[Samba] Samba 3 master browser on two networks plus WINS
I'm banging my head against the wall here with a problem that I have. I have one Samba 3 server on a linux box with 2 ethernet interfaces, each given a different subnet. The same box does dhcp leases on both networks, with wins option pointing to this server. Firewall was configured to allow the best unobtrusive communication between the two subnets, I can ping between the subnets and receive response, I can also access some other services, like http, from one subnet to the other. I have setup on this server a common Public share, which works. Now I'm trying to get the Samba PC from subnet 1 to see the Samba PC from subnet 2 and viceversa, but to no avail. On subnet 1 I can see access the server via it's NetBIOS name, but on subnet 2 I can only see the server and access it via it's IP. No other Samba PC's can be seen across the subnets! All pc's have the same workgroup. What to enable in configuration in order to be able to do cross subnet browsing with samba ? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba-tool domain classicupgrade with LDAP backend
Hi I am testing the migration from our actual Samba domain, based on Samba 3.3.8 and LDAP (389DS) to Samba 4. I have followed the Samba4 Howto, and I have successfully compiled it. Now I am running the classicupgrade command, but I am getting some errors. First of them is that the script is ignoring the ldap group suffix parameter in smb.conf, and is always searching in the ldap suffix. Because our LDAP database is very big, the script is getting a timeout as all groups are not received in time. I have changed the timeout and timelimit values in ldap.conf to 300, but they are also being ignored. This is the output of the script: [root@samba4 ~]# samba-tool domain classicupgrade ~/sambav3/smb.conf --dbdir ~/sambav3/private --realm XX.TEST Reading smb.conf Processing section [netlogon] Processing section [unixscripts] Provisioning smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XX.SACYL))] smbldap_open_connection: connection opened init_sam_from_ldap: Entry found for user: XX$ smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XX.SACYL))] smbldap_open_connection: connection opened Exporting account policy Exporting groups ldapsam_setsamgrent: LDAP search failed: Timed out ldapsam_enum_group_mapping: Unable to open passdb ERROR(class 'passdb.error'): uncaught exception - Unable to enumerate group mappings, (-1073741790,Access denied) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py, line 635, in upgrade_from_samba3 grouplist = s3db.enum_group_mapping() And this is the LDAP access LOG: [03/Jan/2013:10:58:01 +0100] conn=24304 op=13 SRCH base=dc=XX,dc=XX scope=2 filter=(objectClass=sambaGroupMapping) attrs=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass [03/Jan/2013:10:58:16 +0100] conn=24304 op=14 UNBIND [03/Jan/2013:10:58:16 +0100] conn=24304 op=14 fd=73 closed - U1 dc=XX,dc=XX is our ldap suffix, not our ldap group suffix, as it should. Any ideas how to fix these problems and continue with the tests? Regards and thanks in advance, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-tool domain classicupgrade with LDAP backend
Hi again Well, finally I got it, adding ldap timeout to smb.conf. Now I am getting another error when running the domain classicupgrade command of samba-tool: ... init_sam_from_ldap: Entry found for user: init_sam_from_ldap: Entry found for user: $ Next rid = 12801001 Failed to connect to ldap URL 'ldap://XXX.XXX.XX' - LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME Failed to connect to 'ldap://XXX.XXX.XX' with backend 'ldap': (null) Could not open ldb connection to ldap://XXX.XXX.XX, the error message is: (1, None) Exporting posix attributes ERROR(type 'exceptions.UnboundLocalError'): uncaught exception - local variable 'ldb_object' referenced before assignment File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py, line 800, in upgrade_from_samba3 homes[username] = get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, username, homeDirectory) I don't understand why the NT_STATUS_BAD_NETWORK_NAME error is thrown; I can ping and telnet the server XXX.XXX.XX in port 389 (previously it was on port 636 and ldaps, but changed to ldap and 389 to try to avoid the error); indeed, the script has obtained all groups and users previously... Any ideas? 2013/1/3 Juan Asensio Sánchez oke...@gmail.com Hi I am testing the migration from our actual Samba domain, based on Samba 3.3.8 and LDAP (389DS) to Samba 4. I have followed the Samba4 Howto, and I have successfully compiled it. Now I am running the classicupgrade command, but I am getting some errors. First of them is that the script is ignoring the ldap group suffix parameter in smb.conf, and is always searching in the ldap suffix. Because our LDAP database is very big, the script is getting a timeout as all groups are not received in time. I have changed the timeout and timelimit values in ldap.conf to 300, but they are also being ignored. This is the output of the script: [root@samba4 ~]# samba-tool domain classicupgrade ~/sambav3/smb.conf --dbdir ~/sambav3/private --realm XX.TEST Reading smb.conf Processing section [netlogon] Processing section [unixscripts] Provisioning smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XX.SACYL))] smbldap_open_connection: connection opened init_sam_from_ldap: Entry found for user: XX$ smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XX.SACYL))] smbldap_open_connection: connection opened Exporting account policy Exporting groups ldapsam_setsamgrent: LDAP search failed: Timed out ldapsam_enum_group_mapping: Unable to open passdb ERROR(class 'passdb.error'): uncaught exception - Unable to enumerate group mappings, (-1073741790,Access denied) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py, line 635, in upgrade_from_samba3 grouplist = s3db.enum_group_mapping() And this is the LDAP access LOG: [03/Jan/2013:10:58:01 +0100] conn=24304 op=13 SRCH base=dc=XX,dc=XX scope=2 filter=(objectClass=sambaGroupMapping) attrs=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass [03/Jan/2013:10:58:16 +0100] conn=24304 op=14 UNBIND [03/Jan/2013:10:58:16 +0100] conn=24304 op=14 fd=73 closed - U1 dc=XX,dc=XX is our ldap suffix, not our ldap group suffix, as it should. Any ideas how to fix these problems and continue with the tests? Regards and thanks in advance, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 master browser on two networks plus WINS
Is samba bound to a subnet1 interface only or all interfaces. Can subnet2 clients connect to samba via either IP? Are subnet2 clients supposed to be using samba services via the subnet1 IP or the subnet2 IP on the server?The first would involve going thru the firewall, which seems unnecessary with a dual homed samba server.The 2nd, however, probably rules out using WINS for the subnet2 clients since you would NOT want traffic going thru the firewall. What IP are the clients on subnet2 using for a WINS server? Can you try having the clients on subnet2 use samba server subnet1 IP as the WINS server? I haven't tried running WINS on a dual homed system. I would guess it you cat the wins.dat file (or tdbdump wins.tbd) you will only see registrations for subnet1. Have you specified any ports in the smb.conf file? Samba 3 uses NT4 type smb-over-NBT (ports 137,138,139 and not 445) BUT I have found that explicitly specifying ports in smb.conf breaks more things than it fixes. On 01/03/13 04:01, Gala Dragos wrote: I'm banging my head against the wall here with a problem that I have. I have one Samba 3 server on a linux box with 2 ethernet interfaces, each given a different subnet. The same box does dhcp leases on both networks, with wins option pointing to this server. Firewall was configured to allow the best unobtrusive communication between the two subnets, I can ping between the subnets and receive response, I can also access some other services, like http, from one subnet to the other. I have setup on this server a common Public share, which works. Now I'm trying to get the Samba PC from subnet 1 to see the Samba PC from subnet 2 and viceversa, but to no avail. On subnet 1 I can see access the server via it's NetBIOS name, but on subnet 2 I can only see the server and access it via it's IP. No other Samba PC's can be seen across the subnets! All pc's have the same workgroup. What to enable in configuration in order to be able to do cross subnet browsing with samba ? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMB2 CREATE + ACCESS_SYSTEM_SECURITY
On Mon, Dec 31, 2012 at 04:47:56PM +, Steve Tice wrote: Jeremy Allison jra at samba.org writes: On Tue, Dec 18, 2012 at 12:24:04PM -0600, Steve Tice wrote: Can anybody provide the expected response to an SMB2 CREATE request that includes ACCESS_SYSTEM_SECURITY in the DesiredAccess mask? I’m particularly interested in cases where the SMB client is connected as an authenticated user with administrative (superuser) privileges on the share, and has made the request on a directory. Should such a client expect full (read/change) access to the SACL (under any conditions)? The question above is theoretical in nature. Practically speaking, does any version of the Samba server respond correctly to the request described above? I have a Windows application that makes such a request, and have tested it against Samba server versions 3.5.10-125.el6 and 3.6.7. I keep seeing a response of NT_STATUS_PRIVILEGE_NOT_HELD, and think that's not the correct response when the client has superuser privileges - but perhaps my expectation is wrong. If I make the same request while connected to a share on a Windows server, the response is NT_STATUS_OK. Is there a Samba server configuration change I could make that would affect the behavior? Is there any setup work to do prior to sending the SMB2 CREATE request (for example, adding a privilege)? You need to give the connected user the SeSecurity privilege. Jeremy Agreed. The Windows app which reproduces the behavior described above adds the following privileges after creating but before attempting to open the new directory: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege I just noticed that my description above is incorrect. The unexpected behavior occurs when attempting to open (not create) a directory. Here's a copy of the Windows application source: -- // Reproduce-Problem.cpp : Attempt to open a directory with ACCESS_SYSTEM_SECURITY // set in the dwDesiredAccess argument. // Those calls to adjust the process token only work locally. You need to use the net command on the Samba server to add the privileges there. Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 master browser on two networks plus WINS
Try this, samba4wins (http://www.enterprisesamba.org/samba4wins/)! A real wins server can interact with microsoft wins server push and pull partner! Let one samba be your pdc the other the bdc point both to the samba4wins host, point all your windows clients to the samba4wins host and you are up and running. Working here with 3 subnets and two windows 2008 wins servers as replication partners. On Thu, 03 Jan 2013 09:13:06 -0500, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Is samba bound to a subnet1 interface only or all interfaces. Can subnet2 clients connect to samba via either IP? Are subnet2 clients supposed to be using samba services via the subnet1 IP or the subnet2 IP on the server?The first would involve going thru the firewall, which seems unnecessary with a dual homed samba server.The 2nd, however, probably rules out using WINS for the subnet2 clients since you would NOT want traffic going thru the firewall. What IP are the clients on subnet2 using for a WINS server? Can you try having the clients on subnet2 use samba server subnet1 IP as the WINS server? I haven't tried running WINS on a dual homed system. I would guess it you cat the wins.dat file (or tdbdump wins.tbd) you will only see registrations for subnet1. Have you specified any ports in the smb.conf file? Samba 3 uses NT4 type smb-over-NBT (ports 137,138,139 and not 445) BUT I have found that explicitly specifying ports in smb.conf breaks more things than it fixes. On 01/03/13 04:01, Gala Dragos wrote: I'm banging my head against the wall here with a problem that I have. I have one Samba 3 server on a linux box with 2 ethernet interfaces, each given a different subnet. The same box does dhcp leases on both networks, with wins option pointing to this server. Firewall was configured to allow the best unobtrusive communication between the two subnets, I can ping between the subnets and receive response, I can also access some other services, like http, from one subnet to the other. I have setup on this server a common Public share, which works. Now I'm trying to get the Samba PC from subnet 1 to see the Samba PC from subnet 2 and viceversa, but to no avail. On subnet 1 I can see access the server via it's NetBIOS name, but on subnet 2 I can only see the server and access it via it's IP. No other Samba PC's can be seen across the subnets! All pc's have the same workgroup. What to enable in configuration in order to be able to do cross subnet browsing with samba ? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Client access multiple shares with different usernames...
List, I have a FreeBSD box with samba and two shares '\\bsd\foo' and '\\bsd\bar'. Each require a different password. (Different system user accounts and different corresponding samba account.) They both work. The problem is that from Windows 7 and windowsXP clients I can connect to '\\bsd\foo', but then I can never connect to '\\bsd\bar' until I restart. Thereafter I can never connect to '\\bsd\foo' until I restart... and so on. Is there a way I can connect to multiple shares from the same client, using different authentication for each share? For example, if I could put a username in a UNC path that would solve everything: \\foo@hostname\some\resource Any suggestions or links to examples would be great. Thanks! -Modulok- Below is my test smb.conf file:: # Begin smb.conf [global] smb ports = 139 workgroup = MShome os level = 255 domain master = yes local master = yes preferred master = yes wins support = yes name resolve order = wins bcast lmhosts server string = bsd netbios name = bsd hosts allow = 192.168.1. printcap name = /etc/printcap log file = /var/log/samba.log max log size = 1000 socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=17520 SO_SNDBUF=17520 IPTOS_LOWDELAY interfaces = 192.168.1.3/24 guest account = public security = user map to guest = Bad User encrypt passwords = yes invalid users = root toor browseable = yes max disk size = 10 # Makes samba lie to stupid programs like photoshop, reporting # this (in megabytes) as the maximum volume size. This does # not limit the actual size of the volume, only the reported # size. create mask = 0644 directory mask = 0755 client NTLMv2 auth = yes null passwords = no # Allow or disallow client access to accounts that have # null passwords. unix extensions = no # Keep this off if you enable wide links. This is only used by # unix clients and is of no use to windows clients. wide links = yes follow symlinks = yes [foo] path = /home/%S writable = yes guest ok = no hide dot files = yes [bar] path = /home/%S writable = yes guest ok = no hide dot files = yes # End smb.conf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 master browser on two networks plus WINS
Subnet 1 : 192.168.5.1/24, wins 192.168.5.1 subnet 2: 192.168.7.1/24, wins 192.168.7.1 all pc are allocated ip's from their respective subnet via dhcp. a pc on subnet 1 cannot access a share from e pc on subnet 2, not even by ip. Same happens from subnet 2 to subnet 1. The firewall is setup as to allow all traffic between the 2 subnets, effectively considering them as a single zone (I use shorewall as an UI to iptables) I have not specified any ports in smb.conf, but I have binded samba to the required ethernet interface. Here is the wins.dat. I can see references from both subnets. wins.dat follows VERSION 1 0 WORKGROUP#1e 1357503758 0.0.0.0 e4R ARCHROUTEUSB#03 1357503758 192.168.5.1 192.168.7.1 66R WORKGROUP#00 1357503758 0.0.0.0 e4R ROUTERJUNKIE#03 1357503758 192.168.5.1 192.168.7.1 64R LIVINGROOM#20 1357541821 192.168.5.91 64R LINUXJUNKIE#00 1357511721 192.168.5.118 64R ROUTERJUNKIE#00 1357503758 192.168.5.1 192.168.7.1 64R ARCHROUTEUSB RO#03 1357258441 192.168.5.1 192.168.7.1 64R FUJILAPPY#20 1357497461 192.168.7.16 64R ARCHROUTEUSB#00 1357503758 192.168.5.1 192.168.7.1 66R WORKGROUP#1b 1357503758 192.168.5.1 192.168.7.1 64R LIVINGROOM#00 1357541816 192.168.5.91 64R LINUXJUNKIE#20 1357511723 192.168.5.118 64R ARCHROUTEUSB RO#20 1357258441 192.168.5.1 192.168.7.1 64R WORKGROUP#1c 1357503758 192.168.5.1 192.168.7.1 e4R ACERJUNKIE#00 1357381531 192.168.7.15 64R FUJILAPPY#00 1357497461 192.168.7.16 64R ACERJUNKIE#20 1357381531 192.168.7.15 64R ARCHROUTEUSB RO#00 1357258441 192.168.5.1 192.168.7.1 64R ARCHROUTEUSB#20 1357503758 192.168.5.1 192.168.7.1 66R ROUTERJUNKIE#20 1357503758 192.168.5.1 192.168.7.1 64R end wins.dat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 master browser on two networks plus WINS
Anything for samba 3 ? Btw what exactly are the difference between samba 3 and samba 4 ? I was under the impression that samba 4 only implements the new Homegroup feature that post XP windows has. From: Daniel Müller muel...@tropenklinik.de To: gaiseric.van...@gmail.com Cc: samba@lists.samba.org Sent: Friday, January 4, 2013 1:04 AM Subject: Re: [Samba] Samba 3 master browser on two networks plus WINS Try this, samba4wins (http://www.enterprisesamba.org/samba4wins/)! A real wins server can interact with microsoft wins server push and pull partner! Let one samba be your pdc the other the bdc point both to the samba4wins host, point all your windows clients to the samba4wins host and you are up and running. Working here with 3 subnets and two windows 2008 wins servers as replication partners. On Thu, 03 Jan 2013 09:13:06 -0500, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Is samba bound to a subnet1 interface only or all interfaces. Can subnet2 clients connect to samba via either IP? Are subnet2 clients supposed to be using samba services via the subnet1 IP or the subnet2 IP on the server? The first would involve going thru the firewall, which seems unnecessary with a dual homed samba server. The 2nd, however, probably rules out using WINS for the subnet2 clients since you would NOT want traffic going thru the firewall. What IP are the clients on subnet2 using for a WINS server? Can you try having the clients on subnet2 use samba server subnet1 IP as the WINS server? I haven't tried running WINS on a dual homed system. I would guess it you cat the wins.dat file (or tdbdump wins.tbd) you will only see registrations for subnet1. Have you specified any ports in the smb.conf file? Samba 3 uses NT4 type smb-over-NBT (ports 137,138,139 and not 445) BUT I have found that explicitly specifying ports in smb.conf breaks more things than it fixes. On 01/03/13 04:01, Gala Dragos wrote: I'm banging my head against the wall here with a problem that I have. I have one Samba 3 server on a linux box with 2 ethernet interfaces, each given a different subnet. The same box does dhcp leases on both networks, with wins option pointing to this server. Firewall was configured to allow the best unobtrusive communication between the two subnets, I can ping between the subnets and receive response, I can also access some other services, like http, from one subnet to the other. I have setup on this server a common Public share, which works. Now I'm trying to get the Samba PC from subnet 1 to see the Samba PC from subnet 2 and viceversa, but to no avail. On subnet 1 I can see access the server via it's NetBIOS name, but on subnet 2 I can only see the server and access it via it's IP. No other Samba PC's can be seen across the subnets! All pc's have the same workgroup. What to enable in configuration in order to be able to do cross subnet browsing with samba ? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Client access multiple shares with different usernames...
Am 03.01.2013 21:12, schrieb Modulok: List, I have a FreeBSD box with samba and two shares '\\bsd\foo' and '\\bsd\bar'. Each require a different password. (Different system user accounts and different corresponding samba account.) They both work. The problem is that from Windows 7 and windowsXP clients I can connect to '\\bsd\foo', but then I can never connect to '\\bsd\bar' until I restart. Thereafter I can never connect to '\\bsd\foo' until I restart... and so on. Is there a way I can connect to multiple shares from the same client, using different authentication for each share? For example, if I could put a username in a UNC path that would solve everything: This is a limitation in Windows clients and not really a Samba issue. (People accessing shares on Windows servers face the same problem.) Basically the client can only handle one user name per server name. AFAIK there is no elegant workaround for this. One solution is to access one share via the NetBIOS name and the other via a DNS name (e.g. using \\bsd.some.domain\bar) or even the IP address. Another solution would be adding NetBIOS aliases to the server and accessing different shares with different authentication via different aliases. Kind regards Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 master browser on two networks plus WINS
Presumably pc on subnet1 does NOT need to access a share from 192.168.7.1 since it can access 192.168.5.1. Presumably pc on subnet2 does NOT need to access a share from 192.168.5.1 since it can access 192.168.7.1. If you have a dual homed server + a router between subnets your routing could get a little tricky when access shares on the other subnet IP of the samba server. Or is the samba server also the router? But to clarify your issue is that a /*single-homed client */ PC on subnet1 (e.g. LIVINGROOM) can not access shares on single-homed client PC on subnet2 (e.g. ACERJUNKI)- even though they can ping each other? It seems that WINS is not the problem. On 01/03/13 15:41, Gala Dragos wrote: Subnet 1 : 192.168.5.1/24, wins 192.168.5.1 subnet 2: 192.168.7.1/24, wins 192.168.7.1 all pc are allocated ip's from their respective subnet via dhcp. a pc on subnet 1 cannot access a share from e pc on subnet 2, not even by ip. Same happens from subnet 2 to subnet 1. The firewall is setup as to allow all traffic between the 2 subnets, effectively considering them as a single zone (I use shorewall as an UI to iptables) I have not specified any ports in smb.conf, but I have binded samba to the required ethernet interface. Here is the wins.dat. I can see references from both subnets. wins.dat follows VERSION 1 0 WORKGROUP#1e 1357503758 0.0.0.0 e4R ARCHROUTEUSB#03 1357503758 192.168.5.1 192.168.7.1 66R WORKGROUP#00 1357503758 0.0.0.0 e4R ROUTERJUNKIE#03 1357503758 192.168.5.1 192.168.7.1 64R LIVINGROOM#20 1357541821 192.168.5.91 64R LINUXJUNKIE#00 1357511721 192.168.5.118 64R ROUTERJUNKIE#00 1357503758 192.168.5.1 192.168.7.1 64R ARCHROUTEUSB RO#03 1357258441 192.168.5.1 192.168.7.1 64R FUJILAPPY#20 1357497461 192.168.7.16 64R ARCHROUTEUSB#00 1357503758 192.168.5.1 192.168.7.1 66R WORKGROUP#1b 1357503758 192.168.5.1 192.168.7.1 64R LIVINGROOM#00 1357541816 192.168.5.91 64R LINUXJUNKIE#20 1357511723 192.168.5.118 64R ARCHROUTEUSB RO#20 1357258441 192.168.5.1 192.168.7.1 64R WORKGROUP#1c 1357503758 192.168.5.1 192.168.7.1 e4R ACERJUNKIE#00 1357381531 192.168.7.15 64R FUJILAPPY#00 1357497461 192.168.7.16 64R ACERJUNKIE#20 1357381531 192.168.7.15 64R ARCHROUTEUSB RO#00 1357258441 192.168.5.1 192.168.7.1 64R ARCHROUTEUSB#20 1357503758 192.168.5.1 192.168.7.1 66R ROUTERJUNKIE#20 1357503758 192.168.5.1 192.168.7.1 64R end wins.dat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 master browser on two networks plus WINS
The samba server also acts as the router. That is correct, a pc on subnet 1 cannot access a pc on subnet 2 through samba, but works fine using other protocols. Both subnet 1 and subnet 2 have pc that run Windows 7 x64, or Windows XP, or Linux (usually Fedora 17). The server itself runs on Archlinux. It seems that WINS is not the problem. Then what is ? From: Gaiseric Vandal gaiseric.van...@gmail.com To: samba@lists.samba.org Sent: Thursday, January 3, 2013 11:02 PM Subject: Re: [Samba] Samba 3 master browser on two networks plus WINS Presumably pc on subnet1 does NOT need to access a share from 192.168.7.1 since it can access 192.168.5.1. Presumably pc on subnet2 does NOT need to access a share from 192.168.5.1 since it can access 192.168.7.1. If you have a dual homed server + a router between subnets your routing could get a little tricky when access shares on the other subnet IP of the samba server. Or is the samba server also the router? But to clarify your issue is that a /*single-homed client */ PC on subnet1 (e.g. LIVINGROOM) can not access shares on single-homed client PC on subnet2 (e.g. ACERJUNKI)- even though they can ping each other? It seems that WINS is not the problem. On 01/03/13 15:41, Gala Dragos wrote: Subnet 1 : 192.168.5.1/24, wins 192.168.5.1 subnet 2: 192.168.7.1/24, wins 192.168.7.1 all pc are allocated ip's from their respective subnet via dhcp. a pc on subnet 1 cannot access a share from e pc on subnet 2, not even by ip. Same happens from subnet 2 to subnet 1. The firewall is setup as to allow all traffic between the 2 subnets, effectively considering them as a single zone (I use shorewall as an UI to iptables) I have not specified any ports in smb.conf, but I have binded samba to the required ethernet interface. Here is the wins.dat. I can see references from both subnets. wins.dat follows VERSION 1 0 WORKGROUP#1e 1357503758 0.0.0.0 e4R ARCHROUTEUSB#03 1357503758 192.168.5.1 192.168.7.1 66R WORKGROUP#00 1357503758 0.0.0.0 e4R ROUTERJUNKIE#03 1357503758 192.168.5.1 192.168.7.1 64R LIVINGROOM#20 1357541821 192.168.5.91 64R LINUXJUNKIE#00 1357511721 192.168.5.118 64R ROUTERJUNKIE#00 1357503758 192.168.5.1 192.168.7.1 64R ARCHROUTEUSB RO#03 1357258441 192.168.5.1 192.168.7.1 64R FUJILAPPY#20 1357497461 192.168.7.16 64R ARCHROUTEUSB#00 1357503758 192.168.5.1 192.168.7.1 66R WORKGROUP#1b 1357503758 192.168.5.1 192.168.7.1 64R LIVINGROOM#00 1357541816 192.168.5.91 64R LINUXJUNKIE#20 1357511723 192.168.5.118 64R ARCHROUTEUSB RO#20 1357258441 192.168.5.1 192.168.7.1 64R WORKGROUP#1c 1357503758 192.168.5.1 192.168.7.1 e4R ACERJUNKIE#00 1357381531 192.168.7.15 64R FUJILAPPY#00 1357497461 192.168.7.16 64R ACERJUNKIE#20 1357381531 192.168.7.15 64R ARCHROUTEUSB RO#00 1357258441 192.168.5.1 192.168.7.1 64R ARCHROUTEUSB#20 1357503758 192.168.5.1 192.168.7.1 66R ROUTERJUNKIE#20 1357503758 192.168.5.1 192.168.7.1 64R end wins.dat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 master browser on two networks plus WINS
WINS is not the issue since you can't connect via IP either. Routing is not the issue since you can connect to other services. Are all clients showing 5.1 or 7.1 as default gw? It could be a firewall configuration issue on your server- although that does not seem likely. Did you have to specifically add rules to allow HTTPS? Can you temporarily disable the firewall on the server? Are their firewalls enabled on the PC's? Presuming clients don't have problems accessing shares from other clients on the same subnet? The default XP firewall behavior may be to block network shares.I think it is possible to configure the XP firewall to allow access from some IP's but not others- but that is something you would have had to explicitly set up. Fedora typically has a firewall enabled as well- on fedora you have the system-config-firewall command to provide a gui front end (I think this is iptables.) It may have specific ports and services enabled or disabled by default but I don't think it would have rules that filter by source ip enabled by default. Can you telnet somehost 139 ? On 01/03/13 16:16, Gala Dragos wrote: The samba server also acts as the router. That is correct, a pc on subnet 1 cannot access a pc on subnet 2 through samba, but works fine using other protocols. Both subnet 1 and subnet 2 have pc that run Windows 7 x64, or Windows XP, or Linux (usually Fedora 17). The server itself runs on Archlinux. It seems that WINS is not the problem. Then what is ? From: Gaiseric Vandal gaiseric.van...@gmail.com To: samba@lists.samba.org Sent: Thursday, January 3, 2013 11:02 PM Subject: Re: [Samba] Samba 3 master browser on two networks plus WINS Presumably pc on subnet1 does NOT need to access a share from 192.168.7.1 since it can access 192.168.5.1. Presumably pc on subnet2 does NOT need to access a share from 192.168.5.1 since it can access 192.168.7.1. If you have a dual homed server + a router between subnets your routing could get a little tricky when access shares on the other subnet IP of the samba server. Or is the samba server also the router? But to clarify your issue is that a /*single-homed client */ PC on subnet1 (e.g. LIVINGROOM) can not access shares on single-homed client PC on subnet2 (e.g. ACERJUNKI)- even though they can ping each other? It seems that WINS is not the problem. On 01/03/13 15:41, Gala Dragos wrote: Subnet 1 : 192.168.5.1/24, wins 192.168.5.1 subnet 2: 192.168.7.1/24, wins 192.168.7.1 all pc are allocated ip's from their respective subnet via dhcp. a pc on subnet 1 cannot access a share from e pc on subnet 2, not even by ip. Same happens from subnet 2 to subnet 1. The firewall is setup as to allow all traffic between the 2 subnets, effectively considering them as a single zone (I use shorewall as an UI to iptables) I have not specified any ports in smb.conf, but I have binded samba to the required ethernet interface. Here is the wins.dat. I can see references from both subnets. wins.dat follows VERSION 1 0 WORKGROUP#1e 1357503758 0.0.0.0 e4R ARCHROUTEUSB#03 1357503758 192.168.5.1 192.168.7.1 66R WORKGROUP#00 1357503758 0.0.0.0 e4R ROUTERJUNKIE#03 1357503758 192.168.5.1 192.168.7.1 64R LIVINGROOM#20 1357541821 192.168.5.91 64R LINUXJUNKIE#00 1357511721 192.168.5.118 64R ROUTERJUNKIE#00 1357503758 192.168.5.1 192.168.7.1 64R ARCHROUTEUSB RO#03 1357258441 192.168.5.1 192.168.7.1 64R FUJILAPPY#20 1357497461 192.168.7.16 64R ARCHROUTEUSB#00 1357503758 192.168.5.1 192.168.7.1 66R WORKGROUP#1b 1357503758 192.168.5.1 192.168.7.1 64R LIVINGROOM#00 1357541816 192.168.5.91 64R LINUXJUNKIE#20 1357511723 192.168.5.118 64R ARCHROUTEUSB RO#20 1357258441 192.168.5.1 192.168.7.1 64R WORKGROUP#1c 1357503758 192.168.5.1 192.168.7.1 e4R ACERJUNKIE#00 1357381531 192.168.7.15 64R FUJILAPPY#00 1357497461 192.168.7.16 64R ACERJUNKIE#20 1357381531 192.168.7.15 64R ARCHROUTEUSB RO#00 1357258441 192.168.5.1 192.168.7.1 64R ARCHROUTEUSB#20 1357503758 192.168.5.1 192.168.7.1 66R ROUTERJUNKIE#20 1357503758 192.168.5.1 192.168.7.1 64R end wins.dat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Re: Changing administrator password after Samba4 classic upgrade
Thanks so much Andrew, it is working fine. But when I try to reinstall and recompile without removing the 'root' account from the OpenLDAP and it doesn't have an error (just for curiosity), and the root account password is also the administrator password after migration. I am on the process of connecting it to the real machine which previously connected with the DC-Samba3, seems some problem but I have to re-investigate it the cause maybe a DNS et al. I don't want to re-connect (re-establish) it to the Samba4, coz I retain the SID of Samba4 from Samba3. I used to connect new machine but machines after migration (samba3 machines), at first able to connect because you able to login. But after it you can't able to see it, I even try administration tools, again as said on previous paragraph needs to check other causes. On Sat, Dec 22, 2012 at 2:55 PM, Andrew Bartlett abart...@samba.org wrote: On Thu, 2012-12-20 at 22:55 +1300, Mario Codeniera wrote: I used to upgrade samba3 to samba4 with almost successful with one problem, administrator can't access. As administrator, by default it is the only user account that is given full control over the system. My query is how to change the administrator password? we have one account which can join to the samba 4 AD based on the migrated data but the problem can't change the administrator or can't alter the domain. After that re-run the classic upgrade, and found out that the administrator SID was wrong and modified to xxx-500 where xxx domain SID and modified group Administrators because there are other domain SIDs. *- (remove the description, displaying only the last part) - Importing idmap database Importing groups Group already exists sid=S-1-5-21-1511653421-423844657-761698953-512, groupname=Domain Admins existing_groupname=Domain Admins, Ignoring. Group already exists sid=S-1-5-21-1511653421-423844657-761698953-514, groupname=Domain Guests existing_groupname=Domain Guests, Ignoring. Group already exists sid=S-1-5-21-1511653421-423844657-761698953-515, groupname=Domain Computers existing_groupname=Domain Computers, Ignoring. Group already exists sid=S-1-5-32-544, groupname=Administrators existing_groupname=Administrators, Ignoring. Group already exists sid=S-1-5-32-545, groupname=Users existing_groupname=Users, Ignoring. Group already exists sid=S-1-5-21-1511653421-423844657-761698953-513, groupname=Domain Users existing_groupname=Domain Users, Ignoring. Importing users User 'Administrator' in your existing directory has SID S-1-5-21-1511653421-423844657-761698953-20001, expected it to be S-1-5-21-1511653421-423844657-761698953-500 ERROR(class 'samba.provision.ProvisioningError'): uncaught exception - ProvisioningError: User 'Administrator' in your existing directory does not have SID ending in -500 File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py, line 889, in upgrade_from_samba3 raise ProvisioningError(User 'Administrator' in your existing directory does not have SID ending in -500)* Finally got this with no errors, but again the administrator can't login even using the kinit. As mentioned above I used to login other user in Windows 7 and run the Windows Remote Administration Tools and able to check the data is successfully migrated including administrator (but the problem it was changed during upgrading) and I observed in the log see highlighted. And every time I run the samba-tool domain classicupgrade, the Admin password: (see other highlighted below) have different values ( 0ngHrG~IIMHZDhNIPYOUAKoN~+wPZ!Am * * SXJ96re1=zYO* *respectively). This is interesting, as at one point we had logic to not show these unused passwords. I've attached a patch that should do this, let me know if it makes the output (which I agree is very, very verbose) clearer. * [root@gaara ambot]# /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/srv/LiveData/var_lib_samba/samba --use-xattrs=yes --dns-backend=SAMBA_INTERNAL --realm=kazekage.sura.sandbox.local /srv/smb.conf Reading smb.conf What it should have said was 'using the existing admin password of user root/administrator'. So, try the old password, but if neither the old password nor the generated one works, you can reset it using 'samba-tool user setpassword administrator' Thank you, hope someone can give insights on it. Thanks for your patience with this. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe
[Samba] AIX: TypeError: unsupported operand type(s) for +: '_hashlib.HASH' and 'str'
Hi there! We're trying to compile Samba 4.0.0 on a fresh install of AIX 6.1 (6100-02-01-0847), with Python RPM's from perzl.org installed into /opt/freeware. We're also using XLC 12.1. Unfortunately, we can't even run ./configure, as we're getting errors from the waf system. Here's what we get: bash-4.2# pwd /admin/tst/build/samba-4.0.0 bash-4.2# ./configure --help Traceback (most recent call last): File ./buildtools/bin/waf, line 75, in module import Scripting File /admin/tst/build/samba-4.0.0/buildtools/wafadmin/Scripting.py, line 9, in module import Utils, Configure, Build, Logs, Options, Environment, Task File /admin/tst/build/samba-4.0.0/buildtools/wafadmin/Utils.py, line 134, in module from hashlib import md5 File /opt/freeware/lib/python2.6/hashlib.py, line 117, in module exec funcName + ' = f' TypeError: unsupported operand type(s) for +: '_hashlib.HASH' and 'str' bash-4.2# Python was installed just for this purpose, but otherwise we don't deal with it much. I'd like to be able to build as many of the Samba 4.0 features as possible, so I don't want to revert to the old toolchain, but I'm under a deadline of ~1 week, so I'll try that next if I can't get the waf system to work. Anyone have any insight as to what we might be hanging up on? Many many thanks in advance!! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-tool domain classicupgrade with LDAP backend
Can you connect to your ldap server locally? *internal error: NT_STATUS_BAD_NETWORK_NAME Failed to connect to 'ldap://XXX.XXX.XX' with backend 'ldap': (null) Could not open ldb connection to ldap://XXX.XXX.XX, the erro* If not check the ldap.conf, nslcd.conf and the PAM which is distro specific. Based on my experienced I used to check using the command below and if it displays the user's passwords and the groups, you can successfully migrate it *$getent passwd * *$getent group* On Fri, Jan 4, 2013 at 12:52 AM, Juan Asensio Sánchez oke...@gmail.comwrote: Hi again Well, finally I got it, adding ldap timeout to smb.conf. Now I am getting another error when running the domain classicupgrade command of samba-tool: ... init_sam_from_ldap: Entry found for user: init_sam_from_ldap: Entry found for user: $ Next rid = 12801001 Failed to connect to ldap URL 'ldap://XXX.XXX.XX' - LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME Failed to connect to 'ldap://XXX.XXX.XX' with backend 'ldap': (null) Could not open ldb connection to ldap://XXX.XXX.XX, the error message is: (1, None) Exporting posix attributes ERROR(type 'exceptions.UnboundLocalError'): uncaught exception - local variable 'ldb_object' referenced before assignment File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py, line 800, in upgrade_from_samba3 homes[username] = get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, username, homeDirectory) I don't understand why the NT_STATUS_BAD_NETWORK_NAME error is thrown; I can ping and telnet the server XXX.XXX.XX in port 389 (previously it was on port 636 and ldaps, but changed to ldap and 389 to try to avoid the error); indeed, the script has obtained all groups and users previously... Any ideas? 2013/1/3 Juan Asensio Sánchez oke...@gmail.com Hi I am testing the migration from our actual Samba domain, based on Samba 3.3.8 and LDAP (389DS) to Samba 4. I have followed the Samba4 Howto, and I have successfully compiled it. Now I am running the classicupgrade command, but I am getting some errors. First of them is that the script is ignoring the ldap group suffix parameter in smb.conf, and is always searching in the ldap suffix. Because our LDAP database is very big, the script is getting a timeout as all groups are not received in time. I have changed the timeout and timelimit values in ldap.conf to 300, but they are also being ignored. This is the output of the script: [root@samba4 ~]# samba-tool domain classicupgrade ~/sambav3/smb.conf --dbdir ~/sambav3/private --realm XX.TEST Reading smb.conf Processing section [netlogon] Processing section [unixscripts] Provisioning smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XX.SACYL))] smbldap_open_connection: connection opened init_sam_from_ldap: Entry found for user: XX$ smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XX.SACYL))] smbldap_open_connection: connection opened Exporting account policy Exporting groups ldapsam_setsamgrent: LDAP search failed: Timed out ldapsam_enum_group_mapping: Unable to open passdb ERROR(class 'passdb.error'): uncaught exception - Unable to enumerate group mappings, (-1073741790,Access denied) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py, line 635, in upgrade_from_samba3 grouplist = s3db.enum_group_mapping() And this is the LDAP access LOG: [03/Jan/2013:10:58:01 +0100] conn=24304 op=13 SRCH base=dc=XX,dc=XX scope=2 filter=(objectClass=sambaGroupMapping) attrs=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass [03/Jan/2013:10:58:16 +0100] conn=24304 op=14 UNBIND [03/Jan/2013:10:58:16 +0100] conn=24304 op=14 fd=73 closed - U1 dc=XX,dc=XX is our ldap suffix, not our ldap group suffix, as it should. Any ideas how to fix these problems and continue with the tests? Regards and thanks in advance, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions:
Re: [Samba] samba-tool domain classicupgrade with LDAP backend
On Thu, 2013-01-03 at 12:52 +0100, Juan Asensio Sánchez wrote: Hi again Well, finally I got it, adding ldap timeout to smb.conf. Good. The 'ldap suffix' is used because while we write new groups under 'ldap group suffix' we always search under 'ldap suffix' for all objects. That is, it is a default, not a restriction. This hasn't changed in a number of releases, and the 'passdb' code used as the upgrade source is actually the same code that powers the classic DC implementation. Now I am getting another error when running the domain classicupgrade command of samba-tool: ... init_sam_from_ldap: Entry found for user: init_sam_from_ldap: Entry found for user: $ Next rid = 12801001 Failed to connect to ldap URL 'ldap://XXX.XXX.XX' - LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME Failed to connect to 'ldap://XXX.XXX.XX' with backend 'ldap': (null) Could not open ldb connection to ldap://XXX.XXX.XX, the error message is: (1, None) Exporting posix attributes ERROR(type 'exceptions.UnboundLocalError'): uncaught exception - local variable 'ldb_object' referenced before assignment File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py, line 800, in upgrade_from_samba3 homes[username] = get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, username, homeDirectory) I don't understand why the NT_STATUS_BAD_NETWORK_NAME error is thrown; I can ping and telnet the server XXX.XXX.XX in port 389 (previously it was on port 636 and ldaps, but changed to ldap and 389 to try to avoid the error); indeed, the script has obtained all groups and users previously... In this second stage of the migration, we use the ldb API and ldb's ildap driver (a new implementation of an LDAP client) to connect to the server. We do this in the hope of migrating some extra information that isn't available via passdb. ldb and the idlap driver does not read ldap.conf, nslcd.conf or PAM as Mario suggests, but I'm pretty sure it does use the 'name resolve order' from smb.conf, so perhaps restore that to the default value and try again. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Re: Changing administrator password after Samba4 classic upgrade
On Fri, 2013-01-04 at 14:09 +1300, Mario Codeniera wrote: Thanks so much Andrew, it is working fine. But when I try to reinstall and recompile without removing the 'root' account from the OpenLDAP and it doesn't have an error (just for curiosity), and the root account password is also the administrator password after migration. I am on the process of connecting it to the real machine which previously connected with the DC-Samba3, seems some problem but I have to re-investigate it the cause maybe a DNS et al. I don't want to re-connect (re-establish) it to the Samba4, coz I retain the SID of Samba4 from Samba3. I used to connect new machine but machines after migration (samba3 machines), at first able to connect because you able to login. But after it you can't able to see it, I even try administration tools, again as said on previous paragraph needs to check other causes. Mario, I'm really sorry, but I've tried a couple of times to make sense of what you have written above, but I just can't. Please can you clearly state: For your testing domain or configuration: - What was working - What was not working - What you changed - What is now working For your attempt to apply this to your production domain: - What is working - What is not working - What was working but is now not working - What you have attempted to do to fix it Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] AIX: TypeError: unsupported operand type(s) for +: '_hashlib.HASH' and 'str'
On Fri, 2013-01-04 at 01:04 +, Benjamin Huntsman wrote: Hi there! We're trying to compile Samba 4.0.0 on a fresh install of AIX 6.1 (6100-02-01-0847), with Python RPM's from perzl.org installed into /opt/freeware. We're also using XLC 12.1. Unfortunately, we can't even run ./configure, as we're getting errors from the waf system. Here's what we get: bash-4.2# pwd /admin/tst/build/samba-4.0.0 bash-4.2# ./configure --help Traceback (most recent call last): File ./buildtools/bin/waf, line 75, in module import Scripting File /admin/tst/build/samba-4.0.0/buildtools/wafadmin/Scripting.py, line 9, in module import Utils, Configure, Build, Logs, Options, Environment, Task File /admin/tst/build/samba-4.0.0/buildtools/wafadmin/Utils.py, line 134, in module from hashlib import md5 File /opt/freeware/lib/python2.6/hashlib.py, line 117, in module exec funcName + ' = f' TypeError: unsupported operand type(s) for +: '_hashlib.HASH' and 'str' bash-4.2# Python was installed just for this purpose, but otherwise we don't deal with it much. I'd like to be able to build as many of the Samba 4.0 features as possible, so I don't want to revert to the old toolchain, but I'm under a deadline of ~1 week, so I'll try that next if I can't get the waf system to work. Anyone have any insight as to what we might be hanging up on? Many many thanks in advance!! I think the next step is to change your python install to something as close to the upstream python as possible. We supply an 'install_with_python.sh' script which installs a (now old) but known working version, but you should also have reasonable luck with just the current python 2.7 http://python.org/download/releases/2.7.3/ Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] AIX: TypeError: unsupported operand type(s) for +: '_hashlib.HASH' and 'str'
I think the next step is to change your python install to something as close to the upstream python as possible. We supply an 'install_with_python.sh' script which installs a (now old) but known working version, but you should also have reasonable luck with just the current python 2.7 http://python.org/download/releases/2.7.3/ Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Hi there! Thanks for the reply!! So the install_with_python.sh script should work on AIX? Is there a recommended location for obtaining pre-built versions of Python for AIX? Many thanks!! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 master browser on two networks plus WINS
This seems more a routing issue to me than samba. Packets cannot move between different networks without a route. You need to define a static route between your networks and then it will work. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-tool domain classicupgrade with LDAP backend
Hi I forgot to explain my scenario... I have one Samba3 test-production with LDAP backend (it's a test server, but used intensively), so to make the tests I created a new virtual machine in a separated/isolated network. This is a clean CentOS 6.3 machine, just installed the compile dependencies and then compile and install Samba; I didn't modify resolv.conf, neither nscd.conf, so the name resolution is using an official DNS server. After posting the message, I continued investigating and I found this message https://lists.samba.org/archive/samba-technical/2012-September/086979.html, where the user reports the same problem than me. The solution there is to use the IP address instead of the DNS name, and he says that the problem can be due to his configuration, but I have the same problem... so I could think this is bug, not a server configuration problem I can connect perfectly to the LDAP server, use ldapsearch command, etc. Indeed, the script retrieves correctly the users, but only fails when exporting the Posix attributes). The problem with us about ldap group suffix is that our LDAP has multiple organizations, each one with their own users and groups: dc=myorg,dc=es - o=suborg1,dc=myorg,dc=es - - ou=People,o=suborg1,dc=myorg,dc=es - - ou=Groups,o=suborg1,dc=myorg,dc=es - o=suborg2,dc=myorg,dc=es - - ou=People,o=suborg2,dc=myorg,dc=es - - ou=Groups,o=suborg2,dc=myorg,dc=es ... So, in our Samba3 configuration we have ldap suffix to dc=myorg,dc=es but ldap group suffix to ou=Groups,o=suborg1 (for the Samba3 domain controller for suborg1; each suborganization has its own domain under its tree and its own domain controller using that domain). Then, all users (from any suborganization) can login in any organization/domain/domain controller (we have resolved the problem with SIDs from one domain to another using a plugin in the 389DS LDAP server). Our target (is and here comes my big doubt) is to configure Samba4 to host multiple domains under the same forest, replicating our current environment and stablishing trust relationships between the domains. Is this possible? How should I do it? Regards again, and thanks for your help. 2013/1/4 Andrew Bartlett abart...@samba.org On Thu, 2013-01-03 at 12:52 +0100, Juan Asensio Sánchez wrote: Hi again Well, finally I got it, adding ldap timeout to smb.conf. Good. The 'ldap suffix' is used because while we write new groups under 'ldap group suffix' we always search under 'ldap suffix' for all objects. That is, it is a default, not a restriction. This hasn't changed in a number of releases, and the 'passdb' code used as the upgrade source is actually the same code that powers the classic DC implementation. Now I am getting another error when running the domain classicupgrade command of samba-tool: ... init_sam_from_ldap: Entry found for user: init_sam_from_ldap: Entry found for user: $ Next rid = 12801001 Failed to connect to ldap URL 'ldap://XXX.XXX.XX' - LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME Failed to connect to 'ldap://XXX.XXX.XX' with backend 'ldap': (null) Could not open ldb connection to ldap://XXX.XXX.XX, the error message is: (1, None) Exporting posix attributes ERROR(type 'exceptions.UnboundLocalError'): uncaught exception - local variable 'ldb_object' referenced before assignment File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py, line 800, in upgrade_from_samba3 homes[username] = get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, username, homeDirectory) I don't understand why the NT_STATUS_BAD_NETWORK_NAME error is thrown; I can ping and telnet the server XXX.XXX.XX in port 389 (previously it was on port 636 and ldaps, but changed to ldap and 389 to try to avoid the error); indeed, the script has obtained all groups and users previously... In this second stage of the migration, we use the ldb API and ldb's ildap driver (a new implementation of an LDAP client) to connect to the server. We do this in the hope of migrating some extra information that isn't available via passdb. ldb and the idlap driver does not read ldap.conf, nslcd.conf or PAM as Mario suggests, but I'm pretty sure it does use the 'name resolve order' from smb.conf, so perhaps restore that to the default value and try again. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions:
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-01-03-1731/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-01-03-1731/samba3.stderr http://git.samba.org/autobuild.flakey/2013-01-03-1731/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-01-03-1731/samba.stderr http://git.samba.org/autobuild.flakey/2013-01-03-1731/samba.stdout The top commit at the time of the failure was: commit 94f11e9d168931018125a1552f22b786ba290dd0 Author: Andreas Schneider a...@samba.org Date: Fri Dec 21 16:03:51 2012 +0100 s3-net: Fix rpc_service_list_internal() null pointer passing. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Günther Deschner g...@samba.org Found by Coverity. Autobuild-User(master): Günther Deschner g...@samba.org Autobuild-Date(master): Wed Jan 2 14:19:50 CET 2013 on sn-devel-104
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-01-04-0137/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-01-04-0137/samba3.stderr http://git.samba.org/autobuild.flakey/2013-01-04-0137/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-01-04-0137/samba.stderr http://git.samba.org/autobuild.flakey/2013-01-04-0137/samba.stdout The top commit at the time of the failure was: commit 94f11e9d168931018125a1552f22b786ba290dd0 Author: Andreas Schneider a...@samba.org Date: Fri Dec 21 16:03:51 2012 +0100 s3-net: Fix rpc_service_list_internal() null pointer passing. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Günther Deschner g...@samba.org Found by Coverity. Autobuild-User(master): Günther Deschner g...@samba.org Autobuild-Date(master): Wed Jan 2 14:19:50 CET 2013 on sn-devel-104