[Samba] Starting S4 in production
Hello, I would try to migrate S3 to S4 in production but these messages (in bold) blocks me to do this. I can authenticate users et computers yet !, So what does they mean ? Regards root@vspdc:~# /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/root/smb3/varlib --dns-backend=BIND9_DLZ --use-xattrs=yes --realm=sc.isc84.org /root/smb3/etc/smb.conf Reading smb.conf Provisioning Exporting account policy Exporting groups *Severe DB error, sambaSamAccount can't miss the samba SIDattribute* Ignoring group 'Domain Users' S-1-5-21-1031258178-388409940-3248586695-513 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION) *Ignoring group 'Administrators' S-1-5-32-544 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS) Ignoring group 'Account Operators' S-1-5-32-548 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS) Ignoring group 'Print Operators' S-1-5-32-550 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS) Ignoring group 'Backup Operators' S-1-5-32-551 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS) Ignoring group 'Replicators' S-1-5-32-552 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)* Exporting users Could not convert S-1-5-21-1031258178-388409940-3248586695-5444 to SID Skipping wellknown rid=500 (for username=root) Ignoring group memberships of 'nobody' S-1-5-21-1031258178-388409940-3248586695-2998: Unable to enumerate group memberships, *(-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)* -- Hervé Hénoch Responsable informatique Institut Sainte Catherine 250 chemin de Baigne-Pieds CS 80005 --- 84918 AVIGNON cedex 9 Téléphone : 04.90.27.57.44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] file server
Hello, I am using samba4 as AD DC and file sharing. I would like to setup a dedicated file server cluster on 2 nodes using ctdb to separate the role (authentication/file sharing), and join the cluster to the domain. I am not clear on which version of samba I sould use for the file server cluster : latest samba 3 + krb5 or latest samba 4 (using smbd and winbindd) ? both accept the clustering option --with-cluster-support. thanks -- Ali -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] S3 as domain member with S4
Hello How to set a S3 file server as a domain member with a S4 PDC server ? Regards -- Hervé Hénoch Responsable informatique Institut Sainte Catherine 250 chemin de Baigne-Pieds CS 80005 — 84918 AVIGNON cedex 9 Téléphone : 04.90.27.57.44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] S3 as domain member with S4
-Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Hervé Hénoch Sent: Monday, 11 February 2013 9:00 PM To: samba-liste Subject: [Samba] S3 as domain member with S4 Hello How to set a S3 file server as a domain member with a S4 PDC server ? Regards -- Hervé Hénoch Responsable informatique Institut Sainte Catherine 250 chemin de Baigne-Pieds CS 80005 84918 AVIGNON cedex 9 Téléphone : 04.90.27.57.44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Treat it in a manner similar to a Windows AD DC. I'm doing the same because the Samba3 smbd is less than 1/10 the memory footprint than samba4 smbd, you will need to include --with-ads when you build your samba3 fileserver, and change smb.conf to use security = ADS I think its also important to keep in mind the different language. Samba4 provides a much more sophisticated feature-full Active Directory Domain Controller (AD DC), whilst Samba3 provided a Primary Domain Controller (PDC). Ref: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member Regards, Dewayne. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Starting S4 in production
On Mon, 2013-02-11 at 09:54 +0100, Hervé Hénoch wrote: Hello, I would try to migrate S3 to S4 in production but these messages (in bold) blocks me to do this. I can authenticate users et computers yet !, So what does they mean ? Regards root@vspdc:~# /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/root/smb3/varlib --dns-backend=BIND9_DLZ --use-xattrs=yes --realm=sc.isc84.org /root/smb3/etc/smb.conf Reading smb.conf Provisioning Exporting account policy Exporting groups *Severe DB error, sambaSamAccount can't miss the samba SIDattribute* Ignoring group 'Domain Users' S-1-5-21-1031258178-388409940-3248586695-513 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION) *Ignoring group 'Administrators' S-1-5-32-544 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS) Ignoring group 'Account Operators' S-1-5-32-548 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS) Ignoring group 'Print Operators' S-1-5-32-550 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS) Ignoring group 'Backup Operators' S-1-5-32-551 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS) Ignoring group 'Replicators' S-1-5-32-552 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)* Exporting users Could not convert S-1-5-21-1031258178-388409940-3248586695-5444 to SID Skipping wellknown rid=500 (for username=root) Ignoring group memberships of 'nobody' S-1-5-21-1031258178-388409940-3248586695-2998: Unable to enumerate group memberships, *(-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)* None of these errors are fatal - they are just invalid aspects of your passdb database that we were able to skip over harmlessly. For example, it does not matter that we could not list members of domain users as users a members of that group via their primary group ID. Similarly, as we already recreate the administrator account, the domain administrators group and the administrators alias, these being incorrect in your passdb is harmless. We skipped importing 'root' as we created a new 'administrator' account instead, and used the 'root' password. Even the 'missing sambaSID attribute' error can't be too much of a problem, as this cannot have been a working part of your existing domain anyway. If you have problems with your upgraded DC, diagnose them from what errors are directly produced - as the upgrade appears to have progressed fine! Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server
On Mon, 2013-02-11 at 10:53 +0100, Ali Bendriss wrote: Hello, I am using samba4 as AD DC and file sharing. I would like to setup a dedicated file server cluster on 2 nodes using ctdb to separate the role (authentication/file sharing), and join the cluster to the domain. I am not clear on which version of samba I sould use for the file server cluster : latest samba 3 + krb5 or latest samba 4 (using smbd and winbindd) ? both accept the clustering option --with-cluster-support. You may use whichever you feel comfortable with. The Samba 4.0 release is our latest production release of Samba, and all features found in Samba 3.6 are present, except for the very few that we announced as deprecated. This includes CTDB support. I'm glad to hear you wish to separate your file server from your DC. This is a good choice, and allows you to choose the version of Samba to use on both independently. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] S3 as domain member with S4
On Mon, 2013-02-11 at 11:00 +0100, Hervé Hénoch wrote: Hello How to set a S3 file server as a domain member with a S4 PDC server ? You can join Samba 3.x or Samba 4.0 as a domain member of a Samba 4.0 AD DC in the same way you would join any other AD domain. eg 'net ads join. See https://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Strange winbindd messages
On Fri, 2013-02-08 at 11:50 -0500, John Center wrote: Hi Andrew, Thanks for getting back to me. On 02/07/2013 04:52 PM, Andrew Bartlett wrote: On Fri, 2013-02-08 at 08:43 +1100, Andrew Bartlett wrote: On Wed, 2013-01-23 at 11:59 -0500, John Center wrote: Hi, We are running samba v3.6.3 on Ubuntu 12.04 server. This is being used with FreeRADIUS for wireless authentication with AD. We just logged a set of messages from winbindd that I don't understand: Jan 23 10:35:28 as3 winbindd[25371]: [2013/01/23 10:35:28.056846, 0] rpc_client/cli_netlogon.c:677(rpccli_netlogon_set_trust_password) Jan 23 10:35:28 as3 winbindd[25371]: dcerpc_netr_ServerPasswordSet{2} failed: NT code 0xc2a5 Jan 23 10:35:28 as3 winbindd[26636]: [2013/01/23 10:35:28.105143, 0] rpc_client/cli_netlogon.c:671(rpccli_netlogon_set_trust_password) Jan 23 10:35:28 as3 winbindd[26636]: credentials chain check failed Jan 23 10:35:28 as3 winbindd[25518]: [2013/01/23 10:35:28.310288, 0] rpc_client/cli_netlogon.c:671(rpccli_netlogon_set_trust_password) Jan 23 10:35:28 as3 winbindd[25518]: credentials chain check failed Jan 23 10:36:28 as3 winbindd[25371]: [2013/01/23 10:36:28.121861, 0] rpc_client/cli_netlogon.c:671(rpccli_netlogon_set_trust_password) Jan 23 10:36:28 as3 winbindd[25371]: credentials chain check failed Authentications went through ok at 10:35:23 again at 10:35:29. We haven't seen them before, searching, I couldn't find much info. What do these messages mean? What would have caused them? Do we need to be concerned? Any help would be greatly appreciated. What is happening here is that we are trying and failing to change our machine account password. Can you try Samba 3.6.12 and see if the changes in the meantime have fixed this? Can winbindd change the machine account password? This isn't being done by us manually. Yes, it will do that every now and then. (I don't recall the frequency exactly). Looking into this some more these links suggest a server-side error: http://www.tek-tips.com/viewthread.cfm?qid=1487092 http://support.microsoft.com/kb/306091/en-us Looking at these links, are you suggesting that the DC database is being locked at this point in time, so when an auth request is being made, it fails? I don't really know what is going on, but it suggests a plausible reason why this might fail. The issue seems to me to be related to machine account changes, not authentication. Is there anything in the server event log to match this error? I'm trying to get access to the DC event logs to look into this. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NTLM autentication problems
On Fri, 2013-02-08 at 11:30 -0200, Natália Vaz wrote: I'm trying to configure Squid ntlm autentication on Samba4 DC. I followed Squid and Samba's documentation and i got success when I login with user natalia.silva, but if I log with natalia.vaz i get the error We would need much more detail than that. Do you mean to say that you can only log in as the user's samAccountName, but not as a userPrinicpalName? Currently, for NTLM authentication, we only accept samAccountName values. This may be a bug - if windows behaves differently, I'm very happy to fix it. If so, please file a bug in bugzilla. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Classicupgrade not work
I'm trying to convert my samba3 domain to samba4 AD with samba-tool, but i'm getting an error and i can' t find anything about it on google. I've enabled the log level 4 on smb.conf and here's what i got: Home server: PANDORA init_sam_from_ldap: Entry found for user: DIRET-ESTAG$ Home server: PANDORA init_sam_from_ldap: Entry found for user: dsegato Home server: PANDORA init_sam_from_ldap: Entry found for user: lesley Home server: PANDORA ERROR(type 'exceptions.AttributeError'): uncaught exception - 'passdb.Samu' object has no attribute 'acct_flags' File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py, line 722, in upgrade_from_samba3 % (user.acct_flags, username, [ I've copied my .tdb files to a new test server.also, i'm using ldap backend on s3. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] S3 as domain member with S4
Thanks I've followed the document and i can see in the AD the server included. But I've the following error : net join -Uadministrateur Using short domain name -- SC Joined 'SSC011' to realm 'sc.isc84.org' *DNS Update for ssc011.sc.isc84.org failed: ERROR_DNS_INVALID_MESSAGE DNS update failed!* Moreover I can't access from a window box to my server with \\ssc011 (the name of my server). Regards Le 11/02/2013 11:53, Dewayne Geraghty a écrit : -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Hervé Hénoch Sent: Monday, 11 February 2013 9:00 PM To: samba-liste Subject: [Samba] S3 as domain member with S4 Hello How to set a S3 file server as a domain member with a S4 PDC server ? Regards -- Hervé Hénoch Responsable informatique Institut Sainte Catherine 250 chemin de Baigne-Pieds CS 80005 --- 84918 AVIGNON cedex 9 Téléphone : 04.90.27.57.44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Treat it in a manner similar to a Windows AD DC. I'm doing the same because the Samba3 smbd is less than 1/10 the memory footprint than samba4 smbd, you will need to include --with-ads when you build your samba3 fileserver, and change smb.conf to use security = ADS I think its also important to keep in mind the different language. Samba4 provides a much more sophisticated feature-full Active Directory Domain Controller (AD DC), whilst Samba3 provided a Primary Domain Controller (PDC). Ref: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member Regards, Dewayne. -- Hervé Hénoch Responsable informatique Institut Sainte Catherine 250 chemin de Baigne-Pieds CS 80005 --- 84918 AVIGNON cedex 9 Téléphone : 04.90.27.57.44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Classicupgrade not work
Have you tried deleting the 'lesley' user before performing the upgrade? The error say's that user has no acct_flags. You could try locking and unlocking this account before the upgrade. Maybe that will create the acct_flags attribute if it really doesn't exist? I had to delete one computer from my S3 domain before performing the upgrade because the upgrade kept failing while processing that specific entry. Thanks, Thomas On Mon, Feb 11, 2013 at 7:33 AM, Jonis Maurin Ceará jmce...@gmail.comwrote: I'm trying to convert my samba3 domain to samba4 AD with samba-tool, but i'm getting an error and i can' t find anything about it on google. I've enabled the log level 4 on smb.conf and here's what i got: Home server: PANDORA init_sam_from_ldap: Entry found for user: DIRET-ESTAG$ Home server: PANDORA init_sam_from_ldap: Entry found for user: dsegato Home server: PANDORA init_sam_from_ldap: Entry found for user: lesley Home server: PANDORA ERROR(type 'exceptions.AttributeError'): uncaught exception - 'passdb.Samu' object has no attribute 'acct_flags' File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py, line 722, in upgrade_from_samba3 % (user.acct_flags, username, [ I've copied my .tdb files to a new test server.also, i'm using ldap backend on s3. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 DC log.smd flooded with Conversion error
Dear all, I have created another test case for the problem. Rather testing in domU, running Debian Wheezy, I have constructed another machine without running xen and installed with Debian squeeze. I have successfully setup samba 4.0.3 and create a folder called $BCf9AL7=b(B in share named test. And I have used convmv to make sure the name is in UTF-8 root@file:/home/test# convmv * -t utf8 Your Perl version has fleas #37757 #49830 Starting a dry run without changes... Skipping, already UTF-8: ./$BCf9AL7=b(B No changes to your files done. Use --notest to finally rename the files. When I issue a command: /usr/local/samba/bin/smbclient //localhost/test -UAdministrator%'verysecurepassword' -c 'ls' The log.smbd with log level = 3 is as follows: (the same conversion error!) = [2013/02/11 22:19:15.472365, 3] ../source3/smbd/vfs.c:1118(check_reduced_name) check_reduced_name [*] [/home/test] [2013/02/11 22:19:15.472461, 3] ../source3/smbd/vfs.c:1248(check_reduced_name) check_reduced_name: * reduced to /home/test/* [2013/02/11 22:19:15.472597, 3] ../source3/smbd/dir.c:663(dptr_create) creating new dirptr 256 for path ., expect_close = 1 [2013/02/11 22:19:15.472886, 3] ../source3/locking/share_mode_lock.c:408(fetch_share_mode_unlocked) Could not fetch share entry [2013/02/11 22:19:15.472956, 3] ../source3/smbd/dir.c:1136(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ./. fname=. (.) [2013/02/11 22:19:15.473110, 3] ../source3/locking/share_mode_lock.c:408(fetch_share_mode_unlocked) Could not fetch share entry [2013/02/11 22:19:15.473173, 3] ../source3/smbd/dir.c:1136(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ./.. fname=.. (..) [2013/02/11 22:19:15.473285, 3] ../lib/util/charset/convert_string.c:316(convert_string_handle) convert_string_internal: Conversion error: Illegal multibyte sequence($(D+#1$(C!)$(D)A14+.(B9f9b$(D+.(B9b$(C(z(B) [2013/02/11 22:19:15.473347, 3] ../lib/util/charset/convert_string.c:297(convert_string_handle) convert_string_internal: Conversion error: Incomplete multibyte sequence($(D1$(C!)$(D)A14+.(B9f9b$(D+.(B9b$(C(z(B) [2013/02/11 22:19:15.473404, 3] ../lib/util/charset/convert_string.c:297(convert_string_handle) convert_string_internal: Conversion error: Incomplete multibyte sequence($(C!)$(D)A14+.(B9f9b$(D+.(B9b$(C(z(B) [2013/02/11 22:19:15.473462, 3] ../lib/util/charset/convert_string.c:316(convert_string_handle) convert_string_internal: Conversion error: Illegal multibyte sequence($(D)A14+.(B9f9b$(D+.(B9b$(C(z(B) [2013/02/11 22:19:15.473535, 3] ../lib/util/charset/convert_string.c:297(convert_string_handle) convert_string_internal: Conversion error: Incomplete multibyte sequence($(D14+.(B9f9b$(D+.(B9b$(C(z(B) [2013/02/11 22:19:15.473592, 3] ../lib/util/charset/convert_string.c:297(convert_string_handle) convert_string_internal: Conversion error: Incomplete multibyte sequence($(D4+.(B9f9b$(D+.(B9b$(C(z(B) [2013/02/11 22:19:15.473649, 3] ../lib/util/charset/convert_string.c:316(convert_string_handle) convert_string_internal: Conversion error: Illegal multibyte sequence($(D+.(B9f9b$(D+.(B9b$(C(z(B) [2013/02/11 22:19:15.473705, 3] ../lib/util/charset/convert_string.c:297(convert_string_handle) convert_string_internal: Conversion error: Incomplete multibyte sequence(9f9b$(D+.(B9b$(C(z(B) [2013/02/11 22:19:15.473762, 3] ../lib/util/charset/convert_string.c:297(convert_string_handle) convert_string_internal: Conversion error: Incomplete multibyte sequence(9b$(D+.(B9b$(C(z(B) [2013/02/11 22:19:15.473819, 3] ../lib/util/charset/convert_string.c:316(convert_string_handle) convert_string_internal: Conversion error: Illegal multibyte sequence($(D+.(B9b$(C(z(B) [2013/02/11 22:19:15.473875, 3] ../lib/util/charset/convert_string.c:297(convert_string_handle) convert_string_internal: Conversion error: Incomplete multibyte sequence(9b$(C(z(B) [2013/02/11 22:19:15.473964, 3] ../source3/locking/share_mode_lock.c:408(fetch_share_mode_unlocked) Could not fetch share entry == the smb.conf == # Global parameters [global] workgroup = PLKLSP2 realm = SAMBA4.PLKLSP.EDU.HK netbios name = FILE server role = active directory domain controller dns forwarder = 192.168.107.1 log level = 3 [netlogon] path = /usr/local/samba/var/locks/sysvol/samba4.plklsp.edu.hk/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [test] path = /home/test read only = No As far as I know, I think the conversion error is not caused by Xen and debian version. How can I offer more help for testing / debugging this
Re: [Samba] S3 as domain member with S4
Thanks I've followed the document and i can see in the AD the server included. But I've the following error when doing the following command : net join -Uadministrateur Using short domain name -- SC Joined 'SSC011' to realm 'sc.isc84.org' *DNS Update for ssc011.sc.isc84.org failed: ERROR_DNS_INVALID_MESSAGE DNS update failed!* Moreover I can't access from a window box to my server with \\ssc011 (the name of my server). My /ets/hosts 127.0.0.1 ssc011.sc.isc84.org ssc011 localhost 192.168.77.4ssc011.sc.isc84.org ssc011 192.168.77.1vspdc.sc.isc84.org vspdc sc is the samba3 domain 192.168.77.1 - is the samba4 PDC 192.168.77.4 - is the samba 3.6 file server which has the name ssc011 Regards Le 11/02/2013 12:02, Andrew Bartlett a écrit : On Mon, 2013-02-11 at 11:00 +0100, Hervé Hénoch wrote: Hello How to set a S3 file server as a domain member with a S4 PDC server ? You can join Samba 3.x or Samba 4.0 as a domain member of a Samba 4.0 AD DC in the same way you would join any other AD domain. eg 'net ads join. See https://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm -- Hervé Hénoch Responsable informatique Institut Sainte Catherine 250 chemin de Baigne-Pieds CS 80005 — 84918 AVIGNON cedex 9 Téléphone : 04.90.27.57.44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 DC log.smd flooded with Conversion error
From: Kinglok, Fong busywa...@gmail.com Date: Sun, 10 Feb 2013 09:40:49 +0800 Thank you for your help but… I execute some commands to make sure the locale is in UTF-8 by dpkg-reconfigure locales and even adding setting in /etc/environment and using utility like convmv to turn all file and folder into UTF-8 (in fact, they were in UTF-8 already.) I add option in smb.conf unix charset = UTF8 dos charset is omitted as default (dos charset = CP850) However, when I run /usr/local/samba/bin/smbclient //localhost/Public -UAdministrator%'verysecurepasswd' -c 'ls' The same error in my log floods…… No, you have to set 'dos charset' parameter correctly. In my Japanese environment, same errors occur unless I set dos charset = CP932, which means Japanese. It seems that you use Chinese. --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DNS problem
A records added manually get the answer: unknown host. No matter how they are added. I tried using MMC and samba-tool. I can see them in MMC and with samba-tool, but when I do tests again my samba server using ping or nslookup the answer is unknown host. It happens since I moved my samba container (I'm using proxmox) from a server to another. both hp proliant. I guess it has something to do with keys. I´m using: samba Version 4.1.0pre1-GIT-UNKNOWN bind9.9.1-P1 ntp-4.2.6p5 Any help will be really appreciated! Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 : File server
Hi ! I have installed a DC with samba-tool command and it works perfectly ! Control AD with the 2003 tools is very amazing, thanks for the job ! So, my next step is to install a file server as a member of the AD and not as a DC I read carfully this one : https://wiki.samba.org/index.php/Samba4/Domain_Member Compiling samba : * ./configure --with-ads --with-shared-modules=idmap_ad --enable-debug --enable-selftest --prefix=/samba First of all why --with-ads ? It is not the default feature ? * make * make install The krb5.conf was fill with that : [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = DDCS67.INTRA dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } What is appsection ? It is not necessary in a DC wich sharing a directory. But why not. After that , the smb.conf I was wondering that the smb.conf must be fill by the hand. For the DC, running samba-tool command will generate a smb.conf. Before doing this I search the options of samba-tool and i find this : samba-tool domain join DDCS67 --realm=DDCS67.intra -U Administrator Password for [WORKGROUP\Administrator]: Joined domain DDCS67 (S-1-5-21-1814795784-576591386-2449700327) Fine, the domain is join !! And the server appear as a Computer in the MMC. Good ! Let's run /samba/sbin/samba The log are : At this time the 'samba' binary should only be used for either: 'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote' You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks Is it me or i read the ntvfs is deprecatted ? So I run the/samba/sbin/smbd, but with no smb.conf the server does not start Tesparm give me : Load smb config files from /samba/etc/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) params.c:OpenConfFile() - Unable to open configuration file /samba/etc/smb.conf: Can i Genrate a valid smb.conf for a member with samba-tool ? Regards Franck Botz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unable to re-connect to roaming profile in samba4
In case this helps anyone else with this issue: Both these problems were resolved by switching from the Ubuntu/Debian package (4.0.0+dfsg1-1) to the current git head (c932b139c8). - Nick On Fri, Feb 8, 2013 at 7:22 PM, Nick Semenkovich seme...@syndetics.net wrote: Still can't figure this out. The client-side logs show two entries: 1. The error in the first message The processing of Group Policy failed. 2. A DNS processing failure: The system failed to register host (A or ) resource records (RRs) for network adapter with settings ... At debug level 5, Samba4 shows no DNS problems, and says Got a dns update request. All updates allowed. http://pastebin.com/fYrd9F1W - Nick On Thu, Feb 7, 2013 at 8:59 PM, Nick Semenkovich seme...@syndetics.net wrote: I've just configured Samba4 on Ubuntu (4.0.0+dfsg1-1), and can't seem to get roaming profiles working (I followed the guide at https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO ) 1. Logons work just fine. 2. DNS is configured and working, running through SAMBA_INTERNAL 3. Clients can talk to the server and see/access shares at \\server.corp.domain.com 4. Clients are all Windows 8 and NTP time synced 5. Permissions seem OK (the profiles directory is currently chmod 777 -- without that, only the Administrator seemed to be able to create their own profile ...) 6. General users can log in/out (which creates a profile, if profiles is chmod 777) but a subsequent login can't access it, with a generic Windows 8 roaming profile error. Not really sure where to go from here. I've tried: - Rebuilding the domain re-joining machines - Ultra-lax permissions - Adding users via the samba-tool versus AD tools in Windows At client logon, the samba4 logs (with a debug level of 4) show a collection of: Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED] and a few Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] (Not sure if they're related) Notably, the client machines (all on Win 8) show nearly nothing in the Event Log, except a Group Policy failure: The processing of Group Policy failed. Windows attempted to read the file \\corp.domain.com\sysvol\corp.domain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled. (Manually connecting to that gpi.ini file works perfectly) Not really sure what's going on here. The only oddities I see are: * I can't get the old add user script function to work. As a result, client usernames seem to just have a UID on the linux side (their profiles show up as: drwxr-xr-x 14 315 users 4.0K Feb 7 20:34 test.V2) Any way around that? * When profiles are created, they're appended with .V2 -- Do I need to add .V2 to the profile path setting, e.g. %USERNAME%.V2? (I can't imagine that's the case ...) I've pasted my smb.conf to: http://pastebin.com/DQDkGxsv Any advice? Thanks! Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] BDC Rejecting auth request from client + Windows 7
We are at a university and have no control over the network, thus I made the BDC use a dynamic ip so its on the same subnet as the clients. The PDC is running Samba v 3.5.10-125(Centos 6.3) and the BDC is 3.5.19-44(Centos 5.8) Both servers use the same LDAP server. pdbedit does show the same accounts on both servers. Here is my smb.conf for the PDC: [global] workgroup = netbios name = server string = PDC %v encrypt passwords = yes #enable privileges = yes passdb backend = ldapsam:ldap://x.x.x.x ldapsam:trusted = yes domain master = yes preferred master = yes local master = yes os level = 255 dns proxy = yes wins support = yes name resolve order = host wins lmhosts bcast domain logons = yes client ntlmv2 auth = yes loglevel = 3 log file = /var/log/samba/log.%m syslog = 0 time server = yes ldap suffix = dc=x,dc=x,dc=x ldap user suffix = ou=people ldap group suffix = ou=group ldap machine suffix = ou=machines ldap idmap suffix = ou=Idmap ldap ssl = start tls ldap admin dn = cn=samba,ou=DSA,dc=x,dc=x,dc=x logon path = \\%L\profiles\%U logon script = netlogon.bat time server = Yes deadtime = 10 add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u case sensitive = No dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd printcap name = /etc/printcap load printers = no interfaces = eth0 bind interfaces only = yes And for the BDC: [global] workgroup = netbios name = BDC server string = BDC %v encrypt passwords = yes enable privileges = yes passdb backend = ldapsam:ldap://pavlov.cbi.utsa.edu ldapsam:trusted = yes domain master = no client ntlmv2 auth = yes local master = yes preferred master = yes os level = 50 dns proxy = no wins server = x.x.x.x domain logons = yes loglevel = 3 log file = /var/log/samba/log.%m syslog = 0 time server = yes ldap suffix = dc=x,dc=x,dc=x ldap user suffix = ou=people ldap group suffix = ou=group ldap machine suffix = ou=machines ldap idmap suffix = ou=Idmap ldap ssl = start tls ldap admin dn = cn=samba,ou=DSA,dc=x,dc=x,dc=x logon path = logon script = netlogon.bat remote announce = x.x.x.x/ remote browse sync = x.x.x.x printcap name = /etc/printcap load printers = no interfaces = eth2 bind interfaces only = yes add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u On Fri, Feb 8, 2013 at 2:34 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: I don't quite understand- why does the BDC have a dynamic IP address. Or have a I misunderstood? The DHCP server can provide the IP of the WINS servers to DHCP clients.Are the XP and Win 7 workstations on a separate subnet than the servers? What version are the samba servers?Do both samba server point to a single LDAP server or do they each have their own LDAP server in replication?Does pdbedit -Lv show the same accounts on each DC? Is it possible that the Windows 7 machine accounts have not replicated to the BDC? Have to specificied the ports in the smb.conf file- by default samba uses ports 137,138, and 445. In theory you can disable port 445 (it reduces some the transport warnings) but I find that causes problems with name resolution when a router or vpn is involved. So better off just sticking with the defaults. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of David Noriega Sent: Friday, February 08, 2013 1:56 PM To: samba@lists.samba.org Subject: [Samba] BDC Rejecting auth request from client + Windows 7 Just some background: In our environment,
[Samba] Windows 7 against Samba+LDAP does not work with some passwords
Dear all, I have installed Samba (3.6.6) on Debian wheezy and configured it to authenticate against LDAP (encrypted passwords, no lanman). I want simple shares with user security. I have configured PAM/NSS from the same LDAP and it works fine. WinXP works fine, smbclient works fine, but Windows 7 only works for SOME passwords. Some work, some do not. Samba is configured with restricted LDAP bind dn, but should see all attributes (except for the userPassword attribute, which is not used by samba afaik). During setup I have provided it with administrator LDAP access to populate some basic data and to see exactly how users are defined, but I have removed the populated samba groups from LDAP, since we do not use Samba as domain server. I set the password in sambaNTPassword attribute in LDAP. I have tried with the following password examples: ist (password matching login name): it works hash stored in LDAP: 96AF2AA9537DCF6C6DF9E4D347BF5E12 other primitive passwords, such as IST, ist123, istist work as well but password such as: T8h0KmJ3 does not work hash: EB2EF7BFBA2396D001A4774D21C936C5 In Windows XP or by smbclient every password works. I have done the few tweaks of Windows 7: * Local Policies - Security Options - Network Security: LAN Manager authentication level - Send LM NTLM - use NTLMv2 session security if negotiated * HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters: DomainCompatibilityMode (1), DNSNameResolutionRequired (0) * HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters: RequireSignOrSeal (1), RequireStrongKey (1) If needed I can provide some packet dumps. Thanks in advance for any help, Ivan I am including: My samba configuration: --- 8 --- [global] workgroup = DIGITALSYSTEMS netbios name = FILE1 server string = File Server domain logons = no domain master = no wins support = no dns proxy = no log file = /var/log/samba/log.%m log level = 3 max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d pam password change = yes unix password sync = no ldap password sync = no load printers = no printing = cups printcap name = cups passdb backend = ldapsam:ldaps://ldap.isvc.dsnet:636/ ldap ssl = no ldap suffix = o=digitalsystems ldap admin dn = cn=file,ou=systems,o=digitalsystems ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' security = user lanman auth = no ntlm auth = Yes encrypt passwords = true --- 8 --- Negative authentication log (the point seems to be NT MD4 password check failed for user). --- 8 --- [2013/02/11 18:11:45.199144, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [coruscant]\[ist]@[CORUSCANT] with the new password interface [2013/02/11 18:11:45.199179, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [FILE1]\[ist]@[CORUSCANT] [2013/02/11 18:11:45.199835, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2013/02/11 18:11:45.205532, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2013/02/11 18:11:45.206169, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: ist [2013/02/11 18:11:45.207028, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1012 [2013/02/11 18:11:45.208209, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1012 [2013/02/11 18:11:45.208358, 3] ../libcli/auth/ntlm_check.c:413(ntlm_password_check) ntlm_password_check: NT MD4 password check failed for user ist [2013/02/11 18:11:45.208765, 2] passdb/pdb_ldap.c:1180(init_ldap_from_sam) init_ldap_from_sam: Setting entry for user: ist [2013/02/11 18:11:45.208813, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [ist] - [ist] FAILED with error NT_STATUS_WRONG_PASSWORD [2013/02/11 18:11:45.208849, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2013/02/11 18:11:45.212611, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 142 (0 toread) [2013/02/11 18:11:45.212644, 3] smbd/process.c:1467(switch_message) switch message
Re: [Samba] DNS problem
Have you checked the samba log for errors? Did you create the necessary firewall exceptions on the new server? Have you ensured there is nothing conflicting with the ports required for BIND? Can you install dig on the server and see what it reports? On Mon, Feb 11, 2013 at 10:56 AM, fe...@epepm.cupet.cu wrote: A records added manually get the answer: unknown host. No matter how they are added. I tried using MMC and samba-tool. I can see them in MMC and with samba-tool, but when I do tests again my samba server using ping or nslookup the answer is unknown host. It happens since I moved my samba container (I'm using proxmox) from a server to another. both hp proliant. I guess it has something to do with keys. I´m using: samba Version 4.1.0pre1-GIT-UNKNOWN bind9.9.1-P1 ntp-4.2.6p5 Any help will be really appreciated! Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4: Extending the Schema
Hi We are thinking of Developing a corporate Directory application the would pull user information from Samba4 Ad. However for our needs we need some additional User attributes that don't seem to be available as part of the AD-schema, such as Hire Date or Emergancy contact information, so it seems to me that I would need to Extend the Schema to make this user attributes available. My question is: Can this be done? and if so has anyone done something similar and can direct me to the right place for information? Any help is greatly appreciated. -- *Varouj (V.J.) Avanessians | Sr. Linux Sys Administrator | ACCO Engineered Systems* 6265 San Fernando Rd | Glendale, California | 91201- 2214 (818)-730-5846 Mobile | (818)-244-6571 Main* * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: Extending the Schema
2013-02-11 20:04 keltezéssel, Varoujan Avanessians írta: Hi We are thinking of Developing a corporate Directory application the would pull user information from Samba4 Ad. However for our needs we need some additional User attributes that don't seem to be available as part of the AD-schema, such as Hire Date or Emergancy contact information, so it seems to me that I would need to Extend the Schema to make this user attributes available. My question is: Can this be done? and if so has anyone done something similar and can direct me to the right place for information? Any help is greatly appreciated. Hi, As a jump-start: https://wiki.samba.org/index.php/Samba4/Schema_extenstions Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: Extending the Schema
On Mon, 2013-02-11 at 20:11 +0100, Gémes Géza wrote: 2013-02-11 20:04 keltezéssel, Varoujan Avanessians írta: Hi We are thinking of Developing a corporate Directory application the would pull user information from Samba4 Ad. However for our needs we need some additional User attributes that don't seem to be available as part of the AD-schema, such as Hire Date or Emergancy contact information, so it seems to me that I would need to Extend the Schema to make this user attributes available. My question is: Can this be done? and if so has anyone done something similar and can direct me to the right place for information? Any help is greatly appreciated. Hi, As a jump-start: https://wiki.samba.org/index.php/Samba4/Schema_extenstions Regards Geza Gemes One thing that is not on that page that I found useful was the schema snap in. Google will show you how to enable it. It is very labour intensive if you are going to be adding tens or hundreds of attributes, but for adding two or three attributes, I found it much faster and easier to use than ldifs. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 : File server
On Mon, 2013-02-11 at 16:54 +0100, BOTZ Franck (Informaticien) - DDT 67/SG/MGI/CI wrote: Hi ! I have installed a DC with samba-tool command and it works perfectly ! Control AD with the 2003 tools is very amazing, thanks for the job ! So, my next step is to install a file server as a member of the AD and not as a DC I read carfully this one : https://wiki.samba.org/index.php/Samba4/Domain_Member Compiling samba : * ./configure --with-ads --with-shared-modules=idmap_ad --enable-debug --enable-selftest --prefix=/samba First of all why --with-ads ? It is not the default feature ? It is, but what this changes is that the compile will fail (prompting you to install some development headers, typically) if the right things are not found. The is very helpful, and long ago I promised to make that the default behaviour. Sadly I never got around to it. * make * make install The krb5.conf was fill with that : [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = DDCS67.INTRA dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } What is appsection ? It is not necessary in a DC wich sharing a directory. But why not. After that , the smb.conf I was wondering that the smb.conf must be fill by the hand. For the DC, running samba-tool command will generate a smb.conf. Before doing this I search the options of samba-tool and i find this : samba-tool domain join DDCS67 --realm=DDCS67.intra -U Administrator Password for [WORKGROUP\Administrator]: Joined domain DDCS67 (S-1-5-21-1814795784-576591386-2449700327) Fine, the domain is join !! And the server appear as a Computer in the MMC. Good ! Let's run /samba/sbin/samba The log are : At this time the 'samba' binary should only be used for either: 'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote' You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks Is it me or i read the ntvfs is deprecatted ? So I run the/samba/sbin/smbd, but with no smb.conf the server does not start Tesparm give me : Load smb config files from /samba/etc/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) params.c:OpenConfFile() - Unable to open configuration file /samba/etc/smb.conf: Can i Genrate a valid smb.conf for a member with samba-tool ? I do apologise for this not being as integrated as you would expect. I'm very proud of the new level of ease of use found in 'samba-tool' and in the AD DC configuration. Sadly while this command will successfully join you to the domain, it does not currently generate the smb.conf. You don't need much, just set: [globals] server role = domain member workgroup = DDCS67 realm = DDCS67.intra BTW, while I've hooked up 'samba-tool' to work, the advertised command for joining a domain member is 'net ads join'. We are working to consolidate the code, but currently it is a different codebase. From my understanding however, it also will not generate the smb.conf. I hope this helps, and feel free to file a bug as fixing this should not be difficult. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] S3 as domain member with S4
-Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Hervé Hénoch Sent: Tuesday, 12 February 2013 1:31 AM To: Andrew Bartlett; samba-liste Subject: Re: [Samba] S3 as domain member with S4 Thanks I've followed the document and i can see in the AD the server included. But I've the following error when doing the following command : net join -Uadministrateur Using short domain name -- SC Joined 'SSC011' to realm 'sc.isc84.org' *DNS Update for ssc011.sc.isc84.org failed: ERROR_DNS_INVALID_MESSAGE DNS update failed!* Moreover I can't access from a window box to my server with \\ssc011 (the name of my server). My /ets/hosts 127.0.0.1 ssc011.sc.isc84.org ssc011 localhost 192.168.77.4ssc011.sc.isc84.org ssc011 192.168.77.1vspdc.sc.isc84.org vspdc sc is the samba3 domain 192.168.77.1 - is the samba4 PDC 192.168.77.4 - is the samba 3.6 file server which has the name ssc011 Regards Le 11/02/2013 12:02, Andrew Bartlett a écrit : On Mon, 2013-02-11 at 11:00 +0100, Hervé Hénoch wrote: Hello How to set a S3 file server as a domain member with a S4 PDC server ? You can join Samba 3.x or Samba 4.0 as a domain member of a Samba 4.0 AD DC in the same way you would join any other AD domain. eg 'net ads join. See https://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adss dm -- Hervé Hénoch Responsable informatique Institut Sainte Catherine 250 chemin de Baigne-Pieds CS 80005 84918 AVIGNON cedex 9 Téléphone : 04.90.27.57.44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Herve, Samba4 provides a lot of features though it does have some prerequisites; please review the HowTo, and particularly https://wiki.samba.org/index.php/Samba4/HOWTO#Step_7:_Configure_DNS noting the first line A working DNS setup is essential to the correct operation of Samba. It's a hard road (if you're not familiar with being a Windows Admin) but well worth the effort. Regards, Dewayne. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Classicupgrade not work
I will try this. Ps. Sorry for sending the same message more than once. I tought my message was not sending correctly. Em 11/02/2013 11:11, Thomas Simmons twsn...@gmail.com escreveu: Have you tried deleting the 'lesley' user before performing the upgrade? The error say's that user has no acct_flags. You could try locking and unlocking this account before the upgrade. Maybe that will create the acct_flags attribute if it really doesn't exist? I had to delete one computer from my S3 domain before performing the upgrade because the upgrade kept failing while processing that specific entry. Thanks, Thomas On Mon, Feb 11, 2013 at 7:33 AM, Jonis Maurin Ceará jmce...@gmail.comwrote: I'm trying to convert my samba3 domain to samba4 AD with samba-tool, but i'm getting an error and i can' t find anything about it on google. I've enabled the log level 4 on smb.conf and here's what i got: Home server: PANDORA init_sam_from_ldap: Entry found for user: DIRET-ESTAG$ Home server: PANDORA init_sam_from_ldap: Entry found for user: dsegato Home server: PANDORA init_sam_from_ldap: Entry found for user: lesley Home server: PANDORA ERROR(type 'exceptions.AttributeError'): uncaught exception - 'passdb.Samu' object has no attribute 'acct_flags' File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py, line 722, in upgrade_from_samba3 % (user.acct_flags, username, [ I've copied my .tdb files to a new test server.also, i'm using ldap backend on s3. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS problem (Solved)
Have you checked the samba log for errors? Did you create the necessary firewall exceptions on the new server? Have you ensured there is nothing conflicting with the ports required for BIND? Can you install dig on the server and see what it reports? On Mon, Feb 11, 2013 at 10:56 AM, fe...@epepm.cupet.cu wrote: A records added manually get the answer: unknown host. No matter how they are added. I tried using MMC and samba-tool. I can see them in MMC and with samba-tool, but when I do tests again my samba server using ping or nslookup the answer is unknown host. It happens since I moved my samba container (I'm using proxmox) from a server to another. both hp proliant. I guess it has something to do with keys. I´m using: samba Version 4.1.0pre1-GIT-UNKNOWN bind9.9.1-P1 ntp-4.2.6p5 Any help will be really appreciated! Thanks for answering. Everything is OK after: /usr/local/samba/sbin/samba_upgradedns --dns-backend=BIND9_DLZ Felix -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [PATCH] Fix classicupgrade error message (was Re: Classicupgrade not work)
On Mon, 2013-02-11 at 10:33 -0200, Jonis Maurin Ceará wrote: I'm trying to convert my samba3 domain to samba4 AD with samba-tool, but i'm getting an error and i can' t find anything about it on google. I've enabled the log level 4 on smb.conf and here's what i got: Home server: PANDORA init_sam_from_ldap: Entry found for user: DIRET-ESTAG$ Home server: PANDORA init_sam_from_ldap: Entry found for user: dsegato Home server: PANDORA init_sam_from_ldap: Entry found for user: lesley Home server: PANDORA ERROR(type 'exceptions.AttributeError'): uncaught exception - 'passdb.Samu' object has no attribute 'acct_flags' File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py, line 722, in upgrade_from_samba3 % (user.acct_flags, username, [ I've copied my .tdb files to a new test server.also, i'm using ldap backend on s3. I do apologise, there is an error in the classicupgrade script which means that instead of printing an informative error, we print this backtrace. I also attach another fix I've had in my local tree for a while, to fix the error when we can't find the LDAP secrets. Please check this improves the error, and then if someone could review and/or push this to master I would appreciate it. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org From bc6e7aaa73f52c449006b061c370e6c759c7620a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett abart...@samba.org Date: Tue, 12 Feb 2013 09:20:03 +1100 Subject: [PATCH] samba-tool domain classicupgrade: Fix typo in error path for multiple account flags --- source4/scripting/python/samba/upgrade.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index e013d2c..02734cc 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -722,7 +722,7 @@ ACB_NORMAL (N, 0x%08X), ACB_WSTRUST (W 0x%08X), ACB_SVRTRUST (S 0x%08X) or ACB_D Please fix this account before attempting to upgrade again -% (user.acct_flags, username, +% (user.acct_ctrl, username, samr.ACB_NORMAL, samr.ACB_WSTRUST, samr.ACB_SVRTRUST, samr.ACB_DOMTRUST)) userdata[username] = user -- 1.7.11.7 From 3d6aaf2b8c8fe15deb400020e4b084071ea98094 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett abart...@samba.org Date: Tue, 15 Jan 2013 21:53:30 +1100 Subject: [PATCH 1/6] samba-tool domain classicupgrade: Print a better error when the ldap backend PW was not found --- source4/scripting/python/samba/upgrade.py | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index d680a7c..e013d2c 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -598,7 +598,10 @@ def upgrade_from_samba3(samba3, logger, targetdir, session_info=None, if samba3.lp.get(passdb backend).split(:)[0].strip() == ldapsam: base_dn = samba3.lp.get(ldap suffix) ldapuser = samba3.lp.get(ldap admin dn) -ldappass = (secrets_db.get_ldap_bind_pw(ldapuser)).strip('\x00') +ldappass = secrets_db.get_ldap_bind_pw(ldapuser) +if ldappass is None: +raise ProvisioningError(ldapsam passdb backend detected but no LDAP Bind PW found in secrets.tdb for user %s. Please point this tool at the secrets.tdb that was used by the previous installation.) +ldappass = ldappass.strip('\x00') ldap = True else: ldapuser = None -- 1.7.11.7 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] S4 Cannot Unlock Account
I have come across a few accounts (out of 300+) that seem to be locked that will not unlock. These accounts were migrated from S3. Can someone advise - what am I missing here? I've reset the password several times via RSAT, checking the Unlock Account checkbox, which has not helped. Resetting the user's password via smbpasswd gives me: pdb_try_account_unlock: Account dmscott administratively locked out with no bad password time. Leaving locked out. When attempting to login to WinXP, Windows states the account is locked out and log.samba shows: Kerberos: ENC-TS Pre-authentication succeeded -- dmscott@DOMAIN using arcfour-hmac-md5 [2013/02/11 18:37:40, 4] ../source4/auth/sam.c:170(authsam_account_ok) authsam_account_ok: Checking SMB password for user dmscott@DOMAIN [2013/02/11 18:37:40, 2] ../source4/auth/sam.c:191(authsam_account_ok) authsam_account_ok: Account for user dmscott@DOMAIN was locked out. Here is an ldapsearch output. I'm not seeing where/why this account is locked. # extended LDIF # # LDAPv3 # base cn=Users,dc=internal,dc=domain,dc=com with scope subtree # filter: sAMAccountName=dmscott # requesting: ALL # # Duser M. Scott, Users, internal.domain.com dn: CN=Duser M. Scott,CN=Users,DC=internal,DC=domain,DC=com instanceType: 4 whenCreated: 20121229150147.0Z uSNCreated: 4317 objectGUID:: sQU6/um9x0+gN2VOHTpmbw== badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 primaryGroupID: 513 objectSid:: AQUAAAUVL/+1+4rRK5lRjK88/Q4AAA== logonCount: 0 sAMAccountName: dmscott sAMAccountType: 805306368 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=internal,DC=domain,DC =com logonHours:: uidNumber: 1436 objectClass: top objectClass: posixAccount objectClass: person objectClass: organizationalPerson objectClass: user unixHomeDirectory: /home/dmscott gidNumber: 513 msSFU30NisDomain: domain memberOf: CN=VPN,CN=Users,DC=internal,DC=domain,DC=com mail: duser.m.sc...@domain.com userPrincipalName: dmsc...@internal.domain.com givenName: Duser initials: M sn: Scott displayName: Duser M. Scott cn: Duser M. Scott name: Duser M. Scott scriptPath: GCS.cmd lockoutTime: 0 loginShell: /bin/bash msDS-SupportedEncryptionTypes: 0 userAccountControl: 528 accountExpires: 0 pwdLastSet: 13005098906000 userParameters: IAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC AAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAUAAEABoACAA BAEMAdAB4AEMAZgBnAFAAcgBlAHMAZQBuAHQANTUxZTBiYjAYAAgAAQBDAHQAeABDAGYAZwBGAGwA YQBnAHMAMQAwMGUwMDAxMBIACAABAEMAdAB4AFMAaABhAGQAbwB3ADAxMDAwMDAwKgACAAEAQwB0A HgATQBpAG4ARQBuAGMAcgB5AHAAdABpAG8AbgBMAGUAdgBlAGwAMDA= whenChanged: 20130211233014.0Z uSNChanged: 8816 distinguishedName: CN=Duser M. Scott,CN=Users,DC=internal,DC=domain,DC=com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Wiki link / Attn:samba dev team, web maint..
The Wiki page has been SSL-only for a few days to a week or so. [perhaps this is by design, I don't know - but it is different than it was a week or more ago.] But the link to it from the main samba.org page is wrong and the suggested link doesn't get you to the wiki either. [It goes to CIFS.ORG.] Most of us can find our way - but it probably needs addressing sometime soon. -Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Fix classicupgrade error message (was Re: Classicupgrade not work)
Tks Andrew!! Changes that you've made worked for that problem, but now i got a new oneand in this one i'm really stuck! Not even a field name. This is my log (log level 12): element 32 - now SET element 33 - now SET ldapsam_get_account_policy: got valid value from cache element 19 - now SET element 15 - now SET element 16 - now SET attribute sambaBadPasswordCount does not exist attribute sambaBadPasswordTime does not exist attribute sambaLogonHours does not exist Adding cache entry with key = IDMAP/SID2XID/S-1-5-21-511255529-1355219746-1726288727-3659 and timeout = Mon Feb 18 22:58:35 2013 (604800 seconds ahead) Adding cache entry with key = IDMAP/UID2SID/1341 and timeout = Mon Feb 18 22:58:35 2013 (604800 seconds ahead) gid 1003 - sid S-1-5-21-511255529-1355219746-1726288727-3007 gid 1003 - sid S-1-5-21-511255529-1355219746-1726288727-3007 do lookup_sid(S-1-5-21-511255529-1355219746-1726288727-3007) for group of user lesley lookup_sid called for SID 'S-1-5-21-511255529-1355219746-1726288727-3007' Accepting SID S-1-5-21-511255529-1355219746-1726288727 in level 1 lookup_rids called for domain sid 'S-1-5-21-511255529-1355219746-1726288727' smbldap_search_ext: base = [ou=Users,dc=fearp,dc=usp,dc=br], filter = [((objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-511255529-1355219746-1726288727-3007)))], scope = [2] smbldap_open: already connected to the LDAP server smbldap_search_ext: base = [dc=fearp,dc=usp,dc=br], filter = [((objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-511255529-1355219746-1726288727-3007)))], scope = [2] smbldap_open: already connected to the LDAP server Sid S-1-5-21-511255529-1355219746-1726288727-3007 - FEARP\pgrd(2) Did not store value for IDMAP/SID2XID/S-1-5-21-511255529-1355219746-1726288727-3007, we already got it Did not store value for IDMAP/GID2SID/1003, we already got it Looking up login cache for user lesley No cache entry found No cache entry, bad count = 0, bad time = 0 element 35 - now CHANGED ERROR(type 'exceptions.TypeError'): uncaught exception - %X format: a number is required, not str File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py, line 723, in upgrade_from_samba3 samr.ACB_NORMAL, samr.ACB_WSTRUST, samr.ACB_SVRTRUST, samr.ACB_DOMTRUST)) The connection to the LDAP server was closed 2013/2/11 Andrew Bartlett abart...@samba.org: On Mon, 2013-02-11 at 10:33 -0200, Jonis Maurin Ceará wrote: I'm trying to convert my samba3 domain to samba4 AD with samba-tool, but i'm getting an error and i can' t find anything about it on google. I've enabled the log level 4 on smb.conf and here's what i got: Home server: PANDORA init_sam_from_ldap: Entry found for user: DIRET-ESTAG$ Home server: PANDORA init_sam_from_ldap: Entry found for user: dsegato Home server: PANDORA init_sam_from_ldap: Entry found for user: lesley Home server: PANDORA ERROR(type 'exceptions.AttributeError'): uncaught exception - 'passdb.Samu' object has no attribute 'acct_flags' File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py, line 722, in upgrade_from_samba3 % (user.acct_flags, username, [ I've copied my .tdb files to a new test server.also, i'm using ldap backend on s3. I do apologise, there is an error in the classicupgrade script which means that instead of printing an informative error, we print this backtrace. I also attach another fix I've had in my local tree for a while, to fix the error when we can't find the LDAP secrets. Please check this improves the error, and then if someone could review and/or push this to master I would appreciate it. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Fix classicupgrade error message (was Re: Classicupgrade not work)
On Tue, 2013-02-12 at 00:01 -0200, Jonis Maurin Ceará wrote: Tks Andrew!! Changes that you've made worked for that problem, but now i got a new oneand in this one i'm really stuck! Not even a field name. Sorry for the noise. I've fixed it up in this new patch, I hope. Revert the previous patch, and then apply this one. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org From 22a1661a8312cbad99eb9fe016db4deefc11a9d1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett abart...@samba.org Date: Tue, 12 Feb 2013 09:20:03 +1100 Subject: [PATCH] samba-tool domain classicupgrade: Fix typo in error path for multiple account flags --- source4/scripting/python/samba/upgrade.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index e013d2c..8371224 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -722,7 +722,7 @@ ACB_NORMAL (N, 0x%08X), ACB_WSTRUST (W 0x%08X), ACB_SVRTRUST (S 0x%08X) or ACB_D Please fix this account before attempting to upgrade again -% (user.acct_flags, username, +% (username, user.acct_ctrl, samr.ACB_NORMAL, samr.ACB_WSTRUST, samr.ACB_SVRTRUST, samr.ACB_DOMTRUST)) userdata[username] = user -- 1.7.11.7 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] homes share
[homes] is a special name: from smb.conf manpage: The [homes] section If a section called [homes] is included in the configuration file, services connecting clients to their home directories can be created on the fly by the server. When the connection request is made, the existing sections are scanned. If a match is found, it is used. If no match is found, the requested section name is treated as a username and looked up in the local password file. If the name exists and the correct password has been given, a share is created by cloning the [homes] section. Some modifications are then made to the newly created share: · The share name is changed from homes to the located username. · If no path was given, the path is set to the user´s home directory. If you decide to use a path = line in your [homes] section, it may be useful to use the %S macro. For example: path = /data/pchome/%S is useful if you have different home directories for your PCs than for UNIX access. This is a fast and simple way to give a large number of clients access to their home directories with a minimum of fuss. Hope this explains why... Linda Ufficiotecnico Acknow wrote: i made a test changing [homes] to [home] i configured letter and path from user profile in active directory snap-in. works, each user gets a folder named when he logs into domain, subdirectory with username are created correctly -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f25debf Fix bug #9642 - vfs_afsacl.c won't build. from c932b13 Improve the configure tests for aio_suspend to get rid of warnings. Timur provided the wscript method, I added the configure.in correction. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f25debf2fbf988c7b3415b86ccc5880319517bdd Author: Jeremy Allison j...@samba.org Date: Fri Feb 8 17:08:28 2013 -0800 Fix bug #9642 - vfs_afsacl.c won't build. Add missing mem_ctx argument. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@samba.org Autobuild-User(master): David Disseldorp dd...@samba.org Autobuild-Date(master): Mon Feb 11 20:24:00 CET 2013 on sn-devel-104 --- Summary of changes: source3/modules/vfs_afsacl.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index 7d1895f..66e256c 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -700,7 +700,8 @@ static size_t afs_fto_nt_acl(struct afs_acl *afs_acl, return 0; } - return afs_to_nt_acl_common(afs_acl, sbuf, security_info, ppdesc); + return afs_to_nt_acl_common(afs_acl, sbuf, security_info, + mem_ctx, ppdesc); } static bool mappable_sid(const struct dom_sid *sid) -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-02-12-0415/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-02-12-0415/samba3.stderr http://git.samba.org/autobuild.flakey/2013-02-12-0415/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-02-12-0415/samba.stderr http://git.samba.org/autobuild.flakey/2013-02-12-0415/samba.stdout The top commit at the time of the failure was: commit f25debf2fbf988c7b3415b86ccc5880319517bdd Author: Jeremy Allison j...@samba.org Date: Fri Feb 8 17:08:28 2013 -0800 Fix bug #9642 - vfs_afsacl.c won't build. Add missing mem_ctx argument. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@samba.org Autobuild-User(master): David Disseldorp dd...@samba.org Autobuild-Date(master): Mon Feb 11 20:24:00 CET 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via efd60ae Fix some cut-and-paste and spelling in debug messages from f25debf Fix bug #9642 - vfs_afsacl.c won't build. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit efd60aeff7aac308d85b767cdf394dd866cce078 Author: Guenter Kukkukk ku...@samba.org Date: Tue Feb 12 05:37:09 2013 +0100 Fix some cut-and-paste and spelling in debug messages Signed-off-by: Guenter Kukkukk ku...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Feb 12 07:28:27 CET 2013 on sn-devel-104 --- Summary of changes: source4/auth/gensec/gensec_gssapi.c | 16 1 files changed, 8 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 2b09665..e3bafe2 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -182,7 +182,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) gensec_security-settings-lp_ctx, gensec_gssapi_state-smb_krb5_context); if (ret) { - DEBUG(1,(gensec_krb5_start: krb5_init_context failed (%s)\n, + DEBUG(1,(gensec_gssapi_start: smb_krb5_init_context failed (%s)\n, error_message(ret))); talloc_free(gensec_gssapi_state); return NT_STATUS_INTERNAL_ERROR; @@ -211,7 +211,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) if (realm != NULL) { ret = gsskrb5_set_default_realm(realm); if (ret) { - DEBUG(1,(gensec_krb5_start: gsskrb5_set_default_realm failed\n)); + DEBUG(1,(gensec_gssapi_start: gsskrb5_set_default_realm failed\n)); talloc_free(gensec_gssapi_state); return NT_STATUS_INTERNAL_ERROR; } @@ -220,7 +220,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) /* don't do DNS lookups of any kind, it might/will fail for a netbios name */ ret = gsskrb5_set_dns_canonicalize(gensec_setting_bool(gensec_security-settings, krb5, set_dns_canonicalize, false)); if (ret) { - DEBUG(1,(gensec_krb5_start: gsskrb5_set_dns_canonicalize failed\n)); + DEBUG(1,(gensec_gssapi_start: gsskrb5_set_dns_canonicalize failed\n)); talloc_free(gensec_gssapi_state); return NT_STATUS_INTERNAL_ERROR; } @@ -457,7 +457,7 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security, min_stat = gsskrb5_set_send_to_kdc(send_to_kdc); if (min_stat) { - DEBUG(1,(gensec_krb5_start: gsskrb5_set_send_to_kdc failed\n)); + DEBUG(1,(gensec_gssapi_update: gsskrb5_set_send_to_kdc failed\n)); return NT_STATUS_INTERNAL_ERROR; } #endif @@ -484,7 +484,7 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security, ret = gsskrb5_set_send_to_kdc(send_to_kdc); if (ret) { - DEBUG(1,(gensec_krb5_start: gsskrb5_set_send_to_kdc failed\n)); + DEBUG(1,(gensec_gssapi_update: gsskrb5_set_send_to_kdc failed\n)); return NT_STATUS_INTERNAL_ERROR; } #endif @@ -999,7 +999,7 @@ static size_t gensec_gssapi_max_input_size(struct gensec_security *gensec_securi max_input_size); if (GSS_ERROR(maj_stat)) { TALLOC_CTX *mem_ctx = talloc_new(NULL); - DEBUG(1, (gensec_gssapi_max_input_size: determinaing signature size with gss_wrap_size_limit failed: %s\n, + DEBUG(1, (gensec_gssapi_max_input_size: determining signature size with gss_wrap_size_limit failed: %s\n, gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state-gss_oid))); talloc_free(mem_ctx); return 0; @@ -1152,7 +1152,7 @@ static NTSTATUS gensec_gssapi_sign_packet(struct gensec_security *gensec_securit *sig = data_blob_talloc(mem_ctx, (uint8_t *)output_token.value, output_token.length); - dump_data_pw(gensec_gssapi_seal_packet: sig\n, sig-data, sig-length); + dump_data_pw(gensec_gssapi_sign_packet: sig\n, sig-data, sig-length); gss_release_buffer(min_stat, output_token); @@