[Samba] Users cannot change password
Hello. I'm running a domain with Samba 3.5. on FreeBSD with an LDAP backend. Suddenly users cannot change their passwords anymore. They are just told they can't do that now, but in the logs I see: user XX does not have permissions to change password Any hint? bye & Thanks av. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS Objects Recycle questions / Round Two
It's working, for at least three user accounts, but it isn't working for all user accounts. If I attempt to delete a file through Samba while using my login, the file just disappears, it isn't relinked into the RecycleBin. However, if other accounts perform a delete through Samba, the file is relinked into the RecycleBin. Any ideas? -- Regards, Robert Adkins II > -Original Message- > From: samba-boun...@lists.samba.org > [mailto:samba-boun...@lists.samba.org] On Behalf Of Robert Adkins II > Sent: Wednesday, July 27, 2011 1:22 PM > To: samba@lists.samba.org > Subject: Re: [Samba] VFS Objects Recycle questions > > Please disregard. > > It started working, out of the blue. (Yes, I had previously > initiated my changes, forced a restart and even waited a good > handful of minutes before performing a test delete.) > > -- > > Regards, > Robert Adkins II > > > > > -Original Message- > > From: samba-boun...@lists.samba.org > > [mailto:samba-boun...@lists.samba.org] On Behalf Of Robert Adkins II > > Sent: Wednesday, July 27, 2011 9:27 AM > > To: samba@lists.samba.org > > Subject: [Samba] VFS Objects Recycle questions > > > > I have a need to setup the recycle vfs object on our server. > > > > On my test server, I have all of the shares on a single drive and > > have put the following into each share: > > > > vfs_objects = recycle > > recycle:repository = [Actual Path and Partition that the share is > > located] recycle:directory_mode = 770 recycle:keeptree = Yes > > recycle:touch_mtime = Yes recycle:versions = Yes > > > > It works like a charm. All of the files when deleted from > each share > > are dumped into the RecycleBin share, I have created a new > share just > > for the RecycleBin that I have also mounted that I can > perform a final > > delete on the files located within. > > > > On the live server, there are several partitions with shares split > > across the several partitions. The setup is the same, in terms of > > having the above entered into the individual shares and the > RecycleBin > > for each share is located on the same partition/mount point > that the > > share is located. > > > > Example: > > > > [share1] > > wide links = no > > writeable = yes > > path = /mnt/disk2/share1 > > write list = @share1 > > force group = share1 > > comment = Job Files and Related > > valid users = @share1 > > create mode = 770 > > user = @share1 > > directory mode = 770 > > vfs_objects = recycle > > recycle:repository = /mnt/disk2/sharebin/%u > > recycle:directory_mode = 770 > > recycle:keeptree = Yes > > recycle:touch_mtime = Yes > > recycle:versions = Yes > > > > [sharebin] > > wide links = no > > writeable = yes > > path = /mnt/disk2/sharebin > > write list = @share1 > > force directory mode = 770 > > force group = share1 > > sync always = yes > > force create mode = 770 > > comment = Location of Recycle Bin > > valid users = @share1 > > create mode = 770 > > user = @share1 > > directory mode = 770 > > > > Everything else matches, the folders exist, the folder > permissions are > > the same, it's just a no go on relinking the files on a > delete command > > from the "share1" share. > > > > > > > > > > -- > > > > Regards, > > Robert > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] printer preferences admin
Samba 3.5.9. We have printers exported to Windows and have the following options configured: enable privileges = yes load printers = yes printing = cups printcap name = cups cups options = raw [printers] admin users = @printer-admins comment = All Printers browseable = yes path = /var/spool/samba printable = yes public = yes [print$] admin users = @printer-admins write list = @printer-admins comment = Printer Drivers path = /var/lib/samba/printers browseable = yes guest ok = no create mode = 2777 root preexec = /usr/bin/renice +18 -p %d and net rpc rights list: .. BUILTIN\Print Operators No privileges assigned BUILTIN\Account Operators No privileges assigned BUILTIN\Backup Operators No privileges assigned BUILTIN\Server Operators No privileges assigned BUILTIN\Administrators SeMachineAccountPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Unix Group\printer-admins SePrintOperatorPrivilege SeDiskOperatorPrivilege Everyone No privileges assigned .. Everything works great, including printing and installing printers on clients, EXCEPT when members of @printer-admins go into the printer properties via a Windows machine, all administrative options are grayed out. The only way I've determined that fixes this is to add @printer-admins to the [global] admin users. Having them as admin users under [printers] and [print$] doesn't seem to do it, nor does the rights assignment. Is this expected? Am I missing a setting? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS Objects Recycle questions
Please disregard. It started working, out of the blue. (Yes, I had previously initiated my changes, forced a restart and even waited a good handful of minutes before performing a test delete.) -- Regards, Robert Adkins II > -Original Message- > From: samba-boun...@lists.samba.org > [mailto:samba-boun...@lists.samba.org] On Behalf Of Robert Adkins II > Sent: Wednesday, July 27, 2011 9:27 AM > To: samba@lists.samba.org > Subject: [Samba] VFS Objects Recycle questions > > I have a need to setup the recycle vfs object on our server. > > On my test server, I have all of the shares on a single > drive and have put the following into each share: > > vfs_objects = recycle > recycle:repository = [Actual Path and Partition that the > share is located] recycle:directory_mode = 770 > recycle:keeptree = Yes recycle:touch_mtime = Yes > recycle:versions = Yes > > It works like a charm. All of the files when deleted from > each share are dumped into the RecycleBin share, I have > created a new share just for the RecycleBin that I have also > mounted that I can perform a final delete on the files located within. > > On the live server, there are several partitions with shares > split across the several partitions. The setup is the same, > in terms of having the above entered into the individual > shares and the RecycleBin for each share is located on the > same partition/mount point that the share is located. > > Example: > > [share1] > wide links = no > writeable = yes > path = /mnt/disk2/share1 > write list = @share1 > force group = share1 > comment = Job Files and Related > valid users = @share1 > create mode = 770 > user = @share1 > directory mode = 770 > vfs_objects = recycle > recycle:repository = /mnt/disk2/sharebin/%u > recycle:directory_mode = 770 > recycle:keeptree = Yes > recycle:touch_mtime = Yes > recycle:versions = Yes > > [sharebin] > wide links = no > writeable = yes > path = /mnt/disk2/sharebin > write list = @share1 > force directory mode = 770 > force group = share1 > sync always = yes > force create mode = 770 > comment = Location of Recycle Bin > valid users = @share1 > create mode = 770 > user = @share1 > directory mode = 770 > > Everything else matches, the folders exist, the folder > permissions are the same, it's just a no go on relinking the > files on a delete command from the "share1" share. > > > > > -- > > Regards, > Robert > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain trust between Samba 3.5.9 and Windows 2008 Active Directory crashes lsass.exe which makes AD Domain Controller reboot
Hi Trying to set up a one way trust between a 2008 Active Directory domain and a Samba 3.5.9 server which is configured as a PDC. There is already an existing trust between AD and an NT4 domain so AD has been configured to support NTLM authentication (see below for full details). With no domain trust, using smbclient either anonymously or with a valid user on the DC (e.g. Administrator) works ok,. When a domain trust is created as follows: On samba server net rpc trustdom add AD pdbedit -Lw ad\$ shows that the trust account is set up correctly (i.e. I appearing in the square brackets ) net rpc trustdom list shows the domain trust is ok On AD DC: Add new trust for the Samba domain in the normal way using the trust password above This validates ok. Now smbclient -U% still ok but smbclient -UAdministrator causes the DC to crash, When it comes back up, the following appears in the Application Eventlog: Log Name: Application Source:Application Error Date: 27/07/2011 16:25:07 Event ID: 1000 Task Category: (100) Level: Error Keywords: Classic User: N/A Computer: LIVEDC.ad.gordian.co.uk Description: Faulting application lsass.exe, version 6.0.6002.18005, time stamp 0x49e01c84, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e02d47, exception code 0x8003, fault offset 0x000348d8, process id 0x244, application start time 0x01cc41619f198970. Event Xml: http://schemas.microsoft.com/win/2004/08/events/event";> 1000 2 100 0x80 17693 Application LIVEDC.ad.gordian.co.uk followed by Log Name: Application Source:Microsoft-Windows-Wininit Date: 27/07/2011 16:25:20 Event ID: 1015 Task Category: None Level: Error Keywords: Classic User: N/A Computer: LIVEDC.ad.gordian.co.uk Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 255. The machine must now be restarted. Event Xml: http://schemas.microsoft.com/win/2004/08/events/event";> 1015 0 2 0 0 0x80 17694 Application LIVEDC.ad.gordian.co.uk C:\Windows\system32\lsass.exe 255 lsass.exe 6.0.6002.18005 49e01c84 ntdll.dll 6.0.6002.18005 49e02d47 8003 000348d8 244 01cc41619f198970 Here's the smb.conf with comments stripped: [global] workgroup = CTGDOMAIN server string = Samba 3.5.9 Server PDC security = user hosts allow = 192.168.56. 192.168.153. 127. load printers = no log file = /opt/samba/var/log.%m max log size = 50 interfaces = e1000g0 lo* bind interfaces only = yes local master = yes domain master = yes preferred master = yes domain logons = yes logon path = \\%L\Profiles\%U wins support = yes name resolve order = lmhosts wins hosts broadcast dns proxy = no add user script = /usr/sbin/useradd %u add group script = /usr/sbin/groupadd %g add machine script = /usr/sbin/useradd -g machines -c Machine -d /dev/null -s /bin/false %u delete user script = /usr/sbin/userdel %u delete user from group script = /usr/sbin/userdel %u %g delete group script = /usr/sbin/groupdel %g [homes] comment = Home Directories browseable = no writable = yes [netlogon] comment = Network Logon Service path = /opt/samba/lib/netlogon guest ok = yes writable = no share modes = no [Profiles] path = /opt/samba/profiles browseable = no guest ok = yes Has anyone else seen this issue or have any ideas about the best way to debug? thanks tim P.S. AD policy configuration Network access: Allow anonymous SID/Name translation ENABLED Network access: Do not allow anonymous enumeration of SAM accounts DISABLED Network access: Do not allow anonymous enumeration of SAM accounts and shares DISABLED Network access: Let Everyone permissions apply to anonymous users ENABLED Network access: Named pipes can be accessed anonymously ENABLED Network access: Restrict anonymous access to Named Pipes and shares DISABLED Network security: LAN Manager authentication level "Send NTLM response only" Microsoft network client: Digitally sign communications (always) DISABLED Microsoft network client: Digitally sign communications (if server agrees)ENABLED Microsoft network server: Digitally sign communications (always) DISABLED Microsoft network server: Digitally sign communications (if client agrees)ENABLED Domain member: Digitally encrypt or sign secure channel data (always) DISABLED Domain member: Digitally encrypt secure channel data (when it is possibl
[Samba] net join & DNS
Is there an option to the net command to not have it update DNS in AD? We are joining servers using the net ads join command and it's changing our static DNS entries to dynamic ones which then get deleted when AD does its DNS scavenging. It seems that dynamically updating DNS is the default. The command we're running is: net ads join -U adminuser%adminpasswd Thanks - Mike Mike Auleta UNIX Administrator Conde Nast Publications (302) 830-4688 michael_aul...@condenast.com This e-mail, including attachments, is intended for the person(s) or company named and may contain confidential and/or legally privileged information. Unauthorized disclosure, copying or use of this information may be unlawful and is prohibited. If you are not the intended recipient, please delete this message and notify the sender. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] WinPopup to Windows 7?
