Re: [Samba] Lightweight NetBIOS host enumeration in Python
On Fri, Sep 11, 2009 at 3:03 PM, Matthew Dempsky wrote: > It looks like it can't find any master browsers on your network. Does > "smbtree -NS" work on this host? Also, what's the output of "nmblookup -M -- -" on this host? (That's two dashes, and then one dash.) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Lightweight NetBIOS host enumeration in Python
On Fri, Sep 11, 2009 at 2:18 PM, christian wrote: > thank you for a nice tool! Thanks. :) > __cut__ > Traceback (most recent call last): > File "nbtls.py", line 39, in > _addr, rdata = netbios.doit(bcaddr, '\1\2__MSBROWSE__\2', 1, > broadcast=True) > File "/tmp/nbtls/netbios.py", line 83, in doit > r, (addr, port) = s.recvfrom(4096) > socket.timeout: timed out > __cut__ > > what am i doing wrong? It looks like it can't find any master browsers on your network. Does "smbtree -NS" work on this host? Btw, can I infer from "but on some hosts" that there are other ones that it does work fine? Does it successfully list all the same names that "smbtree -NS" does on those? Thanks for the feedback. :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Lightweight NetBIOS host enumeration in Python
On Fri, Sep 11, 2009 at 12:25:00PM -0700, Matthew Dempsky wrote: [...] > Test reports still welcome. thank you for a nice tool! but on some hosts: __cut__ Traceback (most recent call last): File "nbtls.py", line 39, in _addr, rdata = netbios.doit(bcaddr, '\1\2__MSBROWSE__\2', 1, broadcast=True) File "/tmp/nbtls/netbios.py", line 83, in doit r, (addr, port) = s.recvfrom(4096) socket.timeout: timed out __cut__ what am i doing wrong? -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] BDC and PDC communication...
Question about BDC's on a domain, 1) How can you verify that the BDC and PDC are communicating? (verify they are both on the same domain and that one is a slave/backup? basically verify that the reality matches what is setup in the config files.) 2) If a BDC seems to no longer see the domain, do you just rejoin it again with "net rpc join ..." Thanks for any help, Brian H binaryno...@gmail.com http://www.binarynomad.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] authenticating IIS 6.0 against samba?
Jeremy Allison wrote: On Fri, Sep 11, 2009 at 01:00:15PM -0500, Adam Williams wrote: I have a windows 2003 server joined to my domain. I'd like to have IIS 6.0 on the 2k3 server authenticating against samba so that windows sharepoint services can be used. I've tried getting NTLM authentication working following instructions at http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/7258232a-5e16-4a83-b76e-11e07c3f2615.mspx?mfr=true but I'm not having hany luck. I'm still getting access denied errors when trying to authenticate users in sharepoint services. Has any one got this working, and if so, any tips? What version of Samba ? Post the debug logs ? Jeremy. 3.2.14 on fedora 10 core x86_64. When I go to http://sharepoint/ to load my sharepoint server, and put in my username and password, here's the debug log from /var/log/samba/log.sharepoint on my PDC. [2009/09/11 14:23:52, 3] smbd/process.c:process_smb(1550) Transaction 28 of length 468 (0 toread) [2009/09/11 14:23:52, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 23751) conn 0x7ffee35d8850 [2009/09/11 14:23:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/09/11 14:23:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(2308) api_rpcTNP: rpc command: NETR_LOGONSAMLOGON [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] passdb/secrets.c:secrets_store_schannel_session_info(1216) secrets_store_schannel_session_info: stored schannel info with key SECRETS/SCHANNEL/SHAREPOINT [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2009/09/11 14:23:52, 3] rpc_server/srv_netlog_nt.c:_netr_LogonSamLogon(928) SAM Logon (Network). Domain:[ADMIN]. User:[awill...@admlptp] Requested Domain:[ADMLPTP] [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2009/09/11 14:23:52, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [admlptp]\[awilli...@[admlptp] with the new password interface [2009/09/11 14:23:52, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [admin]\[awilli...@[admlptp] [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: awilliam [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/09/11 14:23:52, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/09/11 14:23:52, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 100 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/09/11 14:23:52, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/09/11 14:23:52, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/09/11 14:23:52, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_grou
Re: [Samba] Lightweight NetBIOS host enumeration in Python
As a quick update, with some off-list help, I've updated the code to resolve a few interoperability issues that showed up on other networks and to make some of the error handling more robust. To anyone who downloaded version 0.01, I'd appreciate if you gave 0.05 a shot as well: http://shinobi.dempsky.org/~matthew/nbtls/nbtls-0.05.zip Same operation as before: just unzip and run "python nbtls.py". Test reports still welcome. Thanks. :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with samba and domain controller
> I have a problem with Samba and a Domain Controller. I have a server which > it was running with samba and a Windows Server 2000 domain controller, and > it’s was worked correctly. Now the domain controller has been changed for a > Windows Server 2008 and now it doesn’t work. I need your help to find the > error. I think that the error is caused for the version of Samba but I’m not > sure. > > I’m working with SUSE LINUX Enterprise Server 9 (i586) and the version of > Samba is samba-3.0.20b-3.11 and samba-winbind-3.0.20b-3.4. > I would upgrade. The current version of samba is 3.4. Your version is over 4 years old. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 RC
On Fri, Sep 11, 2009 at 12:32 PM, Anderson Stano wrote: > > > SkyBeam wrote: >> >> I have posted all my experience and configuration I used within the >> mailing list but it never gets accepted by moderators as it looks like. So >> the approval is still pending. I've re-submitted all my posts to this >> mailing list several times but got tired to re-submit over and over again >> without any progress. >> Moreover my comments might have been useful some weeks ago but meanwhile >> others might have come to the same conclusion (even doing the same work >> twice...). >> > > Hi SkyBeam, > > I´m using gentoo too (samba 3.0.33 currently) and would like to know if you > can share your portage overlay for samba 3.3.4. Having same problem with > trusted accounts as reported and need to upgrade... > BTW, samba-3.0.36 and 3.3.7 are in portage http://gentoo-portage.com/net-fs/samba I have ebuilds for samba in my overlay but do not have 3.4 yet http://github.com/drescherjm/jmdgentoooverlay/tree/40e634505a76832bc7e9c0a7d78f6f8493ca5fe9/net-fs/samba John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] authenticating IIS 6.0 against samba?
On Fri, Sep 11, 2009 at 01:00:15PM -0500, Adam Williams wrote: > I have a windows 2003 server joined to my domain. I'd like to have IIS > 6.0 on the 2k3 server authenticating against samba so that windows > sharepoint services can be used. I've tried getting NTLM authentication > working following instructions at > http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/7258232a-5e16-4a83-b76e-11e07c3f2615.mspx?mfr=true > > but I'm not having hany luck. I'm still getting access denied errors > when trying to authenticate users in sharepoint services. Has any one > got this working, and if so, any tips? What version of Samba ? Post the debug logs ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] authenticating IIS 6.0 against samba?
I have a windows 2003 server joined to my domain. I'd like to have IIS 6.0 on the 2k3 server authenticating against samba so that windows sharepoint services can be used. I've tried getting NTLM authentication working following instructions at http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/7258232a-5e16-4a83-b76e-11e07c3f2615.mspx?mfr=true but I'm not having hany luck. I'm still getting access denied errors when trying to authenticate users in sharepoint services. Has any one got this working, and if so, any tips? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to retain windows file time stamp with samba on linux
On Wed, Sep 02, 2009 at 03:57:46PM -0700, J Kelley wrote: > > Is there a config option to allow client file "create date" time stamps on > windows to show up on the linux side. > > I'm running samba-3.0.33-3.7.el5 on 2.6.18-128.el5 Not in this version. This is one of the things planned for 3.5.0. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 RC
SkyBeam wrote: > > I have posted all my experience and configuration I used within the > mailing list but it never gets accepted by moderators as it looks like. So > the approval is still pending. I've re-submitted all my posts to this > mailing list several times but got tired to re-submit over and over again > without any progress. > Moreover my comments might have been useful some weeks ago but meanwhile > others might have come to the same conclusion (even doing the same work > twice...). > Hi SkyBeam, I´m using gentoo too (samba 3.0.33 currently) and would like to know if you can share your portage overlay for samba 3.3.4. Having same problem with trusted accounts as reported and need to upgrade... Thanks! -- View this message in context: http://www.nabble.com/Windows-7-RC-tp23405949p25404294.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 2008 terminal services with a samba PDC
Hi everybody, in reply to http://lists.samba.org/archive/samba/2009-September/150448.html i am running Samba 3.4.0 on Ubuntu 8.04 (from http://ppa.launchpad.net/pgquiles/ppa/ubuntu hardy main). The tdbsam is within the LDAP Server (created with gosa and Samba 3.0.28). I installed also two Windows 2008 Server's on the first i have also the activated License-Server. (I installed also on the second Terminalserver a Licenseserver, but didn't enable it, to get the License Manager) i added the machine to the samba controlled domain. and it complain's about missing the licenseserver on both computer's. cant say, if it worked before adding it to the domain. When setting within terminalserver configuration the named license server, it say's valid license server found. But even after a reboot, the tsconfig.msc complain's about missing license Server. I checked also the registry http://support.microsoft.com/?kbid=279561 the server is listed correctly. I added also the domainname\nameoftse$ to remote Desktop User's. Does there already an idea? greetings thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problems with samba and domain controller
