Re: [Samba] Need support
On Aug 5, 2013, at 0:09, ketut.nur...@dexagroup.com wrote: dear Samba team, Today we have used samba ver. 3 as primary domain controller at my company. To improve the Samba technology and feature to support our business , we want to upgrade to Samba 4. Is there any tools or support to provide upgrade solution from Samba 3 to samba 4 ? For the information current Samba version we are used and running on Mandriva : samba-common-3.0.23b-7mdv2007.0 samba-server-3.0.23b-7mdv2007.0 samba-smbldap-tools-3.0.23b-7mdv2007.0 samba-client-3.0.23b-7mdv2007.0 samba-doc-3.0.23b-7mdv2007.0 Any suggestion or support please contact me. Although no longer technically supported, the upgrade provision script has done well for many people. Have you considered trying it in a virtual environment? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need support
On Aug 10, 2013, at 4:22, Andrew Bartlett abart...@samba.org wrote: On Sat, 2013-08-10 at 03:19 -0400, Scott Lovenberg wrote: On Aug 5, 2013, at 0:09, ketut.nur...@dexagroup.com wrote: dear Samba team, Today we have used samba ver. 3 as primary domain controller at my company. To improve the Samba technology and feature to support our business , we want to upgrade to Samba 4. Is there any tools or support to provide upgrade solution from Samba 3 to samba 4 ? For the information current Samba version we are used and running on Mandriva : samba-common-3.0.23b-7mdv2007.0 samba-server-3.0.23b-7mdv2007.0 samba-smbldap-tools-3.0.23b-7mdv2007.0 samba-client-3.0.23b-7mdv2007.0 samba-doc-3.0.23b-7mdv2007.0 Any suggestion or support please contact me. Although no longer technically supported, the upgrade provision script has done well for many people. Have you considered trying it in a virtual environment? The upgradeprovision script is not for upgrades from Samba 3.x or classic domains, it is about old (very old) databases from the 4.0 alpha series. Use of the samba-tool domain classicupgrade command remains and will remain fully supported. Sorry, Andrew, you are correct. I meant classicupgrade instead of upgradeprovision (to be fair, it's 4:30 AM on this side of the pond :)) Although I thought that classic upgrade still had some issues to be worked out, IIRC from the mailing list/IRC discussions. Am I mistaken? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
On Thu, Jul 11, 2013 at 12:55 PM, Fernando Lozano ferna...@lozano.eti.br wrote: But you know, everyone buys NASes today, it's getting harder to explaing a common PC would be better. Here a server box with a RAID controller and a hot-swappable disk bays is way more expensive than an iomega NAS in a rack form factory. I've found the performance of those cheap NAS boxes (even the cheap ones are relatively expensive) to be sub-par. Most of them max out at a few MB/second. A reasonable set of hardware in a 2U with hot-swap drives will absolutely smoke a cheap NAS and the price/performance ratio is much better. Plus, you can use ZFS/BTRFS/etc as your backing store if you'd like on your own dedicated box. -- Peace and Blessings, -Scott. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 (domain) dfs
On 5/26/2013 3:10 PM, Michael De Groote wrote: Hi all I'm trying to set up dfs for (among other things) profiles (i don't know if this is a good example, but that is out of the scope of my current question) I've been following these instructions: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/msdfs.html http://us.generation-nt.com/answer/samba-domain-dfs-samba-4-help-209347402.html as well as the hints given in the thread *'Samba4 DFS Support'* on this list [snip] *Questions:* 1. Am I misinterpreting the documentation? I was also under the impression that i would be able to access the subfolders inside the dfs-root directly... (which doesn't seme to be) 2. Does it just not work yet in samba4 and do i need to be patient? 3. Is there some other logger i need to turn on the see what is going wrong, and if so, what logger would that be? (i could also turn on all on level 10, but i fear i would be swamped...) 1.) You should be able to access sub directories inside a DFS root. 2.) This shouldn't be an issue since you're using the Samba-3 file server (smbd). I don't think the ntvfs file server in Samba-4 supports DFS though. 3.) I'd use the following logging options to get to the bottom of this: log level = 2 msdfs:8 auth:5 winbind:5 idmap:5 acls:3. Or something to that effect. You might even set log level to 1 and then only look at msdfs logging until you know what you want to take a closer look at. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0 released - The First Free Software Active Directory Compatible Server is now available !
On Tue, Dec 11, 2012 at 12:32 PM, Jeremy Allison j...@samba.org wrote: Samba Team Releases Samba 4.0 = Congrats! -- Peace and Blessings, -Scott. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS: Deprecating NFS mounting syntax in mount.cifs
On Tue, Oct 23, 2012 at 3:23 PM, steve st...@steve-ss.com wrote: Hi Scott, hi everyone Yeah, that's fine. Does this clear up the issue with the ':'? I should have made it clearer that I was referring to autofs and not mounting e.g. from fstab. I just tried the automounter on cifs without the ':' and it doesn't work. Would it perhaps help to put a message in the logs when it fails, rather than silence? Or maybe that's more of a question for the autofs guys. Cheers, Steve I've been at home thinking about this for a while tonight. I've checked the documentation for autofs and they do what they say what they'll do with that path (treat anything without a ':' as an NFS mount). On our side, (mount.cifs) we do what we say we'll do (support UNC paths). The most we could ask of them is to add/modify their documentation to include the case for CIFS instead of just SMB. This doesn't change anything on the mount.cifs side other than explicitly directing users to the correct syntax for CIFS shares when using autofs. Ultimately the autofs documentation implicitly states that CIFS shares should use a ':'. All that being said, the mount.cifs has never officially supported NFS path syntax. We aren't silently ignoring the issue; we're sending a warning to stdout that in a future version of the mount utility we won't support this undocumented behavior. To be fair, that's more than most code bases do for deprecating undocumented features. If anyone wants me to pursue the issue, I'll see what I can do about getting the documentation for autofs altered to explicitly mention CIFS paths. I think that is reasonable for everyone. It's after 2 AM in my part of the world, so I'll do this tomorrow after my first cup of coffee if anyone requests it. -- Peace and Blessings, -Scott. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS: Deprecating NFS mounting syntax in mount.cifs
On 10/18/2012 2:07 PM, scott.lovenb...@gmail.com wrote: This patch adds a warning when using NFS mounting syntax (server:/share), instead of the usual UNC syntax (//server/share || \\server\share), that support for NFS style mounts will be removed in version 6.0 of the mount.cifs utility. The reasoning for this is simple. Support for NFS syntax is undocumented and increases maintenance overhead. This came up recently on the cifs-utils list when discussing how to handle mounting a share NFS style using an IPv6 address. Since the ':' character is valid in a POSIX file path or share name it is an ambiguous delimiter. Consider the following valid server share : dead:beef::1:iSCSIExportedByIQN:storage. Instead of adding complicated code to the parser to support an undocumented feature, we're optin g to remove the feature in the mount utility in version 6.0 if there is no objection. Jeff, it's been a few days and no one has objected (or really said anything). Can we merge this patch? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS: Deprecating NFS mounting syntax in mount.cifs
On Tue, Oct 23, 2012 at 12:47 PM, steve st...@steve-ss.com wrote: On 10/23/2012 05:56 PM, Scott Lovenberg wrote: On 10/18/2012 2:07 PM, scott.lovenb...@gmail.com wrote: no one has objected (or really said anything). Can we merge this patch? -- Hi I'm just trying to represent users. Can we take this to user level by giving an example of what will work and what will not work after the patch? I should clarify, this patch doesn't change the behavior of the mount utility, it just warns the user that in future releases the syntax that they are using will be removed. The patch to remove the behavior is going to be in a later release. What will work is any path that begins with // or \\ which is a normal UNC. So your normal //server/share path is fine. NFS syntax allows for you to specify the path like server:/share. That syntax will no longer work in cifs-utils 6.0. For example, the Linux automounter. Currently, we have this map: * -fstype=cifs,rw,sec=krb5 ://myserver/myshare/ Are you talking about the difference between that and this: * -fstype=cifs,rw,sec=krb5 myserver:/myshare/ Question: will I need to change anything due to this patch? Quite the opposite, the //myserver/myshare is correct, myserver:/myshare will no longer work. The ':' is part of the automounter's map syntax. It will use the path //myserver/myshare. -- Peace and Blessings, -Scott. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS: Deprecating NFS mounting syntax in mount.cifs
On Tue, Oct 23, 2012 at 1:22 PM, steve st...@steve-ss.com wrote: On 10/23/2012 07:02 PM, Jeff Layton wrote: On Tue, 23 Oct 2012 18:47:37 +0200 steve st...@steve-ss.com wrote: On 10/23/2012 05:56 PM, Scott Lovenberg wrote: Currently, we have this map: * -fstype=cifs,rw,sec=krb5 ://myserver/myshare/ Does that really work? What purpose does the ':' serve there? Yes. They always put a ':' before the mount except for the default NFS. I took a look at the example /etc/auto.misc which comes (commented out) with openSUSE. They always put a ':'. I double checked this. The ':' is a token for the automounter that tells it that it's a local device. You could probably remove that character. http://www.faqs.org/docs/Linux-mini/Automount.html#s4 -- Peace and Blessings, -Scott. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] CIFS: Deprecating NFS mounting syntax in mount.cifs
The following patch adds a warning when using NFS mounting syntax (server:/share), instead of the usual UNC syntax (//server/share || \\server\share), that support for NFS style mounts will be removed in version 6.0 of the mount.cifs utility. The reasoning for this is simple. Support for NFS syntax is undocumented and increases maintenance overhead. This came up recently on the cifs-utils list when discussing how to handle mounting a share NFS style using an IPv6 address. Since the ':' character is valid in a POSIX file path or share name it is an ambiguous delimiter. Consider the following valid server share : dead:beef::1:iSCSIExportedByIQN:storage. Instead of adding complicated code to the parser to support an undocumented feature, we're optin g to remove the feature in the mount utility in version 6.0 if there is no objection. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [PATCH] Add warning that NFS syntax is deprecated and will be removed in cifs-utils-6.0.
From: Scott Lovenberg scott.lovenb...@gmail.com
Signed-off-by: Scott Lovenberg scott.lovenb...@gmail.com
---
mount.cifs.c |4
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/mount.cifs.c b/mount.cifs.c
index 756fce2..061ce32 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -1335,6 +1335,7 @@ static int parse_unc(const char *unc_name, struct
parsed_mount_info *parsed_info
}
/* Set up host and share pointers based on UNC format. */
+ /* TODO: Remove support for NFS syntax as of cifs-utils-6.0. */
if (strncmp(unc_name, //, 2) strncmp(unc_name, , 2)) {
/*
* check for nfs syntax (server:/share/prepath)
@@ -1351,6 +1352,9 @@ static int parse_unc(const char *unc_name, struct
parsed_mount_info *parsed_info
share++;
if (*share == '/')
++share;
+ fprintf(stderr, WARNING: using NFS syntax for mounting CIFS
+ shares is deprecated and will be removed in cifs-utils
+ -6.0. Please migrate to UNC syntax.);
} else {
host = unc_name + 2;
hostlen = strcspn(host, /\\);
--
1.7.5.4
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Add warning that NFS syntax is deprecated and will be removed in cifs-utils-6.0.
On 10/18/2012 1:50 PM, scott.lovenb...@gmail.com wrote:
From: Scott Lovenbergscott.lovenb...@gmail.com
Signed-off-by: Scott Lovenbergscott.lovenb...@gmail.com
---
mount.cifs.c |4
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/mount.cifs.c b/mount.cifs.c
index 756fce2..061ce32 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -1335,6 +1335,7 @@ static int parse_unc(const char *unc_name, struct
parsed_mount_info *parsed_info
}
/* Set up host and share pointers based on UNC format. */
+ /* TODO: Remove support for NFS syntax as of cifs-utils-6.0. */
if (strncmp(unc_name, //, 2) strncmp(unc_name, , 2)) {
/*
* check for nfs syntax (server:/share/prepath)
@@ -1351,6 +1352,9 @@ static int parse_unc(const char *unc_name, struct
parsed_mount_info *parsed_info
share++;
if (*share == '/')
++share;
+ fprintf(stderr, WARNING: using NFS syntax for mounting CIFS
+ shares is deprecated and will be removed in cifs-utils
+ -6.0. Please migrate to UNC syntax.);
} else {
host = unc_name + 2;
hostlen = strcspn(host, /\\);
Sorry, git send-email just blew up in my face. It was supposed to send
a first email that explained the patch. Of course it worked perfectly
when I tested it to my own email address. I'll figure out why the first
message is missing and repost. Sorry for the noise.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] CIFS: Deprecating NFS mounting syntax in mount.cifs
This patch adds a warning when using NFS mounting syntax (server:/share), instead of the usual UNC syntax (//server/share || \\server\share), that support for NFS style mounts will be removed in version 6.0 of the mount.cifs utility. The reasoning for this is simple. Support for NFS syntax is undocumented and increases maintenance overhead. This came up recently on the cifs-utils list when discussing how to handle mounting a share NFS style using an IPv6 address. Since the ':' character is valid in a POSIX file path or share name it is an ambiguous delimiter. Consider the following valid server share : dead:beef::1:iSCSIExportedByIQN:storage. Instead of adding complicated code to the parser to support an undocumented feature, we're optin g to remove the feature in the mount utility in version 6.0 if there is no objection. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [PATCH] Add warning that NFS syntax is deprecated and will be removed in cifs-utils-6.0.
From: Scott Lovenberg scott.lovenb...@gmail.com
Signed-off-by: Scott Lovenberg scott.lovenb...@gmail.com
---
mount.cifs.c |4
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/mount.cifs.c b/mount.cifs.c
index 756fce2..061ce32 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -1335,6 +1335,7 @@ static int parse_unc(const char *unc_name, struct
parsed_mount_info *parsed_info
}
/* Set up host and share pointers based on UNC format. */
+ /* TODO: Remove support for NFS syntax as of cifs-utils-6.0. */
if (strncmp(unc_name, //, 2) strncmp(unc_name, , 2)) {
/*
* check for nfs syntax (server:/share/prepath)
@@ -1351,6 +1352,9 @@ static int parse_unc(const char *unc_name, struct
parsed_mount_info *parsed_info
share++;
if (*share == '/')
++share;
+ fprintf(stderr, WARNING: using NFS syntax for mounting CIFS
+ shares is deprecated and will be removed in cifs-utils
+ -6.0. Please migrate to UNC syntax.);
} else {
host = unc_name + 2;
hostlen = strcspn(host, /\\);
--
1.7.5.4
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.0.0rc1 Available for Download
On Thu, Sep 13, 2012 at 6:40 AM, Karolin Seeger ksee...@samba.org wrote: [...] - Domain member support in the 'samba' binary is in it's infancy, and is not comparable to the support found in winbindd. As such, do not use the 'samba' binary (provided for the AD server) on a member server. Stupid bug report, its should be used above, not it's. You want the possessive, not the contraction. Just for future RC release notes (it's been bothering me since the later beta release notes). :) -- Peace and Blessings, -Scott. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Video Interview with tridge from last years SambaXP.
On 3/9/2012 2:05 PM, Jeremy Allison wrote: From both the shameless self-promotion and better late than never departments here at Samba towers :-). http://google-opensource.blogspot.com/2012/03/geek-time-with-andrew-tridgell.html It's a fun interview (at least I think so :-). Enjoy !!! Jeremy. Thanks, Jeremy. Still waiting for you to do another Google Techtalk for Samba-4.0. :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] setuids mount option broke
On Fri, May 28, 2010 at 4:12 PM, Derek Simkowiak der...@realloc.net wrote: I can mount it using these options in /etc/fstab... note the use of setuids here: //cst6/testhome /testhome cifs iocharset=utf8,credentials=/root/cst6_password.txt,setuids 0 0 Does it work if you change 'setuids' to 'suid'? Is there anything else I can try? Looking at this earlier post, it seems like maybe setuids is not even a supported option anymore...? http://lists.samba.org/archive/linux-cifs-client/2010-March/005600.html The client code has been moved out of the samba package recently. In the current release of the client (the client is now released separately from the samba suite, but the two aren't in sync yet) the setuid functionality is deprecated (but can still be enabled at compile time). At the moment the option is being called 'legacy'; I don't know if the functionality is being dropped or upgraded/redesigned, though. -- Peace and Blessings, -Scott. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] setuids mount option broke
On Sat, May 29, 2010 at 8:11 AM, Scott Lovenberg scott.lovenb...@gmail.comwrote: The client code has been moved out of the samba package recently. In the current release of the client (the client is now released separately from the samba suite, but the two aren't in sync yet) the setuid functionality is deprecated (but can still be enabled at compile time). At the moment the option is being called 'legacy'; I don't know if the functionality is being dropped or upgraded/redesigned, though. Sorry, I should have been more clear about this. I'm referring to the mount.cifs (cifs-utils) part of the client, not the whole samba client. -- Peace and Blessings, -Scott. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and ACL and automatic inheriting
Karl Koch wrote: hello, i use samba with acl bound into a w2k3 ads domain. i have set the option inherit acls = yes and when i change a acl on a folder the new folders i create have the same acls. But when i change the acl on a folder the subdirectorys of this folder wont update automatic like under a win ntfs system. i controll the acls through a windows machine an so it is not so good that i musst inherit the acls manually. Is there any option i can do this? And yes i know setfacl -R :-) But i want i more comfortable so other useres can controll it. Have you set a default ACL entry for the top level directory? ie, setfacl d:user:perm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Update on bugzilla.samba.org
jerry wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fyi... We can into some db connection issues last night (about 10pm GMT-5 I think). This issue has been temporarily resolved, but I expect that we'll be taking the server offline for a short period sometime this week for further db maintenance. Also Deryck and I will be exploring some potential improvements to Samba's bugzilla service in the coming weeks. I'll try to keep everyone updated. cheers, jerry - -- = What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ20t1IR7qMdg1EfYRAv2HAJ47xw8Kn5co40X7do0UPcczvM2+LgCg5bPZ P10yo+Wy/Co8DuActPbosUQ= =imcZ -END PGP SIGNATURE- I figure this request dovetails the bugzilla maintenance, sorry if it seems like I'm thread hijacking. Would it be possible to turn on the 'vote for bug' feature (or remove the reference to it all together)? I wanted to flag a bug the other week and followed the bugzilla link to vote for it, only to find out it was disabled. Would enabling this be a productive use of resources? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Query related to samba-3.2.6 and Last Access Time stamp.
As well as nodiratime. --Original Message-- From: Miguel Medalha Sender: samba-bounces+scott.lovenberg=gmail@lists.samba.org To: naga_kishore_komm...@yahoo.com Cc: samba@lists.samba.org Subject: Re: [Samba] Query related to samba-3.2.6 and Last Access Time stamp. Sent: Apr 6, 2009 08:49 I want to avoid this and I do not have administrator permission of the windows machine. Is there any client side setting that I can change to avoid the updation of 'last access date' on the server? Mount the server's filesystem with the noatime option? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Sent from my Verizon Wireless BlackBerry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with Samba
Ross, Brian wrote: Yes, another newbie asking for help. Please bear with me. I don't doubt my problem has a simple solution but it has me stumped. I have a solaris server which carries some confidential financial information on it. I have been asked to install samba on it to share out a particular directory. They obviously want to restrict access to this information. We run a Windows 2003 domain as well. My problem is that I cannot get my samba server to ask for user authentication (or rather, I can, if I slightly change the smb.conf file but then it asks for Guest rather than the user designated). My smb.conf file is: ___ [global] workgroup = CALM server string = calm-kens-27 security = DOMAIN password server = 192.147.114.4, 192.147.114.17 username map = /etc/samba/smbusers log file = /var/log/samba max log size = 200 ; min protocol = NT1 ; preferred master = No ; local master = No ; domain master = No ; browse list = No ; enhanced browsing = No dns proxy = No wins server = 192.147.114.4 ; ldap ssl = no hosts allow = localhost,calm-kens-27,192.147.114.,192.147.114.54,10.20.201.59,10.20.200.119,10.20.201.88,10.20.201.175 hosts deny = All ;hosts allow = all encrypt passwords = yes browseable = no ;smb passwd file = /etc/samba/smbpasswd [CBA] path = /u02/prod/clmfinpr/clmfinprappl/calm/11.5.0/secure comment = DEC read only share read only = Yes guest ok = no ;force user = finance ;force group = sw_user hide dot files = No inherit permissions = Yes ___ On another not unrelated problem, I am unable to get SWAT to work. I keep getting the message: This document contains no data, Try again later or contact the domain's administrator Any idea about how to get it working (this I suspect will help me to cure my configuration problem). Cheers Brian ___ Brian Ross Do you have the winbind service running and the nscd service off? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netbios : Network Browsing on multiple subnets
Scott Lovenberg wrote: [EMAIL PROTECTED] wrote: Hi all ! I have a PDC and a BDC in 2 differents subnets. I would like to sync their browse list but it doesn't seem to work. Actually here are a part my smb.conf files : PDC -- ... remote browse sync = 10.10.20.10 remote announce = 10.10.20.10 security = user encrypt passwords = true domain logons = Yes os level = 70 preferred master = yes domain master = yes local master = yes wins support = Yes ... --- BDC ... remote announce = 10.10.10.1 remote browse sync = 10.10.10.1 wins support = yes security = user encrypt passwords = yes domain logons = Yes os level = 69 preferred master =no domain master = no ... --- The BDC is unable to find the Domain Master Browser nmblookup -U venise -R 'DOMAIN#1B' ... name_query failed to find name domain#1b nmblookup -U BDC -S PDC name_query failed to find name PDC log.nmbd --- [2008/11/14 11:55:51, 0] nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(351) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name DOMAIN1b for the workgroup DOMAIN. ... [2008/11/14 12:03:59, 0] nmbd/nmbd_incomingdgrams.c:process_master_browser_announce(383) process_master_browser_announce: Not configured as domain master - ignoring master announce. I really need help, the BDC has to be moved in another place. Thank you ! Smaine I believe you want the 'wins server =' and/or 'wins proxy' settings instead of the 'wins support' setting. Table of wins settings from Using Samba, ch07 http://de4.samba.org/samba/docs/using_samba/ch07.html#samba2-CHP-7-TABLE-1 The entry on 'wins server =' and 'wins proxy' is just under this table. Unless I'm mistaken, wins proxy/wins server combination is the only one that will allow cross subnet wins replication (other than DNS/LDAP combination). IIRC, you'll want the wins servers to be master browsers on their respective subnets, as well. Sorry, I realized right after posting that last sentence might not have been clear; I meant each should be the local master browser. A domain can only have one domain master browser. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netbios : Network Browsing on multiple subnets
[EMAIL PROTECTED] wrote: Hi all ! I have a PDC and a BDC in 2 differents subnets. I would like to sync their browse list but it doesn't seem to work. Actually here are a part my smb.conf files : PDC -- ... remote browse sync = 10.10.20.10 remote announce = 10.10.20.10 security = user encrypt passwords = true domain logons = Yes os level = 70 preferred master = yes domain master = yes local master = yes wins support = Yes ... --- BDC ... remote announce = 10.10.10.1 remote browse sync = 10.10.10.1 wins support = yes security = user encrypt passwords = yes domain logons = Yes os level = 69 preferred master =no domain master = no ... --- The BDC is unable to find the Domain Master Browser nmblookup -U venise -R 'DOMAIN#1B' ... name_query failed to find name domain#1b nmblookup -U BDC -S PDC name_query failed to find name PDC log.nmbd --- [2008/11/14 11:55:51, 0] nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(351) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name DOMAIN1b for the workgroup DOMAIN. ... [2008/11/14 12:03:59, 0] nmbd/nmbd_incomingdgrams.c:process_master_browser_announce(383) process_master_browser_announce: Not configured as domain master - ignoring master announce. I really need help, the BDC has to be moved in another place. Thank you ! Smaine I believe you want the 'wins server =' and/or 'wins proxy' settings instead of the 'wins support' setting. Table of wins settings from Using Samba, ch07 http://de4.samba.org/samba/docs/using_samba/ch07.html#samba2-CHP-7-TABLE-1 The entry on 'wins server =' and 'wins proxy' is just under this table. Unless I'm mistaken, wins proxy/wins server combination is the only one that will allow cross subnet wins replication (other than DNS/LDAP combination). IIRC, you'll want the wins servers to be master browsers on their respective subnets, as well. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] performance problem with access database
Scheidegger Patrick wrote: Hello I have problem with a access application, when I try to start the application then I must wait 5 minutes ago before he started. I do this from a WinXp Workstation to a Linux Debian Etch and samba 3.0.24 installation. What can I do for better performance. best regards pat If you've got more than a handful of users at any given moment, you can disable op-locks and reduce locking overhead. You can do this via registry, Samba, or both. Also, a database (and I use that in the loosest sense of the term!) compact and repair never hurt ;) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compiling 3.2.4 --with-krb5=/usr/lib/krb5, not working
Jake Carroll wrote: Scott, Thanks for the link. I had a poke around, substituting my paths et al with the instructions here, and, unfortunately, it still just doesn't seem to see my krb libraries. I am wondering if there is something generically _wrong_ with Solaris/Sun shipped Krb that samba doesn't like? Any other ideas? Thanks for the input! */JC/* On Oct 5, 2008, at 11:13 AM, Scott Lovenberg wrote: Jake Carroll wrote: Hi all, I'm currently attempting to compile Samba 3.2.4 for Solaris 10 x86. I require krb5 support and I realised that it would not look in the correct default location, under Solaris 10. Example, from ./configure --help: --with-krb5=base-dirLocate Kerberos 5 support (default=/usr) In vanilla Solaris 10 x86, Kerberos libraries are stored in /usr/lib/krb5. I thought it best to attempt to specifically, rather, explicitly state the base dir like so, because using the default is not working: ./configure --with-aio-support --with-krb5=/usr/lib/krb5 I felt that this would give the linker/compiler the best chance of finding what it needed. Apparently, this is not the case. When I look in the config.log: configure:55103: checking for Active Directory and krb5 support KRB5CONFIG='' KRB5_LIBS='' WINBIND_KRB5_LOCATOR='' So then, if we do a make # less config.h | grep -i krb /* Whether the krb5_address struct has a addrtype property */ /* #undef HAVE_ADDRTYPE_IN_KRB5_ADDRESS */ /* Whether the krb5_address struct has a addr_type property */ /* #undef HAVE_ADDR_TYPE_IN_KRB5_ADDRESS */ /* Whether the krb5_checksum struct has a checksum property */ /* #undef HAVE_CHECKSUM_IN_KRB5_CHECKSUM */ ...all left untouched. Any thoughts? The libraries are definitely and obviously there: [EMAIL PROTECTED]:/usr/lib/krb5] $ ls -als total 3338 2 drwxr-xr-x 4 root bin 1024 May 3 10:15 . 64 drwxr-xr-x 122 root bin32256 Aug 16 20:57 .. 2 -r--r--r-- 1 root bin 700 Jan 22 2005 HelpIndex.html 2 drwxr-xr-x 2 root bin 512 May 3 10:15 ListResourceBundle 2 -r--r--r-- 1 root bin 412 Jan 22 2005 README.db2 4 -r--r--r-- 1 root bin 1962 Jan 22 2005 SunLogo.4c.gif 2 drwxr-xr-x 2 root bin 512 May 3 10:15 amd64 2 lrwxrwxrwx 1 root root 8 May 3 10:15 db2.so - db2.so.1 144 -rwxr-xr-x 1 root bin73088 Mar 19 2008 db2.so.1 416 -r--r--r-- 1 root bin 204145 Mar 12 2008 gkadmin.jar 122 -r-x-- 1 root bin62100 Mar 19 2008 kadmind 2 lrwxrwxrwx 1 root root 10 May 3 10:15 kldap.so - kldap.so.1 80 -rwxr-xr-x 1 root bin40684 Mar 19 2008 kldap.so.1 38 -r-xr-xr-x 1 root bin18488 Mar 19 2008 kprop 2 -r-xr-xr-x 1 root bin 300 Jan 22 2005 kprop_script 70 -r-xr-xr-x 1 root bin35136 Mar 19 2008 kpropd snip. Thanks all. JC Erm, sorry for the double post. Here's a reference for crle with samba. Here's a recipe for Samba+Active Directory on Solaris 9 http://lists.samba.org/archive/samba-technical/2006-May/046971.html Sorry, I'm tapped for good ideas. I'm trying to duplicate this on a VM... and remembering why I stopped using OpenSolaris :) I just have to keep it stable for long enough to update. So far, Solaris is winning by restarting the window manager every fifteen minutes or so. The only other thing I could think of is manually entering the path in the configuration variable and trying to compile. I'm not sure that it would help at all, but it can't hurt to give it a shot. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Lost most data on Windows XP machine switching to domain
Jesse Stone wrote: I'm wondering if anyone has run across that and MUCH more importantly, if the data can be recovered somehow. I'll put as much details as I can at the bottom but here's the gist of the problem: I added my wives computer (which contains 8 years worth of pictures) to the domain. When I logged into the new domain account it was empty and my wives domain users had no access so I did the following: 1) Logged out of the domain account and back into the machine account 2) Added the domain user to the administrative group 3) MOVED (yes, I'm an idiot) everything from my wive's standard profile to the domain profile 4) Logged back in with the domain account Here's what happens: a few random things where in the new domain. For example, 1 bookmark (out of about 50) was in my wive's favorites folder. The My Pictures folder contained Sample Pictures only. My guess is that 1 of 2 things happened: 1) Samba didn't expect there to be data yet so started out with a fresh new profile. This doesn't explain how some (less than 1% of her data) is available 2) My wive is connecting to the domain via wireless. Somehow, mid-copy the wireless shut off and the data never made it to the roaming profile. Please someone give me good news like just do this and the data will be recovered! OK, here's the details (which will show my lack of understanding): I followed the following article when setting up Samba: http://www.howtoforge.com/samba_setup_ubuntu_5.10_p4 The only changes I made are that I commented out the following lines (believing this would STOP roaming profiles. I did not actually want roaming profiles and was only planning on setting the My Documents folder to use server storage. #logon drive = H:-- May use later for roaming profiles #logon path = \\%N\profile\%U-- May use later for roaming profiles (Note, the only thing this did is stop the drive letter from being set. The profile directly was still created, only under the /home/%user%/ directory instead of /home/samba/profiles/) Here's the entire smb.conf I am using: [global] workgroup = domaintest netbios name = server3200 server string = File Server passdb backend = tdbsam security = user username map = /etc/samba/smbusers name resolve order = wins bcast hosts domain logons = yes preferred master = yes wins support = yes # Set CUPS for printing printcap name = CUPS printing = CUPS # Default logon #logon drive = H: #logon script = scripts/logon.bat #logon path = \\%N\profile\%U # Useradd scripts add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u idmap uid = 15000-2 idmap gid = 15000-2 # sync smb passwords with linux passwords passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . passwd chat debug = yes unix password sync = yes # set the loglevel log level = 3 [homes] comment = Home valid users = %S read only = no browsable = no [printers] comment = All Printers path = /var/spool/samba printable = yes guest ok = yes browsable = no [netlogon] comment = Network Logon Service path = /home/samba/netlogon admin users = Administrator valid users = %U read only = no [profile] comment = User profiles path = /home/samba/profiles valid users = %U create mode = 0600 directory mode = 0700 writable = yes browsable = no Please understand that my wife may well divorce me if I can't recover this stuff. -Jesse I'm a little mixed up about about the steps that you took... Am I interpreting this correctly: 1.) You signed on with your wifes domain account, then logged out 2.) You then logged in as a local admin and added her domain account to the Domain Administrators group 3.) Before logging out of the local admin account, you moved all of her files to the default domain profile (in the netlogon share) (with permissions 0600 as per your profile share configuration) 4.) You then logged out of your local admin account and logged back in with your wifes domain account 5.) Everything is missing at this point. I'm fairly sure that Windows handles dropped connections during a sign on/off with a file that contains successfully transferred files. The fact that you have some of her files makes me wonder if you've got a permissions issue going on. Are you sure that the files aren't on the domain controller with permissions that keep her account from seeing them? If I were you, I'd remount that drive read only 60 seconds ago and make a copy of it right away. Even if you deleted the files, you can probably get a dd_rescue image before you actually blow them away. I've had success with that before after fat-fingering an effective rm -rf /. while logged in as root. The Samba team will be happy to know
Re: [Samba] Compiling 3.2.4 --with-krb5=/usr/lib/krb5, not working
Jake Carroll wrote: Hi all, I'm currently attempting to compile Samba 3.2.4 for Solaris 10 x86. I require krb5 support and I realised that it would not look in the correct default location, under Solaris 10. Example, from ./configure --help: --with-krb5=base-dirLocate Kerberos 5 support (default=/usr) In vanilla Solaris 10 x86, Kerberos libraries are stored in /usr/lib/krb5. I thought it best to attempt to specifically, rather, explicitly state the base dir like so, because using the default is not working: ./configure --with-aio-support --with-krb5=/usr/lib/krb5 I felt that this would give the linker/compiler the best chance of finding what it needed. Apparently, this is not the case. When I look in the config.log: configure:55103: checking for Active Directory and krb5 support KRB5CONFIG='' KRB5_LIBS='' WINBIND_KRB5_LOCATOR='' So then, if we do a make # less config.h | grep -i krb /* Whether the krb5_address struct has a addrtype property */ /* #undef HAVE_ADDRTYPE_IN_KRB5_ADDRESS */ /* Whether the krb5_address struct has a addr_type property */ /* #undef HAVE_ADDR_TYPE_IN_KRB5_ADDRESS */ /* Whether the krb5_checksum struct has a checksum property */ /* #undef HAVE_CHECKSUM_IN_KRB5_CHECKSUM */ ...all left untouched. Any thoughts? The libraries are definitely and obviously there: [EMAIL PROTECTED]:/usr/lib/krb5] $ ls -als total 3338 2 drwxr-xr-x 4 root bin 1024 May 3 10:15 . 64 drwxr-xr-x 122 root bin32256 Aug 16 20:57 .. 2 -r--r--r-- 1 root bin 700 Jan 22 2005 HelpIndex.html 2 drwxr-xr-x 2 root bin 512 May 3 10:15 ListResourceBundle 2 -r--r--r-- 1 root bin 412 Jan 22 2005 README.db2 4 -r--r--r-- 1 root bin 1962 Jan 22 2005 SunLogo.4c.gif 2 drwxr-xr-x 2 root bin 512 May 3 10:15 amd64 2 lrwxrwxrwx 1 root root 8 May 3 10:15 db2.so - db2.so.1 144 -rwxr-xr-x 1 root bin73088 Mar 19 2008 db2.so.1 416 -r--r--r-- 1 root bin 204145 Mar 12 2008 gkadmin.jar 122 -r-x-- 1 root bin62100 Mar 19 2008 kadmind 2 lrwxrwxrwx 1 root root 10 May 3 10:15 kldap.so - kldap.so.1 80 -rwxr-xr-x 1 root bin40684 Mar 19 2008 kldap.so.1 38 -r-xr-xr-x 1 root bin18488 Mar 19 2008 kprop 2 -r-xr-xr-x 1 root bin 300 Jan 22 2005 kprop_script 70 -r-xr-xr-x 1 root bin35136 Mar 19 2008 kpropd snip. Thanks all. JC Doesn't Solaris have their own version of something like a 'ldconfig'... I remember having to run it once a year or two ago to get a compile to function properly (it may have been Samba, I can't recall). I believe 'crle' is the one. Have you tried this already? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compiling 3.2.4 --with-krb5=/usr/lib/krb5, not working
Jake Carroll wrote: Hi all, I'm currently attempting to compile Samba 3.2.4 for Solaris 10 x86. I require krb5 support and I realised that it would not look in the correct default location, under Solaris 10. Example, from ./configure --help: --with-krb5=base-dirLocate Kerberos 5 support (default=/usr) In vanilla Solaris 10 x86, Kerberos libraries are stored in /usr/lib/krb5. I thought it best to attempt to specifically, rather, explicitly state the base dir like so, because using the default is not working: ./configure --with-aio-support --with-krb5=/usr/lib/krb5 I felt that this would give the linker/compiler the best chance of finding what it needed. Apparently, this is not the case. When I look in the config.log: configure:55103: checking for Active Directory and krb5 support KRB5CONFIG='' KRB5_LIBS='' WINBIND_KRB5_LOCATOR='' So then, if we do a make # less config.h | grep -i krb /* Whether the krb5_address struct has a addrtype property */ /* #undef HAVE_ADDRTYPE_IN_KRB5_ADDRESS */ /* Whether the krb5_address struct has a addr_type property */ /* #undef HAVE_ADDR_TYPE_IN_KRB5_ADDRESS */ /* Whether the krb5_checksum struct has a checksum property */ /* #undef HAVE_CHECKSUM_IN_KRB5_CHECKSUM */ ...all left untouched. Any thoughts? The libraries are definitely and obviously there: [EMAIL PROTECTED]:/usr/lib/krb5] $ ls -als total 3338 2 drwxr-xr-x 4 root bin 1024 May 3 10:15 . 64 drwxr-xr-x 122 root bin32256 Aug 16 20:57 .. 2 -r--r--r-- 1 root bin 700 Jan 22 2005 HelpIndex.html 2 drwxr-xr-x 2 root bin 512 May 3 10:15 ListResourceBundle 2 -r--r--r-- 1 root bin 412 Jan 22 2005 README.db2 4 -r--r--r-- 1 root bin 1962 Jan 22 2005 SunLogo.4c.gif 2 drwxr-xr-x 2 root bin 512 May 3 10:15 amd64 2 lrwxrwxrwx 1 root root 8 May 3 10:15 db2.so - db2.so.1 144 -rwxr-xr-x 1 root bin73088 Mar 19 2008 db2.so.1 416 -r--r--r-- 1 root bin 204145 Mar 12 2008 gkadmin.jar 122 -r-x-- 1 root bin62100 Mar 19 2008 kadmind 2 lrwxrwxrwx 1 root root 10 May 3 10:15 kldap.so - kldap.so.1 80 -rwxr-xr-x 1 root bin40684 Mar 19 2008 kldap.so.1 38 -r-xr-xr-x 1 root bin18488 Mar 19 2008 kprop 2 -r-xr-xr-x 1 root bin 300 Jan 22 2005 kprop_script 70 -r-xr-xr-x 1 root bin35136 Mar 19 2008 kpropd snip. Thanks all. JC Erm, sorry for the double post. Here's a reference for crle with samba. Here's a recipe for Samba+Active Directory on Solaris 9 http://lists.samba.org/archive/samba-technical/2006-May/046971.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba with 2 NICs
Avery Payne wrote: hamacker wrote: I did that. I test, and everything is OK. It's not misconfiguration. When 2 NICs bonded (or 2 NICs only enabled), WinXP can logon into domain and win95/98 can not. If I disable one NIC then any OS can logon into domain. I can't understand why WinXP can logon and win95/98 is not, if enable 2 NICs on my system. The TCP/IP stack in Win95/98 was not exactly, um, state of the art (ping of doom anyone?). It could be something as simple as the Win95/98 stack doesn't support multihomed hosts properly. Try the following: * Make Win95/98 point to just ONE address only; use an LMHOSTS file with just ONE IP entry specified for the Samba server. * Make your Samba install a WINS server, and point the Win95/98 boxes at it. This isn't supposed to matter, but then again, I've seen modern Win2k3 networks running WINS to help things along... Another thought; are you using a managed switch? A simple layer 2 switch will get very confused if it sees the same MAC address twice on different ports, and will usually start multicasting over every switch port. You might be getting duplicates/already ACKed packets twice or something to that effect. I'm agreeing with parent post that the XP stack is probably better able to handle it when strange things start happening at the layer 2 level because you're bonding at layer 3. My Win XP box seems to ACK both channels on an unmanaged switch with a bonded server feeding it. I have no proof to back that up, but I find it fitting when the connection always maxes out at 50% like it's hit a glass ceiling. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba write performance in kernel
Lin Mac wrote: hi, I would like to know is it possible to make writing file to samba completely in kernel? I'm using a slow CPU (FA526) , and the memory copy is even slower. The reading performance is over 7 MB/s, with mmap and sendfile enabled, while writing is only 4-5 MB/s. Without mmap and sendfile, reading from samba is also about 4-5 MB/s. I use Oprofile to profile writing file to samba and found that CPU takes over 30% CPU time on copy_from/to_user, so I think going to user space and back again is the bottleneck. Since there is sendfile, why is'nt there counterpart on write path? Is there some difficalties or what? Is it implementable? Please give me some advice. Best Regards, Mac Lin Are you using DMA, or are you copying byte by byte through the CPU? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] shadow_copy for homes share
Cory Coager wrote: So its not possible to use variables for the 'subpath' option? Damien Dye wrote: I don't think that will work because homes is dynamic I believe that the snapshots have to be mounted at the root of the share and homes has the root of the share at /home/username you have the snapshots mounted at /home hope this helps Damien Cory Coager wrote: I have successfully setup shadow_copy for normal shares on our samba test server. However, I cannot get it working for the homes share because of its uniqueness. Here is the homes share: [homes] comment = Home Directories read only = No create mask = 0700 directory mask = 0700 browseable = no fstype = XFS 1.2 vfs object = shadow_copy shadow_copy: path = /samba/homes/ shadow_copy: subpath = %D+%U The users authenticate against Active Directory. The path to the snapshots is located at /samba/homes/@GMT-.MM.DD-HH.MM.SS Using the subpath each individual files should be located at /samba/homes/@GMT-.MM.DD-HH.MM.SS/DOMAIN+user but the previous versions tab is missing on this share. What am I doing wrong? ~Cory Coager Hrm... could you symlink it to a known, non-variable path? I have absolutely no idea if that would work, but I figured I'd throw it out there. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Supporting large file transfers
Jeff L wrote: Samba version 3.0.25b-1.1.cc I cant seem to transfer files over 40gb from a windows machine -- samba share. as far as socket options im using socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE Is there any other tweaks I can use to help make this system more reliable? I get random errors..network path not found or something similar.. Those are nerfed socket buffer settings. You can remove the SO_*BUF=8192, and it should improve performance. Is the connection collapsing on you? (you can check with netstat -s) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Successfully running NT4 type domain on Samba 3.0 as PDC?
Jason A. Nunnelley wrote: Is anyone here running Samba 3.0 successfully with an NT4 style domain, with the Samba box operating as the PDC? Yes, indeed. For a little over two years now. CentOS-4.X based, Slackware-10.2 - 12.0, and at one point Debian Sarge. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbclient does not connect anonymously localy on fresh install
[EMAIL PROTECTED] wrote: Hello. I have some problem, with a new configuration on a new PC. I want to setup a SAMBA PDC using an HOWTO. This howto was working on OPENSUSE 10.1 with a X86 processor and I have used it a lot of time. Now I use OPENSUSE 10.3. The new PC run a X64 processor. After the fresh install and following : http://samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html I could not make smbclient connecting samba anonymously from the server (localy). I use ldap, but for the moment ldap is not configured and not started. But smb.conf is configured for using ldap : passdb backend = ldapsam:ldap://127.0.0.1 I was thinking that smbclient can connect localy anonymously even if ldap is not running. What is wrong? . uname -r . 2.6.22.18-0.2-default . . . rpm -aq | grep samba . samba-client-3.2.0-24.1.123 samba-doc-3.2.0-24.1.123 samba-krb-printing-3.2.0-24.1.123 yast2-samba-client-2.15.11-33 samba-3.2.0-24.1.123 yast2-samba-server-2.15.7-57 samba-python-3.0.26a-3.7 samba-devel-3.2.0-24.1.123 kdebase3-samba-3.5.7-87.5 samba-winbind-3.2.0-24.1.123 . . . rpm -aq | grep ldap . --- python-ldap-2.3.1-18 perl-ldap-0.33-81 pam_ldap-184-48 yast2-ldap-2.15.1-83 openldap2-devel-2.3.41-2.1 ldapcpplib-0.0.4-95 yast2-ldap-client-2.15.12-37 php5-ldap-5.2.6-0.1 openldap2-client-2.3.41-2.1 ldap-account-manager-2.3.0-0.pm.0 yast2-ldap-server-2.15.5-76 openldap2-2.3.41-1.1 ldapsmb-1.34b-110.8.123 nss_ldap-257-17 perl-ldap-ssl-0.33-81 . . . iptables -L -v . -- Chain INPUT (policy ACCEPT 402K packets, 24M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 401K packets, 17M bytes) pkts bytes target prot opt in out source destination . . . ping -c 5 127.0.0.1 . --- PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.077 ms 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.091 ms 64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.043 ms 64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.056 ms 64 bytes from 127.0.0.1: icmp_seq=5 ttl=64 time=0.043 ms --- 127.0.0.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4003ms rtt min/avg/max/mdev = 0.043/0.062/0.091/0.019 ms . . . ping -c 5 LINUX-SRV . --- PING LINUX-SRV.HATHOR.NWK (127.0.0.2) 56(84) bytes of data. 64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=1 ttl=64 time=0.098 ms 64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=2 ttl=64 time=0.067 ms 64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=3 ttl=64 time=0.055 ms 64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=4 ttl=64 time=0.067 ms 64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=5 ttl=64 time=0.052 ms --- LINUX-SRV.HATHOR.NWK ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4001ms rtt min/avg/max/mdev = 0.052/0.067/0.098/0.019 ms . . . ping -c 5 192.168.169.100 . - PING 192.168.169.100 (192.168.169.170) 56(84) bytes of data. 64 bytes from 192.168.169.170: icmp_seq=1 ttl=64 time=0.078 ms 64 bytes from 192.168.169.170: icmp_seq=2 ttl=64 time=0.082 ms 64 bytes from 192.168.169.170: icmp_seq=3 ttl=64 time=0.041 ms 64 bytes from 192.168.169.170: icmp_seq=4 ttl=64 time=0.061 ms 64 bytes from 192.168.169.170: icmp_seq=5 ttl=64 time=0.038 ms --- 192.168.169.170 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4002ms rtt min/avg/max/mdev = 0.038/0.060/0.082/0.018 ms . . . netstat -an | egrep '(:137|:138|:139|:445)' . --- tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN udp0 0 192.168.169.170:137 0.0.0.0:* udp0 0 0.0.0.0:137 0.0.0.0:* udp0 0 192.168.169.170:138 0.0.0.0:* udp0 0 0.0.0.0:138 0.0.0.0:* . . . nmap -p 1-65535 localhost . - Starting Nmap 4.20 ( http://insecure.org ) at 2008-07-23 12:10 CEST Interesting ports on localhost (127.0.0.1): Not shown: 65526 closed ports PORTSTATE SERVICE 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp 901/tcp open samba-swat Nmap finished: 1 IP address (1 host up) scanned in 4.782 seconds . . . testparm . [global] dos charset = 850 unix charset = ISO8859-1 workgroup = HATHOR.NWK server string = HATHOR Samba-LDAP PDC Server interfaces = eth0, lo passdb backend = ldapsam:ldap://127.0.0.1 username map = /etc/samba/smbusers
Re: [Samba] smbclient does not connect anonymously localy on fresh install
[EMAIL PROTECTED] wrote: Hi. Have try. No change. smbclient -L localhost -N does not connect. OK, humor me on this one, but can you ping 'localhost'? I see that 127.0.0.1 works, but does it resolve to the name 'localhost', as well? If so, would you be able to provide smb logs during access attempts? Selon Scott Lovenberg [EMAIL PROTECTED]: I believe you need a |map to guest = bad user and/or guest account = nobody for anonymous access to be automated.| [EMAIL PROTECTED] wrote: Hello. I have some problem, with a new configuration on a new PC. I want to setup a SAMBA PDC using an HOWTO. This howto was working on OPENSUSE 10.1 with a X86 processor and I have used it a lot of time. Now I use OPENSUSE 10.3. The new PC run a X64 processor. After the fresh install and following : http://samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html I could not make smbclient connecting samba anonymously from the server (localy). I use ldap, but for the moment ldap is not configured and not started. But smb.conf is configured for using ldap : passdb backend = ldapsam:ldap://127.0.0.1 I was thinking that smbclient can connect localy anonymously even if ldap is not running. What is wrong? . uname -r . 2.6.22.18-0.2-default . . . rpm -aq | grep samba . samba-client-3.2.0-24.1.123 samba-doc-3.2.0-24.1.123 samba-krb-printing-3.2.0-24.1.123 yast2-samba-client-2.15.11-33 samba-3.2.0-24.1.123 yast2-samba-server-2.15.7-57 samba-python-3.0.26a-3.7 samba-devel-3.2.0-24.1.123 kdebase3-samba-3.5.7-87.5 samba-winbind-3.2.0-24.1.123 . . . rpm -aq | grep ldap . --- python-ldap-2.3.1-18 perl-ldap-0.33-81 pam_ldap-184-48 yast2-ldap-2.15.1-83 openldap2-devel-2.3.41-2.1 ldapcpplib-0.0.4-95 yast2-ldap-client-2.15.12-37 php5-ldap-5.2.6-0.1 openldap2-client-2.3.41-2.1 ldap-account-manager-2.3.0-0.pm.0 yast2-ldap-server-2.15.5-76 openldap2-2.3.41-1.1 ldapsmb-1.34b-110.8.123 nss_ldap-257-17 perl-ldap-ssl-0.33-81 . . . iptables -L -v . -- Chain INPUT (policy ACCEPT 402K packets, 24M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 401K packets, 17M bytes) pkts bytes target prot opt in out source destination . . . ping -c 5 127.0.0.1 . --- PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.077 ms 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.091 ms 64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.043 ms 64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.056 ms 64 bytes from 127.0.0.1: icmp_seq=5 ttl=64 time=0.043 ms --- 127.0.0.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4003ms rtt min/avg/max/mdev = 0.043/0.062/0.091/0.019 ms . . . ping -c 5 LINUX-SRV . --- PING LINUX-SRV.HATHOR.NWK (127.0.0.2) 56(84) bytes of data. 64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=1 ttl=64 time=0.098 ms 64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=2 ttl=64 time=0.067 ms 64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=3 ttl=64 time=0.055 ms 64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=4 ttl=64 time=0.067 ms 64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=5 ttl=64 time=0.052 ms --- LINUX-SRV.HATHOR.NWK ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4001ms rtt min/avg/max/mdev = 0.052/0.067/0.098/0.019 ms . . . ping -c 5 192.168.169.100 . - PING 192.168.169.100 (192.168.169.170) 56(84) bytes of data. 64 bytes from 192.168.169.170: icmp_seq=1 ttl=64 time=0.078 ms 64 bytes from 192.168.169.170: icmp_seq=2 ttl=64 time=0.082 ms 64 bytes from 192.168.169.170: icmp_seq=3 ttl=64 time=0.041 ms 64 bytes from 192.168.169.170: icmp_seq=4 ttl=64 time=0.061 ms 64 bytes from 192.168.169.170: icmp_seq=5 ttl=64 time=0.038 ms --- 192.168.169.170 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4002ms rtt min/avg/max/mdev = 0.038/0.060/0.082/0.018 ms . . . netstat -an | egrep '(:137|:138|:139|:445)' . --- tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN udp0 0 192.168.169.170:137 0.0.0.0:* udp0 0 0.0.0.0:137 0.0.0.0:* udp0 0 192.168.169.170:138 0.0.0.0:* udp0 0 0.0.0.0:138 0.0.0.0:* . . . nmap -p 1-65535 localhost . - Starting Nmap 4.20 ( http://insecure.org ) at 2008-07-23 12:10 CEST Interesting ports on localhost (127.0.0.1): Not shown: 65526 closed ports PORT
Re: [Samba] Slackware 12.1 + Samba 3.0.28a + a lot of users (Slightly OT)
[...] If you don't want LDAP you have to use the smbpasswd way. (and LDAP leads to other problems ...) Also, the same users have their home directories shared via AFP (which works fine) and I can't complicate the setup with an additional smbpasswd file. How and where does AFP manage the authentification for Windows clients? Viele Gruesse! Helmut Yeah, FWIW, I just setup LDAP on Slackware-12.0, and it's a bear to build it from source. Depending on what libraries you require, of course. I took the kitchen sink approach and I think I ended up chasing about a dozen libraries for dependencies. My only advice if you decide to go this route is to use Slackware's makepkg utility as you compile sources and keep all the packages in subversion or some other form of revision control. Also, the default Samba add machine script needs to be modified slightly, IIRC. That being said, it's very doable if you have patience and a Starbucks near by. Also, a hard copy of John Terpstra and Jelmer Vernooij's The Official Samba-3 HOWTO and Reference Guide as well as Jerry Carter's LDAP System Administration are worth their weight in gold for such an undertaking. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbclient sending ICMP unreachable destination host(administratively prohibited)
Mohammed El-Afifi wrote: I'm using fedora 9, 64-bit edition, on a machine acting as a client. I've installed samba-client 3.2.0 from a binary package. I amn't running the server portion of samba(smbd, nmbd, or even winbindd). I'm trying to access shares on another windows machine, on the same network 192.168.1.0/24. Both machines, the client and the server, are using DHCP to acquire IP addresses. When I type the command smbclient -L windows host name I get an error about bad network name. I traced my smbclient session with tcpdump and wireshark, jut to find out some strange behaviour. 1. smbclient tries DNS requests and receives unresolved host replies. This's totally sane since my DNS works for resolving external names only, not those inside my network. 2. smbclient then tries to resolve the netbios name. It broadcasts a message and it really receives response from the windows machine resolving the name successfully. However after smbclient receives the successful netbios response, it sends and ICMP message to the windows machine indicating unreachable destination host(administratively prohibited). 3. Steps 1 and 2 repeat for a few times(about 3 times), each time ending with the strange ICMP message. I can't see what's wrong with my network configuration. I can access the other windows machine by IP address pretty well. I can access all internet sites successfully. I've disabled the kernal firewall and selinux, but with no progress. I've redhat 9(installed on the same machine having fedora 9) with samba-client installed(a very old version of course, 2.2 maybe), and it can access the windows machine seamlessly. So I wonder if it's something related to my samba version, my fedora 9 OS, or may I be missing something critical in my smb.conf, taking into consideration that I haven't changed smb.conf from the stock one shipping with the samba-client binary package? Appreciating your help for any suggestions! Perhaps a routing problem? Does either machine have multiple network cards? If you're not using wireless, make sure that the NetworkManager service is disabled; I've had nothing but problems with it in F9. Also, is the ICMP response in regards to Windows trying to make a connection on ports 139 and 445 at the same time? For some silly reason Windows will open two connections at the same time. I believe that the default samba (server) setting is to drop the port 445 requests and use the port 139 connections. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind 3.2.0rc2 Coredump [was: Re: Help needed. Samba 3.2.0rc2 - IDMAP - Windows 2008 Server - ADS Integration - Winbind]
Samba-Liste wrote: Hi Scott, thanks for the reply. On Sat, 2008-06-28 at 05:39 -0400, Scott Lovenberg wrote: Samba-Liste wrote: Hi, [...] Have you tried using the 'nss_ldap' with the entry 'ldap' in your nsswitch.conf? I found that to be the best way to interface the LDAP backend in my case. I tried the pam route, but since Slackware does that's how we do it right now as we have a Samba-LDAP-PDC. But didn't get it working against my new Windows 2008 ADS server. Can you provide sample configurations for nss_ldap to connect to an ADS server? thank you and best regards Daniel Sorry for the delay, I think I jumbled my email boxes :) This is off the top of my head (as my official Samba book is at home and I'm at work), but, all you should need is the nss_ldap module and the following lines in your /etc/nsswitch.conf: [...] passwd files ldap winbind compat shadow files ldap winbind compat group files ldap winbind compat [...] This should enable getent passwd. IIRC, there are no dependencies for nss_ldap, it just needs to be compiled. At least on Slackware, as always, check with your upstream provider before compiling your own. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind 3.2.0rc2 Coredump [was: Re: Help needed. Samba 3.2.0rc2 - IDMAP - Windows 2008 Server - ADS Integration - Winbind]
Scott Lovenberg wrote: Samba-Liste wrote: Hi Scott, thanks for the reply. On Sat, 2008-06-28 at 05:39 -0400, Scott Lovenberg wrote: Samba-Liste wrote: Hi, [...] Have you tried using the 'nss_ldap' with the entry 'ldap' in your nsswitch.conf? I found that to be the best way to interface the LDAP backend in my case. I tried the pam route, but since Slackware does that's how we do it right now as we have a Samba-LDAP-PDC. But didn't get it working against my new Windows 2008 ADS server. Can you provide sample configurations for nss_ldap to connect to an ADS server? thank you and best regards Daniel Sorry for the delay, I think I jumbled my email boxes :) This is off the top of my head (as my official Samba book is at home and I'm at work), but, all you should need is the nss_ldap module and the following lines in your /etc/nsswitch.conf: [...] passwd files ldap winbind compat shadow files ldap winbind compat group files ldap winbind compat [...] This should enable getent passwd. IIRC, there are no dependencies for nss_ldap, it just needs to be compiled. At least on Slackware, as always, check with your upstream provider before compiling your own. Strange... I just noticed how you fixed the problem at first, are you sure that everything was compiled with the same libraries? Also, can you verify that ldap_nss was compiled with the --enable-rfc2307bis flag? Something isn't adding up. I fear I've missed something here. I was taking the missing nss directory to mean that you didn't have the correct nss modules installed, but I think you've just stumped me. Does anyone more qualified than myself have a feeling one way or the other on this? The fact that the library wasn't symlinked disturbs me a bit. Could this be conflicting libraries from different compiles? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind 3.2.0rc2 Coredump [was: Re: Help needed. Samba 3.2.0rc2 - IDMAP - Windows 2008 Server - ADS Integration - Winbind]
Samba-Liste wrote: Hi, sorry, it's me again: On Fri, 2008-06-27 at 17:35 +0200, Samba-Liste wrote: Hi again, On Fri, 2008-06-27 at 13:31 +0200, Samba-Liste wrote: Hi, I read at least 100 different documentations during the last week and didn't get it. So I decided to ask the list for help :) - the problem is solved now. I found this in the logs on linux-side: - but another problem occured now - the setup worked nice yesterday evening unitl ist stoppen working - as I tried a login this morning it didn't work anymore - if I try a getnet passwd user I get nothing back - no login via pam_winbind is possible - But I see a winbind core-dump in the logs: - snip - [2008/06/28 09:51:02, 0] lib/fault.c:fault_report(40) === [2008/06/28 09:51:02, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 4897 (3.2.0rc2) Please read the Trouble-Shooting section of the Samba3-HOWTO [2008/06/28 09:51:02, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2008/06/28 09:51:02, 0] lib/fault.c:fault_report(44) === [2008/06/28 09:51:02, 0] lib/util.c:smb_panic(1666) PANIC (pid 4897): internal error [2008/06/28 09:51:02, 0] lib/util.c:log_stack_trace(1770) BACKTRACE: 19 stack frames: #0 /usr/sbin/winbindd(log_stack_trace+0x2d) [0x815b36c] #1 /usr/sbin/winbindd(smb_panic+0x80) [0x815b4a8] #2 /usr/sbin/winbindd [0x8145fea] #3 [0xb7f13420] #4 /usr/lib/samba/nss_info/rfc2307.so [0xb787f8e9] #5 /usr/sbin/winbindd(nss_get_info+0x193) [0x83d30e0] #6 /usr/sbin/winbindd(nss_get_info_cached+0x180) [0x80a67a5] #7 /usr/sbin/winbindd [0x80c40d4] #8 /usr/sbin/winbindd [0x80a820e] #9 /usr/sbin/winbindd(winbindd_dual_userinfo+0x183) [0x8098372] #10 /usr/sbin/winbindd [0x80c89c5] #11 /usr/sbin/winbindd(async_request+0x1b2) [0x80c9fb3] #12 /usr/sbin/winbindd(init_child_connection+0x2bd) [0x809fa85] #13 /usr/sbin/winbindd(async_domain_request+0x139) [0x80ca23c] #14 /usr/sbin/winbindd [0x809fcfb] #15 /usr/sbin/winbindd(rescan_trusted_domains+0x49) [0x80a00f9] #16 /usr/sbin/winbindd(main+0xe00) [0x8095464] #17 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xc8) [0xb7c72ea8] #18 /usr/sbin/winbindd [0x8092e11] [2008/06/28 09:51:02, 0] lib/fault.c:dump_core(201) dumping core in /var/log/samba/cores/winbindd - snip - - I then did a wbinfo -u and wbinfo -g - both worked normally - afterwards getent passwd user an pam-login worked again - but only for a few minutes then the same happend again - snip - [2008/06/28 09:59:35, 0] lib/fault.c:fault_report(40) === [2008/06/28 09:59:35, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 5265 (3.2.0rc2) Please read the Trouble-Shooting section of the Samba3-HOWTO [2008/06/28 09:59:35, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2008/06/28 09:59:35, 0] lib/fault.c:fault_report(44) === [2008/06/28 09:59:35, 0] lib/util.c:smb_panic(1666) PANIC (pid 5265): internal error [2008/06/28 09:59:35, 0] lib/util.c:log_stack_trace(1770) BACKTRACE: 22 stack frames: #0 /usr/sbin/winbindd(log_stack_trace+0x2d) [0x815b36c] #1 /usr/sbin/winbindd(smb_panic+0x80) [0x815b4a8] #2 /usr/sbin/winbindd [0x8145fea] #3 [0xb7f13420] #4 /usr/lib/samba/nss_info/rfc2307.so [0xb785e8e9] #5 /usr/sbin/winbindd(nss_get_info+0x193) [0x83d30e0] #6 /usr/sbin/winbindd(nss_get_info_cached+0x180) [0x80a67a5] #7 /usr/sbin/winbindd [0x80c40d4] #8 /usr/sbin/winbindd [0x80a820e] #9 /usr/sbin/winbindd(winbindd_dual_userinfo+0x183) [0x8098372] #10 /usr/sbin/winbindd [0x80c89c5] #11 /usr/sbin/winbindd(async_request+0x1b2) [0x80c9fb3] #12 /usr/sbin/winbindd(async_domain_request+0x57) [0x80ca15a] #13 /usr/sbin/winbindd(do_async_domain+0x14e) [0x80cbfb6] #14 /usr/sbin/winbindd(winbindd_lookupname_async+0x29d) [0x80ccdf7] #15 /usr/sbin/winbindd(winbindd_getpwnam+0x37f) [0x8098044] #16 /usr/sbin/winbindd [0x8093b22] #17 /usr/sbin/winbindd [0x8093c39] #18 /usr/sbin/winbindd [0x8094598] #19 /usr/sbin/winbindd(main+0x1035) [0x8095699] #20 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xc8) [0xb7c72ea8] #21 /usr/sbin/winbindd [0x8092e11] [2008/06/28 09:59:35, 0] lib/fault.c:dump_core(201) - snip - - there's also this error in the logs I don't understand - but it seems not to be directly related to the core dump - snip - [2008/06/28 09:56:11, 1] libsmb/clientgen.c:cli_rpc_pipe_close(554) cli_rpc_pipe_close: cli_close failed on pipe \lsarpc, fnum 0x400d to machine WIN-6P6G74VAOZ7.testlab.company.com. Error was SUCCESS - 0 [2008/06/28 09:56:11, 1]
Re: [Samba] Offline files with Windows - again
Russell Curtis wrote: Hi Guys It saddens me to say so, but I'm going to have to order a copy of Windows Server unless I can get this issue of offline files resolved. Basically, we have a problem when users have Offline Files enabled in Windows XP. When they log off, create or modify a file, and then log back on, the files they have created/modified refuse to synchronise, returning an error to the effect of cannot synchronize test.txt, access is denied on //server/share/test.txt. I've spend several days googling this but have had no success - there seem to be quite a few people who have experienced this problem, but no solutions that work. I've read several suggestions, including things to do with ACL support, etc. but I've no idea how to do this...surely this should work out of the box? I'm using Samba 3.028 on Ubuntu 8.04. I'm not particularly experienced with Linux, so apologies if this is a simple thing to resolve. Any help would be much, much appreciated. Cheers, Russell Have you set the smb.conf setting 'csc policy'? Is it that you want and/or need offline files, or would you rather do without it? I've found it to mostly be a pain, FWIW. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Offline files with Windows - again
Scott Lovenberg wrote: Russell Curtis wrote: Hi Guys It saddens me to say so, but I'm going to have to order a copy of Windows Server unless I can get this issue of offline files resolved. Basically, we have a problem when users have Offline Files enabled in Windows XP. When they log off, create or modify a file, and then log back on, the files they have created/modified refuse to synchronise, returning an error to the effect of cannot synchronize test.txt, access is denied on //server/share/test.txt. I've spend several days googling this but have had no success - there seem to be quite a few people who have experienced this problem, but no solutions that work. I've read several suggestions, including things to do with ACL support, etc. but I've no idea how to do this...surely this should work out of the box? I'm using Samba 3.028 on Ubuntu 8.04. I'm not particularly experienced with Linux, so apologies if this is a simple thing to resolve. Any help would be much, much appreciated. Cheers, Russell Have you set the smb.conf setting 'csc policy'? Is it that you want and/or need offline files, or would you rather do without it? I've found it to mostly be a pain, FWIW. Oops; John beat me by a few minutes. Listen to what he has to say; he wrote the book on this stuff, literally. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions Issue
Doug Tucker wrote: Hello group, this issue is driving me crazy, there just has to be a simple way to do this that I am missing! I have a share, SOP. The file system maps to /dir/dir/sop. If I have a set of users that need write access to this directory, but only want to allow another set of users read only access, how can I accomplish this? From the man pages, it looks like I can set the share to read only, and use the directive write list = @groupname to allow certain users write access to this read only share, but, I don't want to allow everyone read access, I want to only allow certain other users (that I can put in a group) read only access. Any ideas? Sincerely, Doug Yeah, like almost all permissions things, do this one at the file system level. Create a group 'writeGroup'; make perms like such: root:writeGroup 2664 /dir/dir/sop The setGid will ensure that all files written to sop are part of the write group, the owner has full control and writeGroup will have write perms, everyone else is read only. Also, you might want to set the sticky bit so only the owner can delete a file they created. That's how I'd do it, at least. I always do permissions at the lowest layer possible so I can easily change shares without worrying about share semantics. They get ugly when things start getting nested. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profile f-secure problem
Marcus Sobchak [EMAIL PROTECTED] wrote: Hi, are there any know problems with f-secure scanner and roaming profiles? We have a lot of users with problems syncing their roaming profile from the domain server. It seems to be a problem with f-secure's on-access scanning (may be timeout problem?). Some users have to login three or four times, before getting their roaming profile and not the default profile. System: 3.0.24-6etch9 Ciao, Marcus I'm running f-prot 6 w/ on access scanning and haven't had any problems specific to roaming profiles. We've also got redirected folders (desktop, start menu, etc.), but I have seen this problem once or twice. Every now and then we'll log in and get a default profile. The next login always works. I see this maybe once a month. Are you sure you're not close to the max Cat 5e length? I've heard of things like this once you start getting towards the upper limits of a cable length. Fprot is somewhat... cranky... so YMMV. Can you provide logs for us? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sure, it's a newbie thing, but I'm willing to be at least ONE person has been bit by this....
Brian Cowan wrote: Hi All, I have a Samba system I fire up once in a blue moon for testing, and had a bit of a minor heart attack when it suddenly stopped letting me access shares as anyone other than root. Security is set to user since it's not a domain member server. My office requires that passwords get changed every 90 days, and the last time I accessed the server was on the other side of one of these 90-day boundries. I realized this after I increased the Samba logging level and it was telling me it at least recognized my username. So, it must of hated my password. I used smbpasswd -U as root to reset my user password. Suddenly I can get in. Now, one small question, is there a tool that lets me automatically sync my samba password with the password on the same Unix box? Or am I doomed to have to change it manually every 90 days as well. (It's only one more place to change my password...) Thanks, Brian PAM can sync the passwords. The setting is 'pam password change = Yes'. From man 5 smb.conf: With the addition of better PAM support in Samba 2.2, this parameter, it is possible to use PAM's password change control flag for Samba. If enabled, then PAM will be used for password changes when requested by an SMB client instead of the program listed in passwd program. It should be possible to enable this without changing your passwd chat parameter for most setups. Another way is to use webmin and it's user and samba modules; there's an option to sync users and passwords between the two, but it means that you'll have to keep using it for user management. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] slow samba
iLinux wrote: Thanks but no help John Drescher-2 wrote: On Thu, Jun 19, 2008 at 10:08 AM, iLinux [EMAIL PROTECTED] wrote: I have a samba version 3.024 server That is an old version (3.0.30 is current) but it probably is not the problem. vary slow file transfer when copying file from one computer but copy from two or more at the same time speed is 10 times faster. You will be copying a 600MG file with one computer and it will say 80 minutes remaining. start copying a file from a nother computer and 10X faster ( 4 minutes remaining ). Also when copying file from server with linux client 2 minutes 6.5 to 7.0 MBPS. It looks like it has something to do with cash. i have winbind cache time = 30 in my smb.config and socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 no help. Thanks in advance for your help. -- Remove all socket options on 2.6 kernels these are not needed anymore and actually can slow things down. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Does this only happen with Samba or can you reproduce it with multiple FTP connections, as well? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to move a samba PDC to a diffrent box
Robert wrote: On Wednesday 18 June 2008, John Drescher wrote: We have a domain with more than 100 users and we need to replace our PDC. The PDC main function is to authenticate our users to connect to the shared drive and to authenticate computer login. The PDC is running samba with openldap on Gentoo machine. I have two BDCs with ACL set to read and write only. It was set that way to make the syncing process easier. The syncing process is like a chain using slurpd. We plan to use syncrepl later. What is the best way to do to replace the PDC? I already have a Gentoo machine up and running. I copied over all the samba and openldap files from the old PDC to this new machine. I also exported the database by running the slapcat -l command. I am hesitant to start the slapd, slurpd and samba service as I am not so sure if I am doing the right thing. Disconnect the network cable on the new machine to make sure you are not interfering with the rest of the network. Start slapd then use slapadd to add your ldap to the database. Use slapcat to verify that all was added and the ldif looks correct. Then start samba and see if the smbclient can connect to itself. Is the old machine the same name as the new? How about the ipddress? Are you using wins, lmhosts or dns for your clinets to find the pdc? BTW, I have to cut this a lot shorter than I want but I am very busy at the day job and if I do not get my tasks done several new users will not have a pc on Monday. John I'll add my two cents. I recently did this, except we aren't using ldap. Didn't see the advantage. It was a new box with a different IP address. Long story short: All but 2 XP SP2 refused to join the new domain. Told me Logon failure: unknown user name or bad password. The Win2K and XP SP1 machines did not have a problem, and the log files show root authenticated successfully, so it looks like XP SP2 is the problem, but I have no idea why 2 joined when all the rest didn't. Still haven't found the reason or fix and most machines are workgroup members now...Good luck, hopefully you won't need it. Something to this effect happened to me once about two years ago. I think the punch line was that I broke the SID when I changed the IP or hostname, IIRC. All XP Pro SP2 clients. I think I ended up blowing away the machine accounts and rejoining the clients to the domain (I only had about a dozen, so it was just me kicking myself as I recalled the thought, this might not be wise echoing through my minds' ear as I rebooted the server after changing the configuration, instead of having to join hundreds of clients back again). Have you verified that this hasn't happened to you? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and XP
Greg J. Zartman, P.E. wrote: On Tue, Jun 10, 2008 at 09:38:37PM +0200, Deon Steyn wrote: Is it possible to run Samba on Xp Pro No. You could run Samba in a *nix VM sitting on top of a XP host. Performance is going to suck, but it can be done. Greg If you go this route, make sure to set XP performance setting for background services rather than programs. OT: *rant* /I'll never understand Windows memory management... it seems like the more hardware you throw at it, the less it uses. I've had programs that I haven't used hours cached in memory while I'm just short of thrashing with VMs running, and by the sounds of the harddrive it's not doing much of a read ahead. Sorry, just wasted about an entire day babysitting virtual machines that moved at the same pace with 256 MB RAM as a full gig, since they were starved while RAM essentially sat idle. I/O bound for linear reads on separate channels, and yet a gig of RAM sits as cache for stale programs from hours ago/. */rant* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] strange situation
Jason Greene wrote: smbd version 3.0.25b-0.4E.5 Our server was functioning very well for several months. Our SAN crapped out and the LUN the server was using was gone. Everything is back up except SAMBA is acting crazy. I am looking at the logs and I am getting /var/log/samba/winbindd.log winbindd: Exceeding 200 client connections, no idle connection found and ads_krb5_mk_req: krb5_get_credentials failed for [EMAIL PROTECTED](Server not found in Kerberos database) this on is strange because I get this in the log /var/log/samba/wb-ENT.log error getting user info for sid S-1-5-21-1482476501-413027322-682003330-143384 but when I do this wbinfo -s S-1-5-21-1482476501-413027322-682003330-143394 ENT+(User Name) (edited out user name) /var/log/samba/winbindd-dc-connect.log [2008/05/29 12:12:11, 1] libsmb/clientgen.c:cli_rpc_pipe_close(387) cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x800b to machine s06b-fin-dc02.finance.int. Error was SUCCESS - 0 /var/log/samba/wb-FINANCE.log == [2008/05/29 12:25:27, 0] lib/util_tdb.c:tdb_log(662) tdb(/var/cache/samba/netsamlogon_cache.tdb): tdb_rec_read bad magic 0xd9fee666 at offset=27920 If I look at ps ax I get about 20 winbind entries When we try to access the only share on the box everything seems to hang... we can't even do and ls -al Then I restart winbind and everything frees up. It seems as if winbind is hanging Anyone know whet might be going on and how to resolve it? Anything interesting in 'netstat -s'? This sounds a bit like something I was seeing with a corrupted E1000 nic module... It was timing out just about every connection. Could you post a section of your logs output while this is happening? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] strange situation
Jason Greene wrote: I take it back... winbind is taking 99% of the CPU again On Thu, May 29, 2008 at 1:34 PM, Jason Greene [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I reinstalled Samba and that cleared up the issue. Thanks for the response. Jason Could you provide your logs for us? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles Load Very Slowly
L.P.H. van Belle wrote: Also try to set you nic fixed speeds. and your profile is 1.1. MB ?? thats very very small. a normal profile is about 10-25 Mb. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Greg Koch Verzonden: dinsdag 27 mei 2008 17:40 Aan: Adam Williams CC: samba@lists.samba.org Onderwerp: Re: [Samba] Roaming Profiles Load Very Slowly The profiles are 1.1MB (Just the default files and a few other things to test with). The server is 1000MB and the clients are 100MB. This is why it has baffled me so much! Adam Williams wrote: how big are the profiles? what speeds are the NICs in the server and client PCs operating at? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Also, I've found that roaming profiles seem to choke when you've got lots of very small files. Those files are usually in local settings under the profile, but not always. I had the back end running on top of reiserfs over gigabit, so I think the bottleneck is Windows processing all of them. However, I don't have any objective data whatsoever to back these claims up; take them with a grain of salt. What kind of times are you seeing? Is it possible you have stuff timing out for various reasons (permissions, broken links, name resolution, etc.)? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles Load Very Slowly
Charles Marcus wrote: On 5/28/2008, Scott Lovenberg ([EMAIL PROTECTED]) wrote: Also, I've found that roaming profiles seem to choke when you've got lots of very small files. Those files are usually in local settings under the profile, but not always. Roaming Profiles do NOT contain *anything* in the 'Local Settings' folder. Thats why it is called LOCAL settings. I think he has a DNS issue or something else going on... Yeah, I originally wrote in (and later deleted for the sake of clarity) that I used to carry around my local settings folder. I had a dozen computers with the same software, and I hated my settings being changed every time I jumped on another computer (I naively thought that was the whole point of roaming profiles, hah!). Needless to say, it was less than optimal and didn't much work. And, now Gmail has IMAP, so I don't have to carry around my email store. = ) DNS was my kneejerk reaction, too, but I thought that it would be good to mention small files which may or may not be in local settings. Another thought that just occurred, there seems to be a significant speed difference when the Web Client service is turned off. Many thanks to John Terpstra and Jelmer Vernooij for this tip in TOSHARG (the book is worth its weight in gold, and it isn't light!). With the Web Client service on, it almost feels like you've got a bit of browsing issue. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles Load Very Slowly
Charles Marcus wrote: DNS was my kneejerk reaction, too, but I thought that it would be good to mention small files which may or may not be in local settings. Another thought that just occurred, there seems to be a significant speed difference when the Web Client service is turned off. Many thanks to John Terpstra and Jelmer Vernooij for this tip in TOSHARG (the book is worth its weight in gold, and it isn't light!). With the Web Client service on, it almost feels like you've got a bit of browsing issue. -- Interesting - just checked, and googled on that service, and it does appear to be useless. I disabled it to see if I notice any difference - not that I was having any problems... Network browins does seem a *little* snappier - hard to tell, though, since I never complained about it before... Try it with a redirected desktop ;) You can feel the latency with it on (or, at least, I can. It might also be psychological). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Somewhat bizzare share issue
ScottZ wrote: Original Message Subject: Re: [Samba] Somewhat bizzare share issue From: Jeremy Allison [EMAIL PROTECTED] Date: Fri, May 23, 2008 10:21 am To: ScottZ [EMAIL PROTECTED] Cc: Michael Heydon [EMAIL PROTECTED], samba@lists.samba.org On Fri, May 23, 2008 at 10:19:55AM -0700, ScottZ wrote: Thanks for your help. I'm looking at log.smbd and the client samba log that is generated for each client connection. Using smbd -D -d2 I'm not finding any errors in log.smbd and see the following in the client log. When connecting to exports: With the client scott-desktop and username of scott connecting to exports (the working share): [2008/05/23 09:58:09, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [scott] - [scott] - [scott] succeeded [2008/05/23 09:58:09, 1] smbd/service.c:make_connection_snum(1033) scott-desktop (172.29.212.124) connect to service exports initially as user scott (uid=525, gid=101) (pid 77978) And everything works for exports. For the export share (the non-working one) I see: [2008/05/23 10:04:36, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [scott] - [scott] - [scott] succeeded [2008/05/23 10:04:36, 1] smbd/service.c:make_connection_snum(1033) scott-desktop (172.29.212.124) connect to service export initially as user scott (uid=525, gid=101) (pid 78008) [2008/05/23 10:04:45, 1] smbd/service.c:close_cnum(1230) scott-desktop (172.29.212.124) closed connection to service export So it's immediately closing the connection on me once I authenticate successfully and can't figure out why. Verified that there isn't a user export on the system. Usually that's because smbd can't change directory to the target of that share. Check permissions on it. Jeremy. Both the working and non-working share definitions point to the same directory. This was done as a test to find out why the export share wasn't working on this server and does on others. From my first message: Approaching this from another angle, I tried the following in smb.conf: [export] comment = Exported Files path = /tmp/export guest ok = Yes [exports] comment = Exported Files Test path = /tmp/export guest ok = Yes export does not work and immediatly disconnects after authentication and exports works fine. You wouldn't happen to be running NFS or Solaris, would you? I think that /export is an official directory (against the FHS, but no one is following it any more... but I digress on one of my pet peeves) for exporting NFS. Perhaps something is conflicting there? Maybe a service definition or something to that effect? Just a stab in the dark. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] howto sync unix passwd samba passwd?
Iris Lames wrote: Hi, I'm using samba-3.0.28-0.fc8. I'm trying to build a file server for 100 users. I created a perl script that automatically adds the 100 users plus their passwords with success. Now I'm having difficulty creating a script using the smbpasswd command because passwords must be entered in stdin. I also tried smbpasswd -s option but it asks passwd in stdin. Is there a way that I can use the command smbpasswd plus the user password in one line? Also, I read about mksmbpasswd.sh and test it but it did not work at all. My smb.conf contains: smb passwd file = /etc/samba/sambapassword and did: cat /etc/passwd | grep test | /usr/bin/mksmbpasswd.sh /etc/samba/sambapassword Is there a way for me to sync the userpassword and smbpasswd? Help me please. -Iris Lames Is PAM a viable option in your current environment? Chapter 28. PAM-Based Distributed Authentication http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Fwd: File Locking and Permissions Issue]
Michael Heydon wrote: Jack Lauman wrote: snip I compared the open files with one computer in Lacerte vs. two computers in Lacerte and noticed one thing peculiar: when one computer is using Lacerte, all files are opened with exclusive+batch oplocks including Data1i07.dbf, however when 2 computers are running Lacerte, a few files open without oplocks, notably data1i07.dbf. I'm assuming that both users need to write to these files? Maybe I'm missing something but this seems to be entirely expected behaviour. Oplocks allow a client to cache data rather than having to constantly sync to the server, obviously if there is more than one client doing this things break. You could use fake oplocks to grant oplocks to all clients, but unless the application is designed for it (which I doubt it is) you will just wind up corrupting your data. If the application is regularly opening and closing files (and therefore possibly being granted oplocks and then having them broken) you might find that performance improves by disabling oplocks altogether (well, performance for multiple users, performance for a single user would suffer). snip I've attached both files to this message. Any help in resolving this matter would be greatly appreciated. I think the list strips non-text attachments, so no excel file. Not that I think it's terribly important since it sounds like your system is working exactly as it should. Thanks, Jack Lauman *Michael Heydon - IT Administratorr * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Just a thought, but if you're using an enterprise distro, you might be able to cheat the system by granting fake oplocks and using a distributed file system, but there still could be coherency and race conditions under some circumstances. It would probably depend on your usage patterns for the application as to whether you could push the envelope and get away with it. If your access is mostly write once and read thereafter, it might be alright. YMMV. I've always had issues with Office 2000 and multiple users. You can almost feel the whiplash of Access or Excel slowing down the moment a second connection is established. Though, I must admit, I've never had corruption due to concurrent access, so it at least works for the speed trade-off. Unless the app slows down to a crawl, it's probably better safe than sorry. Especially if you're potentially rolling a corrupted file in to your backups. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange behaviour of winbind on solaris 8
Oliver Weinmann wrote: Dear All, I came across a really strange behaviour when using winbind on solaris 8. Normally nscd should be turned off because it's causing problems in the username resolution etc. When I turn it off I can login e.g. using ssh as an AD users but when i start a command like ls it gets put in the background immediately? When nscd is turn on and login again I can issue commands with no problems, but doing an ls -alrt on a directory gets stuck if a file is owned by user that is not a AD user. my /etc/nsswitch.conf # # /etc/nsswitch.dns: # # An example file that could be copied over to /etc/nsswitch.conf; it uses # DNS for hosts lookups, otherwise it does not use any other naming service. # # hosts: and services: in this file are used only if the # /etc/netconfig file has a - for nametoaddr_libs of inet transports. passwd: files [NOTFOUND=CONTINUE] winbind [NOTFOUND=return] group: files [NOTFOUND=CONTINUE] winbind [NOTFOUND=return] # You must also set up the /etc/resolv.conf file for DNS name # server lookup. See resolv.conf(4). hosts: files dns ipnodes:files # Uncomment the following line and comment out the above to resolve # both IPv4 and IPv6 addresses from the ipnodes databases. Note that # IPv4 addresses are searched in all of the ipnodes databases before # searching the hosts databases. Before turning this option on, consult # the Network Administration Guide for more details on using IPv6. #ipnodes: files dns networks: files protocols: files rpc:files ethers: files netmasks: files bootparams: files publickey: files # At present there isn't a 'files' backend for netgroup; the system will # figure it out pretty quickly, and won't use netgroups at all. netgroup: files automount: files aliases:files services: files sendmailvars: files printers: user files auth_attr: files prof_attr: files project:files Can you get the ls to work with numeric uids? And, I noticed that you don't have any entries for shadow... you're not using shadow passwords, right? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Maxtor NAS share problem
Rick Johnson wrote: Toby Bluhm wrote: Rick Johnson wrote: Adam Williams wrote: what are the settings on the share you're trying to mount? does it have something like valid users = rickj Well, that is hard to determine. If you're asking whether the drive has something like an smb.conf file containing share settings the answer is no. The only access I have to the Maxtor drive is via a browser interface. I have used the menu in that to set all files for full public access, but beyond that I have no finer control. (I have So in public mode, it's probably going to throw all user info away and map everything to a universal id. Have you looked closely at the file perm/ownership from the Windows client? Saved files as joe user then jane user - does it keep the distinction? I'll venture no. There is no Windows client. The Maxtor shows up in My Netowrk Places and is mapped as just another drive from Windows; in my particular case, as the Z drive. If it's possible, have you tried setting up individual users through the nas interface? Yes. The drive has been set up with different users since the beginning. Could also just work with the fact that no perm/owner info will be kept. Collect that info store it to a file. A recursive getfacl to collect setfacl to restore could do the trick. Judging by what I see through the web interface, there must be SOME type of user info stored, but how or where I don't know and can't see. found via www.openmss.org that the underlying filesystem of the drive is Linux - reiser I think - but beyond that I have no data on the filesystem other than what I see when I smbmount the drive.) Perhaps there's a way to break into the Linux the nas is running change stuff to your suiting. I think this is a possibility and I've been looking for more info; unfortunately without success so far. I've heard many times of people with an appliance trying to do something beyond its intended function hitting a brick wall. Your situation is why I never recommend an appliance to anyone other than a pure, non-hacker, non-power type Windows user. A NAS type distro or even a full distro on a junker PC would be a better solution. More work, but better results. You're probably right. But since I've already got the drive I need to figure out a way to use it. Rick J. Have you scanned for open ports? These things usually have SSH or telnet or some other maintenance port open with a known default user/pass. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Maxtor NAS share problem
Rick Johnson wrote: Scott Lovenberg wrote: Rick Johnson wrote: Toby Bluhm wrote: Rick Johnson wrote: Adam Williams wrote: what are the settings on the share you're trying to mount? does it have something like valid users = rickj Well, that is hard to determine. If you're asking whether the drive has something like an smb.conf file containing share settings the answer is no. The only access I have to the Maxtor drive is via a browser interface. I have used the menu in that to set all files for full public access, but beyond that I have no finer control. (I have So in public mode, it's probably going to throw all user info away and map everything to a universal id. Have you looked closely at the file perm/ownership from the Windows client? Saved files as joe user then jane user - does it keep the distinction? I'll venture no. There is no Windows client. The Maxtor shows up in My Netowrk Places and is mapped as just another drive from Windows; in my particular case, as the Z drive. If it's possible, have you tried setting up individual users through the nas interface? Yes. The drive has been set up with different users since the beginning. Could also just work with the fact that no perm/owner info will be kept. Collect that info store it to a file. A recursive getfacl to collect setfacl to restore could do the trick. Judging by what I see through the web interface, there must be SOME type of user info stored, but how or where I don't know and can't see. found via www.openmss.org that the underlying filesystem of the drive is Linux - reiser I think - but beyond that I have no data on the filesystem other than what I see when I smbmount the drive.) Perhaps there's a way to break into the Linux the nas is running change stuff to your suiting. I think this is a possibility and I've been looking for more info; unfortunately without success so far. I've heard many times of people with an appliance trying to do something beyond its intended function hitting a brick wall. Your situation is why I never recommend an appliance to anyone other than a pure, non-hacker, non-power type Windows user. A NAS type distro or even a full distro on a junker PC would be a better solution. More work, but better results. You're probably right. But since I've already got the drive I need to figure out a way to use it. Rick J. Have you scanned for open ports? These things usually have SSH or telnet or some other maintenance port open with a known default user/pass. I have tried telnet and ssh directly, but I haven't scanned for open ports. How do I do that? Rick J. Use NMap with NMapFE (nmap frontend) on Linux, or something like YAPS (yet another port scanner) on Windows. Any crappy port scanner will do, you don't need anything like stealth scanning (I hope!). Which ever one you use, do a service scan, or scan the first 1024 ports. You could try something fancier like a SYN or XMAS scan if it's a BSD based appliance. Also, does it have a USB port or any other interface? Like anything else, it's just about getting your foot in the door, after that, you just need a bit of leverage. ;) The thing is, most of these boxes have to have a way for the upstream vendor to upgrade the firmware, which is usually just an IMG of the compressed OS, so they're usually not completely locked down. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Maxtor NAS share problem
Scott Lovenberg wrote: Rick Johnson wrote: Toby Bluhm wrote: Rick Johnson wrote: Adam Williams wrote: what are the settings on the share you're trying to mount? does it have something like valid users = rickj Well, that is hard to determine. If you're asking whether the drive has something like an smb.conf file containing share settings the answer is no. The only access I have to the Maxtor drive is via a browser interface. I have used the menu in that to set all files for full public access, but beyond that I have no finer control. (I have So in public mode, it's probably going to throw all user info away and map everything to a universal id. Have you looked closely at the file perm/ownership from the Windows client? Saved files as joe user then jane user - does it keep the distinction? I'll venture no. There is no Windows client. The Maxtor shows up in My Netowrk Places and is mapped as just another drive from Windows; in my particular case, as the Z drive. If it's possible, have you tried setting up individual users through the nas interface? Yes. The drive has been set up with different users since the beginning. Could also just work with the fact that no perm/owner info will be kept. Collect that info store it to a file. A recursive getfacl to collect setfacl to restore could do the trick. Judging by what I see through the web interface, there must be SOME type of user info stored, but how or where I don't know and can't see. found via www.openmss.org that the underlying filesystem of the drive is Linux - reiser I think - but beyond that I have no data on the filesystem other than what I see when I smbmount the drive.) Perhaps there's a way to break into the Linux the nas is running change stuff to your suiting. I think this is a possibility and I've been looking for more info; unfortunately without success so far. I've heard many times of people with an appliance trying to do something beyond its intended function hitting a brick wall. Your situation is why I never recommend an appliance to anyone other than a pure, non-hacker, non-power type Windows user. A NAS type distro or even a full distro on a junker PC would be a better solution. More work, but better results. You're probably right. But since I've already got the drive I need to figure out a way to use it. Rick J. Have you scanned for open ports? These things usually have SSH or telnet or some other maintenance port open with a known default user/pass. After looking at www.openmss.org a bit, it seems that it keeps users in nvram. Looks like you can update the firmware via the web interface, and that will give you an SSHD to log in to. That might be either the best way to go about this, or the fastest way to brick the appliance. :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind could not get info
Paulo Almeida wrote: Hi, After a serious power failure two days ago and a abrupt shutdown of our Samba server, i noticed today that winbind could not get info on some users from a Win2003 AD. wbinfo -u work fine; wbinfo -g work fine; but, for example: wbinfo -i ep2025 returns Could not get info for user ep2025 wbinfo -n ep2025 S-1-5-21-455433055-921777165-2450110497-3563 User (1) wbinfo -S S-1-5-21-455433055-921777165-2450110497-3563 Could not convert sid S-1-5-21-455433055-921777165-2450110497-3564 to uid Any help? Regards, Paulo In attach goes my [global] smb.conf file System: Suse Linux Enterprise Server 10 SP1 samba-3.0.28-0.2 samba-client-3.0.28-0.2 samba-winbind-3.0.28-0.2 krb5-1.4.3-19.30.6 kernel-bigsmp-2.6.16.54-0.2.5 If you're running reiserfs, you probably corrupted the /var/lib/samba db files. Have you tried a fsck? Even if you're not running reiserfs, it can't help after a hard halt. Also, a small UPS with Network UPS Tools (NUT) comes in very handy for sudden power downs! :) Especially if you're running reiserfs; it REALLY doesn't handle being dropped very well. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Convert ssha password to sambaNTpassword?
Matt Richardson wrote: Is it possible to take a SSHA password from an ldif and create a proper sambaNTpassword from it? Here's the scenario: the ldap servers in our organization do not have the samba schema installed and the likelihood of that happening is slim. I still want to provide clients with as close to a single sign on solution as possible and I can get an ldif of the accounts I need. However, the password field is SSHA and I will still need to generate sambaLMpassword and sambaNTpasswd fields (along with the rest, but that part is a wrapper script around smbldap-utils away.) There is a remote possibility of getting these hashes generated by an Identity Management Server, which would make the problem go away. The IDM solution is remote, as the admin for it is already overworked, so parsing an ldif seems to be the best solution at the moment. Any suggestions would be appreciated. Are PAM modules a viable route and/or one that you'd consider? I have no idea how it would work, but it seems to me that it's a good loosely coupled interface from both sides of the problem. To be honest, I run Slackware and PAM isn't included as Patric V. strong believes PAM is a security risk, so I can't comment on how easy an implementation might be as I've only toyed with it on a few occasions. I know, however, that Samba uses PAM for syncing the passwd/shadow files, so there must be some sort of interfacing capabilities native to Samba. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba server, works fine for several days, then load increases indefinately till server unavailable
Volker Lendecke wrote: On Mon, Apr 21, 2008 at 09:13:28AM -0500, James A. Dinkel wrote: Anyway, the server will be fine and snappy for a week or so, then out of the blue, nobody can connect. Top shows a few smbd processes maxing out the cpu and the load (which is usually 1.0) gradually climbs up to 10, I've seen this only when something like connections.tdb became corrupt. With CentOS this is not likely, but reiserfs did that to me fairly often. What filesystem are your tdbs residing on? Maybe some other kernel-level problem like a problematic driver in the path to the hard disk? Volker I have seen this once on a CentOS-4.5-x86_64 box; IIRC, there was an issue with the Intel e1000 kernel module that caused a high number of connection resets, but the RSTs never made it back, so the connections would just time out while the client started a new connection. Then again, this box was using reiserfs to hold the tdbs, and it might have just been a fsck on reboot that fixed it when I rebooted after applying the kernel module update... anyways, what I was seeing was a consistently high number (several hundred) of queued packets for the sendQ across a dozen or so connections, and groups of reset connections all happening at the same time. The load went up slowly for about a day, and then rocketed to well over 100 when a client was reset with a stuck locked file. FWIW, this was a SMP Xeon box w/ integrated Intel E1000s and the (mostly) stock 2.6.9-12(?) RHEL kernel. I had found that Intel did have a patch for an issue very similar to what I was seeing, and after applying it, everything was happy again. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd not included with 2.2.5 on SCO OpenServer 5.0.5
Brantley Allen wrote: Samba appears to be running ok, but I cannon authenticate from Windows. Winbindd doesn't appear to be anywhere on my system. Should I load a 2.2.6 or an older version that works with SCO OpenServer? Brantley What happens when you try to start the winbindd service? Any log file output? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd: Exceeding 200 client connections, no idle connection found
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Elvar wrote: | | Just an update on this. I recompiled and installed putting in 600 as the | max simultaneous clients since they have 550 computers. After having | done that, internet connectivity was working great for about a month | whereas before daily max connections would be reached and users would be | stuck at the proxy auth prompt. Unfortunately the same thing occurred | yesterday. What I don't understand is how it could be reached when the | total number of computers is only 550. Sounds like a web proxy server right ? so the question is whether or not the proxy server is spawning multiple auth requests to handle multiple connection attempts from a single client or not. | Any hints or feedback on this would be greatly appreciated. Output from | the log.winbindd file is below. I only pasted a few of them, but the log | had many listed in a row until the local IT person three finger saluted | the box. | | Also, is there any way to view the current number of winbindd processes | in use? I'd love to monitor that using Zabbix or something and have it | auto respond when the total reaches 590 or something similar. It's more about the number of open fds which includes the ones between parent and child processes. Use lsof to monitor and match the pid with right winbindd process. Also look at what other files winbindd process have opened. | | [2008/04/08 09:40:54, 0] nsswitch/winbindd.c:process_loop(850) | winbindd: Exceeding 600 client connections, no idle connection found | [2008/04/08 09:40:55, 0] nsswitch/winbindd.c:rw_callback(383) | PANIC: assert failed at nsswitch/winbindd.c(383) | [2008/04/08 09:40:55, 0] nsswitch/winbindd.c:process_loop(850) | winbindd: Exceeding 600 client connections, no idle connection found | [2008/04/08 09:40:55, 0] nsswitch/winbindd.c:rw_callback(383) which log file are these showing up in? And what version of Samba is this? | | | | Kind regards, | Elvar | - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH/2vLIR7qMdg1EfYRAv0NAJ98OJaQ55dXIzFt00kSlMgTJnvJ0ACgyw5X xroiCmlfyo8Z/U0jc1EqUKI= =OQ18 -END PGP SIGNATURE- Not sure if it means anything, but aren't there a number of addons that use squid (ntlm_auth?) as an interface between samba and apache or PAM? I've never been brave enough to go down that road, but perhaps they've got something like that going on? 'lsof' should tell the tale if that's the case, I suppose. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: How to create a write-only share?
Ash Gosh wrote: On Fri, Apr 4, 2008 at 6:55 PM, Ash Gosh [EMAIL PROTECTED] wrote: Hi! I need to create a share that will be readoble by root only (by owner) and writeable for all. We replacing a dead Windows NT 4.0 server and there was a permission type called Add and our users uses this type of permission often. They creates a shares where other users can add files but can not read or even list it. I saw a thread here called How to make Add permission for folder in system withntacl support?http://archives.free.net.ph/message/20071031.173732.50cc2cef.en.html but there was no solution published. I beleive that there is a solution, I hope so. Hello, It's me again, sorry for bothering. Does this problem has a solution? I need to replace a dead Win NT 4 server qickly so please let's start a discussion. Maby I'll need to select an filesystem other than ext3 or even the server OS, to Solaris with ZFS for example? Please help Thanks in advance, Ash. I think I did this once a couple of years ago using NT style policy and the firewall policy object. IIRC, I did it all at the file system level; each computers' SYSTEM service was allowed to write to a text file that it couldn't read. The files was owned as root:someGroup with 720 perms. This file was in a directory called 'logs' owned root:someGroup with 710 perms. The directory that 'logs' was contained within was owned by root:someGroup with 710 perms and was exported as a hidden share (I think I used the '$' hidden share trick), which 'someGroup' was allowed to write to. That's off the top of my head, and it may not be correct, but if you can mock it up with VMWare and a liveCD, that will at least get the ball rolling, I hope. I'm fairly sure it worked as advertised, but it never made it to production, so I didn't document it or anything. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: How to create a write-only share?
Ash Gosh wrote: On Mon, Apr 7, 2008 at 11:21 AM, Scott Lovenberg [EMAIL PROTECTED] wrote: I think I did this once a couple of years ago using NT style policy and the firewall policy object. IIRC, I did it all at the file system level; each computers' SYSTEM service was allowed to write to a text file that it couldn't read. The files was owned as root:someGroup with 720 perms. This file was in a directory called 'logs' owned root:someGroup with 710 perms. The directory that 'logs' was contained within was owned by root:someGroup with 710 perms and was exported as a hidden share (I think I used the '$' hidden share trick), which 'someGroup' was allowed to write to. That's off the top of my head, and it may not be correct, but if you can mock it up with VMWare and a liveCD, that will at least get the ball rolling, I hope. I'm fairly sure it worked as advertised, but it never made it to production, so I didn't document it or anything. Hello again, I did not understood corrctly: did you made all with fs permissions, what about and what is NT style policy and the firewall policy object? Does this helps me to allow anyone to copy / paste a file into the shares where they have no access? Thanks, Ash. Yeah, disregard the part about NT policy, it was background info that I thought might help you to understand what I was trying to accomplish; it's not important to the topic at hand. Let me change the permissions a bit so as to be more accurate (the second folder was not needed, I think I might have had something else in mind): directory| owner | group | perms topFolder root someGroup7730 That should work, and it'll make every file owned by root, who will be the only one who can delete it. Just make sure no one figures out how to put a shell script in this folder and execute it! ;) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Redhat 3 upgrade
Alan Bunch wrote: I am currently running Red Hat v 3 samba rpm's. samba-common-3.0.9-1.3E.14.3 samba-3.0.9-1.3E.14.3 samba-client-3.0.9-1.3E.14.3 I would like to run the current release version to see if I can clean up some of the problems I am having. File locking and not releasing are the most troubling. I am looking for advice for executing this upgrade without breaking too much, such as, configuration files being in different place from the as distributed vs the Red Hat distributed versions. This is a PDC with an LDAP back end and mostly just works. Any advise would be helpful Alan Do you have either an extra box or the resources to clone your current machine to a VM? I've found this ability worth its weight in gold since you never know what's going to break until you put all the parts together. RHEL 3 to current Samba is quite a step... even if you went RHEL 3 to RHEL 5, you're jumping forward about 3 years. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple IP addresses
Robert Pollard wrote: Hi, I have been trying to connect to Samba over the Internet as I have static IP that is publicly available for connection. I can use this IP to connect to our Intranet web site but Samba doesn't work correctly when trying to connect to it from outside. Our internal network addresses work fine. Even a VPN connection, which gets our internal address scheme works. But, when trying to use the publicly available IP address to connect to Samba it can't find it. Is there something I have to do other than tell it to use an alternate interface to make the Samba services available over the Internet with a different IP? Thanks! Do you have a wireshark sniff? It could be a number of things. Are your firewalls configured properly with your routing table? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE [Samba] smbldap-useradd -w won't create machine account
Hector Blanco wrote: Shouldn't it? I mean...Taking a look to the output produced by smbldap-useradd -? it says -w is a windows machine account (otherwise, posix stuff only) or something similar... I don't have the exact output right now. As far as I understand, it should add all the Samba stuff needed for Windows. And I'm having the same (or similar) problems... http://lists.samba.org/archive/samba/2008-February/138442.html http://lists.samba.org/archive/samba/2008-February/138639.html http://lists-archives.org/samba/36168-samba-ldap-question.html http://lists.samba.org/archive/samba/2008-March/139288.html Well... at least I think they can be similar... Maybe I'm just really wrong and each time than someone is experiencing problems adding a Windows machine to an Ldap server, I keep saying Me too, me too!!... although they are actually different problems... I hope not... 2008/4/1, [EMAIL PROTECTED] [EMAIL PROTECTED]: Samba will add sambaSAMAccount when you add the workstation to the domain. sambaldaptools not add the samba shema for that. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 01/04/2008 16:17:13 : I can't get smbldap-useradd to add the sambaSamAccount workstation attributes. For example: smbldap-useradd -w 'test_machine$' # test_machine$, People, desktop.hmdc.harvard.edu dn: uid=test_machine$,ou=People,dc=desktop,dc=hmdc,dc=harvard,dc=edu objectClass: top objectClass: account objectClass: posixAccount cn: test_machine$ uid: test_machine$ uidNumber: 1010 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer Has anyone else experienced this? It thinks it's creating a machine account, but it doesn't add sambaSamAccount, or sambaAcctFlags [W ]. More info: # rpm -qi smbldap-tools Name: smbldap-toolsRelocations: (not relocatable) Version : 0.9.4 Vendor: Dag Apt Repository, http://dag.wieers.com/apt/ Release : 1.el5.rf Build Date: Sat 22 Sep 2007 01:35:45 AM EDT Install Date: Tue 25 Mar 2008 11:43:42 AM EDT Build Host: lisse.leuven.wieers.com Group : System Environment/Base Source RPM: smbldap-tools-0.9.4-1.el5.rf.src.rpm Size: 525573 License: GPL Signature : DSA/SHA1, Sat 22 Sep 2007 02:51:47 PM EDT, Key ID a20e52146b8d79e6 Packager: Dag Wieers [EMAIL PROTECTED] URL : http://sourceforge.net/projects/smbldap-tools/ Summary : User and group administration tools for Samba-OpenLDAP Thanks, c -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba ou=people? Shouldn't that be in the Machines or Computers unit instead? I think it might have to be a machine account, no? Also, do you have a corresponding samba account to mate to the ldap entry? My LDAP-fu is weak as of late, please disregard this if I'm completely off base. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] weird election with non-existant machine
JJB wrote: Forced Election: In workgroup WORKGROUP when announced server was: SYSTEM-1 (192.168.1.248) : 50 Time(s) SYSTEM-2 (192.168.1.183) : 2 Time(s) SYSTEM-3 (192.168.1.248) : 1 Time(s) Cannot get workgroup name from domain name browser: 192.168.1.153 : 96 Time(s) 192.168.1.153 was a mac running Leopard. It has not been on the network for a month, but this keeps happening. Does anyone have an idea where this address might be cached? Thanks, - Joel Depends on your distro, but in Slackware, when compiled without --with-hfs, it's like /var/cache/samba or /var/lib/samba. I'm fairly sure that it should be in the /var directory. Try doing a 'lsof' and see if the samba process has anything open from there that isn't a log file. IIRC, it should be a DBD. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Restrictions
Ryan Bair wrote: I have single directories with over 100,000 entries and about 4 million files on the system total spanning about 15TB. I don't think you should have a problem. Only problem I have is that directory listings take a while with 100K entries but that's to be expected. On Mon, Mar 31, 2008 at 9:11 AM, [EMAIL PROTECTED] wrote: Hi, I'm hopping you can give me some advice, I work for a Financial Institute and we are very interested in implementing Samba as a file server running on AIX 5.3. Before we can think about implementing this we need to no if Samba has any limitation on number of folders, files and shares. The current file storage system is running on Windows 2003 server and has somewhere in the region of 51,000 folders and 450,000 files taking up 200GB would samba be able to cope with this? Your feedback would be appreciated. Thanks Tim This e-mail and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this e-mail in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this e-mail or its attachments. Internet communications are not guaranteed to be secure or virus-free. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this e-mail may be monitored by the Barclays Group for operational or business reasons. Any opinion or other information in this e-mail or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group. Barclays Bank PLC.Registered in England and Wales (registered no. 1026167). Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. Barclays Bank PLC is authorised and regulated by the Financial Services Authority. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Just be careful that you pick a file system with enough inodes. I think reiserfs has a great number of inodes and will handle multiple small files quickly; although, it is... cranky; I assume if you're a financial institute you have redundant everything and incremental backups constantly chugging off site, so it shouldn't be too much of a risk. Just make sure you don't drop the power, reiserfs will need to replay the journal and might need a fsck tree rebuild if you ever shut down while it's still mounted. I hear XFS also has many of these traits (and is somewhat more mature, although I think it has an issue on AIX, IIRC something isn't supported... snapshotting, perhaps?), as does JFS. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] strange permission denied problem
Yan Seiner wrote: I built an embedded box which uses mount.cifs to mount network shares.I've shipped several of these and all are working fine except for one, which gives me permission denied on certain files: [EMAIL PROTECTED]:~/mnt/bgrp1/c/Ballance Group Folders/Scully/Client Photos-Scully# cat Office Pics 002.jpg /dev/null cat: Office Pics 002.jpg: Permission denied [EMAIL PROTECTED]:~/mnt/bgrp1/c/Ballance Group Folders/Scully/Client Photos-Scully# cat Iron Concrete Table.jpg /dev/null [EMAIL PROTECTED]:~/mnt/bgrp1/c/Ballance Group Folders/Scully/Client Photos-Scully# So only the Office Pics file gets a permission denied. [EMAIL PROTECTED]:~/mnt/bgrp1/c/Ballance Group Folders/Scully/Client Photos-Scully# ls -al dr-xr-x---1 root root0 Mar 28 14:22 . dr-xr-x---1 root root0 Mar 27 17:35 .. -r--r-1 root root 113826 Mar 3 16:26 Iron Concrete Table.jpg -r--r-1 root root 744886 Feb 21 16:14 Nightstands.jpg -r--r-1 root root 765452 Feb 15 19:09 Occhio Chair.jpg -r--r-1 root root90670 Mar 28 14:22 Office Pics 002.jpg cat /proc/mounts says: //bgrp1/c /tmp/mnt/bgrp1/c cifs ro,mand,nodiratime,unc=\\bgrp1\c,username=root,domain=,rsize=4100,wsize=4100 0 0 and the mount line itself is mount.cifs //$server/$wshare /tmp/mnt/$server/$lshare -o ip=$target,guest,ro,file_mode=0440,dir_mode=0550 I can't for the life of me figure out why some files give me a permission denied. I have no physical access to the problem box; here's what I know: --+ Looking up status of 192.168.0.2 BGRP1 00 - B ACTIVE MSHOME 00 - GROUP B ACTIVE BGRP1 20 - B ACTIVE MSHOME 1e - GROUP B ACTIVE MSHOME 1d - B ACTIVE ..__MSBROWSE__. 01 - GROUP B ACTIVE MAC Address = 00-19-DB-A6-43-23 --+ Sharename Type Comment - --- IPC$IPC Remote IPC D$ Disk Default share C DiskBallance Group Folders Disk F DiskADMIN$ Disk Remote Admin C$ Disk Default share Server Comment ---- WorkgroupMaster How do I go about diagnosing this? Thanks, --Yan Does 'lsof' show the file as opened and locked by chance? I've seen something to this effect with a stale lock (had to reboot the server - although I'm sure there is a guru technique to blow away the entry in the open files table, and it's probably elegant too!) In my case, it made the load increase, as it thought it was I/O blocked. Are you seeing any outrageous load averages in 'uptime'? I was in the hundreds, but the box was responding like it was at a 0.5 or so. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Poor performance on open/copy/close/rename file operations via remote/VPN connection
Dave Kempe wrote: gianfranco pra floriani wrote: using ip address (\\10.0.0.7) does not change anything in response time. then it might not be wins/name resolution at all. Perhaps a packet sniffer might shed some light on it? run tethereal Or tshark as its not called on the tun interface on the server when you are attempting to get the file. ie, tethereal -i tun0 dave What is your resolve order? Are you using DNS or broadcasts before wins? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mapped Samba drive slows Windows Explorer
Chris wrote: We have a DLink DNS-323 NAS box. It uses Samba internally. Whenever I map a drive to the NAS box using Windows Explorer, it gets intermittently slow to browse any drive. Even clicking in the c:\ drive will cause a pause of several seconds. If I unmap the drive the problem goes away. How to fix? Do you have your network browsing setup correctly? You could try using a straight IP to see if it's a network name resolution problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File share access problems
Dean Guenther wrote: Greetings, Since rebooting our samba server last night, we are no longer able to access the documents on the private or public file shares. A Word document is giving an error like: The document name or path is not valid. Try these suggestions: * check the file permissions for the document or drive * use the file open dialog box to locate the document This is happening for all of the 30+ users In Explorer the folders are all visible. And the files in the folders are all visible. But when trying to click on one to open it, the above error is given. WordPerfect docs give an error too. Though different wording, its effectively the same, file cannot be found. OpenOffice also gives an error. It says The operation on \\aslan\...directory...name of file was started with an invalid parameter. Just to see if there was any corruption in the files, we've copied one word document using ssh from the samba server to the desktop of a PC and it opens fine in Word, so its not that the disk and/or files are corruptedI think... I'm running Samba 3.0.24-11 on FedoraCore 6. I've run yum and it says there are no new updates available. (I think I'd run it fairly recently so I'm not surprised there were no new updates.) How do I go about trouble shooting this problem? thanks -- Dean Have you changed any /etc/ files since your last reboot? If I had a dollar for every time I changed something 'trivial' just before leaving work for the day, and forgotten about it for three months and had it bite me on next reboot... and if I had a dollar for every time I overlooked it before troubleshooting an issue it caused... well, I could be a professional student :) Are your users authenticating as themselves in their respective groups with whatever authentication scheme you have? Perhaps they're able to read the directory listing, but not the files within because they are seen as guests. If that seems to be all well and good, and nothing seems 'strange' in your logs, I'd go straight to a wireshark session and check the SMB conversation on the wire. That should at least leave you with the right questions to focus on. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] I still don't understand it-- what is the relation between cause and effect?
joop gerritse wrote: I have posted more messages, essentially to the same effect... had quite a few good answers, but somehow I seem to be missing something ... :-( Well, I told you already about the workgroup DAARO, which refused to show up... I got some suggestions, and, indeed, there it was! I could even log in to it. And then, next morning, I started up my test network, ... no DAARO. However, after a restart of samba (/etc/rc.d/rc.samba restart) it appeared again. Without any changes in teh config. However, although I saw DAARO, clicking on it gave me an error message (something like device does not exist in Dutch). On the other hand, after restarting samba again, still without any changes, I could suddenly log in to the domain. Well, this is not the clear relation between cause and effect which I prefer. Of course it is unavoidable once you get involved in a Microsoft mess... . I think it is time to become somewhat more fundamental(ist). I mean, if I ever want to find out what's going on, I will probably have to understand what these lousy sloppy Microsoft protocols really do. And of course, being closed source, this won't be trivial. Can anyone point out some documents that give information on the internals of MS networking protocols? I think there are some around, but I haven't located them yet... I think you said you were using Windows 98, correct? IIRC (from my childhood hacking) Windows 98 takes up to 15 minutes to 'see' the network. I think it was a problem with netbui. To test this theory, you could try explicitly putting DAARO in the machines LMHOSTS file. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] I changed smb.conf, but nothing seems to happen!
joop gerritse wrote: Hello, * After some good advice from the list, I now have my workgroup visible. Next problem. I click on it from my win98 station (yes, it is old; I even have a w95 workstation somewhere :-) ) and I get can't find share name. Now I look in the samba logs, and I see that it is looking for /usr/local/samba/netlogon, which doesn't exist. Oops, error! The netlogon happens to be in /etc/samba/netlogon, so I change the path in smb.conf and restart Samba. I try again, but now my Win98 station keeps trying to access /usr/local/samba/netlogon. How come? I suppose that the easiest way out is to put a link to the right location in /usr/local, but somehow that doesn't feel right. Joop, Are you only running one version of samba? I'm assuming you compiled your own if it's in the /usr/local hierarchy. Perhaps your distro shipped with a version that you forgot to take out? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Fwd: [Samba] roaming profiles stored on BDCs? how?
John Drescher wrote: On Thu, Mar 6, 2008 at 4:15 PM, Adam Williams [EMAIL PROTECTED] wrote: I have a PDC named GOMER w/ IP of 10.8.3.37 and a BDC named BLDG2 w/ ip of 10.8.7.2. when someone on the 10.8.7.x network using the WINS server of 10.8.7.2 logs in and out, their roaming profile is stored on the PDC. is there any way to have the roaming profile stored on the BDC?, because I will have other 10.8.x.x networks and some of these remote sites will be using DSL and I don't want the profiles transfering over DSL. any suggestions? You can put the roaming profile on any cifs/sanba server in your network. I have mine on a standalone server. see logon path John FWIW, this sounds like a good application for DFS. It will give you a layer of abstraction that's seamless, in theory. Although, I've never tried it in practice. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems running samba in vmware
Douglas VanLeuven wrote: Adam Zimmer wrote: At the moment I have enabled timeSync with vmware tools. In the general area of time keeping on the host, I added the following settings which avoided errors about the RTC missing interrupts: host.usefastclock=false host.cpukHz=240 host.useTSC=true ptsc.useTSC=true I have two other machines similarly configured (with the exception of running other linux applications not samba). Ntpdate seems to be installed as it is part of the ubuntu-server default config. However, my other machines seem to run it ok. If anything they fall behind a bit and the vmware sync keeps them up-to-date. Ian McDonald wrote: How are your time sync options set for the VM? Is it keeping time ok? (note,AFAIR, you're not supposed to run NTP within a VM.). True. I refer to this document from vmware. http://www.vmware.com/pdf/vmware_timekeeping.pdf Generally, ntp vmware timesync fight each other. The usual method is to turn off the ntp service, figure out how to minimize interrupts, allow the clock to run a little slow and allow vmware timesync to bump up the time when it gets about 1 minute slow. There's another thread that mentions issues with on-board nics and drivers. Over the years, I've bumped into that myself. To the extent I try and use host-only and route whenever possible. That's worked better for me in generic usage. Regards, Doug Just an idea, although I've never tried it in vmware, if you can somehow make it a gig network connection and bring up the MTU and even enable NAPI in the guest, that should cut down on the IRQs, and slow clock drift. Also, if you have a VMI kernel on the guest (that might be VMWare server - 2.0 only, not sure), it should play a little nicer. Also, if you can turn off hardware offloading in the guest, it probably couldn't hurt. With VMs I've found slimmed down kernels really seem to drag less, although it could just be the power of suggestion on my own part after spending twenty minutes staring at 'make menuconfig'. Speaking of which, if you don't need X, running at runlevel 3 will help, too. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CENTOS4.6+SAMBA3.0.25+FEDORA-DS
Suphakit wrote: Thank you Mr.William, as you know I am a linux beginner ,meaning that I am not familiar with technical terms that's why I can't get myself understand the howto stuffs. The posted question is a myth to me which I couldn't extract of out of many instruction found from website. I'll be appreciate if you guys can just give a simple answer to my questions ,just yes or no and simple explanation. So that I can expand reading HowTo . Thank you and Best Regards, Tom Tom, As for item 1: This is possible, however, CentOS-4.6 ships with samba-3.0.12(ish... it's an older build with Red Hat's blessed patches), for a Samba 3.0.25, you'll want to use CentOS-5.1, I believe. You can use a never samba than the shipped version, but as a Linux newbie, I wouldn't recommend it unless you feel very comfortable at a command line. I've had a good deal of trouble with Fedora-DS, but I was building from source, YMMV. I'm sure it's a great software package, but I had to fight with it a bit. On a side note, are you locked in to using CentOS and Fedora DS, and having separate authentication, or can you take baby steps using the builtin password and user files? You are taking on a great amount of work and introducing yourself to a very steep learning curve with your proposed setup. And, being new to Linux at the same time will only compound this. I'm not trying to discourage you, quite the contrary, I just think that trying to get right up to this level of server and service sophistication might leave you with a very long uphill battle ahead if you choose to take it head on like this. Adam Williams wrote: whoa you have so many things wrong its hard to decide even where to start. read http://www.iallanis.info/smbldap-tools/docs/samba-ldap-howto/, and chapter 5 of samba 3 by example, and http://directory.fedoraproject.org/wiki/Howto:Samba suphakit Chamwuthipricha wrote: Hi I am new to linux Samba. I would like to setup Samba as a domain controller and using Fedora-ds for authentication. I have read some documents from www.samba.org but I am still in the mist. Here is my dumb questions about Samba as follows. 1. Is CENTOS4.6+SAMBA3.0.25 as PDC +FEDORA-DS possible? 2. Is this HOWTO from http://directory.fedoraproject.org/wiki/Howto:Samba sufficient information? please suggest more 3. Since I tried to integrate Samba+Fedora-ds ,I am always stuck at this step net groupmap add. Does these command need to be done? What will happen if we skip them? # net groupmap add rid=2512 ntgroup='Domain Admins' unixgroup='Domain Admins' # net groupmap add rid=2513 ntgroup='Domain Users' unixgroup='Domain Users' # net groupmap add rid=2514 ntgroup='Domain Guests' unixgroup='Domain Guests' # net groupmap add rid=2515 ntgroup='Domain Computers' unixgroup='Domain Computers' 3.1 Linux won't allow me to add unix group name with space like Domain Admins ,can we change to DomainAdmins (no space) as I tried to add unix group DomainAdmins in linux box and run the command , It is failed. # net groupmap add rid=2512 ntgroup='Domain Admins' unixgroup='DomainAdmins' I also noticed that this somehow relates to smb.conf file Some source says: ldap admin dn = cn=Directory Manager or ldap admin dn = cn=Directory Manager,dc=mycompany,dc=com 3.1.1 If I use this one ldap dn = cn=Directory Manager The result of net groupmap show failed to add group map 3.1.2 If I use this one ldap admin dn = cn=Directory Manager,dc=mycompany,dc=com The result of net groupmap show cannot find object cn=Directory Manager,dc=mycompany,dc=com 3.2 Where does the command looks for ntgroup=Domain Admins' to map with unixgroup=Domain Admins 3.3 Some source say the net group map should add type=d at the end of the line ,is it true? # net groupmap add rid=2512 ntgroup='Domain Admins' unixgroup='Domain Admins' type=d 4. Does this line in my smb.conf look ok? (I installed Samba Fedora-ds in same machine) passdb backend = ldapsam:ldap://192.168.100.7 5. Does these line need to be included in smb.conf file? What will happen if we don't include them? ldap idmap suffix = ou=Users ldap passed sync = Yes 6. Does user add scripts need to be included in smb.conf file? How it works and when these lines are used. What will happen if we don't include them. # Useradd scripts add user script = /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-useradd -m %u delete user script =
Re: [Samba] Best way to handle profiles from deleted accounts?
Tim Bates wrote: Hello people Just wondering how people deal with deletion of roaming profiles and homes on their servers. I currently have a script that moves old homes for one subset of our users... but it's very messy. I'm considering re-writing it, and including the profile dirs too, but I was wondering if there's solutions already out there that might be better than what I can write. Tim B ** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. ** I usually just disable the account until I know that no one left any important documents with it. I just leave it disabled until I know it made it to the backups, and then blow it away. If you use Webmin, it will erase the home directory, samba account, and unix account in one fell swoop; I think they use a perl script, it might be easier to pick that up than reinvent the wheel. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] server string ignored
ip guy wrote: hi all my samba installation 3.0.25b-1.el5_1.4, installed via yum on a CentOS5 sever seems to ignore the server string... no matter what i supply the string variable, the drive is mapped to the win32 clients and echo's the samba version. anyone having the same issue ? Have you cleared the cached network names on the clients? I believe they're in the registry under the user hive, IIRC. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Subfolders and permissions
Paul Rijke wrote: Hi, I have currently a department called HRM which have their own share /data/hrm Within that share is a folder called recruitment. We recently hired an external recruiter to do some work for us. The folder is /data/hrm/recruitment How can I enforce that this person can only read and write in this directory? Look below, is this the way to go? How would you handle this? My config: #=== Global Settings = [global] dns proxy = no log file = /var/log/samba/log.%m netbios name = srv01 load printers = yes server string = srv01.mydomain.com workgroup = MYDOMAIN os level = 20 username map = /usr/local/etc/samba/smbusers encrypt passwords = yes hosts allow = 192.168.20. 127. security = user max log size = 50 # Share Definitions == # the staff group [hrm] writeable = yes path = /data/hrm write list = @hrm force group = hrm valid users = @hrm create mode = 764 directory mode = 774 [recruitment] comment = Recruitment Share valid users = @recruitment writeable = yes path = /data/hrm/recruitment write list = @recruitment force group = recruitment create mode = 764 directory mode = 774 Personally, I'd do this at the file system level. Put them in a group such that they don't have any permissions other than traverse (751 permissions or so) parent directories, and make them the owner of the recruitment directory with a 2770 permission on the directory. If you need to add more recruiters, just add them to the recruitment group. So, it'd look like this: user: recruiter group: recruitment /data/hrm (perms - root.users rwxrwx--x) /data/hrm/recruitment (perms - recruiter.recruitment rwxrwt---) Then just give them a link to /data/hrm/recruitment on their desktop or something (or map a drive on logon with the logon script). This is, of course, just one way to do it. I usually like to handle permissions at the lowest level. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Wrong perms on new files/dirs using smbmount
Michael Lueck wrote: Scott Lovenberg wrote: What are the samba server side settings(smb.conf) for the share you are mounting? [data] comment = Shared Application Data Files path = /srv/shares/data guest ok = no read only = no create mask = 0666 directory mask = 0777 Do you have inherit permissions set? from smb.conf(5) man page: Default: inherit permissions = no I set inherit acls = yes once for an ACL aware implementation for a client. Otherwise no specific acl/perm stuff at this time. Drats, it looks like you're setup fine. I was hoping it would just be a bad configuration. I don't know what else it could be. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba and the InterWeb
Alex Hooper wrote: Scott Lovenberg uttered: Alex Hooper wrote: Scott Lovenberg uttered: Alex Hooper wrote: Hi, We have an office-based Windows-locked publishing system whose only delivery mechanism is to write to a local filesystem, and a requirement for its output to be available to a collocated production environment comprising Solaris and Linux boxes. The 'obvious' solution was to run a Samba server on one of the collocated Linux boxes and mount the share it provides on the relevant Windows machines in the office. And this is what I have done. This works, but encounters the problem I am about to describe. SCENARIO ONE: Connecting to the server/share in Explorer (Windows XP) by typing the path (\\dns.host.name\share) into the address bar is accomplished without problem, as is receiving a directory listing. But uploading a file to the remote share (by drag and dropping) causes Explorer to freeze for anything between 10 and 30 seconds after which the file transfers at good speed. SCENARIO TWO: Map the remote share, using same connection details. Now copy is often fine, but sometimes will just fail with a Cannot copy filename: The specified network name is no longer available. and leave a zero-length file at the remote end. Not infrequently, smbd processes are being left in an 'uninterruptible sleep' state. If I mount the remote share via smbmount onto a Linux server in the office, I don't encounter any of these problems. Packet-sniffing on scenario one shows that the pause is happening before any set-up for the file transfer: it looks like the client disconnects, then there's a pause, then it reconnects. I'm using Samba version 3.0.25b-1.el4_6.4 on RHEL ES release 4. Clients are Windows XP Pro. Our office has a fairly large and complex LAN which is managed by a separate department. Access to the Internet is, not surprisingly, via a NATting gateway. Appropriate ports have been opened in the firewalls, though all communication is in Direct-hosted mode (ie, I only see traffic on port 445/tcp). smb.conf looks like this: [global] workgroup = WG123 netbios name = n2323 # hostname of server server string = FOO-BAR-Samba #wins proxy = yes #wins server = xxx.xx.xx.x security = user passdb backend = tdbsam load printers = no # idle time (mins) before client is disconnected dead time = 15 keepalive = 10 socket options = IPTOS_THROUGHPUT SO_SNDBUF=8576 inherit permissions = yes [test-xml] path = /stuff/test-xml writeable = Yes public = no Could anyone suggest what might be going on here? Thanks, Alex. On scenario1, is it (Windows client) trying to connect to port 445 on the server, being dropped instead of rejected, timing out, and then establishing a connection on port 139? I think by default Windows tries to connect to both at the same time or something weird like that. No. There is no attempt to use port 139: only 445 is approached. On scenario2, I've seen behavior something akin to this on a corrupted e1000 kernel module. I've also seen bad cables (twice where gigabit and mii are concerned, IIRC) that behave all kinds of weird, at any given moment. The server's using the bnx2 module and the NIC is at 100MB FD. I'm not noting any other network weirdness, which would seem to suggest cabling is probably OK, wouldn't it? I once heard a quote (which I'd like to attribute to Jeremy Allison for some reason) to the effect of The Windows SMB network stack is like a canary in a coal mine, when you have network troubles it's the first thing to die. I could get everything else to work just fine with this driver, but SMB/CIFS just kept flaking out. So, I always try to trace a problem starting from the wall back. Anyways, FWIW, how does your 'netstat -s' output look? Are you getting a considerable number of connection resets being sent or received? No. All the reset sents in the diff below belong to an unrelated application. In the time between the two netstats compared below, various stalling transfers were made and one network name is no longer available was received: # diff -Bub /root/netstat-20080213-0939 /root/netstat-20080213-1016 --- /root/netstat-20080213-0939 2008-02-13 09:39:24.0 + +++ /root/netstat-20080213-1016 2008-02-13 10:16:34.0 + @@ -1,43 +1,44 @@ Ip: -4336 total packets received +21933 total packets received 0 forwarded 0 incoming packets discarded -4335 incoming packets delivered -4134 requests sent out +20292 incoming packets delivered +19069 requests sent out Icmp: -26 ICMP messages received +92 ICMP messages received 0 input ICMP message failed. ICMP input histogram: -echo requests: 26 -26 ICMP messages sent +echo requests: 92 +92 ICMP messages sent 0 ICMP messages failed
[Samba] Re: Samba and the InterWeb
Alex Hooper wrote: Scott Lovenberg uttered: Alex Hooper wrote: Hi, We have an office-based Windows-locked publishing system whose only delivery mechanism is to write to a local filesystem, and a requirement for its output to be available to a collocated production environment comprising Solaris and Linux boxes. The 'obvious' solution was to run a Samba server on one of the collocated Linux boxes and mount the share it provides on the relevant Windows machines in the office. And this is what I have done. This works, but encounters the problem I am about to describe. SCENARIO ONE: Connecting to the server/share in Explorer (Windows XP) by typing the path (\\dns.host.name\share) into the address bar is accomplished without problem, as is receiving a directory listing. But uploading a file to the remote share (by drag and dropping) causes Explorer to freeze for anything between 10 and 30 seconds after which the file transfers at good speed. SCENARIO TWO: Map the remote share, using same connection details. Now copy is often fine, but sometimes will just fail with a Cannot copy filename: The specified network name is no longer available. and leave a zero-length file at the remote end. Not infrequently, smbd processes are being left in an 'uninterruptible sleep' state. If I mount the remote share via smbmount onto a Linux server in the office, I don't encounter any of these problems. Packet-sniffing on scenario one shows that the pause is happening before any set-up for the file transfer: it looks like the client disconnects, then there's a pause, then it reconnects. I'm using Samba version 3.0.25b-1.el4_6.4 on RHEL ES release 4. Clients are Windows XP Pro. Our office has a fairly large and complex LAN which is managed by a separate department. Access to the Internet is, not surprisingly, via a NATting gateway. Appropriate ports have been opened in the firewalls, though all communication is in Direct-hosted mode (ie, I only see traffic on port 445/tcp). smb.conf looks like this: [global] workgroup = WG123 netbios name = n2323 # hostname of server server string = FOO-BAR-Samba #wins proxy = yes #wins server = xxx.xx.xx.x security = user passdb backend = tdbsam load printers = no # idle time (mins) before client is disconnected dead time = 15 keepalive = 10 socket options = IPTOS_THROUGHPUT SO_SNDBUF=8576 inherit permissions = yes [test-xml] path = /stuff/test-xml writeable = Yes public = no Could anyone suggest what might be going on here? Thanks, Alex. On scenario1, is it (Windows client) trying to connect to port 445 on the server, being dropped instead of rejected, timing out, and then establishing a connection on port 139? I think by default Windows tries to connect to both at the same time or something weird like that. No. There is no attempt to use port 139: only 445 is approached. On scenario2, I've seen behavior something akin to this on a corrupted e1000 kernel module. I've also seen bad cables (twice where gigabit and mii are concerned, IIRC) that behave all kinds of weird, at any given moment. The server's using the bnx2 module and the NIC is at 100MB FD. I'm not noting any other network weirdness, which would seem to suggest cabling is probably OK, wouldn't it? I once heard a quote (which I'd like to attribute to Jeremy Allison for some reason) to the effect of The Windows SMB network stack is like a canary in a coal mine, when you have network troubles it's the first thing to die. I could get everything else to work just fine with this driver, but SMB/CIFS just kept flaking out. So, I always try to trace a problem starting from the wall back. Anyways, FWIW, how does your 'netstat -s' output look? Are you getting a considerable number of connection resets being sent or received? No. All the reset sents in the diff below belong to an unrelated application. In the time between the two netstats compared below, various stalling transfers were made and one network name is no longer available was received: # diff -Bub /root/netstat-20080213-0939 /root/netstat-20080213-1016 --- /root/netstat-20080213-0939 2008-02-13 09:39:24.0 + +++ /root/netstat-20080213-1016 2008-02-13 10:16:34.0 + @@ -1,43 +1,44 @@ Ip: -4336 total packets received +21933 total packets received 0 forwarded 0 incoming packets discarded -4335 incoming packets delivered -4134 requests sent out +20292 incoming packets delivered +19069 requests sent out Icmp: -26 ICMP messages received +92 ICMP messages received 0 input ICMP message failed. ICMP input histogram: -echo requests: 26 -26 ICMP messages sent +echo requests: 92 +92 ICMP messages sent 0 ICMP messages failed ICMP output histogram: -echo
[Samba] Re: Wrong perms on new files/dirs using smbmount
Michael Lueck wrote: Greetings- I am working through coming up with a Linux client integration to Samba PDC's. I mount several shares with this sort of syntax: /bin/mount -t cifs -o credentials=/home/userid/.smbcredentials,uid=userid,gid=userid,dmask=0777,fmask=0666 //ldslnx01/data /mnt/ldslnx01/data/ However when I create new files/dirs on the Samba share from the Linux workstation, the perms are not 0666/0777 as I have specified. Historically I set those perms on the share, and that has always worked with Windows clients. I added that bit to the mount command, but it made no difference. I believe I end up with 0755/0644, but do not hold me to that as I have simply verified it is not correct and that is all the checking I have done. Thanks! I think you'll find that is your default umask (more specifically, your umask is 022, i.e., (7-0)(7-2)(7-2)=755) It must be overriding. I'm not sure why this would be, though. Could it be that '/' is mounted with an explicit permission setting that is shadowing your mount settings? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Wrong perms on new files/dirs using smbmount
Michael Lueck wrote: Scott Lovenberg wrote: Could it be that '/' is mounted with an explicit permission setting that is shadowing your mount settings? I do not think so, but have a look. This share happens to be on the /srv partition. /dev/sda1 / xfs defaults0 1 /dev/sda9 /srvxfs defaults0 2 That seems fine. What are the samba server side settings(smb.conf) for the share you are mounting? Do you have inherit permissions set? from smb.conf(5) man page: inherit permissions (S) The permissions on new files and directories are normally governed by create mask, directory mask, force create mode and force directory mode but the boolean inherit permissions parameter overrides this. New directories inherit the mode of the parent directory, including bits such as setgid. New files inherit their read/write bits from the parent directory. Their execute bits continue to be determined by map archive, map hidden and map system as usual. Note that the setuid bit is never set via inheritance (the code explicitly prohibits this). This can be particularly useful on large systems with many users, perhaps several thousand, to allow a single [homes] share to be used flexibly by each user. Default: inherit permissions = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problem with winbind not seeing a user as part of a group
Trimble, Ronald D wrote: That may be possible, but like I said, sometimes it works and sometimes it doesn't. Sometimes the span between the two is only a few seconds. From: Scott Lovenberg [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 12, 2008 10:05 PM To: Trimble, Ronald D Cc: samba@lists.samba.org Subject: Re: [Samba] Problem with winbind not seeing a user as part of a group Trimble, Ronald D wrote: I have never explored those options. We have auth fall through turned off. If the authentication fails, they get a 401 message indicating they don't have permissions. Here is an example from our vhosts.conf... Location /scm/spar/svn DAV svn SVNPATH /scm/spar/svn SVNPathAuthz off AuthPAM_Enabled on AuthPAM_FallThrough off AuthType Basic AuthName SPAR Subversion require group NA\USTR-LINUX-1-SPAR LimitExcept GET PROPFIND OPTIONS REPORT require group NA\USTR-LINUX-1-SPAR /LimitExcept /Location Location /scm/spar/trac SetHandler mod_python PythonHandler trac.web.modpython_frontend PythonOption TracEnv /scm/spar/trac PythonOption TracUriRoot /scm/spar/trac AuthPAM_Enabled on AuthPAM_FallThrough off AuthType Basic AuthName SPAR Trac require group NA\USTR-LINUX-1-SPAR /Location From: Scott Lovenberg [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 12, 2008 9:27 PM To: Trimble, Ronald D Cc: samba@lists.samba.orgmailto:samba@lists.samba.org Subject: Re: [Samba] Problem with winbind not seeing a user as part of a group Trimble, Ronald D wrote: It looks like it is only happening when apache2 is involved. Although, other login methods are far less common. I have a suspicion it may be related to the mod_auth_pam module but what I don't understand is why it is happening. Mod_auth_pam makes dozens of requests to winbind for each session. Why do some work and others don't? Could it be that winbind is overwhelmed and thus doesn't return anything? -Original Message- From: Scott Lovenberg [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 12, 2008 9:09 PM To: Trimble, Ronald D Cc: samba@lists.samba.orgmailto:samba@lists.samba.org Subject: Re: [Samba] Problem with winbind not seeing a user as part of a group Trimble, Ronald D wrote: Everyone, Here is a challenge for all of you samba experts! Lately I have been seeing a problem where winbind is not correctly identifying a user as a member of a group he most certainly belong to. This is with a Domain Local group so I know samba should support it. Users access a HTTPS (SSL) webpage that is secured by a Domain Local group. Sometimes they get in, others they don't. Here are some examples from the logs. /var/log/apache2/error_log [Tue Feb 12 18:54:52 2008] [error] [client 172.xx.xxx.xxx] GROUP: NA\\selltc not in required group(s)., referer: https://ustr-linux-1/scm/spar/trac/browser/trunk/common/include/channe ls [Tue Feb 12 18:55:00 2008] [error] [client 172.xx.xxx.xxx] GROUP: NA\\selltc not in required group(s)., referer: https://ustr-linux-1/scm/spar/trac/browser/trunk/common/include/channe ls [Tue Feb 12 18:56:12 2008] [error] [client 172.xx.xxx.xxx] GROUP: NA\\selltc not in required group(s)., referer: https://ustr-linux-1/scm/spar/trac/browser/trunk/common/include/channe ls However a little later it is mysteriously working again... /var/log/apache2/access_log 172.xx.xxx.xxx - NA\\selltc [12/Feb/2008:20:02:37 -0500] GET /scm/spar/trac/chrome/common/css/trac.css HTTP/1.1 304 - 172.xx.xxx.xxx - NA\\selltc [12/Feb/2008:20:02:37 -0500] GET /scm/spar/trac/chrome/common/css/browser.css HTTP/1.1 304 - 172.xx.xxx.xxx - NA\\selltc [12/Feb/2008:20:02:37 -0500] GET /scm/spar/trac/chrome/common/css/diff.css HTTP/1.1 304 - Now obviously my example doesn't have the user accessing the same link, but it doesn't matter. Winbind went from identifying the user as not in the group to then identifying him as in the group and nothing changed! This is happening several times a day and is driving us insane. What can I do to figure this out? Has anyone else seen this? Here is what is going on in the /var/log/samba/log.wb-NA (our domain) log at that time for that user. [2008/02/12 18:54:52, 10] nsswitch/winbindd_dual.c:child_process_request(479) process_request: request fn PAM_AUTH [2008/02/12 18:54:52, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1341) [10824]: dual pam auth NA\selltc [2008/02/12 18:54:52, 10] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1364) winbindd_dual_pam_auth: domain: NA last was online [2008/02/12 18:54:52, 10] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_samlogon
Re: [Samba] Samba and the InterWeb
Alex Hooper wrote: Hi, We have an office-based Windows-locked publishing system whose only delivery mechanism is to write to a local filesystem, and a requirement for its output to be available to a collocated production environment comprising Solaris and Linux boxes. The 'obvious' solution was to run a Samba server on one of the collocated Linux boxes and mount the share it provides on the relevant Windows machines in the office. And this is what I have done. This works, but encounters the problem I am about to describe. SCENARIO ONE: Connecting to the server/share in Explorer (Windows XP) by typing the path (\\dns.host.name\share) into the address bar is accomplished without problem, as is receiving a directory listing. But uploading a file to the remote share (by drag and dropping) causes Explorer to freeze for anything between 10 and 30 seconds after which the file transfers at good speed. SCENARIO TWO: Map the remote share, using same connection details. Now copy is often fine, but sometimes will just fail with a Cannot copy filename: The specified network name is no longer available. and leave a zero-length file at the remote end. Not infrequently, smbd processes are being left in an 'uninterruptible sleep' state. If I mount the remote share via smbmount onto a Linux server in the office, I don't encounter any of these problems. Packet-sniffing on scenario one shows that the pause is happening before any set-up for the file transfer: it looks like the client disconnects, then there's a pause, then it reconnects. I'm using Samba version 3.0.25b-1.el4_6.4 on RHEL ES release 4. Clients are Windows XP Pro. Our office has a fairly large and complex LAN which is managed by a separate department. Access to the Internet is, not surprisingly, via a NATting gateway. Appropriate ports have been opened in the firewalls, though all communication is in Direct-hosted mode (ie, I only see traffic on port 445/tcp). smb.conf looks like this: [global] workgroup = WG123 netbios name = n2323 # hostname of server server string = FOO-BAR-Samba #wins proxy = yes #wins server = xxx.xx.xx.x security = user passdb backend = tdbsam load printers = no # idle time (mins) before client is disconnected dead time = 15 keepalive = 10 socket options = IPTOS_THROUGHPUT SO_SNDBUF=8576 inherit permissions = yes [test-xml] path = /stuff/test-xml writeable = Yes public = no Could anyone suggest what might be going on here? Thanks, Alex. On scenario1, is it (Windows client) trying to connect to port 445 on the server, being dropped instead of rejected, timing out, and then establishing a connection on port 139? I think by default Windows tries to connect to both at the same time or something weird like that. On scenario2, I've seen behavior something akin to this on a corrupted e1000 kernel module. I've also seen bad cables (twice where gigabit and mii are concerned, IIRC) that behave all kinds of weird, at any given moment. Anyways, FWIW, how does your 'netstat -s' output look? Are you getting a considerable number of connection resets being sent or received? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with winbind not seeing a user as part of a group
Trimble, Ronald D wrote: I have never explored those options. We have auth fall through turned off. If the authentication fails, they get a 401 message indicating they don't have permissions. Here is an example from our vhosts.conf... Location /scm/spar/svn DAV svn SVNPATH /scm/spar/svn SVNPathAuthz off AuthPAM_Enabled on AuthPAM_FallThrough off AuthType Basic AuthName SPAR Subversion require group NA\USTR-LINUX-1-SPAR LimitExcept GET PROPFIND OPTIONS REPORT require group NA\USTR-LINUX-1-SPAR /LimitExcept /Location Location /scm/spar/trac SetHandler mod_python PythonHandler trac.web.modpython_frontend PythonOption TracEnv /scm/spar/trac PythonOption TracUriRoot /scm/spar/trac AuthPAM_Enabled on AuthPAM_FallThrough off AuthType Basic AuthName SPAR Trac require group NA\USTR-LINUX-1-SPAR /Location *From:* Scott Lovenberg [mailto:[EMAIL PROTECTED] *Sent:* Tuesday, February 12, 2008 9:27 PM *To:* Trimble, Ronald D *Cc:* samba@lists.samba.org *Subject:* Re: [Samba] Problem with winbind not seeing a user as part of a group Trimble, Ronald D wrote: It looks like it is only happening when apache2 is involved. Although, other login methods are far less common. I have a suspicion it may be related to the mod_auth_pam module but what I don't understand is why it is happening. Mod_auth_pam makes dozens of requests to winbind for each session. Why do some work and others don't? Could it be that winbind is overwhelmed and thus doesn't return anything? -Original Message- From: Scott Lovenberg [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 12, 2008 9:09 PM To: Trimble, Ronald D Cc: samba@lists.samba.org mailto:samba@lists.samba.org Subject: Re: [Samba] Problem with winbind not seeing a user as part of a group Trimble, Ronald D wrote: Everyone, Here is a challenge for all of you samba experts! Lately I have been seeing a problem where winbind is not correctly identifying a user as a member of a group he most certainly belong to. This is with a Domain Local group so I know samba should support it. Users access a HTTPS (SSL) webpage that is secured by a Domain Local group. Sometimes they get in, others they don't. Here are some examples from the logs. /var/log/apache2/error_log [Tue Feb 12 18:54:52 2008] [error] [client 172.xx.xxx.xxx] GROUP: NA\\selltc not in required group(s)., referer: https://ustr-linux-1/scm/spar/trac/browser/trunk/common/include/channe ls [Tue Feb 12 18:55:00 2008] [error] [client 172.xx.xxx.xxx] GROUP: NA\\selltc not in required group(s)., referer: https://ustr-linux-1/scm/spar/trac/browser/trunk/common/include/channe ls [Tue Feb 12 18:56:12 2008] [error] [client 172.xx.xxx.xxx] GROUP: NA\\selltc not in required group(s)., referer: https://ustr-linux-1/scm/spar/trac/browser/trunk/common/include/channe ls However a little later it is mysteriously working again... /var/log/apache2/access_log 172.xx.xxx.xxx - NA\\selltc [12/Feb/2008:20:02:37 -0500] GET /scm/spar/trac/chrome/common/css/trac.css HTTP/1.1 304 - 172.xx.xxx.xxx - NA\\selltc [12/Feb/2008:20:02:37 -0500] GET /scm/spar/trac/chrome/common/css/browser.css HTTP/1.1 304 - 172.xx.xxx.xxx - NA\\selltc [12/Feb/2008:20:02:37 -0500] GET /scm/spar/trac/chrome/common/css/diff.css HTTP/1.1 304 - Now obviously my example doesn't have the user accessing the same link, but it doesn't matter. Winbind went from identifying the user as not in the group to then identifying him as in the group and nothing changed! This is happening several times a day and is driving us insane. What can I do to figure this out? Has anyone else seen this? Here is what is going on in the /var/log/samba/log.wb-NA (our domain) log at that time for that user. [2008/02/12 18:54:52, 10] nsswitch/winbindd_dual.c:child_process_request(479) process_request: request fn PAM_AUTH [2008/02/12 18:54:52, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1341) [10824]: dual pam auth NA\selltc [2008/02/12 18:54:52, 10] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1364) winbindd_dual_pam_auth: domain: NA last was online [2008/02/12 18:54:52, 10] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_samlogon(1127) winbindd_dual_pam_auth_samlogon [2008/02/12 18:54:52, 10] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1416) winbindd_dual_pam_auth_samlogon succeeded
Re: [Samba] Problem with winbind not seeing a user as part of a group
Trimble, Ronald D wrote: It looks like it is only happening when apache2 is involved. Although, other login methods are far less common. I have a suspicion it may be related to the mod_auth_pam module but what I don't understand is why it is happening. Mod_auth_pam makes dozens of requests to winbind for each session. Why do some work and others don't? Could it be that winbind is overwhelmed and thus doesn't return anything? -Original Message- From: Scott Lovenberg [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 12, 2008 9:09 PM To: Trimble, Ronald D Cc: samba@lists.samba.org Subject: Re: [Samba] Problem with winbind not seeing a user as part of a group Trimble, Ronald D wrote: Everyone, Here is a challenge for all of you samba experts! Lately I have been seeing a problem where winbind is not correctly identifying a user as a member of a group he most certainly belong to. This is with a Domain Local group so I know samba should support it. Users access a HTTPS (SSL) webpage that is secured by a Domain Local group. Sometimes they get in, others they don't. Here are some examples from the logs. /var/log/apache2/error_log [Tue Feb 12 18:54:52 2008] [error] [client 172.xx.xxx.xxx] GROUP: NA\\selltc not in required group(s)., referer: https://ustr-linux-1/scm/spar/trac/browser/trunk/common/include/channe ls [Tue Feb 12 18:55:00 2008] [error] [client 172.xx.xxx.xxx] GROUP: NA\\selltc not in required group(s)., referer: https://ustr-linux-1/scm/spar/trac/browser/trunk/common/include/channe ls [Tue Feb 12 18:56:12 2008] [error] [client 172.xx.xxx.xxx] GROUP: NA\\selltc not in required group(s)., referer: https://ustr-linux-1/scm/spar/trac/browser/trunk/common/include/channe ls However a little later it is mysteriously working again... /var/log/apache2/access_log 172.xx.xxx.xxx - NA\\selltc [12/Feb/2008:20:02:37 -0500] GET /scm/spar/trac/chrome/common/css/trac.css HTTP/1.1 304 - 172.xx.xxx.xxx - NA\\selltc [12/Feb/2008:20:02:37 -0500] GET /scm/spar/trac/chrome/common/css/browser.css HTTP/1.1 304 - 172.xx.xxx.xxx - NA\\selltc [12/Feb/2008:20:02:37 -0500] GET /scm/spar/trac/chrome/common/css/diff.css HTTP/1.1 304 - Now obviously my example doesn't have the user accessing the same link, but it doesn't matter. Winbind went from identifying the user as not in the group to then identifying him as in the group and nothing changed! This is happening several times a day and is driving us insane. What can I do to figure this out? Has anyone else seen this? Here is what is going on in the /var/log/samba/log.wb-NA (our domain) log at that time for that user. [2008/02/12 18:54:52, 10] nsswitch/winbindd_dual.c:child_process_request(479) process_request: request fn PAM_AUTH [2008/02/12 18:54:52, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1341) [10824]: dual pam auth NA\selltc [2008/02/12 18:54:52, 10] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1364) winbindd_dual_pam_auth: domain: NA last was online [2008/02/12 18:54:52, 10] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_samlogon(1127) winbindd_dual_pam_auth_samlogon [2008/02/12 18:54:52, 10] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1416) winbindd_dual_pam_auth_samlogon succeeded [2008/02/12 18:54:52, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(472) refresh_sequence_number: NA time ok [2008/02/12 18:54:52, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(506) refresh_sequence_number: NA seq number is now 271835101 [2008/02/12 18:54:52, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(823) wcache_save_name_to_sid: NA\SELLTC - S-1-5-21-725345543-2052111302-527237240-26405 (NT_STATUS_OK) [2008/02/12 18:54:52, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(472) refresh_sequence_number: NA time ok [2008/02/12 18:54:52, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(506) refresh_sequence_number: NA seq number is now 271835101 [2008/02/12 18:54:52, 10] nsswitch/winbindd_cache.c:centry_expired(546) centry_expired: Key PWD_POL/NA for domain NA is good. [2008/02/12 18:54:52, 10] nsswitch/winbindd_cache.c:wcache_fetch(630) wcache_fetch: returning entry PWD_POL/NA for domain NA [2008/02/12 18:54:52, 10] nsswitch/winbindd_cache.c:password_policy(2108) lockout_policy: [Cached] - cached info for domain NA status: NT_STATUS_OK [2008/02/12 18:54:52, 5] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1546) Setting unix username to [NA\selltc] [2008/02/12 18:54:52, 5] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1578) Plain-text authentication for user NA\selltc returned NT_STATUS_OK (PAM: 0) Please let me know if you can help me figure this out. Thanks, Ron Does authentication ever fail like this from another login point (from a desktop login, or other PAM settings)? Or only when apache is involved? Have you checked this? from mod_auth_pam http://pam.sourceforge.net/mod_auth_pam/faq.html [...] /6. I get 500
Re: [Samba] Log file confusion
Ed Kasky wrote: I am currently running Samba 3.0.28.0 from rpm on FC6. I have the following in smb.conf: log level = 2 log file = /var/log/samba/%m.log Yet, when I start the daemons, I get log.%m: drwx-- 4 root root 4096 Feb 12 06:55 . drwxrwxr-x 17 root bin 4096 Feb 12 05:02 .. drwx-- 4 root root 4096 Feb 8 2007 cores -rw-r--r-- 1 root root 4269 Feb 12 06:55 log.nmbd -rw-r--r-- 1 root root 872 Feb 12 06:55 log.smbd drwx-- 2 root root 12288 Feb 10 05:00 old -rw-r--r-- 1 root root 569 Feb 12 06:55 smbd.log I checked for multiple smb.conf files and the init script for anything that might indicate a log setting but keep coming up just scratching my head. Does anyone have any light to shed on where the log.%m keeps coming from? Is this something that can be compiled into the package that is not over-ridden by the conf? Thanks in advance for any hints on this. I know it's a little thing but it's driving me nuts... Ed . . . . . . . . . . . . . . . . . . Randomly Generated Quote (267 of 1355): A closed mouth gathers no foot. Are you sure you don't have log file = twice in your smb.conf? Try this: 'grep -Ri \%m /etc/ /usr/local/' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with winbind not seeing a user as part of a group
Trimble, Ronald D wrote: Everyone, Here is a challenge for all of you samba experts! Lately I have been seeing a problem where winbind is not correctly identifying a user as a member of a group he most certainly belong to. This is with a Domain Local group so I know samba should support it. Users access a HTTPS (SSL) webpage that is secured by a Domain Local group. Sometimes they get in, others they don't. Here are some examples from the logs. /var/log/apache2/error_log [Tue Feb 12 18:54:52 2008] [error] [client 172.xx.xxx.xxx] GROUP: NA\\selltc not in required group(s)., referer: https://ustr-linux-1/scm/spar/trac/browser/trunk/common/include/channels [Tue Feb 12 18:55:00 2008] [error] [client 172.xx.xxx.xxx] GROUP: NA\\selltc not in required group(s)., referer: https://ustr-linux-1/scm/spar/trac/browser/trunk/common/include/channels [Tue Feb 12 18:56:12 2008] [error] [client 172.xx.xxx.xxx] GROUP: NA\\selltc not in required group(s)., referer: https://ustr-linux-1/scm/spar/trac/browser/trunk/common/include/channels However a little later it is mysteriously working again... /var/log/apache2/access_log 172.xx.xxx.xxx - NA\\selltc [12/Feb/2008:20:02:37 -0500] GET /scm/spar/trac/chrome/common/css/trac.css HTTP/1.1 304 - 172.xx.xxx.xxx - NA\\selltc [12/Feb/2008:20:02:37 -0500] GET /scm/spar/trac/chrome/common/css/browser.css HTTP/1.1 304 - 172.xx.xxx.xxx - NA\\selltc [12/Feb/2008:20:02:37 -0500] GET /scm/spar/trac/chrome/common/css/diff.css HTTP/1.1 304 - Now obviously my example doesn't have the user accessing the same link, but it doesn't matter. Winbind went from identifying the user as not in the group to then identifying him as in the group and nothing changed! This is happening several times a day and is driving us insane. What can I do to figure this out? Has anyone else seen this? Here is what is going on in the /var/log/samba/log.wb-NA (our domain) log at that time for that user. [2008/02/12 18:54:52, 10] nsswitch/winbindd_dual.c:child_process_request(479) process_request: request fn PAM_AUTH [2008/02/12 18:54:52, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1341) [10824]: dual pam auth NA\selltc [2008/02/12 18:54:52, 10] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1364) winbindd_dual_pam_auth: domain: NA last was online [2008/02/12 18:54:52, 10] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_samlogon(1127) winbindd_dual_pam_auth_samlogon [2008/02/12 18:54:52, 10] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1416) winbindd_dual_pam_auth_samlogon succeeded [2008/02/12 18:54:52, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(472) refresh_sequence_number: NA time ok [2008/02/12 18:54:52, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(506) refresh_sequence_number: NA seq number is now 271835101 [2008/02/12 18:54:52, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(823) wcache_save_name_to_sid: NA\SELLTC - S-1-5-21-725345543-2052111302-527237240-26405 (NT_STATUS_OK) [2008/02/12 18:54:52, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(472) refresh_sequence_number: NA time ok [2008/02/12 18:54:52, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(506) refresh_sequence_number: NA seq number is now 271835101 [2008/02/12 18:54:52, 10] nsswitch/winbindd_cache.c:centry_expired(546) centry_expired: Key PWD_POL/NA for domain NA is good. [2008/02/12 18:54:52, 10] nsswitch/winbindd_cache.c:wcache_fetch(630) wcache_fetch: returning entry PWD_POL/NA for domain NA [2008/02/12 18:54:52, 10] nsswitch/winbindd_cache.c:password_policy(2108) lockout_policy: [Cached] - cached info for domain NA status: NT_STATUS_OK [2008/02/12 18:54:52, 5] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1546) Setting unix username to [NA\selltc] [2008/02/12 18:54:52, 5] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1578) Plain-text authentication for user NA\selltc returned NT_STATUS_OK (PAM: 0) Please let me know if you can help me figure this out. Thanks, Ron Does authentication ever fail like this from another login point (from a desktop login, or other PAM settings)? Or only when apache is involved? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is Samba Shadowcopying can be used in Production Environement with more than 20 TB of data
On Feb 11, 2008 8:15 AM, Adam Tauno Williams [EMAIL PROTECTED] wrote: We have something setup here (on a smaller scale) that might be useful. Our main file server rsync's with our backup server every hour (using hardlinks to keep snapshots). Since relatively little data changes between each sync, it is fairly fast (approx 5 minutes with no noticable slowdown for the clients) the backup server can then take as long as it likes to write to tape/etc without affecting the main server. How well does this work on a live filesystem? Badly. rsync is a really cool tool for transporting data; but it should never be mistaken for a real backup tool. It isn't one. Active files will either be skipped or very likely trashed (on the backup copy) which isn't a backup at all. Are collisions handled gracefully? It doesn't. For example, what happens when a file is in the process of being rsynced at the exact moment it is in the process of being written to? You get junk. A real backup requires the applications (in this case, functionally, the Windows clients) to be quiescent (including having commited/fsync()'d pending writes), rsync offers nothing at all to facilitate that and isn't even aware of it. It is probably better to LVM snapshot and rsync from the snapshot, at least then you are rsync-ing a single point in time and not a 'rolling' filesystem. But even that doesn't promise that files are in a consistent state. -- You could call sync right before snapshotting the LVM, and then mount the LVM read only somewhere else to rsync against it. A journaled file system is a must - you can always fsck the backup as a mounted image before finishing your backup. This should mitigate the chances of corruption, but by no means eliminate them, FWIW. Mount options for ext3 which may be of interest (from man mount(8)): *data=journal* / *data=ordered* / *data=writeback* Specifies the journalling mode for file data. Metadata is always journaled. To use modes other than * ordered* on the root file system, pass the mode to the kernel as boot parameter, e.g. *rootflags=data=journal*. *journal* All data is committed into the journal prior to being written into the main file system. *ordered* This is the default mode. All data is forced directly out to the main file system prior to its metadata being committed to the journal. *writeback* Data ordering is not preserved - data may be written into the main file system after its metadata has been committed to the journal. This is rumoured to be the highest-throughput option. It guarantees internal file system integrity, however it can allow old data to appear in files after a crash and journal recovery. *commit=**nrsec* Sync all data and metadata every *nrsec* seconds. The default value is 5 seconds. Zero means default. -- Peace and Blessings, -Scott. Of course, that's just my opinion; I could be wrong -Dennis Miller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] locking and gfs
On Feb 9, 2008 8:49 AM, markus neis [EMAIL PROTECTED] wrote: Hi there,I run samba as a PDC and tried to make this PDC high available with redhat cluster suite and gfs. I experienced the following problem while doing this: If I set the option locking = no in smb.conf it takes about 4 minutes to copy a file of 1GB size. If I set locking = yes it takes about 1 hour. Im not sure if locking = no sets locking off for all locking options. At least I need locking for some of my shares. Are there some useful options for gfs or recommendations? Thanks, markus Just out of curiosity, what do you have set for oplocks, and do you have blocking locks turned off? -- Peace and Blessings, -Scott. Of course, that's just my opinion; I could be wrong -Dennis Miller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] locking and gfs
On Feb 9, 2008 3:01 PM, markus neis [EMAIL PROTECTED] wrote: i set oplocks = yes , kernel oplocks = yes and as I said locking = yes, but this slows down everything OK, from what I gather (which very well could be inaccurate), it looks like you might be stuck on a spinlock timeout on a blocking call. Also, if I understand the documentation correctly, when you set locking = yes, you pass the call for a lock to the next interface layer, which will traverse a good number of calls, and query the file system somewhere along the way. Samba will queue the lock with blocking locks, and check every now and then, not continuing along with the I/O until it hears back on the lock status. Meanwhile the call is passed to GFS for the lock which will then query the other node, which must make the same series of calls and send its response back across the wire (this may not happen depending on caches, I'm not sure), all the way back to samba who then continues if it can have the lock. If samba can't have the lock, this process starts all over. That is, once again, as I understand it. If you set locking = no, it never gets passed to the first interface, immediately returning a success, without ever having done the lock. So you ask for the lock and samba says, You have the lock., then I come along asking for the same range lock and samba once again says You have the lock.. from man 5 smb.conf: blocking locks (S) This parameter controls the behavior of smbd(8) when given a request by a client to obtain a byte range lock on a region of an open file, and the request has a time limit associated with it. If this parameter is set and the lock range requested cannot be immediately satisfied, samba will internally queue the lock request, and periodically attempt to obtain the lock until the timeout period expires. If this parameter is set to no, then samba will behave as previous versions of Samba would and will fail the lock request immedi- ately if the lock range cannot be obtained. Default: blocking locks = yes locking (S) This controls whether or not locking will be performed by the server in response to lock requests from the client. If locking = no, all lock and unlock requests will appear to succeed and all lock queries will report that the file in ques- tion is available for locking. If locking = yes, real locking will be performed by the server. This option may be useful for read-only filesystems which may not need locking (such as CDROM drives), although setting this parameter of no is not really recommended even in this case. Be careful about disabling locking either globally or in a specific service, as lack of locking may result in data corruption. You should never need to set this parameter. No default lock spin time (G) The time in microseconds that smbd should keep waiting to see if a failed lock request can be granted. This parameter has changed in default value from Samba 3.0.23 from 10 to 200. The associated lock spin count parameter is no longer used in Samba 3.0.24. You should not need to change the value of this parameter. Default: lock spin time = 200 It would seem that you could get a bit of performance tuning GFS, but I'm thinking that you'll also have to tune layers that GFS depends on to see much of a difference (lower throughput for faster response from network, CPU and memory). There is a gfs_tool gettune command that will get the gfs tunable parameters which can be set via gfs_tool settune. This thing seems to cross so many layers that you'd have to tune each layer along its path, IMHO. I hope this was a bit helpful. Can anyone with more low level knowledge confirm or refute this at all? -- Peace and Blessings, -Scott. Of course, that's just my opinion; I could be wrong -Dennis Miller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] locking and gfs
Volker Lendecke wrote: On Sat, Feb 09, 2008 at 11:31:59PM +0100, Markus Neis wrote: Damn! this doesn't sound good. I hope somebody else can refute what you say ;-) gfs shouldn't be that slow. I'm really confused. No offense intended, but Scott's description is not really correct. The only parameter that should really matter is posix locking. That is the parameter that controls whether locking is being passed down to GFS. Set that one to no, and GFS will not see any locking requests while the Windows client gets the full semantics. You should NOT touch any of the other locking parameters. What I said however only applies to a single node. If you want to share the same file space via different nodes, posix locking = yes will NOT help you, then you need to look at http://ctdb.samba.org/. Even with posix locking = yes you will inevitably get data corruption if clients access the same file space via different nodes, ctdb will help you around that. Volker No offense taken, I misunderstood. Just to clarify, the locking semantics (regardless of type) do not propagate down to the kernel smb module, but rather pass to the underlying file system (which in turn propagates to its own kernel module)? Thanks, Volker. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
