven Langasek wrote: Having one PDC and two BDCs also gives you greater fault-tolerance than having three domains with a single PDC each. Samba+LDAP can give you this fault tolerance; it can't give you trust relationships today, without a lot of finagling. Steve Langasek postmodern programmer Steve: I understand the role of/need for the BDC, I'm just concerned about flooding the WAN connections with replication traffic and not being able to send things like e-mail or project files. I can control the replication in NT, but I need to know if I can do the same in SAMBA. With all the tweaks god knows there should be. :-) I've thought about the LDAP course too but haven't given it enough serious thought yet. You know of a good HOWTO? Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. (859) 233-3111 x24 smime.p7s Description: application/pkcs7-signature
RE: [Samba] auth to two diff PDCs? (success, sort of)
Hi All: Excuse me for butting in here, but I'm planning a migration from WinNT 4 to Samba in the near future and this thread has caused me to worry a little. Take the case that I'm planning: 3 Domains each to its own LAN (connected via 128k Frame Relay lines to form a WAN) Each domain currently has a NT 4 PDC and each domain trusts each other. How do I accomplish these trusts only using Samba PDCs? Meaning: If I rip out the NT Domains, replace the PDCs with Samba PDCs and rebuild new domains (new Domain Names, new NetBIOS names for the PDCs, etc.) How do I get the three domains to once again trust each other? Is there a Samba command to do this? Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -Original Message- From: Mathew McKernan [mailto:mathewmckernan;optushome.com.au] Sent: Monday, October 28, 2002 2:39 AM To: Matthew Hannigan; Andrew Bartlett Cc: Matthew Hannigan; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Samba] auth to two diff PDCs? (success, sort of) Hi Matthew, Andrew is talking about domain trusts here. When the client asks for a connection to a share or the samba server itself, the samba daemon will check if the user is valid to the PDC. Domain trusts enable 2 domains to know each others users. However in some cases this is dangerous, in my situation at work, we have 2 LANs (physically seperate) and have seperate NT Domains for that reason. However we wanted to allow staff to logon to either domain but have access to their home drive. To solve this we ran 2 copies of samba (installed to different locations) and each copy is a member of the domain they are to serve. Then using the interfaces config option in smb.conf we force each copy of samba to bind to the LAN it serves. In your case it sounds as if you are running one LAN but with 2 domains that don't trust each other. Either establish a trust between the two LANs, or use the method above. You will need to set the name differently for each copy of Samba, using netbios name in smb.conf, or you will get conflicts. Thanks Mathew - Original Message - From: Matthew Hannigan [EMAIL PROTECTED] To: Andrew Bartlett [EMAIL PROTECTED] Cc: Matthew Hannigan [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, October 28, 2002 5:25 PM Subject: Re: [Samba] auth to two diff PDCs? (success, sort of) On Mon, Oct 28, 2002 at 04:56:03PM +1100, Andrew Bartlett wrote: Andrew Bartlett wrote: Matthew Hannigan wrote: With a single server, settings security = server and password server = pdc1 pdc2', I can successfully authenticate against two entirely different PDCs depending on which order I put the two machines in the 'password server' list. Is there someway of forcing clients from either domain to authenticate against the 'right' pdc, regardless of the order in the 'password server' config? What is the algo for choosing auth server out of a list, anyway? If so it'd be a nice cheap way of getting what we would otherwise have to wait for trust relationship support for. The reason we don't support this already is that while the auth works, a *lot* of other things break. But if one PDC trusts the other, then secrutiy=domain will do this stuff Except that the users would have to be on the server, right? Since (according to the docs (smb.conf)) the network logon comes from the server, not the workstation. What precisely does 'on the server' mean anyway? In the smbpasswd file? We don't use that; we just have the unix user (/etc/passwd) Matt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba smime.p7s Description: application/pkcs7-signature
RE: [Samba] Samba Server in a WinNT 4 Domain - SOLVED, sort of...
Update on the problem all: Turns out a junior administrator had used the IP addy that I was using for my test machine for another machine and didn't tell me about it. Anyway - MAJOR problem averted, but I still have a minor annoyance. I described a very long pause when accessing the SAMBA machine from Windows before, well that is still with me. I finally get what I'm looking for, but it takes FOREVER (as compared to Windows) to get to the SAMBA machine. Now I realize that the test machine isn't server material and it never will be a production machine, but I've got Pentium 233 machines that respond quicker than this machine does. Ping times are fine, just the interaction of the Network Neighborhood. I'm almost convinced it's a slow machine thing or (most likely) the SAMBA machine is taking a very long time talking to the PDC/BDC on the network for user authentications. Anyone give me a pointer here? Thanks in advance, Kevin -Original Message- From: Collins, Kevin [mailto:KCollins;nesbittengineering.com] Sent: Friday, October 25, 2002 2:38 PM To: '[EMAIL PROTECTED]' Subject: [Samba] Samba Server in a WinNT 4 Domain Greetings all: I currently have three Windows NT 4 domains. I'm evaluating the switch to either (at least) a mix of RedHat Linux or a total switch to RedHat. For file serving processes, I'll utilize SAMBA. For my first test, I've been looking at/trying to duplicate and then replace the services of my least obtrusive server - our Proxy Server - with an older workstation for the Linux machine. One of the core functions of this server (outside of Internet Access) is handling our FTP site. Currently I have the folders (directories) that house our FTP site open to the Internal LAN so my users can deposit files on to them without asking (bugging ;-) ) me. So, of course I want to do this with Linux/Samba. I've got the machine running - using winbind to authenticate users at the domain controllers and not locally. But I'm having a sporadic problems with the Linux machine disappearing from network. Let me try to be more specific: Linux Machine info: Gateway 2000 GP6-350 (Pentium II 350) with 256MB of RAM 2 Network Cards - 3Com 905CTX (eth0 External), Netgear FA311 (eth1 Internal) RedHat Linux 7.3 (all latest patches from Red Hat Network yesterday) SAMBA 2.2.6 (from samba.org yesterday) Built SAMBA with the --with-winbind switch From Linux, I get proper info when I use wbinfo -u/-g, returning info from all three domains (they all trust each other). I can ps -ax | grep mbd and see both smbd and nmbd running. I can then ps -ax | grep winbind and see the winbind daemon running. I can smbclient -L localhost and see what should be shared to the LAN, as I expected it to be. I can ping, nslookup, nmblookup, etc. and everything is working fine. From Windows (only Windows 2000 clients thus far) I can see the new SAMBA machine in My Network Places - the W2k equivalent to the Network Neighborhood. This is true for my Windows NT servers as well. I can double-click on the SAMBA machine and after a (very) long pause, I get presented with the expected lists of shares. I double-click on a share and after another (very) long pause I can see files in the shares. But here's where it gets flaky... After a period of time (no pattern here that I can tell) I can no longer access the SAMBA shares or even pull a list of shares from the machine. When this happens, I try the old method for connections - the net command. I can issue net view \\gateway or net use X: \\gateway\ftp and I get this in return: H:\net view \\gateway The Server service is not started. More help is available by typing NET HELPMSG 2114. When I check out error 2114 I really get no more helpful info - it all applies to Windows' services... The funny thing about this whole problem - after another few minutes the machine begins working again, and the whole process starts over again. During these blackout times, the SAMBA machine still appears in My Network Places, but I think that's because of how Windows cache's things. The machine is always back up before the cache time expires. At first, I thought I had the Firewall (IPChains) blocking it. But I've checked that and ports 137-139 on both TCP and UDP pass through just fine (I have the firewall down at this point). Then I thought it was because of the two NICs I had, but I've limited SAMBA to the Internal and loopback interfaces. I've also added the bind interfaces = true to the smb.conf. The external NIC isn't even plugged up yet. I'm not exactly sure what else I need to send that may be helpful, but if any additional info is needed, I'll be more than happy to forward it along. Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. smime.p7s Description: application/pkcs7-signature