HI!! I have a problem with Samba and a Domain Controller. I have a server which it was running with samba and a Windows Server 2000 domain controller, and its was worked correctly. Now the domain controller has been changed for a Windows Server 2008 and now it doesnt work. I need your help to find the error. I think that the error is caused for the version of Samba but Im not sure. Im working with SUSE LINUX Enterprise Server 9 (i586) and the version of Samba is samba-3.0.20b-3.11 and samba-winbind-3.0.20b-3.4. When I try to join to the domain, the system returned me an error: [2009/09/08 13:48:36, 0] utils/net_ads.c:ads_startup(191) ads_connect: Server not found in Kerberos database I check krb5.conf and smb.conf and they are correctly, because they are worked correctly before. The version of Samba is correctly to work with a Windows Server 2008 domain controller? I need your help. Thanks. Carlos Gonzalo Cruz Sistemas Unix Subdirección de Tecnología y Sistemas CHRONOEXPRÉS S.A. -- La Información incluida en el presente correo electrónico es SECRETO PROFESIONAL Y CONFIDENCIAL, siendo para el uso exclusivo del destinatario arriba mencionado. Si usted lee este mensaje y no es el destinatario señalado, el empleado o el agente responsable de entregar el mensaje al destinatario, o ha recibido esta comunicación por error, le informamos que esta totalmente prohibida cualquier divulgación, distribución o reproducción de esta comunicación, y le rogamos que nos lo notifique inmediatamente y nos devuelva el mensaje original a la dirección arriba mencionada. Gracias. The information contained in this e-mail is LEGALLY PRIVILEDGED AND CONFIDENTIAL and is intended only for the use of the addressee named above. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, or you have received this communication in error, please be aware that any dissemination, distribution or duplication of this communication is strictly prohibited, and please notify us immediately and return the original message to us at the address above. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
One other issue that may be important: The mounting operation is very slow on 32 bit. Could it be that the handshake does not work out? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Thu, 10 Sep 2009, Jeff Layton wrote: > A couple of differences. First, the "ls's" were done in different > directories since they had different search patterns: Right. 32 bit cannot mount the clameter directory for strange reasons. I have to go one level higher. > The 64-bit capture was done in a directory with only 50 files, > whereas the other one had at least 600-700 files (capture ends before > it finished listing the files). That may make quite a bit of difference > on the server (not sure how windows works internally in this case). Right. I just remounted the 64 bit on the same directory. No delays. > The only other substantive difference I see is that the Level of > Interest that the client is requesting is different: > > 32 == SMB_FIND_FILE_DIRECTORY_INFO > 64 == SMB_FIND_FILE_ID_FULL_DIR_INFO > > That probably means that the 32 bit client has disabled > CIFS_MOUNT_SERVER_INUM for some reason. That means that it's not asking > the server for the windows equivalent of inode numbers. We typically > disable that flag automatically if a query for the inode number of a > path fails. I added the serverino option on the 32 bit system. No effect. > Since these are the same server, that may be an indicator that the > server is serving out info from two different filesystem types (maybe > FAT vs. NTFS, or maybe even a CDROM or something). If so, then that may > help explain some of the performance delta there. I'd be more > interested to see how the 64 bit client behaves when it mounts the > exact same share and does an ls in the same directory as the 32 bit > client. No its all on the same file system. New capture attached for same directory. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Thu, 10 Sep 2009, Jeff Layton wrote: > I assume that the 32 and 64 bit clients you have are calling "ls" in > the same dir. If so, maybe a similar capture from a 64-bit client might > help us see the difference? 64 bit trace attached.-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Wed, 9 Sep 2009, Jeff Layton wrote: > Well, I can see the delays in the capture, but the snarflen for the > capture is a little too small to tell much else. Can you redo the > capture with a larger snarflen (maybe -s 512 or so)? -s 1000 version attached. > Also, were you able to tell anything from a server-side capture? Is the > server issuing oplock breaks at those times? Thats a pretty busy system. They have not gotten around to do any logging on that end. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba w/o openvpn: OK - else strange issues
Hello, I do have a very strange behavior. For some reason, I only observe this, when I access a samba share through an openvpn tunnel. (1) objective have a share, have SECURITY USERS (to control access rights), but NULL PASSWORDS (authentication is fine enough by vpn). Find config files below. This is samba 3.3.2. Openvpn 2.1_rc11. (2) issue I connect via vpn from winXP ... fine I access some shares ... fine I access some directories and files ... fine (btw: access rights work perfectly) I create a file or a folder ... sometimes works, sometimes not THEN: If it works I try to rename the file or folder. It does not *ALWAYS* work. Sometimes it does. More often it does not. WinXP throws "access denied". I played around with the parameters "nt acl support = no", "directory mask", "create mask", "force directory mask". Nothing really works out (latest version attached below). The logfiles are very busy and I cannot figure out what is really going on. => did anybody ever observe this? => this does not occur, when I do *not* access the share through VPN! Or is this coincidence? => real issue is, that sometimes it works. In this successful case, the renamed folder appears only after various F5 in winXP (refresh). (3) config file smb.conf [global] log file = /var/log/samba/log.%m passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s* \spassword:* %n\n *password\supdated\ssuccessfully* . obey pam restrictions = yes null passwords = yes encrypt passwords = yes passwd program = /usr/bin/passwd %u passdb backend = tdbsam dns proxy = no server string = %h server (Samba, Ubuntu) unix password sync = yes workgroup = DALL-ARMI security = user syslog = 0 usershare allow guests = yes panic action = /usr/share/samba/panic-action %d unix charset = UTF8 max log size = 1000 pam password change = yes log level = 0 nt acl support = no [share] path=/mnt/workspace/share comment = share-workspace browsable = yes read only = no create mask = 777 directory mask = 777 force directory mode = 0770 #guest ok = true All other options of smb.conf are (or should be :-) "default". (4) samba log files with a "log level 3" Here are some snippets which seem strange to me: [2009/09/10 01:50:00, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-3561405685-2395757788-2122654243-501] [2009/09/10 01:50:00, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-2] [2009/09/10 01:50:00, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2009/09/10 01:50:00, 3] smbd/password.c:register_existing_vuid(289) register_existing_vuid: User name: nobody Real name: nobody [2009/09/10 01:50:00, 3] smbd/password.c:register_existing_vuid(299) register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2009/09/10 01:50:01, 3] smbd/msdfs.c:get_referred_path(813) get_referred_path: |piazza| in dfs path \10.8.0.1\piazza is not a dfs root. [2009/09/10 01:50:01, 3] smbd/error.c:error_packet_set(61) error packet at smbd/trans2.c(7299) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND [2009/09/10 01:50:01, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [MB-LAPTOP] \[m...@[mb-laptop] with the new password interface [2009/09/10 01:50:01, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [master]\[m...@[mb-laptop] [2009/09/10 01:50:01, 3] auth/auth_sam.c:sam_password_ok(47) Account for user 'mra' has no password and null passwords are allowed. [2009/09/10 01:50:01, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [mra] -> [mra] -> [mra] succeeded [2009/09/10 01:50:01, 3] auth/token_util.c:create_local_nt_token(433) Failed to fetch domain sid for DALL-ARMI [2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-3561405685-2395757788-2122654243-1014] [2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-22-2-1000] [2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-2] [2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-11] [2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-22-2-4] [2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-22-2-110] [2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-22-2-112] [2009/09/10 01:50:01, 3] lib/privileges.c:get_privileges(63) get
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Wed, 9 Sep 2009, Jeff Layton wrote: > That sounds rather strange. Maybe we do have a bug of some sort? The > thing to do might be to get a binary capture of the 32-bit traffic > around the time of the stalls. We could then inspect the packets and > see whether we have something wrong in there. Capture attached.-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Wed, 9 Sep 2009 13:07:52 -0400 (EDT) Christoph Lameter wrote: > On Wed, 9 Sep 2009, Jeff Layton wrote: > > > My suspicion would be that the server needs to perform an oplock break > > to another client before it can send the response. The only way I know > > how to tell that is to sniff all SMB traffic on the server and watch > > for oplock break calls to other clients when these stalls occur. > > That could be tested by switching them off right? If I do > > echo 0 >/proc/fs/cifs/OplockEnabled > > and then remount the volume it should switch off oplocks? > > This has no effect on the stalls. > That'll stop your client from requesting oplocks, but that won't prevent others from doing so. If my suspicion is correct, then another client is holding an oplock and the server needs to break it before it can reply to yours. Unfortunately I doubt there's much you can do from your client to prevent that (if that is the case). There may be a way to turn off oplocks on the server side, but that may very well be even worse for performance. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Wed, 9 Sep 2009, Jeff Layton wrote: > That'll stop your client from requesting oplocks, but that won't > prevent others from doing so. If my suspicion is correct, then another > client is holding an oplock and the server needs to break it before it > can reply to yours. > > Unfortunately I doubt there's much you can do from your client to > prevent that (if that is the case). There may be a way to turn off > oplocks on the server side, but that may very well be even worse for > performance. Hmmm... We can look at that. Another interesting tidbit is that I have never seen this from a 64 bit Linux kernel. Only occurs with 32 bit kernels it seems. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Wed, 9 Sep 2009, Jeff Layton wrote: > Unfortunately I doubt there's much you can do from your client to > prevent that (if that is the case). There may be a way to turn off > oplocks on the server side, but that may very well be even worse for > performance. Also note that these hiccups occur when simply doing an ls we are not accessing or writing files. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problems with samba and domain controller
HI!! I have a problem with Samba and a Domain Controller. I have a server which it was running with samba and a Windows Server 2000 domain controller, and its was worked correctly. Now the domain controller has been changed for a Windows Server 2008 and now it doesnt work. I need your help to find the error. I think that the error is caused for the version of Samba but Im not sure. Im working with SUSE LINUX Enterprise Server 9 (i586) and the version of Samba is samba-3.0.20b-3.11 and samba-winbind-3.0.20b-3.4. When I try to join to the domain, the system returned me an error: [2009/09/08 13:48:36, 0] utils/net_ads.c:ads_startup(191) ads_connect: Server not found in Kerberos database I check krb5.conf and smb.conf and they are correctly, because they are worked correctly before. The version of Samba is correctly to work with a Windows Server 2008 domain controller? I need your help. Thanks. Carlos Gonzalo Cruz Sistemas Unix Subdirección de Tecnología y Sistemas CHRONOEXPRÉS S.A. -- La Información incluida en el presente correo electrónico es SECRETO PROFESIONAL Y CONFIDENCIAL, siendo para el uso exclusivo del destinatario arriba mencionado. Si usted lee este mensaje y no es el destinatario señalado, el empleado o el agente responsable de entregar el mensaje al destinatario, o ha recibido esta comunicación por error, le informamos que esta totalmente prohibida cualquier divulgación, distribución o reproducción de esta comunicación, y le rogamos que nos lo notifique inmediatamente y nos devuelva el mensaje original a la dirección arriba mencionada. Gracias. The information contained in this e-mail is LEGALLY PRIVILEDGED AND CONFIDENTIAL and is intended only for the use of the addressee named above. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, or you have received this communication in error, please be aware that any dissemination, distribution or duplication of this communication is strictly prohibited, and please notify us immediately and return the original message to us at the address above. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cached password updates with Winbind
There is an option on the smb.conf that I think is the answer for you. winbind cache time try that one. Schneider, Craig-P65851 wrote: If a user changes their password and the client looses network connectivity prior to them logging in again their local/cached password is not updated; they have to use their old password to authenticate. Is there a way to change this behavior so that the cached password gets updated upon a successful password change? Thx, Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Sat, 5 Sep 2009, Jeff Layton wrote: > It looks like it's just taking 5s for the server to respond here. Do > you happen to have a wire capture of one of these events? That may tell > us more than cifsFYI info... I did a tcpdump and nothing stands out. Server acks the "cmd 50" and then waits 5 seconds before sending the data. 16:23:34.336373 IP (tos 0x0, ttl 64, id 20616, offset 0, flags [DF], proto 6, length: 118) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: P 2801206064:2801206142(78) ack 468207120 win 190 16:23:34.336624 IP (tos 0x0, ttl 125, id 19869, offset 0, flags [DF], proto 6, length: 206) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: P 1:167(166) ack 78 win 64548 16:23:34.336636 IP (tos 0x0, ttl 64, id 20617, offset 0, flags [DF], proto 6, length: 40) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: . [tcp sum ok] 78:78(0) ack 167 win 190 16:23:34.336669 IP (tos 0x0, ttl 64, id 20618, offset 0, flags [DF], proto 6, length: 128) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: P 78:166(88) ack 167 win 190 16:23:34.456343 IP (tos 0x0, ttl 125, id 20045, offset 0, flags [DF], proto 6, length: 40) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: . [tcp sum ok] 167:167(0) ack 166 win 64460 hiccup 16:23:39.284930 IP (tos 0x0, ttl 125, id 27544, offset 0, flags [DF], proto 6, length: 230) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: . 167:357(190) ack 166 win 64460 16:23:39.324060 IP (tos 0x0, ttl 64, id 20619, offset 0, flags [DF], proto 6, length: 40) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: . [tcp sum ok] 166:166(0) ack 357 win 190 16:23:39.324292 IP (tos 0x0, ttl 125, id 27563, offset 0, flags [DF], proto 6, length: 1500) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: . 357:1817(1460) ack 166 win 64460 16:23:39.324300 IP (tos 0x0, ttl 64, id 20620, offset 0, flags [DF], proto 6, length: 40) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: . [tcp sum ok] 166:166(0) ack 1817 win 190 16:23:39.324306 IP (tos 0x0, ttl 125, id 27564, offset 0, flags [DF], proto 6, length: 1500) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: . 1817:3277(1460) ack 166 win 64460 16:23:39.324311 IP (tos 0x0, ttl 64, id 20621, offset 0, flags [DF], proto 6, length: 40) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: . [tcp sum ok] 166:166(0) ack 3277 win 188 16:23:39.324315 IP (tos 0x0, ttl 125, id 27565, offset 0, flags [DF], proto 6, length: 1500) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: . 3277:4737(1460) ack 166 win 64460 16:23:39.324319 IP (tos 0x0, ttl 64, id 20622, offset 0, flags [DF], proto 6, length: 40) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: . [tcp sum ok] 166:166(0) ack 4737 win 186 16:23:39.324321 IP (tos 0x0, ttl 125, id 27566, offset 0, flags [DF], proto 6, length: 1500) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: . 4737:6197(1460) ack 166 win 64460 16:23:39.324324 IP (tos 0x0, ttl 64, id 20623, offset 0, flags [DF], proto 6, length: 40) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: . [tcp sum ok] 166:166(0) ack 6197 win 184 16:23:39.324329 IP (tos 0x0, ttl 125, id 27567, offset 0, flags [DF], proto 6, length: 1500) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: . 6197:7657(1460) ack 166 win 64460 16:23:39.324332 IP (tos 0x0, ttl 64, id 20624, offset 0, flags [DF], proto 6, length: 40) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: . [tcp sum ok] 166:166(0) ack 7657 win 182 16:23:39.324335 IP (tos 0x0, ttl 125, id 27568, offset 0, flags [DF], proto 6, length: 1500) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: . 7657:9117(1460) ack 166 win 64460 16:23:39.324337 IP (tos 0x0, ttl 64, id 20625, offset 0, flags [DF], proto 6, length: 40) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: . [tcp sum ok] 166:166(0) ack 9117 win 180 16:23:39.324354 IP (tos 0x0, ttl 125, id 27569, offset 0, flags [DF], proto 6, length: 1500) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: . 9117:10577(1460) ack 166 win 64460 16:23:39.324362 IP (tos 0x0, ttl 64, id 20626, offset 0, flags [DF], proto 6, length: 40) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: . [tcp sum ok] 166:166(0) ack 10577 win 190 16:23:39.324371 IP (tos 0x0, ttl 125, id 27570, offset 0, flags [DF], proto 6, length: 1500) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: . 10577:12037(1460) ack 166 win 64460 16:23:39.324374 IP (tos 0x0, ttl 64, id 20627, offset 0, flags [DF], proto 6, length: 40) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: . [tcp sum ok] 166:166(0) ack 12037 win 188 16:23:39.324377 IP (tos 0x0, ttl 125, id 27571, offset 0, flags [DF], proto 6, length: 1500) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: . 12037:13497(1460) ack 166 win 64460 16:23:39.324379 IP (tos 0x0, ttl 64, id 20628, offset 0, flags [DF], proto 6, length: 40) f
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Fri, 4 Sep 2009 12:27:35 -0400 (EDT) Christoph Lameter wrote: > This is on 32 bit x86 on a Dell 1950 > > After mouting a cifs share we have 5 second hiccups. Typical log output > when doing a simple "ls /mnt": > > Sep 4 16:21:43 rd-spare kernel: fs/cifs/transport.c: For smb_command 50 > Sep 4 16:21:43 rd-spare kernel: fs/cifs/transport.c: Sending smb: > total_len 118 > Sep 4 16:21:43 rd-spare kernel: fs/cifs/inode.c: CIFS VFS: leaving > cifs_revalidate (xid = 258) rc = 0 > Sep 4 16:21:43 rd-spare kernel: fs/cifs/dir.c: CIFS VFS: in cifs_lookup > as Xid: 263 with uid: 0 > Sep 4 16:21:43 rd-spare kernel: fs/cifs/dir.c: parent inode = 0xf58d2e60 > name is: AutoWire.bmp and dentry = 0xf5adb63c > Sep 4 16:21:43 rd-spare kernel: fs/cifs/dir.c: NULL inode in lookup > Sep 4 16:21:43 rd-spare kernel: fs/cifs/dir.c: Full path: \AutoWire.bmp > inode = 0x(null) > Sep 4 16:21:43 rd-spare kernel: fs/cifs/inode.c: Getting info on > \AutoWire.bmp > Sep 4 16:21:43 rd-spare kernel: fs/cifs/transport.c: For smb_command 50 > Sep 4 16:21:43 rd-spare kernel: fs/cifs/transport.c: Sending smb: > total_len 104 > > 5 second hiccup > > Sep 4 16:21:48 rd-spare kernel: fs/cifs/connect.c: rfc1002 length 0xce > Sep 4 16:21:48 rd-spare kernel: fs/cifs/connect.c: rfc1002 length 0xc0 (adding linux-cifs-client mailing list) It looks like it's just taking 5s for the server to respond here. Do you happen to have a wire capture of one of these events? That may tell us more than cifsFYI info... > Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: inode 0xf5876518 > old_time=26000 new_time=32751 > Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: cifs_revalidate - inode > unchanged > Sep 4 16:21:48 rd-spare kernel: fs/cifs/file.c: CIFS VFS: in > cifs_writepages as Xid: 264 with uid: 0 > Sep 4 16:21:48 rd-spare kernel: fs/cifs/file.c: CIFS VFS: leaving > cifs_writepages (xid = 264) rc = 0 > Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: CIFS VFS: leaving > cifs_revalidate (xid = 262) rc = 0 > Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: CIFS VFS: in > cifs_revalidate as Xid: 265 with uid: 0 > Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: Revalidate: \Akamai > Headsets.doc inode 0xf5876518 count 2 dentry: 0xf5ada8d0 d_time 260 > 00 jiffies 32751 > Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: CIFS VFS: leaving > cifs_revalidate (xid = 265) rc = 0 > Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: CIFS VFS: in > cifs_revalidate as Xid: 266 with uid: 0 > Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: Revalidate: \Akamai > Headsets.doc inode 0xf5876518 count 2 dentry: 0xf5ada8d0 d_time 260 > 00 jiffies 32751 > > > This is happening intermittently on a variety of hosts. > > cat /proc/fs/cifs/DebugData > > Display Internal CIFS Data Structures for Debugging > --- > CIFS Version 1.60 > Active VFS Requests: 2 > Servers: > 1) Name: 10.2.4.64 Domain: W2K Uses: 1 OS: Windows Server 2003 R2 3790 > Service Pack 2 > NOS: Windows Server 2003 R2 5.2 Capability: 0x1f3fd > SMB session status: 1 TCP status: 1 > Local Users To Server: 1 SecMode: 0x3 Req On Wire: 2 > Shares: > 1) \\chiprodfs2\company Mounts: 1 Type: NTFS DevInfo: 0x20 > Attributes: 0x700ff > PathComponentMax: 255 Status: 0x1 type: DISK > > MIDs: > State: 2 com: 50 pid: 5951 tsk: f756d1b0 mid 277 > State: 2 com: 50 pid: 6044 tsk: f69d4760 mid 278 > > cat /proc/fs/cifs/Stats > > Resources in use > CIFS Session: 1 > Share (unique mount targets): 1 > SMB Request/Response Buffer: 5 Pool size: 5 > SMB Small Req/Resp Buffer: 1 Pool size: 30 > Operations (MIDs): 2 > > 0 session 0 share reconnects > Total vfs operations: 525 maximum at one time: 3 > > 1) \\chiprodfs2\company > SMBs: 305 Oplock Breaks: 0 > Reads: 0 Bytes: 0 > Writes: 0 Bytes: 0 > Flushes: 0 > Locks: 0 HardLinks: 0 Symlinks: 0 > Opens: 0 Closes: 0 Deletes: 0 > Posix Opens: 0 Posix Mkdirs: 0 > Mkdirs: 0 Rmdirs: 0 > Renames: 0 T2 Renames 0 > FindFirst: 2 FNext 0 FClose 0 > > > What is this ??? > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba quota
Hi, i have a problem regarding smbcquota..when i try to set the quota using smbcquota an error will come out : error: failed session setup with NT_STATUS_LOGON_FAILURE cli_full_connection failed! (NT_STATUS_LOGON_FAILURE) i hope you guys can help me with this. Is there any other configuration so that i can set quota to directory of samba user? my smbcquota version is 3.0.28-1.el5_2.1. Thank you in advance. Regards, nik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Wed, 9 Sep 2009, Jeff Layton wrote: > My suspicion would be that the server needs to perform an oplock break > to another client before it can send the response. The only way I know > how to tell that is to sniff all SMB traffic on the server and watch > for oplock break calls to other clients when these stalls occur. That could be tested by switching them off right? If I do echo 0 >/proc/fs/cifs/OplockEnabled and then remount the volume it should switch off oplocks? This has no effect on the stalls. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Wed, 9 Sep 2009 12:33:21 -0400 (EDT) Christoph Lameter wrote: > On Sat, 5 Sep 2009, Jeff Layton wrote: > > > It looks like it's just taking 5s for the server to respond here. Do > > you happen to have a wire capture of one of these events? That may tell > > us more than cifsFYI info... > > I did a tcpdump and nothing stands out. Server acks the "cmd 50" and then > waits 5 seconds before sending the data. > > 16:23:34.336373 IP (tos 0x0, ttl 64, id 20616, offset 0, flags [DF], proto > 6, length: 118) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: P > 2801206064:2801206142(78) ack 468207120 win 190 > 16:23:34.336624 IP (tos 0x0, ttl 125, id 19869, offset 0, flags [DF], proto > 6, length: 206) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: P > 1:167(166) ack 78 win 64548 > 16:23:34.336636 IP (tos 0x0, ttl 64, id 20617, offset 0, flags [DF], proto > 6, length: 40) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: . > [tcp sum ok] 78:78(0) ack 167 win 190 > 16:23:34.336669 IP (tos 0x0, ttl 64, id 20618, offset 0, flags [DF], proto > 6, length: 128) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: P > 78:166(88) ack 167 win 190 > 16:23:34.456343 IP (tos 0x0, ttl 125, id 20045, offset 0, flags [DF], proto > 6, length: 40) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: . > [tcp sum ok] 167:167(0) ack 166 win 64460 > > hiccup > > 16:23:39.284930 IP (tos 0x0, ttl 125, id 27544, offset 0, flags [DF], proto > 6, length: 230) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: . > 167:357(190) ack 166 win 64460 > 16:23:39.324060 IP (tos 0x0, ttl 64, id 20619, offset 0, flags [DF], proto > 6, length: 40) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: . > [tcp sum ok] 166:166(0) ack 357 win 190 A binary capture would probably be easier to infer something from -- we'd be able to open it up in wireshark and get a little more info about what sort of call the client is doing. My suspicion would be that the server needs to perform an oplock break to another client before it can send the response. The only way I know how to tell that is to sniff all SMB traffic on the server and watch for oplock break calls to other clients when these stalls occur. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] how to retain windows file time stamp with samba on linux
Is there a config option to allow client file "create date" time stamps on windows to show up on the linux side. I'm running samba-3.0.33-3.7.el5 on 2.6.18-128.el5 Any help would be greatly appreciated. Thanks in advance Jk _ With Windows Live, you can organize, edit, and share your photos. http://www.windowslive.com/Desktop/PhotoGallery -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cached password updates with Winbind
On the smb.conf there is a parameter on the Global section called "winbind cache time" I think that is your answer. Schneider, Craig-P65851 wrote: If a user changes their password and the client looses network connectivity prior to them logging in again their local/cached password is not updated; they have to use their old password to authenticate. Is there a way to change this behavior so that the cached password gets updated upon a successful password change? Thx, Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 RC
airwofl wrote: > > Did you get a chance to test it with 3.4.0? I have 3.3.7 installed - > Windows 7 RTM joins the domain (with the primary dns suffix error) but > cannot log in to as I get the trust error (output in the log.smbd is the > same as everyone elses). The regkeys mentioned are all applied btw. > > I would rather go upwards than downgrade to get this working. > I have posted all my experience and configuration I used within the mailing list but it never gets accepted by moderators as it looks like. So the approval is still pending. I've re-submitted all my posts to this mailing list several times but got tired to re-submit over and over again without any progress. Moreover my comments might have been useful some weeks ago but meanwhile others might have come to the same conclusion (even doing the same work twice...). Basically I've been able to identify the problems caused by the issue that Windows is unable to change the primary DNS suffix. I've also been able to find a work-around and finally it works quite well for me (using Samba 3.3). So I've not invested in Samba 3.4 yet. Rather I hope that Samba 4 is going to be ready some when in the future or Samba 3.4/3.5 is updated to officially and fully support Windows 7. I will try again re-submitting all my messages to the mailing list but I doubt that they will be accepted. Just annoying. -- View this message in context: http://www.nabble.com/Windows-7-RC-tp23405949p25252779.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 RC
SkyBeam wrote: > > Alternatively you might set the following registry REG_SZ value: > HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\DNSClient\NV > PrimaryDnsSuffix > Set the value to the desired domain sufix (e.g. "domain.local"). Then > reboot the machine and see 'ipconfig /all' printing your custom primary > DNS suffix. However within the system properties you will still see your > "DOMAIN" listed but it's overridden by the policy value. > I found that this solution does not fully work sometimes Windows still tries to look up ".DOMAIN" instead of ".domain.local". So I was looking for the place within the registry which stores the domain name (which fails to propagate on domain-join) and found it within the TCP/IP service at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters. Changing the "NV Domain" to the right local domain makes the domain appear within the domain join dialog too. So my modification reg-file looks as follows now: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters] ; Enable NT-Domain compatibility mode ; Default: ; [value not present] ; "DomainCompatibilityMode"=- "DomainCompatibilityMode"=dword:0001 ; Disable required DNS name resolution ; Default: ; [value not present] ; "DNSNameResolutionRequired"=- "DNSNameResolutionRequired"=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] ; Disable requirement of signed communication ; My Samba (3.0.33) works with signed communication enabled, so no need to disable it. ; Default: ; "RequireSignOrSeal"=dword:0001 ; Disable the usage of strong keys ; Default: ; "RequireStrongKey"=dword:0001 "RequireStrongKey"=dword: ; [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\DNSClient] ; Enforce DNS suffix ; It seems this is not necessary - see below ; "NV PrimaryDnsSuffix"="domain.local" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] ; Overwrite DNS domain. Usually the domain is supposed to be propagated automatically ; when joining the domain. But with Samba this does not work (yet). "NV Domain"="domain.local" -- View this message in context: http://www.nabble.com/Windows-7-RC-tp23405949p24998818.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 RC
SkyBeam wrote: > > The work-around I am using now is that I renamed my domain using smb.conf > from "DOMAIN" to "domain.local" (equal to the DNS suffix). Samba > automatically created a new sambaDomainName entry in LDAP which uses the > same domain SID. Surprisingly even my vista machine which was joined to > the DOMAIN NT-Domain did not even complain about the disappeared "DOMAIN" > and seems to be able to connect to the "domain.local" NT-Domain without > any change (while in system properties it still claims to be member of the > "DOMAIN" NT-Domain). > I found another work-around which does not require changing your Samba configuration (which might have other side-effects too). You can use group policy to enforce the DNS suffix. To do so open the group policy editor (e.g. run "gpedit.msc") and go to Administrative Templates => Network => DNS Client. Here you can set the "Primary DNS Suffix" policy to match your DNS domain. Alternatively you might set the following registry REG_SZ value: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\DNSClient\NV PrimaryDnsSuffix Set the value to the desired domain sufix (e.g. "domain.local"). Then reboot the machine and see 'ipconfig /all' printing your custom primary DNS suffix. However within the system properties you will still see your "DOMAIN" listed but it's overridden by the policy value. You can do this change before or after joining the domain. Note that the error shown by Windows about the failure to change the primary DNS suffix on domain join is still there. This change only allows you to fix an invalid primary DNS suffix which you're otherwise unable to change after domain join. So here's a reg file which works for me: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters] ; Enable NT-Domain compatibility mode ; Default: ; [value not present] ; "DomainCompatibilityMode"=- "DomainCompatibilityMode"=dword:0001 ; Disable required DNS name resolution ; Default: ; [value not present] ; "DNSNameResolutionRequired"=- "DNSNameResolutionRequired"=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] ; Disable requirement of signed communication ; My Samba works with signed communication enabled, so no need to disable it. ; Default: ; "RequireSignOrSeal"=dword:0001 ; Disable the usage of strong keys ; Default: ; "RequireStrongKey"=dword:0001 "RequireStrongKey"=dword: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\DNSClient] ; Enforce DNS suffix "NV PrimaryDnsSuffix"="domain.local" With these settings I can join the domain and logon works. However I've noticed that samba still logs the following message: [2009/08/15 14:14:41, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546) _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client WIN7TEST machine account WIN7TEST$ [2009/08/15 14:15:18, 0] smbd/service.c:make_connection_snum(740) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2009/08/15 14:15:30, 0] smbd/nttrans.c:call_nt_transact_ioctl(1989) call_nt_transact_ioctl(0x1401c4): Currently not implemented. Probably it's a bug of Samba 3.3.4 which still permitts logon even if machine authentication fails. The NT_STATUS_ACCESS_DENNIED is repeated many times. -- View this message in context: http://www.nabble.com/Windows-7-RC-tp23405949p24984174.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 RC
SkyBeam wrote: > > However the error about changing the primary DNS domain remained. > I don't know if this is relevant at all or just annoying. The DNS suffix > for the connection is published by the DHCP server here. But maybe the > message is about something else. > I just discovered that this message is indeed about the primary DNS suffix. The 'ipconfig /all' command now lists multiple suffixed: ... DNS Suffix Search List. . . . . . : DOMAIN domain.local Where "domain.local" seems to be pushed by DHCP but the first entry (DOMAIN) seems to be pushed by domain join. Unfortunately it takes priority. Therefore access to hostnames without appended DNS domain name fail here. E.g. ping server Windows 7 tries to resolve 'server.DOMAIN' which fails due to the fact that there is no DNS response for this hostname. Pinging "server.domain.local" works as expected. Unfortunately this breaks services/scripts/applications which were just using the hostname and relying on the DNS suffix. Actually I tried to work-around this issue as follows: Go to tystem properties and open the Computer Name tab and click on the "Change..." button (exactly as you would to change domain membership). Now in the "Computer Name/Domain Changes" window click on the "More..." button and uncheck the "Change primary DNS suffix when domain membership changes" checkbox. Then click OK and switch to Domain membership. Now join the domain as usual. Unfortunately Windows 7 seems to ignore my settings. It still tries to change the DNS suffix and pops up the same error message. However the checkbox remains unchecked but the DNS suffix for this computer is still inserted as "DOMAIN". When I try to change it later on using the "DNS Suffix and NetBIOS Computer Name" dialog box the "The specified domain either does not exist or could not be contacted" continues to pop up. It looks to me like Windows contacts the domain controller but Samba does not answer - or answers with unexpected value. The work-around I am using now is that I renamed my domain using smb.conf from "DOMAIN" to "domain.local" (equal to the DNS suffix). Samba automatically created a new sambaDomainName entry in LDAP which uses the same domain SID. Surprisingly even my vista machine which was joined to the DOMAIN NT-Domain did not even complain about the disappeared "DOMAIN" and seems to be able to connect to the "domain.local" NT-Domain without any change (while in system properties it still claims to be member of the "DOMAIN" NT-Domain). -- View this message in context: http://www.nabble.com/Windows-7-RC-tp23405949p24983475.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 RC
kmorning wrote: > > I installed windows 7 RC and was able to join my samba 3.3.6 domain and > just as with server 2008r2 I ran into the "trust relationship" issue when > trying to log into the domain. At this point I became a little frustrated > since it seems everyone else here has had success with this. > > Finally, as a last ditch effort, I decided to downgrade to 3.3.4 since > I've seen no mention of anyone using 3.3.6 in this scenario. Lo and > behold, my domain logins now work in both win7 and win2008r2. > > Now this would lead me to believe something in 3.3.6 has broken this > functionality, but I don't want to say this with absolute certainty. > Perhaps in my process of uninstalling 3.3.6 and installing 3.3.4 I fixed > something unbeknownst to me. > > I'm using a gentoo distro, and the reason for me initially installing > 3.3.6 was because it was the the only ebuild for a 3.3.x flavour in the > portage tree (which I had to unmask since it is still hard masked). After > unemerging 3.3.6 I created a portage overlay for 3.3.4 and emerged it. > > Can someone confirm (or deny) my findings with 3.3.6? > I can confirm this findings. I am running Gentoo Linux and my Samba was on latest 3.0 release. Changing the registry keys in LanmanWorkstation parameters to enable domain compatibility helped to join the domain. However the error about changing the primary DNS domain remained. I don't know if this is relevant at all or just annoying. The DNS suffix for the connection is published by the DHCP server here. But maybe the message is about something else. Anyway I immediately faced the problem that the trust relationship between the workstation and the machine failed when I try to log in: "The trust relationship between this workstation and the primary domain failed." So I followed this thread and first upgraded to the latest Samba release available for my distribution (Gentoo) which was 3.3.6. Still no go. Following your suggestion I've created a local overlay and some Samba 3.3.4 overlays. Surprisingly you're right and Samba 3.3.4 works great. So something has been broken (or enhanced in a Win-7 incompatible way) in Samba 3.3.6. If I find some time I will try to use Samba 3.4 too but this might be more difficult than my 3.3.4 overlays... (Running Windows 7 Professional RTM, no Beta/RC) -- View this message in context: http://www.nabble.com/Windows-7-RC-tp23405949p24982658.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Ignoring unknown parameter "idmap domains"
Dear according this wiki http://wiki.samba.org/index.php/Ldapsam_Editposix i have enable EditPosix extension but i receive this error Ignoring unknown parameter "idmap domains" How can i fix it ? Here it is my smb.conf : [global] workgroup = MSHOME netbios name = PC-DTOUZEAU server string = %h server disable netbios =no syslog = 3 log level = 10 log file = /var/log/samba/log.%m debug timestamp = yes # Controler ?? --- security = user enable privileges = yes domain master = no local master = yes preferred master = no domain logons = no os level = 40 printer admin = root,administrator,@Administrators,@lpadmin ldap passwd sync = no # LDAP settings --- ldap admin dn = cn=Manager,dc=my-domain,dc=com ldap suffix = dc=my-domain,dc=com ldap group suffix = ou=groups,dc=samba,dc=organizations ldap user suffix = ou=users,dc=samba,dc=organizations ldap machine suffix = ou=Computer,dc=samba,dc=organizations #Samba and the Editposix/Trusted Ldapsam extension ldap idmap suffix = ou=idmap,dc=samba,dc=organizations ldap delete dn = yes encrypt passwords = true passdb backend = ldapsam ldapsam:trusted=yes ldapsam:editposix=yes idmap domains = MSHOME idmap config MSHOME:backend = ldap idmap config MSHOME:readonly = no idmap config MSHOME:default = yes idmap config MSHOME:ldap_base_dn = ou=idmap,dc=samba,dc=organizations,dc=my-domain,dc=com idmap config MSHOME:ldap_user_dn = cn=Manager,dc=my-domain,dc=com idmap config MSHOME:ldap_url = ldap://localhost idmap config MSHOME:range = 2-50 idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=idmap,dc=samba,dc=organizations,dc=my-domain,dc=com idmap alloc config:ldap_user_dn = cn=Manager,dc=my-domain,dc=com idmap alloc config:ldap_url = ldap://localhost idmap alloc config:range = 2-50 ldap ssl = no logon path = \\%L\profile\%U logon drive = P: logon home = \\%L\%U logon script = script.bat socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 case sensitive = No default case = lower preserve case = yes short preserve case = yes #character set = iso8859-1 #domain admin group = @admin dns proxy = No wins support = Yes #hosts allow = 192.168.0. 127. winbind use default domain = yes winbind enum users = yes winbind enum groups = yes nt acl support = Yes msdfs root = Yes time server = yes host msdfs = yes # Shared Folders lists --- [printers] comment = Printers browseable = yes path = /tmp printable = yes public = yes guest ok = yes writable = no create mode = 0700 [print$] comment = Printers drivers path = /etc/samba/printer_drivers browseable = yes guest ok = no read only = yes write list = root,administrator,@Administrators,@lpadmin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Desiring to set up Windows Vista and Linux Fedora Core 4 Samba; brand new subscriber
Hello, Gary! Thank you very much for your reply! >I read your entire post and am still not sure of what you want. Can you >define the roles that the various computers will be playing vis-a-vis >Samba - such as: >Vista: Samba client >Fedora: Linux file server >Solaris: does not participate Sorry that I was not more clear in this manner. That's pretty well it. Since I am fine with "doing things" (be it submit a printout or transfer a file) from the Windows side, the Vista would be the client, and the samba daemon is running on the Fedora Linux. The Solaris does not participate directly; its presence allows what is processed on the Linux to be received on the D-Link router, since it is a router. >However, what I generally recommend is that you install and use SWAT on >your Samba server. The configuration wizard works quite well. Ah... SWAT ... a "configuration wizard"... I will look into getting that and seeing if that helps me! I didn't know about this. I'll see whether I have it, or it looks as though it is download-able... I'll let you know! Thank you! Barry -- Barry L. Bond | http://home.roadrunner.com/~os9barry Software Engineer, ITT Corporation | (My personal home web page, last | updated February 17, 2005) | bbond @ cfl.rr.com <- personal | Re-Vita Products: Barry.Bond @ ITT.com <- Work ONLY | http://www.re-vita.net/barrybond | Re-Vita Distributor Information Home office: 407-382-2815 | http://www.re-vita.net/barrybond-2 Work: 321-494-5627 | Toll free order: 1-888-820-5531 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
This is on 32 bit x86 on a Dell 1950 After mouting a cifs share we have 5 second hiccups. Typical log output when doing a simple "ls /mnt": Sep 4 16:21:43 rd-spare kernel: fs/cifs/transport.c: For smb_command 50 Sep 4 16:21:43 rd-spare kernel: fs/cifs/transport.c: Sending smb: total_len 118 Sep 4 16:21:43 rd-spare kernel: fs/cifs/inode.c: CIFS VFS: leaving cifs_revalidate (xid = 258) rc = 0 Sep 4 16:21:43 rd-spare kernel: fs/cifs/dir.c: CIFS VFS: in cifs_lookup as Xid: 263 with uid: 0 Sep 4 16:21:43 rd-spare kernel: fs/cifs/dir.c: parent inode = 0xf58d2e60 name is: AutoWire.bmp and dentry = 0xf5adb63c Sep 4 16:21:43 rd-spare kernel: fs/cifs/dir.c: NULL inode in lookup Sep 4 16:21:43 rd-spare kernel: fs/cifs/dir.c: Full path: \AutoWire.bmp inode = 0x(null) Sep 4 16:21:43 rd-spare kernel: fs/cifs/inode.c: Getting info on \AutoWire.bmp Sep 4 16:21:43 rd-spare kernel: fs/cifs/transport.c: For smb_command 50 Sep 4 16:21:43 rd-spare kernel: fs/cifs/transport.c: Sending smb: total_len 104 5 second hiccup Sep 4 16:21:48 rd-spare kernel: fs/cifs/connect.c: rfc1002 length 0xce Sep 4 16:21:48 rd-spare kernel: fs/cifs/connect.c: rfc1002 length 0xc0 Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: inode 0xf5876518 old_time=26000 new_time=32751 Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: cifs_revalidate - inode unchanged Sep 4 16:21:48 rd-spare kernel: fs/cifs/file.c: CIFS VFS: in cifs_writepages as Xid: 264 with uid: 0 Sep 4 16:21:48 rd-spare kernel: fs/cifs/file.c: CIFS VFS: leaving cifs_writepages (xid = 264) rc = 0 Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: CIFS VFS: leaving cifs_revalidate (xid = 262) rc = 0 Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: CIFS VFS: in cifs_revalidate as Xid: 265 with uid: 0 Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: Revalidate: \Akamai Headsets.doc inode 0xf5876518 count 2 dentry: 0xf5ada8d0 d_time 260 00 jiffies 32751 Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: CIFS VFS: leaving cifs_revalidate (xid = 265) rc = 0 Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: CIFS VFS: in cifs_revalidate as Xid: 266 with uid: 0 Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: Revalidate: \Akamai Headsets.doc inode 0xf5876518 count 2 dentry: 0xf5ada8d0 d_time 260 00 jiffies 32751 This is happening intermittently on a variety of hosts. cat /proc/fs/cifs/DebugData Display Internal CIFS Data Structures for Debugging --- CIFS Version 1.60 Active VFS Requests: 2 Servers: 1) Name: 10.2.4.64 Domain: W2K Uses: 1 OS: Windows Server 2003 R2 3790 Service Pack 2 NOS: Windows Server 2003 R2 5.2 Capability: 0x1f3fd SMB session status: 1 TCP status: 1 Local Users To Server: 1 SecMode: 0x3 Req On Wire: 2 Shares: 1) \\chiprodfs2\company Mounts: 1 Type: NTFS DevInfo: 0x20 Attributes: 0x700ff PathComponentMax: 255 Status: 0x1 type: DISK MIDs: State: 2 com: 50 pid: 5951 tsk: f756d1b0 mid 277 State: 2 com: 50 pid: 6044 tsk: f69d4760 mid 278 cat /proc/fs/cifs/Stats Resources in use CIFS Session: 1 Share (unique mount targets): 1 SMB Request/Response Buffer: 5 Pool size: 5 SMB Small Req/Resp Buffer: 1 Pool size: 30 Operations (MIDs): 2 0 session 0 share reconnects Total vfs operations: 525 maximum at one time: 3 1) \\chiprodfs2\company SMBs: 305 Oplock Breaks: 0 Reads: 0 Bytes: 0 Writes: 0 Bytes: 0 Flushes: 0 Locks: 0 HardLinks: 0 Symlinks: 0 Opens: 0 Closes: 0 Deletes: 0 Posix Opens: 0 Posix Mkdirs: 0 Mkdirs: 0 Rmdirs: 0 Renames: 0 T2 Renames 0 FindFirst: 2 FNext 0 FClose 0 What is this ??? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smbclient gives strange results
Hello, I've been using Samba on a Sun server but we recently discontinued using the Sun and switched to using Samba on a RH linux server. I can't get file sharing to work on the new server. When I test the connection to the samba server (velar) by running smbclient //velar/homes -U eric I get an error message referring to NT_STATUS_BAD_NETWORK_NAME. I can't find any reason for this error because all the names are correct, permissions are correct, etc. Furthermore, when I run smbclient -L localhost -N it correctly lists the shares, but I get strange results, such as: ServerComment - EARTH SATURN VELAR Samba WorkgroupMaster - --- PHON SATURN This is confusing because EARTH and SATURN are actually clients, not servers, so I don't see how they can be listed as servers. Also the master for PHON should be VELAR, not SATURN. Does anybody have any idea of I can proceed to troubleshoot this problem? smb.conf listed below. Thanks very much, Eric [global] invalid users = bin daemon adm sync shutdown halt mail news uucp netbios name = velar workgroup = PHON passdb backend = smbpasswd os level = 255 domain master = yes local master = yes security = user domain logons = yes logon drive = h: logon path = logon script = %U.bat log level = 3 max log size = 500 encrypt passwords = yes username map = /etc/samba/smbusers [netlogon] path = /usr/local/samba/netlogon browseable = yes guest ok = no [homes] browseable = yes writeable = yes guest ok = no -- View this message in context: http://www.nabble.com/smbclient-gives-strange-results-tp25296601p25296601.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 RC
So, I did some digging through Bug 6099 on Bugzilla and read the comments ( https://bugzilla.samba.org/show_bug.cgi?id=6099 https://bugzilla.samba.org/show_bug.cgi?id=6099 ). I followed the guidance of Guenther and only the following regkeys are required to get domain joining and login working with Windows 7 RTM to Samba 3.3.7 acting as PDC: HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 The other two need to be at the system defaults of 1: HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOnSeal = 1 DWORD RequireStrongKey = 1 P. airwofl wrote: > > Hi, > > Did you get a chance to test it with 3.4.0? I have 3.3.7 installed - > Windows 7 RTM joins the domain (with the primary dns suffix error) but > cannot log in to as I get the trust error (output in the log.smbd is the > same as everyone elses). The regkeys mentioned are all applied btw. > > I would rather go upwards than downgrade to get this working. > > I haven't seen anything official from the Samba folks on the issue or when > Windows 7 will work? > > Thanks, > > P. > > > SkyBeam wrote: >> >> >> kmorning wrote: >>> >>> I installed windows 7 RC and was able to join my samba 3.3.6 domain and >>> just as with server 2008r2 I ran into the "trust relationship" issue >>> when trying to log into the domain. At this point I became a little >>> frustrated since it seems everyone else here has had success with this. >>> >>> Finally, as a last ditch effort, I decided to downgrade to 3.3.4 since >>> I've seen no mention of anyone using 3.3.6 in this scenario. Lo and >>> behold, my domain logins now work in both win7 and win2008r2. >>> >>> Now this would lead me to believe something in 3.3.6 has broken this >>> functionality, but I don't want to say this with absolute certainty. >>> Perhaps in my process of uninstalling 3.3.6 and installing 3.3.4 I fixed >>> something unbeknownst to me. >>> >>> I'm using a gentoo distro, and the reason for me initially installing >>> 3.3.6 was because it was the the only ebuild for a 3.3.x flavour in the >>> portage tree (which I had to unmask since it is still hard masked). >>> After unemerging 3.3.6 I created a portage overlay for 3.3.4 and emerged >>> it. >>> >>> Can someone confirm (or deny) my findings with 3.3.6? >>> >> >> I can confirm this findings. >> >> I am running Gentoo Linux and my Samba was on latest 3.0 release. >> Changing the registry keys in LanmanWorkstation parameters to enable >> domain compatibility helped to join the domain. However the error about >> changing the primary DNS domain remained. >> I don't know if this is relevant at all or just annoying. The DNS suffix >> for the connection is published by the DHCP server here. But maybe the >> message is about something else. >> >> Anyway I immediately faced the problem that the trust relationship >> between the workstation and the machine failed when I try to log in: "The >> trust relationship between this workstation and the primary domain >> failed." >> >> So I followed this thread and first upgraded to the latest Samba release >> available for my distribution (Gentoo) which was 3.3.6. Still no go. >> Following your suggestion I've created a local overlay and some Samba >> 3.3.4 overlays. Surprisingly you're right and Samba 3.3.4 works great. So >> something has been broken (or enhanced in a Win-7 incompatible way) in >> Samba 3.3.6. >> If I find some time I will try to use Samba 3.4 too but this might be >> more difficult than my 3.3.4 overlays... >> >> (Running Windows 7 Professional RTM, no Beta/RC) >> > > -- View this message in context: http://www.nabble.com/Windows-7-RC-tp23405949p25244052.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 RC
Hi, Did you get a chance to test it with 3.4.0? I have 3.3.7 installed - Windows 7 RTM joins the domain (with the primary dns suffix error) but cannot log in to as I get the trust error (output in the log.smbd is the same as everyone elses). The regkeys mentioned are all applied btw. I would rather go upwards than downgrade to get this working. I haven't seen anything official from the Samba folks on the issue or when Windows 7 will work? Thanks, P. SkyBeam wrote: > > > kmorning wrote: >> >> I installed windows 7 RC and was able to join my samba 3.3.6 domain and >> just as with server 2008r2 I ran into the "trust relationship" issue when >> trying to log into the domain. At this point I became a little >> frustrated since it seems everyone else here has had success with this. >> >> Finally, as a last ditch effort, I decided to downgrade to 3.3.4 since >> I've seen no mention of anyone using 3.3.6 in this scenario. Lo and >> behold, my domain logins now work in both win7 and win2008r2. >> >> Now this would lead me to believe something in 3.3.6 has broken this >> functionality, but I don't want to say this with absolute certainty. >> Perhaps in my process of uninstalling 3.3.6 and installing 3.3.4 I fixed >> something unbeknownst to me. >> >> I'm using a gentoo distro, and the reason for me initially installing >> 3.3.6 was because it was the the only ebuild for a 3.3.x flavour in the >> portage tree (which I had to unmask since it is still hard masked). >> After unemerging 3.3.6 I created a portage overlay for 3.3.4 and emerged >> it. >> >> Can someone confirm (or deny) my findings with 3.3.6? >> > > I can confirm this findings. > > I am running Gentoo Linux and my Samba was on latest 3.0 release. Changing > the registry keys in LanmanWorkstation parameters to enable domain > compatibility helped to join the domain. However the error about changing > the primary DNS domain remained. > I don't know if this is relevant at all or just annoying. The DNS suffix > for the connection is published by the DHCP server here. But maybe the > message is about something else. > > Anyway I immediately faced the problem that the trust relationship between > the workstation and the machine failed when I try to log in: "The trust > relationship between this workstation and the primary domain failed." > > So I followed this thread and first upgraded to the latest Samba release > available for my distribution (Gentoo) which was 3.3.6. Still no go. > Following your suggestion I've created a local overlay and some Samba > 3.3.4 overlays. Surprisingly you're right and Samba 3.3.4 works great. So > something has been broken (or enhanced in a Win-7 incompatible way) in > Samba 3.3.6. > If I find some time I will try to use Samba 3.4 too but this might be more > difficult than my 3.3.4 overlays... > > (Running Windows 7 Professional RTM, no Beta/RC) > -- View this message in context: http://www.nabble.com/Windows-7-RC-tp23405949p25241642.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is Samba useful in an all-Linux environment?
On Fri, Sep 11, 2009 at 1:40 PM, Juan Miscaro wrote: > 2009/8/30 Gary Greene : >> On Sunday 30 August 2009 04:24:05 am Juan Miscaro wrote: >>> 2009/8/17 Marc Balmer : >>> > Am 17.08.2009 um 21:40 schrieb Steve Litt: >>> >> Hi all, >>> >> >>> >> This isn't meant to be a troll. It's a legitimate question asked because >>> >> I haven't done much with Samba for 9 years. >>> >> >>> >> Is there anything Samba can contribute to an all-Linux environment with >>> >> no Windows or Mac computers? >>> > >>> > no. >>> >>> Isn't it possible to set up a "Samba domain" whereby Linux clients can >>> log in from their desktop manager (GDM, KDM)? If so, how is that >>> done? >>> >>> That is something Samba can bring to an all-Linux environment. >>> >>> -- >>> /jm >> > >> Set up your normal Domain, and then add your Linux boxes using Winbind >> should work since it will just look like >> an NT Domain. > > Thanks, that makes sense. Do you know where the documentation is for > doing this? Everything I've found is Windows-centric. What I'm not > understanding is how you configure a Linux client to connect to the > Samba server. Surely I don't need to install Samba on each client? > cifs is built into the kernel. Depending on your distro mount-cifs may or may not be bundled with samba. ldap is separate from samba -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is Samba useful in an all-Linux environment?
2009/8/30 Gary Greene : > On Sunday 30 August 2009 04:24:05 am Juan Miscaro wrote: >> 2009/8/17 Marc Balmer : >> > Am 17.08.2009 um 21:40 schrieb Steve Litt: >> >> Hi all, >> >> >> >> This isn't meant to be a troll. It's a legitimate question asked because >> >> I haven't done much with Samba for 9 years. >> >> >> >> Is there anything Samba can contribute to an all-Linux environment with >> >> no Windows or Mac computers? >> > >> > no. >> >> Isn't it possible to set up a "Samba domain" whereby Linux clients can >> log in from their desktop manager (GDM, KDM)? If so, how is that >> done? >> >> That is something Samba can bring to an all-Linux environment. >> >> -- >> /jm > > Set up your normal Domain, and then add your Linux boxes using Winbind should > work since it will just look like > an NT Domain. Thanks, that makes sense. Do you know where the documentation is for doing this? Everything I've found is Windows-centric. What I'm not understanding is how you configure a Linux client to connect to the Samba server. Surely I don't need to install Samba on each client? -- /jm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smbclient -M
Hello *, I've fileserver with Debian Lenny and Samba 3.2.5 from the distro. I want the server to notify clients on some events with a popup. # smbclient -M Client01 Connection to Client01 failed. Error NT_STATUS_BAD_NETWORK_NAME but: # smbclient -L Client01 -U myuser Enter myuser's password: Domain=[MYDOMAIN] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- IPC$IPC IPC remoto scansioni Disk ADMIN$ Disk Amministrazione remota C$ Disk Condivisione predefinita Domain=[MYDOMAIN] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Server Comment ---- CLIENT01 CLIENT02 CLIENT03 SERVER server server WorkgroupMaster ---- MYDOMAIN CLIENT01 WORKGROUPPC-GUEST What am I doing wrong with -M? -- Virtual Bit di Lucio Crusca http://www.virtual-bit.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restart Winbind
On Thu, Sep 10, 2009 at 11:27 PM, Adam Nielsen wrote: > > I wish I can put gdb, but when tdb files get corrupted, I cant login to > > the host even as a local user on console. Winbind seems to be locking > > the whole authentication stream. I don't understand why even the local > > user cant login. > > It's because normally (depending on /etc/nsswitch.conf) winbind will be > queried first before local files like /etc/passwd. If you swap the > order you can make it check local auth files first. > > Alternatively you should be able to get around that by either leaving a > console or SSH connection open to the server 24/7 until it breaks, or > perhaps using SSH with public keys, which should bypass the normal > authentication scheme. Of course then even something like "ls" will > probably lock up, since it will query winbind to map UIDs back to > usernames... > Thank you for taking time to respond. I do have have nsswitch has file and then winbind and it is working as expected when everything is fine. e.g. I stop winbind, use a local user and I can login. The issue happens only when winbind takes all CPU. I can have session open on console directly, but its very random. > > Thats the I'm working on a script to run w/ cron, so that when winbind > > consumes more than 40% cpu, I want to restart the cpu. > > Short of tracking down the bug with gdb and fixing it, this is probably > the only alternative. > > > I wanted to ask another question on the same subject. When I start the > > winbind using the init script, it forks 4 processes. The pid on > > /var/run/winbindd.pid is the parent process. So is that the pid I need > > to monitor to capture the true cpu utilization? > > I'm afraid I can't answer that, but it's possible that any of the > instances might lock up, so you would probably need to monitor all of > them. Perhaps an easier option could be to time how long it takes to > run a command, and when winbind locks up and that command doesn't > complete, then you know winbind must be restarted. (Even something like > "rm /tmp/heartbeat; ls; touch /tmp/heartbeat" would mean that if > /tmp/heartbeat disappeared for more than a few seconds you know > something is wrong. "monit" probably has a test for this already and > would save cronjob scripting. > I am doing something similar. I grep for no of winbind pids and avg it. If the cpu avg crosses, say 10%, then clear the tdb and restart the winbind, #!/bin/bash ##This script will clean up winbind if it causes CPU issue. #WBCPU=`/bin/ps -eo pcpu,pid,user,args,cputime | grep winbind|grep -v grep|awk '{print $1}' > /tmp/wbind.dont.d el` WBCPU=`top -b -n1 |grep winbindd|awk '{print $5}' > /tmp/wbind.dont.del` WBCOUNT=`wc -l /tmp/wbind.dont.del|awk '{print $1}'` WBCPUTOT=`echo $(sed -e 's/$/+/' /tmp/wbind.dont.del) 0|bc` WBCPUAVG=`echo $WBCPUTOT/$WBCOUNT |bc` #echo Count is $WBCOUNT and Tot is $WBCPUTOT and Avg is $WBCPUAVG if [ $WBCPUAVG -gt 10 ] then rm -rf /var/lib/samba/* > /dev/null /etc/init.d/winbind restart fi I am somewhat limited to use tdb backend as ldap back end doesn't seems to be supporting trusted domains. > > Cheers, > Adam. > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ERROR: Unable to fetch machine password for DLEL70$@ in domain
I'm new to SAMBA, so I apologize up front if I ask a dumb question! We upgraded from solaris 8 (samba2.2.8a) to solaris 10 and installed samba 3.2.4. When user tried to use samba, they got "Failed to open /usr/local/samba/private/secrets.tdb". I thought maybe the file just needed to be there, so I touched the new file into existence, and then they got this error: "ERROR: Unable to fetch machine password for DLEL70$@ in domain". The previous installation of 2.2.8a on solaris 8 did not get these errors, and the /usr/local/samba/private directory was empty as well. Is there a way around this? Is there a parameter I need to set? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain Member Server connecting to Samba PDC
On Fri, Sep 11, 2009 at 06:40:02AM -0600, Anthony Powell wrote: > > There had been some bugs in 3.3.2 preventing that unfortunately. We are > > currently preparing an update to 3.4.1 for F11. > > > > Could you please give > > https://admin.fedoraproject.org/updates/F11/FEDORA-2009-9443 > > a try (and leave positive feedback if it works for you) ? > > This worked for me. Great, thanks for the feedback. Guenther -- Günther DeschnerGPG-ID: 8EE11688 Red Hat gdesch...@redhat.com Samba Team g...@samba.org pgpZ6LiZQJBMr.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 2008 terminal services with a samba PDC
Hi everybody, in reply to http://lists.samba.org/archive/samba/2009-September/150448.html i am running Samba 3.4.0 on Ubuntu 8.04 (from http://ppa.launchpad.net/pgquiles/ppa/ubuntu hardy main). The tdbsam is within the LDAP Server (created with gosa and Samba 3.0.28). I installed also two Windows 2008 Server's on the first i have also the activated License-Server. (I installed also on the second Terminalserver a Licenseserver, but didn't enable it, to get the License Manager) i added the machine to the samba controlled domain. and it complain's about missing the licenseserver on both computer's. cant say, if it worked before adding it to the domain. When setting within terminalserver configuration the named license server, it say's valid license server found. But even after a reboot, the tsconfig.msc complain's about missing license Server. I checked also the registry http://support.microsoft.com/?kbid=279561 the server is listed correctly. I added also the domainname\nameoftse$ to remote Desktop User's. Does there already an idea? greetings thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Smbd process keep file locked
Guys Can maybe someone help me to understand the nature of my problem. 1. I have Samba 3.0.32c with ADS on Solaris 9 server 2. Client run daily jobs from thr Windows which read data and write to the log files on the samba share 3. Occasionally he started getting the problem that when job finished, smbd process does not go away and lock the log file. 4. if I run trace on the process, it does nothing, just sleeps ... It started few month ago without any changes from our end. Here is from smb.conf: [global] server string = Production Samba ver %v socket options = TCP_NODELAY workgroup = GROUP realm = GROUP.XXX.XXX.COM security = ADS password server = server1, server2 encrypt passwords = yes allow trusted domains = yes username map = /opt/local/samba2/lib/users.map log file = /opt/local/samba2/logs/log.%m locking = yes lock directory = /opt/local/samba2/var/locks pid directory = /opt/local/samba2/var/locks share modes = yes preserve case = yes short preserve case = yes smb passwd file = /export/nfs2/samba2/private3023c/ private dir = /export/nfs2/samba2/private3023c/ netbios name = sbtorsamba2 name resolve order = host bcast domain master = no domain logons = no printing = bsd printcap name = /etc/printcap load printers = no interfaces = 192.168.253.85/28 bind interfaces only = yes deadtime = 15 preferred master = no local master = no guest account = nobody guest ok = no syslog = 0 Sincerely, Dmitry --- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this email in error, please contact the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same. No member of the Scotiabank Group is liable for any errors or omissions in the content or transmission of this email or accepts any responsibility or liability for loss or damage arising from the receipt or use of this transmission. Scotiabank Group may monitor, retain and/or review email. Trading instructions received by e-mail or voicemail will not be accepted or acted upon. Unless indicated in writing, opinions contained in this email are those of the author and are not endorsed by any member of the Scotiabank Group. For information on some members of the Scotiabank Group: http://www.scotiacapital.com/EmailDisclaimer/English_entities.htm For authorized users of the Scotia Capital trademark: http://www.scotiacapital.com/EmailDisclaimer/English_trademark.htm Pour obtenir la traduction en français: http://www.scotiacapital.com/EmailDisclaimer/French.htm Traducción en español: http://www.scotiacapital.com/EmailDisclaimer/Spanish.htm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain Member Server connecting to Samba PDC
> There had been some bugs in 3.3.2 preventing that unfortunately. We are > currently preparing an update to 3.4.1 for F11. > > Could you please give > https://admin.fedoraproject.org/updates/F11/FEDORA-2009-9443 > a try (and leave positive feedback if it works for you) ? This worked for me. Thanks Anthony -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] New Files do not belong to the User who created them...
On Fri, Sep 11, 2009 at 11:28:46AM +0200, Axel Werner wrote: > Whenever a Windows User creates a file at the same location, the new > File belongs to "root" and Group "Domain Users". Me and my Users would > expect the new File would belong to the Creator (User). But for some > reason this is not Happening here. This is just a "cosmetic" problem. > but it confuses the users, because they rely on the user and group owner > informations. > > > Any Ideas of why is that??? Im lost. > Oh BTW: if i creat a new file within my homedirectory via SAMBA, the > file gets the correct owner (wernera). You've set "inherit owner = yes". That might influence that behaviour. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net rpc share migrate files
Hi! when i try to migrate files from nt4 share to smb share ... net rpc share migrate files SHARE_DATA -I 172.10.10.1 -S NT4 \ --acls --timestamps -v works, but net rpc share migrate files SHARE_DATA -I 172.10.10.1 -S NT4 \ --acls --attrs --timestamps -v syncing[SHARE_DATA] files and directories including ACLs, including DOS Attributes (preserving timestamps) failed to set file-attrs: NT_STATUS_ACCESS_DENIED Could handle directory attributes for top level directory of share SHARE_DATA. Error NT_STATUS_ACCESS_DENIED Could not handle the top level directory permissions for the share: SHARE_DATA any ideas ? thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] pam_winbind seems unable to return full list of trusted relationship domain members
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello: Our scenario: - - Our domain (ABRANTINA) is a Windows 2003R2 AD (RFC2307 enabled) - - Trusted domain (REDE-LC) is a Windows 2003R2 AD - - cafs01tst is a Debian "stable" based SAMBA 3.2.5 file server Our goal: - - Serve home and shares for users of both domains ABRANTINA and REDE-LC Our implementation: (following guidelines from "Samba-3 by Example", and misc info gathered from the net) - - Configured MIT Kerberos with info for both domains - - Configured PAM to use pam_winbind - - Configured NSS to use nss_winbind - - Configured SAMBA to use the ADS security mechanism - - Joined cafs01tst to ABRANTINA domain Our problems: - - Users from REDE-LC domain are unable to access cafs01tst, being asked for a username/password pair (ABRANTINA users access without problem) - - "getent passwd" only lists five REDE-LC users (always the same five), while "wbinfo -u" lists all - - SSH logging on to the system from REDE-LC users fails with "pam_sm_authenticate returning 10" (ABRANTINA users access without problem) Small note: We currently have five SAMBA file servers (equal as the one we have setup for testing) serving domain ABRANTINA users without any problem at all, the trust relationship and the need to serve REDE-LC domain users is the source of our problems. Our steps to reproduce the "getent passwd" problem: - --8<-- r...@cafs01tst:~# invoke-rc.d winbind stop ; invoke-rc.d samba stop Stopping the Winbind daemon: winbind. Stopping Samba daemons: nmbd smbd. r...@cafs01tst:~# for d in /var/log/samba/ /var/lib/samba/ \ /var/cache/samba/ ; do find ${d} ! -type d |xargs rm -f ; done r...@cafs01tst:~# net ads join -U Administrator%PASSWORD Using short domain name -- ABRANTINA Joined 'CAFS01TST' to realm 'abrantina.org' r...@cafs01tst:~# net ads testjoin -U Administrator%PASSWORD Join is OK r...@cafs01tst:~# net rpc testjoin -U Administrator%PASSWORD Join to 'ABRANTINA' is OK r...@cafs01tst:~# invoke-rc.d samba start ; invoke-rc.d winbind start Starting Samba daemons: nmbd smbd. Starting the Winbind daemon: winbind. r...@cafs01tst:~# wbinfo --set-auth-user=Administrator%PASSWORD r...@cafs01tst:~# wbinfo --get-auth-user ABRANTINA+Administrator%PASSWORD r...@cafs01tst:~# wbinfo -t checking the trust secret via RPC calls succeeded r...@cafs01tst:~# wbinfo -m BUILTIN CAFS01TST ABRANTINA REDE-LC r...@cafs01tst:~# net rpc trustdom list -U Administrator%PASSWORD Trusted domains list: REDE-LC S-1-5-21-1659004503-776561741-839522115 Trusting domains list: REDE-LC S-1-5-21-1659004503-776561741-839522115 r...@cafs01tst:~# wbinfo -u guest administrator krbtgt fmendonca echironadmin tsinternetuser iwam_abrghost iusr_abrghost asequeira jalberto ... (full list edited for clarity) ... testepr1 testepr2 tsta REDE-LC+administrator REDE-LC+guest REDE-LC+iusr_castor REDE-LC+iwam_castor REDE-LC+krbtgt REDE-LC+antonio martins REDE-LC+adelino rodrigues REDE-LC+agostinho costa REDE-LC+alexandre ferreira REDE-LC+alice neves ... (full list edited for clarity) ... REDE-LC+sql_agent REDE-LC+tst l REDE-LC+tstl r...@cafs01tst:~# getent passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin statd:x:102:65534::/var/lib/nfs:/bin/false messagebus:x:103:105::/var/run/dbus:/bin/false snmp:x:105:65534::/var/lib/snmp:/bin/false nslcd:x:106:112:nss-ldapd name service LDAP connection daemon,,,:/var/run/nslcd/:/bin/false REDE-LC+sergio oliveira:*:20305:20339:Sergio \ Oliveira:/home/REDE-LC/sergio oliveira:/bin/sh REDE-LC+tiago freire:*:22668:20339:Tiago Freire:/home/REDE-LC/tiago \ freire:/bin/sh REDE-LC+nelson gesero:*:24590:20339:Nelson Gesero:/home/REDE-LC/nelson \ gesero:/bin/sh REDE-LC+celso silva:*:26203:20339:Celso Silva:/home/REDE-LC/celso \ silva:/bin/sh REDE-LC+luis soares:*:26361:20339:Luis Manuel Gaspar \ Soares:/home/REDE-LC/luis soares:/bin/sh administrator:*:1:10001:Administrator:/home/ABRANTINA/administrator:/bin/sh fmendonca:*:10177:10014:Filipe Mendonça:/home/ABRANTINA/fmendonca:/bin/sh echironadmin:*:10001:10001:eChiron Administration:/home/ABRANTINA/echironadmin:/bin/sh asequeira:*:10073:1:António Sequeira:/home/ABRANTINA/asequeira:/bin/sh jalberto:*:10219:1:José Alberto Santos
[Samba] Problems with samba and domain controller
HI!! I have a problem with Samba and a Domain Controller. I have a server which it was running with samba and a Windows Server 2000 domain controller, and its was worked correctly. Now the domain controller has been changed for a Windows Server 2008 and now it doesnt work. I need your help to find the error. I think that the error is caused for the version of Samba but Im not sure. Im working with SUSE LINUX Enterprise Server 9 (i586) and the version of Samba is samba-3.0.20b-3.11 and samba-winbind-3.0.20b-3.4. When I try to join to the domain, the system returned me an error: [2009/09/08 13:48:36, 0] utils/net_ads.c:ads_startup(191) ads_connect: Server not found in Kerberos database I check krb5.conf and smb.conf and they are correctly, because they are worked correctly before. The version of Samba is correctly to work with a Windows Server 2008 domain controller? I need your help. Thanks. Carlos Gonzalo Cruz Sistemas Unix Subdirección de Tecnología y Sistemas CHRONOEXPRÉS S.A. -- La Información incluida en el presente correo electrónico es SECRETO PROFESIONAL Y CONFIDENCIAL, siendo para el uso exclusivo del destinatario arriba mencionado. Si usted lee este mensaje y no es el destinatario señalado, el empleado o el agente responsable de entregar el mensaje al destinatario, o ha recibido esta comunicación por error, le informamos que esta totalmente prohibida cualquier divulgación, distribución o reproducción de esta comunicación, y le rogamos que nos lo notifique inmediatamente y nos devuelva el mensaje original a la dirección arriba mencionada. Gracias. The information contained in this e-mail is LEGALLY PRIVILEDGED AND CONFIDENTIAL and is intended only for the use of the addressee named above. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, or you have received this communication in error, please be aware that any dissemination, distribution or duplication of this communication is strictly prohibited, and please notify us immediately and return the original message to us at the address above. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] New Files do not belong to the User who created them...
Hi Samba-Gurus out there! Ive got some strange problem here i already tried to track down searching the net and reading tons of manuals. no luck yet. So now ill give the Mailing list a try. The Situation: We run a virtual (VM) Debian Lenny Server as LDAP (OpenLDAP) and Samba Domaincontroller/Fileserver. The Server also does NFS Exports of the same Volumes to other Debian Etch Linux Servers around because we have WINDOWS AND LINUX Users using the same files on the fileserver. So some access the Server via WINDOWS/SAMBA, some access the Files via KDE/Linux/NFS. For Access-Controll we use Linux ACLs (getfacl / setfacl) and Group-Memberships. Therefor we mounted the Data-Volume with "acl" parameter. ACLs seems to work fine in any way. The Problem: Whenever a Linux User creates a File on the Data-Volume, the User itself becomes "owner", but the file receives the ACLs as defined by the "default ACLs" of the parent directory. So anything looks fine with Linux created files yet. Whenever a Windows User creates a file at the same location, the new File belongs to "root" and Group "Domain Users". Me and my Users would expect the new File would belong to the Creator (User). But for some reason this is not Happening here. This is just a "cosmetic" problem. but it confuses the users, because they rely on the user and group owner informations. Any Ideas of why is that??? Im lost. Oh BTW: if i creat a new file within my homedirectory via SAMBA, the file gets the correct owner (wernera). THANKS A LOT FOR ANY HELP! greetings Axel [ mail (at) awerner.homeip.net ] For those who whats to analyse my problem, here are my configs and demo: DEMO zksfs:/data1/LW-I/Dokumente# ls -la total 100 drwxrwx---+ 22 root root 4096 2009-09-11 09:25 . drwxrwx---+ 24 root root 4096 2009-08-18 14:42 .. drwxrwx---+ 2 root root 4096 2009-09-09 14:31 drwxrwx---+ 7 root root 4096 2009-03-19 16:59 g drwxrwx---+ 2 root root 4096 2009-05-06 09:57 terbefragung drwxrwx---+ 3 root root 4096 2009-09-11 09:10 xxx drwxrwx---+ 17 root root 4096 2009-08-04 16:03 iat_fuer_alle -rwxrwx---+ 1 root Domain Users7 2009-09-11 09:23 wernera-test-20090911.txt zksfs:/data1/LW-I/Dokumente# The file "wernera-test-20090911.txt" is created by myself via Windows XP Workstation on that volume, while i was logged in @ windows as "wernera" ACLs of /data1/LW-I/Dokumente look like this: # file: data1/LW-I/Dokumente/ # owner: root # group: root user::rwx group::rwx group:hiwi:r-x group:Domain\040Admins:rwx group:everyone-zks:rwx mask::rwx other::--- default:user::rwx default:group::rwx default:group:Domain\040Admins:rwx default:group:everyone-zks:rwx default:mask::rwx default:other::--- ACLs of the new File looks like this: zksfs:/data1/LW-I/Dokumente# getfacl wernera-test-20090911.txt # file: wernera-test-20090911.txt # owner: root # group: Domain\040Users user::rwx group::rwx group:Domain\040Admins:rwx group:everyone-zks:rwx mask::rwx other::--- zksfs:/data1/LW-I/Dokumente# Here is my SHORT smb.conf : ~~~ [global] workgroup = ZKS server string = obey pam restrictions = Yes passdb backend = ldapsam:"ldap://zksfs.somedomain.de"; check password script = /sbin/crackcheck -c -d /var/cache/cracklib/cracklib_dict log level = 0 auth:3 syslog = 1000 syslog only = Yes log file = /var/log/samba/samba.log max log size = 1 debug pid = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 show add printer wizard = No add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u" logon script = scripts\logon.cmd logon path = logon drive = h: logon home = \\zksfs\%U domain logons = Yes os level = 66 dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=some,dc=domain,dc=de ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=people ldap suffix = dc=some,dc=domain,dc=de ldap ssl = start tls ldap user suffix = ou=people panic action = /usr/share/samba/panic-action %d inherit acls = Yes inherit owner = Yes [homes] comment = Home Directories valid users = %S read only = No create mask = 0700 directory mask = 0700 browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon admin users = root write list = @itadmin, root, Administrator, @Domain, Admins guest ok = Yes [I] comment = Net Drive I path = /data1/LW-I/ read only = No create mask = 0770 directory mask = 0770 ~~ This is the LONG Version of smb.conf ( testparm -sv ) including Default Values. ~~ [global] dos charset = CP850 un
[Samba] Lightweight NetBIOS host enumeration in Python
After giving up on trying to slim down smbtree, I've seemingly worked out enough of the NetBIOS and SMB/CIFS protocols to implement a bare-bones replacement in Python. At less than 500 lines, it's pretty easy to follow, though it's very hackish and badly needs a clean rewrite (which I'm working on now, in C). In the mean time, if anyone's interested, the Python code's available at: http://shinobi.dempsky.org/~matthew/nbtls/nbtls-0.01.zip Operation is pretty basic: just unzip and then run "python nbtls.py". The output should be comparable to "smbtree -NS". Test reports greatly appreciated. If output differs or nbtls crashes, output and tcpdump pcap files would be nice too. Off-list replies are fine. Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba