Re: [Samba] shared files missing after install

[Volker Lendecke]

On Wed, Mar 25, 2009 at 02:30:57PM +1100, David Bessell (SuperU) wrote:
> I am running samba on a FreeBSD 7 vbox and get the following messages
> 
> emma# /usr/local/samba/sbin/smbd -D
> /libexec/ld-elf.so.1: Shared object "libtalloc.so.1" not found, required
> by "smbd"
> emma# /usr/local/samba/sbin/winbindd -D
> /libexec/ld-elf.so.1: Shared object "libtalloc.so.1" not found, required
> by "winbindd"
> emma# /usr/local/samba/sbin/nmbd -D
> /libexec/ld-elf.so.1: Shared object "libtalloc.so.1" not found, required
> by "nmbd"
> 
> I have done a default install, configure, make, make install with no
> parameters or switches.
> There clearly needs to be something else installed but I don't know
> what.

You need to set LD_LIBRARY_PATH=/usr/local/samba/lib (or so).

Volker


pgpsflmpODR29.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem with new Samba 3.2.3 Ubuntu install: "INTERNAL ERROR 6 in pid XXXX"

[Volker Lendecke]

On Tue, Mar 24, 2009 at 04:10:45PM -0700, Stewart Loving-Gibbard wrote:
> [2009/03/24 12:23:59,  0] lib/fault.c:fault_report(41)
>   INTERNAL ERROR: Signal 6 in pid 6033 (3.2.3)
>   Please read the Trouble-Shooting section of the Samba3-HOWTO
> [2009/03/24 12:23:59,  0] lib/fault.c:fault_report(43)

Can you send a debug level 10 log of this?

Volker


pgpGC5QlMMltL.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] shared files missing after install

[David Bessell (SuperU)]

I am running samba on a FreeBSD 7 vbox and get the following messages

emma# /usr/local/samba/sbin/smbd -D
/libexec/ld-elf.so.1: Shared object "libtalloc.so.1" not found, required
by "smbd"
emma# /usr/local/samba/sbin/winbindd -D
/libexec/ld-elf.so.1: Shared object "libtalloc.so.1" not found, required
by "winbindd"
emma# /usr/local/samba/sbin/nmbd -D
/libexec/ld-elf.so.1: Shared object "libtalloc.so.1" not found, required
by "nmbd"

I have done a default install, configure, make, make install with no
parameters or switches.
There clearly needs to be something else installed but I don't know
what.

Mr David Bessell
Network Manager
 
St Michael's Collegiate School
Phone  03 6211 4940
Fax  03 6211 4955 
218 Macquarie Street
Hobart 7000
 
The Christ College Trust trading as ST MICHAEL'S COLLEGIATE SCHOOL
CRICOS Registration No. 00482K
The contents of this email are confidential. Any unauthorised use of the
contents is expressly prohibited. If you have received this email in
error, please advise by telephone (reverse charges) immediately and then
delete/destroy the email and any printed copies. Thank you.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Re: 1MB/s gigabit transfers on dell poweredge

[Linda Walsh]

John H Terpstra - Samba Team wrote:

Linda Walsh wrote:

Especially since John Terpstra's home setup uses a 4-disk RAID and
gets up to 90MB xfers over CIFS.  (Is that with standard size network/TCP
packetsizes?  Or anything non-default for tuning on that?) :-)



My TCP/IP is at default settings - no tuning at all.  It works well
enough that I can't be bothered with tuning.

---
I can see why.

At 90MB over a 1GB line, tuning would be an unneeded luxury.

(I'm lucky to get a sustained 700Mb for any xfer over my 1GB-ether,
but my fileserver isn't running raid and is running with P-III's)

Cheers,
Linda W.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] RFE: manpage smb.conf`

[Linda Walsh]

Under log level (debuglevel)
	there is nothing to indicate what the numbers mean, there is only the 
enumeration of debug-sections.


While I wouldn't need what each number does in each debug area,
I did note the following helpful behavior regarding use of numbers
only (which I presume would be equal to specifying that number for 'all',
or listing out all sections).
0 = nothing
1 = session/workstation logins, filesystem attaches
(i.e. ~1 cluster of msgs/workstation login)
2 = per-file open & close (& other)...
3 = ~11 times output in '2'...
 maybe sufficient ---
--


'1' and maybe '2' would be useful to document as useful 'features'.
And, the fact that '3' expands logging by such a large amount (well
beyond 'normal needs' by nearly any measure).


Reason(s):

  For my 'debug' purposes (at one point),  '2' would have been
what I was looking for.  Instead, I chose '3', not realizing, until
recently, *how much*  extra*  logging info, that generated ... ;^}

-  For _my_ normal usage, maybe '1' would be reasonably what I'd
like as it gives me an idea that things are working w/basic session
connect info, but should have little impact on performance & security,
whereas,
- '2, gives, at least, 1-2 hits per-file in the log (open,close & ???).
-  As for '3'(or above):   OMG!   ...
   (I don't remember 3 being so verbose at some, perhaps, distant, point
in the past...)

Things keep changing, I know, but hard to keep even 1 finger on the pulses
of every program used.

  I like the (new?) name "debuglevel" over "log level".

It indicates more clearly that it's pretty much limited to debug,
and only coincidentally has some informational 'session-only'
log entries for hosts (at =1), and, similarly,
has (at least) open/close entries for every file access, per-host (at =2)

  Might be nice to have those levels of functionality {
(1) Session login & filesystem attaches,  and
(2) per-file-"audit" operations
} specified apart from debug, but that's just a 'polish' detail that
I've no idea anyone would want or need apart from a debug context
(where the levels are not documented for someone who only wanted
to turn on such basic logging levels).



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Conference: SambaXP 2009 - April 20-24

[John H Terpstra - Samba Team]

This is a reminder that every year a large contingent of Samba
developers meet at the SambaXP Conference in Goettingen, Germany.

Over the past 8 years this conference has been attended by Samba users,
Network Managers, IT Executives, appliance and operating system
integrators, and so on.  The conference aims to provide specific
general, as well as detailed technical training, education and
information to help people like you to meet your Samba and Windows
networking needs.

The conference week includes workshops, tutorials, and a very full
speaking agenda. This year's conference promises to again have a full
agenda - in fact, the normal 1.5 days of speaking events has been
extended to 2 full days to accommodate all the presentations.

Topics covered includes general deployment, development goals and
objectives, Samba clustering and high-availability, integration with
Active Directory, Samba4 (which provides Active Directory support)
status updates, and more.

SambaXP conferences provide for the needs of those who are new to Samba
all the way through to delving into its inner secrets.

Please check out the web site at:
http://www.sambaxp.org

If you have any interest in attending, please register soon as
accommodation reservations need to be made within the next week or so.

SambaXP is the premier event for networking with other Samba users and
the developers themselves. This is a great place to get solutions to
your Samba concerns.

I hope to see many of our subscribers at SambaXP2009.

Cheers,
John Terpstra
Conference Chairman
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Re: 1MB/s gigabit transfers on dell poweredge

[John H Terpstra - Samba Team]

Linda Walsh wrote:
> John Drescher wrote:
>> On Sat, Mar 14, 2009 at 1:52 PM, Ian McDonald 
>> wrote:
>>> Raid 5 is not a good setup for performance...
>>>
>> Its not good for database performance and random small writes but it
>> shines in large file operations. Either way a 3 disk raid5 (software
>> or hardware) should be able to generate 100MB/s sustained on linux so
>> this probably is not an issue.
> -
> 
> Especially since John Terpstra's home setup uses a 4-disk RAID and
> gets up to 90MB xfers over CIFS.  (Is that with standard size network/TCP
> packetsizes?  Or anything non-default for tuning on that?) :-)
> 
> 

My TCP/IP is at default settings - no tuning at all.  It works well
enough that I can't be bothered with tuning.

Cheers,
John T.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Re: 1MB/s gigabit transfers on dell poweredge

[Linda Walsh]

John Drescher wrote:

On Sat, Mar 14, 2009 at 1:52 PM, Ian McDonald  wrote:

Raid 5 is not a good setup for performance...


Its not good for database performance and random small writes but it
shines in large file operations. Either way a 3 disk raid5 (software
or hardware) should be able to generate 100MB/s sustained on linux so
this probably is not an issue.

-

Especially since John Terpstra's home setup uses a 4-disk RAID and
gets up to 90MB xfers over CIFS.  (Is that with standard size network/TCP
packetsizes?  Or anything non-default for tuning on that?) :-)


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] vampire support for windows 2000+ domains?

[Guenther Deschner]

Charles Marcus wrote:
> Is this ever going to happen? Or am I waiting in vain?

Can you please file a bug report on this and assign to me?

I have a git branch for vampire a w2k+ domain into passdb (almost
finished). Having a bugid would be good reminder to finally finish it
for the next samba version.

Thanks,
Guenther

-- 
Günther DeschnerGPG-ID: 8EE11688
Red Hat gdesch...@redhat.com
Samba Team  g...@samba.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Re: problem with sambaNextRid (WAS: updating samba/ldap: do I need new attributes?)

[Adam Williams]

samba creates the RID when smbpasswd -a is used (or machine is joined to 
the domain).  smbldap-tools creates an entry in ldap to keep up with the 
next available UID.  i don't remember what it is.  personally, I just 
use a text file that contains my next available UID and GID in it and 
increment when i add a user.  i do everything by hand with .ldif files 
though.


Thierry Lacoste wrote:

Hello,

I did the steps described below and I have a problem with machine RIDs.

When I first join a machine, samba adds to my sambaDomainName ldap entry
a sambaNextRid attribute with a value of 1000.
Now samba uses this value (incremented each time) to give its RID
to the machine.

This is going to be a real problem as my current samba computes RDIs
as 1000+2*UID.

FWIW I'm using smbldap-tools to create user accounts and I have
add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
in my smb.conf though I don't think it is relevant because
AFAIK this script is only called to create the posix machine account.

What are my options?
If at all possible, I'd rather stick to the 1000+2*UID algorithm.

I googled about it and I know that others where caught too
but I wasn't able to find a solution.

Regards,
Thierry.

Quoting Adam Williams :


your steps are fine.  you don't need the samba LDAP entries you listed,
when ou do smbpasswd -a user, it will add the minimum required LDAP
entries for samba.

laco...@miage.univ-paris12.fr wrote:

Hello,

I plan to update my samba-3.0.22/openldap-2.3.24
to samba-3.0.34/openldap-2.4.15 and I'm currently testing it.
This is on FreeBSD.

My idea is :
1) slapcat the openldap server and save the various tdb files.
2) deinstall samba and openldap and wipe out the bdb files
3) install the newer versions
4) slapadd to the new openldap server

This seems to work in my test lab.
During my tests I also built a new domain afresh and realized that the
sambaDomainName ldap entry has some attributes that are not in my
production server: sambaMinPwdLength, sambaLogonToChgPwd,  
sambaLockoutDuration,

sambaLockoutObservationWindow, sambaLockoutThreshold, sambaForceLogoff.

Do I have to add these attributes to my ldif file before slapadd?
More generally, do I have to add some attributes to my ldap entries?

Regards,
Thierry







--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Problem with new Samba 3.2.3 Ubuntu install: "INTERNAL ERROR 6 in pid XXXX"

[Stewart Loving-Gibbard]

I'm setting up a new Samba install on a fresh Ubuntu install. Samba is
3.2.3.

When I try to list shares, that works:

-
s...@saba:/etc/samba$ smbclient -L saba
Enter stew's password: 
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.2.3]

Sharename   Type  Comment
-     ---
Library Disk  Library
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.2.3]

Server   Comment
----
SABA saba server (Samba 3.2.3)
UNAGI

WorkgroupMaster
----
MYDOMAIN   UNAGI

-

But mounting shares fails:

s...@saba:/etc/samba$ smbclient //saba/Library
Enter stew's password:
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.2.3]
Receiving SMB: Server stopped responding
tree connect failed: Call returned zero bytes (EOF)

Errors from the logs:

  ===
[2009/03/24 12:23:59,  0] lib/fault.c:fault_report(41)
  INTERNAL ERROR: Signal 6 in pid 6033 (3.2.3)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2009/03/24 12:23:59,  0] lib/fault.c:fault_report(43)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2009/03/24 12:23:59,  0] lib/fault.c:fault_report(44)
  ===
[2009/03/24 12:23:59,  0] lib/util.c:smb_panic(1663)
  PANIC (pid 6033): internal error
[2009/03/24 12:24:00,  0] lib/util.c:log_stack_trace(1767)
  BACKTRACE: 23 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x2d) [0xb7c1042c]
   #1 /usr/sbin/smbd(smb_panic+0x80) [0xb7c10589]
   #2 /usr/sbin/smbd [0xb7bfb023]
   #3 [0xb7a41400]
   #4 /lib/tls/i686/cmov/libc.so.6(abort+0x188) [0xb75f7268]
   #5 /usr/lib/libtalloc.so.1(_talloc_steal+0x175) [0xb7733b95]
   #6 /usr/sbin/smbd [0xb7c4c00d]
   #7 /usr/sbin/smbd(pdb_default_getgrnam+0x90) [0xb7c486d7]
   #8 /usr/sbin/smbd(pdb_getgrnam+0x26) [0xb7bc10fb]
   #9 /usr/sbin/smbd(lookup_global_sam_name+0x1ee) [0xb7ebc6fd]
   #10 /usr/sbin/smbd(lookup_name+0x2a5) [0xb7bc6188]
   #11 /usr/sbin/smbd(lookup_name_smbconf+0xfb) [0xb7bc6c52]
   #12 /usr/sbin/smbd(token_contains_name_in_list+0x4a2) [0xb7e254b2]
   #13 /usr/sbin/smbd(is_share_read_only_for_token+0x9a) [0xb7e25559]
   #14 /usr/sbin/smbd(change_to_user+0x25a) [0xb7acb31a]
   #15 /usr/sbin/smbd [0xb7aecd82]
   #16 /usr/sbin/smbd(make_connection+0x796) [0xb7aedc47]
   #17 /usr/sbin/smbd(reply_tcon_and_X+0x404) [0xb7e419f3]
   #18 /usr/sbin/smbd [0xb7ae729e]
   #19 /usr/sbin/smbd(smbd_process+0x435) [0xb7ae94b1]
   #20 /usr/sbin/smbd(main+0xfa6) [0xb7ab0adf]
   #21 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb75e0685]
   #22 /usr/sbin/smbd [0xb7aadaf1]
[2009/03/24 12:24:00,  0] lib/fault.c:dump_core(201)
  dumping core in /var/log/samba/cores/smbd
[2009/03/24 12:24:00,  0] lib/fault.c:fault_report(40)
  ===
[2009/03/24 12:24:00,  0] lib/fault.c:fault_report(41)
  INTERNAL ERROR: Signal 6 in pid 6034 (3.2.3)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2009/03/24 12:24:00,  0] lib/fault.c:fault_report(43)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2009/03/24 12:24:00,  0] lib/fault.c:fault_report(44)
  ===
[2009/03/24 12:24:00,  0] lib/util.c:smb_panic(1663)
  PANIC (pid 6034): internal error
[2009/03/24 12:24:00,  0] lib/util.c:log_stack_trace(1767)
  BACKTRACE: 23 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x2d) [0xb7c1042c]
   #1 /usr/sbin/smbd(smb_panic+0x80) [0xb7c10589]
   #2 /usr/sbin/smbd [0xb7bfb023]
   #3 [0xb7a41400]
   #4 /lib/tls/i686/cmov/libc.so.6(abort+0x188) [0xb75f7268]
   #5 /usr/lib/libtalloc.so.1(_talloc_steal+0x175) [0xb7733b95]
   #6 /usr/sbin/smbd [0xb7c4c00d]
   #7 /usr/sbin/smbd(pdb_default_getgrnam+0x90) [0xb7c486d7]
   #8 /usr/sbin/smbd(pdb_getgrnam+0x26) [0xb7bc10fb]
   #9 /usr/sbin/smbd(lookup_global_sam_name+0x1ee) [0xb7ebc6fd]
   #10 /usr/sbin/smbd(lookup_name+0x2a5) [0xb7bc6188]
   #11 /usr/sbin/smbd(lookup_name_smbconf+0xfb) [0xb7bc6c52]
   #12 /usr/sbin/smbd(token_contains_name_in_list+0x4a2) [0xb7e254b2]
   #13 /usr/sbin/smbd(is_share_read_only_for_token+0x9a) [0xb7e25559]
   #14 /usr/sbin/smbd(change_to_user+0x25a) [0xb7acb31a]
   #15 /usr/sbin/smbd [0xb7aecd82]
   #16 /usr/sbin/smbd(make_connection+0x796) [0xb7aedc47]
   #17 /usr/sbin/smbd(reply_tcon_and_X+0x404) [0xb7e419f3]
   #18 /usr/sbin/smbd [0xb7ae729e]
   #19 /usr/sbin/smbd(smbd_process+0x435) [0xb7ae94b1]
   #20 /usr/sbin/smbd(main+0xfa6) [0xb7ab0adf]
   #21 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb75e0685]
   #22 /usr/sbin/smbd [0xb7aadaf1]
[2009/03/24 12:24:00,  0] lib/fault.c:dump_core(201)
  dumping core in /var/log/samba/cores/smbd
[2009/03/24 12:24:00,  0] lib/fault.c:fault_report(40)
  ===
[2

RE: [Samba] Is the net rpc vampire at all destructive to a NT4 PDC?

[James D. Parra]

 

Is it safe to run the net rpc vampire command on a PDC as many times as
you want in effort to test the NT4 -> samba PDC?  While keeping the NT4
PDC in production mode?
With the goal of test the full operation of the migrated PDC on a separate
network.
`

I've done this several times against my PDC without any problems.

Best,

James
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] " Failed to connect to IPC$ share on localhost" when running the "net rpc group add" command.

[Dorrian, William M]

Probably an easy one for most of you:

I'm trying to create nested groups on my Samba server. When running "net rpc
group add" I am prompted for my root password and receive the error: "Failed
to connect to IPC$ share on localhost". When I use my other login I receive:

# net rpc group add Admins -L -U bill
Enter bill's password:
Failed to add alias 'Admins' with: Access is denied.

Note: wbinfo -u works every time, my shares are working, but "net rpc group"
won't add anyone.  


This the relevant info from my smb.conf:
   encrypt passwords = yes
   interfaces = lo eth0
   bind interfaces only = yes
   workgroup = TEST
   security = ads
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   idmap backend = rid:"TEST=16777216-33554431"
   template shell = /bin/false
   template homedir = /home/%U
   winbind use default domain = yes
   winbind enum users = no
   winbind enum groups = no
   winbind nested groups = yes
   realm = TEST.DS.USACE.ARMY.MIL
   password server = testdc.ds.usace.army.mil
   use kerberos keytab = True
   client signing = auto
   server signing = auto
   allow trusted domains = no




[samba]
   path = /samba
   public = yes
   store dos attributes = yes
   nt acl support = yes
   map acl inherit = yes
   inherit acls = yes
   acl map full control = yes
   dos filemode = yes
   only guest = yes
   writable = yes
   printable = no


Thanks,
Bill D.




"Give a man a fish and you've freed him up for the day to write a poem,
compose a song, or howl at the Gods. Teach a man to fish and you've doomed
him to a lifetime as a fisherman."

-Rodney Anonymous
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] sambaRefuseMachinePwdChange policy

[Eric Roseme]

Frank wrote:

Hi,
we have a couple of Linux RHEL 5 samba servers in a domain, one as PDC 
and the other as BDC, and both with LDAP backends

samba version is 3.0.28-1
We want pc clients can't change their machine password using 
sambaRefuseMachinePwdChange policy, so we set it to 1 in LDAP
But pc clients still can change their passwords, and we don't see any 
acces to sambaRefuseMachinePwdChange attribute on LDAP logs.

Is it not used in this version yet? Must we do something special to use it?


I saw the same thing in August of 2007:

http://marc.info/?l=samba&m=118772246625319&w=2

Which was never replied to.

Eric Roseme


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

RE: [Samba] gidNumber's and ldap backed samba PDC

[Adam Tauno Williams]

On Tue, 2009-03-24 at 13:31 -0500, Derek Werthmuller wrote:
> Ok I see it appears that the ldap entries that samba needs in the directory
> are under a different O. ou=groups,o=smb,dc=unav,dc=es for example.
> dn: cn=Domain Admins,ou=groups,o=smb,dc=unav,dc=es
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> gidNumber: 512
> cn: Domain Admins 
> Where my user/file system groups would be under traditional ldap entries
> like:
> dn: cn=usrgrp,ou=Group,dc=ct,dc=unav,dc=es
> objectClass: posixGroup
> objectClass: top
> cn: usrgrp
> userPassword:: e2NyexB0fX9g=
> gidNumber: 512
> creatorsName: cn=Manager, dc=ct,dc=unav,dc=es
> createTimestamp: 20021007160601Z
> modifiersName: cn=Manager,dc=ct,dc=unav,dc=es
> modifyTimestamp: 20081205192619Z
> This right?

I don't understand the question.  But perhaps you haven't configured
your scripts (the smbldap stuff?) correctly [this would be my guess] or
you need to manually tweak your group mapping [man net].

You should have ONE object which represents both the POSIX and CIFS
group.  You have two and the sambaGroupMapping seems incomplete.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] vampire support for windows 2000+ domains?

[Adam Tauno Williams]

On Tue, 2009-03-24 at 15:38 -0400, Charles Marcus wrote:
> Is this ever going to happen? Or am I waiting in vain?

You mean Active Directory?  You need to look into Samba4,  but I don't
think there is anyway to vampire an AD.  

Samba4 also isn't "released" - but it is really interesting. :)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] gidNumber's and ldap backed samba PDC

[Adam Tauno Williams]

On Tue, 2009-03-24 at 19:31 +0100, LiPi - wrote:
> Despite that RID!=GID, mappings between samba rids and groups must be
> there if you want the server to act as a PDC. If there are some GID's
> mapped to i.e. RID 512, and these GID is used by another group, then
> there will be a conflict.

No, because that is just not how the mapping works.

$ ldapsearch -LLL sambaSID=S-1-5-21-2037442776-3290224752-88127236-512
dn: cn=cifsadmins,ou=Groups,ou=SAM,o=Morrison Industries,c=US
objectClass: posixGroup
objectClass: top
objectClass: sambaGroupMapping
cn: cifsadmins
gidNumber: 1999
sambaSID: S-1-5-21-2037442776-3290224752-88127236-512
sambaGroupType: 2
description: Local Unix group
displayName: Domain Admins
memberUid: steve
memberUid: cleslie
memberUid: adam
memberUid: rhopkins
memberUid: bonjour

You map domain groups to POSIX groups using the "net groupmap" command,
the RID:GID relationship is completely arbitrary.  They might be the
same, might not, it just doesn't matter.

I have no idea what "GID's mapped to i.e. RID 512, and these GID is used
by another group" even means.  How is a GID "used by another group"?
The GID is the unique identifier of a POSIX group.  If you have multiple
groups with the same GID - that is just messed up.  With "net groupmap"
you establish the relationships of SIDs to GIDs;  the RID just the part
of the SID relative to the domain portion on the SID.

> I had this problem one week ago, when I was trying to give permissions
> to a folder. So, choose N GID's to map with samba RID's or change the
> group GID of these conflicting groups. Be also areful with UID.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] vampire support for windows 2000+ domains?

[Charles Marcus]

Is this ever going to happen? Or am I waiting in vain?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Is the net rpc vampire at all destructive to a NT4 PD C?

[Hoover, Tony]

"net rpc vampire ..." does NOT set the SAM or SECURITY hives of the
registry to "readable", which is what renders the PDC non-operable.

"net rpc vampire ..." is safe to use as many times as it takes to get
comfortable with the process.  I did it my self when I was converting
our "labs" NT4 domain to Samba.
-- 

Tony Hoover, Network Administrator
KSU - Salina, College of Technology and Aviation
(785) 826-2660

"Don't Blend in..."


On Tue, 2009-03-24 at 13:48 -0500, Derek Werthmuller wrote:
> Reading through the Samba3 -By Example guide and I'm confused with
> the 
> statement section 9.2 
> http://www.samba.org/samba/docs/man/Samba-Guide/ntmigration.html#id2594565

> about accessing the SAM and Security sections of the registry will
> render 
> the PDC non operable. 
> Its clear from the text if you go and edit the registry(regedit etc..)
> so 
> you can read the entries your PDC will not work.
> 
> What's not exactly clear is if any of the tools like net rcp vampire
> or 
> getsid tools change the operation of the PDC in this way or any other
> way 
> for that mater.  The net rcp tools don't access the registry in this 
> destructive way do they? 
> Like: 
> # net rpc vampire -S TRANSGRESSION -U Administrator%not24get > 
> /tmp/vampire.log 2>1
> 
> Is it safe to run the net rpc vampire command on a PDC as many times
> as you 
> want in effort to test the NT4 -> samba PDC?  While keeping the NT4
> PDC in 
> production mode? 
> With the goal of test the full operation of the migrated PDC on a
> separate 
> network.
> 
> Thanks  
> Derek 
> -- 
> To unsubscribe from this list go to the following URL and read the 
> instructions:  https://lists.samba.org/mailman/options/samba
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba not using nearest ADS server

[Tobias Hennerich]

Hello Mark,

thank you for your reply!

> First, I am assuming from your message that this network trace was from 
> one ssh attempt, is that correct? 

Yes, that is one login. It doesn't matter if we use ssh or another
process who needs information about a user. I think we get the same
result if we just switch to a user from root via "su - user".

> I also gather you are in the germany site? 

Yes, the login was a german user to the german server. That user is in
some universal ADS groups, which are located in germany, too.

> So it looks like the auth attempts went to UK and US first before 
> using your local DC? Please correct me if this is not right.

That is correct, the samba connected first to UK and US, then to the
german AD.

> Also, I'm not quite up to speed with ADS topologies... so is this a 
> single domain with various sites set up with "AD Sites and Services"? or 
> is it multiple domains that trust? 

Each site has it's own ADS domain which trust each other.

> or perhaps one domain in a default 
> site just with routers/mpls handling the jump between subnets?

I didn't understand that part of your question completly :-( Each site
has an class-b network, (germany: 10.49.0.0/16, uk: 10.44.0.0/16 ...) and
the machines have a default route to the next local MPLS-router (more
or less).

Best regardsTobias


On Tue, Mar 24, 2009 at 01:33:23PM -0500, Mark Casey wrote:
> Tobias Hennerich wrote:
> > Hello,
> >
> > up to now no response to this mail :-(
> >
> > Is no one using samba in a wide area network or has no one ever noticed
> > such a problem as we are doing?
> >
> > Tobias
> >
> >
> > On Thu, Mar 19, 2009 at 05:40:46PM +0100, Tobias Hennerich wrote:
> >   
> >> Hello,
> >>
> >> we integrated an samba v3.2.8 into a bigger ADS environment which is
> >> connected via MPLS world wide. Everything works as expected, but the login
> >> via SSH is slow:
> >>
> >> After entering the login name in ssh we can see via tcpdump network
> >> traffic to different ADS controllers:
> >>
> >> First a connection from Germany to UK:
> >>
> >> 17:16:43.867219 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:44.092774 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:44.092785 IP 10.49.x.y.37722 > 10.44.x.y.389: .
> >> 17:16:44.093054 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:44.265776 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:44.265987 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:44.647671 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:44.693567 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:44.693840 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:44.922527 IP 10.44.x.y.389 > 10.49.x.y.37722: .
> >> 17:16:44.997865 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:44.998074 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:45.314621 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:45.314831 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:45.577894 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:45.578100 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:45.791494 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:45.791702 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:45.982034 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:45.982240 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:46.189828 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:46.190037 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:46.365426 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:46.365633 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:46.596653 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:46.596900 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:46.802280 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:46.802487 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:47.006571 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:47.006783 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:47.325662 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:47.325868 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:47.577930 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:47.578140 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:47.775371 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:47.775577 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:47.971495 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:47.971704 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:48.186311 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:48.186521 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:48.430837 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:48.431043 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:48.622070 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:48.622274 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:48.816862 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:48.817100 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:49.061838 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:49.062951 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> >> 17:16:49.268437 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> >> 17:16:49.268634 IP 10.49.x.y.

Re: [Samba] the unusual way ldap -> AD

[Dale Schroeder]

Matthias Grimm wrote:

Hi,

(this will be a long post)

currently we got a working setup of one PDC in our HQ and five BDC in
our branch offices, all backed by LDAP. PDC is LDAP master and all
branch offices are configured as syncrepl. This setup was more a
playfield for me, which 'suddenly' went into production by business
needs, you know the deal... The setup does a fine job, but there is no
failover of any kind, so if our main server kicks the bucket we're in
trouble.
We thought and played a bit with RHCS but it wasn't that highlight in my
life ;). Now I'm playing with CTDB and everything is much more smooth
than ever before. Since there are 4 citrix servers, backed by AD, which
will start applications from samba, it's very 'interesting' to keep the
users in sync (passwords). I've allready played with samba as AD-member
which works like a charm, so the way will be to have all samba servers
act as domain members and authenticate against AD. So far, so good..
There are some points which can't be avoided, like rejoining every PC to
the domain, correct UID/GID for homedir and profiles, but THAT could be
done with some scripting.
The main problem I'm thinking about: HOW to get the existing users,
'round 440, from LDAP into AD. Sure, we need to overlook every account,
set Profile dirs right and stuff..
Does anyone done this before? How could it be done? What about printing?
  

Numerous requirements, but see
http://us3.samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2594253

Dale

ATM we're thinking about setting up a new AD server, let the CTDB-samba
join this doamin and move every user step by step.

Sorry for this long and confused post ;)

Matthias

  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] the unusual way ldap -> AD

[Matthias Grimm]

Hi,

(this will be a long post)

currently we got a working setup of one PDC in our HQ and five BDC in
our branch offices, all backed by LDAP. PDC is LDAP master and all
branch offices are configured as syncrepl. This setup was more a
playfield for me, which 'suddenly' went into production by business
needs, you know the deal... The setup does a fine job, but there is no
failover of any kind, so if our main server kicks the bucket we're in
trouble.
We thought and played a bit with RHCS but it wasn't that highlight in my
life ;). Now I'm playing with CTDB and everything is much more smooth
than ever before. Since there are 4 citrix servers, backed by AD, which
will start applications from samba, it's very 'interesting' to keep the
users in sync (passwords). I've allready played with samba as AD-member
which works like a charm, so the way will be to have all samba servers
act as domain members and authenticate against AD. So far, so good..
There are some points which can't be avoided, like rejoining every PC to
the domain, correct UID/GID for homedir and profiles, but THAT could be
done with some scripting.
The main problem I'm thinking about: HOW to get the existing users,
'round 440, from LDAP into AD. Sure, we need to overlook every account,
set Profile dirs right and stuff..
Does anyone done this before? How could it be done? What about printing?

ATM we're thinking about setting up a new AD server, let the CTDB-samba
join this doamin and move every user step by step.

Sorry for this long and confused post ;)

Matthias

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Is the net rpc vampire at all destructive to a NT4 PDC?

[Derek Werthmuller]

Reading through the Samba3 -By Example guide and I'm confused with the
statement section 9.2
http://www.samba.org/samba/docs/man/Samba-Guide/ntmigration.html#id2594565
about accessing the SAM and Security sections of the registry will render
the PDC non operable.
Its clear from the text if you go and edit the registry(regedit etc..) so
you can read the entries your PDC will not work.

What's not exactly clear is if any of the tools like net rcp vampire or
getsid tools change the operation of the PDC in this way or any other way
for that mater.  The net rcp tools don't access the registry in this
destructive way do they?
Like:
# net rpc vampire -S TRANSGRESSION -U Administrator%not24get >
/tmp/vampire.log 2>1

Is it safe to run the net rpc vampire command on a PDC as many times as you
want in effort to test the NT4 -> samba PDC?  While keeping the NT4 PDC in
production mode?
With the goal of test the full operation of the migrated PDC on a separate
network.

Thanks  
Derek
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba kills machine

[John Drescher]

> it is indeed Linux more, precisely 2.6.27-hardened-r3 from gentoo, with none
> of the hardened-features enabled (yet)
> I will try this and ask again if it doesn't help
>
I have never seen this at work (a few dozen samba servers / virtual or
real machines) with kernels 2.6.4 to 2.6.28 and gentoo versions 2004.X
to current. I have never used hardened though.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Re: Short delay when logging in an XP client to a Samba PDC

[Eric Woltermann]

Eric Woltermann  gmx.de> writes:

> 
> Sorry, should have taken more time for that step. :)
> http://www.tf.uni-kiel.de/~ew/samba.log.gz
> 

Could someone at least give me a hint where to search for a clue on this strange
delay (smb.conf, DNS and/or DHCP, etc.)? Just had about four seconds again.

Thanks,
Eric

P.S.: I'm subscribed now, just in case that non-subscribers are avoided. :)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] gidNumber's and ldap backed samba PDC

[LiPi -]

Despite that RID!=GID, mappings between samba rids and groups must be
there if you want the server to act as a PDC. If there are some GID's
mapped to i.e. RID 512, and these GID is used by another group, then
there will be a conflict.

I had this problem one week ago, when I was trying to give permissions
to a folder. So, choose N GID's to map with samba RID's or change the
group GID of these conflicting groups. Be also areful with UID.

2009/3/24 Adam Tauno Williams :
> On Tue, 2009-03-24 at 12:10 -0500, Derek Werthmuller wrote:
>> In the planning process for migrating from NT4 PDC, and external ldap
>> directory to samba 3.2.8 PDC. The external existing openldap directory is
>> used currently to support the local uid mapping for the Linux logins and
>> samba file servers that are members of the current NT4 PDC.
>> While looking at the existing openldap UIDs and GIDs in use and what the
>> samba PDC wants to use I see some uid/gid collisions.  For example I see
>> that the Domain Admins uses gid 512, just so happens to be the same as a
>> file system group(in the ldap directory).
>
> No, it doesn't.  RID != GID.  A RID is a component of the SID and SIDs
> are mapped to UIDs & GIDs.
>
>> Is it better to change the users group gid and leave the samba domain admins
>> and such the way they are?
>
> Not necessary.
>
>> I suspect a small shell script can crawl the file system and replace one gid
>> for another if I were to change the users GID.
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

RE: [Samba] gidNumber's and ldap backed samba PDC

[Derek Werthmuller]

Ok I see it appears that the ldap entries that samba needs in the directory
are under a different O. ou=groups,o=smb,dc=unav,dc=es for example.
dn: cn=Domain Admins,ou=groups,o=smb,dc=unav,dc=es
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins 

Where my user/file system groups would be under traditional ldap entries
like:
dn: cn=usrgrp,ou=Group,dc=ct,dc=unav,dc=es
objectClass: posixGroup
objectClass: top
cn: usrgrp
userPassword:: e2NyexB0fX9g=
gidNumber: 512
creatorsName: cn=Manager, dc=ct,dc=unav,dc=es
createTimestamp: 20021007160601Z
modifiersName: cn=Manager,dc=ct,dc=unav,dc=es
modifyTimestamp: 20081205192619Z

This right?

Thanks
Derek

-Original Message-
From: samba-bounces+dwerthmu=ctg.albany@lists.samba.org
[mailto:samba-bounces+dwerthmu=ctg.albany@lists.samba.org] On Behalf Of
Adam Tauno Williams
Sent: Tuesday, March 24, 2009 1:38 PM
To: 'samba@lists.samba.org'
Subject: Re: [Samba] gidNumber's and ldap backed samba PDC

On Tue, 2009-03-24 at 12:10 -0500, Derek Werthmuller wrote:
> In the planning process for migrating from NT4 PDC, and external ldap 
> directory to samba 3.2.8 PDC. The external existing openldap directory 
> is used currently to support the local uid mapping for the Linux 
> logins and samba file servers that are members of the current NT4 PDC.
> While looking at the existing openldap UIDs and GIDs in use and what 
> the samba PDC wants to use I see some uid/gid collisions.  For example 
> I see that the Domain Admins uses gid 512, just so happens to be the 
> same as a file system group(in the ldap directory).

No, it doesn't.  RID != GID.  A RID is a component of the SID and SIDs are
mapped to UIDs & GIDs.

> Is it better to change the users group gid and leave the samba domain 
> admins and such the way they are?

Not necessary.

> I suspect a small shell script can crawl the file system and replace 
> one gid for another if I were to change the users GID.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba kills machine

[Pavel Herrmann]

On Tuesday 24 March 2009 18:29:41 Volker Lendecke wrote:
> Is that Linux your running on? If so, there have been
> kernels with broken inotify that show this behaviour. You
> might try
>
> kernel change notify = false
>
> Volker

it is indeed Linux more, precisely 2.6.27-hardened-r3 from gentoo, with none 
of the hardened-features enabled (yet)
I will try this and ask again if it doesn't help
Thank you very much
Pavel
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] slow printing with XP SP3

[Daulton Theodore]

I have Samba 3.0.23a installed on a server running Solaris 9. We had no
problems printing with Service Pack 2 installed on the wrokstations. 
However since we started rolling out XP Service Pack 3 printing has become
extremely slow. Printing reverts to normal if Service Pack 3 is uninstalled.
Has anyone encountered such a problem? Any suggestions for a solution will
be much appreciated.
-- 
--- 0 
Daulton Theodore  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba not using nearest ADS server

[Tobias Hennerich]

Hello,

up to now no response to this mail :-(

Is no one using samba in a wide area network or has no one ever noticed
such a problem as we are doing?

Tobias


On Thu, Mar 19, 2009 at 05:40:46PM +0100, Tobias Hennerich wrote:
> Hello,
> 
> we integrated an samba v3.2.8 into a bigger ADS environment which is
> connected via MPLS world wide. Everything works as expected, but the login
> via SSH is slow:
> 
> After entering the login name in ssh we can see via tcpdump network
> traffic to different ADS controllers:
> 
> First a connection from Germany to UK:
> 
> 17:16:43.867219 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:44.092774 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:44.092785 IP 10.49.x.y.37722 > 10.44.x.y.389: .
> 17:16:44.093054 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:44.265776 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:44.265987 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:44.647671 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:44.693567 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:44.693840 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:44.922527 IP 10.44.x.y.389 > 10.49.x.y.37722: .
> 17:16:44.997865 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:44.998074 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:45.314621 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:45.314831 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:45.577894 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:45.578100 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:45.791494 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:45.791702 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:45.982034 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:45.982240 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:46.189828 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:46.190037 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:46.365426 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:46.365633 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:46.596653 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:46.596900 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:46.802280 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:46.802487 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:47.006571 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:47.006783 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:47.325662 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:47.325868 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:47.577930 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:47.578140 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:47.775371 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:47.775577 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:47.971495 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:47.971704 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:48.186311 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:48.186521 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:48.430837 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:48.431043 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:48.622070 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:48.622274 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:48.816862 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:48.817100 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:49.061838 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:49.062951 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:49.268437 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:49.268634 IP 10.49.x.y.37722 > 10.44.x.y.389: P
> 17:16:49.426980 IP 10.44.x.y.389 > 10.49.x.y.37722: P
> 17:16:49.466643 IP 10.49.x.y.37722 > 10.44.x.y.389: .
> 
> then a connection from Germany to the United States:
> 
> 17:16:49.547138 IP 10.49.x.y.37731 > 10.3.x.y.389: P
> 17:16:49.693649 IP 10.3.x.y.389 > 10.49.x.y.37731: P
> 17:16:49.693662 IP 10.49.x.y.37731 > 10.3.x.y.389: .
> 17:16:49.693849 IP 10.49.x.y.37731 > 10.3.x.y.389: P
> 17:16:49.843729 IP 10.3.x.y.389 > 10.49.x.y.37731: P
> 17:16:49.843918 IP 10.49.x.y.37731 > 10.3.x.y.389: P
> 17:16:49.992361 IP 10.3.x.y.389 > 10.49.x.y.37731: P
> 17:16:49.992553 IP 10.49.x.y.37731 > 10.3.x.y.389: P
> 17:16:50.129522 IP 10.3.x.y.389 > 10.49.x.y.37731: P
> 17:16:50.129715 IP 10.49.x.y.37731 > 10.3.x.y.389: P
> 17:16:50.298217 IP 10.3.x.y.389 > 10.49.x.y.37731: P
> 17:16:50.298406 IP 10.49.x.y.37731 > 10.3.x.y.389: P
> 17:16:50.447220 IP 10.3.x.y.389 > 10.49.x.y.37731: P
> 17:16:50.447408 IP 10.49.x.y.37731 > 10.3.x.y.389: P
> 17:16:50.589299 IP 10.3.x.y.389 > 10.49.x.y.37731: P
> 17:16:50.589487 IP 10.49.x.y.37731 > 10.3.x.y.389: P
> 17:16:50.748952 IP 10.3.x.y.389 > 10.49.x.y.37731: P
> 17:16:50.749139 IP 10.49.x.y.37731 > 10.3.x.y.389: P
> 17:16:50.902596 IP 10.3.x.y.389 > 10.49.x.y.37731: P
> 17:16:50.902787 IP 10.49.x.y.37731 > 10.3.x.y.389: P
> 17:16:51.048477 IP 10.3.x.y.389 > 10.49.x.y.37731: P
> 17:16:51.048669 IP 10.49.x.y.37731 > 10.3.x.y.389: P
> 17:16:51.16 IP 10.3.x.y.389 > 10.49.x.y.37731: P
> 17:16:51.200183 IP 10.49.x.y.37731 > 10.3.x.y.389: P
> 17:16:51.343439 IP 10.3.x.y.389 > 10.49.x.y.37731: P
> 17:16:51.343626 IP 10.49.x.y.37731 > 10.3.x.y.389: P
> 17:16:51.509961 IP 10.3.x.y

Re: [Samba] gidNumber's and ldap backed samba PDC

[Adam Tauno Williams]

On Tue, 2009-03-24 at 12:10 -0500, Derek Werthmuller wrote:
> In the planning process for migrating from NT4 PDC, and external ldap
> directory to samba 3.2.8 PDC. The external existing openldap directory is
> used currently to support the local uid mapping for the Linux logins and
> samba file servers that are members of the current NT4 PDC.
> While looking at the existing openldap UIDs and GIDs in use and what the
> samba PDC wants to use I see some uid/gid collisions.  For example I see
> that the Domain Admins uses gid 512, just so happens to be the same as a
> file system group(in the ldap directory).

No, it doesn't.  RID != GID.  A RID is a component of the SID and SIDs
are mapped to UIDs & GIDs.

> Is it better to change the users group gid and leave the samba domain admins
> and such the way they are? 

Not necessary.

> I suspect a small shell script can crawl the file system and replace one gid
> for another if I were to change the users GID.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba kills machine

[Volker Lendecke]

On Tue, Mar 24, 2009 at 06:11:10PM +0100, Pavel Herrmann wrote:
> I have a problem with samba, it randomly "crashes",
> forking one unkillable (unresponsive for both sigterm and
> sigkill) smbd process running as root, which consumes 100%
> of cpu, and elevates loadavg to the point where the
> computer is unusable (and it has 4 cpus). I have tried
> several versions between 3.0.23 and 3.3.2 and all exhibit
> this kind of behavior.  the samba itself has been migrated
> from an old server to this new one (copying confs, LDAP
> and /var/lib/samba), and has been doing this ever since,
> so this could be the root of the problem Thanks,

Is that Linux your running on? If so, there have been
kernels with broken inotify that show this behaviour. You
might try

kernel change notify = false

Volker


pgpky1Dat8Mda.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] gidNumber's and ldap backed samba PDC

[Derek Werthmuller]

In the planning process for migrating from NT4 PDC, and external ldap
directory to samba 3.2.8 PDC. The external existing openldap directory is
used currently to support the local uid mapping for the Linux logins and
samba file servers that are members of the current NT4 PDC.

While looking at the existing openldap UIDs and GIDs in use and what the
samba PDC wants to use I see some uid/gid collisions.  For example I see
that the Domain Admins uses gid 512, just so happens to be the same as a
file system group(in the ldap directory).

Is it better to change the users group gid and leave the samba domain admins
and such the way they are? 

I suspect a small shell script can crawl the file system and replace one gid
for another if I were to change the users GID.

Thanks
Derek
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba kills machine

[Pavel Herrmann]

Hi
I have a problem with samba, it randomly "crashes", forking one unkillable 
(unresponsive for both sigterm and sigkill) smbd process running as root, 
which consumes 100% of cpu, and elevates loadavg to the point where the 
computer is unusable (and it has 4 cpus). I have tried several versions 
between 3.0.23 and 3.3.2 and all exhibit this kind of behavior.
the samba itself has been migrated from an old server to this new one (copying 
confs, LDAP and /var/lib/samba), and has been doing this ever since, so this 
could be the root of the problem
Thanks,
Pavel
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Veto files only at one location

[Jeremy Allison]

On Tue, Mar 24, 2009 at 03:46:31PM +, Kevin Bailey wrote:
> This *must* be do-able!
>
> If I want to veto a single directory at the root of the users home  
> directory
>
> i.e.
>
> /home/user/Maildir
>
> I can with
>
> veto files = /Maildir/
>
> However,  this prevents the user from being able to create  
> directories/files with that name *anywhere* in the directory structure.
>
> Is there a way I can set 'veto files' to only veto one particular directory?

No, that was never part of the design of the parameter, sorry.
The code would need to be expanded to do regexp processing
in order to do this. Possible, but no one has yet needed it.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Veto files only at one location

[Kevin Bailey]

This *must* be do-able!

If I want to veto a single directory at the root of the users home 
directory


i.e.

/home/user/Maildir

I can with

veto files = /Maildir/

However,  this prevents the user from being able to create 
directories/files with that name *anywhere* in the directory structure.


Is there a way I can set 'veto files' to only veto one particular directory?

Thanks,

Kev
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Re: pdbedit dosen't send the sambaSID to the ldap

[Adam Tauno Williams]

> Then, getent passwd and getent group must show ldap entries, and then
> joining to a domain and the creation of automatic machine samba
> accounts is well done.
> http://linuxadministration.us/2008/05/17/ubuntu-804-hardy-ldap-client/
> http://www.cos.ufrj.br/docs/ldap#debian <-- if you use debian

There is nothing distribution specific (either Debian or Ubuntu) about
setting up NSS.  This is covered in both the Samba3-HOWTO
 and the
Samba3-ByExample 
books.  It would be worth taking a look at those over whatever you find
lying around the Internet.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Text File Corruption Writing from Windows to Linux NFS Share.

[shunter]

No, sendfile is not enabled.  The default is false, and I haven't changed 
it.

S.H.H.



Kums  
03/24/2009 08:25 AM

To
shun...@ddci.com
cc
volker.lende...@sernet.de, samba@lists.samba.org
Subject
Re: [Samba] Text File Corruption Writing from Windows to Linux NFS Share.







On Tue, Mar 24, 2009 at 7:30 AM,  wrote:
Yes, I did.  I tried them separately and together.  Made no difference.
Any text file copied to a SFU share has each byte replaced with a null
character.   Any PDF (or zip or exe) file copied fails to copy.  I'm going
to turn debug up to about 10 and stare at it some more.  Perhaps I can
find a test case that will tell me something.


Is sendfile option enabled in smb.conf? If yes, can you try disabling it 
(use sendfile = no), restart SMB, and run your verification tests?

Thanks,
-Kums



This message is intended only for the use of the individual or entity to which 
it is addressed. If the reader of this message is not the intended recipient, 
or the employee or agent responsible for delivering the message to the intended 
recipient, you are hereby notified that any dissemination, distribution or 
copying of this message is strictly prohibited. If you have received this 
communication in error, please notify us immediately by replying to the sender 
of this E-Mail by return E-Mail or by telephone. 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] problem with sambaNextRid (WAS: updating samba/ldap: do I need new attributes?)

[Thierry Lacoste]

Hello,

I did the steps described below and I have a problem with machine RIDs.

When I first join a machine, samba adds to my sambaDomainName ldap entry
a sambaNextRid attribute with a value of 1000.
Now samba uses this value (incremented each time) to give its RID
to the machine.

This is going to be a real problem as my current samba computes RDIs
as 1000+2*UID.

FWIW I'm using smbldap-tools to create user accounts and I have
add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
in my smb.conf though I don't think it is relevant because
AFAIK this script is only called to create the posix machine account.

What are my options?
If at all possible, I'd rather stick to the 1000+2*UID algorithm.

I googled about it and I know that others where caught too
but I wasn't able to find a solution.

Regards,
Thierry.

Quoting Adam Williams :


your steps are fine.  you don't need the samba LDAP entries you listed,
when ou do smbpasswd -a user, it will add the minimum required LDAP
entries for samba.

laco...@miage.univ-paris12.fr wrote:

Hello,

I plan to update my samba-3.0.22/openldap-2.3.24
to samba-3.0.34/openldap-2.4.15 and I'm currently testing it.
This is on FreeBSD.

My idea is :
1) slapcat the openldap server and save the various tdb files.
2) deinstall samba and openldap and wipe out the bdb files
3) install the newer versions
4) slapadd to the new openldap server

This seems to work in my test lab.
During my tests I also built a new domain afresh and realized that the
sambaDomainName ldap entry has some attributes that are not in my
production server: sambaMinPwdLength, sambaLogonToChgPwd,   
sambaLockoutDuration,

sambaLockoutObservationWindow, sambaLockoutThreshold, sambaForceLogoff.

Do I have to add these attributes to my ldif file before slapadd?
More generally, do I have to add some attributes to my ldap entries?

Regards,
Thierry







--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Text File Corruption Writing from Windows to Linux NFS Share.

[Kums]

On Tue, Mar 24, 2009 at 7:30 AM,  wrote:

> Yes, I did.  I tried them separately and together.  Made no difference.
> Any text file copied to a SFU share has each byte replaced with a null
> character.   Any PDF (or zip or exe) file copied fails to copy.  I'm going
> to turn debug up to about 10 and stare at it some more.  Perhaps I can
> find a test case that will tell me something.
>
>
Is sendfile option enabled in smb.conf? If yes, can you try disabling it
(use sendfile = no), restart SMB, and run your verification tests?

Thanks,
-Kums
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Probleme Winbind:

[Phibee Network Operation Center]

anyone have this error ?



Phibee Network Operation Center a écrit :

Hi

i have a problems with winbind, all hours of the days, we have :
Mar 23 08:02:45 gw (ntlm_auth):   could not obtain winbind domain name!
Mar 23 08:02:46 gw (ntlm_auth): [2009/03/23 08:02:46, 0] 
utils/ntlm_auth.c:get_winbind_netbios_name(166)

Mar 23 08:02:46 gw (ntlm_auth):   could not obtain winbind netbios name!
Mar 23 08:02:46 gw (ntlm_auth): [2009/03/23 08:02:46, 0] 
utils/ntlm_auth.c:get_winbind_domain(140)

Mar 23 08:02:46 gw (ntlm_auth):   could not obtain winbind domain name!
Mar 23 09:01:53 gw (ntlm_auth):   could not obtain winbind domain name!
Mar 23 09:01:53 gw (ntlm_auth): [2009/03/23 09:01:53, 0] 
utils/ntlm_auth.c:get_winbind_domain(140)

Mar 23 09:01:53 gw (ntlm_auth):   could not obtain winbind domain name!
Mar 23 09:01:53 gw (ntlm_auth): [2009/03/23 09:01:53, 0] 
utils/ntlm_auth.c:get_winbind_domain(140)

Mar 23 09:01:53 gw (ntlm_auth):   could not obtain winbind domain name!
Mar 23 09:01:53 gw (ntlm_auth): [2009/03/23 09:01:53, 0] 
utils/ntlm_auth.c:get_winbind_domain(140)

Mar 23 09:01:53 gw (ntlm_auth):   could not obtain winbind domain name!
Mar 23 09:01:53 gw (ntlm_auth): [2009/03/23 09:01:53, 0] 
utils/ntlm_auth.c:get_winbind_domain(140)
Mar 23 09:01:53 gw (ntlm_auth): [2009/03/23 09:01:53, 0] 
utils/ntlm_auth.c:get_winbind_domain(140)

Mar 23 10:01:51 gw (ntlm_auth):   could not obtain winbind domain name!
Mar 23 10:01:51 gw (ntlm_auth):   could not obtain winbind domain name!
Mar 23 10:01:51 gw (ntlm_auth): [2009/03/23 10:01:51, 0] 
utils/ntlm_auth.c:get_winbind_domain(140)

Mar 23 10:01:51 gw (ntlm_auth):   could not obtain winbind domain name!
Mar 23 10:01:52 gw (ntlm_auth): [2009/03/23 10:01:52, 0] 
utils/ntlm_auth.c:get_winbind_domain(140)

Mar 23 10:01:52 gw (ntlm_auth):   could not obtain winbind domain name!
Mar 23 10:01:52 gw (ntlm_auth): [2009/03/23 10:01:52, 0] 
utils/ntlm_auth.c:get_winbind_domain(140)

Mar 23 10:01:52 gw (ntlm_auth):   could not obtain winbind domain name!
Mar 23 10:01:52 gw (ntlm_auth): [2009/03/23 10:01:52, 0] 
utils/ntlm_auth.c:get_winbind_domain(140)

Mar 23 10:01:52 gw (ntlm_auth):   could not obtain winbind domain name!
Mar 23 10:01:52 gw (ntlm_auth): [2009/03/23 10:01:52, 0] 
utils/ntlm_auth.c:get_winbind_domain(140)

Mar 23 10:01:52 gw (ntlm_auth):   could not obtain winbind domain name!
Mar 23 10:01:52 gw (ntlm_auth): [2009/03/23 10:01:52, 0] 
utils/ntlm_auth.c:get_winbind_domain(140)

Mar 23 10:01:52 gw (ntlm_auth):   could not obtain winbind domain name!
Mar 23 10:01:52 gw (ntlm_auth): [2009/03/23 10:01:52, 0] 
utils/ntlm_auth.c:get_winbind_domain(140)

Mar 23 10:01:52 gw (ntlm_auth):   could not obtain winbind domain name!
Mar 23 10:01:53 gw (ntlm_auth): [2009/03/23 10:01:53, 0] 
utils/ntlm_auth.c:get_winbind_domain(140)


<..>
Mar 23 13:02:35 gw (ntlm_auth): [2009/03/23 13:02:35, 0] 
utils/ntlm_auth.c:get_winbind_netbios_name(166)

Mar 23 13:02:35 gw (ntlm_auth):   could not obtain winbind netbios name!
Mar 23 13:02:35 gw (ntlm_auth):   could not obtain winbind netbios name!
Mar 23 13:02:35 gw (ntlm_auth): [2009/03/23 13:02:35, 0] 
utils/ntlm_auth.c:get_winbind_netbios_name(166)
Mar 23 13:02:35 gw (ntlm_auth): [2009/03/23 13:02:35, 0] 
utils/ntlm_auth.c:get_winbind_netbios_name(166)

Mar 23 13:02:35 gw (ntlm_auth):   could not obtain winbind netbios name!
Mar 23 13:02:35 gw (ntlm_auth):   could not obtain winbind netbios name!



anyone know why ? i don't see on me server a app started by cron




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Re: pdbedit dosen't send the sambaSID to the ldap

[Harry Jede]

Am Dienstag, 24. März 2009 12:56 schrieb LiPi -:
> The question was exactly the same than the one that was in the link I
> wrote :p
> http://www.mail-archive.com/samba@lists.samba.org/msg99530.html
>
>
> But now, 1h later it's time to answer myself:
>
> If somebody needs to solve the mentionated problem, it only must be
> two things:
>
> apt-get install libnss-ldap libpam-ldap
> emacs /etc/ldap.conf and fill it with (according to their params):
Which version of Debian do you use? This setup is outdated for years.

Read the man pages and the docs for this two packages.

>
> --start ldap.conf
> host 127.0.0.1
> base dc=ctest
> uri ldap://127.0.0.1
> ldap_version 3
> rootbinddn cn=admin,dc=ctest
> port 389
>
> nss_base_passwd ou=Users,dc=ctest?one
> nss_base_passwd ou=Computers,dc=ctest?one
> nss_base_shadow ou=Users,dc=ctest?one
You really like to poll your "shadow file" over an unprotected network? 
Remember, it contains the passwords.
If you do this ONLY on the loopback network, it may be OK.

> nss_base_group  ou=Groups,dc=ctest?one
> --end ldap.conf
>
> and /etc/nsswitch.conf:
> --start nsswitch.conf
> passwd: compat ldap
> group:  compat ldap
> shadow: compat ldap
>
> hosts:  files dns
> networks:   files
> protocols:  db files
> services:   db files
> ethers: db files
> rpc:db files
> netgroup:   nis
> <<<---end nsswitch.conf>>>
>
> Then, getent passwd and getent group must show ldap entries, and then
> joining to a domain and the creation of automatic machine samba
> accounts is well done.
>


> Thank you all!

-- 

Gruss
Harry Jede
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] sambaRefuseMachinePwdChange policy

[Frank]

Hi,
we have a couple of Linux RHEL 5 samba servers in a domain, one as PDC 
and the other as BDC, and both with LDAP backends

samba version is 3.0.28-1
We want pc clients can't change their machine password using 
sambaRefuseMachinePwdChange policy, so we set it to 1 in LDAP
But pc clients still can change their passwords, and we don't see any 
acces to sambaRefuseMachinePwdChange attribute on LDAP logs.

Is it not used in this version yet? Must we do something special to use it?

Thanks in advance.

Frank

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] AD 3.3.x issues

[Kristian Davies]

I have a 3.2.8 samba server (centos4) connected to AD which works perfectly.

My other machine 3.3.0 was suffering from a bug where MAC users would
copy a file to the network and would get an error message regarding
permissions, which I tracked down to it creating ._files and putting
MAC permission on files, which 3.2.8 doesn't do.  Unable to solve that
I upgraded to 3.3.2 which did solve the issue but left me with
another.  The user logs in locally, but the machine is part of an old
NT domain.  Before I upgraded the samba server it was using 3.3.0 but
worked fine for this user.  Now on 3.3.2 I get errrors like
"domain_client_validate: unable to validate password for user DAVE in
domain MACHINENAME to Domain controller myserver.ad.domain.local Error
was NT_STATUS_NO_SUCH_USER."  This happens even if you \\samba\share
and use domain\DAVE...  still get the same error like it's expecting a
trust relationship all of a sudden.

./configure --prefix=/disk1/samba --with-ads --with-krb5  --with-pam
--with-winbind --with-syslog --with-quotas --with-acl-support
--with-automount --with-cifsmount --enable-socket-wrapper
--with-configdir=/etc/samba --with-logfilebase=/var/log/samba


Cheers,
Kristian
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Text File Corruption Writing from Windows to Linux NFS Share.

[Volker Lendecke]

On Tue, Mar 24, 2009 at 06:30:29AM -0700, shun...@ddci.com wrote:
> Yes, I did.  I tried them separately and together.  Made no difference. 
> Any text file copied to a SFU share has each byte replaced with a null 
> character.   Any PDF (or zip or exe) file copied fails to copy.  I'm going 
> to turn debug up to about 10 and stare at it some more.  Perhaps I can 
> find a test case that will tell me something.

What we'd need then is sniffs of the relevant network
segments taken at the exact same time, plus some time for
possible deferred caching.

Ah, one more hint: You might want to try the syncops vfs
module.

Volker


pgpM1tLPCsMlc.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Text File Corruption Writing from Windows to Linux NFS Share.

[shunter]

Yes, I did.  I tried them separately and together.  Made no difference. 
Any text file copied to a SFU share has each byte replaced with a null 
character.   Any PDF (or zip or exe) file copied fails to copy.  I'm going 
to turn debug up to about 10 and stare at it some more.  Perhaps I can 
find a test case that will tell me something.

S.H.H.



Volker Lendecke  
03/23/2009 03:05 PM
Please respond to
volker.lende...@sernet.de


To
shun...@ddci.com
cc
samba@lists.samba.org
Subject
Re: [Samba] Text File Corruption Writing from Windows to Linux NFS Share.






On Mon, Mar 23, 2009 at 02:58:05PM -0700, shun...@ddci.com wrote:
> The Windows 2003 machine is a raid array data server that provides both 
> Windows and UNIX/Linux shares (NFS).  Some users prefer a Windows 
browser 
> for copying or editing files.  An older Samba on an older Linux machine 
> (Mandrake 10.2) provided this service until recently.

Did you try the two options I mentioned?

Volker




This message is intended only for the use of the individual or entity to which 
it is addressed. If the reader of this message is not the intended recipient, 
or the employee or agent responsible for delivering the message to the intended 
recipient, you are hereby notified that any dissemination, distribution or 
copying of this message is strictly prohibited. If you have received this 
communication in error, please notify us immediately by replying to the sender 
of this E-Mail by return E-Mail or by telephone. -- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Re: samba

[administrador]

disculpen, el samba esta sobre una distribucion de ubuntu, el directorio
 activo esta sobre windows server 2003, la idea es que se pueda compartir
 una carpeta en linux donde los usuarios validos  a acceder a ella sean
los usuarios del directorio activo de windows
salu2s

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Re: pdbedit dosen't send the sambaSID to the ldap

[LiPi -]

The question was exactly the same than the one that was in the link I wrote :p
http://www.mail-archive.com/samba@lists.samba.org/msg99530.html


But now, 1h later it's time to answer myself:

If somebody needs to solve the mentionated problem, it only must be two things:

apt-get install libnss-ldap libpam-ldap
emacs /etc/ldap.conf and fill it with (according to their params):

--start ldap.conf
host 127.0.0.1
base dc=ctest
uri ldap://127.0.0.1
ldap_version 3
rootbinddn cn=admin,dc=ctest
port 389

nss_base_passwd ou=Users,dc=ctest?one
nss_base_passwd ou=Computers,dc=ctest?one
nss_base_shadow ou=Users,dc=ctest?one
nss_base_group  ou=Groups,dc=ctest?one
--end ldap.conf

and /etc/nsswitch.conf:
--start nsswitch.conf
passwd: compat ldap
group:  compat ldap
shadow: compat ldap

hosts:  files dns
networks:   files
protocols:  db files
services:   db files
ethers: db files
rpc:db files
netgroup:   nis
<<<---end nsswitch.conf>>>

Then, getent passwd and getent group must show ldap entries, and then
joining to a domain and the creation of automatic machine samba
accounts is well done.

http://linuxadministration.us/2008/05/17/ubuntu-804-hardy-ldap-client/
http://www.cos.ufrj.br/docs/ldap#debian <-- if you use debian

Thank you all!

2009/3/24 Adam Tauno Williams :
> On Tue, 2009-03-24 at 12:06 +0100, LiPi - wrote:
>> Hi people, did you find a solution for this problem? I'm having it too.
>> r...@patata:/var/log/samba# pdbedit -am merlin
>> Cannot locate Unix account for merlin$
>
> Is that true - Does "id merlin" work?
>
>> But the unix account is in ldap and it creates automatically with
>> smbldap. If I add it manually or add the attributes by hand it works
>> fine.
>
> What do you mean by "add it manually"?
>
> Are you running nscd?  If so, shut that service down and try again.
>
> --
> OpenGroupware developer: awill...@whitemice.org
> 
> OpenGroupare & Cyrus IMAPd documenation @
> 
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Re: pdbedit dosen't send the sambaSID to the ldap

[Adam Tauno Williams]

On Tue, 2009-03-24 at 12:06 +0100, LiPi - wrote:
> Hi people, did you find a solution for this problem? I'm having it too.
> r...@patata:/var/log/samba# pdbedit -am merlin
> Cannot locate Unix account for merlin$

Is that true - Does "id merlin" work?

> But the unix account is in ldap and it creates automatically with
> smbldap. If I add it manually or add the attributes by hand it works
> fine.

What do you mean by "add it manually"?

Are you running nscd?  If so, shut that service down and try again.

-- 
OpenGroupware developer: awill...@whitemice.org

OpenGroupare & Cyrus IMAPd documenation @


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Re: pdbedit dosen't send the sambaSID to the ldap

[LiPi -]

Hi people, did you find a solution for this problem? I'm having it too.

r...@patata:/var/log/samba# pdbedit -am merlin
Cannot locate Unix account for merlin$

But the unix account is in ldap and it creates automatically with
smbldap. If I add it manually or add the attributes by hand it works
fine.


http://www.mail-archive.com/samba@lists.samba.org/msg99530.html
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba