[Samba] Winbindd on a PDC
Hi, is it possible to run winbindd on a Samba PDC? I allready asked this a longer time before, but there it couldn't. I ask, because I have two Samba Domains and need user/groups of both PDC on each other too. Regards Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] about winbind
Dear All, i've finally succes to add my samba server to join my active directory. when i execute command #wbinfo -u and #wbinfo -g its show user and group in active directory but when i try use #getent passwd or #pw show user -a (well i'm using FreeBSD machine) it's only show user on FreeBSD machine, the users in active directory not show up. anyone can explain why its happen? when i use command ntlm_test to try one user on active directory its succed. another problem is i want to user login to active directory server from works station and then redirection my documents folder to samba server. i've try and success, but the problem is permision of the share folder. anyone can acces itu, anyone can see others document.. so can u guys give me some advice? sorry for my poor english thx before, regards Budhi sysadmin of school of bussiness and management Bandung Institute of Technology -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Fwd: Migrate Files and Shares
Hi, Appreciate if someone can suggest a possible solution to this. Thanks Vijay -- Forwarded message -- From: Vijay S <[EMAIL PROTECTED]> Date: Oct 9, 2007 1:54 AM Subject: Migrate Files and Shares To: samba@lists.samba.org I have read about the net commands and the possible use of robocopy for migrating shares and files (with ACL preservation) from Windows to Samba. I have also read about many users who have posted various errors with both methods (error 5, access_denied, etc). However, I have been unable to find any reponse/solutions to the same. I'd like to know if there is a solution to such problems and if there is any further documentation on how to achieve such a migration. Thank you Vijay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, Squid and Active Directory
I am looking at renaming my Active Directory domain. We currently use Squid for internet access and I believe this uses Samba / NTLM to authenticate the users I was wondering if the only thing I need to do to keep squid running is modify the SMB.CONF file to the new workgroup and realm to reflect the new domain name. And of course restart the SMB and SQUID services Cheers Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] another smbd Problem
Hi, I reported a smbd Problem of my server a few days ago. Now I recognized another error of my smbd in my syslog: Oct 9 18:38:09 fat-tony smbd[28796]: Error writing 4 bytes to client. -1. (Die Verbindung wurde vom Kommunikationspartner zur?? ckgesetzt) Oct 9 18:38:09 fat-tony smbd[28796]: Error writing 4 bytes to client. -1. (Die Verbindung wurde vom Kommunikationspartner zur?? ckgesetzt) explanation of error message: Die Verbindung wurde vom Kommunikationspartner zurückgesetzt = connection reset by peer I get this message very often, so I think I should do sth. against. Can you tell me what's the problem? Matthias -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sharing a shared folder
You know, thinking about it, this may be more of a imaging services change...but since the new server is running imaging services that dish out the image file that is mounted to the server then it is not really sharing the mounted file the samba client is just getting the file from the old server and then the new server is just pushing it out to the client...don't think there is much I can do about that. On 10/9/07, simo <[EMAIL PROTECTED]> wrote: > > On Tue, 2007-10-09 at 12:34 -0600, Brandon Pedersen wrote: > > Hey, > > > > So, I have a Linux server that is mounting a CIFS share. The server then > > shares that share to everyone else. My question is does having it routed > > this way cause a major slow down? Do the files need to be copied to the > > mediator server before going out to the device that is requesting the > file? > > Or is it able to forward the request to the other server to grab the > files > > directly from there? > > > > I am curious about this because we have a big imaging server with a > whole > > bunch of images on it and we are setting up this new server and don't > want > > to move all the images over, thus we just mounted the images directory > on > > the new server. > > > > What would you do? > > Use a DFS Root, and redirect clients. > > Simo. > > -- > Simo Sorce > Samba Team GPL Compliance Officer <[EMAIL PROTECTED]> > Senior Software Engineer at Red Hat Inc. <[EMAIL PROTECTED]> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Can't chown a file to an ADS username
Well, I'm an idiot:
1) I wrongly assumed that make install had installed the version of
libnss_winbind.so.2 that I compiled because the file existed.
2) I realized this was not the case when I did an ls -l on /lib and saw
the timestamp on the file.
3) I replaced the file with the new one
4) I never restarted samba, leading to the immediate problem.
5) In the meantime, the same problem had been happening, with the pipe
at a different location. The new winbind was creating it in
/tmp/.winbindd, and the old library was looking for it in
/var/run/something_or_another.
Thanks for the help on this one. I apologize for taking up your time
with that.
~Eric
-Original Message-
From: Stas [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 09, 2007 4:08 PM
To: Eric Diven
Cc: samba@lists.samba.org
Subject: Re: [Samba] Can't chown a file to an ADS username
well , if /tmp/.winbindd/pipe doen't exist nothing will work since
winbind's clients use it to communicate with winnbind.
there is no "pipe" file in /tmp/.winbindd after you start winbind ?
it should be created when winbindd starts.
check that /tmp/.winbindd directory owned by root .
On 10/9/07, Eric Diven <[EMAIL PROTECTED]> wrote:
> Thanks for pointing that out. The trace shows that it's trying to
> lstat64 /tmp/.winbindd/pipe, and not finding it.
> ldd shows that it's only looking for libc.so.6, and finding it at
> /lib/tls/libc.so.6
> I built this from source. I've poached the smb.conf from the existing
> one in /etc/samba and made the same modifcations I've had to make
> under Solaris.
>
> Here's the rest of the trace starting directly after the close(4):
>
> munmap(0xb7dab000, 53951) = 0
> getpid()= 3132
> lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) =
> 0
>
> lstat64("/tmp/.winbindd/pipe", 0xbff36ab8) = -1 ENOENT (No such file
> or
> directory)
> munmap(0xb7dba000, 1791)= 0
> close(3)= 0
> lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) =
> 0
>
> lstat64("/tmp/.winbindd/pipe", 0xbff36b38) = -1 ENOENT (No such file
> or
> directory)
> munmap(0xb7db9000, 4096)= 0
> exit_group(0) = ?
>
> Any idea what I need to do to resolve the issue with the pipe not
> being there?
>
> ~Eric
>
> -Original Message-
> From: Stas [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 09, 2007 2:31 PM
> To: Eric Diven
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] Can't chown a file to an ADS username
>
> well , at least we know that getent calls winbind ...
> "close(4)" - the last line in strace output ?
> try # ldd /lib/libnss_winbind.so.2
> it'll show you what libraries libnss_winbind requires , check that all
> of them are exist ..
> are you using RPM installation or compiled SAMBA from sources?
>
>
>
>
> On 10/9/07, Eric Diven <[EMAIL PROTECTED]> wrote:
> > Okay, here's something to work with:
> >
> > open("/lib/tls/i686/sse2/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT
> > (No such file or directory) stat64("/lib/tls/i686/sse2", 0xbffd8d38)
> > =
>
> > -1 ENOENT (No such file or
> > directory)
> > open("/lib/tls/i686/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No
> > such file or directory) stat64("/lib/tls/i686",
> > {st_mode=S_IFDIR|0755,
>
> > st_size=4096, ...}) = 0 open("/lib/tls/sse2/libnss_winbind.so.2",
> > O_RDONLY) = -1 ENOENT (No such file or directory)
> > stat64("/lib/tls/sse2", 0xbffd8d38) = -1 ENOENT (No such file or
> > directory)
> > open("/lib/tls/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
> > file or directory) stat64("/lib/tls", {st_mode=S_IFDIR|0755,
> > st_size=4096, ...}) = 0 open("/lib/i686/sse2/libnss_winbind.so.2",
> > O_RDONLY) = -1 ENOENT (No such file or directory)
> > stat64("/lib/i686/sse2", 0xbffd8d38)= -1 ENOENT (No such file or
> > directory)
> > open("/lib/i686/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
> > file or directory) stat64("/lib/i686", {st_mode=S_IFDIR|0755,
> > st_size=4096, ...}) = 0 open("/lib/sse2/libnss_winbind.so.2",
> > O_RDONLY) = -1 ENOENT (No such file or directory)
> > stat64("/lib/sse2", 0xbffd8d38) = -1 ENOENT (No such file or
> > directory)
> > open("/lib/libnss_winbind.so.2", O_RDONLY) = 4 read(4,
> > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\20\0\000"...,
> > 512) = 512
> > fstat64(4, {st_mode=S_IFREG|0755, st_size=15584, ...}) = 0
> > old_mmap(NULL, 28316, PROT_READ|PROT_EXEC,
> > MAP_PRIVATE|MAP_DENYWRITE, 4,
> > 0) = 0xca7000
> > old_mmap(0xcab000, 4096, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x3000) = 0xcab000
> > old_mmap(0xcac000, 7836, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xcac000
> > close(4)
> >
> > Clearly, it's looking for libnss_winbind.so.2 in a bunch of places
> > where it isn't, and then finding it in /lib. What is happening with
> > old_mmap is beyond my knowledg
[Samba] Old samba client
I'm trying to put together an embedded box that will act as a samba client. All it needs to do is to mount Windows shares read-only. It needs to support WinXP and Vista. I need to be able to log in to the box via ssh, and then use smbclient or something similar to "sniff" the shared drives, and then mount them RO for purposes of remote backup. I am looking at an embedded solution that comes with samba-2.0.10, which is absolutely ancient, but I am hopeful that given the limited access I need it will work. Could someone knowledgeable in ancient samba lore give me an opinion? Thanks, --Yan -- o__ ,>/'_ o__ (_)\(_),>/'_ o__ Yan Seiner (_)\(_) ,>/'_ o__ o__ Certified Personal Trainer (_)\(_) ,>/'_ ,>/'_ Licensed Professional Engineer (_)\(_) (_)\(_) 'man' is short for 'manual' because it's very short, for a manual. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't chown a file to an ADS username
well , if /tmp/.winbindd/pipe doen't exist nothing will work since
winbind's clients use it to communicate with winnbind.
there is no "pipe" file in /tmp/.winbindd after you start winbind ?
it should be created when winbindd starts.
check that /tmp/.winbindd directory owned by root .
On 10/9/07, Eric Diven <[EMAIL PROTECTED]> wrote:
> Thanks for pointing that out. The trace shows that it's trying to
> lstat64 /tmp/.winbindd/pipe, and not finding it.
> ldd shows that it's only looking for libc.so.6, and finding it at
> /lib/tls/libc.so.6
> I built this from source. I've poached the smb.conf from the existing
> one in /etc/samba and made the same modifcations I've had to make under
> Solaris.
>
> Here's the rest of the trace starting directly after the close(4):
>
> munmap(0xb7dab000, 53951) = 0
> getpid()= 3132
> lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
>
> lstat64("/tmp/.winbindd/pipe", 0xbff36ab8) = -1 ENOENT (No such file or
> directory)
> munmap(0xb7dba000, 1791)= 0
> close(3)= 0
> lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
>
> lstat64("/tmp/.winbindd/pipe", 0xbff36b38) = -1 ENOENT (No such file or
> directory)
> munmap(0xb7db9000, 4096)= 0
> exit_group(0) = ?
>
> Any idea what I need to do to resolve the issue with the pipe not being
> there?
>
> ~Eric
>
> -Original Message-
> From: Stas [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 09, 2007 2:31 PM
> To: Eric Diven
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] Can't chown a file to an ADS username
>
> well , at least we know that getent calls winbind ...
> "close(4)" - the last line in strace output ?
> try # ldd /lib/libnss_winbind.so.2
> it'll show you what libraries libnss_winbind requires , check that all
> of them are exist ..
> are you using RPM installation or compiled SAMBA from sources?
>
>
>
>
> On 10/9/07, Eric Diven <[EMAIL PROTECTED]> wrote:
> > Okay, here's something to work with:
> >
> > open("/lib/tls/i686/sse2/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT
> > (No such file or directory) stat64("/lib/tls/i686/sse2", 0xbffd8d38) =
>
> > -1 ENOENT (No such file or
> > directory)
> > open("/lib/tls/i686/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No
> > such file or directory) stat64("/lib/tls/i686", {st_mode=S_IFDIR|0755,
>
> > st_size=4096, ...}) = 0 open("/lib/tls/sse2/libnss_winbind.so.2",
> > O_RDONLY) = -1 ENOENT (No such file or directory)
> > stat64("/lib/tls/sse2", 0xbffd8d38) = -1 ENOENT (No such file or
> > directory)
> > open("/lib/tls/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
> > file or directory) stat64("/lib/tls", {st_mode=S_IFDIR|0755,
> > st_size=4096, ...}) = 0 open("/lib/i686/sse2/libnss_winbind.so.2",
> > O_RDONLY) = -1 ENOENT (No such file or directory)
> > stat64("/lib/i686/sse2", 0xbffd8d38)= -1 ENOENT (No such file or
> > directory)
> > open("/lib/i686/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
> > file or directory) stat64("/lib/i686", {st_mode=S_IFDIR|0755,
> > st_size=4096, ...}) = 0 open("/lib/sse2/libnss_winbind.so.2",
> > O_RDONLY) = -1 ENOENT (No such file or directory)
> > stat64("/lib/sse2", 0xbffd8d38) = -1 ENOENT (No such file or
> > directory)
> > open("/lib/libnss_winbind.so.2", O_RDONLY) = 4 read(4,
> > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\20\0\000"...,
> > 512) = 512
> > fstat64(4, {st_mode=S_IFREG|0755, st_size=15584, ...}) = 0
> > old_mmap(NULL, 28316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
> > 4,
> > 0) = 0xca7000
> > old_mmap(0xcab000, 4096, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x3000) = 0xcab000
> > old_mmap(0xcac000, 7836, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xcac000
> > close(4)
> >
> > Clearly, it's looking for libnss_winbind.so.2 in a bunch of places
> > where it isn't, and then finding it in /lib. What is happening with
> > old_mmap is beyond my knowledge, however. Does this help you any?
> >
> > ~Eric
> >
> > -Original Message-
> > From: Stas [mailto:[EMAIL PROTECTED]
> > Sent: Tuesday, October 09, 2007 11:28 AM
> > To: Eric Diven
> > Cc: samba@lists.samba.org
> > Subject: Re: [Samba] Can't chown a file to an ADS username
> >
> > try to run the following command : # strace -o ./strace.out getent
> > passwd , then look into strace.out for winbind related messages .
> > you should see something like that when getent starts winbind lookups:
> > "open("/lib64/libnss_winbind.so.2", O_RDONLY) = 6"
> >
> >
> >
> >
> >
> >
> > On 10/9/07, Eric Diven <[EMAIL PROTECTED]> wrote:
> > > Yes, these are only winbind startup messages, that's exactly the
> > > problem. I had in my nsswitch.conf file:
> > >
> > > passwd: compat winbind
> > > shadow: compat winbind
> > > group: compat winbind
> > >
> > > which produced only the local names
> > >
> > > T
RE: [Samba] Can't chown a file to an ADS username
Thanks for pointing that out. The trace shows that it's trying to
lstat64 /tmp/.winbindd/pipe, and not finding it.
ldd shows that it's only looking for libc.so.6, and finding it at
/lib/tls/libc.so.6
I built this from source. I've poached the smb.conf from the existing
one in /etc/samba and made the same modifcations I've had to make under
Solaris.
Here's the rest of the trace starting directly after the close(4):
munmap(0xb7dab000, 53951) = 0
getpid()= 3132
lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/tmp/.winbindd/pipe", 0xbff36ab8) = -1 ENOENT (No such file or
directory)
munmap(0xb7dba000, 1791)= 0
close(3)= 0
lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/tmp/.winbindd/pipe", 0xbff36b38) = -1 ENOENT (No such file or
directory)
munmap(0xb7db9000, 4096)= 0
exit_group(0) = ?
Any idea what I need to do to resolve the issue with the pipe not being
there?
~Eric
-Original Message-
From: Stas [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 09, 2007 2:31 PM
To: Eric Diven
Cc: samba@lists.samba.org
Subject: Re: [Samba] Can't chown a file to an ADS username
well , at least we know that getent calls winbind ...
"close(4)" - the last line in strace output ?
try # ldd /lib/libnss_winbind.so.2
it'll show you what libraries libnss_winbind requires , check that all
of them are exist ..
are you using RPM installation or compiled SAMBA from sources?
On 10/9/07, Eric Diven <[EMAIL PROTECTED]> wrote:
> Okay, here's something to work with:
>
> open("/lib/tls/i686/sse2/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT
> (No such file or directory) stat64("/lib/tls/i686/sse2", 0xbffd8d38) =
> -1 ENOENT (No such file or
> directory)
> open("/lib/tls/i686/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No
> such file or directory) stat64("/lib/tls/i686", {st_mode=S_IFDIR|0755,
> st_size=4096, ...}) = 0 open("/lib/tls/sse2/libnss_winbind.so.2",
> O_RDONLY) = -1 ENOENT (No such file or directory)
> stat64("/lib/tls/sse2", 0xbffd8d38) = -1 ENOENT (No such file or
> directory)
> open("/lib/tls/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
> file or directory) stat64("/lib/tls", {st_mode=S_IFDIR|0755,
> st_size=4096, ...}) = 0 open("/lib/i686/sse2/libnss_winbind.so.2",
> O_RDONLY) = -1 ENOENT (No such file or directory)
> stat64("/lib/i686/sse2", 0xbffd8d38)= -1 ENOENT (No such file or
> directory)
> open("/lib/i686/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
> file or directory) stat64("/lib/i686", {st_mode=S_IFDIR|0755,
> st_size=4096, ...}) = 0 open("/lib/sse2/libnss_winbind.so.2",
> O_RDONLY) = -1 ENOENT (No such file or directory)
> stat64("/lib/sse2", 0xbffd8d38) = -1 ENOENT (No such file or
> directory)
> open("/lib/libnss_winbind.so.2", O_RDONLY) = 4 read(4,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\20\0\000"...,
> 512) = 512
> fstat64(4, {st_mode=S_IFREG|0755, st_size=15584, ...}) = 0
> old_mmap(NULL, 28316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
> 4,
> 0) = 0xca7000
> old_mmap(0xcab000, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x3000) = 0xcab000
> old_mmap(0xcac000, 7836, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xcac000
> close(4)
>
> Clearly, it's looking for libnss_winbind.so.2 in a bunch of places
> where it isn't, and then finding it in /lib. What is happening with
> old_mmap is beyond my knowledge, however. Does this help you any?
>
> ~Eric
>
> -Original Message-
> From: Stas [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 09, 2007 11:28 AM
> To: Eric Diven
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] Can't chown a file to an ADS username
>
> try to run the following command : # strace -o ./strace.out getent
> passwd , then look into strace.out for winbind related messages .
> you should see something like that when getent starts winbind lookups:
> "open("/lib64/libnss_winbind.so.2", O_RDONLY) = 6"
>
>
>
>
>
>
> On 10/9/07, Eric Diven <[EMAIL PROTECTED]> wrote:
> > Yes, these are only winbind startup messages, that's exactly the
> > problem. I had in my nsswitch.conf file:
> >
> > passwd: compat winbind
> > shadow: compat winbind
> > group: compat winbind
> >
> > which produced only the local names
> >
> > To test, I changed nsswitch.conf as follows:
> >
> > passwd: winbind [UNAVAIL=retunr] compat
> > shadow: compat winbind #so I have some hope of being able to log in
> > if I didn't get it changed back, maybe
> > group: winbind [UNAVAIL=return] compat
> >
> > and got *nothing* back from getent passwd. I'm guessing this means
> > I've got a .so file in the wrong place somewhere. Following the
> > instructions online, I have
> >
> > /lib/libnss_winbind.so.2
> > /lib/libnss_winbind.so -> /lib/libnss_winbind.so.2
> > /usr/lib/libnss_
Re: [Samba] Sharing a shared folder
On Tue, 2007-10-09 at 12:34 -0600, Brandon Pedersen wrote: > Hey, > > So, I have a Linux server that is mounting a CIFS share. The server then > shares that share to everyone else. My question is does having it routed > this way cause a major slow down? Do the files need to be copied to the > mediator server before going out to the device that is requesting the file? > Or is it able to forward the request to the other server to grab the files > directly from there? > > I am curious about this because we have a big imaging server with a whole > bunch of images on it and we are setting up this new server and don't want > to move all the images over, thus we just mounted the images directory on > the new server. > > What would you do? Use a DFS Root, and redirect clients. Simo. -- Simo Sorce Samba Team GPL Compliance Officer <[EMAIL PROTECTED]> Senior Software Engineer at Red Hat Inc. <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Sharing a shared folder
Hey, So, I have a Linux server that is mounting a CIFS share. The server then shares that share to everyone else. My question is does having it routed this way cause a major slow down? Do the files need to be copied to the mediator server before going out to the device that is requesting the file? Or is it able to forward the request to the other server to grab the files directly from there? I am curious about this because we have a big imaging server with a whole bunch of images on it and we are setting up this new server and don't want to move all the images over, thus we just mounted the images directory on the new server. What would you do? Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't chown a file to an ADS username
well , at least we know that getent calls winbind ...
"close(4)" - the last line in strace output ?
try # ldd /lib/libnss_winbind.so.2
it'll show you what libraries libnss_winbind requires , check that all
of them are exist ..
are you using RPM installation or compiled SAMBA from sources?
On 10/9/07, Eric Diven <[EMAIL PROTECTED]> wrote:
> Okay, here's something to work with:
>
> open("/lib/tls/i686/sse2/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No
> such file or directory)
> stat64("/lib/tls/i686/sse2", 0xbffd8d38) = -1 ENOENT (No such file or
> directory)
> open("/lib/tls/i686/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
> file or directory)
> stat64("/lib/tls/i686", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
> open("/lib/tls/sse2/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
> file or directory)
> stat64("/lib/tls/sse2", 0xbffd8d38) = -1 ENOENT (No such file or
> directory)
> open("/lib/tls/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such file
> or directory)
> stat64("/lib/tls", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
> open("/lib/i686/sse2/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No
> such file or directory)
> stat64("/lib/i686/sse2", 0xbffd8d38)= -1 ENOENT (No such file or
> directory)
> open("/lib/i686/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
> file or directory)
> stat64("/lib/i686", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
> open("/lib/sse2/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
> file or directory)
> stat64("/lib/sse2", 0xbffd8d38) = -1 ENOENT (No such file or
> directory)
> open("/lib/libnss_winbind.so.2", O_RDONLY) = 4
> read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\20\0\000"...,
> 512) = 512
> fstat64(4, {st_mode=S_IFREG|0755, st_size=15584, ...}) = 0
> old_mmap(NULL, 28316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4,
> 0) = 0xca7000
> old_mmap(0xcab000, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x3000) = 0xcab000
> old_mmap(0xcac000, 7836, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xcac000
> close(4)
>
> Clearly, it's looking for libnss_winbind.so.2 in a bunch of places where
> it isn't, and then finding it in /lib. What is happening with old_mmap
> is beyond my knowledge, however. Does this help you any?
>
> ~Eric
>
> -Original Message-
> From: Stas [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 09, 2007 11:28 AM
> To: Eric Diven
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] Can't chown a file to an ADS username
>
> try to run the following command : # strace -o ./strace.out getent
> passwd , then look into strace.out for winbind related messages .
> you should see something like that when getent starts winbind lookups:
> "open("/lib64/libnss_winbind.so.2", O_RDONLY) = 6"
>
>
>
>
>
>
> On 10/9/07, Eric Diven <[EMAIL PROTECTED]> wrote:
> > Yes, these are only winbind startup messages, that's exactly the
> > problem. I had in my nsswitch.conf file:
> >
> > passwd: compat winbind
> > shadow: compat winbind
> > group: compat winbind
> >
> > which produced only the local names
> >
> > To test, I changed nsswitch.conf as follows:
> >
> > passwd: winbind [UNAVAIL=retunr] compat
> > shadow: compat winbind #so I have some hope of being able to log in
> > if I didn't get it changed back, maybe
> > group: winbind [UNAVAIL=return] compat
> >
> > and got *nothing* back from getent passwd. I'm guessing this means
> > I've got a .so file in the wrong place somewhere. Following the
> > instructions online, I have
> >
> > /lib/libnss_winbind.so.2
> > /lib/libnss_winbind.so -> /lib/libnss_winbind.so.2
> > /usr/lib/libnss_winbind.so -> /lib/libnss_winbind.so.2
> >
> > This sure looks correct, but it's pretty clear that winbind isn't
> > getting called.
> >
> > ~Eric
> >
> > -Original Message-
> > From: Stas [mailto:[EMAIL PROTECTED]
> > Sent: Monday, October 08, 2007 5:04 PM
> > To: Eric Diven
> > Cc: samba@lists.samba.org
> > Subject: Re: [Samba] Can't chown a file to an ADS username
> >
> > the winbindd.log you posted contains winbind startup messages?
> > if not try to restart winbind and check winbind log for errors .
> > /etc/nsswitch.conf contains winbind related strings?
> >
> >
> > On 10/8/07, Eric Diven <[EMAIL PROTECTED]> wrote:
> > > I'm not actually getting much from it. I'm assuming that all of
> > > winbinds logging goes to [logpath]/winbindd.log.
> > >
> > > If that's the case, I'm seeing nsswitch related stuff happening when
>
> > > winbind starts up, but not when I run getent passwd.
> > > I'm running winbind at debug level 3.
> > >
> > > [EMAIL PROTECTED] ~]# cat /var/log/samba/winbindd.log
> > > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81)
> > > added interface ip=192.168.100.80 bcast=192.168.100.255
> > > nmask=255.255.255.0
> > > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81)
> > > added interface ip=192.168.100.80 bcast=192.168.100.255
> > > nmask=255.255.2
RE: [Samba] Can't chown a file to an ADS username
No, I'm not looking up a specific user. I want all of the users that are in the passwd database. Running getent passwd should, in theory, accomplish this by going through all of the sources defined in nsswitch.conf and getting all of the entries each of them have. At least that's my understanding of how it should work. ~Eric -Original Message- From: Greg Byshenk [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 09, 2007 12:32 PM To: samba@lists.samba.org Cc: Eric Diven Subject: Re: [Samba] Can't chown a file to an ADS username On Tue, Oct 09, 2007 at 09:33:40AM -0400, Eric Diven wrote: > Yes, these are only winbind startup messages, that's exactly the > problem. I had in my nsswitch.conf file: > > passwd: compat winbind > shadow: compat winbind > group: compat winbind > > which produced only the local names > > To test, I changed nsswitch.conf as follows: > > passwd: winbind [UNAVAIL=retunr] compat > shadow: compat winbind #so I have some hope of being able to log in > if I didn't get it changed back, maybe > group: winbind [UNAVAIL=return] compat > > and got *nothing* back from getent passwd. I'm guessing this means > I've got a .so file in the wrong place somewhere. Following the > instructions online, I have > > /lib/libnss_winbind.so.2 > /lib/libnss_winbind.so -> /lib/libnss_winbind.so.2 > /usr/lib/libnss_winbind.so -> /lib/libnss_winbind.so.2 > > This sure looks correct, but it's pretty clear that winbind isn't > getting called. This is just a shot in the dark, but... - Are you calling 'getent passwd DOMAIN\\user'? - If not, do you have 'winbind use default domain = yes" set? -greg > -Original Message- > From: Stas [mailto:[EMAIL PROTECTED] > Sent: Monday, October 08, 2007 5:04 PM > To: Eric Diven > Cc: samba@lists.samba.org > Subject: Re: [Samba] Can't chown a file to an ADS username > > the winbindd.log you posted contains winbind startup messages? > if not try to restart winbind and check winbind log for errors . > /etc/nsswitch.conf contains winbind related strings? > > > On 10/8/07, Eric Diven <[EMAIL PROTECTED]> wrote: > > I'm not actually getting much from it. I'm assuming that all of > > winbinds logging goes to [logpath]/winbindd.log. > > > > If that's the case, I'm seeing nsswitch related stuff happening when > > winbind starts up, but not when I run getent passwd. > > I'm running winbind at debug level 3. > > > > [EMAIL PROTECTED] ~]# cat /var/log/samba/winbindd.log > > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81) > > added interface ip=192.168.100.80 bcast=192.168.100.255 > > nmask=255.255.255.0 > > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81) > > added interface ip=192.168.100.80 bcast=192.168.100.255 > > nmask=255.255.255.0 > > [2007/10/08 13:18:23, 2] lib/tallocmsg.c:register_msg_pool_usage(61) > > Registered MSG_REQ_POOL_USAGE > > [2007/10/08 13:18:23, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) > > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > > [2007/10/08 13:18:23, 2] > > nsswitch/winbindd_util.c:add_trusted_domain(175) > > Added domain EDSI EDSI.EDSI-INT.COM > > S-1-5-21-1993962763-329068152-1801674531 > > [2007/10/08 13:18:23, 2] > > nsswitch/winbindd_util.c:add_trusted_domain(175) > > Added domain LOCALHOST S-1-5-21-9612232-2512366426-966941693 > > [2007/10/08 13:18:23, 2] > > nsswitch/winbindd_util.c:add_trusted_domain(175) > > Added domain BUILTIN S-1-5-32 > > [2007/10/08 13:18:23, 3] > > nsswitch/winbindd_misc.c:winbindd_interface_version(483) > > [0]: request interface version > > [2007/10/08 13:18:23, 3] > > nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516) > > [0]: request location of privileged pipe > > [2007/10/08 13:18:23, 3] nsswitch/winbindd_misc.c:winbindd_ping(462) > > [0]: ping > > [EMAIL PROTECTED] ~]# > > > > This is the result of clearing the log, restarting samba, and > > running getent passwd. Nothing gets added to the log when I run it. > > It's greek to me what the stuff from winbind start up means, but I'm > > a little suspicious that nothing shows up on getent passwd. > > > > ~Eric > > > > -Original Message- > > From: Stas [mailto:[EMAIL PROTECTED] > > Sent: Monday, October 08, 2007 12:50 PM > > To: Eric Diven > > Cc: samba@lists.samba.org > > Subject: Re: [Samba] Can't chown a file to an ADS username > > > > winbind's log may be helpful > > > > > > > > On 10/8/07, Eric Diven <[EMAIL PROTECTED]> wrote: > > > I've got a samba install on Linux with winbind installed, etc. > > > I've > > > > configured it the same as I have under Solaris, but for some > > > reason, > > > > I > > > > > can't chown a file to an AD username. I have joined the box to > > > the domain, I can wbinfo -u/-g and get lists of users and groups > > > on the domain. When I run getent passwd or getent group, however, > > > I don't see any of the domain users and groups. I have winbind > > > enum users and > > > > > groups = yes in the s
RE: [Samba] Can't chown a file to an ADS username
Okay, here's something to work with:
open("/lib/tls/i686/sse2/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No
such file or directory)
stat64("/lib/tls/i686/sse2", 0xbffd8d38) = -1 ENOENT (No such file or
directory)
open("/lib/tls/i686/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
stat64("/lib/tls/i686", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/lib/tls/sse2/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
stat64("/lib/tls/sse2", 0xbffd8d38) = -1 ENOENT (No such file or
directory)
open("/lib/tls/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such file
or directory)
stat64("/lib/tls", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/lib/i686/sse2/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No
such file or directory)
stat64("/lib/i686/sse2", 0xbffd8d38)= -1 ENOENT (No such file or
directory)
open("/lib/i686/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
stat64("/lib/i686", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/lib/sse2/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
stat64("/lib/sse2", 0xbffd8d38) = -1 ENOENT (No such file or
directory)
open("/lib/libnss_winbind.so.2", O_RDONLY) = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\20\0\000"...,
512) = 512
fstat64(4, {st_mode=S_IFREG|0755, st_size=15584, ...}) = 0
old_mmap(NULL, 28316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4,
0) = 0xca7000
old_mmap(0xcab000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x3000) = 0xcab000
old_mmap(0xcac000, 7836, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xcac000
close(4)
Clearly, it's looking for libnss_winbind.so.2 in a bunch of places where
it isn't, and then finding it in /lib. What is happening with old_mmap
is beyond my knowledge, however. Does this help you any?
~Eric
-Original Message-
From: Stas [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 09, 2007 11:28 AM
To: Eric Diven
Cc: samba@lists.samba.org
Subject: Re: [Samba] Can't chown a file to an ADS username
try to run the following command : # strace -o ./strace.out getent
passwd , then look into strace.out for winbind related messages .
you should see something like that when getent starts winbind lookups:
"open("/lib64/libnss_winbind.so.2", O_RDONLY) = 6"
On 10/9/07, Eric Diven <[EMAIL PROTECTED]> wrote:
> Yes, these are only winbind startup messages, that's exactly the
> problem. I had in my nsswitch.conf file:
>
> passwd: compat winbind
> shadow: compat winbind
> group: compat winbind
>
> which produced only the local names
>
> To test, I changed nsswitch.conf as follows:
>
> passwd: winbind [UNAVAIL=retunr] compat
> shadow: compat winbind #so I have some hope of being able to log in
> if I didn't get it changed back, maybe
> group: winbind [UNAVAIL=return] compat
>
> and got *nothing* back from getent passwd. I'm guessing this means
> I've got a .so file in the wrong place somewhere. Following the
> instructions online, I have
>
> /lib/libnss_winbind.so.2
> /lib/libnss_winbind.so -> /lib/libnss_winbind.so.2
> /usr/lib/libnss_winbind.so -> /lib/libnss_winbind.so.2
>
> This sure looks correct, but it's pretty clear that winbind isn't
> getting called.
>
> ~Eric
>
> -Original Message-
> From: Stas [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 08, 2007 5:04 PM
> To: Eric Diven
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] Can't chown a file to an ADS username
>
> the winbindd.log you posted contains winbind startup messages?
> if not try to restart winbind and check winbind log for errors .
> /etc/nsswitch.conf contains winbind related strings?
>
>
> On 10/8/07, Eric Diven <[EMAIL PROTECTED]> wrote:
> > I'm not actually getting much from it. I'm assuming that all of
> > winbinds logging goes to [logpath]/winbindd.log.
> >
> > If that's the case, I'm seeing nsswitch related stuff happening when
> > winbind starts up, but not when I run getent passwd.
> > I'm running winbind at debug level 3.
> >
> > [EMAIL PROTECTED] ~]# cat /var/log/samba/winbindd.log
> > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81)
> > added interface ip=192.168.100.80 bcast=192.168.100.255
> > nmask=255.255.255.0
> > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81)
> > added interface ip=192.168.100.80 bcast=192.168.100.255
> > nmask=255.255.255.0
> > [2007/10/08 13:18:23, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
> > Registered MSG_REQ_POOL_USAGE
> > [2007/10/08 13:18:23, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
> > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> > [2007/10/08 13:18:23, 2]
> > nsswitch/winbindd_util.c:add_trusted_domain(175)
> > Added domain EDSI EDSI.EDSI-INT.COM
> > S-1-5-21-1993962763-329068152-1801674531
> > [2007/10/08 13:18:23, 2]
> > nsswitch/winbindd_util.c:add_trusted_domain(175)
> > Added domain LOCALHOST S-1-5-21-9612232-2512366426-
Re: [Samba] smbd process per user ( Samba 3 + Terminal server )
it win2000 SP4 .. i thought that this problem was solved in win2000 sp4 but now i see at MS web site that Q818528 should be applied on sp4 systems too. ok , i'll try . thanks. On 10/9/07, Eric Roseme <[EMAIL PROTECTED]> wrote: > I would have asked if you tested on NT4 or W2000, but another Samba > lists reader emailed me directly that EnableMultipleUsers is now > implemented on W2003. So I configured it on my W2003 PDC (I no longer > have any NT4 or W2000) and it works (see below). Both sessions > originate from the same Terminal Server, and they start individual smbd > daemons on the Samba server. So maybe you do not have the hotfix or > servicepack or something. Here is the url to the W2003 instructions: > > http://support.microsoft.com/kb/913835 > > I'll edit my paper to include W2003 and re-post it. > > Eric Roseme > Hewlett-Packard > > > emonster->smbstatus > > Samba version 3.0.22 based HP CIFS Server A.02.03 > PID Username Group Machine > --- > 1441 administ Domain U xx.xxx.208.126 (xx.xxx.208.126) > 1369 eroseme Domain U xx.xxx.208.126 (xx.xxx.208.126) > > Service pid machine Connected at > --- > eroseme 1369 xx.xxx.208.126 Tue Oct 9 08:59:34 2007 > backup 1441 xx.xxx.208.126 Tue Oct 9 09:21:51 2007 > > Locked files: > Pid DenyMode Access R/WOplock > SharePath Name > > 1441 DENY_NONE 0x11RDONLY NONE /backup >. Tue Oct 9 09:22:04 2007 > 1441 DENY_NONE 0x11RDONLY NONE /backup >. Tue Oct 9 09:22:04 2007 > 1369 DENY_NONE 0x11RDONLY NONE > /home/eroseme . Tue Oct 9 08:59:48 2007 > 1369 DENY_NONE 0x11RDONLY NONE > /home/eroseme . Tue Oct 9 08:59:48 2007 > > Stas wrote: > > Terminal server already configured with "EnableMultiUser=1" , but all > > sessions from Terminal server appears under same PID : > > > > file-srv:~ # net status sessions > > PID Username Group Machine > > --- > > 8742 DOMAIN\user1 DOMAIN\domain users 10.163.128.42 (10.163.128.42) > > 8742 DOMAIN\user2 DOMAIN\domain users 10.163.128.42 (10.163.128.42) > > 8742 DOMAIN\terminal$ DOMAIN\domain computers 10.163.128.42 > > (10.163.128.42) > > > > So , if i kill PID 8742 all files opened by terminal server users will > > be closed . > > Thanks. > > > > > > > > On 10/8/07, Eric Roseme <[EMAIL PROTECTED]> wrote: > >> Depends upon your terminal server. NT4 and W2000 - yes. W2003 - no > >> (unless they added the EnableMultipleUsers parameter from W2000). I > >> wrote a kind of wordy paper about this: > >> http://www.docs.hp.com/en/5015/Samba-TerminalServer_104Final.pdf. This > >> paper version does not include the W2000 fix, which is the above > >> parameter and hotfix Q818528. I have not looked to see if Microsoft > >> ever fixed this on W2003. I can send you the whitepaper with the W2000 > >> fix incorporated, if you want it (i never posted the updated version). > >> > >> Eric Roseme > >> Hewlett-Packard > >> > >> Stas wrote: > >>> Hello all. > >>> It is possible to force Samba 3 server to create "smbd" process for > >>> each user that open file from Terminal Server ? > >>> Sometimes I need close files , but can't do that by "kill " since > >>> it should close all files that opened by terminal server users .. > >>> It any flexible way to manage open files on Samba ? > >>> > >>> Thanks . > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd process per user ( Samba 3 + Terminal server )
I would have asked if you tested on NT4 or W2000, but another Samba lists reader emailed me directly that EnableMultipleUsers is now implemented on W2003. So I configured it on my W2003 PDC (I no longer have any NT4 or W2000) and it works (see below). Both sessions originate from the same Terminal Server, and they start individual smbd daemons on the Samba server. So maybe you do not have the hotfix or servicepack or something. Here is the url to the W2003 instructions: http://support.microsoft.com/kb/913835 I'll edit my paper to include W2003 and re-post it. Eric Roseme Hewlett-Packard emonster->smbstatus Samba version 3.0.22 based HP CIFS Server A.02.03 PID Username Group Machine --- 1441 administ Domain U xx.xxx.208.126 (xx.xxx.208.126) 1369 eroseme Domain U xx.xxx.208.126 (xx.xxx.208.126) Service pid machine Connected at --- eroseme 1369 xx.xxx.208.126 Tue Oct 9 08:59:34 2007 backup 1441 xx.xxx.208.126 Tue Oct 9 09:21:51 2007 Locked files: Pid DenyMode Access R/WOplock SharePath Name 1441 DENY_NONE 0x11RDONLY NONE /backup . Tue Oct 9 09:22:04 2007 1441 DENY_NONE 0x11RDONLY NONE /backup . Tue Oct 9 09:22:04 2007 1369 DENY_NONE 0x11RDONLY NONE /home/eroseme . Tue Oct 9 08:59:48 2007 1369 DENY_NONE 0x11RDONLY NONE /home/eroseme . Tue Oct 9 08:59:48 2007 Stas wrote: Terminal server already configured with "EnableMultiUser=1" , but all sessions from Terminal server appears under same PID : file-srv:~ # net status sessions PID Username Group Machine --- 8742 DOMAIN\user1 DOMAIN\domain users 10.163.128.42 (10.163.128.42) 8742 DOMAIN\user2 DOMAIN\domain users 10.163.128.42 (10.163.128.42) 8742 DOMAIN\terminal$ DOMAIN\domain computers 10.163.128.42 (10.163.128.42) So , if i kill PID 8742 all files opened by terminal server users will be closed . Thanks. On 10/8/07, Eric Roseme <[EMAIL PROTECTED]> wrote: Depends upon your terminal server. NT4 and W2000 - yes. W2003 - no (unless they added the EnableMultipleUsers parameter from W2000). I wrote a kind of wordy paper about this: http://www.docs.hp.com/en/5015/Samba-TerminalServer_104Final.pdf. This paper version does not include the W2000 fix, which is the above parameter and hotfix Q818528. I have not looked to see if Microsoft ever fixed this on W2003. I can send you the whitepaper with the W2000 fix incorporated, if you want it (i never posted the updated version). Eric Roseme Hewlett-Packard Stas wrote: Hello all. It is possible to force Samba 3 server to create "smbd" process for each user that open file from Terminal Server ? Sometimes I need close files , but can't do that by "kill " since it should close all files that opened by terminal server users .. It any flexible way to manage open files on Samba ? Thanks . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't chown a file to an ADS username
On Tue, Oct 09, 2007 at 09:33:40AM -0400, Eric Diven wrote: > Yes, these are only winbind startup messages, that's exactly the > problem. I had in my nsswitch.conf file: > > passwd: compat winbind > shadow: compat winbind > group: compat winbind > > which produced only the local names > > To test, I changed nsswitch.conf as follows: > > passwd: winbind [UNAVAIL=retunr] compat > shadow: compat winbind #so I have some hope of being able to log in if > I didn't get it changed back, maybe > group: winbind [UNAVAIL=return] compat > > and got *nothing* back from getent passwd. I'm guessing this means I've > got a .so file in the wrong place somewhere. Following the instructions > online, I have > > /lib/libnss_winbind.so.2 > /lib/libnss_winbind.so -> /lib/libnss_winbind.so.2 > /usr/lib/libnss_winbind.so -> /lib/libnss_winbind.so.2 > > This sure looks correct, but it's pretty clear that winbind isn't > getting called. This is just a shot in the dark, but... - Are you calling 'getent passwd DOMAIN\\user'? - If not, do you have 'winbind use default domain = yes" set? -greg > -Original Message- > From: Stas [mailto:[EMAIL PROTECTED] > Sent: Monday, October 08, 2007 5:04 PM > To: Eric Diven > Cc: samba@lists.samba.org > Subject: Re: [Samba] Can't chown a file to an ADS username > > the winbindd.log you posted contains winbind startup messages? > if not try to restart winbind and check winbind log for errors . > /etc/nsswitch.conf contains winbind related strings? > > > On 10/8/07, Eric Diven <[EMAIL PROTECTED]> wrote: > > I'm not actually getting much from it. I'm assuming that all of > > winbinds logging goes to [logpath]/winbindd.log. > > > > If that's the case, I'm seeing nsswitch related stuff happening when > > winbind starts up, but not when I run getent passwd. > > I'm running winbind at debug level 3. > > > > [EMAIL PROTECTED] ~]# cat /var/log/samba/winbindd.log > > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81) > > added interface ip=192.168.100.80 bcast=192.168.100.255 > > nmask=255.255.255.0 > > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81) > > added interface ip=192.168.100.80 bcast=192.168.100.255 > > nmask=255.255.255.0 > > [2007/10/08 13:18:23, 2] lib/tallocmsg.c:register_msg_pool_usage(61) > > Registered MSG_REQ_POOL_USAGE > > [2007/10/08 13:18:23, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) > > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > > [2007/10/08 13:18:23, 2] > > nsswitch/winbindd_util.c:add_trusted_domain(175) > > Added domain EDSI EDSI.EDSI-INT.COM > > S-1-5-21-1993962763-329068152-1801674531 > > [2007/10/08 13:18:23, 2] > > nsswitch/winbindd_util.c:add_trusted_domain(175) > > Added domain LOCALHOST S-1-5-21-9612232-2512366426-966941693 > > [2007/10/08 13:18:23, 2] > > nsswitch/winbindd_util.c:add_trusted_domain(175) > > Added domain BUILTIN S-1-5-32 > > [2007/10/08 13:18:23, 3] > > nsswitch/winbindd_misc.c:winbindd_interface_version(483) > > [0]: request interface version > > [2007/10/08 13:18:23, 3] > > nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516) > > [0]: request location of privileged pipe > > [2007/10/08 13:18:23, 3] nsswitch/winbindd_misc.c:winbindd_ping(462) > > [0]: ping > > [EMAIL PROTECTED] ~]# > > > > This is the result of clearing the log, restarting samba, and running > > getent passwd. Nothing gets added to the log when I run it. It's > > greek to me what the stuff from winbind start up means, but I'm a > > little suspicious that nothing shows up on getent passwd. > > > > ~Eric > > > > -Original Message- > > From: Stas [mailto:[EMAIL PROTECTED] > > Sent: Monday, October 08, 2007 12:50 PM > > To: Eric Diven > > Cc: samba@lists.samba.org > > Subject: Re: [Samba] Can't chown a file to an ADS username > > > > winbind's log may be helpful > > > > > > > > On 10/8/07, Eric Diven <[EMAIL PROTECTED]> wrote: > > > I've got a samba install on Linux with winbind installed, etc. I've > > > > configured it the same as I have under Solaris, but for some reason, > > > > I > > > > > can't chown a file to an AD username. I have joined the box to the > > > domain, I can wbinfo -u/-g and get lists of users and groups on the > > > domain. When I run getent passwd or getent group, however, I don't > > > see any of the domain users and groups. I have winbind enum users > > > and > > > > > groups = yes in the smb.conf file. > > > > > > Eventually, I need to be able to accomplish this with enum users and > > > > groups = no for a large domain, but I'm trying to duplicate a > > > problem we're have with Solaris. > > > > > > Any ideas? I'm happy to furnish further info/configs/logs on > request. -- greg byshenk - [EMAIL PROTECTED] - Leiden, NL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Non-default Domain group RID and NAS problem....
All, Many moons ago I set up Samba 3.x with LDAP (Fedora Directory Server) back end. Frankly, I forget what example configurations I worked off of, but the GIDs and SambaSIDs for well-known "Domain" groups (Admins, Computers, Guests, Users) start around 2512. Fast forward 6 months and we have a commercial NAS (EMC) in the domain. It has worked fine for basic home directories, but as we expand the number of shared group directories we have started to see flakiness of CIFS group privileges/access, and the NAS' logs show a set of errors like: Secmap: Cannnot resolve sid S-1-5-15-yadda-yadda-202 LGDB: Cannot get info for S-1-5-15-yadda-yadda-202 Secmap: Cannnot resolve sid S-1-5-15-yadda-yadda-201 LGDB: Cannot get info for S-1-5-15-yadda-yadda-201 Then we see a series of not-very-informative/verbose "permission denied" errors in the EMC logs and find that access to some directories (that work correctly under Linux/NFS) is denied to CIFS clients using same uid. EMC has a tech note about this that says: "Call us." :) The tech note also says that the NAS is trying to resolve CIFS SIDs (for Domain Guests and Users) that don't exist and after a lot of these errors CIFS starts to misbehave.. Since they (EMC) don't support Samba, I figured I would try to come up with a strategy. It is pretty hokey, but to make CIFS work on the NAS, we have a script that creates a passwd and group file from LDAP and copies same onto the NAS every hour. So right now it is copying Domain XXX" groups into that group file with 25xx GIDs. I am guessing the original intent of using 25xx GIDs was to get them out of any range that would conflict with other Unix groups, but now I am wondering about the wisdom of trying to move them back to the 20x GID and RID that CIFS on the EMC expects. Or do we try to fix the EMC so that it knows that those groups are 25xx? If anyone has encountered this before with one of the commercial appliances, I'd be interested to hear your thoughts. Nota Bene: We have implemented a commodity NAS as a backup server using OpenFiler. So far, so good. Less mysterious than the EMC in many respects. So, I expect when it comes time to refresh our NAS capability we'll be taking a hard look at doing it all with OF. Jim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] slow opening of files / make_connection: connection to IPC$ denied due to security descriptor.
On Tue, Oct 09, 2007 at 05:31:33PM +0200, Andre Berloth wrote: > Also, in my logs I see a lot of these 'connection to IPC$ denied due to > security descriptor' errors, and searching google didn't hint me what > the source of the problem was. Any idea's what the origin > of this error is? You have a security descriptor for IPC$ in your share_info.tdb. If you do not rely on share security descriptors being set via mmc or the srvmgr, simply delete share_info.tdb and restart smbd. If you do have settings there, fix the secdesc for IPC$. Volker pgpUaQExAZxNr.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] slow opening of files / make_connection: connection to IPC$ denied due to security descriptor.
Hello all, Some pc's in the network have big troubles opening files that reside on the server. Opening a word or excel file may take over 30 secs. Copying the file to the desktop takes less than a second. However, searching for this problem on google didn't give me any solutions yet. Any idea's what the problem is? Also, in my logs I see a lot of these 'connection to IPC$ denied due to security descriptor' errors, and searching google didn't hint me what the source of the problem was. Any idea's what the origin of this error is? I run a 3.026 server on OpenSUSE 10.2 Kind regards, Andre Berloth. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't chown a file to an ADS username
try to run the following command : # strace -o ./strace.out getent passwd ,
then look into strace.out for winbind related messages .
you should see something like that when getent starts winbind lookups:
"open("/lib64/libnss_winbind.so.2", O_RDONLY) = 6"
On 10/9/07, Eric Diven <[EMAIL PROTECTED]> wrote:
> Yes, these are only winbind startup messages, that's exactly the
> problem. I had in my nsswitch.conf file:
>
> passwd: compat winbind
> shadow: compat winbind
> group: compat winbind
>
> which produced only the local names
>
> To test, I changed nsswitch.conf as follows:
>
> passwd: winbind [UNAVAIL=retunr] compat
> shadow: compat winbind #so I have some hope of being able to log in if
> I didn't get it changed back, maybe
> group: winbind [UNAVAIL=return] compat
>
> and got *nothing* back from getent passwd. I'm guessing this means I've
> got a .so file in the wrong place somewhere. Following the instructions
> online, I have
>
> /lib/libnss_winbind.so.2
> /lib/libnss_winbind.so -> /lib/libnss_winbind.so.2
> /usr/lib/libnss_winbind.so -> /lib/libnss_winbind.so.2
>
> This sure looks correct, but it's pretty clear that winbind isn't
> getting called.
>
> ~Eric
>
> -Original Message-
> From: Stas [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 08, 2007 5:04 PM
> To: Eric Diven
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] Can't chown a file to an ADS username
>
> the winbindd.log you posted contains winbind startup messages?
> if not try to restart winbind and check winbind log for errors .
> /etc/nsswitch.conf contains winbind related strings?
>
>
> On 10/8/07, Eric Diven <[EMAIL PROTECTED]> wrote:
> > I'm not actually getting much from it. I'm assuming that all of
> > winbinds logging goes to [logpath]/winbindd.log.
> >
> > If that's the case, I'm seeing nsswitch related stuff happening when
> > winbind starts up, but not when I run getent passwd.
> > I'm running winbind at debug level 3.
> >
> > [EMAIL PROTECTED] ~]# cat /var/log/samba/winbindd.log
> > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81)
> > added interface ip=192.168.100.80 bcast=192.168.100.255
> > nmask=255.255.255.0
> > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81)
> > added interface ip=192.168.100.80 bcast=192.168.100.255
> > nmask=255.255.255.0
> > [2007/10/08 13:18:23, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
> > Registered MSG_REQ_POOL_USAGE
> > [2007/10/08 13:18:23, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
> > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> > [2007/10/08 13:18:23, 2]
> > nsswitch/winbindd_util.c:add_trusted_domain(175)
> > Added domain EDSI EDSI.EDSI-INT.COM
> > S-1-5-21-1993962763-329068152-1801674531
> > [2007/10/08 13:18:23, 2]
> > nsswitch/winbindd_util.c:add_trusted_domain(175)
> > Added domain LOCALHOST S-1-5-21-9612232-2512366426-966941693
> > [2007/10/08 13:18:23, 2]
> > nsswitch/winbindd_util.c:add_trusted_domain(175)
> > Added domain BUILTIN S-1-5-32
> > [2007/10/08 13:18:23, 3]
> > nsswitch/winbindd_misc.c:winbindd_interface_version(483)
> > [0]: request interface version
> > [2007/10/08 13:18:23, 3]
> > nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516)
> > [0]: request location of privileged pipe
> > [2007/10/08 13:18:23, 3] nsswitch/winbindd_misc.c:winbindd_ping(462)
> > [0]: ping
> > [EMAIL PROTECTED] ~]#
> >
> > This is the result of clearing the log, restarting samba, and running
> > getent passwd. Nothing gets added to the log when I run it. It's
> > greek to me what the stuff from winbind start up means, but I'm a
> > little suspicious that nothing shows up on getent passwd.
> >
> > ~Eric
> >
> > -Original Message-
> > From: Stas [mailto:[EMAIL PROTECTED]
> > Sent: Monday, October 08, 2007 12:50 PM
> > To: Eric Diven
> > Cc: samba@lists.samba.org
> > Subject: Re: [Samba] Can't chown a file to an ADS username
> >
> > winbind's log may be helpful
> >
> >
> >
> > On 10/8/07, Eric Diven <[EMAIL PROTECTED]> wrote:
> > > I've got a samba install on Linux with winbind installed, etc. I've
>
> > > configured it the same as I have under Solaris, but for some reason,
>
> > > I
> >
> > > can't chown a file to an AD username. I have joined the box to the
> > > domain, I can wbinfo -u/-g and get lists of users and groups on the
> > > domain. When I run getent passwd or getent group, however, I don't
> > > see any of the domain users and groups. I have winbind enum users
> > > and
> >
> > > groups = yes in the smb.conf file.
> > >
> > > Eventually, I need to be able to accomplish this with enum users and
>
> > > groups = no for a large domain, but I'm trying to duplicate a
> > > problem we're have with Solaris.
> > >
> > > Any ideas? I'm happy to furnish further info/configs/logs on
> request.
> > >
> > > ~Eric
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/listinfo/samba
> > >
> > --
> > To unsubscrib
Re: [Samba] permission/acl troubles
The same woes about the current Samba version, 3.0.26a. See my post "ACL inherit and windows folder security settings", October 8. Eugene. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] permission/acl troubles
Hi list, Since I've upgraded from samba 3.0.23c to 3.0.25c my ACL's don't work as expected anymore. I'm not sure where the problem is, however. The symptoms are simple: with 3.0.23c, I could grant and revoke user, group and world write access to and from files in a share. With 3.0.25c, I can't do that anymore. When I deselect group or world read access and apply the changes, I don't get an error, but the permissions aren't changed either. The release notes mention that posix acl support has been moved to a vfs module, but I'm wondering if the problem I have is there: I'm having trouble also with the normal permissions of the files. I compiled samba with --with-acl-support and --with-static-modules=vfs_posixacl, while setting 'vfs objects = posixacl' in the config stanza for the specific share, but no luck. Can anyone give me a clue to a config setting or a piece of virtual dead tree that I can read? Thanks a lot. roel Some additional info: ---/--- compile options: ./configure \ --enable-cups \ --enable-static=no \ --enable-shared=yes \ --with-fhs \ --with-acl-support \ --with-automount \ --prefix=/usr \ --localstatedir=/var \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --with-lockdir=/var/cache/samba \ --sysconfdir=/etc \ --with-configdir=/etc/samba \ --with-privatedir=/etc/samba/private \ --with-swatdir=/usr/share/swat \ --with-smbmount \ --with-quotas \ --with-syslog \ --with-utmp \ --with-libsmbclient \ --with-winbind \ --with-ldapsam \ --with-static-modules=vfs_posixacl \ ---/--- smb.conf: [global] workgroup = DEMO netbios name = TESTSERVER server string = testserver interfaces = 192.168.1.255/24 127.255.255.255/8 bind interfaces only = Yes hosts allow = 192.168.1. 127.0.0.1 encrypt passwords = Yes username map = /etc/samba/smbusers log file = /var/log/samba/samba.log max log size=350k max open files = 4000 syslog = 0 domain logons = Yes logon script = %U.bat # This is for winNT and possibly win2000 # The profile share is also needed logon path = \\testserver\%U\.profileNT # This is for win95 and win98 logon drive = H: logon home = \\testserver\%U os level = 254 preferred master = Yes domain master = Yes local master = Yes wins support = Yes time server = Yes name resolve order = host wins bcast passdb backend = ldapsam:ldap://localhost ldap suffix = dc=example,dc=tld ldap machine suffix = ou=users ldap user suffix = ou=users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=admin,dc=example,dc=tld idmap backend = ldap:ldap://localhost idmap uid = 1-2 idmap gid = 1-2 printing = cups min print space = 1000 vfs objects = posixacl oplocks = No level2 oplocks = No [tv] path = /tmp/tv readlist = validusers = +"Domain Users" writelist = +"Domain Users" vfs objects = posixacl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba performance tuning
On 10/9/07, Daniel L. Miller <[EMAIL PROTECTED]> wrote: > Andrew Sherlock-CF wrote: > > I wonder if tshark or netstat could be useful here > I don't know the tools, which is why I was asking. > I do not think either tool will benchmark samba file serving performance but the actual goal of what a samba mark would benchmark is unclear. I guess one could create a benchmark that could measure the throughput of a single folder on a single samba share but this may or may not be a good guide to performance on the samba server. I mean permissions, number of files in a folder, file sizes, acls, and file system and storage choices can play a big part in performance and any or all of these may be different from folder to folder on a samba share. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba performance tuning
Andrew Sherlock-CF wrote: I wonder if tshark or netstat could be useful here I don't know the tools, which is why I was asking. Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Can't chown a file to an ADS username
Yes, these are only winbind startup messages, that's exactly the problem. I had in my nsswitch.conf file: passwd: compat winbind shadow: compat winbind group: compat winbind which produced only the local names To test, I changed nsswitch.conf as follows: passwd: winbind [UNAVAIL=retunr] compat shadow: compat winbind #so I have some hope of being able to log in if I didn't get it changed back, maybe group: winbind [UNAVAIL=return] compat and got *nothing* back from getent passwd. I'm guessing this means I've got a .so file in the wrong place somewhere. Following the instructions online, I have /lib/libnss_winbind.so.2 /lib/libnss_winbind.so -> /lib/libnss_winbind.so.2 /usr/lib/libnss_winbind.so -> /lib/libnss_winbind.so.2 This sure looks correct, but it's pretty clear that winbind isn't getting called. ~Eric -Original Message- From: Stas [mailto:[EMAIL PROTECTED] Sent: Monday, October 08, 2007 5:04 PM To: Eric Diven Cc: samba@lists.samba.org Subject: Re: [Samba] Can't chown a file to an ADS username the winbindd.log you posted contains winbind startup messages? if not try to restart winbind and check winbind log for errors . /etc/nsswitch.conf contains winbind related strings? On 10/8/07, Eric Diven <[EMAIL PROTECTED]> wrote: > I'm not actually getting much from it. I'm assuming that all of > winbinds logging goes to [logpath]/winbindd.log. > > If that's the case, I'm seeing nsswitch related stuff happening when > winbind starts up, but not when I run getent passwd. > I'm running winbind at debug level 3. > > [EMAIL PROTECTED] ~]# cat /var/log/samba/winbindd.log > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81) > added interface ip=192.168.100.80 bcast=192.168.100.255 > nmask=255.255.255.0 > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81) > added interface ip=192.168.100.80 bcast=192.168.100.255 > nmask=255.255.255.0 > [2007/10/08 13:18:23, 2] lib/tallocmsg.c:register_msg_pool_usage(61) > Registered MSG_REQ_POOL_USAGE > [2007/10/08 13:18:23, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > [2007/10/08 13:18:23, 2] > nsswitch/winbindd_util.c:add_trusted_domain(175) > Added domain EDSI EDSI.EDSI-INT.COM > S-1-5-21-1993962763-329068152-1801674531 > [2007/10/08 13:18:23, 2] > nsswitch/winbindd_util.c:add_trusted_domain(175) > Added domain LOCALHOST S-1-5-21-9612232-2512366426-966941693 > [2007/10/08 13:18:23, 2] > nsswitch/winbindd_util.c:add_trusted_domain(175) > Added domain BUILTIN S-1-5-32 > [2007/10/08 13:18:23, 3] > nsswitch/winbindd_misc.c:winbindd_interface_version(483) > [0]: request interface version > [2007/10/08 13:18:23, 3] > nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516) > [0]: request location of privileged pipe > [2007/10/08 13:18:23, 3] nsswitch/winbindd_misc.c:winbindd_ping(462) > [0]: ping > [EMAIL PROTECTED] ~]# > > This is the result of clearing the log, restarting samba, and running > getent passwd. Nothing gets added to the log when I run it. It's > greek to me what the stuff from winbind start up means, but I'm a > little suspicious that nothing shows up on getent passwd. > > ~Eric > > -Original Message- > From: Stas [mailto:[EMAIL PROTECTED] > Sent: Monday, October 08, 2007 12:50 PM > To: Eric Diven > Cc: samba@lists.samba.org > Subject: Re: [Samba] Can't chown a file to an ADS username > > winbind's log may be helpful > > > > On 10/8/07, Eric Diven <[EMAIL PROTECTED]> wrote: > > I've got a samba install on Linux with winbind installed, etc. I've > > configured it the same as I have under Solaris, but for some reason, > > I > > > can't chown a file to an AD username. I have joined the box to the > > domain, I can wbinfo -u/-g and get lists of users and groups on the > > domain. When I run getent passwd or getent group, however, I don't > > see any of the domain users and groups. I have winbind enum users > > and > > > groups = yes in the smb.conf file. > > > > Eventually, I need to be able to accomplish this with enum users and > > groups = no for a large domain, but I'm trying to duplicate a > > problem we're have with Solaris. > > > > Any ideas? I'm happy to furnish further info/configs/logs on request. > > > > ~Eric > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Unusable performance over WAN (part 2)
James Lamanna wrote: On 10/8/07, Mike Eggleston <[EMAIL PROTECTED]> wrote: On Mon, 08 Oct 2007, James Lamanna might have said: So as it turns out, apparently it was a window scaling issue. Turning on an excessively large window size on the routers (thereby enabling dynamic TCP window scaling) seems to have fixed the issue. I now get transfer rates around 130-160k/s. Great. For hysterical porpoises please document what specific changes you made on the windows boxes and what specific changes you made on your router. Mike The only change I made on the routers was I added the global configuration command (both Cisco routers btw) ip tcp window-size 75 -- James Is 75 a good value. My router says the valid range is 0-65535. Stu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and Wins (winbind) problem on clients
Hello everyone! I'm facing some problems here, that maybe someone faced the same and could help me. I have a samba server (domain name: SMBDOM) that is working as a wins server too. This server has 2 interfaces, 192.168.1.1 and 10.1.1.1. My client's network is 192.168.1.x *BUT* when I put the Windows 98 clients on the Domain (only 98, in XP is OK), the netbios name/ip of my samba is SMBDOM -> 10.1.1.1, when the correct would be SMBDOM 192.168.1.1 . I'm correcting the problem by editing the c:\windows\lmhosts file, but the problem is on server, isn't it? My wins server (nmbd) is sending the wrong ip (10.1.1.1) instead of the right one (192.168.1.1) to the clients. The "interfaces" and "bind interfaces only" directive are setted up to my 192.168.1.1 interface, but it's not working as well. Well, that's it, thanks in advance for any help. Best, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] recycle: touching failed operation not permitted
Hello In /var/log/messages I have got a lot of errors such as : "recycle: touching .recycle/jankowski/500/500_U/21-10-5U.~TIF failed, reason = Operation not permitted " ~~.tif it's a temp file and I noticed that samba deletes this files to recycle . My smb.conf comment = Rastry public = yes invalid users = @geodeta,@ewidencja, path = /home/samba/rastry write list = @rastry deny hosts = korytarz1, korytarz2 force create mode = 0777 vfs object = full_audit recycle recycle:repository = .recycle/%U recycle:touch = true recycle:keeptree = true recycle:versions = false recycle:exclude = *.TMP recycle:directory_mode = 773 full_audit:prefix = %u|%m|%I full_audit:failure = read full_audit:success = pwrite rename unlink rmdir mkdir Please help me because my syslog has a lot of this entry's ATRAKCYJNE NIERUCHOMOŚCI W ZAKOPANEM !!! Apartamenty, Domy, Działki, Pensjonaty, Hotele, Lokale użytkowe... Kliknij: http://klik.wp.pl/?adr=www.bachledanieruchomosci.pl&sid=54 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Lightweight nmblookup
I'm looking for a lightweight version of nmblookup for an embedded device that needs to connect to windows boxes who have had their IP addresses assigned by DHCP. I want a simple application that given the name of a windows box on the network, it will give me the IP address. From analysing the exchange with ethereal, it seems like a very simple request/response exchange, and I really don't want a full version of nmblookup (or libnss_wins) just for that. Is there a lightweight application that would meet my needs or would I have to look at writing one ? If I were to write a small application to do it, is the exchange as simple as it appears to be in ethereal ? (Send a request to the broadcast address, take the IP address of the responding packet) Finally, could anybody point me in the direction of some documentation regarding the name encoding within the request packet ? Thanks, Tony Wright. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, Squid and Active Directory
I am looking at renaming my Active Directory domain. We currently use Squid for internet access and I believe this uses Samba / NTLM to authenticate the users I was wondering if the only thing I need to do to keep squid running is modify the SMB.CONF file to the new workgroup and realm to reflect the new domain name. And of course restart the SMB and SQUID services Cheers Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SWAT smbpasswd authentication
On Tue, 9 Oct 2007, Andrew Bartlett wrote: This is not possible, in part due to concerns over the chicken-and-egg problem of setting up Samba to use smbpasswd while authenticating against smbpasswd, and mostly because that codepath hasn't been altered since 2001, when we didn't have 'encrypt passwords = yes' as a default. Thanks. Actually I came up with another solution. PAM and pam_smbpass would be one way around it, on Linux systems. Yes, but no PAM here. Cheers! -- Antoine -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Ads server issue
Hi, We configured Ads primary&Backup domain controller in windows 2003 server.weare able to fetch the user from primary domain controller by using samba configuration.But we are not able to fetch the user from the Backup domain controller. Sometimes, we are getting same set of users repeated again from the primary domain controller. The following are the commands that we are using to contact the Ads server from Samba to fetch the users. /usr/local/samba/sbin/smbd /usr/local/samba/sbin/nmbd /usr/local/samba/bin/net rpc join -U Administrator%password /usr/local/samba/sbin/winbindd /usr/local/samba/bin/net time set -I 192.168.0.xyz /usr/local/samba/bin/net ads join -U Administrator%password getent passwd Can anybody throw light on why this is happening? Thanks in advance for your inputs, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Doesnt do ADS Authentications
Hiya I Have configured my samba machine as a member of Windows AD (win2k3 Machine). All the configuration went on successfully when I execute net ads testjoin ; I get output as "OK" and I can see my samba machine in AD computers and users. also i get a proper output from wbinfo -u -g. My kerberos tickets are valid. Now the problem I'm facing is Case1: When I enter the machine name of my samba server in Run Box Of Winxp it is popping up for a user name and pass like Samba/ (where Samba = my samba server name) when I enter a valid ADS domain user name it doesnt validate it but when I enter a valid linux user/pass it gets authenticated. Now in Case 2: when I'm entering the ip address of my samba server in "Run" Box it is asking for TIPTON1/when I enter a valid user and pass of windows it doesnt authenticate also when I enter a valid user and pass of linux it doesnt authenticate. The Only Condition when I'm able to access the samba shares is when I log into winxp with my ADS Domain Profile and try to access the Samba share from My Network Places>Samba Domain. I would like to use all the ADS accounts to authenticate the users and i dont want to use my linux users n passes. Here is my winbind log >> http://pastebin.ca/726764 my smb.conf >> http://pastebin.ca/726761 my smbd.log >> http://pastebin.ca/726762 Please help me out. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Is this a new tls problem?&[EMAIL PROTECTED]
R U the Peter I once met at Rhodes university in South Africa? Melikaya Rubushe Manager - Labour Relations Office 1007 ECDC Building Office of the Premier Bisho Tel: 040 609 6133 Cel: 082 266 8741 Fax: 086 643 0550 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind authentication over transitive trusts between multiple W2k3 Domains
Hallo,
we use Samba 3.0.22 with MIT Kerberos and winbind on Ubuntu edgy in a
Windows2003 ADS enviroment. Everything works fine like kinit, net ads
join, getting the Domain accounts from the own and other domains, but one
important thing fails - obviously winbind cannot resolve name to sid, when
the account is in another domain, where is only a transitive trust, not a
direct.
Lets say there are 3 AD domains in one tree: NIRVANA.ROM as top,
CA.NIRVANA.ROM and PO.NIRVANA.ROM as 2 child domains. Our Samba server
IDEFIX is in domain PO.
Our configuration ...
krb5.conf:
[libdefaults]
default_realm = PO.NIRVANA.ROM
ticket_lifetime = 36000
dns_lookup_realm = false
dns_lookup_kdc = false
clockskew = 300
[realms]
CA.NIRVANA.ROM = {
kdc = castor.ca.nirvana.rom
admin_server = castor.ca.nirvana.rom
default_domain = CA
}
PO.NIRVANA.ROM = {
kdc = pollux.po.nirvana.rom
admin_server = pollux.po.nirvana.rom
default_domain = PO
}
NIRVANA.ROM = {
kdc = thor.nirvana.rom
admin_server = thor.nirvana.rom
default_domain = NIRVANA
}
[domain_realm]
.ca.nirvana.rom = CA.NIRVANA.ROM
ca.nirvana.rom = CA.NIRVANA.ROM
.po.nirvana.rom = PO.NIRVANA.ROM
po.nirvana.rom = PO.NIRVANA.ROM
.nirvana.rom = NIRVANA.ROM
nirvana.rom = NIRVANA.ROM
smb.conf:
[global]
workgroup = PO
security = ADS
realm = PO.NIRVANA.ROM
netbios name = IDEFIX
password server = *
idmap uid = 1-20
idmap gid = 1-20
template shell = /bin/false
allow trusted domains = Yes
winbind trusted domains only = No
winbind use default domain = No
winbind nested groups = Yes
winbind separator = +
winbind cache time = 3600
winbind enum users = Yes
winbind enum groups = Yes
client use spnego = yes
...
wbinfo -t says ok
wbinfo --sequence get sequence numbers for all 3 domains
wbinfo -u get all accounts from all 3 domains with the correct prefix
getent passwd looks like wbinfo -u
But users from the other child domain cannot be authenticated. We traced
it down to the name-to-sid function.
wbinfo -n PO+administrator
> S-1-5-21-1669369028-1636446635-1573960127-500 User (1)
wbinfo -n NIRVANA+administrator
> S-1-5-21-1755308885-1021831964-821464085-500 User (1)
wbinfo -n CA+administrator
> Could not lookup name CA+administrator
winbindd with debug7 shows this
...
1c smb_io_dom_rid2
001c type : 08
0020 rid:
0024 rid_idx:
0028 mapped_count:
002c status : NT_STATUS_NONE_MAPPED
lookup_name returned an error
lookupname returned an error
While the other queries show an NT_STATUS_OK and mapped_count 1 and so on.
The only way we could make it work was to build a shortcut trust between
the 2 child domains CA and PO, but since we have in productive enviroment
more then 3 domains it wouldn't be a quite nice solution.
Has anybody seen this behavior too? Is that really a bug or missing
feature in the current samba version? Or do we have any missconfiguration
(I hope)?
Any help would be much appreciated.
Thanks in advance.
Mit freundlichen Grüßen
With kind regards
Sandra Geigenmüller
KION Information Management Services GmbH, Sitz der Gesellschaft: Wiesbaden,
Registergericht: Wiesbaden HRB 22949, USt-Id-Nr. DE 252065348,
Geschäftsführung: Helmut Draxler, Holger Pudzich
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] errors - cannot access LDAP when not root
(please CC)
Hi,
"Gerald (Jerry) Carter" wrote:
> Bradley Tate wrote:
>
> > It's not like it isn't working, it is, but there are
> > slowdowns and delays and the "cannot access LDAP
> > when not root.." error messages in all users log
> > files are the only things I've got to go on. Very
> > frustrating for the users.
>
> It's a bug in Samba. After We get 3.0.25a, I'll see
> about backporting some fixes to my 3.0.24-gc branch.
Do you have any more information about which part of the source code
causes this error message?
Thanks,
Wolf
--
Calculators are Weapons of Math Instruction. ('freitasm', seen on /.)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to authenticate NT4 users through AD via 2 way trust
Hi there, my first post to the lists! *Environment: * Linux RHEL4 x86_64 kernel 2.6.9-42 Samba 3.0.25b-0.4E.5 I am using winbind. My server is joined to an AD domain which has a two way trust with an NT4 domain. This is the only linux box in the windows domain. I am trying to login with NT4 domain user. *From login prompt:* I can log in using an AD user. I CANNOT log in using an NT4 user even though the 2 way trust is established. *From root user:* I can su - to both AD and NT4 users as no password needed. If I try logging in as NT4 user and I enter the correct password the prompt returns "su: incorrect password" If I try logging in as NT4 user and I enter the INCORRECT password the prompt returns 2 lines. "Wrong password" and "su: incorrect password" My smb.conf [global] workgroup = AD realm = AD.DOMAIN netbios name = LNXSAMBA server string = Samba Server interfaces = eth0 security = ADS password server = server.ad.domain log level = 1 log file = /var/log/samba/%m.log max log size = 0 smb ports = 139 name resolve order = wins bcast hosts preferred master = No local master = No domain master = No winbind separator = + dns proxy = No wins server = 10.100.3.51 winbind enum users = yes winbind enum groups = yes idmap uid = 1-65000 idmap gid = 1-65000 template homedir = /home/NTUsers/%D/%U template shell = /bin/bash winbind use default domain = no Should I be able to authenticate NT users through the AD trust using the ADS security method? Could the problem lie in my pam.d configuration files? This is my first foray into the world of Samba so if you need any more info please let me know. Thanks Roycrom *** This e-mail is confidential and privileged. If you are not the intended recipient do not disclose, copy or distribute information in this e-mail or take any action in reliance on its content. *** *** This email has been checked for known viruses. *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbfs mounts hang when windows machine is rebooted
I am mounting directories from a WinXP SP2 machine to a Debian Linux 2.6.18-4-686 using /etc/fstab of: //winxp/directory /mnt/mountpoint smbfs username=xxx,password=xxx,uid=xxx,gid=xxx,errors=remount-ro 0 0 If I reboot the windows machine, any access to the mountpoint on the linux box hangs. umount -f fails due to the device being busy, even though the mount is inaccessible. umount -l does work and then I can remount. I have not had any luck finding any hits when searching for solutions so that the mounts be timed out and reset automatically. This is a production app that depends on directories being accessible. Can anyone point me in the right direction? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Manage acl
Hi, I would like to know if it is possible de give same permissions than an existing user to a new user ? I have a lot of directories and I dont want to do it one by one... -- View this message in context: http://www.nabble.com/Manage-acl-tf4560609.html#a13015236 Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba/active directory permissions
Using Debian 4.0.I want to create one Share (eg. Files) and have subdirectories for each department. This is so that users only have to mount one share. So it looks something like this: Files - Accounting - Human Resources - Enginnering - etc Using Samba how can I give subdirectories different permissions using Active Directory. Would this be done by creating corresponding linux groups and assign them to the directories at the linux level? If so how do I map Active Directory users/groups to their respective Linux users/groups. I'm trying to replace a Windows machine that is currently acting as a file server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Understanding security
I think I just got Samba authenticating properly with Active Directory. So far in my smb.conf file I have the following. It's just an example to allow one group and one individual user access. [Engineering] comment = Engineering path= /home/Engineering Valid Users = @MYDOMAIN+Engineering MYDOMAIN+username writable = yes browseable = yes My question are: 1. What should I set the following to so that only those who should have access actually do. I am confused which ones take precedence and which ones should be used to ensure maximum security. read only writable browseable public write list etc 2. Referring to the Linux directory, who should be the owner of each shared directory? Can it be root with chmod 777 since no one will have command line access to the machine (ie. users only accessing it via Samba). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to create Administrators, Failed to create Users
Hey ! I finally managed to get rid of those messages "Failed to create Administrators" and "Failed to create Users" in the logfile. It seems there is a small bug with winbind when it is used with the "idmap backend = rid:DOMAIN=10-20". With such a configuration, winbind can't create any BUILTIN group (Administrators, Users, Guests, Operators, ...), even if you try to force it with : net sam createbuiltingroup What I've done is to reset conf.conf to the standard "idmap backend = tdc", restart samba and winbind, issue the command : net sam createbuiltingroup successfully. Then you can see the mappings with "net groupmap list verbose". Last, set winbind back to "idmap backend = rid ..." like it was before. Restart samba and winbind, and pooof ! Error messages are gone !!! It took me a long time to discover that! Regards Yvan Broccard Jacek Kowalski a écrit : Hi, Since I install Samba 3.0.23d on my Centos5 with kernel 2.6.18-8.1.10.el5 #1 SMP I've the following messages in my logfile: Oct 3 16:45:22 smbd[6174]: [2007/10/03 16:45:22, 0] auth/auth_util.c:create_builtin_administrators(785) Oct 3 16:45:22 smbd[6174]: create_builtin_administrators: Failed to create Administrators Oct 3 16:45:22 smbd[6174]: [2007/10/03 16:45:22, 0] auth/auth_util.c:create_builtin_users(751) Oct 3 16:45:22 smbd[6174]: create_builtin_users: Failed to create Users Version of krb5 is 1.5-29 This is my smb.conf: [global] netbios name = SERVER workgroup = DOMAIN realm = DOMAIN.NET security = ADS password server = server.domain.net winbind separator = + allow trusted domains = No idmap backend = idmap_rid:INFORNET=1000-65000 idmap uid = 1000-65000 idmap gid = 1000-65000 template shell = /bin/bash winbind use default domain = Yes winbind enum users = No winbind enum groups = No winbind nested groups = Yes log file = /var/log/samba/%I.log log level = 3 max log size = 500 smb ports = 139 guest account = guest encrypt passwords = yes username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no [homes] comment = Home Directories browseable = no writable = yes create mask = 664 directory mask = 0775 [source1] path = /home/source1 public = yes valid users = @DOMAIN+group1 read list = @DOMAIN+group1 write list = @DOMAIN+group1 force group = group1 writable = yes printable = no browseable = yes create mask = 0665 force directory mode = 0775 guest ok = yes Anybody knows how to fix it? Regards Jaco -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File access error
Hi, we have updated our samba version from 3.0.20-something (SuSE packages) to 3.0.25b-33 (SerNet " " ) a few weeks ago. Since we have done this update, some people are reporting the following behavior. They open an M$-Access file and after a few hours a messages is coming up, network connection error. A reopen works without any fault. No data are lost. What's the reason for this behavior ? Can we change it ? Any idea ? Thanks! Bye, Peer Hardware: SUN X4100 (AMD64), SuSE SLES9 SP3 smb.conf: [global] socket options = TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536 netbios name = SNFS_1 interfaces = eth0 security = domain password server = * printing = cups printcap name = cups printcap cache time = 0 cups options = raw printer admin = @ntadmin, root, administrator map to guest = Bad User log file = /var/log/samba/%m.log read only = no unix charset = UTF-8 display charset = UTF-8 -- -- Mit freundlichem Gruss Peer-Joachim Koch _ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Hans-Knöll Str.10Telefon: ++49 3641 57-6705 D-07745 Jena Telefax: ++49 3641 57-7705 smime.p7s Description: S/MIME Cryptographic Signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba performance tuning
I wonder if tshark or netstat could be useful here? Andrew --- > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > g] On Behalf Of Daniel L. Miller > Sent: 09 October 2007 00:47 > To: samba@lists.samba.org > Subject: [Samba] Samba performance tuning > > Hi all! > > I've seen a number of posts regarding Samba performance - either > comments about perceived poor performance, or recommended parameter > changes. Instead of some arbitrary buffer numbers, or "play with it > until it works", are there any analysis tools that can give > quantitative > answers ? Something where instead of just saying, "Samba is > too slow", > I could say, "on a quad-opteron system, with 4G RAM, and full-duplex > 100BaseT network, SambaMark reports a score of 237.". > > Maybe that's too much of a dream - is there a particular file > size/copy/read technique and associated analysis that I should try? > -- > Daniel > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Fwd: could not read attribute 'gidNumber' --> seems to work with ldapsearch
ok. this problem is also solved now. but if i add a domain user to a local group, then the domain user has to log off and logon again before the group membership is working... and usermod is not working anymore. this is actually not a big problem, or has anyone run into problems with this? Maybe some known applications or install scripts that may cause problems if usermod is not working? Regards Urs -- Forwarded message -- From: Urs Golla <[EMAIL PROTECTED]> Date: Oct 5, 2007 5:23 PM Subject: Fwd: could not read attribute 'gidNumber' --> seems to work with ldapsearch To: samba@lists.samba.org I have installed 3.0.26 and the problem seems to be fixed now. But when i do a "finger domain+username" or "id" it does not look for domain users. it checks only the local users and the ones in the winbind chache. why? I did not change nsswitch.conf or any other configuration files. -- Forwarded message -- From: Urs Golla <[EMAIL PROTECTED]> Date: Oct 5, 2007 1:43 PM Subject: Fwd: could not read attribute 'gidNumber' --> seems to work with ldapsearch To: samba@lists.samba.org If I run a normal ldapsearch it gives me the gidnumber and uidnumber attributes. It looks like the AD is set up properly. -- Forwarded message -- From: Urs Golla <[EMAIL PROTECTED]> Date: Oct 4, 2007 9:47 AM Subject: could not read attribute 'gidNumber' To: samba@lists.samba.org Hi I am using samba 3.0.23c on RHEL5 with security = ads. If I use "idmap backend = ad" i can see in the logfile that it gets my uidNumber: ad_idmap_get_id_from_sid mapped SID [S-mysid] to POSIX UID myuid but it is not able to get my gidNumber: [2007/10/04 09:44:17, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(309) ad_idmap_get_id_from_sid: ads_pull_uint32: could not read attribute 'gidNumber' any idea? thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