Is "smbclient -M" supposed to work to a Windows 7 machine? Using samba3-3.4.9-42.el5 I get: # echo "Hello world" | smbclient -NM PC167 Connection to PC167 failed. Error NT_STATUS_BAD_NETWORK_NAME The name resolves correctly, and the command works to an XP client with Messenger service enabled. Win 7 has its own "MSG.EXE" program for that sort of thing, which apparently no longer requires the Messenger service. If the WinPopup protocol is no longer supported, does Samba have another messaging command? Moray. "To err is human; to purr, feline." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC 3.4 + wins server
Linux Ubuntu 10.04 LTS - I used the package of distribution. On 27/07/2011 16.18, Gaiseric Vandal wrote: On 07/27/2011 05:52 AM, Jubacca wrote: Hi , I use Samba 3.4.7 PDC + ldap backend . I can't put the machine if I don't specify the wins server on Pc-client. I try different name resolve order , but nothing change ? Can you help me ? My global is : [global] workgroup = workgroup netbios name = SERVER server string = Server Samba wins support = yes browse list = Yes remote announce = 10.0.0.255/workgroup lm announce = yes lm interval = 30 dns proxy = yes hosts allow = 127.0.0.1 10.0.0.1/255.255.255.0 name resolve order = wins lmhosts host bcast # name resolve order = bcast host lmhosts wins interfaces = bond0 , eth1 ,lo bind interfaces only = no log file = /var/log/samba/%U.%m.log log level = 0 passdb:6 auth:10 vfs:5 acls:3 msdfs:3 max log size = 5000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user username map = /etc/samba/usermap case sensitive = no encrypt passwords = true enable privileges = yes passdb backend = ldapsam:ldap://server:389/ ldap admin dn = cn=admin,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap ssl = off ldap delete dn = nomap to guest = bad user domain logons = yes domain master = yes local master = yes preferred master = yes os level = 255 logon path = \\%N\profiles\%U logon drive = S: logon home = \\%N\%U logon script = logon.bat add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel %u add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g printing = cups socket options = TCP_NODELAY idmap uid = 1-2 idmap gid = 1-2 time server = yes null passwords = no idmap backend = ldap:ldap://server:389/ obey pam restrictions = yes ldap passwd sync = yes unix password sync = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes What OS? Did you compile from source? I ran into the following weird issue once: Two servers with samba bundled with the OS. One server with samba compiled from source. Windows machines connecting from VPN- with the firewall blocking netbios traffic. The Windows clients could connect by name to the 1st 2 servers, but only by IP to the 3rd one, even tho DNS name resolution worked. (I could add an lmhosts entry on the client but this is clunky.) This indicated to be that the server does try to resolve client names or ip's and that something I did when I compiled samba broke this functionality. Snooping traffic DID show the client reaching the server but some sort of handshaking NOT completing. I would turn up the general log level. I would also snoop traffic for a client with out WINS to see if it is even locating the samba server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC 3.4 + wins server
On 07/27/2011 05:52 AM, Jubacca wrote: Hi , I use Samba 3.4.7 PDC + ldap backend . I can't put the machine if I don't specify the wins server on Pc-client. I try different name resolve order , but nothing change ? Can you help me ? My global is : [global] workgroup = workgroup netbios name = SERVER server string = Server Samba wins support = yes browse list = Yes remote announce = 10.0.0.255/workgroup lm announce = yes lm interval = 30 dns proxy = yes hosts allow = 127.0.0.1 10.0.0.1/255.255.255.0 name resolve order = wins lmhosts host bcast # name resolve order = bcast host lmhosts wins interfaces = bond0 , eth1 ,lo bind interfaces only = no log file = /var/log/samba/%U.%m.log log level = 0 passdb:6 auth:10 vfs:5 acls:3 msdfs:3 max log size = 5000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user username map = /etc/samba/usermap case sensitive = no encrypt passwords = true enable privileges = yes passdb backend = ldapsam:ldap://server:389/ ldap admin dn = cn=admin,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap ssl = off ldap delete dn = nomap to guest = bad user domain logons = yes domain master = yes local master = yes preferred master = yes os level = 255 logon path = \\%N\profiles\%U logon drive = S: logon home = \\%N\%U logon script = logon.bat add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel %u add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g printing = cups socket options = TCP_NODELAY idmap uid = 1-2 idmap gid = 1-2 time server = yes null passwords = no idmap backend = ldap:ldap://server:389/ obey pam restrictions = yes ldap passwd sync = yes unix password sync = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes What OS? Did you compile from source? I ran into the following weird issue once: Two servers with samba bundled with the OS. One server with samba compiled from source. Windows machines connecting from VPN- with the firewall blocking netbios traffic. The Windows clients could connect by name to the 1st 2 servers, but only by IP to the 3rd one, even tho DNS name resolution worked. (I could add an lmhosts entry on the client but this is clunky.) This indicated to be that the server does try to resolve client names or ip's and that something I did when I compiled samba broke this functionality. Snooping traffic DID show the client reaching the server but some sort of handshaking NOT completing. I would turn up the general log level. I would also snoop traffic for a client with out WINS to see if it is even locating the samba server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
I usually just use smbstatus. if I'm looking into a user issue, it's usually smbstatus | grep . Then I can get the PID and give it a kill -HUP to load new shares, etc, IF they don;t have any open files. - Original Message - From: "Aaron E." To: samba@lists.samba.org Sent: Wednesday, July 27, 2011 6:21:28 AM Subject: Re: [Samba] How to detect active users clear the logs and monitor for a few days,, If there is not real activity just shut down the service and see if anyone complains they can't access something.. After a few days/weeks/months pull the server. Might not be the perfect scenario but if smbstatus isn't displaying what you need then this might make you feel better about it lol On 07/27/2011 04:33 AM, Malte Forkel wrote: > Am 26.07.2011 19:27, schrieb Jeremy Allison: >> On Tue, Jul 26, 2011 at 07:18:15PM +0200, Malte Forkel wrote: >>> Am 26.07.2011 19:08, schrieb John Drescher: On Tue, Jul 26, 2011 at 1:04 PM, Malte Forkel wrote: > Am 26.07.2011 18:42, schrieb Chris Weiss: >> On Tue, Jul 26, 2011 at 3:06 AM, Malte Forkel >> wrote: >>> Currently, I'm not even sure Samba preserves the kind of state >>> information required to detect the usage scenario I'm interested in. Is >>> there any concept of an "open file" in Windows/Samba, after all? May be >>> it depends on the application used to open the file? >> >> yes, it depends on the application. If the app closes the file and >> leaves the share, samba honors that. if the app keeps the file handle >> open, samba does too. > > So an application (like SciTE) might open a file, read and display its > contents, and close the file while continuing to display it. And in > contrast, a different application might not close the file while it is > displaying its contents? Exactly. John >>> >>> Well, thanks to all of you for your help. >>> >>> In summary then, it looks to me like I won't be able to reliably detect >>> if there is any client out there who would be disappointed if the server >>> shuts down. >> >> Of course you will ! smbstatus does this as I keep repeating. >> If an application has opened and closed the file and keeps it >> in memory, then the user won't be disappointed if the server >> is shut down, they'll get an IO error on save and have to >> do a "save as" to a local (or other remote) drive. >> >> If an application keeps the file open (so it's not safely >> stored in memory) then smbstatus will show this and you >> don't shut the server down. >> >> You seem to think there's some "magic" option that will >> show you client intent, not client activity. >> >> Client activity is all you need to care about, and smbstatus >> show you this. Doesn't matter if applications are running >> or not, whether that have actual files open is all that >> matters. >> >> Jeremy. > > Well, I guess some people get disappointed more easily than others :-) > > I understand that users won't loose any data if the server shuts down > and they "save as" their changes. But having to re-synchronize those > files with those on the server once it is up again is something I'd like > to avoid. > > Plus, the open files (from a user perspective) might just be an > indicator that the user would like to use other capabilities of the > server as well. E.g., he might do remote development of an application > on the server using Eclipse on the Windows machine. If I found out that > the server had shut down when I try to compile a new version (implicitly > saving changed files before), I'd be disappointed. > > Malte > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] VFS Objects Recycle questions
I have a need to setup the recycle vfs object on our server. On my test server, I have all of the shares on a single drive and have put the following into each share: vfs_objects = recycle recycle:repository = [Actual Path and Partition that the share is located] recycle:directory_mode = 770 recycle:keeptree = Yes recycle:touch_mtime = Yes recycle:versions = Yes It works like a charm. All of the files when deleted from each share are dumped into the RecycleBin share, I have created a new share just for the RecycleBin that I have also mounted that I can perform a final delete on the files located within. On the live server, there are several partitions with shares split across the several partitions. The setup is the same, in terms of having the above entered into the individual shares and the RecycleBin for each share is located on the same partition/mount point that the share is located. Example: [share1] wide links = no writeable = yes path = /mnt/disk2/share1 write list = @share1 force group = share1 comment = Job Files and Related valid users = @share1 create mode = 770 user = @share1 directory mode = 770 vfs_objects = recycle recycle:repository = /mnt/disk2/sharebin/%u recycle:directory_mode = 770 recycle:keeptree = Yes recycle:touch_mtime = Yes recycle:versions = Yes [sharebin] wide links = no writeable = yes path = /mnt/disk2/sharebin write list = @share1 force directory mode = 770 force group = share1 sync always = yes force create mode = 770 comment = Location of Recycle Bin valid users = @share1 create mode = 770 user = @share1 directory mode = 770 Everything else matches, the folders exist, the folder permissions are the same, it's just a no go on relinking the files on a delete command from the "share1" share. -- Regards, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
clear the logs and monitor for a few days,, If there is not real activity just shut down the service and see if anyone complains they can't access something.. After a few days/weeks/months pull the server. Might not be the perfect scenario but if smbstatus isn't displaying what you need then this might make you feel better about it lol On 07/27/2011 04:33 AM, Malte Forkel wrote: Am 26.07.2011 19:27, schrieb Jeremy Allison: On Tue, Jul 26, 2011 at 07:18:15PM +0200, Malte Forkel wrote: Am 26.07.2011 19:08, schrieb John Drescher: On Tue, Jul 26, 2011 at 1:04 PM, Malte Forkel wrote: Am 26.07.2011 18:42, schrieb Chris Weiss: On Tue, Jul 26, 2011 at 3:06 AM, Malte Forkel wrote: Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an "open file" in Windows/Samba, after all? May be it depends on the application used to open the file? yes, it depends on the application. If the app closes the file and leaves the share, samba honors that. if the app keeps the file handle open, samba does too. So an application (like SciTE) might open a file, read and display its contents, and close the file while continuing to display it. And in contrast, a different application might not close the file while it is displaying its contents? Exactly. John Well, thanks to all of you for your help. In summary then, it looks to me like I won't be able to reliably detect if there is any client out there who would be disappointed if the server shuts down. Of course you will ! smbstatus does this as I keep repeating. If an application has opened and closed the file and keeps it in memory, then the user won't be disappointed if the server is shut down, they'll get an IO error on save and have to do a "save as" to a local (or other remote) drive. If an application keeps the file open (so it's not safely stored in memory) then smbstatus will show this and you don't shut the server down. You seem to think there's some "magic" option that will show you client intent, not client activity. Client activity is all you need to care about, and smbstatus show you this. Doesn't matter if applications are running or not, whether that have actual files open is all that matters. Jeremy. Well, I guess some people get disappointed more easily than others :-) I understand that users won't loose any data if the server shuts down and they "save as" their changes. But having to re-synchronize those files with those on the server once it is up again is something I'd like to avoid. Plus, the open files (from a user perspective) might just be an indicator that the user would like to use other capabilities of the server as well. E.g., he might do remote development of an application on the server using Eclipse on the Windows machine. If I found out that the server had shut down when I try to compile a new version (implicitly saving changed files before), I'd be disappointed. Malte -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Ghost connections
All, Why do some connections to shares not die? Sometimes when a user logs out of their account smbstatus shows them still connected to the shares. The connection will stay until samba is restarted. This was causing some problems on the shares with file locking. To work around the problem about a month ago I put a cron job in that restarts the samba processes in the middle of the night but that does not solve the problem of the ghost users. Sent on the Sprint® Now Network from my BlackBerry® -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC 3.4 + wins server
Hi , I use Samba 3.4.7 PDC + ldap backend . I can't put the machine if I don't specify the wins server on Pc-client. I try different name resolve order , but nothing change ? Can you help me ? My global is : [global] workgroup = workgroup netbios name = SERVER server string = Server Samba wins support = yes browse list = Yes remote announce = 10.0.0.255/workgroup lm announce = yes lm interval = 30 dns proxy = yes hosts allow = 127.0.0.1 10.0.0.1/255.255.255.0 name resolve order = wins lmhosts host bcast # name resolve order = bcast host lmhosts wins interfaces = bond0 , eth1 ,lo bind interfaces only = no log file = /var/log/samba/%U.%m.log log level = 0 passdb:6 auth:10 vfs:5 acls:3 msdfs:3 max log size = 5000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user username map = /etc/samba/usermap case sensitive = no encrypt passwords = true enable privileges = yes passdb backend = ldapsam:ldap://server:389/ ldap admin dn = cn=admin,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap ssl = off ldap delete dn = nomap to guest = bad user domain logons = yes domain master = yes local master = yes preferred master = yes os level = 255 logon path = \\%N\profiles\%U logon drive = S: logon home = \\%N\%U logon script = logon.bat add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel %u add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g printing = cups socket options = TCP_NODELAY idmap uid = 1-2 idmap gid = 1-2 time server = yes null passwords = no idmap backend = ldap:ldap://server:389/ obey pam restrictions = yes ldap passwd sync = yes unix password sync = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
Il 26/07/2011 10:06, Malte Forkel ha scritto: Am 25.07.2011 23:34, schrieb Chris Weiss: On Mon, Jul 25, 2011 at 3:50 PM, Pascal Valois wrote: Le 25/07/11 22:44, Jeremy Allison a écrit : On Mon, Jul 25, 2011 at 10:21:35PM +0200, Malte Forkel wrote: Hi, I'm running Samba 3.2.5 on a server which I'd like to shut down when it is not used by any client. Is there a way to detect whether any user has opened a file on the server? smbstatus will tell you. slight correction, smbstatus tells you what file are used and by who, currently. not who HAS opened a file. smbstatus will also tell you who has an active connection to what shares, even if they have yet to actually open some file. while it's possible for someone to open a file in app that reads to ram then closes, such as notepad.exe, making edits and letting them sit without saving for long enough that an smb client would disconnect the session is unlikely given the "save often" mentality that most have gotten from using PC's. From application crashes, to power outages, to 2 year old kids pressing buttons, save often! Thanks for your suggestions! so depending on what you mean by "has opened" (opened before and still use it, or opened before and may have close it), smbstatus may be the answer or not. By "has opened" I mean "opened before and still use it". Actually, something more like "would be disappointed if the server went down". Ideally, a user might e.g. open a couple of source files to analyze them and after a while (without making changes of saving anything) try to open another file in the same directory. I've done a couple of experiments with smbstatus, specifically its -S and -L options. My clients run Windows 7 SP1 and Windows XP SP3. While a Windows Expolores is opened for a share (or one of its subdirectories), "smbstatus -S" will list that share. But once the Explorer is closed, the entry is cleared. Similarly, using a File Open Dialog only produces a short lived entry. "smbstatus -L" does not seem to produce any list entries once a user has opened a file. May be I have to specify some more specific locking in smb.conf? I've also experimented with "root preexec" and "root postexec". Those seem to be triggered at the same time the output of "smbstatus -S" changes. Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an "open file" in Windows/Samba, after all? May be it depends on the application used to open the file? I suggest trying smbstatus -B too (shows byterange locks). Also, reading the whole thread it seems to me (FWIW) that the only way to be 100% sure that a samba restart won't disappoint anyone is have smbstatus show no active connection. -- Marcello Romani -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net rpc idmap restore does not work
Hi In the samba HOWTO collection here http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html Creating an IDMAP Database Dump File there is a command net idmap restore /var/lib/samba/winbindd_idmap.tdb < idmap_dump.txt the point is: it doesn't work. It just does nothing, except of printing a lot of lines like this: ignoring invalid line [] ignoring invalid line [BB] Looks like the winbindd_idmap.tdb file is not changed after this command has been run. The actual dump was done like this: net idmap dump /var/lib/samba/winbindd_idmap.tdb > idmap_dump.txt The system I'm testing it on is Debian 6.1, samba 3.5.6. Regards P. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
Am 26.07.2011 19:27, schrieb Jeremy Allison: > On Tue, Jul 26, 2011 at 07:18:15PM +0200, Malte Forkel wrote: >> Am 26.07.2011 19:08, schrieb John Drescher: >>> On Tue, Jul 26, 2011 at 1:04 PM, Malte Forkel >>> wrote: Am 26.07.2011 18:42, schrieb Chris Weiss: > On Tue, Jul 26, 2011 at 3:06 AM, Malte Forkel > wrote: >> Currently, I'm not even sure Samba preserves the kind of state >> information required to detect the usage scenario I'm interested in. Is >> there any concept of an "open file" in Windows/Samba, after all? May be >> it depends on the application used to open the file? > > yes, it depends on the application. If the app closes the file and > leaves the share, samba honors that. if the app keeps the file handle > open, samba does too. So an application (like SciTE) might open a file, read and display its contents, and close the file while continuing to display it. And in contrast, a different application might not close the file while it is displaying its contents? >>> >>> Exactly. >>> >>> John >> >> Well, thanks to all of you for your help. >> >> In summary then, it looks to me like I won't be able to reliably detect >> if there is any client out there who would be disappointed if the server >> shuts down. > > Of course you will ! smbstatus does this as I keep repeating. > If an application has opened and closed the file and keeps it > in memory, then the user won't be disappointed if the server > is shut down, they'll get an IO error on save and have to > do a "save as" to a local (or other remote) drive. > > If an application keeps the file open (so it's not safely > stored in memory) then smbstatus will show this and you > don't shut the server down. > > You seem to think there's some "magic" option that will > show you client intent, not client activity. > > Client activity is all you need to care about, and smbstatus > show you this. Doesn't matter if applications are running > or not, whether that have actual files open is all that > matters. > > Jeremy. Well, I guess some people get disappointed more easily than others :-) I understand that users won't loose any data if the server shuts down and they "save as" their changes. But having to re-synchronize those files with those on the server once it is up again is something I'd like to avoid. Plus, the open files (from a user perspective) might just be an indicator that the user would like to use other capabilities of the server as well. E.g., he might do remote development of an application on the server using Eclipse on the Windows machine. If I found out that the server had shut down when I try to compile a new version (implicitly saving changed files before), I'd be disappointed. Malte -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba