RE: I can not print with my network printer
> So I guess the mailing list "General questions regarding Samba" would be > the right one? correct PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE: I can not print with my network printer
Serando, You seem to have misread (or missed entirely) the purpose of this mailing list, which is: General discussion between people interested in using or developing Samba on hp's VMS operating system. You seem to have a problem involving Samba and VMs, not VMS (aka OpenVMS; see https://en.wikipedia.org/wiki/OpenVMS ), an entirely different topic. I'm afraid we can't help you here with that. Ben PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Re: [Samba] Does anyone think a mini-Samba server would be useful?
If you've Python there are plenty of webdav options: http://akadav.sourceforge.net/ (under Twisted) and https://code.google.com/p/pywebdav/ seem to be the most mature. Best of luck; Ben On 24 July 2013 20:59, Paul D. DeRocco pdero...@ix.netcom.com wrote: From: Chris Weiss [mailto:cwe...@gmail.com] On Wed, Jul 24, 2013 at 1:19 PM, Paul D. DeRocco pdero...@ix.netcom.com wrote: I wonder if there's a way to build such a mini-Samba out of the existing this is interesting... https://code.google.com/p/impacket/source/browse/#svn%2Ftags%2Fimpacket_0_9_ 10%2Fexamples%2Fsmbserverhttps://code.google.com/p/impacket/source/browse/#svn%2Ftags%2Fimpacket_0_9_10%2Fexamples%2Fsmbserver Yes it is, since Python is already there in both my builds. Thanks. -- Ciao, Paul D. DeRocco Paulmailto:pdero...@ix.netcom.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 PDC to BDC file replication
Without inviting too many anti-CDDL flames; if you have ZFS on Linux working on your samba 4 box, a zfs send and receive should do the job well; preserving all file attributes and only transferring deltas. Plus you get all the usual ZFS benefits (snapshots, copy-on-write, check-summing), assuming you've got the RAM to make it work smoothly. http://zfsonlinux.org/ Has anyone tried this configuration? Ben On 1 March 2013 23:46, Gregory Sloop gr...@sloop.net wrote: Thanks. I asked this a few weeks back and didn't get much response. The half-hearted consensus was that rsync wouldn't do the job. [It seemed to me it should, as long as you're replicating between two DC members, and not to a non DC member. (Because, as I figured it, a non DC member wouldn't have any idea about the users/groups, since it's not replicating and of the DC data, right?)] Glad for any light you can shed - and thanks for letting me know it should work. I'll tinker with it when I'm to that point. -Greg JA On Thu, Feb 28, 2013 at 09:13:39PM -0800, Gregory Sloop wrote: I'm in the same boat, and I'm only aware of two possibilities. 1) Robocopy - using a Windows client. BUT Robocopy doesn't do file deltas - changed files are copied in their entirety. Which isn't a problem if you don't have large files. But if you've got a 10G file that changes often, then this probably isn't the best alternative. 2) http://www.bvckup.com/support/ [Bvckup] This also appears to be a Windows utility, but does handle file delta's. I have never used this tool and so can't vouch for it in any way. If you find a functional solution, that preferably can be used on the two Linux/Samba boxes to do file-deltas and still maintain the permissions - that would be best. One other option that might work: Rsync the data, and use robocopy to simply duplicate the permissions structure. [I believe this is possible.] JA rsync using -A (preserve ACLs) and -X (preserve extended attributes) JA and -o (preserve owner (super-user only)) and -g (preserve group) JA should copy thing perfectly. -- Gregory Sloop, Principal: Sloop Network Computer Consulting Voice: 503.251.0452 x82 EMail: gr...@sloop.net http://www.sloop.net --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How can I show only the shares that user have access to in SAMBA
Dear All, For the issue i am having to display shares only to users having access i did come across a article but just wondering what exactly it means access based share enum (S) If this parameter is yes for a service, then the share hosted by the service will only be visible to users who have read or write access to the share during share enumeration (for example net view \\sambaserver). This has parallels to access based enumeration, the main difference being that only share permissions are evaluated, and security descriptors on files contained on the share are not used in computing enumeration access rights. Default: access based share enum = no I apprecite if someone could clarify it with example - my smb.conf is --- [kmplan] comment = masterplan testing directory path = /opt/network/testplan valid users = @localgrp write list = @localgrp read only = No hide unreadable = Yes hide unwriteable files = Yes access based share enum = Yes want only the users of localgrp to see the share and no others appreciate your kind help regards simon --- On Sat, 10/13/12, simon ben guy200...@yahoo.com wrote: From: simon ben guy200...@yahoo.com Subject: [Samba] How can I show only the shares that user have access to in SAMBA To: samba@lists.samba.org Date: Saturday, October 13, 2012, 1:58 PM Dear All, As I have a issue to display only those shares the users have access too.. i am really trying to find a solution and came across a post http://serverfault.com/questions/144339/hiding-samba-share-from-browse-list-for-unauthorised-users its about the include statement this would exactly achieve my purpose but when I did that as I could put browseable = no in my kmplan section of my smb.conf file and browseable = yes in the include file testparm says Can't find include file /etc/samba/%G.conf i did try with other variables like u or U but its the same Appreciate your help regards simon --- On Thu, 10/11/12, simon ben guy200...@yahoo.com wrote: From: simon ben guy200...@yahoo.com Subject: Re: [Samba] How can I show only the shares that user have access to in SAMBA To: Björn JACKE b...@sernet.de Cc: samba@lists.samba.org Date: Thursday, October 11, 2012, 1:04 PM Dear Bjorn, Indeed so grateful for your quick reply I was indeed using earlier samba actually I just installed it using yum. now I did upgrade samba to recent one samba 3.6.8 and after running the testparm command displayed no errors but still I was not able to achieve my goal as christian mentioned in his reply i do think his mistaken cause there are many guys whos post i see and they have solved it by adding just his 2 below command in their smb.conf file hide unreadable = Yes hide unwriteable files = Yes Is there anything I could look into as I mentioned before I have used webmin to create both local and samba users whos user names are the same and so also groups here below my smb.conf [global] workgroup = MYGROUP server string = Samba Server Version %v disable spoolss = Yes domain master = No idmap config * : backend = tdb cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No [kmplan] comment = masterplan testing directory path = /opt/network/testplan valid users = @localgrp write list = @localgrp read only = No hide unreadable = Yes hide unwriteable files = Yes access based share enum = Yes also here below are the permissions of /opt/network/testplan directory drwxrws--T 3 root localgrp 4096 Oct 10 19:39 testplan Actually every things works fine what I mean is if I log in as a user who belongs to localgrp I can read/write the kmplan share which is perfect but when i log in as user who does not belong to localgrp i can see the kmplan share although i cannot access it. as christian said i can hide the share but even for valid users the share is hidden n i obviously dont want to hide the share for valid users regards simon --- On Thu, 10/11/12, Björn JACKE b...@sernet.de wrote: From: Björn JACKE b...@sernet.de Subject: Re: [Samba] How can I show only the shares that user have access to in SAMBA To: simon ben guy200...@yahoo.com Cc: samba@lists.samba.org Date: Thursday, October 11, 2012, 2:10 AM On 2012-10-11 at 01:22 -0700 simon ben sent off: but when I do a testparm it gives a error --- [root@kmshare samba]# testparm /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: access based share enum Ignoring unknown parameter access based share enum then your
[Samba] How can I show only the shares that user have access to in SAMBA
Dear All, As I have a issue to display only those shares the users have access too.. i am really trying to find a solution and came across a post http://serverfault.com/questions/144339/hiding-samba-share-from-browse-list-for-unauthorised-users its about the include statement this would exactly achieve my purpose but when I did that as I could put browseable = no in my kmplan section of my smb.conf file and browseable = yes in the include file testparm says Can't find include file /etc/samba/%G.conf i did try with other variables like u or U but its the same Appreciate your help regards simon --- On Thu, 10/11/12, simon ben guy200...@yahoo.com wrote: From: simon ben guy200...@yahoo.com Subject: Re: [Samba] How can I show only the shares that user have access to in SAMBA To: Björn JACKE b...@sernet.de Cc: samba@lists.samba.org Date: Thursday, October 11, 2012, 1:04 PM Dear Bjorn, Indeed so grateful for your quick reply I was indeed using earlier samba actually I just installed it using yum. now I did upgrade samba to recent one samba 3.6.8 and after running the testparm command displayed no errors but still I was not able to achieve my goal as christian mentioned in his reply i do think his mistaken cause there are many guys whos post i see and they have solved it by adding just his 2 below command in their smb.conf file hide unreadable = Yes hide unwriteable files = Yes Is there anything I could look into as I mentioned before I have used webmin to create both local and samba users whos user names are the same and so also groups here below my smb.conf [global] workgroup = MYGROUP server string = Samba Server Version %v disable spoolss = Yes domain master = No idmap config * : backend = tdb cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No [kmplan] comment = masterplan testing directory path = /opt/network/testplan valid users = @localgrp write list = @localgrp read only = No hide unreadable = Yes hide unwriteable files = Yes access based share enum = Yes also here below are the permissions of /opt/network/testplan directory drwxrws--T 3 root localgrp 4096 Oct 10 19:39 testplan Actually every things works fine what I mean is if I log in as a user who belongs to localgrp I can read/write the kmplan share which is perfect but when i log in as user who does not belong to localgrp i can see the kmplan share although i cannot access it. as christian said i can hide the share but even for valid users the share is hidden n i obviously dont want to hide the share for valid users regards simon --- On Thu, 10/11/12, Björn JACKE b...@sernet.de wrote: From: Björn JACKE b...@sernet.de Subject: Re: [Samba] How can I show only the shares that user have access to in SAMBA To: simon ben guy200...@yahoo.com Cc: samba@lists.samba.org Date: Thursday, October 11, 2012, 2:10 AM On 2012-10-11 at 01:22 -0700 simon ben sent off: but when I do a testparm it gives a error --- [root@kmshare samba]# testparm /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: access based share enum Ignoring unknown parameter access based share enum then your Samba version is too old then. This parameter was introduced with Samba 3.6 I think (maybe 3.5 already). On http://www.enterprisesamba.org you might find recent packages for your distribution that support that feature. Cheers Björn -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen ☎ +49-551-37-0, ℻ +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How can I show only the shares that user have access to in SAMBA
Dear Bjorn I really apprecite your quick reply. by the way I did add the access based share enum = yes but when I do a testparm it gives a error --- [root@kmshare samba]# testparm /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: access based share enum Ignoring unknown parameter access based share enum Processing section [homes] Processing section [printers] Processing section [kmplan] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = MYGROUP server string = Samba Server Version %v passdb backend = tdbsam disable spoolss = Yes winbind use default domain = Yes winbind trusted domains only = Yes cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [kmplan] comment = masterplan testing directory path = /opt/network/testplan valid users = @localgrp write list = @localgrp read only = No hide unreadable = Yes hide unwriteable files = Yes the directory /opt/network/testplan is sahred as kmplan and localgrp has 2 valid users user1 and user2 so if I log in as user1 or user2 kmplan share can be accessed perfectly i have a third user user3 and he not belong the localgrp . also wanted to mentioned that I have used webmin to create local users and in samba windows file sharing option of webmin== user and group synchronisation == i am using yes for all. that is when a unix user is created automatically add a samba user likewise for groups. apprecite your help and advise regards simon --- On Wed, 10/10/12, Björn JACKE b...@sernet.de wrote: From: Björn JACKE b...@sernet.de Subject: Re: [Samba] How can I show only the shares that user have access to in SAMBA To: simon ben guy200...@yahoo.com Cc: samba@lists.samba.org Date: Wednesday, October 10, 2012, 1:28 PM On 2012-10-10 at 13:02 -0700 simon ben sent off: i have right now one share and want only the users who have access to the share to see it and the others should not when I log into the user who has no access I see the share and when i double click it ask me for username and password googling arround this issuse is solved by using the below in smb.conf file hide dot files = yes hide unreadable = yes in the share definition section. but its still visible can you please try setting access based share enum = yes ? Cheers Björn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How can I show only the shares that user have access to in SAMBA
Dear Bjorn, Indeed so grateful for your quick reply I was indeed using earlier samba actually I just installed it using yum. now I did upgrade samba to recent one samba 3.6.8 and after running the testparm command displayed no errors but still I was not able to achieve my goal as christian mentioned in his reply i do think his mistaken cause there are many guys whos post i see and they have solved it by adding just his 2 below command in their smb.conf file hide unreadable = Yes hide unwriteable files = Yes Is there anything I could look into as I mentioned before I have used webmin to create both local and samba users whos user names are the same and so also groups here below my smb.conf [global] workgroup = MYGROUP server string = Samba Server Version %v disable spoolss = Yes domain master = No idmap config * : backend = tdb cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No [kmplan] comment = masterplan testing directory path = /opt/network/testplan valid users = @localgrp write list = @localgrp read only = No hide unreadable = Yes hide unwriteable files = Yes access based share enum = Yes also here below are the permissions of /opt/network/testplan directory drwxrws--T 3 root localgrp 4096 Oct 10 19:39 testplan Actually every things works fine what I mean is if I log in as a user who belongs to localgrp I can read/write the kmplan share which is perfect but when i log in as user who does not belong to localgrp i can see the kmplan share although i cannot access it. as christian said i can hide the share but even for valid users the share is hidden n i obviously dont want to hide the share for valid users regards simon --- On Thu, 10/11/12, Björn JACKE b...@sernet.de wrote: From: Björn JACKE b...@sernet.de Subject: Re: [Samba] How can I show only the shares that user have access to in SAMBA To: simon ben guy200...@yahoo.com Cc: samba@lists.samba.org Date: Thursday, October 11, 2012, 2:10 AM On 2012-10-11 at 01:22 -0700 simon ben sent off: but when I do a testparm it gives a error --- [root@kmshare samba]# testparm /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: access based share enum Ignoring unknown parameter access based share enum then your Samba version is too old then. This parameter was introduced with Samba 3.6 I think (maybe 3.5 already). On http://www.enterprisesamba.org you might find recent packages for your distribution that support that feature. Cheers Björn -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen ☎ +49-551-37-0, ℻ +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] quotas on samba shares
Dear All, Below I had earlier posted this issue but its solved I accutally forgot about going to unused modules and then configure quota sorry for this regards simon Dear All, I have just implemented a new setup of centos 5.8 server to be used as a Linux file server using sambais The server is partitioned with the defaults below is a df -k output --- Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/VolGroup00-LogVol00 119885916 1174332 112523348 2% / /dev/hda1 101086 12632 83235 14% /boot tmpfs 1029780 0 1029780 0% /dev/shm --- I have created samba users and shares and everything is fine. i have used webmin to achieve this now I want to have quotas implemented on the shares that is both for users home share and group share In webmin under system i dont see quota option I have tried to install quota package with yum but still I dont see the quota option in webmin appreciate if someone could help me and advise me or help me with some helpful link regards simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How can I show only the shares that user have access to in SAMBA
Dear All, I have implemented samba to right now in test environment to be implemented in production as samba file server so far its working grt but I have one issue i have right now one share and want only the users who have access to the share to see it and the others should not when I log into the user who has no access I see the share and when i double click it ask me for username and password googling arround this issuse is solved by using the below in smb.conf file hide dot files = yes hide unreadable = yes in the share definition section. but its still visible security is set as user here the part of my smb.conf -- [kmplan] writeable = yes path = /opt/network/testplan write list = @localgrp revalidate = yes hide unreadable = yes hide dot files = yes comment = masterplan testing directory valid users = @localgrp - is there anything i need to set in smb.conf appreciate your help and advice regards simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] setting up quotas on shares
Dear All, I have just implemented a new setup of centos 5.8 server to be used as a Linux file server using sambais The server is partitioned with the defaults below is a df -k output --- Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/VolGroup00-LogVol00 119885916 1174332 112523348 2% / /dev/hda1 101086 12632 83235 14% /boot tmpfs 1029780 0 1029780 0% /dev/shm --- I have created samba users and shares and everything is fine. i have used webmin to achieve this now I want to have quotas implemented on the shares that is both for users home share and group share In webmin under system i dont see quota option I have tried to install quota package with yum but still I dont see the quota option in webmin appreciate if someone could help me and advise me or help me with some helpful link regards simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and AD sites
Is site support on the road map? Very useful for WAN-connected branch offices with local servers, or doing manual load-balancing with cloud servers. On 21 Sep 2012 07:34, Matthieu Patou m...@samba.org wrote: On 09/19/2012 12:02 PM, Kristofer wrote: I have several Samba 4 AD controllers set up at multiple sites. I set up sites and subnets. We have several /24's at each site, but each site is dedicated a /16, so I set up the Sites Subnets using the /16's. However, when I log into any system that is joined to the AD domain, it is using a DC at a different site. There doesn't seem to be any consistency to it, but it seems that the Sites Subnets are not working correctly. Samba didn't comply too much with sites, it means that it contacts DCs in other sites as if they were in the same site. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] splitting services in samba4
Assuming samba 4 supports them, watch out for your FSMO roles; each role will be specific to one server in the domain. Recovering from the loss of a server that currenty owns one or more of the FMSO roles is a little trickier than just booting another peer-DC to handle requests. On Wednesday, 11 July 2012, Gémes Géza wrote: Hi Quinn, Thanks for the quick response. So I guess if you wanted high availability, you would either have to implement a PDC/BDC solution with samba4 or use samba4 on top of a corosync/pacemaker cluster. Is this correct? br, Quinn On Wed, Jul 11, 2012 at 10:43 AM, Gémes Géza g...@kzsdabas.hu wrote: 2012-07-11 10:27 keltezéssel, Quinn Plattel írta: Question: Right now samba4 is great as in all-in-one solution (samba, kerberos, ldap, dns) into one service. Is it possible to split it up so that for example, I run openldap on one server, kerberos on another server, and then dns/samba on a third server? br, Quinn Short answer: NO Longer: Windows clients expect kerberos, ldap and samba rpc+filesharing services on the same host, so if you need AD functionality you couldn't separate them. They also expect a schema (the AD schema) which is incompatible with OpenLDAP. Regards Geza The multiple AD DC (in active directory every (non readonly) DC is a sort of PDC) is the tried and recommended method (even by M$) Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Netbios over VPN
Additionally on Sebastian's point: http://openvpn.net/index.php/open-source/faq/75-general/293-what-is-the-principle-behind-openvpn-tunnels.html People who are running applications that need the special features of ethernet (which won't work on an IP-only network) will often bridge their physical local ethernet with a tap device (using a utility such as brctl on Linux), then VPN the tap device to another similar setup at the other end. This allows OpenVPN to route ethernet broadcasts and non-IP protocols such as Windows NetBios over the VPN... -Ben. On 8 July 2012 23:27, Bob Miller b...@computerisms.ca wrote: Hello, I believe you can use WINS to solve this problem. It's been a while, my neurons may be rusty, but I had a similar set up using openswan. I believe winbind will do what you want; configure samba to use winbind and your road warriors with that as their wins server. If I remember correctly, the road warriors will register with the winbind server, then everyone on the network configured to use the winbind server should be able to find them... Check here for better information (or at least a place to start): http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2585378 On Thu, 2012-07-05 at 10:30 -0400, Andrew Mark wrote: I am attempting to utilize BackupPC on a Fedora 14 server to backup a remote client. As I understand, it's primary mechanism for finding clients is performing a nmblookup clientname This works fine for computers connected to the local network. My issue is extending ?Samba's? search to encompass our other network - the point-to-point VPNs Using OpenVPN, we have a number of road warriors who connect their VPN to gain access to the samba server. Each has a unique static IP address in the 10.30.251 range and when connected, I can find them but not samba i.e. # ping john_laptop --- john.inspirah.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 9.900/14.764/24.388/6.805 ms # nmblookup john_laptop querying john_laptop on 127.255.255.255 querying john_laptop on 10.30.7.255 name_query failed to find name john_laptop How to I configure Samba or whatever Linux service is necessary to query the 10.30.251.255 network as well -- Cheers, Andrew Mark | Development Analyst | www.aimsystems.ca local: 519-837-1072 | fax: 519-837-4063 | int'l 800-465-2961 12-350 Speedvale Ave. W. | Guelph, ON | N1H 7M7 | Canada -- Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca b...@computerisms.ca Network, Internet, Server, and Open Source Solutions -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] s3fs vs. zfs
Seconded (thirded? fourthed?) On 4 July 2012 05:40, Jeremy Allison j...@samba.org wrote: On Wed, Jul 04, 2012 at 04:32:16PM +1200, Jason Haar wrote: On 04/07/12 02:11, Luiz Gustavo dos S. Costa wrote: Hi all.. Is possible use the s3fs with ZFS (freebsd) ? how ? Is the Samba team aware there is already a s3fs system out there? A fuse filesystem to the Amazon S3 buckets. I must say I have been quite confused reading this thread due to this ;-) Oh yeah, we really should change what we call it :-). Sorry. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] speed of samba vs Windows
That's the point. I am pushing the idea that our problem is not using folder redirection and the Windows guy is pushing the idea that its samba itself. Spot-on. Your windows guy just needs to implement a few AD registry tweaks (see below etc) to get things working sweetly, and folder redirection (to MS-Server or samba/linux) is considered to be best-practice in every microsoft house I've ever come across. No-one uses roaming profiles without it, unless all their workstations are wired with 10GB ethernet to the most over-spec'd server I've ever seen, or their users don't actually roam more than once every six months... On 28 June 2012 20:09, Ben Metcalfe bwmetca...@gmail.com wrote: Here's a decent summary of roaming profiles on the latest windows iterations. http://technet.microsoft.com/en-us/library/hh848267 Branche cache may also be relevant: http://technet.microsoft.com/en-us/library/hh831696 WIthout the original windows admin here to query its difficult to be sure, but he might well have been talking about having offline files enabled on redirected folders attached to roaming profiles, which will display an rsync-like behaviour when reconnected. Offline files works on my illumos-based ZFS/samba NAS (the last time I checked) indistinguishably from the way it does against microsoft smb shares though, so I can't see any reason why it shouldn't work on linux samba... or maybe I'm not testing it rigourously. http://windowsteamblog.com/windows/b/springboard/archive/2010/04/19/understanding-user-state-virtualization-improvements-in-windows-7.aspx Here's an old (but still applicable?) HOWTO for enabling Vista's specific offline files efficiently against samba/linux: http://blogs.technet.com/b/filecab/archive/2007/03/16/using-offline-files-with-samba-emc-servers-nas-devices.aspx YMMV on Windows 7 and 8. On 28 June 2012 16:26, Chris Weiss cwe...@gmail.com wrote: On Thu, Jun 28, 2012 at 10:19 AM, Dave Ewart da...@ceu.ox.ac.uk wrote: On Thursday, 28.06.2012 at 11:07 -0400, Steve Thompson wrote: On Thu, 28 Jun 2012, Todor Fassl wrote: Our Windows guy insists samba is slow but I don't believe it. He claims that when you load a roamng profile, Windows downloads only files that have changed and samba downloads everything. But he doesn't know anything about samba and I don't know where he got that from. However native speed won't be important if, under Samba, a full roaming profile is downloaded on each login whereas under Windows an rsync-like action takes place to only download minimal changes. I don't know whether that's the case or not, whether it's configurable behaviour under either Samba or Windows Server, but it's certainly an interesting point. is it possible that unix file timestamps having a greater precision than ntfs is causing windows to see a change? I know rsync has an option to combat this. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] speed of samba vs Windows
...and apologies for doing the reply to sender/reply to list thing as well. :) On 28 June 2012 20:15, Ben Metcalfe bwmetca...@gmail.com wrote: That's the point. I am pushing the idea that our problem is not using folder redirection and the Windows guy is pushing the idea that its samba itself. Spot-on. Your windows guy just needs to implement a few AD registry tweaks (see below etc) to get things working sweetly, and folder redirection (to MS-Server or samba/linux) is considered to be best-practice in every microsoft house I've ever come across. No-one uses roaming profiles without it, unless all their workstations are wired with 10GB ethernet to the most over-spec'd server I've ever seen, or their users don't actually roam more than once every six months... On 28 June 2012 20:09, Ben Metcalfe bwmetca...@gmail.com wrote: Here's a decent summary of roaming profiles on the latest windows iterations. http://technet.microsoft.com/en-us/library/hh848267 Branche cache may also be relevant: http://technet.microsoft.com/en-us/library/hh831696 WIthout the original windows admin here to query its difficult to be sure, but he might well have been talking about having offline files enabled on redirected folders attached to roaming profiles, which will display an rsync-like behaviour when reconnected. Offline files works on my illumos-based ZFS/samba NAS (the last time I checked) indistinguishably from the way it does against microsoft smb shares though, so I can't see any reason why it shouldn't work on linux samba... or maybe I'm not testing it rigourously. http://windowsteamblog.com/windows/b/springboard/archive/2010/04/19/understanding-user-state-virtualization-improvements-in-windows-7.aspx Here's an old (but still applicable?) HOWTO for enabling Vista's specific offline files efficiently against samba/linux: http://blogs.technet.com/b/filecab/archive/2007/03/16/using-offline-files-with-samba-emc-servers-nas-devices.aspx YMMV on Windows 7 and 8. On 28 June 2012 16:26, Chris Weiss cwe...@gmail.com wrote: On Thu, Jun 28, 2012 at 10:19 AM, Dave Ewart da...@ceu.ox.ac.uk wrote: On Thursday, 28.06.2012 at 11:07 -0400, Steve Thompson wrote: On Thu, 28 Jun 2012, Todor Fassl wrote: Our Windows guy insists samba is slow but I don't believe it. He claims that when you load a roamng profile, Windows downloads only files that have changed and samba downloads everything. But he doesn't know anything about samba and I don't know where he got that from. However native speed won't be important if, under Samba, a full roaming profile is downloaded on each login whereas under Windows an rsync-like action takes place to only download minimal changes. I don't know whether that's the case or not, whether it's configurable behaviour under either Samba or Windows Server, but it's certainly an interesting point. is it possible that unix file timestamps having a greater precision than ntfs is causing windows to see a change? I know rsync has an option to combat this. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] speed of samba vs Windows
Well, that is not going to happen. Needs to happen for stuff to work right. Vista and Windows 7 needs to be told how to handle time stamps on Samba shares or data gets copied twice *needlessly* during the logon process. Setting up the correct registry entry *RoundUpWriteTimeOnSync* in some very simple group policy should be trivial for your windows guy and roughly double your logon speed. You all win, and he won't have broken anything. He can follow a microsoft approved technique from technet.com: http://blogs.technet.com/b/filecab/archive/2007/03/16/using-offline-files-with-samba-emc-servers-nas-devices.aspx or just ask him to search as follows: https://www.google.co.uk/search?q=RoundUpWriteTimeOnSync and he'll be convinced. On 28 June 2012 21:08, Todor Fassl fassl@gmail.com wrote: From: Ben Metcalfe bwmetca...@gmail.com To: samba@lists.samba.org Sent: Thursday, June 28, 2012 2:24 PM Subject: Re: [Samba] speed of samba vs Windows On 28 June 2012 20:15, Ben Metcalfe bwmetca...@gmail.com wrote: That's the point. I am pushing the idea that our problem is not using folder redirection and the Windows guy is pushing the idea that its samba itself. Spot-on. Your windows guy just needs to implement a few AD registry tweaks (see below etc) to get things working sweetly, Well, that is not going to happen. Eh -- maybe if I can persuade the boss. But I think if this is going to get fixed, I am going to have to fix it myself. But that is probably fair because I think I probably messed it up. I believe folder redirection was working at one time under my predecessor. I believe I messed it up when I built a new file server. I have a vague memory of choosing to not copy some files in the root of the netlogon share over to the new server not knowing what they were for. My predecessor left a lot of stuff just lying around. I mean, who doesn't? So I thought they were extraneous and when the domain seemed to work find for a few months, I figured it was okay to reformat the hard drive on the old server. We are just now making the switch from XP to Win7. I understand that XP and Win7 profiles are not compatible. If we have to have our Windows users (and there aren't that many) create new profiles, maybe I can make sure they get created with full folder redirection implemented. Even if we have to migrate the profiles (and I have no idea oif that is even possible) maybe we can also add the appropriate registry keys. I already know way more than I want to about Windows systems admin. Guess I'll have to learn about setting registry keys and default user profiles, etc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] AUTO: Eitan Ben-Amos is prepared for DELETION (FREEZE) (returning 19/10/2011)
I am out of the office until 19/10/2011. Eitan Ben-Amos is prepared for DELETION (FREEZE) Note: This is an automated response to your message samba Digest, Vol 114, Issue 4 sent on 4/6/2012 21:00:03. This is the only notification you will receive while this person is away. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 often creates new user profiles
Indeed. No need to guess or waste time. Pinpoint the exact file and process / network transaction with pSexec and process monitor. HOWTO: http://blogs.technet.com/b/markrussinovich/archive/2010/01/13/3305263.aspx On Thursday, 17 May 2012, Cain, Marc wrote: On May 12, 2012, at 1:12 PM, steve wrote: On 05/12/2012 09:57 PM, Jorell wrote: On 5/12/2012 8:54 AM, John Drescher wrote: On Sat, May 12, 2012 at 11:47 AM, Christian Meierch2...@arcor.de wrote: Hi, we're using Samba 3.5.6 (Debian). Windows 7 clients often create new roaming profiles for existing users for no identifiable reason. Windows XP isn't affected. the end. Is this a known problem? I have never ever had that happen in the 2+ years I had windows 7 machines on my samba based domain. John When Windows 7 creates the new profile is it creating %USERNAME%.V2? Hi Yes. That's what we observe. xp creates %USERNAME% and win7 creates the same but with .V2 at the end. They are _extremely_ permission sensitive folders. win7 seems unable to load the profile from the server if the hive at NTUSER.DAT has been changed, e.g. even simply moved from one place to another. One workaround we use is to put the profile in the home folder of the user. Then it always seem to work. HTH Steve The creation of a new profile with a .V2 extension is is a Windows 7 feature that prevents Windows 7 from overwriting incompatible settings in earlier Windows profile versions. Windows user profile folders need full permissions for the user and ownership by user. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 often creates new user profiles
There's a thread here: http://social.technet.microsoft.com/Forums/en/winserverDS/thread/a9ef96fb-1e20-469c-b1ea-306846f46181 ...that implicates the winlogon process, and indicates a few possible fixes and troubleshooting options. Aside from the ideas mentioned, I've had good results in similar situations logging access/activity with Mark Russinovich's (sysinternals) Process Monitor and ADinsight: http://technet.microsoft.com/en-us/sysinternals/bb897539 Best of luck. On 14 May 2012 13:54, Donny Brooks dbro...@mdah.state.ms.us wrote: On Saturday, May 12, 2012 04:48 PM CDT, Christian Meier ch2...@arcor.de wrote: On Sat, 12 May 2012 17:47:02 +0200 Christian Meier ch2...@arcor.de wrote: Windows 7 clients often create new roaming profiles for existing users for no identifiable reason. Windows XP isn't affected. Some reasons for this behavior I googled: 1. insufficient permissions for profile-folder 2. trust relationship between this workstation and the primary domain failed. -- dis-join and rejoin the workstation 3. .bak is appended in registry at HKEY_LOCAL_MACHINE\Software\Microsoft \Windows NT\CurrentVersion\ProfileList. Remove the other SIDs and the .bak extension. 4. do not use roaming profiles. (But there are other problems with folder redirection [1].) [1] http://wiki.samba.org/index.php/Samba__Windows_Profiles#Folder_Redirection -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba We too have seen this behavior but only on one of our pc's. It is not the server side that gets the rename as someone else mentioned but rather on the PC side. If you look in C:\Users\ you will see: username username.DOMAIN username.DOMAIN.000 username.DOMAIN.001 username.DOMAIN.002 etc The profile seems to be pulling/writing to the server just fine. We have tried removing all the entries in the registry for all users on the machine except the local administrator one, removing/rejoining the pc to the domain, and double checking permissions all to no avail. It will do right for a few weeks and then it will start doing the multiple profiles again. To this date we have not found a way to fix the issue. -- Donny B. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 with Posix ACL's
There's a thread here: https://github.com/zfsonlinux/zfs/issues/170 (I'm posting as *fireappleblackhttps://github.com/fireappleblack )* ...Which implies that the hold-up (from a zfs-linux perspective) is the lack of richacls support in the mainstream kernel at the moment. (E.g. OpenSuse supports richacls out of the box, few other distros have included the patches yet). Richacls should neatly sidestep the CDDL/GPL problem. Im still trying to fully understand the break(s) in the chain between non-solaris/illumos Samba/CIFS and ZFS. Getting there slowly. My medium term aim is a linux-based appliance that'll run on generic hardware (even more generic than Illumos allows) with a ZFS filestore and AD domain controller functionality, without having to do heavy duty virtualisation and run disparate environment (e.g. running a linux Samba 4 DC as a KVM DomU under an Openindiana Dom0; way too complex). On 1 May 2012 04:06, Jeremy Allison j...@samba.org wrote: On Mon, Apr 30, 2012 at 12:44:25PM +0100, Ben Metcalfe wrote: Would the following be workable: Run Samba 3 binaries in one linux OpenVZ instance to serve files. Run Samba 4 binaries in another, separate OpenVZ instance as an AD domain controller. ...all on the same physical machine? http://wiki.openvz.org/ Yeah, that should work. Separate note: I'd really like to see transparent support of ZFS-linux as a file-store back-end. What API's does ZFS-Linux have to access the ZFS ACLs ? None, I'd bet :-(. Which unfortunately makes transparent support quite hard. Plus there's the whole CDDL vs GPL licensing thing... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 with Posix ACL's
Would the following be workable: Run Samba 3 binaries in one linux OpenVZ instance to serve files. Run Samba 4 binaries in another, separate OpenVZ instance as an AD domain controller. ...all on the same physical machine? http://wiki.openvz.org/ Separate note: I'd really like to see transparent support of ZFS-linux as a file-store back-end. (Note to mod: now emailing via newly-subscribed email address instead of the old +addressed one). On 30 April 2012 06:04, Alain Toussaint alain.toussa...@securivm.ca wrote: This is one of the many reasons why we are working on s3fs. When we are happy with it, we will make it the default, but until then we can only ask for your patience, and do not recommend the Samba4 DCs be used as general file servers (ie, use it only for netlogon and sysvol). Can we use it for a single public (within the internal network) read-write share such as /tmp? Alain -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 with Posix ACL's
Would the following be workable: Run Samba 3 binaries in one linux OpenVZ instance to serve files. Run Samba 4 binaries in another, separate OpenVZ instance as an AD domain controller. ...all on the same physical machine? http://wiki.openvz.org/ Separate note: I'd really like to see transparent support of ZFS-linux as a file-store back-end. On 30 April 2012 06:04, Alain Toussaint alain.toussa...@securivm.ca wrote: This is one of the many reasons why we are working on s3fs. When we are happy with it, we will make it the default, but until then we can only ask for your patience, and do not recommend the Samba4 DCs be used as general file servers (ie, use it only for netlogon and sysvol). Can we use it for a single public (within the internal network) read-write share such as /tmp? Alain -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ACLs behaving differently on Samba 4 / Ubuntu 12.04 / Bind 9.81 between ZFS and EXT4 file systems
Dear all,
The system is Ubuntu 12.04 (latest beta as of yesterday)
Bind 9.81 (12.04 standard)
Samba 4, also git-cloned yesterday.
I've imported a zpool created on another ubuntu system with the same
version of zfs-linux (RC-8) http://zfsonlinux.org/
The zpool is working perfectly well; responsive, no errors reported,
scrubbed.
Samba can see the zpool as part of the greater file system and share the
600GB or so spread across the varios zfs file systems on it via cifs.
I've been through all the tests mentioned on the Samba 4 HOWTO and they
return successful results.
I'm sharing only via smb.conf - not using native ZFS CIFS commands.
The problem:
When I alter file permissions via CIFS from an XP Pro sp3 client (patched
up to date, joined to the domain and able to administer AD users and
computers) on any folder or subfolder shared from the zpool, I lose access
to that folder via CIFS. I can still see the folder from its parent
directory, but can't browse into it via CIFS. I can still browse the folder
on the server's command line.
The XP Pro client fails with the message:
*The data area passed to a system call is too small*
The OSX Snowleopard client just gives a silent fail.
I click in, and nothing happens.
When I mv the same broken folder to an EXT4 file system via the server's
command line, I can repair the acls using:
get acls: /usr/local/samba/bin/samba-tool ntacl get --as-sddl
/${ZPOOL}/Lou/stuff/
returns: ‘O:S-1-5-21-1345677-x-2594716733-500G..etc
set acls: /usr/local/samba/bin/samba-tool ntacl set
‘O:S-1-5-21-1345677-x-2594716733-500G..etc’ /${EXT4
Sharename}/Lou/stuff/
...after which I update the smb.conf entry and can browse the folder as
normal, as long as it stays on the EXT4-backed share.
The acl-compliance tests:
setfattr -n user.test -v test test.txt
setfattr -n security.test -v test2 test.txt
getfattr -d test.txt
...return the correct results on both filesystems; EXT4 and ZFS.
Samba is running in stdout debug more: sudo /usr/local/samba/sbin/samba -i
-M single and throws no errors during the course of the problem.
I've set the zpool's aclinherit flag to =passthrough with no difference
detected in the behaviour.
I'll try on another samba 3 + zfs machine tomorrow to see if I can
replicate this.
Any ideas welcome in the mean time (I *should* be able to alter permissions
on Samba 4 shares from XP Pro; don't need Windows 7 to administer?).
Thanks,
Ben.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 Windows 7 Temporary Profile on 2nd Login
Hi, I'm bashing my head against a brick wall against a strange Win7 domain login issue. We have a Samba 3 CentOS server which for some months has been a problem free PDC for a network of about 15 Win7Pro64 clients in a school. Recently, for some reason, the following situation has now arisen: * After client PC reboot, domain login is fine. * After logging out of windows, any attempt to log in again immediately leads to a temporary profile being loaded. * If the client PC is left unused for several minutes, or is rebooted, logging in normally is possible again. I've tried quite a number of things, including rolling back a client PC to an image from well before the problem occurred and removing the antivirus from a client PC, and nothing seems to make any difference. If I set Do not log users on with temporary profiles on a client PC via gpedit.msc, I get an error The user profile service failed the login. User profile cannot be loaded if I try to re-log-on too soon, and this seems to reset the timer on when login will be possible again to requiring a further 2 or 3 minute delay. After a couple of days of googling and testing, this is sending me a bit crazy. Has anyone else encountered a similar situation and solved or worked around it? Or does anyone have any insight into possible causes? Many thanks, Ben Clayton Irax Ltd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot copy file to Samba share
Hi, I have a very odd issue - I cannot copy a large-ish (1.1GB) ISO file to a Samba share on a specific server, and having spent a couple of days on the issue, I'm running out of things to try, and I'm hoping for some suggestions. The destination system is an old P4 system on a Via based motherboard (P4MA Pro). It has two IDE disks, a Maxtor 40GB on IDE channel 1 as the system disk, and a 500GB drive on IDE channel 2, with one large EXT3 partition, mounted as /home. (There would normally be a CD drive also on channel 2, but it is disconnected at the moment as part of my testing.) /home/downloads is shared, and generally works fine, but we seem to have problems copying large files to it. I now have a repeatable issue: attempting to copy debian-live-6.0.3-amd64-gnome-desktop.iso, of 1.1GB to it fails every time - copying from an Ubuntu 10.04 or an Ubuntu 11.10 system, either just using smb:// in Nautilus' address bar, or using a mount from fstab. The progress bar moves in fits and starts, then finally hangs right at the end for some seconds/minutes, before failing. Clicking for more details on the Error while copying... dialogue gives Error closing file: Input/output error. The file on the source machine is fine - I've checked the MD5 against a published value for the file. I can copy the file to the same location using sftp:// in Nautilus with no problems. I can copy the file to another Samba server in our office with no problems. The system was on CentOS5, but I've put in a new system disk and done a fresh install of CentOS6 - which made no difference to the issue. Copying a full DVD ISO of 4GB to the same location fails in the same way. Copying a smaller file to the same location works fine (e.g. a 100MB clonezilla live iso). I've tried putting a different network card in the system, and that didn't help. Samba version is 3.5.4-68.el6_0.2 Relevant extracts from smb.conf: [global] log file = /var/log/samba/%m.log load printers = no netbios name = irax1 netbios aliases = irax1.irax.office server string = Non-backed-up storage for downloads etc workgroup = IRAX-NT os level = 20 encrypt passwords = yes security = user passdb backend = tdbsam max log size = 50 # options from orielly samba performance tuning pdf socket options = TCP_NODELAY IPTOS_LOWDELAY dead time = 15 getwd cache = yes lpq cache = 30 (as you can see in the last 5 lines, I've been trying a few parameters, none of which made any difference) [downloads] writeable = yes delete readonly = yes path = /home/downloads valid users = @irax force group = irax comment = For downloads (no backup) create mode = 660 directory mode = 770 The main purpose of this server is for storing large files that we want to be commonly available to the office, but which we don't want to use backup space for, so being unable to copy large files to it rather prevents it from being used... I've spent a good deal of time trying things, and Googling, and nothing has made any difference, so: does anyone have any feel for what the issue / solution might be, of have any useful links or suggestions as to how to take this further? Many thanks for any help you can give. Ben Clayton -- Ben Clayton Director Irax Ltd. 50C Bolton Street Bury Lancs BL9 0LL - Tel: 0161 761 0077 Fax: 0161 797 2394 -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Win7 to Samba Domain Printing Strangeness
Hi, I have a server which until recently was serving a domain of about 20 XP PCs in a school. Over the summer I updated Samba to 3.5.4-0.70, and replaced the desktops with new machines which are running Win7 Pro 64 bit SP1. This being a school, I have a system of mandatory group profiles set up, and all of the pupil groups curently have copies of the same mandatory profile (generated via the official Microsoft windows AIK method), with only the wallpaper changed. The teachers have a further tweaked version of the same mandatory group profile. I have two samba/cups printers on the server - both HP lasers, one mono, one colour. Some users can print to both, some users can print to one of them, the other appearing with an exclamation mark in a yellow triangle superimposed on it in Devices and Printers, and some users can print to neither, both having the exclamation sign. There seems to be no rhyme or reason as to which users can and can't print, although once a user can print, they always seem to be able to on that machine - but I have seen some users change from being unable to print to being able to print to one or both of the printers as I've tried to troubleshoot the system over the last few days, but this seems to have affected some but not others of nominally identical groups. The PC clients are nominally identical, having been imaged, and yet I'm seeing inconsistency between machines, too: Some users can print on some machines and not others. For both printers I started by uploading a driver to the server, and if I visit \\servername in windows explorer and right click printername and click connect: 1) as a local machine administrator with a server domadmin account then the printers install. 2) as any other user who can't already print (whether LM admin or domain admin, both or neither) then a Connect to servername username and password prompt appears, and basically you can't get any further. If in Windows Explorer I visit \\servername\printers I get a Connect to Printer - No driver found message - suggests a permissions issue, but I've 777'd /etc/samba/drivers for now, and this hasn't changed. I have used gpedit.msc on the local machine to set Computer Configuration - Administrative Templates - Printers - Point and Print Restrictions to Disabled. (I understand this to be the correct setting for Win7, replacing the User Configuration - ... setting in WinXP) I've also used net rpc rights grant to give Domain Users SePrintOperatorPrivilege. The relevant extracts from my smb.conf below: [global] workgroup = MUSIC server string = BRGS Music Department Server map to guest = Bad User username map = /etc/samba/smbusers unix password sync = Yes printcap name = cups domain logons = Yes os level = 255 preferred master = Yes domain master = Yes wins support = Yes map hidden = No enable privileges = yes ... [printers] comment = All Printers path = /var/spool/samba hosts allow = 192.168.17.0/24, 192.168.0.0/24 printable = Yes browseable = No valid users = @music, @teachers, @domadmins [print$] comment = Printer Drivers path = /etc/samba/drivers write list = root, @teachers, @domadmins valid users = @music, @teachers, @domadmins I've been trying to track this down for a good few hours, now, and I'm wondering if anyone can help me - I suspect I have missed something silly, and now can't see the wood for the trees. Insight or experience would be appreciated. Many thanks, Ben -- Dr. Ben Clayton Director Irax Ltd. - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem adding new users after upgrade to 3.4.0
On Jul 14, 2011, at 7:13 AM, Gaiseric Vandal wrote: On 07/14/2011 01:21 AM, Ben Sigman wrote: After upgrading to 3.4.0, I can no longer add new users. Any users that were added beforehand work fine. Any users that I attempt to create cannot login (error: NT_STATUS_LOGON_FAILURE). I was able to get one new user account to work (see below), but I cannot add any new users. The server is Ubuntu 9.10 running Samba 3.4.0. I am using: security = user pam password change = yes Updating passwords for existing users using passwd successfully updates on smbpass (auth.log): Jul 13 21:19:05 server passwd[3026]: pam_smbpass(passwd:chauthtok): password for (smbuser/1001) changed by (root/0) ...And authentication over smb works (auth.log): Jul 13 21:42:53 server smbd[3684]: pam_unix(samba:session): session opened for user ben by (uid=0) ...In samba.log: [2011/07/13 21:42:53, 4] auth/auth_sam.c:137(sam_account_ok) sam_account_ok: Checking SMB password for user smbuser [2011/07/13 21:42:53, 5] auth/auth.c:297(check_ntlm_password) check_ntlm_password: PAM Account for user [ben] succeeded However, if I do: smbpasswd -x user Failed to find entry for user smbuser. If I add a new user using: useradd newuser passwd newuser smbpasswd -a newuser This appears in auth.log: Jul 13 21:20:07 server passwd[3033]: pam_smbpass(passwd:chauthtok): Failed to find entry for user newuser. And if I attempt to authenticate (samba.log): [2011/07/13 21:50:11, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'newuser' in passdb. [2011/07/13 21:50:11, 5] auth/auth.c:274(check_ntlm_password) check_ntlm_password: sam authentication for user [newuser] FAILED with error NT_STATUS_NO_SUCH_USER [2011/07/13 21:50:11, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [newuser] - [newuser] FAILED with error NT_STATUS_NO_SUCH_USER Now... Here's where it gets interesting. At this point, I converted my smbpasswd containing newuser to tdb...: pdbedit -i smbpasswd -e tdbsam ...the account newuser now authenticate over SMB. However, adding any other new users is still not working. I have attempted to repeat the steps described above for adding a user and then converting smbpasswd to tdb again, but to no avail. I have not defined passdb backend in smb.conf. Anyone know what could be causing this? Did you check the output of testparm -v to make sure the password backend and password file is where you expect it to be? Did you try adding a user with pdbedit instead? Can you type which smbpasswd which pdbedit etc - I suspect you are using smbpasswd command from the old version of samba. Thanks for the reply. You're right, the documentation I had read said that smbpasswd would work with the new tdb backend. Can I not use it? For now, here are the outputs you requested: From testparm: passdb backend = tdbsam idmap backend = tdb idmap alloc backend = From which: /usr/bin/pdbedit /usr/bin/smbpasswd Maybe this will help, smbuser is a new user on my system who cannot authenticate over SMB. When I try to use smbpasswd -a -D10 smbuser I get an error in the middle of the output that says: Get_Pwnam_internals did find user [smbuser]! Here is the full output: [root@server:/]# smbpasswd -a -D10 smbuser (07-14 13:26) Netbios name list:- my_netbios_names[0]=SERVER Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to register passdb backend NDS_ldapsam_compat Successfully added passdb backend 'NDS_ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend wbc_sam Successfully added passdb backend 'wbc_sam' Attempting to find a passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init New SMB password: Retype new SMB password: tdbsam_open: successfully opened /etc/samba/passdb.tdb pdb_set_username: setting username smbuser, was pdb_set_domain: setting domain SERVER, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name , was pdb_set_homedir: setting home dir \\server\homes\%u, was pdb_set_dir_drive: setting dir drive m:, was NULL Finding user smbuser Trying _Get_Pwnam(), username as lowercase is smbuser Get_Pwnam_internals did find user [smbuser]! pdb_set_logon_script: setting
Re: [Samba] Problem adding new users after upgrade to 3.4.0
On Jul 14, 2011, at 2:52 PM, Gaiseric Vandal wrote: On 07/14/2011 04:31 PM, Ben Sigman wrote: On Jul 14, 2011, at 7:13 AM, Gaiseric Vandal wrote: On 07/14/2011 01:21 AM, Ben Sigman wrote: After upgrading to 3.4.0, I can no longer add new users. Any users that were added beforehand work fine. Any users that I attempt to create cannot login (error: NT_STATUS_LOGON_FAILURE). I was able to get one new user account to work (see below), but I cannot add any new users. The server is Ubuntu 9.10 running Samba 3.4.0. I am using: security = user pam password change = yes Updating passwords for existing users using passwd successfully updates on smbpass (auth.log): Jul 13 21:19:05 server passwd[3026]: pam_smbpass(passwd:chauthtok): password for (smbuser/1001) changed by (root/0) ...And authentication over smb works (auth.log): Jul 13 21:42:53 server smbd[3684]: pam_unix(samba:session): session opened for user ben by (uid=0) ...In samba.log: [2011/07/13 21:42:53, 4] auth/auth_sam.c:137(sam_account_ok) sam_account_ok: Checking SMB password for user smbuser [2011/07/13 21:42:53, 5] auth/auth.c:297(check_ntlm_password) check_ntlm_password: PAM Account for user [ben] succeeded However, if I do: smbpasswd -x user Failed to find entry for user smbuser. If I add a new user using: useradd newuser passwd newuser smbpasswd -a newuser This appears in auth.log: Jul 13 21:20:07 server passwd[3033]: pam_smbpass(passwd:chauthtok): Failed to find entry for user newuser. And if I attempt to authenticate (samba.log): [2011/07/13 21:50:11, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'newuser' in passdb. [2011/07/13 21:50:11, 5] auth/auth.c:274(check_ntlm_password) check_ntlm_password: sam authentication for user [newuser] FAILED with error NT_STATUS_NO_SUCH_USER [2011/07/13 21:50:11, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [newuser] - [newuser] FAILED with error NT_STATUS_NO_SUCH_USER Now... Here's where it gets interesting. At this point, I converted my smbpasswd containing newuser to tdb...: pdbedit -i smbpasswd -e tdbsam ...the account newuser now authenticate over SMB. However, adding any other new users is still not working. I have attempted to repeat the steps described above for adding a user and then converting smbpasswd to tdb again, but to no avail. I have not defined passdb backend in smb.conf. Anyone know what could be causing this? Did you check the output of testparm -v to make sure the password backend and password file is where you expect it to be? Did you try adding a user with pdbedit instead? Can you type which smbpasswd which pdbedit etc - I suspect you are using smbpasswd command from the old version of samba. Thanks for the reply. You're right, the documentation I had read said that smbpasswd would work with the new tdb backend. Can I not use it? For now, here are the outputs you requested: From testparm: passdb backend = tdbsam idmap backend = tdb idmap alloc backend = From which: /usr/bin/pdbedit /usr/bin/smbpasswd Maybe this will help, smbuser is a new user on my system who cannot authenticate over SMB. When I try to use smbpasswd -a -D10 smbuser I get an error in the middle of the output that says: Get_Pwnam_internals did find user [smbuser]! Here is the full output: [root@server:/]# smbpasswd -a -D10 smbuser (07-14 13:26) Netbios name list:- my_netbios_names[0]=SERVER Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to register passdb backend NDS_ldapsam_compat Successfully added passdb backend 'NDS_ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend wbc_sam Successfully added passdb backend 'wbc_sam' Attempting to find a passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init New SMB password: Retype new SMB password: tdbsam_open: successfully opened /etc/samba/passdb.tdb pdb_set_username: setting username smbuser, was pdb_set_domain: setting domain SERVER, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name , was pdb_set_homedir: setting home dir \\server\homes\%u, was pdb_set_dir_drive: setting dir drive m:, was NULL Finding user
[Samba] Problem adding new users after upgrade to 3.4.0
After upgrading to 3.4.0, I can no longer add new users. Any users that were added beforehand work fine. Any users that I attempt to create cannot login (error: NT_STATUS_LOGON_FAILURE). I was able to get one new user account to work (see below), but I cannot add any new users. The server is Ubuntu 9.10 running Samba 3.4.0. I am using: security = user pam password change = yes Updating passwords for existing users using passwd successfully updates on smbpass (auth.log): Jul 13 21:19:05 server passwd[3026]: pam_smbpass(passwd:chauthtok): password for (smbuser/1001) changed by (root/0) ...And authentication over smb works (auth.log): Jul 13 21:42:53 server smbd[3684]: pam_unix(samba:session): session opened for user ben by (uid=0) ...In samba.log: [2011/07/13 21:42:53, 4] auth/auth_sam.c:137(sam_account_ok) sam_account_ok: Checking SMB password for user smbuser [2011/07/13 21:42:53, 5] auth/auth.c:297(check_ntlm_password) check_ntlm_password: PAM Account for user [ben] succeeded However, if I do: smbpasswd -x user Failed to find entry for user smbuser. If I add a new user using: useradd newuser passwd newuser smbpasswd -a newuser This appears in auth.log: Jul 13 21:20:07 server passwd[3033]: pam_smbpass(passwd:chauthtok): Failed to find entry for user newuser. And if I attempt to authenticate (samba.log): [2011/07/13 21:50:11, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'newuser' in passdb. [2011/07/13 21:50:11, 5] auth/auth.c:274(check_ntlm_password) check_ntlm_password: sam authentication for user [newuser] FAILED with error NT_STATUS_NO_SUCH_USER [2011/07/13 21:50:11, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [newuser] - [newuser] FAILED with error NT_STATUS_NO_SUCH_USER Now... Here's where it gets interesting. At this point, I converted my smbpasswd containing newuser to tdb...: pdbedit -i smbpasswd -e tdbsam ...the account newuser now authenticate over SMB. However, adding any other new users is still not working. I have attempted to repeat the steps described above for adding a user and then converting smbpasswd to tdb again, but to no avail. I have not defined passdb backend in smb.conf. Anyone know what could be causing this? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba version 2.2.3a and Windows 7
Hello, I was wondering if anyone knew if Samba version 2.2.3a ran on Red Hat 7.3 will work with Windows 7. Currently even after editing the registry on the Windows system, I am able to connect but not log in. If you think that it will not work, is there a version of Samba that will work that is compatible with Red Hat 7.3 Thanks for your time. Ben Arthur -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba version 2.2.3a and Windows 7
Thanks John, I had seen that but I did not get the error that it mentioned, so I was wondering if something had changed. Thanks for your help! Ben Arthur On Thu, Apr 14, 2011 at 10:16 AM, John Drescher dresche...@gmail.comwrote: I was wondering if anyone knew if Samba version 2.2.3a ran on Red Hat 7.3 will work with Windows 7. Currently even after editing the registry on the Windows system, I am able to connect but not log in. If you think that it will not work, is there a version of Samba that will work that is compatible with Red Hat 7.3 Thanks for your time. You need 3.2.12 or higher to allow logins. https://wiki.samba.org/index.php/Windows7 John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Sage Accounts Performance Issues (Solved)
I've been struggling for several days with an issue to which I found a number of references, but few solutions, so wanted to put my experience out there, in the hope that others may find it useful at some time. A client company network of 10 WinXP Pro PCs and CentOS 4 server (a Fujitsu RX300x2) running Samba was last week replaced with 10 Win7 Pro PCs and a CentOS5 server (Fujitsu RX300s6) running Samba 3.0. Just a workgroup, no domain. Most of the configuration was migrated forward to the new server, including smb.conf. Performance on file copies to and from the shares (via mapped drive letters) was fine, but operations such as searches and reports in the Sage Line 50 version 2011 accounts package were taking 3 to 4 times longer than on the old system. (This was putting a VAT quarter calculation up to about 1.25 hours, since this is a large dataset for Sage Line 50.) I tried a number of things, including turning oplocks on and off on the sage data share, and a number of things on the PCS - no help at all. I moved from Samba 3.0 to Samba 3.3, using the Samba3x packages provided for RHEL / CentOS. No help. (Although this may have been contributory in the end - I can't prove either way.) I then found that I had in my smb.conf the line socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 which had come forward from the old server. Removing the socket options line made no obvious difference to the speed with oplocks disabled, but one this line was removed AND optlocks were enabled on the Sage share (oplocks = True, level2 oplocks = True) performance for Sage searches and reports was improved by a factor of at least 10 - significantly more for some operations. Getting here has taken turned up logging, much Googling, some Wireshark packet examination, etc. End result submitted in the hope of saving someone else some work. Ben -- Ben Clayton Director Irax Ltd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot rename directory - Samba acting two different ways on identical systems
= /usr/sbin/useradd -d /dev/null -c 'Samba User Account' -s /dev/null '%u' add user to group script = /usr/sbin/useradd -d /dev/null -c 'Samba User Account' -s /dev/null -g '%g' '%u' add group script = /usr/sbin/groupadd '%g' delete user script = /usr/sbin/userdel '%u' delete user from group script = /usr/sbin/userdel '%u' '%g' delete group script = /usr/sbin/groupdel '%g' add machine script = /usr/sbin/useradd -d /dev/null -g sambamachines -c 'Samba Machine Account' -s /dev/null -M '%u' machine password timeout = 120 idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /dev/null winbind use default domain = yes winbind separator = @ winbind cache time = 360 winbind trusted domains only = yes winbind nested groups = no winbind nss info = no winbind refresh tickets = no winbind offline logon = no [acct] path = /mnt/acct comment = acct Files valid users = user1 acct1 write list = user1 acct1 directory mask = 0775 create mode = 0775 read only = no available = yes browseable = yes writable = no guest ok = no public = no printable = no locking = no [store] path = /mnt/store comment = store valid users = user1 user2 user3 user4 write list = user1 user2 user3 user4 create mask = 770 force create mode = 770 security mask = 770 force security mode = 644 directory mask = 770 force directory mode = 770 directory security mask = 770 force directory security mode = 770 read only = no available = yes browseable = yes writable = no guest ok = no public = no printable = no locking = no Ben Sigman Rent-A-Geek, LA PH: 310-998-7070 ext 101 EMAIL: b...@rentageekla.com Rent-A-Geek, LA 9544 W. Pico Blvd Los Angeles, CA 90035 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 and active directory computers
HmmmSame problem still. I will note that Samba installed from Ubuntu's repositories does not include the file ntlmssp.c on my system. I did grab a copy of the file, put it in the proper place, restarted samba, and I see the same things in my logs. The samba version from the repository is 3.4.7. I am still locked into how to make this work. It reads that this seems not to be a problem at all in Samba 6 and I am debating installing the latest stable version of samba from source instead of aptitude. Of course, that means I don't get patches from Ubuntu for it but once I get this going I am hoping to not have to do any real work on it again for a couple of years. Ben On Thu, Dec 16, 2010 at 4:01 AM, Volker Lendecke volker.lende...@sernet.dewrote: On Wed, Dec 15, 2010 at 05:00:52PM -0600, Ben Cone wrote: Installed Samba 3 with Winbind on Ubuntu server 10.04 x64. User accounts authenticate beautifully using the domain. wbinfo -u and wbinfo -g show me all of my domain user accounts and groups respectively. I want to use Active Directory to deploy software to the computers, however, I cannot get the computers in active directory to be able to authenticate to the Samba server. Here is what I have in my error logs. [2010/12/15 16:48:06, 3] libsmb/ntlmssp.c:745(ntlmssp_server_auth) Got user=[] domain=[] workstation=[IT-OFFICE2] len1=1 len2=0 There's https://bugzilla.samba.org/show_bug.cgi?id=7817. You might want to try the attached patch which fixed it. With best regards, Volker Lendecke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 and active directory computers
Ok, I am going to tackle compiling samba from source and go from there. I have compiled a lot of other things including samba4 before from source on Ubuntu so no big deal. I was hoping for a different fix, but I'll go that route and go from there. On Thu, Dec 16, 2010 at 1:18 PM, Volker Lendecke volker.lende...@sernet.dewrote: On Thu, Dec 16, 2010 at 10:32:15AM -0600, Ben Cone wrote: I will note that Samba installed from Ubuntu's repositories does not include the file ntlmssp.c on my system. I did grab a copy of the file, put it in the proper place, restarted samba, and I see the same things in my logs. The samba version from the repository is 3.4.7. Did you recompile Samba? I'm not sure, but from what you write sounds like you did not. If you want official Ubuntu repos with that patch, you need to contact Canonical support about this. You might also contact one of the companies listed under http://samba.org/samba/support to assist you to compile Samba for you. I am still locked into how to make this work. It reads that this seems not to be a problem at all in Samba 6 and I am debating installing the latest stable version of samba from source instead of aptitude. Of course, that means I don't get patches from Ubuntu for it but once I get this going I am hoping to not have to do any real work on it again for a couple of years. That's a valid request. But apparently you found a but in what Ubuntu ships. One thing to look at might be to remove the force group. If you can live without that, it might help you work around that bug. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3 and active directory computers
Installed Samba 3 with Winbind on Ubuntu server 10.04 x64. User accounts authenticate beautifully using the domain. wbinfo -u and wbinfo -g show me all of my domain user accounts and groups respectively. I want to use Active Directory to deploy software to the computers, however, I cannot get the computers in active directory to be able to authenticate to the Samba server. Here is what I have in my error logs. [2010/12/15 16:48:06, 3] libsmb/ntlmssp.c:745(ntlmssp_server_auth) Got user=[] domain=[] workstation=[IT-OFFICE2] len1=1 len2=0 and [2010/12/15 16:48:09, 3] smbd/service.c:807(make_connection_snum) Connect path is '/home/OFFICE2008/apps' for service [apps] [2010/12/15 16:48:09, 0] smbd/service.c:833(make_connection_snum) make_connection: connection to apps denied due to security descriptor. [2010/12/15 16:48:09, 3] smbd/error.c:60(error_packet_set) error packet at smbd/reply.c(689) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED And below is my smb.conf [global] prefered master = no server string = file server security = ADS netbios name = storage realm = OFFICE.DOMAIN.COM password server = swerver2008.office.domain.com encrypt passwords = yes workgroup = OFFICE2008 idmap uid = 500-1000 idmap gid = 500-1000 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind refresh tickets = yes winbind nested groups = yes ;template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes domain master = no #logging log file = /var/log/samba/log.%m log level = 3 max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action [office] comment = Directory for files general office share path= /office Valid Users =...@office.domain.com+officestaff ; public=yes writable=yes browseable=yes create mask = 0770 force create mode = 0770 force directory mode = 0770 force group = @OFFICE.DOMAIN.COM+officeStaff [apps] comment = Directory for applications to be deployed using group policy path = /home/OFFICE2008/apps ; Valid Users =...@office.domain.com+officecomputers public=yes writable=yes browseable=yes force create mode = 0755 force directory mode = 0755 force group = @OFFICE.DOMAIN.COM+officeComputers guest ok = yes guest account = nobody Where am I going wrong? Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 smb.conf questions
I am trying to find a good guide for setting up the smb.conf and can't seem to find anything. Here's what I have been trying to do and it hasn't been working correctly. We had a Windows Server 2003 DC. I had to upgrade it because of some problems we were having and upgraded to Windows Server 2008 R2. After that, my Samba 3 with Winbind file server quit authenticating to the AD domain and try as I might I couldn't get it to work. This is largely because even though we have a perfectly good DC, all of our workstations are just in a giant workgroup (and management just won't give in and let me change it). After playing with Likewise and samba for a bit I gave up that bag and thought I would give Samba4 a try. So far I am really liking what I am seeing. I realize that we are still in beta land, but what we have so far may just work for what I want to do. I have been trying to find a good guide to configure the smb.conf file but haven't really found anything. By the way, successful install on ubuntu 10.04 x64 server that formally had samba 3 and winbind on it that were installed from aptitude. Any help would be appreciated. Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] 100% CPU using OSX client
Hi there, Normally happy OSX (10.6.4) user here. I am accessing a samba share on my Gentoo linux machine (i know, i know...) which is running samba-3.4.9 at the moment. When I try to copy files from a CD on my mac to the smb:// share, after every few files the transfer will pause for a few seconds, and during the pause the linux machine will use 100% cpu - the result is a very obvious stop-start-stop-start on the CD drive. However, when I copy the same files from the same CD to the same share, using the same computer, but from Windows 7 instead of OSX, there is no such slowness. Very bizarre. I've tried one or two things I've found on Google such as turning on or off delayed ACK on the OSX client (no difference) or adding or removing tuning options in smb config such as TCP_NODELAY - again, no change. Using my powers of educated guessing, I would say that the OSX client is trying to do something with the samba share between each file that Windows is not; but I really have no idea. Any suggestions appreciated, thank you in advance. -- Ben XO / Last.fm / Bassdrive / DI.FM http://www.last.fm/user/ben-xo http://twitter.com/benxo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] hoe to get group names.?
hi this is my smb.conf [global] workgroup = SRE server string = Samba Server security = ads log file = /var/samba/log/log.%m max log size = 50 dns proxy = No realm = SRE.COM winbind separator = + winbind enum users = yes * template homedir = /export/home/%U* idmap domains = SRE idmap config SRE:default = yes idmap config SRE:backend = tdb idmap config SRE:range = 1-2 idmap alloc backend = tdb idmap alloc config:range = 1-2 log level = 10 max log size = 1024 use kerberos keytab = true [homes] comment = Home Directories browseable = no writable = yes create mode = 0666 directory mode = 0777 vfs objects = zfsacl nt acl support = true *force user = %U* read only = No like %U is there any option for getting groups from AD..that means if the ad user loged in to domain,,* template homedir = /export/home/%U *displayes a temp folder with that pirticular group na..like that i want to create temp folder's with group name* *any chance..?* *thanks Ben.T.George* * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with AD integration
i tried to telnet to sun1(unix) machine..but login failed. i tried benvin user on AD..not ben /var/samba/log [2010/10/04 15:24:06, 6] nsswitch/winbindd.c:(641) accepted socket 23 [2010/10/04 15:24:06, 10] nsswitch/winbindd.c:(326) process_request: request fn INTERFACE_VERSION [2010/10/04 15:24:06, 3] nsswitch/winbindd_misc.c:(491) [ 5806]: request interface version [2010/10/04 15:24:06, 10] nsswitch/winbindd.c:(326) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2010/10/04 15:24:06, 3] nsswitch/winbindd_misc.c:(524) [ 5806]: request location of privileged pipe [2010/10/04 15:24:06, 6] nsswitch/winbindd.c:(641) accepted socket 31 [2010/10/04 15:24:06, 10] nsswitch/winbindd.c:(326) process_request: request fn GETGROUPS [2010/10/04 15:24:06, 3] nsswitch/winbindd_group.c:(1273) [ 5806]: getgroups root [2010/10/04 15:24:06, 5] nsswitch/winbindd_group.c:(1292) Could not parse domain user: root [2010/10/04 15:24:06, 10] lib/events.c:(131) Added timed event async_request_timeout: 2f11e0 [2010/10/04 15:24:06, 10] lib/events.c:(299) timed_events_timeout: 299/06 [2010/10/04 15:24:06, 10] lib/events.c:(66) Destroying timed event 2f11e0 async_request_timeout [2010/10/04 15:24:06, 10] nsswitch/winbindd_cache.c:(2307) Retrieving response for pid 4252 [2010/10/04 15:24:06, 5] nsswitch/winbindd_async.c:(1303) Could not find domain from SID S-1-22-1-0 -- [2010/10/04 15:24:37, 6] nsswitch/winbindd.c:(641) accepted socket 23 [2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326) process_request: request fn INTERFACE_VERSION [2010/10/04 15:24:37, 3] nsswitch/winbindd_misc.c:(491) [ 5809]: request interface version [2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2010/10/04 15:24:37, 3] nsswitch/winbindd_misc.c:(524) [ 5809]: request location of privileged pipe [2010/10/04 15:24:37, 6] nsswitch/winbindd.c:(641) accepted socket 31 [2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326) process_request: request fn GETPWNAM [2010/10/04 15:24:37, 3] nsswitch/winbindd_user.c:(346) [ 5809]: getpwnam benvin [2010/10/04 15:24:37, 5] nsswitch/winbindd_user.c:(353) Could not parse domain user: benvin [2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326) process_request: request fn GETPWNAM [2010/10/04 15:24:37, 3] nsswitch/winbindd_user.c:(346) [ 5809]: getpwnam benvin [2010/10/04 15:24:37, 5] nsswitch/winbindd_user.c:(353) Could not parse domain user: benvin [2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326) process_request: request fn GETPWNAM [2010/10/04 15:24:37, 3] nsswitch/winbindd_user.c:(346) [ 5809]: getpwnam benvin [2010/10/04 15:24:37, 5] nsswitch/winbindd_user.c:(353) Could not parse domain user: benvin i didn't understand anything from this log On Mon, Oct 4, 2010 at 4:11 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: According to your page getent passwd is showing the domain users. If you try to ssh into your linux machine as ben, with the way nsswitch.conf is configured, it will try to authenticated you as the ben in /etc/passwd not the one in the AD domain. I suggest you try the following comment out ben from /etc/passwd and /etc/shadow. Make sure that the /export/Home/ben directory is owned by the SRE+ben user. See if you can ssh into linux as ben. (I think you can specify ben and not SRE+ben for the ssh user.) Keep an eye on the log files e.g in /var/samba/log or /var/log/samba. You have still not clarified why nsswitch.conf has entries for ldap. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with samba AD integration
Support contract..? how much for that the thing i am doing this is to fix my job..because this this my 1st project. i didn't get salery to..anyway can u please give your rate for this.. :( On Mon, Oct 4, 2010 at 1:08 PM, d...@penguinfactory.co.uk wrote: On Mon, Oct 04, 2010 at 12:24:50PM +0300, Ben George wrote: Content preview: Hi please check tis link.. http://bentgeorge.com/samba/ [...] Yes, I have read this page and understand what you wish to achieve. There are several ways to do it depending on the requirements of your network. Home directories can be autogenerated under different circumstances, from user creation to first connection. Can you please be clear: do you wish to purchase a support contract? If not, I recommend you continue asking on the public Samba forums, where a lot of people do get help. Regards, -- Dan Shearer d...@penguinfactory.co.uk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help with AD integration
HI Friends please check my problem http://bentgeorge.com/samba/ Thanks Ben.T.George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba with AD help.
Hi please check with this link http://bentgeorge.com/samba/ On Fri, Oct 1, 2010 at 5:09 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: But your output shows params.c:pm_process() - Processing configuration file /etc/sfw/smb.conf On 10/01/2010 07:26 AM, Ben George wrote: yes sunfreeware samba installed under /usr/local/samba configuration file /usr/local/samba/lib i exported this lib PATH also the testparm is under /usr/local/samba/bin/ i exicuted this testparm..that shows the sunfreeware samba's smb.conf settings. On Fri, Oct 1, 2010 at 2:22 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: This reminded me of something: Solaris is bundled with Kerberos. However, with sunfreeware samba you may have also installed Kerberos packages from sun freeware. Assuming the PATH is let for /usr/local/bin:/usr/local/sbin:$PATH and LD_LIBRARY_PATH is set /usr/local/lib: you should be using the sunfreeware versions of software rather than the sun versions. I don't know if sunfreeware Kerberos uses the same config files as sun Kerberos- which means you may be have not configured the correct files. On a related note, Sunfreeware samba uses /usr/local/etc/smb.conf (or something close to that) by default. The solaris bundled samba uses /etc/sfw/smb.conf If you type which testparm are you running the correct testparm? When you run testparm -v is it finding the correct smb.conf? Or maybe you already sym linked your smb.conf file. -Original Message- From: samba-boun...@lists.samba.org [mailto: samba-boun...@lists.samba.org] On Behalf Of Max León Sent: Wednesday, September 29, 2010 8:22 PM To: samba@lists.samba.org Subject: Re: [Samba] samba with AD help. Can you post the global part of your smb.conf, your nsswitch and your kerberos.conf? On 9/29/10 5:33 AM, Ben George wrote: when i try to join the domain in UNIX (Sun Solaris 10 SPARC),i got error message like this bash-3.00# ./net ads -d3 join -U administra...@sre.com [2010/09/29 14:26:02, 3] param/loadparm.c:(5055) lp_load: refreshing parameters [2010/09/29 14:26:02, 3] param/loadparm.c:(1440) Initialising global parameters [2010/09/29 14:26:02, 3] param/params.c:(572) params.c:pm_process() - Processing configuration file /etc/sfw/smb.conf [2010/09/29 14:26:02, 3] param/loadparm.c:(3794) Processing section [global] [2010/09/29 14:26:02, 2] lib/interface.c:(81) added interface ip=192.168.1.11 bcast=192.168.1.255 nmask=255.255.255.0 Host is not configured as a member server. Invalid configuration. Exiting Failed to join domain: Invalid domain role [2010/09/29 14:26:02, 2] utils/net.c:(1075) return code = -1 please help me solve this thanks -- Max León Systems Director Wire Watchers : enterprise : technology : genius -- Avenida 11 y Calle 7-9, Barrio Amón, San José, Costa Rica cel: +(506) 8364-6261 | fax: +(506) 2258-3695 email: ml...@wirewatchers.com mailto:ml...@wirewatchers.com | www.wirewatchers.com http://www.wirewatchers.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba with AD help.
yes sunfreeware samba installed under /usr/local/samba configuration file /usr/local/samba/lib i exported this lib PATH also the testparm is under /usr/local/samba/bin/ i exicuted this testparm..that shows the sunfreeware samba's smb.conf settings. On Fri, Oct 1, 2010 at 2:22 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: This reminded me of something: Solaris is bundled with Kerberos. However, with sunfreeware samba you may have also installed Kerberos packages from sun freeware. Assuming the PATH is let for /usr/local/bin:/usr/local/sbin:$PATH and LD_LIBRARY_PATH is set /usr/local/lib: you should be using the sunfreeware versions of software rather than the sun versions. I don't know if sunfreeware Kerberos uses the same config files as sun Kerberos- which means you may be have not configured the correct files. On a related note, Sunfreeware samba uses /usr/local/etc/smb.conf (or something close to that) by default. The solaris bundled samba uses /etc/sfw/smb.conf If you type which testparm are you running the correct testparm? When you run testparm -v is it finding the correct smb.conf? Or maybe you already sym linked your smb.conf file. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Max León Sent: Wednesday, September 29, 2010 8:22 PM To: samba@lists.samba.org Subject: Re: [Samba] samba with AD help. Can you post the global part of your smb.conf, your nsswitch and your kerberos.conf? On 9/29/10 5:33 AM, Ben George wrote: when i try to join the domain in UNIX (Sun Solaris 10 SPARC),i got error message like this bash-3.00# ./net ads -d3 join -U administra...@sre.com [2010/09/29 14:26:02, 3] param/loadparm.c:(5055) lp_load: refreshing parameters [2010/09/29 14:26:02, 3] param/loadparm.c:(1440) Initialising global parameters [2010/09/29 14:26:02, 3] param/params.c:(572) params.c:pm_process() - Processing configuration file /etc/sfw/smb.conf [2010/09/29 14:26:02, 3] param/loadparm.c:(3794) Processing section [global] [2010/09/29 14:26:02, 2] lib/interface.c:(81) added interface ip=192.168.1.11 bcast=192.168.1.255 nmask=255.255.255.0 Host is not configured as a member server. Invalid configuration. Exiting Failed to join domain: Invalid domain role [2010/09/29 14:26:02, 2] utils/net.c:(1075) return code = -1 please help me solve this thanks -- Max León Systems Director Wire Watchers : enterprise : technology : genius -- Avenida 11 y Calle 7-9, Barrio Amón, San José, Costa Rica cel: +(506) 8364-6261 | fax: +(506) 2258-3695 email: ml...@wirewatchers.com mailto:ml...@wirewatchers.com | www.wirewatchers.com http://www.wirewatchers.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba with AD help.
Ho that's first mail na... after that i started the net join from /usr/local/samba/bin at first i mistakenly choose default net join..that's Y On Fri, Oct 1, 2010 at 5:09 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: But your output shows params.c:pm_process() - Processing configuration file /etc/sfw/smb.conf On 10/01/2010 07:26 AM, Ben George wrote: yes sunfreeware samba installed under /usr/local/samba configuration file /usr/local/samba/lib i exported this lib PATH also the testparm is under /usr/local/samba/bin/ i exicuted this testparm..that shows the sunfreeware samba's smb.conf settings. On Fri, Oct 1, 2010 at 2:22 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: This reminded me of something: Solaris is bundled with Kerberos. However, with sunfreeware samba you may have also installed Kerberos packages from sun freeware. Assuming the PATH is let for /usr/local/bin:/usr/local/sbin:$PATH and LD_LIBRARY_PATH is set /usr/local/lib: you should be using the sunfreeware versions of software rather than the sun versions. I don't know if sunfreeware Kerberos uses the same config files as sun Kerberos- which means you may be have not configured the correct files. On a related note, Sunfreeware samba uses /usr/local/etc/smb.conf (or something close to that) by default. The solaris bundled samba uses /etc/sfw/smb.conf If you type which testparm are you running the correct testparm? When you run testparm -v is it finding the correct smb.conf? Or maybe you already sym linked your smb.conf file. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org ] On Behalf Of Max León Sent: Wednesday, September 29, 2010 8:22 PM To: samba@lists.samba.org Subject: Re: [Samba] samba with AD help. Can you post the global part of your smb.conf, your nsswitch and your kerberos.conf? On 9/29/10 5:33 AM, Ben George wrote: when i try to join the domain in UNIX (Sun Solaris 10 SPARC),i got error message like this bash-3.00# ./net ads -d3 join -U administra...@sre.com [2010/09/29 14:26:02, 3] param/loadparm.c:(5055) lp_load: refreshing parameters [2010/09/29 14:26:02, 3] param/loadparm.c:(1440) Initialising global parameters [2010/09/29 14:26:02, 3] param/params.c:(572) params.c:pm_process() - Processing configuration file /etc/sfw/smb.conf [2010/09/29 14:26:02, 3] param/loadparm.c:(3794) Processing section [global] [2010/09/29 14:26:02, 2] lib/interface.c:(81) added interface ip=192.168.1.11 bcast=192.168.1.255 nmask=255.255.255.0 Host is not configured as a member server. Invalid configuration. Exiting Failed to join domain: Invalid domain role [2010/09/29 14:26:02, 2] utils/net.c:(1075) return code = -1 please help me solve this thanks -- Max León Systems Director Wire Watchers : enterprise : technology : genius -- Avenida 11 y Calle 7-9, Barrio Amón, San José, Costa Rica cel: +(506) 8364-6261 | fax: +(506) 2258-3695 email: ml...@wirewatchers.com mailto:ml...@wirewatchers.com | www.wirewatchers.com http://www.wirewatchers.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help with AD integration
HI
My name is Ben.T.George.
i followed http://www.edsiohio.com/images/advanced-AD-2009-05-18.pdf this
tutorial
my current status is .i successfully joined to the AD
*bash-3.00# ./net ads join -U administrator
Enter administrator's password:
Using short domain name -- SRE
Joined 'SUN1' to realm 'sre.com'*
and Wbinfo shows the users and groups from the AD
*bash-3.00# ./wbinfo -u
SUN1+ramana
SUN1+user1
SUN1+ben
administrator
guest
support_388945a0
krbtgt
teju
ben
ramana*
*bash-3.00# ./wbinfo -g
helpservicesgroup
telnetclients
domain computers
domain controllers
schema admins
enterprise admins
cert publishers
domain admins
domain users
domain guests
group policy creator owners
ras and ias servers
dnsadmins
dnsupdateproxy*
then i checked the AD,the Sun1 is listed under the computer tab.
That means my connection side is success na..?
this is my smb.conf file
*# Samba config file created using SWAT
# from UNKNOWN (ÿ¿û^H)
# Date: 2010/09/29 17:37:34
[global]
workgroup = SRE
realm = SRE.COM http://sre.com/
security = ADS
idmap uid = 1-2
idmap gid = 1-2
winbind separator = +
winbind use default domain = Yes
[user1]
path = /export/home/user1
valid users = user1, ramana, teju
[ramana]
path = /export/home/ramana
valid users = ramana, teju
[teju]
path = /export/home/teju
valid users = teju
[ben]
path = /export/home/ben
valid users = ben
[user1]
path = /export/home/user1
valid users = ben, user1, ramana, teju*
And Kerberos file: krb5.conf
*[libdefaults]
dns_lookup_realm = false
default_realm = SRE.COM http://sre.com/
ticket_lifetime = 600
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
#[kdc]
#profile = /krb5/var/krb5kdc/kdc.conf
[logging]
default = FILE:/usr/local/var/log/kdc.log
kdc = FILE:/usr/local/var/log/kdc.log
admin_server = FILE:/usr/local/var/log/adm.log
[realms]
SRE.COM http://sre.com/ = {
kdc = srec.sre.com:88
admin_server = srec.sre.com:749
#default_domain = SRE.COM http://sre.com/
}
[domain_realm]
.sre.com = SRE.COM http://sre.com/
sre.com = SRE.COM http://sre.com/
[login]
krb4_convert = 0*
my need is,suppose ben is a user common to unix and windows..
when i login as ben through a windows machine,want to access the shared
folder for ben in Unix.(without giving password for ben)
another thing is when we change the password or username in Active
Directory,it also affect the same user in the unix
that means suppose i changes the user ben to ben1,and password...the changes
must be written in the /etc/passwd and shadow file..
is there any way to do this..i a beginner to this.so please give me good
advice
Thanks
Ben.T.George
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] help with AD integration
HI
My name is Ben.T.George.
i followed http://www.edsiohio.com/images/advanced-AD-2009-05-18.pdf this
tutorial
my current status is .i successfully joined to the AD
*bash-3.00# ./net ads join -U administrator
Enter administrator's password:
Using short domain name -- SRE
Joined 'SUN1' to realm 'sre.com'*
and Wbinfo shows the users and groups from the AD
*bash-3.00# ./wbinfo -u
SUN1+ramana
SUN1+user1
SUN1+ben
administrator
guest
support_388945a0
krbtgt
teju
ben
ramana*
*bash-3.00# ./wbinfo -g
helpservicesgroup
telnetclients
domain computers
domain controllers
schema admins
enterprise admins
cert publishers
domain admins
domain users
domain guests
group policy creator owners
ras and ias servers
dnsadmins
dnsupdateproxy*
then i checked the AD,the Sun1 is listed under the computer tab.
That means my connection side is success na..?
this is my smb.conf file
*# Samba config file created using SWAT
# from UNKNOWN (ÿ¿û^H)
# Date: 2010/09/29 17:37:34
[global]
workgroup = SRE
realm = SRE.COM http://sre.com/
security = ADS
idmap uid = 1-2
idmap gid = 1-2
winbind separator = +
winbind use default domain = Yes
[user1]
path = /export/home/user1
valid users = user1, ramana, teju
[ramana]
path = /export/home/ramana
valid users = ramana, teju
[teju]
path = /export/home/teju
valid users = teju
[ben]
path = /export/home/ben
valid users = ben
[user1]
path = /export/home/user1
valid users = ben, user1, ramana, teju*
And Kerberos file: krb5.conf
*[libdefaults]
dns_lookup_realm = false
default_realm = SRE.COM http://sre.com/
ticket_lifetime = 600
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
#[kdc]
#profile = /krb5/var/krb5kdc/kdc.conf
[logging]
default = FILE:/usr/local/var/log/kdc.log
kdc = FILE:/usr/local/var/log/kdc.log
admin_server = FILE:/usr/local/var/log/adm.log
[realms]
SRE.COM http://sre.com/ = {
kdc = srec.sre.com:88
admin_server = srec.sre.com:749
#default_domain = SRE.COM http://sre.com/
}
[domain_realm]
.sre.com = SRE.COM http://sre.com/
sre.com = SRE.COM http://sre.com/
[login]
krb4_convert = 0*
my need is,suppose ben is a user common to unix and windows..
when i login as ben through a windows machine,want to access the shared
folder for ben in Unix.(without giving password for ben)
another thing is when we change the password or username in Active
Directory,it also affect the same user in the unix
that means suppose i changes the user ben to ben1,and password...the changes
must be written in the /etc/passwd and shadow file..
is there any way to do this..i a beginner to this.so please give me good
advice
Thanks
Ben.T.George
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with AD integration
Thanks for your replay.. yes my client told me like this that's Y..and the manager gave that work to newly joined me.. :( i don't have any AD and core unix experience..i have only experience in linux.not much may this project will affect my job.. :( my nsswitch.conf *passwd: files ldap winbind group: files ldap winbind hosts: dns files ipnodes:dns files* *nsswitch+winbind (which I do) or the smb pam module*..? :( i don't know..my client's need is he has a linux machine..also a ADS..from the unix machine, he want to share secure folder's to the AD user's..so eash user can only access that particular shared folder..when the password of user changed in AD, that will affect to the smbpassword...means without changing that particular user's smb password in the unix machine.. for this need which method is useful..from your experience *Does getent passwd show the windows users?* please check the output ..i think getent password only shows unix system password *bash-3.00# getent passwd root:x:0:0:Super-User:/:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico smmsp:x:25:25:SendMail Message Submission Program:/: listen:x:37:4:Network Admin:/usr/net/nls: gdm:x:50:50:GDM Reserved UID:/: webservd:x:80:80:WebServer Reserved UID:/: postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh svctag:x:95:12:Service Tag UID:/: nobody:x:60001:60001:NFS Anonymous Access User:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: ramana:x:100:1::/export/home/ramana:/bin/sh teju:x:101:1::/export/home/teju:/bin/sh user1:x:102:1::/export/home/user1:/bin/sh ben:x:103:1::/home/ben:/bin/sh* you already have a unix ben and a ADS ben defined? Yes i defined the ben user in Unix and ADS...bcoz i don't have much knowledge about that sorry Hope u will help me Thanks Ben.T.George On Thu, Sep 30, 2010 at 3:59 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: disclaimer: I don't use Samba as an ADS member server. I use samba as PDC with trusts to an ADS domain. So my observations may not be valuid. Did you try updating nsswitch.conf passwd: files winbind group:files winbind If you are using a Windows domain and have a user defined in the domain, you generally don't want to add the user as a local user. Since the underlying unix OS needs to know about the domain users you need to either use nsswitch+winbind (which I do) or the smb pam module (which I don't use, and not sure if it really is the correct approach.) If you use nsswitch.conf+winbind you can then also OPTIONALLY allow windows users unix access like ssh.My samba server is a PDC- I have a domain trust with windows domains BUT the default shell is /bin/false. (It is still a little flaky...) Does getent passwd show the windows users? It should show something like ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false or SRE+ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false It looks like = you already have a unix ben and a ADS ben defined? wbinfo -s and wbinfo -n are also useful for making sure that the name-to-sid and sid-to-name mappings are correct for domain users. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with AD integration
Sun Solaris 10 (under SPARC) local users in /etc/passwd samba 3.4.2 from sunfreeware.com getent passwd *ramana:x:100:1::/export/home/ramana:/bin/sh teju:x:101:1::/export/home/teju:/bin/sh user1:x:102:1::/export/home/user1:/bin/sh ben:x:103:1::/home/ben:/bin/sh *like this* ** *Thanks Ben.T.George* * On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Then it sounds like you need the AD integration. If the user's also login to the linux workstation directly (or via ssh) then you will need to configure winbind and nsswitch to support unix logins. Why does nsswitch.conf include ldap? Is this the only linux/unix machine? Are local users in ldap or /etc/passwd? What version of samba? What version of linux? Ideally getent passwd woudl show something like ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh or SRE+ben:*:10001:10001:Ben George:/export/Home/SRE/ben:/bin/bash I don't think you need a huge amount of AD experience to make this work but I think you have to have general understanding of what WIndows domains are about. You should also review the smb.conf man page for the section on idmap_ad. On 09/30/2010 09:24 AM, Ben George wrote: Thanks for your replay.. yes my client told me like this that's Y..and the manager gave that work to newly joined me.. :( i don't have any AD and core unix experience..i have only experience in linux.not much may this project will affect my job.. :( my nsswitch.conf *passwd: files ldap winbind group: files ldap winbind hosts: dns files ipnodes:dns files* *nsswitch+winbind (which I do) or the smb pam module*..? :( i don't know..my client's need is he has a linux machine..also a ADS..from the unix machine, he want to share secure folder's to the AD user's..so eash user can only access that particular shared folder..when the password of user changed in AD, that will affect to the smbpassword...means without changing that particular user's smb password in the unix machine.. for this need which method is useful..from your experience *Does getent passwd show the windows users?* please check the output ..i think getent password only shows unix system password *bash-3.00# getent passwd root:x:0:0:Super-User:/:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico smmsp:x:25:25:SendMail Message Submission Program:/: listen:x:37:4:Network Admin:/usr/net/nls: gdm:x:50:50:GDM Reserved UID:/: webservd:x:80:80:WebServer Reserved UID:/: postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh svctag:x:95:12:Service Tag UID:/: nobody:x:60001:60001:NFS Anonymous Access User:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: ramana:x:100:1::/export/home/ramana:/bin/sh teju:x:101:1::/export/home/teju:/bin/sh user1:x:102:1::/export/home/user1:/bin/sh ben:x:103:1::/home/ben:/bin/sh* you already have a unix ben and a ADS ben defined? Yes i defined the ben user in Unix and ADS...bcoz i don't have much knowledge about that sorry Hope u will help me Thanks Ben.T.George On Thu, Sep 30, 2010 at 3:59 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: disclaimer: I don't use Samba as an ADS member server. I use samba as PDC with trusts to an ADS domain. So my observations may not be valuid. Did you try updating nsswitch.conf passwd: files winbind group:files winbind If you are using a Windows domain and have a user defined in the domain, you generally don't want to add the user as a local user. Since the underlying unix OS needs to know about the domain users you need to either use nsswitch+winbind (which I do) or the smb pam module (which I don't use, and not sure if it really is the correct approach.) If you use nsswitch.conf+winbind you can then also OPTIONALLY allow windows users unix access like ssh.My samba server is a PDC- I have a domain trust with windows domains BUT the default shell is /bin/false. (It is still a little flaky...) Does getent passwd show the windows users? It should show something like ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false or SRE+ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false It looks like = you already have a unix ben and a ADS ben defined? wbinfo -s and wbinfo -n are also useful for making sure that the name-to-sid and sid-to-name mappings are correct for domain users. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with AD integration
yes client has Solaris and a windows xp machine under the AD domain yes i exported the paths to the newly installed /usr/local/samba/lib me using the new packahes and disabled the default packages On Thu, Sep 30, 2010 at 6:16 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: So to clarify the customer has a Sun Solaris 10 UNIX machine and a Linux workstation? FOR SOLARIS I had problems with getting nsswitch+winbind working with the samba from sunfreeware- I had to recompile from scratch (major headache.) In hindsight this may not have been necessary for winbind- although I had to recompile anyway for ZFS support. On solaris, you should have a file called /usr/lib/nss_winbind.so.1 - which is the nsswitcher winbind library provided by the samba that sun bundles with solaris 10 (but this is samba 3.0.x and too old to be much use.) In /usr/local/samba/lib - do you see an nss_winbind.so.1 file?How is your PATH and LD_LIBRARY_PATH set- you want to make sure you are using the /usr/local/samba/bin and /usr/local/samba/lib first. If you run truss getent passwd | tee log1.txt you should see it looking for nss_winbind.so.1 - ideally it will look in /usr/local/samba/lib before /usr/lib. If it uses /usr/lib/nss_winbind.so.1 that will probably NOT work. You may want to rename that file just to make sure. On 09/30/2010 10:57 AM, Ben George wrote: Sun Solaris 10 (under SPARC) local users in /etc/passwd samba 3.4.2 from sunfreeware.com getent passwd *ramana:x:100:1::/export/home/ramana:/bin/sh teju:x:101:1::/export/home/teju:/bin/sh user1:x:102:1::/export/home/user1:/bin/sh ben:x:103:1::/home/ben:/bin/sh *like this* ** *Thanks Ben.T.George* * On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Then it sounds like you need the AD integration. If the user's also login to the linux workstation directly (or via ssh) then you will need to configure winbind and nsswitch to support unix logins. Why does nsswitch.conf include ldap? Is this the only linux/unix machine? Are local users in ldap or /etc/passwd? What version of samba? What version of linux? Ideally getent passwd woudl show something like ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh or SRE+ben:*:10001:10001:Ben George:/export/Home/SRE/ben:/bin/bash I don't think you need a huge amount of AD experience to make this work but I think you have to have general understanding of what WIndows domains are about. You should also review the smb.conf man page for the section on idmap_ad. On 09/30/2010 09:24 AM, Ben George wrote: Thanks for your replay.. yes my client told me like this that's Y..and the manager gave that work to newly joined me.. :( i don't have any AD and core unix experience..i have only experience in linux.not much may this project will affect my job.. :( my nsswitch.conf *passwd: files ldap winbind group: files ldap winbind hosts: dns files ipnodes:dns files* *nsswitch+winbind (which I do) or the smb pam module*..? :( i don't know..my client's need is he has a linux machine..also a ADS..from the unix machine, he want to share secure folder's to the AD user's..so eash user can only access that particular shared folder..when the password of user changed in AD, that will affect to the smbpassword...means without changing that particular user's smb password in the unix machine.. for this need which method is useful..from your experience *Does getent passwd show the windows users?* please check the output ..i think getent password only shows unix system password *bash-3.00# getent passwd root:x:0:0:Super-User:/:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico smmsp:x:25:25:SendMail Message Submission Program:/: listen:x:37:4:Network Admin:/usr/net/nls: gdm:x:50:50:GDM Reserved UID:/: webservd:x:80:80:WebServer Reserved UID:/: postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh svctag:x:95:12:Service Tag UID:/: nobody:x:60001:60001:NFS Anonymous Access User:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: ramana:x:100:1::/export/home/ramana:/bin/sh teju:x:101:1::/export/home/teju:/bin/sh user1:x:102:1::/export/home/user1:/bin/sh ben:x:103:1::/home/ben:/bin/sh* you already have a unix ben and a ADS ben defined? Yes i defined the ben user in Unix and ADS...bcoz i don't have much knowledge about that sorry Hope u will help me Thanks Ben.T.George On Thu, Sep 30, 2010 at 3:59 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: disclaimer: I don't use Samba as an ADS member server. I use samba as PDC with trusts to an ADS domain. So my observations may not be valuid
[Samba] help with AD integration
HI my name ins Ben.T.George i am new to samba and active directory integration my machine ins Sun Slaris SPARC (solaris 10). the unix side samba and all deps are installed...from this link http://www.sunfreeware.com/programlistsparc10.html#samba now i want to sync samba with active directory.. so please help to for this.. please provide me the step by step for this.. now i am stuck with kerberos configuration. also please provide me the kerberos step by step configuration thanks Ben.T.George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba with AD help.
when i try to join the domain in UNIX (Sun Solaris 10 SPARC),i got error message like this bash-3.00# ./net ads -d3 join -U administra...@sre.com [2010/09/29 14:26:02, 3] param/loadparm.c:(5055) lp_load: refreshing parameters [2010/09/29 14:26:02, 3] param/loadparm.c:(1440) Initialising global parameters [2010/09/29 14:26:02, 3] param/params.c:(572) params.c:pm_process() - Processing configuration file /etc/sfw/smb.conf [2010/09/29 14:26:02, 3] param/loadparm.c:(3794) Processing section [global] [2010/09/29 14:26:02, 2] lib/interface.c:(81) added interface ip=192.168.1.11 bcast=192.168.1.255 nmask=255.255.255.0 Host is not configured as a member server. Invalid configuration. Exiting Failed to join domain: Invalid domain role [2010/09/29 14:26:02, 2] utils/net.c:(1075) return code = -1 please help me solve this thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with AD integration
HI Thanks for your reply..me using.2003 server.. when i give the command in unix wbinfo -u ,it shows all the users in AD and wbinfo -g shows the group.. after that? bcoz i am beginner with this.actually i am working in linux,and i got job on sun..so my manager gave this work to me only for me..:( so i don't know the correct procedures about the samba-AD synchronization.. so please help me with these,for further steps. also give me the gud tutorial for Centrify DirectControl Again thanks for your reply Ben.T.George On Wed, Sep 29, 2010 at 6:52 PM, Rob LaRose r...@imaginaryforces.comwrote: Hi Ben, Which version of AD are you using? We had no luck integrating Solaris Samba w/ AD 2008 last year, and were forced to use a third-party authentication product called Centrify DirectControl to facilitate. This may have changed by now — have you opened a support case with Oracle? --Rob * * * * *Rob LaRose systems administrator imaginary forces | 530 west 25th st | new york city | p 646.486.6868 | f 646.486.4700 | www.imaginaryforces.com * * * From: Ben George bentech4...@gmail.com Date: Wed, 29 Sep 2010 03:07:15 -0400 To: samba@lists.samba.org samba@lists.samba.org Subject: [Samba] help with AD integration HI my name ins Ben.T.George i am new to samba and active directory integration my machine ins Sun Slaris SPARC (solaris 10). the unix side samba and all deps are installed...from this link http://www.sunfreeware.com/programlistsparc10.html#samba now i want to sync samba with active directory.. so please help to for this.. please provide me the step by step for this.. now i am stuck with kerberos configuration. also please provide me the kerberos step by step configuration thanks Ben.T.George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure. If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail is strictly prohibited. Please notify us immediately of the error via e-mail to ifpostmaster postmas...@imaginaryforces.com and please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help with user permissions
Hi My Name is Ben.T.George i successfully installed samba and other all dependencies on my Solaris 10 (SPARC) machine. i stopped the default samba and swat and enabled these 2 from the installed location (/usr/local/samba/sbin) then i edited the smb.conf using swat.after that i got a smb.conf like this\ # Samba config file created using SWAT # from UNKNOWN (ÿ¿û ) # Date: 2010/09/28 16:30:12 [global] workgroup = GROUP hosts allow = 192.168.1. [user1] path = /export/home/user1 valid users = user1 [ramana] path = /export/home/ramana valid users = ramana [teju] path = /export/home/teju valid users = teju [user1] path = /export/home/user1 valid users = user1 after that i created these 3 user's and set password (smbpassword and normal password) then i added one windows xp machine to this same GROUP,i can view these shared folders there then my problem is when i access that particular shared folders,every time one folder opens,when i try to access other 2 ,it says not accessible after that i tried to create these same users on windows,i logged another user and tried,,then the folder permission changed still i can access another folder and other 2 are not accessible.. every time these changed according to the user. please help me to solve thesewithout giving valid users it works perfect for me please Thanks Ben.T.George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with user permissions
Thanks for your reply.. yea i also want that same thing..give permission to that listed users only.. but when i checked that 3 folders in windows pc.,,only one folder can accable without password and when i try to access the other 2 folder's,,it says that network not reachable..u don't have permission to access this network...like that... On Tue, Sep 28, 2010 at 8:58 PM, Dale Schroeder d...@briannassaladdressing.com wrote: Ben, If I understand you correctly, you are describing expected behavior. Using valid users means only the users listed can access that share. If you want all the users to have access, don't use valid users. Dale valid users (S) This is a list of users that should be allowed to login to this service. Names starting with '@', '+' and '' are interpreted using the same rules as described in the *invalid users* parameter. If this is empty (the default) then any user can login. If a username is in both this list and the *invalid users* list then access is denied for that user. The current servicename is substituted for *%S*. This is useful in the [homes] section. Default: *valid users = # No valid users list (anyone can login) * Example: *valid users = greg, @pcusers * On 09/28/2010 10:22 AM, Ben George wrote: Hi My Name is Ben.T.George i successfully installed samba and other all dependencies on my Solaris 10 (SPARC) machine. i stopped the default samba and swat and enabled these 2 from the installed location (/usr/local/samba/sbin) then i edited the smb.conf using swat.after that i got a smb.conf like this\ # Samba config file created using SWAT # from UNKNOWN (ÿ¿û ) # Date: 2010/09/28 16:30:12 [global] workgroup = GROUP hosts allow = 192.168.1. [user1] path = /export/home/user1 valid users = user1 [ramana] path = /export/home/ramana valid users = ramana [teju] path = /export/home/teju valid users = teju [user1] path = /export/home/user1 valid users = user1 after that i created these 3 user's and set password (smbpassword and normal password) then i added one windows xp machine to this same GROUP,i can view these shared folders there then my problem is when i access that particular shared folders,every time one folder opens,when i try to access other 2 ,it says not accessible after that i tried to create these same users on windows,i logged another user and tried,,then the folder permission changed still i can access another folder and other 2 are not accessible.. every time these changed according to the user. please help me to solve thesewithout giving valid users it works perfect for me please Thanks Ben.T.George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] possible to use samba without unix accounts for each user?
We use samba as a domain controller and file server for small separate network environments. We've currently got samba configured to get posixAccount and sambaAccount information from ldap -- and have nss_ldap configured to feed the same posixaccount objects into the posix user account apis via nsswitch.conf (getpwent etc...). In our environments we seem to regularly run into problems which result from having the unix accounts populated with information from ldap. Here are some observations: 1. if ldap server(s) become unavailable all getpwent lookups experience long timeouts (default nss_ldap behavior) -- there are a number of gotchas resulting from this -- including having to be careful that nothing which does a passwd lookup starts before the ldap server on the server that's running the ldap server ... 2. for security reasons we don't want our samba users to be able to get a login shell on our server so we have to implement server access controls to prevent this it seems it would be simpler for us if there was some way to get samba to work without requiring local unix accounts for each samba user ... Is there anyway to get samba to to use ldap for passwd data without simultaneously modifying the system-wide settings? I don't care if samba file operations result in files owned by uid's which don't correspond to system-wide logins ... I think it would be sufficient if there was some way to point the getpwent() call from samba to a different nsswitch.conf file than the api uses when called from everywhere else? Thanks for any advice, Ben Cohen Programmer/Analyst (STS) Scripps Institution of Oceanography nco...@ucsd.edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] USERMGR 'A device attached to the system is not functioning'
Hey everyone, I've got a Samba server running with an LDAP backend, and for the most part it works great. The only issue I'm having is that when I attempt to use USERMGR.exe on the windows side I get this (typical Microsoft) error: A device attached to the system is not functioning I'm running Samba 3.4.5, and OpenLDAP 2.4.21 on FreeBSD 8.0 Here's the relevant config files: smb.conf - http://pastebin.com/VSUXFDst slapd.conf - http://pastebin.com/u8b0Hw8U Any help would be great! Let me know if any further information about the configuration would help. - Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS mount not applying setuids
hydr...@bran ~ $ cat /proc/config.gz |gunzip|grep -i cifs CONFIG_CIFS=m # CONFIG_CIFS_STATS is not set # CONFIG_CIFS_WEAK_PW_HASH is not set # CONFIG_CIFS_UPCALL is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y # CONFIG_CIFS_DEBUG2 is not set # CONFIG_CIFS_EXPERIMENTAL is not set François Legal wrote: UNIX extension wouldn't be available if they're not built-in the kernel or as a module (I never used it in the modular form). However (that may not apply well in your case), you could use pam_mount to do the mounting with the correct user credentials. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Very slow transfers to Samba on Ubuntu
What type of file processors are you running along with samba?. Are you running the virus checking plugin or VFS(recycle bin)? Virus checking is very cpu and disk I/O intensive these can really slow down a samba server. I can't expect VFS is all that cheap either when moving big files. Raghu A wrote: I mounted a samba volume on XP. XP and Ubuntu are connected over 100Mbps ethernet (router). I am writing a 4GB file from XP to Ubuntu and the transfer is extremely slow : only around 1-1.5 MB/s. This is not a network or disk issue since at the same time this transfer is gonig on, I can scp the same file from XP to Ubuntu at 3-4 times faster (around 6MB/s). What could be wrong? Even for this slow transfer, smbd seems to be taking quite a bit CPU (more than sshd for the transfer rate -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS mount not applying setuids
That's not a the problem. I know the extensions are compiled in and running on the client machine. I can see the ACLs over the cifs mount from the client machine. It only becomes an issue when I try to write files over the cifs mount. At that point it writes the wrong uid/gid/perms. It even overwrites with the wrong permissions on an existing file with the correct permissions. I even tried loading the cifs modules on the server, but that made no difference. François Legal wrote: UNIX extension wouldn't be available if they're not built-in the kernel or as a module (I never used it in the modular form). However (that may not apply well in your case), you could use pam_mount to do the mounting with the correct user credentials. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] CIFS mount not applying setuids
Hello all,
I've been dealing with this problem for years now and I am a bit fed
up with it. Maybe some of you all can shed some light on the situation.
I am having problems with my samba server setting the
uid/gid/permissions incorrectly when a file is written to the server
filesystem over cifs. I currently use the account remotemounter for
mounting samba shares. Even with the 'setuids' options set, it still
defaults back to writing files as the remotemounter's default
user:group:umask settings. I know that samba will rollback to standard
UID/GID of the mounting username if CIFS Unix Extensions are
unavailable. I don't know why CIFS Unix Extensions wouldn't be
available. Anybody have any ideas?
---Client mount command ---
hydr...@bran ~ $ sudo mount -vv /mnt/Multimedia/
parsing options:
rw,credentials=/etc/samba/cred-remotemounter,setuids,acl,noperms
mount.cifs kernel mount options
unc=//brigid.tygerclan.local\multimedia,ip=192.168.1.4,user=remotemounter,pass={mypassword},ver=1,rw,credentials=/etc/samba/cred-remotemounter,setuids,acl,noperms
Client: Gentoo Linux
net-fs/mount-cifs-3.0.30
net-fs/samba-3.0.33
--
--- Server Config
[global]
dos charset = CP850
unix charset = UTF-8
display charset = LOCALE
workgroup = TYGERCLAN
realm =
netbios name = BRIGID
netbios aliases =
netbios scope =
server string = brigid.tygerclan.net
interfaces =
bind interfaces only = No
security = USER
auth methods =
encrypt passwords = Yes
update encrypted = No
client schannel = Auto
server schannel = Auto
allow trusted domains = Yes
map to guest = Bad User
null passwords = No
obey pam restrictions = No
password server = *
smb passwd file = /etc/samba/smbpasswd
private dir = /etc/samba
passdb backend = ldapsam:ldap://ldap-slave.tygerclan.local
algorithmic rid base = 1000
root directory =
guest account = nobody
enable privileges = Yes
pam password change = No
passwd program =
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
passwd chat timeout = 2
check password script =
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = 0
lanman auth = No
ntlm auth = Yes
client NTLMv2 auth = No
client lanman auth = Yes
client plaintext auth = No
preload modules =
use kerberos keytab = No
log level = 0
syslog = 1
syslog only = No
log file = /var/log/samba/log.%m
max log size = 50
debug timestamp = Yes
debug prefix timestamp = No
debug hires timestamp = No
debug pid = No
debug uid = No
enable core files = Yes
smb ports = 445 139
large readwrite = Yes
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
disable netbios = No
reset on zero vc = No
acl compatibility = auto
defer sharing violations = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 16644
name resolve order = lmhosts wins host bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = Yes
use spnego = Yes
client signing = auto
server signing = No
client use spnego = Yes
enable asu support = No
svcctl list =
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 30
max smbd processes = 0
paranoid server security = Yes
max disk size = 0
max open files = 1
open files database hash size = 10007
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
use mmap = Yes
hostname lookups = No
name cache timeout = 660
load printers = Yes
printcap cache time = 750
printcap name = cups
cups server =
iprint server =
disable spoolss = No
addport command =
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
mangling method = hash2
mangle prefix = 1
max stat cache size = 1024
stat cache = Yes
machine password timeout = 604800
add user script = /usr/sbin/smbldap-useradd '%u'
rename user script =
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd '%g'
[Samba] sys_get_vfs_quota
i am getting the following im my logs at the same time when a client disconnects and reports network name not available error. sys_get_vfs_quota() failed for mntpath[] bdev[/dev/gpfs] qtype[*] id[*]: No such device Also can someone tell me what (numopen=3) mean? On my samba server which are managed by ctdb, when ever numopen goes above 2, the ove error message is reported. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: Fw: [Samba] specified network path no longer available
No joy upto now. Is there anything buggy in latest version of sofs-1.5.2? i.e samba-3.2.7-ctdb.54 --- On Fri, 6/2/09, Ben Chitambira bennychitamb...@yahoo.com wrote: From: Ben Chitambira bennychitamb...@yahoo.com Subject: Fw: [Samba] specified network path no longer available To: samba@lists.samba.org Date: Friday, 6 February, 2009, 5:34 PM Following the problem below, I wanted to add that my users are accessing the samba shares using a single name \\Smb_Srv\share1 (which is set as the netbios name in smb.conf of all the nodes). Smb_Srv is set up in dns round robin load balancing to point to the ip addresses of the three nodes. I have just realised that if you make Smb_Srv point to only one fixed ip address, the clients don not get the error msg, although performance sucks. This is giving me another awkward idea: that the something is causing the clients to query the dns entry for Smb_Srv (more often and in the middle of the write) and when this happens, and the DNS returns another different IP (due to round robin), the client makes a new connection on this specific node, and closes the connection to the previos node, hence the error specified network path bla bla.. If this really an issue for clustered samba or I am describing a false scenario? Does inreasing DNS TTL for Smb_Srv or these specific nodes help? Why do the windows clients have to query the dns within such a short space of time Thanks --- On Thu, 5/2/09, Ben Chitambira bennychitamb...@yahoo.com wrote: From: Ben Chitambira bennychitamb...@yahoo.com Subject: [Samba] specified network path no longer available To: samba@lists.samba.org Date: Thursday, 5 February, 2009, 3:40 PM I am having the network path no longer available issue and below is the log for the XP client concerned. This happens when copying a file from XP to the samba share. This is Centos 5, Sofs 1.5.2. with 3 nodes serving smb,nfs and ftp. domain controller is a separate linux samba pdc. auth is ldap. SO_RCVBUF and SO_SNDBUF both are 8192 with TCP_NODELAY. First technical consience tells me to set smb ports = 445 But the write_data failures are baffling. I am also considering increasing SO_RCVBUF and SNDBUFF How best can I address this? I believe I have the most recent/up to date software. This is affecting my users in production, so severity is critical. Thanks for help in advance. /var/log/samba/computer1.log [2009/02/05 12:05:29, 0] modules/vfs_tsmsm.c:tsmsm_is_offline(209) Stale DMAPI session, re-creating it. [2009/02/05 12:05:30, 1] smbd/service.c:close_cnum(1405) ls20094 (:::10.31.6.30) closed connection to service share1 [2009/02/05 12:05:32, 1] smbd/service.c:make_connection_snum(1194) ls20094 (:::10.31.6.30) connect to service lmf initially as user bchitambira (uid=9426, gid=1010) (pid 31919) [2009/02/05 12:05:32, 1] smbd/service.c:close_cnum(1405) ls20094 (:::10.31.6.30) closed connection to service share1 [2009/02/05 12:23:53, 0] lib/util_sock.c:write_data(1136) [2009/02/05 12:23:53, 0] lib/util_sock.c:get_peer_addr_internal(1676) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2009/02/05 12:23:53, 0] smbd/process.c:srv_send_smb(74) Error writing 4 bytes to client. -1. (Transport endpoint is not connected) [2009/02/05 12:24:04, 0] lib/util_sock.c:write_data(1136) [2009/02/05 12:24:04, 0] lib/util_sock.c:get_peer_addr_internal(1676) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2009/02/05 12:24:04, 0] smbd/process.c:srv_send_smb(74) Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Benny Chitambira *nixAdmin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind group mapping problem
Linux Addict wrote: Once for all, go ahead with rid and keep the smb.conf consistent across OR use rfc2307. RID is easier to manage. Thanks very much for the advice Dale Linux Addict. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Cannot Delete Files on my Samba network on Windows PCs
Good Morning, I was wondering if you could help me out or point me in the right direction. I'm using Samba 2.2.8 and for some reason I Cannot delete files on my Samba network drive from Windows PCs. If I log into my HP VMS system I can delete from there though. Also whenever I try and save a file from a Windows PC on my Samba network drive it creates another file, then inturn I have to log into my VMS and delete since I can't on my Windows PCs. .I have also checked the permissions before and made sure the network drive was RWED that didn't work either. I would really appreciate any assistance you can give me. Thank You Ben PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Cannot Delete Files on my Samba network on Windows PCs
Good Afternoon, I was wondering if you could help me out or point me in the right direction. For some reason I Cannot delete files on my Samba network on Windows PCs. If I log into my VMS system I can delete from there though. Also whenever I try and save a file from a Windows PC on my Samba network drive it creates another file, that inturn I have to log into my VMS and delete since I can't on my Windows PCs. I would really appreciate any assistance you can give me. Thank You Ben PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Re: [Samba] Winbind group mapping problem
Dale Schroeder wrote: Which winbind idmap backend are you using? The default tdb backend generates id's randomly (which appears to be your case), meaning you will have to do a lot of chown commands on box B. For consistent mappings, use something like idmap_rid. http://us6.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2598850 Thanks very much Dale, I was using the tdb backend. I read the docs but I'm not clear on whether the configuration can simply be retrofitted to both servers or whether changes to the data itself will be needed. I did make a quick test but aside from ownerships showing as 'user' rather than 'DOMAIN\user' nothing changed in respect of missing UIDs/GIDs. BTW the ultimate aim of was is to validate a server that will actually replace a single ADS domain member. This being the case I suppose I could back up the relevant tdb files, do a leave on the existing server, join the new one and copy the tdbs into place? Still, if I can use idmap_rid without undue hassle it's clearly a better solution. Best, Ben. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Winbind group mapping problem
Hello all, I have 2 boxes with identical smb.conf files apart from the netbios name. The contents of the shares have been copied from one to the other preserving the UNIX UIDs/GIDs and both boxes join to the AD domain without problems. The domain sid is the same on both machines. However, something isn't right with the group mapping: Box A (shows the correct AD groups with ls -l) //u...@host//:~$ getent group 10012 OURDOMAIN\domain users:*:10012: Box B (show mostly UIDs/GIDs with ls -l) //u...@host//:~$ getent group 10004 OURDOMAIN\domain users:*:10004: Can anyone give me a clue as to where to start looking to debug this? Many thanks in advance. Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Fw: [Samba] specified network path no longer available
Following the problem below, I wanted to add that my users are accessing the samba shares using a single name \\Smb_Srv\share1 (which is set as the netbios name in smb.conf of all the nodes). Smb_Srv is set up in dns round robin load balancing to point to the ip addresses of the three nodes. I have just realised that if you make Smb_Srv point to only one fixed ip address, the clients don not get the error msg, although performance sucks. This is giving me another awkward idea: that the something is causing the clients to query the dns entry for Smb_Srv (more often and in the middle of the write) and when this happens, and the DNS returns another different IP (due to round robin), the client makes a new connection on this specific node, and closes the connection to the previos node, hence the error specified network path bla bla.. If this really an issue for clustered samba or I am describing a false scenario? Does inreasing DNS TTL for Smb_Srv or these specific nodes help? Why do the windows clients have to query the dns within such a short space of time Thanks --- On Thu, 5/2/09, Ben Chitambira bennychitamb...@yahoo.com wrote: From: Ben Chitambira bennychitamb...@yahoo.com Subject: [Samba] specified network path no longer available To: samba@lists.samba.org Date: Thursday, 5 February, 2009, 3:40 PM I am having the network path no longer available issue and below is the log for the XP client concerned. This happens when copying a file from XP to the samba share. This is Centos 5, Sofs 1.5.2. with 3 nodes serving smb,nfs and ftp. domain controller is a separate linux samba pdc. auth is ldap. SO_RCVBUF and SO_SNDBUF both are 8192 with TCP_NODELAY. First technical consience tells me to set smb ports = 445 But the write_data failures are baffling. I am also considering increasing SO_RCVBUF and SNDBUFF How best can I address this? I believe I have the most recent/up to date software. This is affecting my users in production, so severity is critical. Thanks for help in advance. /var/log/samba/computer1.log [2009/02/05 12:05:29, 0] modules/vfs_tsmsm.c:tsmsm_is_offline(209) Stale DMAPI session, re-creating it. [2009/02/05 12:05:30, 1] smbd/service.c:close_cnum(1405) ls20094 (:::10.31.6.30) closed connection to service share1 [2009/02/05 12:05:32, 1] smbd/service.c:make_connection_snum(1194) ls20094 (:::10.31.6.30) connect to service lmf initially as user bchitambira (uid=9426, gid=1010) (pid 31919) [2009/02/05 12:05:32, 1] smbd/service.c:close_cnum(1405) ls20094 (:::10.31.6.30) closed connection to service share1 [2009/02/05 12:23:53, 0] lib/util_sock.c:write_data(1136) [2009/02/05 12:23:53, 0] lib/util_sock.c:get_peer_addr_internal(1676) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2009/02/05 12:23:53, 0] smbd/process.c:srv_send_smb(74) Error writing 4 bytes to client. -1. (Transport endpoint is not connected) [2009/02/05 12:24:04, 0] lib/util_sock.c:write_data(1136) [2009/02/05 12:24:04, 0] lib/util_sock.c:get_peer_addr_internal(1676) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2009/02/05 12:24:04, 0] smbd/process.c:srv_send_smb(74) Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Benny Chitambira *nixAdmin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] specified network path no longer available
I am having the network path no longer available issue and below is the log for the XP client concerned. This happens when copying a file from XP to the samba share. This is Centos 5, Sofs 1.5.2. with 3 nodes serving smb,nfs and ftp. domain controller is a separate linux samba pdc. auth is ldap. SO_RCVBUF and SO_SNDBUF both are 8192 with TCP_NODELAY. First technical consience tells me to set smb ports = 445 But the write_data failures are baffling. I am also considering increasing SO_RCVBUF and SNDBUFF How best can I address this? I believe I have the most recent/up to date software. This is affecting my users in production, so severity is critical. Thanks for help in advance. /var/log/samba/computer1.log [2009/02/05 12:05:29, 0] modules/vfs_tsmsm.c:tsmsm_is_offline(209) Stale DMAPI session, re-creating it. [2009/02/05 12:05:30, 1] smbd/service.c:close_cnum(1405) ls20094 (:::10.31.6.30) closed connection to service share1 [2009/02/05 12:05:32, 1] smbd/service.c:make_connection_snum(1194) ls20094 (:::10.31.6.30) connect to service lmf initially as user bchitambira (uid=9426, gid=1010) (pid 31919) [2009/02/05 12:05:32, 1] smbd/service.c:close_cnum(1405) ls20094 (:::10.31.6.30) closed connection to service share1 [2009/02/05 12:23:53, 0] lib/util_sock.c:write_data(1136) [2009/02/05 12:23:53, 0] lib/util_sock.c:get_peer_addr_internal(1676) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2009/02/05 12:23:53, 0] smbd/process.c:srv_send_smb(74) Error writing 4 bytes to client. -1. (Transport endpoint is not connected) [2009/02/05 12:24:04, 0] lib/util_sock.c:write_data(1136) [2009/02/05 12:24:04, 0] lib/util_sock.c:get_peer_addr_internal(1676) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2009/02/05 12:24:04, 0] smbd/process.c:srv_send_smb(74) Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Benny Chitambira *nixAdmin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: {Disarmed} Re: [Samba] Update: Winbind+nss working on one centOS 5.2 box but not another
Thanks Kums - I should have been clearer - the non-verbose testparm output (which doesn't show the netbios name) diffs out perfectly. The netbios names are in fact set differently and the join happens without errors. testparm -v Kums wrote: Make sure to have different Netbios Name, else only one box will be able to successfully join to AD + export Samba shares. Cheers, -Kums On Fri, Jan 23, 2009 at 1:18 AM, Ben Tisdall b...@redcircleit.com mailto:b...@redcircleit.com wrote: tim clusters wrote: What is your id backend? AD or RID? Can you post your smb.conf? Hi Tim thanks for replying. This is very minimal smb.conf - the history is that it was copied verbatim from a Guardian snap appliance worked perfectly well on 'Box A'. workgroup = OURDOMAIN security = ads server string = Samba Server Version %v netbios name = testukmcsstor1 realm = OURDOMAIN.PRIV idmap uid = 1-2 idmap gid = 1-2 ;interfaces = lo eth0 *MailScanner warning: numerical links are often malicious:* 192.168.12.2/24 http://192.168.12.2/24 *MailScanner warning: numerical links are often malicious:* 192.168.13.2/24 http://192.168.13.2/24 ;hosts allow = 127. 10 # logs split per machine log file = /var/log/samba/log.%m # max 50KB per log file, then rotate max log size = 50 preferred master = no wins support = yes ; wins server = w.x.y.z ; wins proxy = yes ; dns proxy = yes load printers = yes cups options = raw ; map archive = no ; map hidden = no ; map read only = no ; map system = no ; store dos attributes = yes Include = /etc/samba/shares.conf NB: I can testparm the conf from both boxes the output diffs perfectly. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- This message has been scanned for viruses and dangerous content by *MailScanner* http://www.mailscanner.info/, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Update: Winbind+nss working on one centOS 5.2 box but not another
tim clusters wrote: What is your id backend? AD or RID? Can you post your smb.conf? Hi Tim thanks for replying. This is very minimal smb.conf - the history is that it was copied verbatim from a Guardian snap appliance worked perfectly well on 'Box A'. workgroup = OURDOMAIN security = ads server string = Samba Server Version %v netbios name = testukmcsstor1 realm = OURDOMAIN.PRIV idmap uid = 1-2 idmap gid = 1-2 ;interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 ;hosts allow = 127. 10 # logs split per machine log file = /var/log/samba/log.%m # max 50KB per log file, then rotate max log size = 50 preferred master = no wins support = yes ; wins server = w.x.y.z ; wins proxy = yes ; dns proxy = yes load printers = yes cups options = raw ; map archive = no ; map hidden = no ; map read only = no ; map system = no ; store dos attributes = yes Include = /etc/samba/shares.conf NB: I can testparm the conf from both boxes the output diffs perfectly. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind+nss working on one centOS 5.2 box but not another
Hi all,
I have an odd situation on my hands:
* Two CentOS 5.2 boxes both joined to an AD domain.
* Same samba version (3.0.28-1.el5_2.1) smb.conf, only the netbios names
differ
* Can enumerate users and groups using winbind -{u,g} on both.
* nss doesn't enumerate users groups on one (same lib versions, same
conf file).
//ben...@testukmcsstor1//:~$ rpm -qa | grep nss-
nss-tools-3.12.2.0-2.el5.centos
nss-3.12.2.0-2.el5.centos
pkinit-nss-0.7.3-1.el5
nss-3.12.2.0-2.el5.centos
Looks like this may be more of a libnss problem than a samba one, but
can anyone suggest how I can start to troubleshoot?
Thanks in advance,
Ben Tisdall
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Update: Winbind+nss working on one centOS 5.2 box but not another
Something is not right with the group mapping, but I am unsure what.
getent returns different a primary GID for a given user on each box and
the group mapping differs in each case:
Box A:
//u...@host//:~$ getent group 10012
OURDOMAIN\domain users:*:10012:
Box B:
//u...@host//:~$ getent group 10004
OURDOMAIN\domain users:*:10004:
When I do a long file listing winbindd is printing stuff like this:
[14855]: getpwuid 10082
Added timed event async_request_timeout: 2ae2266d45b0
child daemon request 51
timed_events_timeout: 299/87
process_request: request fn DUAL_UID2SID
[14254]: uid to sid 10082
uid = [10082]
Cache entry with key = IDMAP/UID/10082 couldn't be found
Query backends to map ids-sids
Query sids from domain OURDOMAIN
Fetching record UID 10082
Record UID 10082 not found
Query sids from domain SAMBASERVER
pdb_default_uid_to_rid: host has no idea of uid 10082
Storing response for pid 14257, len 3240
Destroying timed event 2ae2266d45b0 async_request_timeout
Retrieving response for pid 14257
uid2sid_recv: uid 10082 has sid S-1-22-1-10082
Could not find domain for sid S-1-22-1-10082
Ben Tisdall wrote:
Hi all,
I have an odd situation on my hands:
* Two CentOS 5.2 boxes both joined to an AD domain.
* Same samba version (3.0.28-1.el5_2.1) smb.conf, only the netbios names
differ
* Can enumerate users and groups using winbind -{u,g} on both.
* nss doesn't enumerate users groups on one (same lib versions, same
conf file).
//ben...@testukmcsstor1//:~$ rpm -qa | grep nss-
nss-tools-3.12.2.0-2.el5.centos
nss-3.12.2.0-2.el5.centos
pkinit-nss-0.7.3-1.el5
nss-3.12.2.0-2.el5.centos
Looks like this may be more of a libnss problem than a samba one, but
can anyone suggest how I can start to troubleshoot?
Thanks in advance,
Ben Tisdall
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Konica Printer: Scan to File (Samba SMB share) fails
Greetings! * Patrick Ben Koetter [EMAIL PROTECTED]: Yes it is the full log and yes it's weird. Excuse my ignorance, the log level setting is a copy and paste setting: log level = 3 passdb:5 auth:10 winbind:2 What should in- or decrease to get more usefull logging? Just ignore those different levels. Just log level = 10... Here's debug output at level 10: http://www.state-of-mind.de/log.smbd.txt I restarted the smb server and left the output in the log as it may be helpful. Does anybody have an idea, why the Konica Scanner (see: log link above) fails to write to the [scanner] share? Thanks, [EMAIL PROTECTED] -- state of mind Agentur für Kommunikation, Design und Softwareentwicklung Patrick KoetterTel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de Amtsgericht MünchenPartnerschaftsregister PR 563 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Konica Printer: Scan to File (Samba SMB share) fails
* Volker Lendecke [EMAIL PROTECTED]: On Fri, Nov 28, 2008 at 10:42:21PM +0100, Patrick Ben Koetter wrote: Yes it is the full log and yes it's weird. Excuse my ignorance, the log level setting is a copy and paste setting: log level = 3 passdb:5 auth:10 winbind:2 What should in- or decrease to get more usefull logging? Just ignore those different levels. Just log level = 10... Here's debug output at level 10: http://www.state-of-mind.de/log.smbd.txt I restarted the smb server and left the output in the log as it may be helpful. [EMAIL PROTECTED] -- state of mind Agentur für Kommunikation, Design und Softwareentwicklung Patrick KoetterTel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de Amtsgericht MünchenPartnerschaftsregister PR 563 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Konica Printer: Scan to File (Samba SMB share) fails
I am trying to let a Konica-Minolta Copy-Scanner-Printer store scanned stuff to a file. It works at once, if I let it send the file to a SMB share provided by a W2K workstation that is part of a (Samba) domain. It doesn't work, if I want it to store the messages on a share provided by the Samba server. So far I have verified that the user the scanner runs under is allowed to mount the share and write to it and this marks my wits end. I have log, but I can't interpret it really well. As far as I can tell the client connects, authenticates and then disconnects without giving any reason. If anyone took a look at the log and tell me they are seeing more I'd be helped a lot. Here's the log: http://www.state-of-mind.de/smb.log.txt TIA, [EMAIL PROTECTED] -- state of mind Agentur für Kommunikation, Design und Softwareentwicklung Patrick KoetterTel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de Amtsgericht MünchenPartnerschaftsregister PR 563 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Konica Printer: Scan to File (Samba SMB share) fails
* Volker Lendecke [EMAIL PROTECTED]: On Fri, Nov 28, 2008 at 09:24:36PM +0100, Patrick Ben Koetter wrote: I am trying to let a Konica-Minolta Copy-Scanner-Printer store scanned stuff to a file. It works at once, if I let it send the file to a SMB share provided by a W2K workstation that is part of a (Samba) domain. It doesn't work, if I want it to store the messages on a share provided by the Samba server. So far I have verified that the user the scanner runs under is allowed to mount the share and write to it and this marks my wits end. I have log, but I can't interpret it really well. As far as I can tell the client connects, authenticates and then disconnects without giving any reason. If anyone took a look at the log and tell me they are seeing more I'd be helped a lot. Here's the log: http://www.state-of-mind.de/smb.log.txt That log looks very weird. Some messages appear to be debug level 10 messages, but if it was, there are lots of lines missing. Are you sure you really got the correct, full log? Yes it is the full log and yes it's weird. Excuse my ignorance, the log level setting is a copy and paste setting: log level = 3 passdb:5 auth:10 winbind:2 What should in- or decrease to get more usefull logging? [EMAIL PROTECTED] -- state of mind Agentur für Kommunikation, Design und Softwareentwicklung Patrick KoetterTel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de Amtsgericht MünchenPartnerschaftsregister PR 563 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Konica Printer: Scan to File (Samba SMB share) fails
* Volker Lendecke [EMAIL PROTECTED]: On Fri, Nov 28, 2008 at 10:42:21PM +0100, Patrick Ben Koetter wrote: Yes it is the full log and yes it's weird. Excuse my ignorance, the log level setting is a copy and paste setting: log level = 3 passdb:5 auth:10 winbind:2 What should in- or decrease to get more usefull logging? Just ignore those different levels. Just log level = 10... Okay. I'll get some of that tomorrow. Nobody there to operate the scanner anymore. ;) Thanks, [EMAIL PROTECTED] -- state of mind Agentur für Kommunikation, Design und Softwareentwicklung Patrick KoetterTel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de Amtsgericht MünchenPartnerschaftsregister PR 563 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC announces two netbios names?
I've configured a Samba server based on Ubuntu packages. It uses LDAP as backend. The server announces itself using two netbios (?) names - OFFICE and SERVER. Originally I had planned to use OFFICE. Then I switched to SERVER. I've looked at the config files and search for any occurences of OFFICE, but I can't find any. Any ideas where I should look or what I should do? Thanks, [EMAIL PROTECTED] Here's some debug information: $ hostname server $ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=8.04 DISTRIB_CODENAME=hardy DISTRIB_DESCRIPTION=Ubuntu 8.04.1 $ sudo grep -i office /etc/samba/* [EMAIL PROTECTED]:samba$ $ cat /etc/resolv.conf search office.jojo-wassersport.de nameserver 127.0.0.1 $ dig @localhost office.office.jojo-wassersport.de [EMAIL PROTECTED]:samba$ $ testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [netlogon] Processing section [Profiles] Processing section [printers] Processing section [print$] Processing section [Files] Processing section [Training] Processing section [Training-Development] Processing section [Fotos] Processing section [PDF-Ausgabe] Loaded services file OK. WARNING: You have some share names that are longer than 12 characters. These may not be accessible to some older clients. (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.) Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = JOJO server string = %h server (Samba, Ubuntu) interfaces = 127.0.0.0/8, eth0 map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://localhost pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . log level = 3 passdb:5 auth:10 winbind:2 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 server signing = auto printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon script = logon.bat logon path = \\server\Profiles\%U logon drive = H: logon home = \\server\%U domain logons = Yes os level = 35 domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,o=JOJO Wassersport,c=de ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = o=JOJO Wassersport,c=de ldap ssl = no ldap user suffix = ou=Users usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d [homes] comment = Eigene Dateien valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /srv/samba/netlogon admin users = root guest ok = Yes browseable = No [Profiles] comment = Roaming Profile Share path = /srv/samba/profiles read only = No profile acls = Yes browseable = No [printers] comment = All Printers path = /var/spool/samba valid users = root, @Staff admin users = root write list = root, @Staff, @Trainer read only = No create mask = 0600 guest ok = Yes printable = Yes use client driver = Yes browseable = No [print$] comment = Printer Drivers Share path = /var/lib/samba/printers valid users = root, @Staff admin users = root, @Staff write list = @Staff, @Trainer create mask = 0664 directory mask = 0775 [Files] comment = Nutzdaten path = /srv/fileserver/files admin users = root, rolandr write list = @staff force group = Staff create mask = 0640 directory mask = 0770 [Training] comment = Unterrichtsmaterial path = /srv/fileserver/training admin users = root, rolandr read list = @trainer write list = @staff force group = Trainer create mask = 0660 directory mask = 0770 [Training-Development] comment = Unterrichtsmaterial in Entwicklung path = /srv/fileserver/training_developement admin users = root, rolandr write list =
Re: [Samba] PDC announces two netbios names?
Hi Volker! Thanks for taking the time to answer. The double entry was gone when I took a look at it a few minutes ago. I guess it was expired from browse.dat in the meantime. Thanks for the help! [EMAIL PROTECTED] * Volker Lendecke [EMAIL PROTECTED]: Hi, Patrick! On Mon, Oct 27, 2008 at 03:26:39PM +0100, Patrick Ben Koetter wrote: I've configured a Samba server based on Ubuntu packages. It uses LDAP as backend. The server announces itself using two netbios (?) names - OFFICE and SERVER. Originally I had planned to use OFFICE. Then I switched to SERVER. It should not announce both. Try 'nmblookup -A 127.0.0.1' and see what comes back. If it's in the browsing list that you see both, you might either just wait until it's timed out, or shutdown nmbd, delete the file browse.dat and restart nmbd. Then it should be gone. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- state of mind Agentur für Kommunikation, Design und Softwareentwicklung Patrick KoetterTel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de Amtsgericht MünchenPartnerschaftsregister PR 563 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT_STATUS_MEDIA_WRITE_PROTECTED
Shot in the dark, it's not app-armor related is it? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Help request from non-expert: mounting a samba drive with the right charset for accented filenames
Hi all, I hope someone might be able to offer me some advice. I have a NAS box, a QNAP TS-109 which runs a version of Debian Linux. It has a local ext3 drive, and I also smbmount a network drive on it (a Lacie ED mini which I have tried formatted as both ext3 and FAT32 without solving my problems). My problem is that I am unable to correctly rsync files with accented characters in the names between the two boxes, because I am unable to mount them both in a way in which the same such file appears to be named the same on both the local and the networked drive. For example, currently, no matter how I try to mount a file with an ä in the the name (that's an a with a two dot accent), it appears as two characters A☼ when I ls the local ext3 drive, and as a , when I ls the network drive. I have several difficulties in solving this problem. As I currently understand it, if I could use the same -o iocharset=whatever argument for mounting both drives, then it ought to work (though I'm not 100% on that assertion). However, I don't know what charset I can use which would work. Using, for example, -o iocharset=iso8859-1 to smbmount the network drive, the filenames appear exactly the same as with no iocharset argument. However, using -o iocharset=definitelydoesntexist also mounts the drive in the same way, and doesn't even produce an error (to stderr or dmesg). So how do I know what iocharset arguments are available, let alone which one is correct? The answer to that last question might be to find out how the local drive is mounted. The problem is, even though the output of a mount command includes the following line about the local disk in question: /dev/sda3 on /share/HDA_DATA type ext3 (rw,usrjquota=aquota.user,jqfmt=vfsv0,data=writeback,extents) as far as I can tell nothing there is related to the charset, and the fstab /etc/fstab file contains nothing at all related to that drive: # /etc/fstab: static file system information. # # file system mount pt type options dump pass /dev/ram / ext2 defaults 1 1 proc/proc proc defaults 0 0 none/dev/ptsdevpts gid=5,mode=620 0 0 So the drive is mounted in some other way than from /etc/fstab. But I don't know how to find out how. And as far as I understand, there is anyway no -o iocharset= option for the standard mount command for ext3? There is therefore only one way it can have been done, right? If so, how do I duplicate that with my smbmount command? Other information which may be relevant: The files with accents were created by windows. I have read that mount -t smbfs should be synonymous with smbmount. Well it isn't for me - I can't mount the network drive at all with the former command. Any help at all very much appreciated! Cheers, Ben -- Dr. Ben Kenward Department of Psychology, Uppsala University, Sweden +46 18 4712125 http://www.benkenward.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP: sambaDomainName added twice after boot
I've set up a Samba Server using OpenLDAP as backend. The sambaDomainName is JOJO. When I reboot (not upon restarting the samba services) a second sambaDomainName, SERVER, entry is added automatically. The hostname of the machine running the Samba services is server. This makes me think that there's 'some' connection between the hostname and setting an aditional sambaDomainName. I am by no means a Samba expert and I haven't experienced and problems yet, but a voice in my head says the second sambaDomainName entry shouldn't by there. Should it? If it shouldn't what would I need to do to stop this? [EMAIL PROTECTED] -- state of mind Agentur für Kommunikation, Design und Softwareentwicklung Patrick KoetterTel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de Amtsgericht MünchenPartnerschaftsregister PR 563 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ACL/Excel file issue
Hi, I've just upgraded an organisation from 3.0.23a to 3.0.25b on CentOS. Everything went fine excpet they're having an issue with Excel files going RO which perhaps is related to acls. $ ls foo.xls -r--rwxr--+ 1 mr.bogus staff 101376 Apr 8 12:59 08-04-04 foo.xls and getfacl gives: # owner: mr.bogus # group: staff user::r-- user:mr.test:rw- group::rw- mask::rwx other::r-- This is the testparm output with extraneous shares pruned out. It's the same conf as the old server. [global] workgroup = REDRESSTRUST netbios name = REDRESS3 interfaces = eth0, lo bind interfaces only = Yes passdb backend = ldapsam:ldap://127.10.0.1:1389 passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed* username map = /etc/samba/users.conf log level = 1 syslog = 0 name resolve order = wins bcast hosts time server = Yes printcap name = cups show add printer wizard = No add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = login.bat logon drive = P: domain logons = Yes preferred master = Yes wins support = Yes ldap admin dn = uid=admin,dc=redress,dc=org ldap delete dn = Yes ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=computers ldap passwd sync = Yes ldap suffix = dc=redress,dc=org ldap ssl = no ldap user suffix = ou=users printing = cups print command = lpq command = %p lprm command = hide files = /desktop.ini/ map archive = No include = /etc/samba/shares.conf [OrgData] comment = STAFF read/write, others read path = /space/data1/orgdata valid users = root, @staff read only = No create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 Thanks, -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind segfaulting
Hi, I am running Redhat RHEL 4, authentification is via kerberos against and AD server, usernames are supplied via ldap service running on another redhat box - winbind has been seg faulting repeating when accessing samba - always the same error message... see logs below - can anyone tell me whats going on? Mar 14 16:12:45 firefly winbindd[14752]: [2008/03/14 16:12:45, 0] lib/util.c:smb_panic(1654) Mar 14 16:12:45 firefly winbindd[14752]: PANIC (pid 14752): internal error Mar 14 16:12:45 firefly winbindd[14752]: [2008/03/14 16:12:45, 0] lib/util.c:log_stack_trace(1758) Mar 14 16:12:45 firefly winbindd[14752]: BACKTRACE: 17 stack frames: Mar 14 16:12:45 firefly winbindd[14752]:#0 winbindd(log_stack_trace+0x1a) [0x552ab813da] Mar 14 16:12:45 firefly winbindd[14752]:#1 winbindd(smb_panic+0x3b) [0x552ab814bb] Mar 14 16:12:45 firefly winbindd[14752]:#2 winbindd [0x552ab6f51f] Mar 14 16:12:45 firefly winbindd[14752]:#3 /lib64/tls/libc.so.6 [0x2a963fe2f0] Mar 14 16:12:45 firefly winbindd[14752]:#4 /lib64/tls/libc.so.6(strlen+0x30) [0x2a96440a30] Mar 14 16:12:45 firefly winbindd[14752]:#5 /lib64/tls/libc.so.6(__strdup+0x16) [0x2a96440776] Mar 14 16:12:45 firefly winbindd[14752]:#6 winbindd(smbldap_set_creds+0xc4) [0x552ac64374] Mar 14 16:12:45 firefly winbindd[14752]:#7 winbindd [0x552ac80f06] Mar 14 16:12:45 firefly winbindd[14752]:#8 winbindd [0x552ac8368d] Mar 14 16:12:45 firefly winbindd[14752]:#9 winbindd(idmap_init+0x36d) [0x552ac7bb3d] Mar 14 16:12:45 firefly winbindd[14752]:#10 winbindd(idmap_sids_to_unixids+0x2d) [0x552ac7dcfd] Mar 14 16:12:45 firefly winbindd[14752]:#11 winbindd(idmap_sid_to_uid+0x5e) [0x552ac80b1e] Mar 14 16:12:45 firefly winbindd[14752]:#12 winbindd(winbindd_getpwent+0x176) [0x552ab02b26] Mar 14 16:12:45 firefly winbindd[14752]:#13 winbindd [0x552ab00233] Mar 14 16:12:45 firefly winbindd[14752]:#14 winbindd(main+0x7bc) [0x552ab00ebc] Mar 14 16:12:45 firefly winbindd[14752]:#15 /lib64/tls/libc.so.6(__libc_start_main+0xdb) [0x2a963ec3fb] Mar 14 16:12:45 firefly winbindd[14752]:#16 winbindd [0x552aaff5aa] Mar 14 16:12:45 firefly winbindd[14752]: [2008/03/14 16:12:45, 0] lib/fault.c:dump_core(181) Mar 14 16:12:45 firefly winbindd[14752]: dumping core in /var/log/samba/cores/winbindd Mar 14 16:12:45 firefly winbindd[147 -- Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SMBMNT
Bonjour, J'ai lus un article sur smbmnt et j'ai cru comprendre que ce programme permet de monter le partage des dossiers uniquement sous linux. Est ce que vous pouvez m'éclairé sur ca ? Merci d'avance. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind and groups
Hello Friendly Samba People, I have a working samba install that allows my AD users access to files on my linux box. The linux box is configured via Winbind as a domain member and uses Winbind as the local NSS. I can successfully resolve both users and groups from the AD. Users are currently able to access the samba shares without trouble. I am running into trouble when trying to use groups defined in the AD as valid users or ACLs on the linux box. Smb.conf: [global] security = ADS realm = CORP.CALLGLOBALCOM.COM workgroup = CORP log file = /var/log/samba/%m log level = 2 #winbind / AD stuff winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind expand groups = 2 winbind nss info = rfc2307 winbind nested groups = Yes idmap uid range = 1000 - 3000 idmap gid range = 100 - 3000 idmap domains = CORP idmap config CORP:backend = ad idmap config CORP:default = yes idmap config CORP:readonly = yes [homes] [sysadmins] path = /tmp writeable = yes comment = Globalcom Sysadmins share valid users = @gc_sysadmins create mask = 0775 directory mask = 0775 # getent group gc_sysadmins gc_sysadmins:*:10001:bvaughan # getent passwd bvaughan bvaughan:*:1812:100:Ben Vaughan, IT Systems Overlord:/home/bvaughan:/bin/bash When trying to access the [sysadmins] share defined as above, samba logging says this: user 'CORP\bvaughan' (from session setup) not permitted to access this share (sysadmins) I see the disconnect, the CORP\bvaughan that samba sees here, vs the bvaughan seen in the group entry. Is there a way to make these two come together so the valid users= line works? I am running samba version 3.0.25b-1.el5_1.4 as provided by RedHat. Any help would be appreciated. Ben Ben Vaughan Globalcom IT Infrastructure Support Team [EMAIL PROTECTED] 312 673 4116 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind and groups
And the correct answer is... Using a valid users line that looks like this: Valid users = +DOMAIN\group Many thanks to irda on the #samba IRC channel. Ben Ben Vaughan Globalcom IT Infrastructure Support Team [EMAIL PROTECTED] 312 673 4116 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Vaughan Sent: Tuesday, December 11, 2007 10:30 AM To: samba@lists.samba.org Subject: [Samba] Winbind and groups Hello Friendly Samba People, I have a working samba install that allows my AD users access to files on my linux box. The linux box is configured via Winbind as a domain member and uses Winbind as the local NSS. I can successfully resolve both users and groups from the AD. Users are currently able to access the samba shares without trouble. I am running into trouble when trying to use groups defined in the AD as valid users or ACLs on the linux box. Smb.conf: [global] security = ADS realm = CORP.CALLGLOBALCOM.COM workgroup = CORP log file = /var/log/samba/%m log level = 2 #winbind / AD stuff winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind expand groups = 2 winbind nss info = rfc2307 winbind nested groups = Yes idmap uid range = 1000 - 3000 idmap gid range = 100 - 3000 idmap domains = CORP idmap config CORP:backend = ad idmap config CORP:default = yes idmap config CORP:readonly = yes [homes] [sysadmins] path = /tmp writeable = yes comment = Globalcom Sysadmins share valid users = @gc_sysadmins create mask = 0775 directory mask = 0775 # getent group gc_sysadmins gc_sysadmins:*:10001:bvaughan # getent passwd bvaughan bvaughan:*:1812:100:Ben Vaughan, IT Systems Overlord:/home/bvaughan:/bin/bash When trying to access the [sysadmins] share defined as above, samba logging says this: user 'CORP\bvaughan' (from session setup) not permitted to access this share (sysadmins) I see the disconnect, the CORP\bvaughan that samba sees here, vs the bvaughan seen in the group entry. Is there a way to make these two come together so the valid users= line works? I am running samba version 3.0.25b-1.el5_1.4 as provided by RedHat. Any help would be appreciated. Ben Ben Vaughan Globalcom IT Infrastructure Support Team [EMAIL PROTECTED] 312 673 4116 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Fileserver integrated into windows domain, pl us linux clients needed
Update: Each time we set up a new user on the system, passwords need changing on the AD and the samba server. Is there a way to set permissions for the samba from the AD so that we do not need to go through this rigmarole? (most problematic at the start of a new school year). I completed this part of my task - http://ubuntuforums.org/showthread.php?t=280702. It works perfectly for me. I am amazed that I did not find it earlier. My aim is to also have some linux (probably k/ubuntu) boxes that authenticate on the network using standard AD credentials. I have tried in vain to find a way to introduce a single point of authentication, I have looked at kerberos, winbind and LDAP. I consider myself a good network technician, but the introduction of linux into a domain has thrown me. Is there a an easy way to integrate a linux fileserver with a windows controlled domain with both linux and windows clients? I am probably going to go with a kerberos and winbind mechanism to get this working. Hold out guys - Anything is possible! Ben _ Feel like a local wherever you go. http://www.backofmyhand.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
=?windows-1256?Q?RE:_[Samba]__Fileserver_integrated_into_windows_domain, _?= plus linux clients needed
_ Feel like a local wherever you go. http://www.backofmyhand.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Fileserver integrated into windows domain, plus linux clients needed
This is a two part question regarding the setup of the samba server at my school. I am a student working as an IT tech and the support team is in dire need of help! We have: 1. a windows 2003 server for a PDC with a full active directory. 2. a fedora core samba fileserver 3. lots of windows XP workstations. My problem: Each time we set up a new user on the system, passwords need changing on the AD and the samba server. Is there a way to set permissions for the samba from the AD so that we do not need to go through this rigmarole? (most problematic at the start of a new school year). My aim is to also have some linux (probably k/ubuntu) boxes that authenticate on the network using standard AD credentials. I have tried in vain to find a way to introduce a single point of authentication, I have looked at kerberos, winbind and LDAP. I consider myself a good network technician, but the introduction of linux into a domain has thrown me. Is there a an easy way to integrate a linux fileserver with a windows controlled domain with both linux and windows clients? I have read through countless this is a way it could be done and even tested kerberos/winbind/samba installs without result. I feel there is a way forward buy my lack of knowledge of linux services is letting me down. Regards, Ben IT Tech Springfield School, Portsmouth, UK _ Feel like a local wherever you go. http://www.backofmyhand.com-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: smbd using 99.9% CPU with MS Office docs
Mark Nienberg wrote: Ben Tisdall wrote: I made a post a few weeks ago regarding this but was unable to find a solution. This is the situation: + I'm attempting to upgrade from samba 3.0.23a (Fedora core package 3.0.23a-1.fc4.1) to the latest version compiled from Samba source. Just a thought. Instead of compiling from source, have you tried downloading the fedora src file from samba.org and doing a rpmbuild --rebuild? That is the way I do it since it seems easier to me. The resulting rpm file is clever enough to move your samba files from redhat's locations (/var/cache/samba) to the default ones (/var/lib/samba). It will also tell you if you need additional packages installed in order to compile. That's a good thought - I'll probably do that, but I'd like to know why I'm having a problem compiling from source :-\ Cheers. -- Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbd using 99.9% CPU with MS Office docs
I made a post a few weeks ago regarding this but was unable to find a solution. This is the situation: + I'm attempting to upgrade from samba 3.0.23a (Fedora core package 3.0.23a-1.fc4.1) to the latest version compiled from Samba source. + When using the latest version (or 3.0.25b), Win clients can authenticate access shares fine, but attempting to open any kind of MS Office doc (not just word docs as I originally thought) causes the associated smbd process to leap to 99.5% CPU utilisation remain there. The effect of this on the production system is a DOS the smbd processes in question need a -KILL signal to terminate them. These are the compile options I'm using: ./configure \ --with-piddir=/var/run \ --with-logfilebase=/var/log/samba \ --with-quotas \ --with-smbmount \ --enable-cups \ --with-configdir=/usr/local/samba/etc \ This is my testparm output: http://www.redcircleit.com/public/misc/testparm.out.txt (The smb.conf is based on the one used by the Fedora pkg, although with the addition of msdfs root = yes as I understand this changed between the two versions. Inverting the value doesn't help). This is an strace: http://www.redcircleit.com/public/misc/smbd.strace.txt And this is a level 10 log (not recommended for slow connections): http://www.redcircleit.com/public/misc/smbd.debug.log.gz This problem is 100% reproducible so severe that clearly it's either something specific to the system in question or some silly error or omission on my part. Unfortunately I'm stuck as to what this might be any pointers to further debugging would be very much appreciated. -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] admin access to user home directories
Linux Guy wrote: I've user directorys set to: chmod 700 chown username:Domain Users Users can access stuff fine. However, I'd like the samba root user to be able to access these shares as well. How might I go about this? Example permissions drwx-- 2 jdomDomain Users 4096 2007-07-01 09:32 jdom/ [homes] comment = Home Directories valid users = %S,root -- read only = no create mask = 0600 directory mask = 0700 browseable = no The UNIX perms/ownerships can stay as they are. -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.25b: smbd 99% CPU utilisation with opened MS Word doc
Eric J. Feldhusen wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ben Tisdall wrote: Hi I'm trying to upgrade from Samba 3.0.23c on FC4 to 3.0.25b from Samba sources. Everything appears to function correctly until an MS word document is opened from a share - the file opens but the smbd process in question rockets to 99%+ CPU, stays there needs kill -9'ing to stop it. This happens reliably. We're running RHEL 4.x with the latest RHEL samba packages of 3.0.10.x.x, and we've seen something similar on a couple of servers, but it's a very rare occurrence. Would you be able to send me a document that you know triggers the problem, along with what version of MS Word you're using to open it? Thanks for the kind offer Eric, will get back to you after some more testing. -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with LDAP failover config
Andrew Bartlett wrote: I suspect it's a build error, due to The Fedora Core 4 buidl not correctly detecting the ldap_initialize() function. If that were not to be detected in the libs, then we would fallback to an internal function that doesn't handle multiple servers. Thanks for your input here Andrew: [EMAIL PROTECTED]:~$ smbd -b | grep LDAP HAVE_LDAP_H HAVE_LDAP HAVE_LDAP_ADD_RESULT_ENTRY HAVE_LDAP_DN2AD_CANONICAL HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SET_REBIND_PROC HAVE_LIBLDAP LDAP_SET_REBIND_PROC_ARGS -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.25b: smbd 99% CPU utilisation with opened MS Word doc
Hi I'm trying to upgrade from Samba 3.0.23c on FC4 to 3.0.25b from Samba sources. Everything appears to function correctly until an MS word document is opened from a share - the file opens but the smbd process in question rockets to 99%+ CPU, stays there needs kill -9'ing to stop it. This happens reliably. I have an appropriate strace a level 7 log but can't see anything obviously wrong would appreciate some guidance as to what to look for. In the meantime here's my testparm output - this is the same config that works fine on the previous version. Thanks! [global] workgroup = REDRESSTRUST netbios aliases = JERRY interfaces = eth0 passdb backend = ldapsam:ldap://192.168.0.3:1389 passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed* username map = /etc/samba/users.conf log level = 1 syslog = 0 name resolve order = wins bcast hosts time server = Yes printcap name = /etc/printers.conf show add printer wizard = No add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = login.bat logon drive = P: domain logons = Yes preferred master = Yes wins support = Yes ldap admin dn = uid=admin,dc=redress,dc=org ldap delete dn = Yes ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=computers ldap passwd sync = Yes ldap suffix = dc=redress,dc=org ldap ssl = no ldap user suffix = ou=users hide files = /desktop.ini/ map archive = No include = /etc/samba/shares.conf [homes] comment = Home Directories valid users = %S read only = No browseable = No [printers] comment = SMB Print Spool path = /var/spool/samba guest ok = Yes printable = Yes use client driver = Yes browseable = No [netlogon] comment = Network Logon Service path = /mnt/share/netlog valid users = root, @users write list = root [itadmin] path = /mnt/share/redressdata/itadmin valid users = root, x read only = No create mask = 00 force create mode = 0660 directory mask = 00 force directory mode = 0770 [Quickbooks] comment = FINANCE read/write path = /mnt/share/redressdata/quickbooks valid users = root, @finance read only = No create mask = 0660 force create mode = 0660 directory mask = 0770 force directory mode = 0770 [WebForms] path = /var/www/html/_docs_ valid users = xxx,xxx,xxx read only = No create mask = 00 force create mode = 0664 -- Ben Tisdall RedCircle IT Ltd, London NW1. www.redcircleit.com [EMAIL PROTECTED] +44 (0)20 7387 0351 +44 (0)7932 745803 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
