Re: [Samba] Picking the right installer
On 5 October 2012 03:28, Andrew stray84mail-...@yahoo.co.uk wrote: [...] P.S. This is my first use of this help service. I understand that I must receive a copy, as I've sent this message before, but have not received the copy, I presume it might have got lost. Hence, why I am resending. I hope I am not making a mistake. Whether or not you receive a copy depends on your settings on the mailing list server. Both of your messages were successfully sent to the mailing list. Here they are in the archives: https://lists.samba.org/archive/samba/2012-October/169391.html https://lists.samba.org/archive/samba/2012-October/169394.html -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
Hi Mario, As I configured the Roaming profiles under linux, it more or less generate an abnormal operation (in less than 2 mins) if I add/copy some files to the home directory. But for Windows XP and Windows 7 is running smoothly and it generates folders at the Samba4 server location with corresponding users. e.g. Administrator (for XP), and Administrator.V2 (for Win7/2008) based on my observations. I'm interested in the way you configured the roaming profile on the linux side. Did you use csync for the synchronisation? I've looked at it in the past and didn't found any straight away solution. Anyway, I guess there should be some kind of Administrator.linux profile directory on the server side since the ubuntu profile won't be compatible from windows to linux (those profiles are not even compatible between winxp and win7...) Cheers, Denis I was confused on roaming under linux (or maybe it was not yet supported), because once I login as the administrator (one account in Samba4 - AD user) in linux, adding (files to the desktop) or modifying (I used to move to the home directory). Then login to the Windows 7 and WinXP, it will NOT login when I see the logs of the server using -d3 Kerberos: Client sent patypes: encrypted-timestamp, 128 Kerberos: Looking for PKINIT pa-data -- administrator@UCHIHA Kerberos: Looking for ENC-TS pa-data -- administrator@UCHIHA Kerberos: Failed to decrypt PA-DATA -- administrator@UCHIHA (enctype arcfour-hmac-md5) error Decrypt integrity check failed Kerberos: Failed to decrypt PA-DATA -- administrator@UCHIHA Kerberos: AS-REQ administrator@UCHIHA from ipv4:192.168.150.135:3064 for krbtgt/UCHIHA@UCHIHA But for a few minutes, you can login again and this time it will display at the system tray (a dialog box) User Profile Service There was a problem with your roaming profile. You have been logged on with your previously saved local profile. Please see the event logs for details or contact your administrator, but those files are just only few bytes (less than 1MB) just the pam.d files. The saved files are not located either of Windows XP or 7. auth_check_password_send: Checking password for unmapped user [UCHIHA]\[administrator]@[\\AMBOT-LINUX] auth_check_password_send: mapped user is: [UCHIHA]\[administrator]@[\\AMBOT-LINUX] ntlm_password_check: NTLMv2 password check failed ntlm_password_check: Lanman passwords NOT PERMITTED for user administrator ntlm_password_check: LM password, NT MD4 password in LM field and LMv2 failed for user administrator auth_check_password_recv: sam_ignoredomain authentication for user [UCHIHA\administrator] FAILED with error NT_STATUS_WRONG_PASSWORD schannel_fetch_session_key_tdb: restored schannel info key SECRETS/SCHANNEL/AMBOT-LINUX auth_check_password_send: Checking password for unmapped user [UCHIHA]\[administrator]@[\\AMBOT-LINUX] auth_check_password_send: mapped user is: [UCHIHA]\[administrator]@[\\AMBOT-LINUX] Got a dns update request. Update not allowed for unsigned packet. Tkey handshake completed Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] But after a 20mins, coz I went somewhere. It goes to normal again. I conclude that Linux (Ubuntu 12.04) roaming profiles is not yet implemented in Samba4 RC2 - Centos 6.3. Other observation, Windows7 machine is not detected in the network, but WinXp and Ubuntu machines are visible. Any ideas how to implement roaming profile under Linux as the clients? Cheers, Mario -- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.57 http://www.tranquil-it-systems.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to configure NTP server
Hi Deepak, I am still struggling with the NTP server configuration. Is there no method by which I can sync all my domain users with the same time as on server because I have to face alot of issue due to the same. I have searched alot but the only thing which I found was to add these two lines in my ntp.conf ntpsigndsocket /opt/ad/samba4/var/run/ntp_signd/ restrict default mssntp I am using CentOS 6 and ntp rpm is 4.2 I guess the version of ntp you are using does not support ntp signing. You might check the samba4 wiki, it asks for a ntp version 4.2.6 or higher. https://wiki.samba.org/index.php/Samba4/HOWTO#Step_10:_Configure_NTP_.28Optional.29 After the configuration is straight forward, just add the two lines you posted above and check the socket path which might change depending on your compilation/installation. Cheers, Denis I also tried to compile using a tar ntp file with --enable-ntp-signd Can any one help me please. Thanks deepak -- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.57 http://www.tranquil-it-systems.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Libreoffice and roaming profile log-off delay
samba --version Version 4.0.0rc3-GIT-56ffe75 AD and s3fs on the same box. libreoffice 3.6.1 Hi If a user has used libreoffice, his log-off time is around 3 minutes on both XP and w7. samba shows 50% and smbd shows 20% CPU usage during the delay. I can get the delay down to around 2 minutes by removing all of the optional libreoffice modules (such as the wiki publisher). The delay is less for subsequent log-off's but still a pita. Questions: When the user logs off, is the profile synced to the file server or is the whole lot copied again? Any ideas to work around this? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 05/10/12 09:44, Denis Cardon wrote: Hi Mario, As I configured the Roaming profiles under linux, it more or less generate an abnormal operation (in less than 2 mins) if I add/copy some files to the home directory. But for Windows XP and Windows 7 is running smoothly and it generates folders at the Samba4 server location with corresponding users. e.g. Administrator (for XP), and Administrator.V2 (for Win7/2008) based on my observations. I'm interested in the way you configured the roaming profile on the linux side. Did you use csync for the synchronisation? I've looked at it in the past and didn't found any straight away solution. Anyway, I guess there should be some kind of Administrator.linux profile directory on the server side since the ubuntu profile won't be compatible from windows to linux (those profiles are not even compatible between winxp and win7...) Cheers, Denis I was confused on roaming under linux (or maybe it was not yet supported), because once I login as the administrator (one account in Samba4 - AD user) in linux, adding (files to the desktop) or modifying (I used to move to the home directory). Then login to the Windows 7 and WinXP, it will NOT login when I see the logs of the server using -d3 Kerberos: Client sent patypes: encrypted-timestamp, 128 Kerberos: Looking for PKINIT pa-data -- administrator@UCHIHA Kerberos: Looking for ENC-TS pa-data -- administrator@UCHIHA Kerberos: Failed to decrypt PA-DATA -- administrator@UCHIHA (enctype arcfour-hmac-md5) error Decrypt integrity check failed Kerberos: Failed to decrypt PA-DATA -- administrator@UCHIHA Kerberos: AS-REQ administrator@UCHIHA from ipv4:192.168.150.135:3064 for krbtgt/UCHIHA@UCHIHA But for a few minutes, you can login again and this time it will display at the system tray (a dialog box) User Profile Service There was a problem with your roaming profile. You have been logged on with your previously saved local profile. Please see the event logs for details or contact your administrator, but those files are just only few bytes (less than 1MB) just the pam.d files. The saved files are not located either of Windows XP or 7. auth_check_password_send: Checking password for unmapped user [UCHIHA]\[administrator]@[\\AMBOT-LINUX] auth_check_password_send: mapped user is: [UCHIHA]\[administrator]@[\\AMBOT-LINUX] ntlm_password_check: NTLMv2 password check failed ntlm_password_check: Lanman passwords NOT PERMITTED for user administrator ntlm_password_check: LM password, NT MD4 password in LM field and LMv2 failed for user administrator auth_check_password_recv: sam_ignoredomain authentication for user [UCHIHA\administrator] FAILED with error NT_STATUS_WRONG_PASSWORD schannel_fetch_session_key_tdb: restored schannel info key SECRETS/SCHANNEL/AMBOT-LINUX auth_check_password_send: Checking password for unmapped user [UCHIHA]\[administrator]@[\\AMBOT-LINUX] auth_check_password_send: mapped user is: [UCHIHA]\[administrator]@[\\AMBOT-LINUX] Got a dns update request. Update not allowed for unsigned packet. Tkey handshake completed Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] But after a 20mins, coz I went somewhere. It goes to normal again. I conclude that Linux (Ubuntu 12.04) roaming profiles is not yet implemented in Samba4 RC2 - Centos 6.3. Other observation, Windows7 machine is not detected in the network, but WinXp and Ubuntu machines are visible. Any ideas how to implement roaming profile under Linux as the clients? Cheers, Mario Hi It's working here with Version 4.0.0rc3-GIT-56ffe75 All we do to set up the roaming profile on Linux is to add the attribute: profilePath: \\server\profiles\steve2 to the user DN entry in LDAP. and whilst we're there we also map his windows home directory to his Linux home directory: homeDrive: Z: homeDirectory: \\server\home\steve2 Make sure that the profiles share is writeable by the users. We chmod 1777'd it. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Picking the right installer
On 05/10/12 02:01, Andrew wrote: Hi Andrew Apache Linux server (Arvixe) I think that's a web hosting service no? PC running Windows 7 Ultimate with MS Office. Do you have a spare computer to install e.g. Linux? If you did, the chances are that samba would be installed by default. Cheers Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Internal DNS stops forwarding
Ok we found some bugs that could lead to a frozen dns server can you try rc2? Matthieu. Happened again with rc2 but found that at the same time this error shows every second: [2012/10/05 09:01:39, 0] ../source4/smbd/process_single.c:56(single_accept_connection) single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES After restarting everything is OK, but it happened yesterday though I didn't notice it was at the same time the dns error and this too many opened files. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Need help with share permissions
Hello all, I am struggling to get share permissions to work properly. I am currently using samba 3.6.3 with AD integration. I want to force the following permissions: - created/renamed/copied directories: 0770 - created/renamed/copied files: 0660 - file permissions should not be editable by Windows users. I have tried a lot of different combinations of parameters but failed to get the desired permissions. Most of the time I end up with 0660 for newly created files and 0750 for newly created directories. When I rename a just created directory permission changes to 0770. At the moment I have this in my test share: force group = MYDOM\test force create mode = 0660 create mask = 0660 force directory mode = 0770 directory mask = 0770 Thank you for your kind help best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Internal DNS replication and how to fix
Hi All, First, off I'm a bit of a n00b w/Samba4 so I'll apologize ahead of time if any of this seems obvious/trivial. I'm working with Samba RC1 tar build and trying to get DNS replication working. Right how I get the following under --snip-- KCC CONNECTION OBJECTS Connection -- Connection name: fa253d86-3549-4208-ab29-a0d702ccdb02 Enabled: TRUE Server DNS name : target.OwnerIQ.local Server DN name : CN=NTDS Settings,CN=TARGET,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local TransportType: RPC options: 0x0001 Warning: No NC replicated for Connection! I only have one server running W2k3 SP1. I have trolled Google and read that both the internal DNS does not replicate some objects and that dynamic updates are not fully functional. But, even after reading a bunch of documents, it's not clear /how/I fix that. I've read that the replication is not complete on a additional DC and that it has to be done manually. Not sure if that has anything to do with the samba_upgradedns command (which I ran, it complained about not having a zone file in /usr/local/samba/private/dns but all else seemed well). I also ran samba_dnsupdate --verbose and while that seemed alright, I did notice: schema_fsmo_init: we are master[no] updates allowed[no] Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} Shouldn't updates allowed be yes if I added allow dns updates = true in smb.conf? One final note, I do have my resolv.conf pointing to my Win2k3 as the first DNS server. My end goal is to replace the 2k3 server with Samba4 so, either way, if internal DNS is not an option right now because it hasn't matured, I'm tempted, based on what I've read, to try BIND to get around the internal problems. I have that built with Bind 9.8.3 with the following: ./configure --prefix=/var/named --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexe --sharedstatedir=/var/lib --with-libtool --enable-threads --with-dlopen --with-gssapi I would be willing to try the switch over but, while it's clear how to switch the backend (--/dns/-/backend=/BIND_DLZ) when provisioning Samba, how would I do this from a join perspective? Thanks in advance for any help! -Brett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 5 October 2012 13:14, steve st...@steve-ss.com wrote: [...] Hi It's working here with Version 4.0.0rc3-GIT-56ffe75 All we do to set up the roaming profile on Linux is to add the attribute: profilePath: \\server\profiles\steve2 to the user DN entry in LDAP. and whilst we're there we also map his windows home directory to his Linux home directory: homeDrive: Z: homeDirectory: \\server\home\steve2 Make sure that the profiles share is writeable by the users. We chmod 1777'd it. HTH Steve I've never looked at this and don't need it now, but I'm interested. How is this implemented on client? -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 05/10/12 17:21, Michael Wood wrote: On 5 October 2012 13:14, steve st...@steve-ss.com wrote: [...] Hi It's working here with Version 4.0.0rc3-GIT-56ffe75 All we do to set up the roaming profile on Linux is to add the attribute: profilePath: \\server\profiles\steve2 to the user DN entry in LDAP. and whilst we're there we also map his windows home directory to his Linux home directory: homeDrive: Z: homeDirectory: \\server\home\steve2 Make sure that the profiles share is writeable by the users. We chmod 1777'd it. HTH Steve I've never looked at this and don't need it now, but I'm interested. How is this implemented on client? The above is what ADUC adds to the directory when you fill in the fields on the profile tab for a user. It's quicker to use a little script around samba-tool user add and add the attributes on the Linux AD machine rather than use ADUC. You just need ldbmodify and the (in this example) the [home] and [profiles] shares in smb.conf. Linux clients map whatever the [home] share points at to the unixHomeDirectory attribute. The latter can use either winbind or nslcd to pull the info from ldap. Let me know if you need any more detail. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Libreoffice and roaming profile log-off delay
On 05/10/12 12:01, steve wrote: samba --version Version 4.0.0rc3-GIT-56ffe75 AD and s3fs on the same box. libreoffice 3.6.1 Hi If a user has used libreoffice, his log-off time is around 3 minutes on both XP and w7. samba shows 50% and smbd shows 20% CPU usage during the delay. I can get the delay down to around 2 minutes by removing all of the optional libreoffice modules (such as the wiki publisher). The delay is less for subsequent log-off's but still a pita. Questions: When the user logs off, is the profile synced to the file server or is the whole lot copied again? Any ideas to work around this? Cheers, Steve Hi Steve, if you are using roaming profiles, then when the user logons the entire profile is copied from the server to the client, when the user logs off the reverse happens, not good if you allow the profile to grow to any size. The cure is folder redirection or as microsoft now call it 'user virtulization', with this the users documents etc stop on the server and the My Documents folder, for instance, gets pointed to the new location. I can email you the instructions for XP if you are interested and point you to a website for W7, this is a bit different but works the same. Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Libreoffice and roaming profile log-off delay
On Fri, Oct 5, 2012 at 10:57 AM, Rowland Penny rpe...@f2s.com wrote: The cure is folder redirection or as microsoft now call it 'user virtulization', with this the users documents etc stop on the server and the My Documents folder, for instance, gets pointed to the new location. I can email you the instructions for XP if you are interested and point you to a website for W7, this is a bit different but works the same. this can also be done with GPO's. this article discuses how to improve sync time (offline and roaming use similar techniques), but redirection should also be used to get maximum benefit. http://blogs.technet.com/b/filecab/archive/2007/03/16/using-offline-files-with-samba-emc-servers-nas-devices.aspx -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Libreoffice and roaming profile log-off delay
On 05/10/12 17:57, Rowland Penny wrote: On 05/10/12 12:01, steve wrote: I can email you the instructions for XP if you are interested and point you to a website for W7, this is a bit different but works the same. Hi Rowland. That would be great. I'll start with the XP and see how it goes. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Picking the right installer
On Fri, Oct 05, 2012 at 01:01:19AM +0100, Andrew wrote: Hello, Today, I was suggested to use Samba by Plone people, meaning I Hadn't heard of Samba before. It seems to be exactly what I have been looking for for some time, but I obviously am completely blank about Samba, so you will excuse my silly question, please. I want to install Samba on my server, but after over two hours searching the site, I found there are plenty of very useful documentation, but not enough tips for a newbie like me to start with. Follows what I have, so you can kindly tell me which installer I must download to start. Apache Linux server (Arvixe) PC running Windows 7 Ultimate with MS Office. My problem arises from the fact that after all the time spent searching and reading I did not understand whether the installers are recommended according to the server or to the PC-OS. Which one shall I use, please? Thank you very much for enlightening me. If you install a standard Linux distribution (the most popular are Red Hat, SuSE, Ubuntu or Debian) then it will include a Samba server package (or the ability to add one). I would start there if I were you. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need help with share permissions
On Fri, Oct 05, 2012 at 03:42:24PM +0200, Andreas Oster wrote: Hello all, I am struggling to get share permissions to work properly. I am currently using samba 3.6.3 with AD integration. I want to force the following permissions: - created/renamed/copied directories: 0770 - created/renamed/copied files: 0660 - file permissions should not be editable by Windows users. I have tried a lot of different combinations of parameters but failed to get the desired permissions. Most of the time I end up with 0660 for newly created files and 0750 for newly created directories. When I rename a just created directory permission changes to 0770. At the moment I have this in my test share: force group = MYDOM\test force create mode = 0660 create mask = 0660 force directory mode = 0770 directory mask = 0770 Hmmm. The : force directory mode = 0770 directory mask = 0770 setting should do the trick. Are you also storing the DOS attributes in EA's ? You probably also need that to prevent UNIX permission modification. Try adding: store dos attributes = yes map readonly = no map system = no map hidden = no map archive = no and re-test creating a new directory. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba-tool dbcheck shows incorrect GUID after update from alpha17 to beta8
Original-Nachricht Datum: Thu, 4 Oct 2012 12:22:54 +0200 Von: Michael Wood esiot...@gmail.com An: Julian Timm x-dimens...@gmx.net CC: samba@lists.samba.org Betreff: Re: [Samba] Samba-tool dbcheck shows incorrect GUID after update from alpha17 to beta8 On 4 October 2012 09:46, Julian Timm x-dimens...@gmx.net wrote: Original-Nachricht Datum: Wed, 3 Oct 2012 16:56:42 +0200 Von: Michael Wood esiot...@gmail.com An: x-dimens...@gmx.net CC: samba@lists.samba.org Betreff: Re: [Samba] Samba-tool dbcheck shows incorrect GUID after update from alpha17 to beta8 On 3 October 2012 16:26, x-dimens...@gmx.net wrote: After updating our Samba4 server from alpha17 to beta8 samba-tool dbcheck shows 24 incorrect GUID errors. What does it mean and what should i do to fix this? Try samba-tool dbcheck --fix. Also, why did you not install rc2 instead of beta8? I don't want to compile every Samba version for myself, so i'm using the Zentyal 2.3 PPA. The latest Samba version here is beta8, but rc2 packages are in testing and should be available soon. After running samba-tool dbcheck --fix the errors still exists, when running dbcheck again. Try posting the errors to the list and maybe someone will be able to say what causes them. -- Michael Wood esiot...@gmail.com Ok, here is an example: ERROR: incorrect GUID component for member in object CN=Mitarbeiter,OU=Benutzer,DC=test,DC=lan - GUID=c385ad50-c728-41ba-8b94-22fa07b57b41;SID=S-1-5-21-2936403297-3018184044-1011683372-1153;CN=Max Müller,OU=Benutzer,DC=test,DC=lan unable to find object for DN CN=Max Müller,OU=Benutzer,DC=test,DC=lan - (No such Base DN: CN=Max Müller,OU=Benutzer,DC=test,DC=lan) Not removing dangling forward link All of these database errors affecting users who have german umlauts in their names like Ä,Ö,Ü. These users are also not shown within the Microsoft RSAT AD manager. When i add a new user now like Horst Müller with the management tool, i get the error that the user could not be verified and can't login, but RSAT still creates the user. Is there a simple way to correct this problem? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Wrong menu language on Windows 7 clients after update to Samba4 beta8
Original-Nachricht Datum: Thu, 4 Oct 2012 19:50:08 +0200 Von: Günter Kukkukk li...@kukkukk.com An: x-dimens...@gmx.net CC: samba@lists.samba.org Betreff: Re: [Samba] Wrong menu language on Windows 7 clients after update to Samba4 beta8 Am Donnerstag, 4. Oktober 2012, 09:39:49 schrieb x-dimens...@gmx.net: Original-Nachricht Datum: Thu, 04 Oct 2012 07:17:25 +1000 Von: Andrew Bartlett abart...@samba.org An: x-dimens...@gmx.net CC: samba@lists.samba.org Betreff: Re: [Samba] Wrong menu language on Windows 7 clients after update to Samba4 beta8 On Wed, 2012-10-03 at 16:49 +0200, x-dimens...@gmx.net wrote: After updating from Samba4 alpha 17 to beta8 most Windows start menu entries on our Windows 7 clients are in english now, instead of german. Also the desktop.ini files are not hidden anymore like it was before. What goes wrong here? Do i need to set a new parameter in smb.conf or mount the filesystem with some attributes? Neither of these are likely to be the cause of a language change on the client. Most likely the issue is due to being unable to load policies or the profile. Andrew Bartlett The language of the clients hasn't changed. I think this is a problem with file permissions... Samba4 alpha 17 was part of the Resara Server we had used before. The partition with the profiles and all user data was mounted by Resara Server with Avahi daemon and now i mount this partition via /etc/fstab and this entry: /dev/sdc1 /volumes/HD1 ext4 user_xattr 0 2 Maybe this is wrong? I don't know what parameters was used before by Avahi. at least you should also add the acl mount option (in addition to the already used user_xattr) Cheers, Günter Thank you very much Günter, the acl mount option in fstab seems to fix this problem! :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Name Resolve Order : parameter of smb.conf with testparm
Hi Matthieu Patou, the version that I'm using is Samba 3.5.10-116.el6_2. It was installed with rpm command. The OS is: Red Hat Enterprise Linux Server release 6.2 (Santiago) Linux [name of host] 2.6.32-131.6.1.el6.x86_64 #1 SMP Mon Jun 20 14:15:38 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux Thanks, -- Marcio Oliveira Técnico de Informática +55 (61) 3314-8733 Procuradoria Geral do Trabalho -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] temporary profiles problem - don't want roaming profiles
I have a Samba PDC (Ubuntu 12, OpenLDAP 2.4.28, Samba 3.6.3), and at two remote sites, I have some Samba BDCs. For now I've manually entered the DCs as WINS servers on the workstations I'm using for testing. At the remote sites, I can log in with an account that has no logon path or logon home specified, and it works perfectly. But at the main site, when I try to log on to one of these accounts I get first get the can't find the server copy of the roaming profile and then can't find the local profile logging you in with a temporary profile errors. I can't figure this one out. I'm using the same account, and the samba setups are nearly identical - just one is a BDC and one a PDC. This is smb.conf on the PDC: [global] workgroup = SEAMANPAPER server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://localhost syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 smb ports = 137 138 139 445 name resolve order = wins bcast hosts load printers = No printcap name = /dev/null disable spoolss = Yes rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1 logon path = logon home = domain logons = Yes os level = 65 domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=intranet,dc=seamanpaper,dc=com ldap ssl = no ldap user suffix = ou=People panic action = /usr/share/samba/panic-action %d idmap config * : range = 100-199 idmap config * : backend = ldap printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j [profiles] comment = Windows Profiles path = /home/samba/profiles read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes browseable = No csc policy = disable [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes [homes] comment = Home Directories valid users = %S read only = No browseable = No and on the BDC: [global] workgroup = SEAMANPAPER server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://localhost syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 smb ports = 137 138 139 445 name resolve order = wins bcast hosts load printers = No printcap name = /dev/null disable spoolss = Yes rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1 logon path = logon home = domain logons = Yes os level = 65 domain master = No dns proxy = No wins proxy = Yes wins server = 192.168.10.127 ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=intranet,dc=seamanpaper,dc=com ldap ssl = no ldap user suffix = ou=People panic action = /usr/share/samba/panic-action %d idmap config * : range = 100-199 idmap config * : backend = ldap printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j [profiles] comment = Windows Profiles path = /home/samba/profiles read only = No create mask =
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via ac7d976 When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries. (cherry picked from commit 6575d1d34fee45c7a965c7c9641cc52b566a9e7f) via f163bcd Only apply masks on non-default ACL entries when setting the ACL. via e853383 Use is_default_acl variable in canonicalise_acl(). (cherry picked from commit 82e7132bdf7c9d4ddead3cd5d845bfe68b93448b) via 9b40fd8 Reformat spacing to be even. (cherry picked from commit efb446a38cca448855977666499603d12e1477b4) from 178266e html docs: Remove link to Using Samba. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit ac7d9768c718f6225f2182d763ec1dbc6dc48ea8 Author: Jeremy Allison j...@samba.org Date: Tue Oct 2 10:15:54 2012 -0700 When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries. (cherry picked from commit 6575d1d34fee45c7a965c7c9641cc52b566a9e7f) The last 4 patches address bug #9236 - ACL masks incorrectly applied when setting ACLs. commit f163bcd18f80b8ac1add96c93964fa02c08a4615 Author: Jeremy Allison j...@samba.org Date: Tue Oct 2 12:21:10 2012 -0700 Only apply masks on non-default ACL entries when setting the ACL. commit e8533833c2a138a54b7583f57187ee9e68b2e3cd Author: Jeremy Allison j...@samba.org Date: Tue Oct 2 09:55:09 2012 -0700 Use is_default_acl variable in canonicalise_acl(). (cherry picked from commit 82e7132bdf7c9d4ddead3cd5d845bfe68b93448b) commit 9b40fd8893584884ec282605b8c5481b089a43f1 Author: Jeremy Allison j...@samba.org Date: Tue Oct 2 09:21:17 2012 -0700 Reformat spacing to be even. (cherry picked from commit efb446a38cca448855977666499603d12e1477b4) --- Summary of changes: source3/smbd/posix_acls.c | 58 +++-- 1 files changed, 40 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 34747d3..22ad40f 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1353,13 +1353,15 @@ static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, cano type. / -static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace, -const struct share_params *params, -const bool is_directory, - const struct dom_sid *pfile_owner_sid, - const struct dom_sid *pfile_grp_sid, - const SMB_STRUCT_STAT *pst, - bool setting_acl) +static bool ensure_canon_entry_valid(connection_struct *conn, + canon_ace **pp_ace, + bool is_default_acl, + const struct share_params *params, + const bool is_directory, + const struct dom_sid *pfile_owner_sid, + const struct dom_sid *pfile_grp_sid, + const SMB_STRUCT_STAT *pst, + bool setting_acl) { canon_ace *pace; bool got_user = False; @@ -1370,8 +1372,9 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace for (pace = *pp_ace; pace; pace = pace-next) { if (pace-type == SMB_ACL_USER_OBJ) { - if (setting_acl) + if (setting_acl !is_default_acl) { apply_default_perms(params, is_directory, pace, S_IRUSR); + } got_user = True; } else if (pace-type == SMB_ACL_GROUP_OBJ) { @@ -1380,8 +1383,9 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace * Ensure create mask/force create mode is respected on set. */ - if (setting_acl) + if (setting_acl !is_default_acl) { apply_default_perms(params, is_directory, pace, S_IRGRP); + } got_grp = True; } else if (pace-type == SMB_ACL_OTHER) { @@ -1390,10 +1394,21 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace * Ensure create mask/force create mode is respected on set. */
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 7dcb017 When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries. via 580f616 Only apply masks on non-default ACL entries when setting the ACL. via 9647be9 Use is_default_acl variable in canonicalise_acl(). via 4ed5dea Reformat spacing to be even. from e521734 html docs: Remove link to Using Samba. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 7dcb017fc1d8e8af5878b2b0139686829c0c1594 Author: Jeremy Allison j...@samba.org Date: Tue Oct 2 10:15:54 2012 -0700 When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries. Fix bug #9236 - ACL masks incorrectly applied when setting ACLs. commit 580f61622c449aee8420e3519e764706d11c20fc Author: Jeremy Allison j...@samba.org Date: Tue Oct 2 13:01:59 2012 -0700 Only apply masks on non-default ACL entries when setting the ACL. commit 9647be9699b464ee5060e8ccc8328adef6d6641d Author: Jeremy Allison j...@samba.org Date: Tue Oct 2 09:55:09 2012 -0700 Use is_default_acl variable in canonicalise_acl(). commit 4ed5deae7b9e155d4bd085d4a36ae05abe0aa0ef Author: Jeremy Allison j...@samba.org Date: Tue Oct 2 12:38:16 2012 -0700 Reformat spacing to be even. --- Summary of changes: source3/smbd/posix_acls.c | 55 +++-- 1 files changed, 38 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 78b373a..646efa4 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1342,12 +1342,13 @@ static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace ) / static bool ensure_canon_entry_valid(canon_ace **pp_ace, -const struct share_params *params, -const bool is_directory, - const DOM_SID *pfile_owner_sid, - const DOM_SID *pfile_grp_sid, - const SMB_STRUCT_STAT *pst, - bool setting_acl) + bool is_default_acl, + const struct share_params *params, + const bool is_directory, + const DOM_SID *pfile_owner_sid, + const DOM_SID *pfile_grp_sid, + const SMB_STRUCT_STAT *pst, + bool setting_acl) { canon_ace *pace; bool got_user = False; @@ -1358,8 +1359,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace, for (pace = *pp_ace; pace; pace = pace-next) { if (pace-type == SMB_ACL_USER_OBJ) { - if (setting_acl) + if (setting_acl !is_default_acl) { apply_default_perms(params, is_directory, pace, S_IRUSR); + } got_user = True; } else if (pace-type == SMB_ACL_GROUP_OBJ) { @@ -1368,8 +1370,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace, * Ensure create mask/force create mode is respected on set. */ - if (setting_acl) + if (setting_acl !is_default_acl) { apply_default_perms(params, is_directory, pace, S_IRGRP); + } got_grp = True; } else if (pace-type == SMB_ACL_OTHER) { @@ -1378,10 +1381,21 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace, * Ensure create mask/force create mode is respected on set. */ - if (setting_acl) + if (setting_acl !is_default_acl) { apply_default_perms(params, is_directory, pace, S_IROTH); + } got_other = True; pace_other = pace; + + } else if (pace-type == SMB_ACL_USER || pace-type == SMB_ACL_GROUP) { + + /* +* Ensure create mask/force create mode is respected on set. +*/ + + if (setting_acl !is_default_acl) { + apply_default_perms(params, is_directory, pace, S_IRGRP); + } } } @@ -1425,7 +1439,9 @@
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 36ea39e talloc: Convert error cecking macros into fns from 7d7e33c Add tests for talloc_memlimit http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 36ea39edf8dd9ede756debaf9632f3ded2a51abb Author: Simo Sorce i...@samba.org Date: Fri Oct 5 10:32:32 2012 -0400 talloc: Convert error cecking macros into fns This will avoid 'surprise returns' and makes the code cleare to readers. These macros were complex enough to warrant a full function anyway not just for readability but also for debuggability. Thanks David for pointing out this issue. Autobuild-User(master): Simo Sorce i...@samba.org Autobuild-Date(master): Fri Oct 5 23:24:17 CEST 2012 on sn-devel-104 --- Summary of changes: lib/talloc/talloc.c | 111 ++- 1 files changed, 74 insertions(+), 37 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c index afc44b3..3e33fc0 100644 --- a/lib/talloc/talloc.c +++ b/lib/talloc/talloc.c @@ -222,37 +222,6 @@ static struct { TC_UNDEFINE_GROW_VALGRIND_CHUNK(_tc, _new_size); \ } while (0) -#define TALLOC_MEMLIMIT_CHECK(limit, size) do { \ - struct talloc_memlimit *l; \ - for (l = limit; l != NULL; l = l-upper) { \ - if (l-max_size != 0 \ - ((l-max_size = l-cur_size) || \ -(l-max_size - l-cur_size TC_HDR_SIZE+size))) { \ - errno = ENOMEM; \ - return NULL; \ - } \ - } \ -} while(0) - -#define TALLOC_MEMLIMIT_UPDATE(limit, o_size, n_size) do { \ - struct talloc_memlimit *l; \ - ssize_t d; \ - if (o_size == 0) { \ - d = n_size + TC_HDR_SIZE; \ - } else { \ - d = n_size - o_size; \ - } \ - for (l = limit; l != NULL; l = l-upper) { \ - ssize_t new_size = l-cur_size + d; \ - if (new_size 0) { \ - talloc_abort(cur_size memlimit counter not correct!); \ - errno = EINVAL; \ - return NULL; \ - } \ - l-cur_size = new_size; \ - } \ -} while(0) - struct talloc_reference_handle { struct talloc_reference_handle *next, *prev; void *ptr; @@ -266,6 +235,10 @@ struct talloc_memlimit { size_t cur_size; }; +static bool talloc_memlimit_check(struct talloc_memlimit *limit, size_t size); +static bool talloc_memlimit_update(struct talloc_memlimit *limit, + size_t old_size, size_t new_size); + typedef int (*talloc_destructor_t)(void *); struct talloc_chunk { @@ -608,7 +581,10 @@ static inline void *__talloc(const void *context, size_t size) limit = ptc-limit; } - TALLOC_MEMLIMIT_CHECK(limit, (TC_HDR_SIZE+size)); + if (!talloc_memlimit_check(limit, (TC_HDR_SIZE+size))) { + errno = ENOMEM; + return NULL; + } tc = talloc_alloc_pool(ptc, TC_HDR_SIZE+size); } @@ -996,7 +972,11 @@ static void *_talloc_steal_internal(const void *new_ctx, const void *ptr) ctx_size = _talloc_total_limit_size(ptr, NULL, NULL); - TALLOC_MEMLIMIT_UPDATE(tc-limit-upper, ctx_size, 0); + if (!talloc_memlimit_update(tc-limit-upper, ctx_size, 0)) { + talloc_abort(cur_size memlimit counter not correct!); + errno = EINVAL; + return NULL; + } if (tc-limit-parent == tc) { tc-limit-upper = NULL; @@ -1531,7 +1511,10 @@ _PUBLIC_ void *_talloc_realloc(const void *context, void *ptr, size_t size, cons } if (tc-limit (size - tc-size 0)) { - TALLOC_MEMLIMIT_CHECK(tc-limit, (size - tc-size)); + if (!talloc_memlimit_check(tc-limit, (size - tc-size))) { + errno = ENOMEM; + return NULL; + } } /* handle realloc inside a talloc_pool */ @@ -1649,7 +1632,14 @@ _PUBLIC_ void *_talloc_realloc(const void *context, void *ptr, size_t size, cons if (new_chunk_size == old_chunk_size) { TC_UNDEFINE_GROW_CHUNK(tc, size); tc-flags = ~TALLOC_FLAG_FREE; - TALLOC_MEMLIMIT_UPDATE(tc-limit, tc-size, size); + if (!talloc_memlimit_update(tc-limit, + tc-size, size)) { + talloc_abort(cur_size memlimit counter not +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8287938 We should never just assign an st_mode to an ace-perms field, theoretically they are different so should go through a mapping function. Ensure this is so. via 47ebc8f Modify ensure_canon_entry_valid() into ensure_canon_entry_valid_on_set() - makes the logic clearer. via 9466cd1 Simplify ensure_canon_entry_valid by splitting out the _get codepath. from 36ea39e talloc: Convert error cecking macros into fns http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 828793852f3785c620f2716c60f8b1640880ee50 Author: Jeremy Allison j...@samba.org Date: Fri Oct 5 15:51:19 2012 -0700 We should never just assign an st_mode to an ace-perms field, theoretically they are different so should go through a mapping function. Ensure this is so. Practically this does not matter, as for user permissions the mapping function is an identity, and the extra bits we may add are ignored anyway, but this makes the intent clear. Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Sat Oct 6 03:04:14 CEST 2012 on sn-devel-104 commit 47ebc8fbc93ee1eb9640d9ca30275fcfc3b50026 Author: Jeremy Allison j...@samba.org Date: Fri Oct 5 15:48:07 2012 -0700 Modify ensure_canon_entry_valid() into ensure_canon_entry_valid_on_set() - makes the logic clearer. commit 9466cd189d6a07411f451f7596feee36f0be7f32 Author: Jeremy Allison j...@samba.org Date: Fri Oct 5 15:09:06 2012 -0700 Simplify ensure_canon_entry_valid by splitting out the _get codepath. --- Summary of changes: source3/smbd/posix_acls.c | 386 ++-- 1 files changed, 228 insertions(+), 158 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 503727f..45a921f 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1342,34 +1342,117 @@ static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, cano } / - A well formed POSIX file or default ACL has at least 3 entries, a + A well formed POSIX file or default ACL has at least 3 entries, a SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER_OBJ. In addition, the owner must always have at least read access. When using this call on get_acl, the pst struct is valid and contains - the mode of the file. When using this call on set_acl, the pst struct has + the mode of the file. +/ + +static bool ensure_canon_entry_valid_on_get(connection_struct *conn, + canon_ace **pp_ace, + const struct dom_sid *pfile_owner_sid, + const struct dom_sid *pfile_grp_sid, + const SMB_STRUCT_STAT *pst) +{ + canon_ace *pace; + bool got_user = false; + bool got_group = false; + bool got_other = false; + + for (pace = *pp_ace; pace; pace = pace-next) { + if (pace-type == SMB_ACL_USER_OBJ) { + got_user = true; + } else if (pace-type == SMB_ACL_GROUP_OBJ) { + got_group = true; + } else if (pace-type == SMB_ACL_OTHER) { + got_other = true; + } + } + + if (!got_user) { + if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) { + DEBUG(0,(malloc fail.\n)); + return false; + } + + ZERO_STRUCTP(pace); + pace-type = SMB_ACL_USER_OBJ; + pace-owner_type = UID_ACE; + pace-unix_ug.type = ID_TYPE_UID; + pace-unix_ug.id = pst-st_ex_uid; + pace-trustee = *pfile_owner_sid; + pace-attr = ALLOW_ACE; + pace-perms = unix_perms_to_acl_perms(pst-st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR); + DLIST_ADD(*pp_ace, pace); + } + + if (!got_group) { + if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) { + DEBUG(0,(malloc fail.\n)); + return false; + } + + ZERO_STRUCTP(pace); + pace-type = SMB_ACL_GROUP_OBJ; + pace-owner_type = GID_ACE; + pace-unix_ug.type = ID_TYPE_GID; + pace-unix_ug.id = pst-st_ex_gid; + pace-trustee = *pfile_grp_sid; + pace-attr = ALLOW_ACE; + pace-perms = unix_perms_to_acl_perms(pst-st_ex_mode, S_IRGRP, S_IWGRP, S_IXGRP); + DLIST_ADD(*pp_ace, pace); + }