Re: [Samba] Solaris 11 can't join Active Directory Domain
Hi. On 17/02/13 2:01 PM, Nico Kadel-Garcia nka...@gmail.com wrote: On Fri, Feb 8, 2013 at 5:40 AM, İhsan Doğan ih...@dogan.ch wrote: On 02/04/2013 03:31 AM, Jake Carroll wrote: Do you have an Oracle support contract for OS/integration? I'd log it in MOS if I were you, and see what they say. Approach this from two angles ;). I've contacted Oracle in the first place. According to them, it's not a Solaris issue. Ihsan Solaris really has to be considered EOL, even though the support poromises for Solaris are nominally until 2024. Sun is gone, they're not *making* Sun hardware anymore, and Oracle is urging their customers with Solaris to switch to so-called Unbreakable Linux, which is a repackaging of RHEL with customizations for Oraclie database support. (And Red Hat is *really angry*, as they should be, because they've customized the kernel and kept their changes closed source.) Well, without starting a small war (not the point of these lists at all), I guess one of the problems some of us face is that, it's not just about Samba. It's also about the file system technologies that Oracle owns that don't really work on Linux platforms, and only currently work on Solaris based systems. I guess there is a little bit of complication to it, in that. Not sure if this is the case for Ihsan, but for my own purposes, I actually *can't* use linux for the kinds of things I do, the file system functions I need, and the technology problems I need to solve. Not *yet* anyway ;). Maybe in time. --JC Do you have Linux servers you can test from? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] GPOs don't work after update from Samba4.0 alpha 17 to 4.0.1
I have checked the ACL of the Sysvol share: 1. After the upgrade from alpha 17 to 4.0.1 the ACL looks like this: # file: var/lib/samba/var/locks/sysvol/ # owner: root # group: adm user::rwx group::r-x other::r-x 2. After a 'samba-tool ntacl sysvolreset' the ACL looks like this: # owner: root # group: adm user::rwx user:root:rwx group::rwx group:adm:rwx group:306:r-x group:3000147:r-x group:3000148:rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:group::--- default:group:adm:rwx default:group:306:r-x default:group:3000147:r-x default:group:3000148:rwx default:mask::rwx default:other::--- Are the ACLs correct and if yes, why GPOs don't work even when i remove the WMI-Filter? Thanks for help. Gesendet: Sonntag, 27. Januar 2013 um 15:57 Uhr Von: x-dimens...@gmx.net An: dbgtmas...@gmx.at, samba@lists.samba.org Betreff: Re: [Samba] GPOs don't work after update from Samba4.0 alpha 17 to 4.0.1 Yes, i have used wmi filters before to set some GPOs for our Windows XP clients and some for Windows 7 clients only. I have removed the wmi filters from Microsofts Group Policy tool, but it seems to have no effect, i still get the same errors. Original-Nachricht Datum: Sun, 27 Jan 2013 15:37:41 +0100 Von: Thomas Manninger dbgtmas...@gmx.at An: samba@lists.samba.org Betreff: Re: [Samba] GPOs don\'t work after update from Samba4.0 alpha 17 to 4.0.1 Do you used wmi filters for your gpos? Original-Nachricht Datum: Sun, 27 Jan 2013 13:25:22 +0100 Von: x-dimens...@gmx.net An: samba@lists.samba.org Betreff: [Samba] GPOs don\'t work after update from Samba4.0 alpha 17 to 4.0.1 Hi! I have updated our server from Samba 4 alpha 17 to Samba 4.0.1. Everything seems to work fine after some reconfiguration, but our GPOs are not working anymore. Samba 4 alpha 17 was using ntvfs and the root partition with the sysvol share was mounted with user_xattr only in /etc/fstab. Samba 4.0.1 is now set to use s3fs and the root partition is mouted with user_xattr,acl,barrier=1. After updating to the newer Samba release i run samba-tool ntacl sysvolreset like it was described in the release notes. Gpresult /H shows me that only the Default Domain Policy is loaded, but not all the policies in the OU. Gpupdate /force shows this error on a client: --- Die Richtlinie wird aktualisiert... Die Aktualisierung der Benutzerrichtlinie wurde erfolgreich abgeschlossen. Die Computerrichtlinie konnte nicht erfolgreich aktualisiert werden. Folgende Probleme sind aufgetreten: Fehler bei der Verarbeitung der Gruppenrichtlinie. Der WMI-Filter (Windows Management Instrumentation) für das Gruppenrichtlinienobjekt cn={97E400EB-EDFD-4024-A9D5-1BB8261ABE01},cn=policies,cn=system,DC=mynetwork,DC=lan konnte nicht ausgewertet werden. Dies kann darauf zurückzuführen sein, dass RSoP deaktiviert ist, oder dass der WMI-Dienst deaktiviert oder angehalten wurde, bzw. andere WMI-Fehler aufgetreten sind. Stellen Sie sicher, dass der WMI-Dienst gestartet ist und dass der Starttyp auf automatischen Start festgelegt ist. Neue Gruppenrichtlinienobjekte oder -einstellungen werden nicht verarbeitet, bis dieses Ereignis behoben wurde. --- Google Translate: The policy is updated ... Updating the user policy has been successfully completed.The computer policy could not be updated successfully. The following problems: Error processing of Group Policy. The WMI filter (Windows Management Instrumentation) for the GPO cn = {97E400EB-4024-A9D5-EDFD-1BB8261ABE01}, cn = policies, cn = System, DC = mynetwork, DC = lan could not be evaluated. This may be due to the fact that RSOP is disabled, or that the WMI service is disabled or stopped, or other WMI errors. Make sure that the WMI service is started and that the startup type is set to start automatically. New Group Policy objects or settings will not be processed until this event is resolved. --- How can i get my GPOs to work again? Thanks for help! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Centos samba-3x / samba-3.6.6 - win7 will not join domain
Hi Some advice needed on samba-3.6.6 for win7 Since getting my win7 ultimate pc, I've only used my centos server with samba for a workgroup connection. Previously I had an XP client on this domain. I've updated today (17 feb 2013) to the latest centos5.9 (Linux 2.6.18-348.1.1.el5.centos.plus on i686) which includes samba3x with samba-3.6.600.129_el5 passdb backend has to be tdbsam now for win7, not smbpasswd I've tried repeatedly to join the domain without success. My win7 ultimate machine supposedly has the ability to join a domain Provided I ensure that nmbd as well as smbd is running, it gives the username and password login form and then The following error occurred attempting to join the domain glendisc The specified domain either does not exist or could not be contacted Since getting the win7 PC I have been connecting to workgroup 'glendiscovery' by the server IP address, so it has not previously been on the domain. I deliberately changed the name to glendisc to avoid possible issues. I can still connect to my workgroup shares I noted that the samba user root had disappeared so I added new user 'root' and 'plawrie' and enabled them in swat password. That's presumably for the tdbsam database, instead of smbpasswd Still no difference. I have several customers who have introduced win7 machines, so I will have to get this working before I try it on their business networks. For reference here is my smb.conf [root@centos55 ~]# cat /etc/samba/smb.conf | more # Samba config file created using SWAT # from UNKNOWN (0.0.0.0) # Date: 2013/02/17 19:56:06 [global] workgroup = GLENDISC server string = Samba Server Version %v obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u unix password sync = Yes log file = /var/log/samba/%m.log max log size = 50 time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 printcap name = cups logon script = scripts\%U.bat logon path = logon drive = z: domain logons = Yes os level = 64 domain master = Yes idmap config * : range = idmap config * : backend = tdb cups options = raw [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No [company] comment = company share path = /datastore/company valid users = @adm, @users force group = users read only = No create mask = 0775 force create mode = 0775 directory mask = 0775 force directory mode = 0775 inherit permissions = Yes use sendfile = Yes [netlogon] comment = netlogon path = /datastore/netlogon valid users = @adm, @users read only = No [homes] writeable = yes path = /home/plawrie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos samba-3x / samba-3.6.6 - win7 will not join domain
Have you made the necessary registry changes on the Win7 workstation (see link)? If properly configured, Win7 works perfectly fine with current versions of Samba 3. https://wiki.samba.org/index.php/Windows7 On Sun, Feb 17, 2013 at 3:40 PM, peter lawrie peter.law...@glendiscovery.co.uk wrote: Hi Some advice needed on samba-3.6.6 for win7 Since getting my win7 ultimate pc, I've only used my centos server with samba for a workgroup connection. Previously I had an XP client on this domain. I've updated today (17 feb 2013) to the latest centos5.9 (Linux 2.6.18-348.1.1.el5.centos.plus on i686) which includes samba3x with samba-3.6.600.129_el5 passdb backend has to be tdbsam now for win7, not smbpasswd I've tried repeatedly to join the domain without success. My win7 ultimate machine supposedly has the ability to join a domain Provided I ensure that nmbd as well as smbd is running, it gives the username and password login form and then The following error occurred attempting to join the domain glendisc The specified domain either does not exist or could not be contacted Since getting the win7 PC I have been connecting to workgroup 'glendiscovery' by the server IP address, so it has not previously been on the domain. I deliberately changed the name to glendisc to avoid possible issues. I can still connect to my workgroup shares I noted that the samba user root had disappeared so I added new user 'root' and 'plawrie' and enabled them in swat password. That's presumably for the tdbsam database, instead of smbpasswd Still no difference. I have several customers who have introduced win7 machines, so I will have to get this working before I try it on their business networks. For reference here is my smb.conf [root@centos55 ~]# cat /etc/samba/smb.conf | more # Samba config file created using SWAT # from UNKNOWN (0.0.0.0) # Date: 2013/02/17 19:56:06 [global] workgroup = GLENDISC server string = Samba Server Version %v obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u unix password sync = Yes log file = /var/log/samba/%m.log max log size = 50 time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 printcap name = cups logon script = scripts\%U.bat logon path = logon drive = z: domain logons = Yes os level = 64 domain master = Yes idmap config * : range = idmap config * : backend = tdb cups options = raw [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No [company] comment = company share path = /datastore/company valid users = @adm, @users force group = users read only = No create mask = 0775 force create mode = 0775 directory mask = 0775 force directory mode = 0775 inherit permissions = Yes use sendfile = Yes [netlogon] comment = netlogon path = /datastore/netlogon valid users = @adm, @users read only = No [homes] writeable = yes path = /home/plawrie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos samba-3x / samba-3.6.6 - win7 will not join domain
Hi Thanks, but I've already done that. Now I'm getting active directory domain controller could not be contacted. I have renamed my win7 PC as pjl-win7 and restarted PC, server and router to ensure all match I also changed the workgroup in Samba from Glendiscovery to glendisc, my PC is still on the windows workgroup and can access the shares. There is also an XP machine, computer1 on 'workgroup', once I've fixed the win7 problem, I'll be checking it can also join the domain. browse.dat has: GLENDISCc0001000 CENTOS55GLENDISC CENTOS55408c9a23 Samba Server Version 3.6.6-0.129.el5 GLENDISC WORKGROUP c0001000 COMPUTER1 WORKGROUP GLENDISCOVERY c0001000 PJL-WIN7 GLENDISCOVERY I was recommended to add some lines to smb.conf, so it now has [root@centos55 samba]# cat smb.conf # Samba config file created using SWAT # from UNKNOWN (0.0.0.0) # Date: 2013/02/17 23:16:46 [global] lanman auth = yes log file = /var/log/samba/%m.log name resolve order = bcast host lmhosts wins socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 obey pam restrictions = Yes client ntlmv2 auth = yes logon drive = z: ntlm auth = Yes domain master = Yes idmap config * : range = time server = Yes wins proxy = No passwd program = /usr/bin/passwd %u wins support = true netbios name = centos55 cups options = raw server string = Samba Server Version %v password server = none logon script = scripts\%U.bat unix password sync = Yes idmap config * : backend = tdb workgroup = GLENDISC logon path = os level = 64 auto services = global printcap name = cups preferred master = yes max log size = 50 pam password change = Yes [homes] valid users = %S read only = No browseable = No [netlogon] comment = netlogon path = /datastore/netlogon valid users = @adm, @users read only = No [company] comment = company share path = /datastore/company valid users = @adm, @users force group = users read only = No create mask = 0775 force create mode = 0775 directory mask = 0775 force directory mode = 0775 inherit permissions = Yes use sendfile = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No On 17 February 2013 23:47, Thomas Simmons twsn...@gmail.com wrote: Have you made the necessary registry changes on the Win7 workstation (see link)? If properly configured, Win7 works perfectly fine with current versions of Samba 3. https://wiki.samba.org/index.php/Windows7 On Sun, Feb 17, 2013 at 3:40 PM, peter lawrie peter.law...@glendiscovery.co.uk wrote: Hi Some advice needed on samba-3.6.6 for win7 Since getting my win7 ultimate pc, I've only used my centos server with samba for a workgroup connection. Previously I had an XP client on this domain. I've updated today (17 feb 2013) to the latest centos5.9 (Linux 2.6.18-348.1.1.el5.centos.plus on i686) which includes samba3x with samba-3.6.600.129_el5 passdb backend has to be tdbsam now for win7, not smbpasswd I've tried repeatedly to join the domain without success. My win7 ultimate machine supposedly has the ability to join a domain Provided I ensure that nmbd as well as smbd is running, it gives the username and password login form and then The following error occurred attempting to join the domain glendisc The specified domain either does not exist or could not be contacted Since getting the win7 PC I have been connecting to workgroup 'glendiscovery' by the server IP address, so it has not previously been on the domain. I deliberately changed the name to glendisc to avoid possible issues. I can still connect to my workgroup shares I noted that the samba user root had disappeared so I added new user 'root' and 'plawrie' and enabled them in swat password. That's presumably for the tdbsam database, instead of smbpasswd Still no difference. I have several customers who have introduced win7 machines, so I will have to get this working before I try it on their business networks. For reference here is my smb.conf [root@centos55 ~]# cat /etc/samba/smb.conf | more # Samba config file created using SWAT # from UNKNOWN (0.0.0.0) # Date: 2013/02/17 19:56:06 [global] workgroup = GLENDISC server string = Samba Server Version %v obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u unix password sync = Yes log file = /var/log/samba/%m.log max log size = 50 time server = Yes socket
[Samba] PROPOSAL: Remove SWAT in Samba 4.1
As most of you would have noticed, we have now had 3 CVE-nominated security issues for SWAT in the past couple of years. At the same time, while I know many of our users use SWAT, we just don't have anybody to maintain it inside the Samba Team. Kai has made a valiant effort to at least apply the XSS and CSRF guidelines when folks make security reports, but by his own admission he isn't a web developer - none of us are! There are many other parts of Samba that have not been substantially maintained in years, but few have the level of security exposure that SWAT does (most are bits of library and utility code that we apply elsewhere, but which just quietly does it's own job). The issue isn't that we can't write secure code, but that writing secure Web code where we can't trust the authenticated actions of our user's browser is a very different modal to writing secure system code. Frankly it just isn't our area. Therefore, it was suggested on a private list that we just drop SWAT. I want to start a public discussion on that point, prompted by http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700729 which reminds us why we didn't apply the specific CSRF hardening we applied in 4.0.2 to SWAT in the first place. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos samba-3x / samba-3.6.6 - win7 will not join domain
I would try joining the XP system (or any XP system) first. That should narrow down the problem. Also, note your error states: active directory domain controller could not be contacted. Samba 3 is not an Active Directory Domain Controller. I don't know if Win7 always states that, or if it's only trying to connect to an AD domain controller and giving up. Can you access a share on the DC from the W7 computer? Have you looked at the Samba log? On Sun, Feb 17, 2013 at 6:59 PM, peter lawrie peter.law...@glendiscovery.co.uk wrote: Hi Thanks, but I've already done that. Now I'm getting active directory domain controller could not be contacted. I have renamed my win7 PC as pjl-win7 and restarted PC, server and router to ensure all match I also changed the workgroup in Samba from Glendiscovery to glendisc, my PC is still on the windows workgroup and can access the shares. There is also an XP machine, computer1 on 'workgroup', once I've fixed the win7 problem, I'll be checking it can also join the domain. browse.dat has: GLENDISCc0001000 CENTOS55GLENDISC CENTOS55408c9a23 Samba Server Version 3.6.6-0.129.el5 GLENDISC WORKGROUP c0001000 COMPUTER1 WORKGROUP GLENDISCOVERY c0001000 PJL-WIN7 GLENDISCOVERY I was recommended to add some lines to smb.conf, so it now has [root@centos55 samba]# cat smb.conf # Samba config file created using SWAT # from UNKNOWN (0.0.0.0) # Date: 2013/02/17 23:16:46 [global] lanman auth = yes log file = /var/log/samba/%m.log name resolve order = bcast host lmhosts wins socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 obey pam restrictions = Yes client ntlmv2 auth = yes logon drive = z: ntlm auth = Yes domain master = Yes idmap config * : range = time server = Yes wins proxy = No passwd program = /usr/bin/passwd %u wins support = true netbios name = centos55 cups options = raw server string = Samba Server Version %v password server = none logon script = scripts\%U.bat unix password sync = Yes idmap config * : backend = tdb workgroup = GLENDISC logon path = os level = 64 auto services = global printcap name = cups preferred master = yes max log size = 50 pam password change = Yes [homes] valid users = %S read only = No browseable = No [netlogon] comment = netlogon path = /datastore/netlogon valid users = @adm, @users read only = No [company] comment = company share path = /datastore/company valid users = @adm, @users force group = users read only = No create mask = 0775 force create mode = 0775 directory mask = 0775 force directory mode = 0775 inherit permissions = Yes use sendfile = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No On 17 February 2013 23:47, Thomas Simmons twsn...@gmail.com wrote: Have you made the necessary registry changes on the Win7 workstation (see link)? If properly configured, Win7 works perfectly fine with current versions of Samba 3. https://wiki.samba.org/index.php/Windows7 On Sun, Feb 17, 2013 at 3:40 PM, peter lawrie peter.law...@glendiscovery.co.uk wrote: Hi Some advice needed on samba-3.6.6 for win7 Since getting my win7 ultimate pc, I've only used my centos server with samba for a workgroup connection. Previously I had an XP client on this domain. I've updated today (17 feb 2013) to the latest centos5.9 (Linux 2.6.18-348.1.1.el5.centos.plus on i686) which includes samba3x with samba-3.6.600.129_el5 passdb backend has to be tdbsam now for win7, not smbpasswd I've tried repeatedly to join the domain without success. My win7 ultimate machine supposedly has the ability to join a domain Provided I ensure that nmbd as well as smbd is running, it gives the username and password login form and then The following error occurred attempting to join the domain glendisc The specified domain either does not exist or could not be contacted Since getting the win7 PC I have been connecting to workgroup 'glendiscovery' by the server IP address, so it has not previously been on the domain. I deliberately changed the name to glendisc to avoid possible issues. I can still connect to my workgroup shares I noted that the samba user root had disappeared so I added new user 'root' and 'plawrie' and enabled them in swat password. That's presumably for the tdbsam database, instead of smbpasswd Still no difference. I have several customers who have introduced win7 machines, so I
Re: [Samba] PROPOSAL: Remove SWAT in Samba 4.1
On Sun, Feb 17, 2013 at 7:02 PM, Andrew Bartlett abart...@samba.org wrote: As most of you would have noticed, we have now had 3 CVE-nominated security issues for SWAT in the past couple of years. Has webmin kept up to date with the latest structural changes in smb.conf? I'll admit that I've long preferred the webmin module structure over the dedicated add-on structures of swat. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PROPOSAL: Remove SWAT in Samba 4.1
On Sun, 2013-02-17 at 20:52 -0500, Nico Kadel-Garcia wrote: On Sun, Feb 17, 2013 at 7:02 PM, Andrew Bartlett abart...@samba.org wrote: As most of you would have noticed, we have now had 3 CVE-nominated security issues for SWAT in the past couple of years. Has webmin kept up to date with the latest structural changes in smb.conf? I'll admit that I've long preferred the webmin module structure over the dedicated add-on structures of swat. It seems webmin has much the same challenges, perhaps because it's a package of a similar age. Or web security is just hard... http://www.webmin.com/security.html smb.conf hasn't changed structure in a long time, but we do add/remove options each release. Neither is likely to do the AD DC stuff very well right now. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PROPOSAL: Remove SWAT in Samba 4.1
I'm just a data point of one. My Samba history is as a user since before 2.0. Shortly into the 2.0.x series I was asked by locals (a point and click lot) to setup Swat so they could manage Samba. I did so and they still f'ed the configuration. That was and remains my only experience with Swat. I won't miss it. On 02/17/2013 04:02 PM, Andrew Bartlett wrote: As most of you would have noticed, we have now had 3 CVE-nominated security issues for SWAT in the past couple of years. At the same time, while I know many of our users use SWAT, we just don't have anybody to maintain it inside the Samba Team. Kai has made a valiant effort to at least apply the XSS and CSRF guidelines when folks make security reports, but by his own admission he isn't a web developer - none of us are! There are many other parts of Samba that have not been substantially maintained in years, but few have the level of security exposure that SWAT does (most are bits of library and utility code that we apply elsewhere, but which just quietly does it's own job). The issue isn't that we can't write secure code, but that writing secure Web code where we can't trust the authenticated actions of our user's browser is a very different modal to writing secure system code. Frankly it just isn't our area. Therefore, it was suggested on a private list that we just drop SWAT. I want to start a public discussion on that point, prompted by http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700729 which reminds us why we didn't apply the specific CSRF hardening we applied in 4.0.2 to SWAT in the first place. Thanks, Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 MX Record Entry
Hi Samba Experts, I want to configure my Zimbra server with samba4 DNS Server and authentication. When i am trying to add MX record for my E-mail server (zimbra), i getting the below mentioned error: [root@sso bin]# ./samba-tool dns add dc loop.os zimbra MX 'zimbra.loop.os 10' ERROR(runtime): uncaught exception - (-1073741772, 'NT_STATUS_OBJECT_NAME_NOT_FOUND') File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/dns.py, line 1042, in run dns_conn = dns_connect(server, self.lp, self.creds) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/dns.py, line 37, in dns_connect dns_conn = dnsserver.dnsserver(binding_str, lp, creds) Is there something wrong with my Samba4 AD DC setup. Kindly help me. Vijay Thakur -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PROPOSAL: Remove SWAT in Samba 4.1
This is why it is smart to use a dedicated Firefox profile for banking, another profile just for email, another profile for web browsing.And of course, another dedicated profile for internal systems only such as for managing dd-wrt, switches, iLO, DRAC, webcams, webmin and swat. Safer is to have a dedicated swat xulrunner app. If you want to be safest, use Qubes-OS. Every user on the internet should know the following commands: Firefox -no-remote -CreateProfile swatUseOnly Firefox -no-remote -P swatUseOnly I use swat when I want to find the new config options because it is often the only documentation. Keep swat. It is not swan's fault, it is the users. On Sunday, February 17, 2013, Andrew Bartlett abart...@samba.org wrote: On Sun, 2013-02-17 at 20:52 -0500, Nico Kadel-Garcia wrote: On Sun, Feb 17, 2013 at 7:02 PM, Andrew Bartlett abart...@samba.org wrote: As most of you would have noticed, we have now had 3 CVE-nominated security issues for SWAT in the past couple of years. Has webmin kept up to date with the latest structural changes in smb.conf? I'll admit that I've long preferred the webmin module structure over the dedicated add-on structures of swat. It seems webmin has much the same challenges, perhaps because it's a package of a similar age. Or web security is just hard... http://www.webmin.com/security.html smb.conf hasn't changed structure in a long time, but we do add/remove options each release. Neither is likely to do the AD DC stuff very well right now. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos samba-3x / samba-3.6.6 - win7 will not join domain
Did you join the win7 client to the samba3 domain using smbpasswd -m. Did you set the registry hacks on the win 7 client. Sometimes the win 7 machines need to set the wins server to your Samba/pdc and netbios enabled. Good luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von peter lawrie Gesendet: Montag, 18. Februar 2013 00:59 An: Thomas Simmons Cc: samba@lists.samba.org Betreff: Re: [Samba] Centos samba-3x / samba-3.6.6 - win7 will not join domain Hi Thanks, but I've already done that. Now I'm getting active directory domain controller could not be contacted. I have renamed my win7 PC as pjl-win7 and restarted PC, server and router to ensure all match I also changed the workgroup in Samba from Glendiscovery to glendisc, my PC is still on the windows workgroup and can access the shares. There is also an XP machine, computer1 on 'workgroup', once I've fixed the win7 problem, I'll be checking it can also join the domain. browse.dat has: GLENDISCc0001000 CENTOS55GLENDISC CENTOS55408c9a23 Samba Server Version 3.6.6-0.129.el5 GLENDISC WORKGROUP c0001000 COMPUTER1 WORKGROUP GLENDISCOVERY c0001000 PJL-WIN7 GLENDISCOVERY I was recommended to add some lines to smb.conf, so it now has [root@centos55 samba]# cat smb.conf # Samba config file created using SWAT # from UNKNOWN (0.0.0.0) # Date: 2013/02/17 23:16:46 [global] lanman auth = yes log file = /var/log/samba/%m.log name resolve order = bcast host lmhosts wins socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 obey pam restrictions = Yes client ntlmv2 auth = yes logon drive = z: ntlm auth = Yes domain master = Yes idmap config * : range = time server = Yes wins proxy = No passwd program = /usr/bin/passwd %u wins support = true netbios name = centos55 cups options = raw server string = Samba Server Version %v password server = none logon script = scripts\%U.bat unix password sync = Yes idmap config * : backend = tdb workgroup = GLENDISC logon path = os level = 64 auto services = global printcap name = cups preferred master = yes max log size = 50 pam password change = Yes [homes] valid users = %S read only = No browseable = No [netlogon] comment = netlogon path = /datastore/netlogon valid users = @adm, @users read only = No [company] comment = company share path = /datastore/company valid users = @adm, @users force group = users read only = No create mask = 0775 force create mode = 0775 directory mask = 0775 force directory mode = 0775 inherit permissions = Yes use sendfile = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No On 17 February 2013 23:47, Thomas Simmons twsn...@gmail.com wrote: Have you made the necessary registry changes on the Win7 workstation (see link)? If properly configured, Win7 works perfectly fine with current versions of Samba 3. https://wiki.samba.org/index.php/Windows7 On Sun, Feb 17, 2013 at 3:40 PM, peter lawrie peter.law...@glendiscovery.co.uk wrote: Hi Some advice needed on samba-3.6.6 for win7 Since getting my win7 ultimate pc, I've only used my centos server with samba for a workgroup connection. Previously I had an XP client on this domain. I've updated today (17 feb 2013) to the latest centos5.9 (Linux 2.6.18-348.1.1.el5.centos.plus on i686) which includes samba3x with samba-3.6.600.129_el5 passdb backend has to be tdbsam now for win7, not smbpasswd I've tried repeatedly to join the domain without success. My win7 ultimate machine supposedly has the ability to join a domain Provided I ensure that nmbd as well as smbd is running, it gives the username and password login form and then The following error occurred attempting to join the domain glendisc The specified domain either does not exist or could not be contacted Since getting the win7 PC I have been connecting to workgroup 'glendiscovery' by the server IP address, so it has not previously been on the domain. I deliberately changed the name to glendisc to avoid possible issues. I can still connect to my workgroup shares I noted that the samba user root had
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via dcc94f0 s4-nbt: Ensure source4/ nbt client and server honour 'disable netbios' from 6dfb35f Fallback to the internal resolver on EAI_FAIL. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dcc94f093317ffa2bbbc776fb82657088eb63305 Author: Andrew Bartlett abart...@samba.org Date: Wed Feb 6 20:58:18 2013 +1100 s4-nbt: Ensure source4/ nbt client and server honour 'disable netbios' Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Sun Feb 17 11:25:34 CET 2013 on sn-devel-104 --- Summary of changes: source4/libcli/resolve/resolve_lp.c |8 ++-- source4/nbt_server/nbt_server.c |5 + 2 files changed, 11 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libcli/resolve/resolve_lp.c b/source4/libcli/resolve/resolve_lp.c index 69c05a2..92e11f0 100644 --- a/source4/libcli/resolve/resolve_lp.c +++ b/source4/libcli/resolve/resolve_lp.c @@ -32,9 +32,13 @@ struct resolve_context *lpcfg_resolve_context(struct loadparm_context *lp_ctx) for (i = 0; methods != NULL methods[i] != NULL; i++) { if (!strcmp(methods[i], wins)) { - resolve_context_add_wins_method_lp(ret, lp_ctx); + if (lpcfg_disable_netbios(lp_ctx) == false) { + resolve_context_add_wins_method_lp(ret, lp_ctx); + } } else if (!strcmp(methods[i], bcast)) { - resolve_context_add_bcast_method_lp(ret, lp_ctx); + if (lpcfg_disable_netbios(lp_ctx) == false) { + resolve_context_add_bcast_method_lp(ret, lp_ctx); + } } else if (!strcmp(methods[i], file)) { resolve_context_add_file_method_lp(ret, lp_ctx); } else if (!strcmp(methods[i], host)) { diff --git a/source4/nbt_server/nbt_server.c b/source4/nbt_server/nbt_server.c index 175ad5e..232fb9d 100644 --- a/source4/nbt_server/nbt_server.c +++ b/source4/nbt_server/nbt_server.c @@ -48,6 +48,11 @@ static void nbtd_task_init(struct task_server *task) return; } + if (lpcfg_disable_netbios(task-lp_ctx)) { + task_server_terminate(task, nbtd: 'disable netbios = yes' set in smb.conf, shutting down nbt server, false); + return; + } + task_server_set_title(task, task[nbtd]); nbtsrv = talloc(task, struct nbtd_server); -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-02-17-1226/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-02-17-1226/samba3.stderr http://git.samba.org/autobuild.flakey/2013-02-17-1226/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-02-17-1226/samba.stderr http://git.samba.org/autobuild.flakey/2013-02-17-1226/samba.stdout The top commit at the time of the failure was: commit dcc94f093317ffa2bbbc776fb82657088eb63305 Author: Andrew Bartlett abart...@samba.org Date: Wed Feb 6 20:58:18 2013 +1100 s4-nbt: Ensure source4/ nbt client and server honour 'disable netbios' Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Sun Feb 17 11:25:34 CET 2013 on sn-devel-104