Re: [Samba] Cleanup CN=Deleted Objects, DC=DomainDnsZones, DC=domain, DC=local
Am 25.07.2013 17:32, schrieb Achim Gottinger: Am 25.07.2013 16:57, schrieb Achim Gottinger: Hi, Due to an not so well coded dns update script my /var/lib/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=DOMAIN,DC=LOCAL.ldb db consumes now ~500MB. So i decided to delete all the Outdated records. I prepared an list of all the DN's with Base DC=DomainDnsZones,DC=domain,DC=local and Attribute isDeleted=TRUE. There are about 8 outdated entries whom i plan to delete. If I loop over each line in my list and run ldbdel -H DC=DOMAINDNSZONES,DC=DOMAIN,DC=LOCAL.ldb [DN] it takes about an second for each entry so it would take about 22h to delete them all. Is there a way i can speed things up? Thanks in advance achim~ Found an faster solution using ldbmodify so never mind. Well it turned out that removing all these deleted dns records via ldbmodify on my two ad dc's results in an inconsistent dns database. Means i can not delete records via samba-tool or windows DNS server gui. After the deleteion and an tdbbackup of the ldb file it had shrunk to ~1MB. I assume i have to wait now till these old entries expire. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Error running samba-tool dbtool --reset-well-known-acls
Hi, I updated my two samba DC's from 4.0.3 to serner 4.0.7. Both servers run debian wheezy and the add was created at the beginning of the year with an classic upgrade to version 4.0.0. Recent release notes do not provide information about required upgrade tasks. So i ran. samba-tool dbcheck --reset-well-known-acls. On the first DC it found a few errors about missong members in computer groups whom where fixable with samba-tool dbcheck --reset-well-known-acls --fix. On my second DC however one issue remains. samba-tool dbcheck --reset-well-known-acls Checking 336 objects Not fixing nTSecurityDescriptor on CN=RID Set,CN=DC1,OU=Domain Controllers,DC=domain,DC=local Please use --fix to fix these errors Checked 336 objects (1 errors) samba-tool dbcheck --reset-well-known-acls --fix Checking 336 objects Fix nTSecurityDescriptor on CN=RID Set,CN=DC1,OU=Domain Controllers,DC=domain,DC=local? [y/N/all/none] y Failed to fix attribute nTSecurityDescriptor : (65, objectclass_attrs: at least one mandatory attribute ('rIDNextRID') on entry 'CN=RID Set,CN=DC1,OU=Domain Controllers,DC=domain,DC=local' wasn't specified!) Checked 336 objects (1 errors) This is the global section of my smb.conf on DC1. Only netbios name and dns forwarder are different on DC2. # Global parameters [global] workgroup = DOMAIN realm = domain.local netbios name = DC1 server role = active directory domain controller dns forwarder = 192.168.200.200 idmap_ldb:use rfc2307 = yes log level = 1 strict allocate = yes acl:read=false template shell = /bin/bash wins support = Yes deadtime = 10 socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=120 TCP_KEEPINTVL=10 TCP_KEEPCNT=5 ea support = yes store dos attributes = yes map readonly = no map archive = no map system = no map hidden = no I connected to both DC's with ADSI and checked rIDNextRID DC1: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=domain,DC=local = 6247 CN=RID Set,CN=DC2,OU=Domain Controllers,DC=domain,DC=local = 0 DC2: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=domain,DC=local = not defined (german Nicht Festgelegt) CN=RID Set,CN=DC2,OU=Domain Controllers,DC=domain,DC=local = 6714 Unfortunately i was not able to change that attribute from undefined to 0 on DC2. I want to avoid editing ldb files by guess so i'd appreciate suggestions. Thanks in advance achim~ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win 2003 DC Demotion
On 07/23/2013 10:49 PM, Garth Keesler wrote: Sorry, I forgot to mention. This ONLY occurs when I join Samba 4.x to an existing Windows domain. When I join a Windows DC to an existing Samba 4.x domain, all works correctly including Forest and Domain bi-directional DNS repl. Thanx, Garth Hi Garth, It was once working in my test environment, but I do not know why. We had a little discussion some months ago [1]. But most of the time I was also having issues demoting Windows DCs (mostly with the samba-internal DNS database which told me the database is inconsistent as soon as I tried to add new records). As we do have small environments with about 30 users and we do use puppet for deployment, I have chosen not do to migration/demoting of existing Windows domains. I am starting now from scratch with new Samba4 domains which seems to work very well with single or multiple domain controllers. Sorry, not really helpful but I do not have an answer to the question. It's just my experience. Maybe it's because I'm using the old version which is used with Debian Wheezy, I don't know. Regards Peter [1] https://lists.samba.org/archive/samba/2013-February/171583.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 8 pro and Samba 4
I installed opensuse 12.2, and upgraded the samba 3 it came with to samba 4. I successfully joined win xp, win 7 clients to the samba as domain controller but couldn´t join win 8 prof (it keeps displaying domain does not exist message). Does samba 4 really support win 8 prof or we have to wait for some time? Emeka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 8 pro and Samba 4
Hello Emeka, Am 28.07.2013 18:39, schrieb iss...@aralar.edunet.es: I installed opensuse 12.2, and upgraded the samba 3 it came with to samba 4. I successfully joined win xp, win 7 clients to the samba as domain controller but couldn´t join win 8 prof (it keeps displaying domain does not exist message). Does samba 4 really support win 8 prof or we have to wait for some time? I have one w8 prof in my Samba AD test environment and it works without problems. - Are there any messages/erros in the samba/windows log? - Can the DNS on your w8 resolve the Samba Domain? Please give some more information. That would make it easier to help you. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] uid number from AD out of winbinds upper limit (1410065407)?
Hello, I'm seem to be hitting an upper limit on the range in winbind for idmap or I have something configured incorrectly... Here are the lines from my smb.conf idmap config CORP:range = 10-99 idmap config CORP:backend = ad idmap config CORP:schema_mode = rfc2307 [2013/07/05 14:47:09.217707, 5] ../source3/passdb/pdb_interface.c:1392(pdb_default_uid_to_sid) pdb_default_uid_to_sid: Did not find user joshua (1951526546) [2013/07/05 14:47:09.217775, 5] ../source3/winbindd/idmap_tdb_common.c:397(idmap_tdb_common_unixid_to_sid) Requested id (1951526546) out of range (10 - 1410065407). Filtered! Has anyone else had this issue using uid numbers so large? (sorry to the samba technical list, I accidentally posted there first) Joshua -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] R2 2008 Windows Domain Contoller VS Samba
Hi Rama, Assuming that your 3.0.28 is the Solaris-provided Samba, install the various Samba patches per the Oracle site. This error is well known and is resolved in Samba 3.5 and onward in the 3. series. All that was easy for me to say. I can also appreciate that you are now under the gun to restore user access to their Samba-mediated files. Unfortunately, implementation of Sun patches is not that straightforward. Depending on the U version of Solaris 5.10, you may have a great deal of pre-patching to do in preparation for the Samba upgrade/patch. To avoid the hassle of a major patch project if your Solaris is at a very low U level, you may want to run Live Upgrade (which has its own patch requirements) to get to a relatively high U release level (i.e., U8, U9 or U10). Oracle has lots of documentation on running Live Upgrade, but we found that that a key preparation was purchasing/obtaining a bunch of used disks that have the same SUN part numbers as the root devices and can thus serve as target devices for the LU upgrade. A decent guideline is patch Samba if above U5; at or below U5 use LU to upgrade. But be consistent; if most of your systems are U8 with one or two at U5, then LU the two laggards to get to U8. You'll also need Sun media for the Solaris version you want to update to if going the LU route. If you don't want to go the LU path and you're not at too low a U releas e, you can probably get to 3.5 by patching and heeding the patch notes requests for pre-requisites and gotchas (always at the bottom of the document). This is a somewhat less complex problem if you have only a single Sun Samba server, but the strategy of making and preserving bootable root devices still applies. Overall, it's a long slog, but doable. Hope the above was useful. Andy Colb -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Chillara, Rama Sent: Monday, July 01, 2013 3:19 PM To: samba@lists.samba.org Subject: [Samba] R2 2008 Windows Domain Contoller VS Samba Hi, We are using samba version 3.0.28 on Sun solaris 5.10 integrated with Windows 2003 Domain Controller. It has been running for couple of years without any issues. Recently the 2003 domain controllers are upgraded to 2008 R2 domain Controllers and the samba server that we currently have is not authenticating With the new domain controllers. Could you please let me know which version of Samba works for the 2008 R2 domain controller on Sun solaris 5.10. Thank you in advance. Thank you, Rama. /preThis message is confidential, intended only for the named recipient(s) and may contain information that is privileged or exempt from disclosure under applicable law. If you are not the intended recipient(s), you are notified that the dissemination, distribution, or copying of this message is strictly prohibited. If you receive this message in error or are not the named recipient(s), please notify the sender by return email and delete this message. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: About samba 3.0.28 trust AD
Hi, I had a RedHat 5.2 need to trust domain the Windows Server 2008 R2 (forest level 2003). Which package I need to install first? I am using samba-3.0.28 but I have no samba-winbind. May I know procedures of trust setting in Linux? Thanks for your help. Warm Regards, MW -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 4 userid mapping
Complete new user here. Setting up my first samba configuration, using samba 4.0.6 as a primary domain controller. I have user profiles, network shares, active directory, and domain controller working. But I can not understand how to map windows userid to linux userid (and map groupid as well). I am struggling because much of the documentation is outdated and meant for samba 3.x or targetted for samba as a domain member. I followed some documentation to try the userid mapping through active directory, but that required Microsoft services for Unix 3.5, which will not install on 64 versions of MS. I find myself without any orientation of how to proceed. I am suffering from documentation overload, much of it contradictory or not applicable. I am not even sure how to use winbind, or if that is required for my situation. I really need a simple step by step howto that is specific to samba 4 as a PDC. If you want to reference documentation, great, but please reference specific sections instead of whole general chapters. Any help greatly appreciated. Thank you. Configuration information follows: Server OS: OpenSuSE 12.1, 64 bit Samba: Samba 4.0.6 Configuration: Primary domain controller with active directory support Using BIND 9 DNS server Client OS: Windows 7 Professional, 64 bit Samba configuration file # Global parameters [global] workgroup = MYDOMAIN realm = MYDOMAIN.ORG netbios name = SERVER wins support = Yes server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate encrypt passwords = yes # Setup user maps idmap config * : backend = tdb idmap config * : range = 10-19 idmap config MYDOMAIN : backend = ad idmap config MYDOMAIN : schema_mode = rfc2307 idmap config MYDOMAIN : range = 5-9 winbind nss info = rfc2307 winbind trusted domains only = No winbind use default domain = Yes winbind enum users = Yes winbind enum groups = Yes # Logon path tells samba where to put Windows roaming profiles logon path = \\%h\profiles\%u # Logon home is used to specify home directory and # Windows 95/98/ME roaming profile location logon home = \\%h\%u\.win_profiles # Allow Samba to send correct time to windows time server = Yes # Set logging options log file = /var/log/samba/log.odeon # Shares configurations follows. Not included for brevity . . . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] domain RODC fails with default provisioning
We're evaluating joining another samba domain controller in read-only mode. With a default provisioning, when running the samba-tool domain RODC, it fails with the following error: ldb: ldb_trace_request: (tdb)-search ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search ldb_wrap open of hklm.ldb ldb: start ldb transaction (nesting: 0) ldb: ldb_trace_request: (tdb)-start_transaction ldb: start ldb transaction error: (null) ldb: ldb_trace_request: ADD dn: @ATTRIBUTES changetype: add key: CASE_INSENSITIVE value: CASE_INSENSITIVE control: NONE ldb: ldb_trace_request: (tdb)-add ldb: ldb_trace_request: (tdb)-prepare_commit ldb: commit ldb transaction (nesting: 0) ldb: ldb_trace_request: (tdb)-end_transaction Key 'key=SOFTWARE,hive=NONE' not found key added: key=SOFTWARE,hive=NONE Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE About to write CurrentVersion with type (null), length 3: 6.1 Key 'key=SYSTEM,hive=NONE' not found key added: key=SYSTEM,hive=NONE Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE About to write ProductType with type (null), length 8: LanmanNT Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE About to write RefusePasswordChange with type dword, length 8: Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE lpcfg_servicenumber: couldn't find ldb lpcfg_servicenumber: couldn't find ldb lpcfg_servicenumber: couldn't find ldb lpcfg_servicenumber: couldn't find ldb partition_metadata: Migrating partition metadata krb5_init_context failed (Invalid argument) smb_krb5_context_init_basic failed (Invalid argument) talloc: access after free error - first free may be at @�3 Bad talloc magic value - access after free Aborted Is there something special to be done prior to the domain join command? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Domain Rename
Hi Team, I am using samba 4 Domain in my production environment and everything is working fine but now for some reason I have to rename the domain Can you please help on this, I need to do this asap Waiting for your response……… Many Thanks, Sandeep Kumar *Arbor Financial Systems Ltd*** Direct: +91 172 400 6144 Support: +44 (0) 203 070 9650 www.arborfs.com -- www.arborfs.com This e-mail and any attachment are confidential and contain proprietary information, some or all of which may be legally privileged. It is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient, please notify the author immediately by telephone or by replying to this e-mail, and then delete all copies of the e-mail on your system. If you are not the intended recipient, you must not use, disclose, distribute, copy, print or rely on this e-mail. Whilst we have taken reasonable precautions to ensure that this e-mail and any attachment has been checked for viruses, we cannot guarantee that they are virus free and we cannot accept liability for any damage sustained as a result of software viruses. We would advise that you carry out your own virus checks, especially before opening an attachment. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Domain Rename
Hi Team, I am using samba 4 Domain in my production environment and everything is working fine but now for some reason I have to rename the domain Can you please help on this, I need to do this asap Waiting for your response……… Many Thanks, Sandeep Kumar *Arbor Financial Systems Ltd*** Direct: +91 172 400 6144 Support: +44 (0) 203 070 9650 www.arborfs.com -- www.arborfs.com This e-mail and any attachment are confidential and contain proprietary information, some or all of which may be legally privileged. It is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient, please notify the author immediately by telephone or by replying to this e-mail, and then delete all copies of the e-mail on your system. If you are not the intended recipient, you must not use, disclose, distribute, copy, print or rely on this e-mail. Whilst we have taken reasonable precautions to ensure that this e-mail and any attachment has been checked for viruses, we cannot guarantee that they are virus free and we cannot accept liability for any damage sustained as a result of software viruses. We would advise that you carry out your own virus checks, especially before opening an attachment. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Wheezy Samba+Winbind+AD+PAM
Greetings fellow Samba enthusiasts! I am having an issue after upgrading to the latest version of wheezy from my former squeeze on my testing node. I am unable to login anymore as my AD user erin. i can do the following commands successfully but not getent passwd erin or logging in to the system via the console. It is currently a fresh install all i did was copy my krb.conf, samba.conf, and pam.d/* directories or files over. I also installed all the packages i though i needed. I have this same setup work on 7 other (squeeze) machines and i got no issue with them at all. I am enclosing a couple pastebin as well. There is a lot of information to look at. If you have any questions or need more info send me an email and i will respond after work tonight. Thanks so much! Aaron G. ##INFO PASTEBIN: http://sprunge.us/MXbS ERROR: root@testing:~# login erin Password: Login incorrect testing login: ^C root@testing:~# tail /var/log/auth.log Jul 11 04:14:44 testing login[4821]: pam_securetty(login:auth): access denied: tty '/dev/pts/0' is not secure ! Jul 11 04:14:50 testing login[4821]: pam_unix(login:auth): check pass; user unknown Jul 11 04:14:50 testing login[4821]: pam_unix(login:auth): authentication failure; logname=root uid=0 euid=0 tty=/dev/pts/0 ruser= rhost= Jul 11 04:14:50 testing login[4821]: pam_winbind(login:auth): getting password (0x0050) Jul 11 04:14:50 testing login[4821]: pam_winbind(login:auth): pam_get_item returned a password Jul 11 04:14:50 testing login[4821]: pam_winbind(login:auth): user 'erin' granted access Jul 11 04:14:53 testing login[4821]: FAILED LOGIN (1) on '/dev/pts/0' FOR 'UNKNOWN', User not known to the underlying authentication module root@testing:~# oot@testing:~# ./samba-check.sh + klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: e...@thrace.lan Valid startingExpires Service principal 10/07/2013 20:27 11/07/2013 06:26 krbtgt/thrace@thrace.lan renew until 11/07/2013 20:27 + net ads info LDAP server: 192.168.1.219 LDAP server name: bkdc.thrace.lan Realm: THRACE.LAN Bind Path: dc=THRACE,dc=LAN LDAP port: 389 Server time: Thu, 11 Jul 2013 04:14:43 EDT KDC server: 192.168.1.219 Server time offset: -51 + wbinfo -u guest administrator krbtgt teddy erin camaron sarah matt ripper nancy summer justin dummy pcthrace nathan + wbinfo -g domain computers cert publishers domain users domain guests ras and ias servers domain admins schema admins enterprise admins group policy creator owners allowed rodc password replication group denied rodc password replication group enterprise read-only domain controllers read-only domain controllers domain controllers dnsadmins dnsupdateproxy nagios http ssh lan-login computers-group + getent passwd erin root@testing:~# -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Ubuntu as Samba Domain Member
Hi All, I need your help with my problem. I want SAMBA to be the PDC for my Ubuntun workstations. The SAMBA in installed in Ubuntu also the version for the server and workstations are 12.04. I have successfully joined the workstations to the SAMBA server but I can't login to it using the users I created in SAMBA. Can you anybody tell me the steps on how to do this? Do I also need to add the Ubuntu workstations in SAMBA? Regards, John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] About NAS versus Samba
Hi ! QNAP TurboNas (our model number is TS-EC1279U-RP) do successfully the trick. Joined as a member to our S4 AD, we use it as a cifs server in a mixed environnement. The server is ssh opened, and the configuration files (ex : smb.conf) could be modified by hand or by an automated script. We've linked it to our group creation and actually offer good and simple services. Cheers, --- *** Oliver -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] oLschema2ldif segfault
This is a very good news, no only problems with BINARY (I fill the Bug 9567 to others and ever is the same problem) 2013/7/12 Andrew Bartlett abart...@samba.org On Thu, 2013-07-11 at 13:11 -0500, Bo Kersey wrote: I'm seeing a oLschema2ldif segfault when it comes across attributetypes with syntax '1.3.6.1.4.1.1466.115.121.1.5' that is a BINARY attribute. Is this by design? Can I store binary attributes in samba4 ldap? We need to remove this tool, and someone needs to write a replacement in python. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- Alejandro Escanero Blanco Consultor de sistemas basados en fuentes abiertas Desarrollador de FusionDirectory (http://www.fusiondirectory.org) Blog: http://www.disasterproject.com Jabber: blain...@jabberes.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] WARNING to those running Samba on OpenIndiana or other Illumos based systems with 16 groups
On Sun, Jul 14, 2013 at 8:23 AM, Andrew Bartlett abart...@samba.org wrote: On Wed, 2013-04-24 at 10:31 +1000, Andrew Bartlett wrote: Just a heads-up, because this bug took me absolutely ages to chase down, and I want to save others the same pain. Samba is perhaps the most prominent reason why you might find a user in more than 16 groups on a Unix system, and so this bug may at first appear to be a 'Samba issue' (that certainly is why it found it's way to my attention :-) https://www.illumos.org/issues/3691 In short, unless the group list we supply to setgroups() is sorted, if there are more than 16 groups, the Illumos kernel fails to honour some of the groups. Presumably there is a bisection search being done. The symptom for Samba users is that as a user is added to more groups, they loose access to folders they previously had access too. Attached is a total hack that appears to resolve the issue, but the real fix needs to be in glibc or the kernel. Just as a follow-up, if you experience this please also see https://www.illumos.org/issues/3577 and https://bugzilla.samba.org/show_bug.cgi?id=7588 for WORKAROUNDS if you cannot fix/change your host OS. There is a patch for nss_winbind and smbd attached to that bug, both of which are required to ensure both Samba and other unix applications see all the windows groups. As we have now had success getting this fixed upstream I've not had time to get back to applying these to Samba when we run on Solaris, but the view was that for the small cost of a qsort we probably should. If a DENY ACL is involved, this may also be a SECURITY issue, which is how we finally got the route cause addressed upstream. Andrew, As the upstream developer who fixed the issue: The fix had nothing to do with security. It had to do with Bjorn posting the root cause, and that frankly I found sorting the list in samba beyond fugly. I look at the fact you sorted the list in samba and just shake my head... The same qsort put in the illumos kernel fixes the issue for good. Given our past history with such bugs, I'd expect we'll tell people to upgrade their OS. Thanks, -Ira -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbldap-usermod timeout for Terminal Server
Hello, Following to this old post (Tue Jul 6 02:22:22 MDT 2010), here is the solution I found : - stop nscd : /etc/init.d/nscd stop - restart samb : /etc/init.d/samba restart - start nscd : /etc/init.d/nscd start ...in this order ! Roland. Hello, When I modify a user account adding him to a customized group, there is a delay which can be up to 2 hours to take effect. - the user account is already created with smbldap-useradd. - the user account is modified later (with smbldap-usermod), adding him to a group which has the right allow log on through terminal services properties on the local security policy The samba server act as a PDC. I've tried a lot of things to bypass the delay : - restart of samba - restart of openldap - gpupdate /force on windows server - modify the delay in GPO : group policy refresh interval for users and for computers - purge of samba cache in /var/cache/samba - purge of nscd cache in /var/cache nscd If I give the right directly to the user on windows server, it take effect immediatly and I can log on Terminal Server. The error message I have when the policy hasn't take yet effect is to log on this remote computer, you must be granted the allow log on through terminal services right. By default, members of the Remote Desktop Users group have this right. If you are not a member of remote desktop users group ot another group that has this right, or if the remote desktop user group does not have this right, you must be granted this right manually. It seem that there is a cache for groups. What service can be responsible of this delay ? Terminal server, GPO, samba, ldap, some cache,... ? Thank you for your help or advice --- Roland JARRY -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 migration issues (wbinfo errors and UPNs)
I migrated over a Samba 3/LDAP domain to Samba 4 in a test environment. After a few bumps due to not having all my machine accounts as posixAccounts and clashing user/group names, the migration went relatively smoothly. Great work, Samba team! I have a few standing issues that I haven't been able to shake out: 1. wbinfo returns various errors when run on the DC. wbinfo -D MYDOMAIN returns a SID of S-1-2-3-4. Typing gibberish for the domain name yields the same results. wbinfo --dc-info= returns Could not find dc info example.com. Using the short name doesn't work either. wbinfo -u/-g does work. As does getent passwd/group for domain users. The `net` command generally works for the equivalent queries however. For instance `net ads info` returns the correct information. Running wbinfo queries from a member server DOES seem to always work. 2. UPNs don't work on the DC (wbinfo -i, getent, pam, etc). wbinfo -i user@domain fails with: failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user u...@example.com UPNs do work on Samba 4 members however. I did spotted this interesting bit in the log: [2013/07/16 12:37:05.642113, 6, pid=6033, effective(0, 0), real(0, 0)] ../lib/u til/util_ldb.c:60(gendb_search_v) gendb_search_v: DC=ad,DC=tsasinc,DC=com ((sAMAccountName= rb...@example.com )(objectSid=*)) - 0 [2013/07/16 12:37:05.642192, 1, pid=6033, effective(0, 0), real(0, 0)] ../librp c/ndr/ndr.c:282(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count: 0x (0) domains : NULL max_size : 0x (0) sids : * sids: struct lsa_TransSidArray count: 0x0001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8 ) rid : 0x (0) sid_index: 0x (4294967 295) count: * count: 0x (0) result : NT_STATUS_NONE_MAPPED That message only comes up when running wbinfo -i on the server, not on a member. It feels a little off that its searching for the UPN in sAMAccountName. I'm using the sernet 4.0.7-4 packages on Centos 6.4 64bit, no Samba 3 binaries in sight. Samba logs all look clean. DNS, LDAP and Kerberos all works as expected. I have a feeling that both issues have a common cause, but have been unable to find it. Any ideas on either of these issues? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] open_sockets_smbd: accept: Protocol error
Hello: I have Samba 3.0.30 running on SCO Openserver 6. It seems to work fine, but I get this error in /var/adm/messages: Jul 17 08:15:03 smbd[5023]: [2013/07/17 08:15:03, 0] smbd/server.c:(527) Jul 17 08:15:03 smbd[5023]: open_sockets_smbd: accept: Protocol error Jul 17 08:16:22 smbd[5056]: [2013/07/17 08:16:22, 0] smbd/server.c:(527) Jul 17 08:16:22 smbd[5056]: open_sockets_smbd: accept: Protocol error Jul 17 08:26:14 smbd[5056]: [2013/07/17 08:26:14, 0] smbd/server.c:(527) Jul 17 08:26:14 smbd[5056]: open_sockets_smbd: accept: Protocol error Jul 17 08:27:09 smbd[5088]: [2013/07/17 08:27:09, 0] smbd/server.c:(527) Jul 17 08:27:09 smbd[5088]: open_sockets_smbd: accept: Protocol error Jul 17 08:28:34 smbd[5103]: [2013/07/17 08:28:34, 0] smbd/server.c:(527) Jul 17 08:28:34 smbd[5103]: open_sockets_smbd: accept: Protocol error Jul 17 08:57:35 smbd[5103]: [2013/07/17 08:57:35, 0] smbd/server.c:(527) Jul 17 08:57:35 smbd[5103]: open_sockets_smbd: accept: Protocol error Anyone know how to fix this? Here is my smb.conf: [global] workgroup = COMPANY server string = OSR6 Samba Server interfaces = net0, lo0 bind interfaces only = Yes password server = passdb backend = tdbsam log level = 3 passdb:5 tdb:10 auth:10 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY=0 SO_KEEPALIVE=1 SO_RCVBUF=8192 SO_SNDBUF=8 192 preferred master = No local master = No dns proxy = No admin users = root, bjrtb hosts allow = 192.168.1., 192.168.2., 127. [print] comment = Print Writeable path = /usr/print valid users = bjrtb read only = No create mask = 0765 The entire samba log is below. Thanks, Bill Betz # cat sm.log Copyright Andrew Tridgell and the Samba Team 1992-2008 [2013/07/17 08:28:33, 2] param/loadparm.c:(3811) Processing section [print] [2013/07/17 08:28:33, 2] param/loadparm.c:(3811) Processing section [printpublic] [2013/07/17 08:28:33, 2] param/loadparm.c:(3811) Processing section [root] [2013/07/17 08:28:33, 3] param/loadparm.c:(2725) adding IPC service [2013/07/17 08:28:33, 3] printing/pcap.c:(117) reloading printcap cache [2013/07/17 08:28:33, 3] printing/pcap.c:(223) reload status: ok [2013/07/17 08:28:33, 3] printing/pcap.c:(117) reloading printcap cache [2013/07/17 08:28:33, 3] printing/pcap.c:(223) reload status: ok [2013/07/17 08:28:33, 2] lib/interface.c:(81) added interface ip=192.168.1.18 bcast=192.168.1.255 nmask=255.255.255.0 [2013/07/17 08:28:33, 2] lib/interface.c:(81) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2013/07/17 08:28:33, 3] smbd/server.c:(982) loaded services [2013/07/17 08:28:33, 3]
[Samba] Samba4 and classicupgrade and winbind
Hi, I found the source of my problem with set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER (I hope). The problem is dut to winbind. In my ldap tree, I have uid and gid. Why samba 4 don't use theses informations ? In attached file : output of classic-upgrade (debug level 5) I don't want to use winbind. I just want to use pam_ldap or nslcd for have unix information from samba ldb regards Stéphane --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.6.16 and kinit
Hi. When I'm trying to join a machine to a domain via ADS I get kerberos_kinit_password d...@norma.com failed: Looping detected inside krb5_get_in_tkt. In the same time plain kinit d...@norma.com from a console gives me a ticket without errors. Is this a bug (so I should report it) or can this still be some misconfiguration on my side ? I'm doing this on testparm-approved config file from 3.5.x. P.S. FreeBSD 10.0-CURRENT. Thanks. Eugene. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Git- Samba 4.1 Glusterfs 3.4, CentOs 6.4
Hmmm... Odd... Okay. Open a bug for it in the Samba Bugzilla and I will follow up. Chris -)- On Wed, Jul 24, 2013 at 08:24:20AM +0200, Daniel M?ller wrote: This is the result when deleting the vfs-glusterfs.c and then running make:# Project rules pass Waf: Leaving directory `/root/samba4/samba-master/bin' source not found: 'vfs_glusterfs.c' in 'dir:///root/samba4/samba-master/source3/modules' make: *** [all] Fehler 1 I am afraid there is more to do in configure and configure.developer --- EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Urspr?ngliche Nachricht- Von: Christopher R. Hertel [mailto:c...@ubiqx.mn.org] Gesendet: Mittwoch, 24. Juli 2013 07:55 An: Daniel M?ller Cc: samba@lists.samba.org; samba-techni...@samba.org Betreff: Re: Git- Samba 4.1 Glusterfs 3.4, CentOs 6.4 Daniel, If we can reproduce the build bug, we will certainly work to fix it. The vfs_glusterfs module is, however, fairly new so there has not been time to produce useful documentation. If you would like to contribute documentation, we'll be happy to review it. The Gluster VFS project is hosted on forge.gluster.org. Please provide the BZ number of the Bugzilla bug you're created for this. Also, you should be able to work around the problem by deleting the vfs_glustefs.c file from the source tree. You'll find it in source3/modules/. Chris -)- On Wed, Jul 24, 2013 at 07:40:34AM +0200, Daniel M?ller wrote: Dear all, to your notice:Samba 4.1 pulled from git will not compile under CentOs 6.4 if Glusterfs 3.4 is installed from epel-repo. Make will die with an error concerning vfs modul glusterfs. There should be more documentation about the vfs modul glusterfs. Daniel --- EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Git- Samba 4.1 Glusterfs 3.4, CentOs 6.4
Daniel, If we can reproduce the build bug, we will certainly work to fix it. The vfs_glusterfs module is, however, fairly new so there has not been time to produce useful documentation. If you would like to contribute documentation, we'll be happy to review it. The Gluster VFS project is hosted on forge.gluster.org. Please provide the BZ number of the Bugzilla bug you're created for this. Also, you should be able to work around the problem by deleting the vfs_glustefs.c file from the source tree. You'll find it in source3/modules/. Chris -)- On Wed, Jul 24, 2013 at 07:40:34AM +0200, Daniel M?ller wrote: Dear all, to your notice:Samba 4.1 pulled from git will not compile under CentOs 6.4 if Glusterfs 3.4 is installed from epel-repo. Make will die with an error concerning vfs modul glusterfs. There should be more documentation about the vfs modul glusterfs. Daniel --- EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Advice Migrate Samba 3 to Samba 4
Hello, I've to migrate my old Samba 3 server on fedora 11 (without ldap) to Samba 4 on fedora 18 (on a new machine). I've read many topics about samba migration but i can't find one about my case. Indeed since Fedora 15 linux users and groups IDs have passed from above 500 to above 1000. So I have to change those IDs (witch will change rid...). Will this modification interfere in the migration process? - If not when should I change UIDs/GIDs: after Fedora migration, after Samba migration? - Otherwise what should I do? I would prefer that my clients can connect to the new server without having to do any change. regards, AD -- View this message in context: http://samba.2283325.n4.nabble.com/Advice-Migrate-Samba-3-to-Samba-4-tp4651525.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with Microsoft.com domain address translation in Samba 4 AD.
Hi, First of all I’d like to thank Samba 4 Dev Team. New Samba is a great product. I want to replace old Windows 2000 SBS in my school network. I’mtesting Samba in Virtualbox with 2 network cards. 1st network card (eth0) is connected to the Internet. Next card is connected to the Internal network (eth1) All of interfaces have assigned static IP I use Internal DNS, I also added iptables rules to redirect traffic to the router (of course I configured DNS server). I have Ubuntu Server 12.04 LTS. When I’ve tried visit Microsoft.com I get DNS error. I haven’t any problems with other websites such as Google or Youtube. I don’t know what I should do in that case. Best regards. Adrian Kastrau -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to migrate to Samba4 with samba-tool
If you need more informations just let me know... :) -- View this message in context: http://samba.2283325.n4.nabble.com/How-to-migrate-to-Samba4-with-samba-tool-tp4651564p4651565.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] WinXP not print - Samba3.6.6
Hi, maybe this will help you: [printers] ... use client driver = yes ... On 07/24/2013 11:46 PM, Thiago Parolin wrote: Hi, After upgrading samba from 3.5 to 3.6, WinXP can not print, and the samba log shows: [2013/07/24 17:40:00.377907, 0] rpc_server/spoolss/srv_spoolss_nt.c:1748(_spoolss_OpenPrinterEx) _spoolss_OpenPrinterEx: Cannot open a printer handle for printer \\spsi All other systems are ok. (until now) Any hint to fix this? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA MIGRATION: Help!
I wrote this topic because I want to migrate my Samba 3 server (on fedora). I've read almost *every* topics about the subject on this mail list and many other on the web. Following those tutorials I tried in so many way to move my server on Samba4 (fedora 18) but no one worked. I begin to be a little bit frustrated by the situation so I want to retry from de beginning but I need your advices. How would you migrate Samba in my case? Old Server: Samba 3 Fedora 11 without LAPD New server (new machine): Samba 4 Fedora 18 without LAPD *Rq: Linux users and groups IDs have changed (500 on F11 to 1000 on F18)* My configuration: [global] workgroup = SAMBA-TEST netbios name = serveurtest server string = %h encrypt passwords = yes NT ACL SUPPORT = yes security = user map to guest = Bad User hosts allow = 127. 192. log file = /var/log/samba/%m.log max log size = 50 passdb backend = smbpasswd os level = 33 domain master = yes preferred master = yes domain logons = yes logon script = logon.bat logon path = \\%L\Profiles\%U\%a logon home = wins support = yes dns proxy = no unix password sync = yes passwd program = /usr/bin/passwd %u #log level = 10 [profiles] comment = User profiles path = /home/samba/profiles create mask = 0600 directory mask = 0700 writeable = yes hide files = /desktop.ini/thumbs.db/ hide dot files = yes browseable = no [profiles.V2] copy = profiles [netlogon] comment = Script de login path = /home/samba/netlogon root preexec = /home/samba/netlogon/scriptserveur.sh %U %m %T %I %a 'login' root postexec = /home/samba/netlogon/scriptserveur.sh %U %m %T %I %a 'logout' readonly = yes guest ok = yes [partage] comment = partage path = /home/partage public = yes writable = yes read only = no browseable = yes printable = no Thx for any help you can provide :) -- View this message in context: http://samba.2283325.n4.nabble.com/SAMBA-MIGRATION-Help-tp4651582.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Slow Performance
On Sat, Jul 27, 2013 at 8:20 AM, Kinglok, Fong busywa...@gmail.com wrote: Dear all, After using samba 3 for two years, I have just spent totally one week finishing setting up a samba 4 file system in my working school. There are about 200 computers, 80+ staff, 1000 students and 10 printers. The AD was properly setup, mandatory profile and one GPO policy (which is printer download trust) is effective for all users. Logon script is for mapping four shares and 10 printers from the file server. Also, I have setup two additional DCs (with AD replication and DHCP server) for two other subnets in the hope to speed up the logon process. Hmmm, some further info might be useful. Is the Samba server an AD DC or a simple member server? Do you know (perhaps from a capture) whether the excess logon time is mostly caused by the initial authentication or by trying to retrieve the GPO and/or roaming profiles? Do you know whether or not Kerberos is being used or if the client is falling back to NTLM? -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: About samba 3.0.28 trust AD
Hello, Am 06.07.2013 15:26, schrieb Wong siu yu: I had a RedHat 5.2 need to trust domain the Windows Server 2008 R2 (forest level 2003). Which package I need to install first? I am using samba-3.0.28 but I have no samba-winbind. May I know procedures of trust setting in Linux? Please have a look here first: http://wiki.samba.org/index.php/FAQ#How_to_do_or_fix_..._in_an_outdated_Samba_version.3F Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 userid mapping
On Tue, 2013-07-09 at 18:22 -0700, Nick B wrote: Hi None of this works on a s4 DC # Setup user maps idmap config * : backend = tdb idmap config * : range = 10-19 idmap config MYDOMAIN : backend = ad idmap config MYDOMAIN : schema_mode = rfc2307 idmap config MYDOMAIN : range = 5-9 winbind nss info = rfc2307 winbind trusted domains only = No winbind use default domain = Yes winbind enum users = Yes winbind enum groups = Yes replace it with this: idmap_ldb use:rfc2307 = Yes make the winbind links: ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so ln -s libnss_winbind.so /lib64/libnss_winbind.so.2 and the nss stuff in /etc/nsswitch.conf: passwd: files winbind group: files winbind Now add the uidNumber and gidNumber attributes to the user or group DN in AD. YOu can use ldbmodify or ldbedit for that. If you are brave, you can build the master and use samba-tool add the attributes when you create the user. Note: if you want the whole of rfc2307 as your smb.conf suggests, then use sssd and forget about winbind. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: About samba 3.0.28 trust AD
On Sun, Jul 28, 2013 at 5:39 PM, Marc Muehlfeld sa...@marc-muehlfeld.de wrote: Hello, Am 06.07.2013 15:26, schrieb Wong siu yu: I had a RedHat 5.2 need to trust domain the Windows Server 2008 R2 (forest level 2003). Which package I need to install first? I am using samba-3.0.28 but I have no samba-winbind. May I know procedures of trust setting in Linux? Please have a look here first: http://wiki.samba.org/index.php/FAQ#How_to_do_or_fix_..._in_an_outdated_Samba_version.3F Red Hat 5.2 (which is amazingly old now), or RHEL 5.2 (which is only 5 years old)? If RHEL 5.2, you should at least remove the samba-* packages and replace them with the samba3x-* packages, which include samba3x-winbind and are version 3.6.6, instead of the much older samba-3.0.33 which is the last update from a licensed RHEL host. If your RHEL license has expired, you can also consider using the CentOS or Scientific Linux versions of the package. And if you really need them, I've been publishing clean tools for building samba-3.6.12 RPM's at https://github.com/nkadel/samba-3.6.12-srpm. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win 2003 DC Demotion
I remember having issues trying to demote a windows server. What I did was seise the roles from that dc, turn of the machine and manually clean up the old DC records from samba using rsat. I still have lingering records under the root zone though. Atenciosamente, Caio Zanolla On Sun, Jul 28, 2013 at 12:50 PM, Peter Beck pe...@datentraeger.li wrote: On 07/23/2013 10:49 PM, Garth Keesler wrote: Sorry, I forgot to mention. This ONLY occurs when I join Samba 4.x to an existing Windows domain. When I join a Windows DC to an existing Samba 4.x domain, all works correctly including Forest and Domain bi-directional DNS repl. Thanx, Garth Hi Garth, It was once working in my test environment, but I do not know why. We had a little discussion some months ago [1]. But most of the time I was also having issues demoting Windows DCs (mostly with the samba-internal DNS database which told me the database is inconsistent as soon as I tried to add new records). As we do have small environments with about 30 users and we do use puppet for deployment, I have chosen not do to migration/demoting of existing Windows domains. I am starting now from scratch with new Samba4 domains which seems to work very well with single or multiple domain controllers. Sorry, not really helpful but I do not have an answer to the question. It's just my experience. Maybe it's because I'm using the old version which is used with Debian Wheezy, I don't know. Regards Peter [1] https://lists.samba.org/**archive/samba/2013-February/**171583.htmlhttps://lists.samba.org/archive/samba/2013-February/171583.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA not broadcasting server info
Up until a few days ago, I had SAMBA running just fine on several different systems, but very recently on of the server has quit announcing itself to the newtwork. Smbd, nmbd, and winbindd are all running on the server, and the machines on the network can all still reach the shares on the system, but an attempt to browse for the server and its available shares from a client PC does not produce a listing of the system. The other systems show up just fine. I can't find any errors of any sort in the logs. I have made a number of changes to the system recently, including an upgrade to Debian Wheezy, but I cannot figure out where the issue might have arisen. Where can I look for the issue? I have not made any changes to the config file, but here it is, anyway: AID-Server:/var/log# cat /etc/samba/smb.conf # Samba config file created using SWAT # from UNKNOWN (192.168.1.121) # Date: 2013/07/27 09:43:41 [global] workgroup = HOME map to guest = Bad User guest account = lrhorer printcap name = cups disable spoolss = Yes mangle prefix = 6 domain master = No ldap ssl = no idmap config * : range = idmap config * : backend = tdb [Server-Main] path = /RAID/Server-Main/ valid users = lrhorer admin users = lrhorer read only = No guest ok = Yes [TiVo-Music] path = /RAID/Music/ admin users = lrhorer read only = No guest ok = Yes [Video] path = /RAID/Recordings/ admin users = lrhorer read only = No guest ok = Yes [Leslie] path = /RAID/Personal_Folders/Leslie/ valid users = lrhorer, Leslie A Rhorer admin users = lrhorer, Leslie A Rhorer read only = No guest ok = Yes strict locking = No [Liza] path = /RAID/Personal_Folders/Liza/ valid users = lgates admin users = lgates read only = No guest ok = Yes strict locking = No [Tiffany] path = /RAID/Personal_Folders/Tiffany/ valid users = tgates admin users = tgates browseable = No strict locking = No available = No [V-Edit] path = /V-Edit/ admin users = lrhorer read only = No guest ok = Yes [Photos] path = /RAID/Photos/ admin users = lrhorer read only = No guest ok = Yes [HP_940C] path = /home/smbprint printer admin = lrhorer create mask = 0700 guest only = Yes guest ok = Yes printable = Yes print ok = Yes [DVD_Rip] path = /RAID/DVD valid users = lrhorer read only = No guest ok = Yes [Thermostat] path = /usr/share/thermostat username = root valid users = lrhorer admin users = lrhorer read only = No guest ok = Yes [html] path = /var/www valid users = lrhorer admin users = lrhorer read only = No guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Slow Performance
On Sat, 2013-07-27 at 23:20 +0800, Kinglok, Fong wrote: Dear all, After using samba 3 for two years, I have just spent totally one week finishing setting up a samba 4 file system in my working school. There are about 200 computers, 80+ staff, 1000 students and 10 printers. The AD was properly setup, mandatory profile and one GPO policy (which is printer download trust) is effective for all users. Logon script is for mapping four shares and 10 printers from the file server. Also, I have setup two additional DCs (with AD replication and DHCP server) for two other subnets in the hope to speed up the logon process. The benefits of Samba 4 are clear: more robust file serving (supporting the windows ACL), speedy printing (with the help of point and printer driver) and administration of AD through with windows remote admin tool. However, logon speed is just far from good. In the days of Samba 3.6, users can logon the system within 20 seconds, even with more than 80 users logon in the same time (two classes students login during computer lesson). Now, with only one user logging in (who is me), it takes nearly 60 seconds to do the logon. I have tried disabling drive and printer mapping in logon script and applying a registry hack (note 1) shorten the profile waiting time in windows 7 client side but it makes no difference in logon speed. I have taken a look on the document in sambaXP 2013: http://sambaxp.org/fileadmin/user_upload/SambaXP2013-DATA/thu/track1/Matthieu_Patou-Smaller_Faster_Scalier.pdf and two thread in samba-technical mailing list: https://lists.samba.org/archive/samba-technical/2013-January/089755.html https://lists.samba.org/archive/samba-technical/2013-May/092332.html It seems that samba team is doing some great work in spotting the unindexed search in LDB as one of block in performance. It is one block, but it is the one we expect to really hit at around 1, not 1000-2000. As Richard has indicated, what we need from you is an indication of what operation is slow. Timeouts of this order indicate something different to a slow database - they indicate things like DNS timeing out. Once you work out which specific operation is blocking, we can investigate more - be it in regards to your network, or our code, we don't mind either way, but we need to work out which to look into. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: About samba 3.0.28 trust AD
On 29/07/13 00:48, Nico Kadel-Garcia wrote: On Sun, Jul 28, 2013 at 5:39 PM, Marc Muehlfeldsa...@marc-muehlfeld.de wrote: Hello, Am 06.07.2013 15:26, schrieb Wong siu yu: I had a RedHat 5.2 need to trust domain the Windows Server 2008 R2 (forest level 2003). Which package I need to install first? I am using samba-3.0.28 but I have no samba-winbind. May I know procedures of trust setting in Linux? Please have a look here first: http://wiki.samba.org/index.php/FAQ#How_to_do_or_fix_..._in_an_outdated_Samba_version.3F Red Hat 5.2 (which is amazingly old now), or RHEL 5.2 (which is only 5 years old)? If RHEL 5.2, you should at least remove the samba-* packages and replace them with the samba3x-* packages, which include samba3x-winbind and are version 3.6.6, instead of the much older samba-3.0.33 which is the last update from a licensed RHEL host. That requires something much more recent than RHEL5.2. As I recall samba3x first came with RHEL 5.6 If your RHEL license has expired, you can also consider using the CentOS or Scientific Linux versions of the package. He needs to do more than that. The version of RHEL he is running has more than one remote root exploit, with Samba being one of them. Just replacing the Samba packages with something more recent is insufficient to secure that machine. As a matter of some urgency the box should be upgraded to latest, and if the RHEL license has expired then switched to CentOS/Scientific Linux. Personally my choice is CentOS because a range of third part software e.g. all the Dell firmware updates recognize CentOS and work where they consider Scientific Linux as unsupported without fiddling with things. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba