[Samba] File share permissions act different on member server than on DC

2013-10-14 Thread Keith McCormick 

Hi,

To enable my member server's ACLs to work just like the DC, as far as 
Windows is concerned, I needed to add the following parameters to the 
global section of smb.conf file on the member server:


vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = Yes

These parameters are apparently added in the background by default for 
the smbd processes that are spawned by samba. Until I added those items, 
just like you I could never get the ACLs to stick and work correctly. 
Many of them were incorrectly labeled, also, even though the number was 
correct and the same as on the DC.


Something to note: I believe the vfs object parameter does require that 
xattrs work on the file system that you use.


Cheers,
KeithM

On Sun, 2013-10-13 at 22:31 +0200, Marc Muehlfeld wrote:
> Hello,
>
> a while ago I wrote the
> http://wiki.samba.org/index.php/Setup_and_configure_file_shares HowTo.
>
> When I wrote the HowTo, I setup and configured the share on a DC - what
> still works like described. Today I tried the first time to do exactly
> the same on a 4.0.10 and 4.1.0 _member server_, and it doesn't work 
there.

>
> The share in smb.conf:
> [demo]
> path = /srv/samba/Demo
> read only = no
>
> The folder in the filesystem (XFS):
> drwxr-xr-x   2 root root6 13. Okt 22:16 /srv/samba/Demo
>
> I connect to the share as Domain Admin, right-click to it and go to the
> "security" tab. Here I see now "everyone" and two "root" entries.
> - I click the "edit" button and remove the two "root" entries. When I
> click "apply", everything is reset (the two entries went back".
> - If i grant "modify" to "everyone" - where all "allow" entries are
> empty per default and click "apply", then all boxes are checked
> automatically (full access) and "CREATOR OWNER" and "CREATOR GROUP"
> appear. And this two can't be removed as well any more.
>
>
> If I do exactly the same on a DC, then already the security tab shows on
> the first time I open it very different settings. The wiki screenshot
> shows them:
> http://wikiupload.samba.org/images/8/8f/Demo_Share_Security.png). But
> the folder on Linux side is also just 755 (and without any extended ACLs
> when I begin). Also whatever I change (like remove "root" from the ACLs)
> everything is done like expected and saved.
>
>
> The member server is also self compiled. I installed all packages on my
> RHEL6 that I have installed on the DC too.
>
>
> Any idea what could be different on a 4.x member than on a DC? Or did I
> find a bug?
>
>
> Regards
> Marc
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Multiple A records on my parent domain name are confusing hosts

2013-10-14 Thread Scott Goodwin 
BTW, I commented out the first two lines in dns_update_list, then removed
the "spare" entries from DNS. Now they don't refresh the bad entries.
Problem solved.
(really, I'm only interested in samba keeping the ms-specific dns entries
up to date)


*Scott Goodwin*
IT Lead
Mimic Technologies, Inc
811 First Avenue, Suite 408  |  Seattle, WA 98104
phone: 1.800.918.1670  |  direct: 206.456.9180
fax: 206.623.3491  |  cell: 206.355.7767



On Fri, Oct 11, 2013 at 12:43 PM, Gregory Sloop  wrote:

>
>
> AB> On Tue, 2013-10-08 at 10:23 -0700, Scott Goodwin wrote:
> >> I'm using Samba 4.0.9, Bind 9.9.4 w/ dlz
> >>
> >> My domain is example.com
> >> My Samba4 server is myserver.example.com
> >> myserver has two nics: 10.10.10.5 and 192.168.10.2
> >> My externally hosted web site is www.example.com, and is hosted at
> >> 123.123.123.123
> >> I have an A and CNAME in DNS like so:
> >>
> >>  @ A  123.123.123.123
> >> www   CNAME  example.com.
> >>
> >> The above allows internal web browsers to access the external site via
> >> www.example.com or example.com. This works great.
> >>
> >> The problem is that every ten minutes when samb's dns update happens, it
> >> keeps putting the following two entries in, which points internal hosts
> to
> >> the dns server, instead of  the externally hosted web site:
> >> @ A  10.10.10.5
> >> @ A  192.168.10.2
> >>
> >>
> >> Why do these keep showing up?  I'm sure there is a place that the info
> is
> >> coming from, but I don't know where, and I desperately need to prevent
> this
> >> from happening.  I mean, don't get me wrong, I realize what the records
> >> mean, but what I'm trying to do is prevent them from repopulating and
> >> preventing my internal hosts from browsing the web site.  I didn't have
> >> this problem when I could edit the bind files directly, but now that I'm
> >> using bind_dlz for samba, I'm a little lost.
>
> AB> The issue is that Samba controls that name, and tries to set it to
> match
> AB> the network interfaces of the DC, because AD clients may (few actually
> AB> do, in this specific case) use this name to find a DC.  See
> AB> dns_update_list.
>
> AB> I suggest breaking the CNAME and not using example.com to find your
> AB> website internally.
>
> Wouldn't it make a lot of sense, provided one had the infrastructure
> [extra servers/hardware] to handle DNS like this:
>
> (And at a smaller site, you could do this in a VM like virtualbox on
> the same hardware as the S4/AD server - memory is cheap, and at a
> small site, I/O load is going to be trivial.)
> ---
>
> Setup a DNS+DHCP server, external to/outside of the AD. Say,
> mydomain.local
>
> DHCP and DDNS would apply against mydomain.local
>
> Put the S4/Windows AD in a 3rd level domain - say samba.mydomain.local.
>
> Point all queries for the 3rd level DNS [samba.mydomain.local] to the AD/
> DNS controller. [i.e. A forward zone for samba.mydomain.local -> S4AD
> server]
>
> This resolves issues with DHCP/DDNS - since you're not trying to make
> the AD controller handle it.
>
> Next by using something like .local as your 1st level domain, you don't
> have conflicts with real-world external domains. [And even if you did
> use something like .com - you could tweak the DNS server to handle it
> without messing with the AD domain - provided you didn't use anything
> in that 3rd level domain (samba.mydomain.local) out in the open/public
> internet.]
>
> I know it's extra work, but it just seems to make things a lot cleaner
> and keeps DNS from becoming such a tangle in AD, IMO
>
> Thoughts?
>
> -Greg
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Clients Windows not update record DNS on zone BIND9_DLZ

2013-10-14 Thread Scott Goodwin 
This issue frustrates a lot of people (myself included). I ended up having
to ditch the Windows client DNS updates, and instead have my dhcp server
update the records. Refer to a previous thread between Rowland and myself.
In there he gives a very useful link for doing this.



*Scott Goodwin*
IT Lead
Mimic Technologies, Inc
811 First Avenue, Suite 408  |  Seattle, WA 98104
phone: 1.800.918.1670  |  direct: 206.456.9180
fax: 206.623.3491  |  cell: 206.355.7767



2013/10/14 Jacó Ramos 

> Hi List,
>
> My clients windows not update record DNS on zones!
>
> Show my log:
>
> --
> samba_dlz: starting transaction on zone jacoramos.net.br
> client 192.168.0.20#1080: update 'jacoramos.net.br/IN' denied
> samba_dlz: cancelling transaction on zone jacoramos.net.br
> --
>
> Anyone have any ideas?
>
> Thanks!
> Jacó Ramos
> --
>
> *"O homem não foi criado para ser feliz nem para vencer, mas para viver
> para Deus. Quando vive para Deus é feliz e vence." Isaltino Gomes
> *
> *
> $whoami*
>
>- Perito Forense Computacional
>- Pentester
>- Esp. em Segurança de Redes de Computadores com enfâse a Perícia
>Forense Computacional - FACID
>- Bacharel em Ciência da Computação - UESPI
>- Administrador de Redes de Computadores
>- CCNA Modulo II
>- Lattes: *http://lattes.cnpq.br/1591329268136905*
>
>
> Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se
> você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
> não deve usar, copiar ou divulgar as informações nela contida ou tomar
> qualquer ação baseada nessas informações.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba is still crashing

2013-10-14 Thread Wayne L. Andersen 

You are correct, it was the same issue.

There is a patch associated with the problem and it corrected it for me 
on both servers.


Wayne Andersen

On 10/14/2013 04:48 AM, Volker Lendecke wrote:

On Sun, Oct 13, 2013 at 11:11:29PM -0600, Wayne Andersen wrote:

I have had a problem for a couple of weeks now. I get very regular
crashes on two of my three Domain Controllers.

I just updated to 4.1.0 and I am still getting the same problem.

This looks like
https://bugzilla.samba.org/show_bug.cgi?id=10052

Volker



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Question about DNS Ghost Records

2013-10-14 Thread Günter Kukkukk 
Am Donnerstag, 10. Oktober 2013, 17:13:28 schrieb Gerhard Stein:
> nope, it didn't help:
> 
> gerstrong@ZController:~$ /usr/local/samba/bin/samba-tool dns add
> zcontroller calcdom.local Z37 A IP -k yes
> ERROR(runtime): uncaught exception - (-1073741811, 'Unexpected
> information received')
>File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>  return self.run(*args, **kwargs)
>File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py", line
> 1053, in run
>  0, server, zone, name, add_rec_buf, None)
> gerstrong@ZController:~$ /usr/local/samba/bin/samba-tool dns delete
> zcontroller calcdom.local Z37 A IP -k yes
> ERROR: Record does not exist
> 
> Regards
> 
> - Gerd
> 
> Am 10.10.2013 16:43, schrieb Gerhard Stein:
> > I just found this:
> > 
> > https://wiki.samba.org/index.php/DNS -> Under troubleshoot
> > 
> > Let me try it out first.
> > 
> > Am 10.10.2013 15:07, schrieb Gerhard Stein:
> >> I have had an IP Address Record of the name Z37 which was
> >> 192.168.2.203. Using nslookup I find it, but samba-tool queries the
> >> name and shows 0 Records?
> >> 
> >> $ nslookup Z37
> >> 
> >> Server:192.168.2.1
> >> Address:192.168.2.1#53
> >> 
> >> Name:Z37.calcdom.local
> >> Address: 192.168.2.203
> >> 
> >> 
> >> 
> >> $ samba-tool dns query localhost calcdom.local @ ALL
> >> 
> >>   Name=, Records=4, Children=0
> >>   
> >> SOA: serial=119, refresh=900, retry=600, expire=86400,
> >> 
> >> ns=zcontroller.calcdom.local., email=hostmaster.calcdom.local.
> >> (flags=60f0, serial=119, ttl=3600)
> >> 
> >> NS: zcontroller.calcdom.local. (flags=60f0, serial=1, ttl=900)
> >> A: 134.147.57.144 (flags=60f0, serial=110, ttl=900)
> >> A: 192.168.2.1 (flags=60f0, serial=110, ttl=900)
> >>   
> >>   Name=_msdcs, Records=0, Children=0
> >>   Name=_sites, Records=0, Children=1
> >>   Name=_tcp, Records=0, Children=4
> >>   Name=_udp, Records=0, Children=2
> >>   Name=DomainDnsZones, Records=0, Children=2
> >>   Name=ForestDnsZones, Records=0, Children=2
> >>   Name=Y15, Records=1, Children=0
> >>   
> >> A: 192.168.2.192 (flags=f0, serial=110, ttl=1200)
> >>   
> >>   Name=Y16, Records=1, Children=0
> >>   
> >> A: 192.168.2.122 (flags=f0, serial=110, ttl=1200)
> >> 
> >> 
> >> 
> >>   Name=Z34, Records=1, Children=0
> >>   
> >> A: 192.168.2.169 (flags=f0, serial=110, ttl=1200)
> >>   
> >>   Name=Z35, Records=1, Children=0
> >>   
> >> A: 192.168.2.206 (flags=f0, serial=115, ttl=0)
> >>   
> >>   Name=Z36, Records=1, Children=0
> >>   
> >> A: 192.168.2.205 (flags=f0, serial=116, ttl=0)
> >>   
> >>   Name=Z37, Records=0, Children=0 < 
> >>   Name=zcontroller, Records=2, Children=0
> >>   
> >> A: 134.147.57.144 (flags=f0, serial=110, ttl=900)
> >> A: 192.168.2.1 (flags=f0, serial=110, ttl=900)
> >>   
> >>   Name=Ztest, Records=0, Children=0
> >> 
> >> Now in order to fix that I tried to delete that record and get this:
> >> 
> >> $ samba-tool dns update localhost calcdom.local Z37 A 192.168.2.203
> >> 192.168.2.210
> >> Password for [Administrator@CALCDOM.LOCAL]:
> >> ERROR: Record does not exist
> >> 
> >> I can believe that, but when I try then to add a new record with that
> >> name:
> >> 
> >> $ samba-tool dns add localhost calcdom.local Z37 A 192.168.2.203
> >> Password for [Administrator@CALCDOM.LOCAL]:
> >> ERROR(runtime): uncaught exception - (9711,
> >> 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> >> 
> >>   File
> >> 
> >> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> >> line 175, in _run
> >> 
> >> return self.run(*args, **kwargs)
> >>   
> >>   File
> >> 
> >> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> >> line 1053, in run
> >> 
> >> 0, server, zone, name, add_rec_buf, None)
> >> 
> >> So, no record, but I cannot add this one...? A bit strange. I did a
> >> recent update where also the automatic DNS updates got better on the
> >> other computers.
> >> 
> >> I'm still trying to remove that record...What works is to add a
> >> Record with another data:
> >> 
> >> $ samba-tool dns add localhost calcdom.local Z37 A 192.168.2.210
> >> Password for [Administrator@CALCDOM.LOCAL]:
> >> Record added successfully
> >> 
> >> But I cannot update or remove the one with the 192.168.2.203:
> >> 
> >> now both are shown :
> >> 
> >> $ nslookup z37
> >> Server:192.168.2.1
> >> Address:192.168.2.1#53
> >> 
> >> Name:z37.calcdom.local
> >> Address: 192.168.2.203
> >> Name:z37.calcdom.local
> >> Address: 192.168.2.210
> >> 
> >> 
> >> Btw. I have no bind installed. I hope you can help, because I have no
> >> way to remove that record. Can I clear the DNS Cache maybe? How?
> >> 
> >> Kind Regards,

atm i have no working system around, but afair you need to specify
a temporary ip address:

/usr/local/samba/bin/samba-tool dns add zcontroller calcdom.local Z37 A 
here

Re: [Samba] [PATCH] Fix Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ

2013-10-14 Thread Andrew Bartlett 
On Mon, 2013-10-14 at 07:42 -0300, Jacó Ramos wrote:
> I type...
> 
> tar zxvf samba-4.1.0.tar.gz
> cd samba-4.1.0
> patch -p1 < 0001-provision-Do-not-set-dns-HOSTNAME-password-during-ad.patch
> ./configure
> make
> make install
> 
> This procedure is correct?

As has been pointed out elsewhere, the patch is incorrect.  

Try this one instead:
https://attachments.samba.org/attachment.cgi?id=9210

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Samba Developer, Catalyst IT   http://catalyst.net.nz


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] using samba 4 as plugin replacement for samba 3

2013-10-14 Thread Andrew Bartlett 
On Mon, 2013-10-14 at 08:22 +0200, Daniel Müller wrote:
> THIS WILL NOT WORK:  can I simply give samba 4 a copy of the old smb.conf
> file?

Except for the parameters that were removed (security=share,
security=server in particular), it really should work.  If it does not,
please file a bug with exact directions to reproduce. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Samba Developer, Catalyst IT   http://catalyst.net.nz


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] [homes] support in Samba 4.x

2013-10-14 Thread Andrew Bartlett 
On Mon, 2013-10-14 at 13:06 +0200, Daniel Müller wrote:
> First of all no more [homes] but [home]!!

If you can please demonstrate a configuration that worked with Samba 3.x
and fails with Samba 4.0 regarding [homes] support, we would very much
like to fix it.  There has been no intentional change in this area. 

It is actually also meant to work on our AD DC, but I know a number of
folks don't use it because a [home] share works better with ADUC
(because that creates the home directory). 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Samba Developer, Catalyst IT   http://catalyst.net.nz


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Powerpoint 2007 not advancing slides

2013-10-14 Thread Kevin Hall 

Hi Everyone

Samba 3.6.7 on OpenSuse 12.2 x86_64

I have an unusual problem for which I have not been able to find a 
solution on the Internet.


With Powerpoint 2003, there was no issue. With Powerpoint 2007, the user 
cannot advance slides unless the file is saved locally on the client 
(Windows XP SP3, ntfs filesystem).


When the file is loaded from the samba share, the user can edit and save 
their powerpoint. They simply cannot run a slideshow. Regardless of the 
slideshow settings, you cannot advance to the next slide.


Any assistance would be appreciated.

Kevin Hall
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba login using upn

2013-10-14 Thread Angelica Delgado 
When I try to use t...@realm.com, it gives NT_STATUS_NO_SUCH_USER.  Can you
please let me know if there is patch or configuration needed for samba 3.5
to support login using the UPN instead of the samaccountname?



On Sun, Oct 13, 2013 at 11:35 PM, Angelica Delgado  wrote:

> I want to know if we can configure samba to authenticate to active
> directory using the user principal name (upn).  Currently, it is working
> using the samaccountname but we need to use the upn.   I am using samba 3.5
> Thanks
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] GPFS Samba CTDB cluster how to

2013-10-14 Thread Jeremy Allison 
On Mon, Oct 14, 2013 at 03:35:13PM +0100, Ian CLANCY wrote:
> Hi List,
> I've created an extensive how to for setup of clustered Samba on GPFS using
> CTDB .
> Can anyone suggest an appropriate forum to share this information  .
> Perhaps the Samba Wiki ?.

Putting this into the Samba Wiki would be much appreciated !

Thanks,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] One user getting: "Primary group is 0 and contains 0 supplementary groups" on standalone server

2013-10-14 Thread Stuart Reedy 

On 10/11/2013 11:36 AM, Stuart Reedy wrote:

Greetings,

We are having some rights issues on Samba 3.6.18 running on Slackware64
14.0 (the official Slackware Package).  One of our users is having
access issues and I believe I have traced the problem to the following
entry in the log.smbd:

  Primary group is 0 and contains 0 supplementary groups

Issuing the groups command for this user returns the 8 Linux groups in
which the user has membership.

In researching this, I found another reference to this log entry for
which the solution had to do with Windows groups and their relationship
to local groups.

Since we are using Samba stand-alone, we do not create any Windows
groups and use local Linux groups for privileges. (I'm assuming Samba
can still be used this way.)

My question is: How does Samba calculate these group memberships?

I'll look through the source code and see what I can see, but I am no
programming wizard, so I doubt I'll find what I need there.

Thanks!
Stu...


OK, I found where Samba gets the Linux group information created a C 
program that uses the same function (getgroups). Of course, this returns 
the correct groups for the user for which Samba claims: Primary group is 
0 and contains 0 supplementary groups


Also, the "id" command returns the Linux groups as expected:

uid=6032(REDACTED) gid=6000(REDACTED) 
groups=6000(REDACTED),6001(REDACTED),6007(REDACTED),6009(REDACTED),6010(REDACTED),6011(REDACTED),6012(REDACTED),6013(REDACTED),6014(REDACTED)


I'm a a loss as to why this user is not getting the proper rights from 
Samba.


Any ideas?

--
Stuart Reedy   Working hard for a great university!
s...@coe.uky.edu
859 257-7966   http://www.coe.uky.edu/~stu/
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] [Samba 4.0.9 | Win 7 x64 | Office 2007 x86 | Folder Redirection | Local Cache] : Word-documents, Corrupt

2013-10-14 Thread Bouke J. Henstra 
Hello,

First of all I would like to thank the Samba Project Group for this state
of the art software. I would like to thank every body for helping each
other out.
Please ignore my poor English writing. It is not my native language.
Although: I do the best I can.

We use Samba for a while now. We started with version 4.0.6 and updated
each time. Now we are at version 4.0.9 and we are planning to update our
installation to version 4.1.0.

We use Samba 4 as Active Directory Domain Controller.

We also got some shares on this same Samba server. We use the share
'profiles' for the user profiles.
Everything seems to work well but sometime we got issues with
Word-documents. These files get corrupted while working for 45 minutes to
a couple of hours.

Before we decided to work with roaming profiles I read the Samba-documents
about this option. We decided to use folder redirection including local
cache (we use desktops and notebooks).

I tried a lot of things to solve this issue (with the Word-documents):
- re-installed notebook (also replaced HDD; I installed a SSD)
- tested network wiring
- ran HDD checks (server)
- tested switches
- changed smb.conf (oplocks, locks, et cetera)
- added registry key 'RoundUpWriteTimeOnSync' to client computers at boot
time
- - REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\NetCache /v
RoundUpWriteTimeOnSync /t REG_DWORD /d 0001 /f

Maybe there is somebody who is able to help us with this issue. I have
listed our /opt/samba/etc/smb.conf file at the end.

Thanks in advance. Bouke

[global]
workgroup = TH01
realm = TH01.INET
netbios name = COMSRV01A
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536
SO_SNDBUF=65536
guest account = nobody
map to guest = bad user
#printing = cups
#printcap name = cups
kernel oplocks = no

[netlogon]
path = /opt/samba/var/locks/sysvol/th01.inet/scripts
read only = No

[sysvol]
path = /opt/samba/var/locks/sysvol
read only = No

[profiles]
comment = Profiles
path = /data/profiles
browsable = no
read only = no
writable = yes
directory mask = 0700
create mask = 0600
#
# oplocks are disabled for this share
#
  oplocks = False
  level2 oplocks = False
#
# 'blocking locks' set to 'no' for Word documents
#
  blocking locks = no
#
# do not oplock the following files
#
  veto oplock files =
/*.doc*/*.DOC*/*.xls*/*.XLS*/*.txt/*.TXT/*.log/*.LOG/*.csv/*.CSV/*.*-ms/*.
*-MS/
#
csc policy = documents

[pdf-prints]
comment = PDF Files
path = /data/pdf
browsable = yes
read only = no
writable = yes
directory mask = 0775
create mask = 0664
[wpkg]
comment = Software Deployment
path = /opt/wpkg
browsable = no
read only = no
write list = 300,administrator,root
directory mask = 0755
create mask = 0644
guest ok = yes
strict locking = no
oplocks = False
level2 oplocks = False
blocking locks = no
veto oplock files = /*.log/*.LOG/

[packages]
comment = Software Packages
path = /extra/packages
browsable = no
read only = no
write list = 300,administrator,root
create mask = 0644
directory mask = 0755
guest ok = yes

[wsus]
comment = WSUS
path = /extra/wsus
browsable = no
read only = no
writelist = 300,administrator,root
create mask = 0644
directory mask = 0755
guest ok = yes

[log]
comment = Log Files
path = /data/log
browsable = no
read only = no
force create mode = 0664
force directory mode = 0775
guest ok = yes

[printers]
   comment = All Printers
   path = /opt/samba/var/spool
   browsable = no
   public = yes
   guest ok = yes
   writable = no
   printable = yes

# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
   comment = Printer Drivers
   path = /opt/samba/lib/printers
   browseable = yes
   guest ok = no
   read only = yes
   write list = root
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 4 DNS failing on one server

2013-10-14 Thread dahopkins 
I have two samba 4 AD DC running using the internal DNS. On one of them, DNS 
will fail after a short time (10-15 minutes).  Restarting samba on this AD DC 
corrects the issue temporarily. This behavior started about 2 weeks ago. We had 
not made any changes to either system during this time so it is a complete 
mystery.  I unfortunately used the latest version of samba from git (4.2) for 
creating these systems.  I am in the process of building a new 4.1 server and 
will join it to the domain as an AD DC (hoping that this will work correctly).  
In /etc/krb5.conf, the server with failing dns is also listed as the 
admin_server for the realm. No idea what the effect of this is if I can point 
to the other server and still resolve dns.

First though, what log files I should even be looking at for the DNS issues. 

I can run all the tests for a properly operating DNS and they all return the 
correct values (up until DNS fails).
e.g.
host -t SRV _ldap._tcp.ncs.k12.de.us
host -t SRV _kerberos._udp.ncs.k12.de.us
host -t A ncssamba1.ncs.k12.de.us

all return correct information. kinit also works correctly, smbclient -L server 
-U% returns the correct information. I am running nslcd on both servers and 
that is also working.

Completely lost on what to try to fix this dns issue.

Sincerely,
Dave Hopkins





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 - PDC - RHEL6 - Slow browsing from Mac clients

2013-10-14 Thread Paul Older 
On 14 Oct 2013, at 15:59, Ryan Bair  wrote:

> I've been running netatalk for my OS X clients with great success. The 
> performance isn't as good as Windows to Samba, but its a HUGE improvement 
> over any version of OS X with any SMB server. 30 seconds with wireshark will 
> tell you why OS X's browsing performance is so horrible.

This is good news. I'm attempting to get Netatalk 3 up and running but am 
struggling to link the authentication into the Samba4 setup. On a slightly 
different note, I've been advised by an Apple Premium Reseller and Systems 
Integrator here in the UK that they recommend people use NFS in their Linux / 
Mac environments. I'd be interested to hear the voice of experience on that one 
if anyone care comment?

> Another point of OS X/Samba misinformation is that Apple dropped Samba which 
> is an SMB server. OS X's SMB client never shared any code with Samba any did 
> not change as a result of the Samba purge. 

Thanks for the clarification. Hopefully this thread will help dispel myths that 
I've obviously come across out there in internet land.

> Here's hoping 10.9's SMB driver is as improved as Apple is claiming it to be. 

>From my testing with my chosen problematic directory of 80 images, I found 
>directory listing times to be :

10.8 - about 60 seconds (very laggy scrolling)
10.9 (pre-release) - about 3 seconds, scrolling is fine
10.8 running Dave from Thursby, - near instant and no issues with scrolling

Apple should clearly buy the technology from Dave and implement it in their OS.

Paul




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Clients Windows not update record DNS on zone BIND9_DLZ

2013-10-14 Thread Jacó Ramos 
Hi List,

My clients windows not update record DNS on zones!

Show my log:

--
samba_dlz: starting transaction on zone jacoramos.net.br
client 192.168.0.20#1080: update 'jacoramos.net.br/IN' denied
samba_dlz: cancelling transaction on zone jacoramos.net.br
--

Anyone have any ideas?

Thanks!
Jacó Ramos
-- 

*"O homem não foi criado para ser feliz nem para vencer, mas para viver
para Deus. Quando vive para Deus é feliz e vence." Isaltino Gomes
*
*
$whoami*

   - Perito Forense Computacional
   - Pentester
   - Esp. em Segurança de Redes de Computadores com enfâse a Perícia
   Forense Computacional - FACID
   - Bacharel em Ciência da Computação - UESPI
   - Administrador de Redes de Computadores
   - CCNA Modulo II
   - Lattes: *http://lattes.cnpq.br/1591329268136905*


Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se
você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
não deve usar, copiar ou divulgar as informações nela contida ou tomar
qualquer ação baseada nessas informações.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Moving files from NTFS to NTFS

2013-10-14 Thread Sean McMahon 
Hi,

I'm trying to move files from one folder on a remote ntfs to another remote 
ntfs which are on Samba. When I do it with some java code I get an error saying 
I don't have permissions.

Any ideas?

Sean
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 - PDC - RHEL6 - Slow browsing from Mac clients

2013-10-14 Thread Ryan Bair 
I've been running netatalk for my OS X clients with great success. The
performance isn't as good as Windows to Samba, but its a HUGE improvement
over any version of OS X with any SMB server. 30 seconds with wireshark
will tell you why OS X's browsing performance is so horrible.

Another point of OS X/Samba misinformation is that Apple dropped Samba
which is an SMB server. OS X's SMB client never shared any code with Samba
any did not change as a result of the Samba purge.

Here's hoping 10.9's SMB driver is as improved as Apple is claiming it to
be.

On Oct 11, 2013 12:40 PM, "Jeremy Allison"  wrote:

> On Fri, Oct 11, 2013 at 04:15:35PM +, Paul Older wrote:
> > On 11/10/2013 17:04, "Jeremy Allison"  wrote:
> >
> >
> > >On Fri, Oct 11, 2013 at 11:36:41AM +, Paul Older wrote:
> > >>   *   A few years ago, Samba made changes to their licensing meaning
> > >>Apple could apparently no longer use it in a commercial release (so
> I've
> > >>read)
> > >
> > >No No No !
> > >
> > >"Apple could apparently no longer use it in a commercial release"
> > >
> > >I *hate* this myth, it's *completely* untrue. Where
> > >did you read this ?
> >
> > Apologies - my source is quite unofficial and now also apparently wrong.
> > For info, I read it here:
> >
> >
> http://www.tuaw.com/2011/03/24/apple-to-drop-samba-networking-tools-from-li
> > on
> >
> > As Mac OS X adopted more of Samba's tools, the team behind Samba
> gradually
> > transformed the open source licensing for its software. The latest
> version
> > of Samba is offered only with General Public License Version 3 (GPLv3
> > ) licensing, which includes
> > restrictions that essentially prevent Apple from incorporating it into
> > commercially packaged software like Mac OS X.
>
> "essentially prevent" == "Stops Apple from suing Samba or Samba users over
> their patents".
>
> Is how you have to read that.
>
> Jeremy.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] GPFS Samba CTDB cluster how to

2013-10-14 Thread Ian CLANCY 
Hi List,
I've created an extensive how to for setup of clustered Samba on GPFS using
CTDB .
Can anyone suggest an appropriate forum to share this information  .
Perhaps the Samba Wiki ?.
Ian Clancy
IS Department
Valeo Vision Systems (VVS)

This e-mail message is intended only for the use of the intended recipient(s).
The information contained therein may be confidential or privileged,
and its disclosure or reproduction is strictly prohibited.
If you are not the intended recipient, please return it immediately to its 
sender 
at the above address and destroy it. 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba_kcc error in /var/log/messages

2013-10-14 Thread Taylor, Jonn 

On 10/12/2013 08:43 AM, George ITee wrote:

Hello,

  


I am getting these errors in /var/log/messages :

  


Oct 12 16:36:15 sambadc samba[7147]: [2013/10/12 16:36:15.817541,  0]
../source4/dsdb/kcc/kcc_periodic.c:664(kccsrv_samba_kcc)

Oct 12 16:36:15 sambadc samba[7147]:   Calling samba_kcc script

Oct 12 16:36:15 sambadc abrt: detected unhandled Python exception in
'/usr/local/samba/sbin/samba_kcc'

Oct 12 16:36:15 sambadc samba[7147]: [2013/10/12 16:36:15.959943,  0]
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)

Oct 12 16:36:15 sambadc samba[7147]:   /usr/local/samba/sbin/samba_kcc:
close failed in file object destructor:

Oct 12 16:36:15 sambadc abrtd: New client connected

Oct 12 16:36:15 sambadc abrtd: Directory 'pyhook-2013-10-12-16:36:15-7630'
creation detected

Oct 12 16:36:15 sambadc abrt-server[7633]: Saved Python crash dump of pid
7630 to /var/spool/abrt/pyhook-2013-10-12-16:36:15-7630

Oct 12 16:36:15 sambadc samba[7147]: [2013/10/12 16:36:15.973347,  0]
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)

Oct 12 16:36:15 sambadc samba[7147]:   /usr/local/samba/sbin/samba_kcc:
IOError: [Errno 10] No child processes

Oct 12 16:36:15 sambadc samba[7147]: [2013/10/12 16:36:15.994361,  0]
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)

Oct 12 16:36:15 sambadc samba[7147]:   /usr/local/samba/sbin/samba_kcc:
close failed in file object destructor:

Oct 12 16:36:15 sambadc samba[7147]: [2013/10/12 16:36:15.994469,  0]
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)

Oct 12 16:36:15 sambadc samba[7147]:   /usr/local/samba/sbin/samba_kcc:
IOError: [Errno 10] No child processes

Oct 12 16:36:16 sambadc abrtd: Executable '/usr/local/samba/sbin/samba_kcc'
doesn't belong to any package

Oct 12 16:36:16 sambadc abrtd: 'post-create' on
'/var/spool/abrt/pyhook-2013-10-12-16:36:15-7630' exited with 1

Oct 12 16:36:16 sambadc abrtd: Corrupted or bad directory
'/var/spool/abrt/pyhook-2013-10-12-16:36:15-7630', deleting

  


The thing is, these errors appear exactly every 5 minutes. The domain
controller seems to be working fine in my test environment so far, but I
don't recall seeing these errors with Samba 4.0.7. This was also with 4.0.9,
now I just compiled 4.1.0 and the same thing. Any cause of concern, or is it
just supposed to happen ?

  


Thank you,

  


George


I asked the same question on dev list and never got an answer!

Jonn

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [3.6.8] XP fails with error 1326

2013-10-14 Thread Winfried 
No, but I finally found the issue: I was using an older version of the OS
instead of checking if a new version was available :-/ The latest worked
right away after downloading and activating the Samba module. I should have
checked that, first thing.

Then, all I needed to share files with any user without adding any user
account to Slax (either Unix or Samba) is this smb.conf:

[global]
workgroup = WORKGROUP
;Not neeeded, but in case you don't like the hostname
netbios name = LINUX

;Important: Otherwise, doesn't switch to Unix "nobody" -> Err 5 Access
denied
security = share

;if you need to investigate : 2 or 3
;log level = 2

[test]
path=/tmp
read only = yes
guest ok = yes


What I've learned:
1. Use the latest OS
2. In case Samba isn't working as exepcted, use "log level =2" or even "= 3"
to investigate, as it provides more information than what Windows says.

Thanks a lot for your help.



--
View this message in context: 
http://samba.2283325.n4.nabble.com/3-6-8-XP-fails-with-error-1326-tp4654631p4655055.html
Sent from the Samba - General mailing list archive at Nabble.com.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] File permission problems after update from Samba 4 alpha 17 to Samba 4.0.5

2013-10-14 Thread X-Dimension 
We had used Samba alpha 17 (included in Resara Server 1.2) for a long 
time and
has now migrate it to Samba 4.0.5 (Ubuntu + Zentyal 3.0 PPA) with NTVFS 
enabled .


Most things seems to work: DNS with Bind9_DLZ, domain join, user login 
and also GPO are still working fine :)

But we have trouble with file permissions now!
All domain users can't rename or delete their own files which they had 
created with Samba 4 alpha 17 before.

It looks like they only had 'read only' access to their files.
For example when the user peter@mydomain wants to rename/delete a file 
he had created before, then he
gets an error message like "only peter@mydomain can rename this file" or 
"file is locked by peter@mydomain".


Our global section of /etc/samba/smb.conf looks like this:
--
[global]
interfaces = eth0
workgroup = MYDOMAIN
realm = mydomain.lan
netbios name = PDC
server string = PDC
server role = active directory domain controller
passdb backend = samba4
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
winbind, ntp_signd, kcc, dnsupdate, smb
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, 
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, 
eventlog6, backupkey, dnsserver, winreg, srvsvc

--
Because Samba 4 alpha 17 was using NTVFS, i thought it is the best idea 
to stay on NTVFS even on Samba 4.0.5.

But it looks, like i was wrong.

Thanks for any ideas that helps us to fix our permission problem.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems joining Samba4 domain [resolved]

2013-10-14 Thread Rowland Penny 

On 14/10/13 13:29, X-Dimension wrote:

Am 14.10.2013 06:43, schrieb Andrew Bartlett:

On Sun, 2013-10-13 at 14:29 +0100, Rowland Penny wrote:


Just how closely did you follow the webpage you posted in your OP? , it
seems to be using the standard samba4 packages from Ubuntu, which if I
remember correctly are broken. Also there is a howler on the webpage 
you

posted, you are advised to create a share called [global] , this is the
standard top share that you will find in any smb.conf.

I would advise you to compile samba4 yourself, it is easy, see here:
https://wiki.samba.org/index.php/Build_Samba

I would also suggest that you use the latest tarball (4.1.0)

I totally agree.  We are only now getting current Samba 4.0 packages
into Debian unstable, and Ubuntu's package, particularly on 12.04 is
very, very old.

Start with current code, and then get network traces and log files if
you still have issues.

Andrew Bartlett

I'm using Samba 4.0.5 from Zentyal 3.0 PPA now, and this resolved my 
problem!


But after updating from Samba 4 alpha 17 to  Samba 4.0.5, i have file 
permission problems now.

I will describe my problems in another mail to the samba mailing list.

Thanks so far guys! :)

Well, if you will not compile the latest & greatest Samba 4, you might 
as well use the latest available deb from here: http://enterprisesamba.com/
You will have to register, but will get 4.0.10 which is the latest in 
the 4.0 series.


I still think that you would be better off compiling it yourself, it is 
very very easy.


Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems joining Samba4 domain [resolved]

2013-10-14 Thread X-Dimension 

Am 14.10.2013 06:43, schrieb Andrew Bartlett:

On Sun, 2013-10-13 at 14:29 +0100, Rowland Penny wrote:


Just how closely did you follow the webpage you posted in your OP? , it
seems to be using the standard samba4 packages from Ubuntu, which if I
remember correctly are broken. Also there is a howler on the webpage you
posted, you are advised to create a share called [global] , this is the
standard top share that you will find in any smb.conf.

I would advise you to compile samba4 yourself, it is easy, see here:
https://wiki.samba.org/index.php/Build_Samba

I would also suggest that you use the latest tarball (4.1.0)

I totally agree.  We are only now getting current Samba 4.0 packages
into Debian unstable, and Ubuntu's package, particularly on 12.04 is
very, very old.

Start with current code, and then get network traces and log files if
you still have issues.

Andrew Bartlett

I'm using Samba 4.0.5 from Zentyal 3.0 PPA now, and this resolved my 
problem!


But after updating from Samba 4 alpha 17 to  Samba 4.0.5, i have file 
permission problems now.

I will describe my problems in another mail to the samba mailing list.

Thanks so far guys! :)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] using samba 4 as plugin replacement for samba 3

2013-10-14 Thread Daniel Müller 
First of all no more [homes] but [home]!!
EX:
[home]
path= /mnt/glusterfs/ads/home
readonly = No
 posix locking =NO
[share1]
path= /mnt/glusterfs/ads/share1
readonly= NO 

Best no acls defined in the conf but from the ads-tool/Microsoft or by the
administrator from a windows client.

---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---

-Ursprüngliche Nachricht-
Von: Masopust, Christian [mailto:christian.masop...@siemens.com] 
Gesendet: Montag, 14. Oktober 2013 12:21
An: muel...@tropenklinik.de; 'Klaus Hartnegg'; samba@lists.samba.org
Betreff: AW: [Samba] using samba 4 as plugin replacement for samba 3


Hi Daniel,

so... is there a list what options to change?   I've already seen the 
Wiki page with the minimal working configuration, but is there more
information available?

thanks,
christian

> -Ursprüngliche Nachricht-
> Von: samba-boun...@lists.samba.org
> [mailto:samba-boun...@lists.samba.org] Im Auftrag von Daniel Müller
> Gesendet: Montag, 14. Oktober 2013 08:23
> An: 'Klaus Hartnegg'; samba@lists.samba.org
> Betreff: Re: [Samba] using samba 4 as plugin replacement for samba 3
> 
> THIS WILL NOT WORK:  can I simply give samba 4 a copy of the old 
> smb.conf file?
> 
> ---
> EDV Daniel Müller
> 
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> 
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: muel...@tropenklinik.de
> Internet: www.tropenklinik.de
> ---
> 
> -Ursprüngliche Nachricht-
> Von: samba-boun...@lists.samba.org
> [mailto:samba-boun...@lists.samba.org] Im Auftrag von Klaus Hartnegg
> Gesendet: Freitag, 11. Oktober 2013 17:01
> An: samba@lists.samba.org
> Betreff: [Samba] using samba 4 as plugin replacement for samba 3
> 
> Hi,
> 
> when I don't want to switch to Active Directory, but don't want to be 
> stuck on version 3.6 either, can I simply give samba 4 a copy of the 
> old smb.conf file?
> 
> Will it be able to store all windows acl's in extended attributes, or 
> is this improvement only available in combination with letting it run 
> as active directory domain controller?
> 
> thanks,
> Klaus
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba is still crashing

2013-10-14 Thread Volker Lendecke 
On Sun, Oct 13, 2013 at 11:11:29PM -0600, Wayne Andersen wrote:
> I have had a problem for a couple of weeks now. I get very regular
> crashes on two of my three Domain Controllers.
> 
> I just updated to 4.1.0 and I am still getting the same problem.

This looks like
https://bugzilla.samba.org/show_bug.cgi?id=10052

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kont...@sernet.de
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [PATCH] Fix Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ

2013-10-14 Thread Jacó Ramos 
I type...

tar zxvf samba-4.1.0.tar.gz
cd samba-4.1.0
patch -p1 < 0001-provision-Do-not-set-dns-HOSTNAME-password-during-ad.patch
./configure
make
make install

This procedure is correct?

Thanks!
Jacó Ramos



2013/10/14 Andrew Bartlett 

> On Mon, 2013-10-14 at 09:35 +0200, Samuel Cabrero wrote:
> > Hi Jacó,
> >
> > we had the same problem and this patch worked for us:
> >
> > https://attachments.samba.org/attachment.cgi?id=9210
> >
> > Cheers.
>
> Thanks, can you prepare it as a signed off git commit with 'git commit
> -s' so I can apply it with all the right author stuff etc?
>
> Thanks,
>
> Andrew Bartlett
>
> --
> Andrew Bartletthttp://samba.org/~abartlet/
> Authentication Developer, Samba Team   http://samba.org
>
>
>


-- 

*"O homem não foi criado para ser feliz nem para vencer, mas para viver
para Deus. Quando vive para Deus é feliz e vence." Isaltino Gomes
*
*
$whoami*

   - Perito Forense Computacional
   - Pentester
   - Esp. em Segurança de Redes de Computadores com enfâse a Perícia
   Forense Computacional - FACID
   - Bacharel em Ciência da Computação - UESPI
   - Administrador de Redes de Computadores
   - CCNA Modulo II
   - Lattes: *http://lattes.cnpq.br/1591329268136905*


Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se
você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
não deve usar, copiar ou divulgar as informações nela contida ou tomar
qualquer ação baseada nessas informações.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 internal DNS - how to modify SOA record

2013-10-14 Thread Jacó Ramos 
Hi, guys...

What line command for modify  SOA record?

Thanks!
Jacó Ramos


2013/10/14 Rustam K. 

> Hey guys,
>
> Just wanted to update this thread, I upgrade my samba installation to 4.1
> and updated SOA record. Now dynamic DNS works fine for me!! Thanks for
> implementing the feature!!!
>
> Cheers!!
>
>
> 2013/8/9 Rustam K. 
>
> > I thought I would update this email thread. So far editing the records
> via
> > ADSI messes up ldb database, if you do that zones won't load anymore,
> just
> > like Dmitry stated in his first email.
> > I had to revert to a snapshot to get samba back, up and running.
> >
> > I am curious If I have to modify record manually via ldbmodify(ldbedit),
> > would it understand hex/binary?
> > because when I run ldbedit it shows me nothing compared to hex in my
> > previous email, what is this format?
> >
> > # record 50
> > dn:
> DC=@,DC=officenet.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=officenet,DC=local
> > objectClass: top
> > objectClass: dnsNode
> >
> > . (cut)
> >
> > dnsRecord:: BAABAAXwAAB6AAADhAAAwKj6Aw==
> > dnsRecord:: BAABAAXwAABuAAACWAAAwKj6Bg==
> > dnsRecord::
> GwACAAXwAAB6AAAjKzcAGQMHc3J2LXdpbglvZmZpY2VuZXQFbG9jYW
> >  wA
> > dnsRecord::
> GgACAAXwAACGAAADhAArtw0IGAMGYWxmYWRjCW9mZmljZW5ldAVsb2NhbA
> >  A=
> > dnsRecord::
> TgAGAAXwAAC9AAAYMDcAvQAAA4QAAAJYAAFRgAAaAwhzcn
> >  YtYWxmYQlvZmZpY2VuZXQFbG9jYWwAHAMKaG9zdG1hc3RlcglvZmZpY2VuZXQFbG9jYWwA
> >
> > Cheers
> >
> >
> >
> > 2013/8/9 Rustam K. 
> >
> > Hi,
> >>
> >> thanks for the follow up.
> >>
> >> I found the SOA record via ADSI edit :
> >>
> >>
> >>
> DC=@,DC=officenet.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=officenet,DC=local
> >>
> >>
> DC=@,DC=_msdcs.officenet.local,CN=MicrosoftDNS,DC=ForestDnsZones,DC=officenet,DC=local
> >>
> >> there are two of them,and every one of them has attribute dnsRecord
> which
> >> is in hex, and it has string "srv-alfa" (apart from hostmaster email ttl
> >> etc) which I need to change to "alfadc"
> >>
> >> 4E 00 06 00 05 F0 00 00 BE 00 00 00 00 00 00 00 00 00 00 00 1C 30 37 00
> >> 00 00 00 BE 00 00 03 84 00 00 02 58 00 01 51 80 00 00 00 00 1A 03 08 73
> 72
> >> 76 2D 61 6C 66 61 09 6F 66 66 69 63 65 6E 65 74 05 6C 6F 63 61 6C 00 1C
> 03
> >> 0A 68 6F 73 74 6D 61 73 74 65 72 09 6F 66 66 69 63 65 6E 65 74 05 6C 6F
> 63
> >> 61 6C 00
> >>
> >> This is where I am headed, and I'll try not to screw it up.
> >>
> >>
> >> Cheers
> >>
> >>
> >> 2013/8/9 Nico Kadel-Garcia 
> >>
> >>> On Thu, Aug 8, 2013 at 4:14 AM, Kai Blin  wrote:
> >>> > On 2013-08-08 10:02, Rustam K. wrote:
> >>> >>
> >>> >> Hello,
> >>> >> I run samba 4.0.7, samba tool can't do the job, at least help/syntax
> >>> >> doesn't show that I can
> >>> >
> >>> >
> >>> > Ah, yes. Apparently this functionality only exists in 4.1 and master,
> >>> sorry.
> >>> > Should you try and run with that the command syntax is
> >>> >
> >>> > samba-tool dns update SOA "fqdn_dns fqdn_email serial refresh retry
> >>> expire
> >>> > minimumttl"
> >>> >
> >>> > HTH,
> >>> >
> >>> > Kai
> >>>
> >>> Rustam, I do hope that if you're manipulating your SOA directly, that
> >>> you've actually looked up the guidelines for manipulating them? Just
> >>> so you don't get surprised by things like the wraparound values for
> >>> the serial numbers, or what reasonable values are for TTL's.
> >>>
> >>
> >>
> >>
> >> --
> >>
> >> Rustam
> >>
> >
> >
> >
> >
>
>
> --
>
> Rustam
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 

*"O homem não foi criado para ser feliz nem para vencer, mas para viver
para Deus. Quando vive para Deus é feliz e vence." Isaltino Gomes
*
*
$whoami*

   - Perito Forense Computacional
   - Pentester
   - Esp. em Segurança de Redes de Computadores com enfâse a Perícia
   Forense Computacional - FACID
   - Bacharel em Ciência da Computação - UESPI
   - Administrador de Redes de Computadores
   - CCNA Modulo II
   - Lattes: *http://lattes.cnpq.br/1591329268136905*


Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se
você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
não deve usar, copiar ou divulgar as informações nela contida ou tomar
qualquer ação baseada nessas informações.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] using samba 4 as plugin replacement for samba 3

2013-10-14 Thread Masopust, Christian 

Hi Daniel,

so... is there a list what options to change?   I've already seen the 
Wiki page with the minimal working configuration, but is there more
information available?

thanks,
christian

> -Ursprüngliche Nachricht-
> Von: samba-boun...@lists.samba.org 
> [mailto:samba-boun...@lists.samba.org] Im Auftrag von Daniel Müller
> Gesendet: Montag, 14. Oktober 2013 08:23
> An: 'Klaus Hartnegg'; samba@lists.samba.org
> Betreff: Re: [Samba] using samba 4 as plugin replacement for samba 3
> 
> THIS WILL NOT WORK:  can I simply give samba 4 a copy of the 
> old smb.conf
> file?
> 
> ---
> EDV Daniel Müller
> 
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> 
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: muel...@tropenklinik.de
> Internet: www.tropenklinik.de
> ---
> 
> -Ursprüngliche Nachricht-
> Von: samba-boun...@lists.samba.org 
> [mailto:samba-boun...@lists.samba.org] Im
> Auftrag von Klaus Hartnegg
> Gesendet: Freitag, 11. Oktober 2013 17:01
> An: samba@lists.samba.org
> Betreff: [Samba] using samba 4 as plugin replacement for samba 3
> 
> Hi,
> 
> when I don't want to switch to Active Directory, but don't 
> want to be stuck
> on version 3.6 either, can I simply give samba 4 a copy of 
> the old smb.conf
> file?
> 
> Will it be able to store all windows acl's in extended 
> attributes, or is
> this improvement only available in combination with letting 
> it run as active
> directory domain controller?
> 
> thanks,
> Klaus
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 4 internal DNS and reverse zones

2013-10-14 Thread Julian Pilfold-Bagwell 

Hi All,

I currently have another thread  open on squid authentication with Samba 
4 and am going to try authenticating against kerberos instead of NTLM.


According to the docs for the web filter I'm using, it's essential for 
Kerberos to be able to resolve reverse DNS so I've spent the last 
weekend trying to get this working. Various different documents and 
howtos exist but none of them worked out of the box.  The Samba wiki 
suggests creating the zones with the RSAT DNS tool and various people 
I've come across have commented that from that point onwards records 
were added by Windows clients joining.
I couldn't get this working so I tried the  script on Michael Kuron's 
site as it threw up messages about GSS failing before DHCP server would 
eventually hang.  While it ran, it would add entries consisting of the 
mac address as it failed to pick up the name of the machine.


Is there an easy way to achieve this or do I carry on plugging away with 
the script?  Should, as come people have claimed, reverse entries just 
happen if you manually create zones.  It's tricy to get a definitive 
answer on this and where people claim it's worked, they don't seem to 
advertise the method.


Thanks,

Julian




--
Borden Grammar School,
Avenue of Remembrance,
Sittingbourne,
Kent,
ME10 4DB.

Tel: 01795 424192


This e-mail is from Borden Grammar School Trust.

This e-mail, together with any files transmitted with it, are confidential, and 
are intended solely for the use of the individual or entity to whom they are 
addressed. Any unauthorised dissemination or
copying of this e-mail or its attachments, and any use or disclosure of any 
information contained in them, is strictly prohibited, and may also be illegal. 
If you are not the intended recipient you must not use, disclose,
distribute, copy, print or relay this e-mail.

Please note that any views expressed by an individual within this e-mail, do 
not necessarily reflect the views of the Borden Grammar School Trust. Borden 
Grammar School Trust has taken reasonable precautions to ensure no
viruses are present in this e-mail, the Academy cannot accept responsibility 
for any loss or damage arising from the use of this e-mail and/or files 
attached.

Registered office: Borden Grammar School, Avenue of Remembrance, Sittingbourne, 
Kent, ME10 4DB

Registered in England: 07827591

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [PATCH] Fix Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ

2013-10-14 Thread Andrew Bartlett 
On Mon, 2013-10-14 at 09:35 +0200, Samuel Cabrero wrote:
> Hi Jacó,
> 
> we had the same problem and this patch worked for us:
> 
> https://attachments.samba.org/attachment.cgi?id=9210
> 
> Cheers.

Thanks, can you prepare it as a signed off git commit with 'git commit
-s' so I can apply it with all the right author stuff etc?

Thanks,

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [PATCH] Fix Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ

2013-10-14 Thread Samuel Cabrero 
Hi Jacó,

we had the same problem and this patch worked for us:

https://attachments.samba.org/attachment.cgi?id=9210

Cheers.

On Sunday 13 October 2013 19:13:10 Jacó Ramos wrote:
> Hi Andrew...
> 
> Aplied patch but not work!
> 
> Same error!
> 
> Thanks!
> Jacó Ramos
> 
> 
> 2013/10/12 Andrew Bartlett 
> 
> > On Fri, 2013-10-11 at 12:06 -0300, Jacó Ramos wrote:
> > > Hi guys,
> > > 
> > > When run join in DC
> > > 
> > > root@samba4:~# samba-tool domain join jacoramos.net.br DC
> > 
> > -Uadministrador
> > 
> > > --realm=jacoramos.net.br --dns-backend=BIND9_DLZ
> > > Finding a writeable DC for domain 'jacoramos.net.br'
> > > Found DC win2003.jacoramos.net.br
> > > Password for [WORKGROUP\administrador]:
> > > workgroup is JACORAMOS
> > > realm is jacoramos.net.br
> > > checking sAMAccountName
> > > Adding CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br
> > > Adding
> > 
> > CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=
> > jacoramos,DC=net,DC=br> 
> > > Adding CN=NTDS
> > 
> > Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configur
> > ation,DC=jacoramos,DC=net,DC=br> 
> > > Adding SPNs to CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br
> > > Setting account password for SAMBA4$
> > > Enabling account
> > > Adding DNS account CN=dns-SAMBA4,CN=Users,DC=jacoramos,DC=net,DC=br with
> > > dns/ SPN
> > > Join failed - cleaning up
> > > checking sAMAccountName
> > > Deleted CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br
> > > Deleted CN=NTDS
> > 
> > Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configur
> > ation,DC=jacoramos,DC=net,DC=br> 
> > > Deleted
> > 
> > CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=
> > jacoramos,DC=net,DC=br> 
> > > ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM
> > 
> > -
> > 
> > > <052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data
> > > 0
> > > 
> > > > <>
> > > > 
> > >   File
> > > 
> > > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> > > line 175, in _run
> > > 
> > > return self.run(*args, **kwargs)
> > >   
> > >   File
> > > 
> > > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
> > 
> > line
> > 
> > > 552, in run
> > > 
> > > machinepass=machinepass, use_ntvfs=use_ntvfs,
> > 
> > dns_backend=dns_backend)
> > 
> > >   File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
> > >   line
> > > 
> > > 1169, in join_DC
> > > 
> > > ctx.do_join()
> > >   
> > >   File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
> > >   line
> > > 
> > > 1072, in do_join
> > > 
> > > ctx.join_add_objects()
> > >   
> > >   File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
> > >   line
> > > 
> > > 616, in join_add_objects
> > > 
> > > ctx.samdb.add(msg)
> > > 
> > > root@samba4:~#
> > 
> > Sorry about that.   Try the attached patch.
> > 
> > Andrew Bartlett
> > 
> > --
> > Andrew Bartletthttp://samba.org/~abartlet/
> > Authentication Developer, Samba Team   http://samba.org
-- 
Samuel Cabrero - Developer
scabr...@zentyal.com

Easy IT for small business
www.zentyal.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] using samba 4 as plugin replacement for samba 3

2013-10-14 Thread Volker Lendecke 
On Mon, Oct 14, 2013 at 08:22:35AM +0200, Daniel Müller wrote:
> THIS WILL NOT WORK:  can I simply give samba 4 a copy of the old smb.conf
> file?

With the usual caveats that came with every 3.x to 3.y
upgrade, yes. Nothing special when going from 3.6 to 4.0
that would not in principle have hit you from 3.5 to 3.6.

Read the WHATSNEW and release notes about changed
parameters.

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kont...@sernet.de
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba