Re: [Samba] samba as a time server (newby question): time not updated
On 6/20/06, Ivan Teliatnikov <[EMAIL PROTECTED]> wrote: Colleagues, I am trying to use my PDC as a time server. time server = yes upon login a group based scripts are executed. Scripts include line: net time \\samba.server /set /yes Time changes only if a user who logs was added Power Users Group on the local machine. My users belong to either staff, pgrads, ugrads, vis UNIX groups. What do I need to do to ensure that time is synchronised on XP client when non-admin user logs into the machine. You don't already have an NTP server cluster in your organisation? Windows machines do NTP quite nicely, with no admin rights issues, since it runs as a system service on the client. I know this only sidesteps the issue, but if you have NTP running already, I think you'll find the results are better. This was my experience, in any case. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] "smbd: nss_ldap: could not search LDAP server - Can't contact LDAP server" and Samba shares are dropped
On 6/19/06, Michael Cassaniti <[EMAIL PROTECTED]> wrote: Hi, I Believe that this could be a corrupted secrets.tdb file that may be losing your ldap password. Please note that this is only a guess. I really can't offer you too much in the way of help. If that were the case, then once it was corrupted, it wouldn't work after a shutdown and restart, wouldn't it? Your logs show a search of ldap for a lot of posix account information. I don't know if that is normal or not, but if it isn't, then maybe winbind is causing some trouble cause that might be why the search chases after those attributes. If I'm off track, sorry about that. I'm not running winbind. Í'm using NSS to obtain account information. You could also have one of the two of them causing some locking. How are you doing for space, as in hard drive space? No problem with respect to space. How would I see if locking was occurring? I really hope someone else is much more helpful than I am. So do I :) But thank-you for taking the time to respond Good luck!!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] "smbd: nss_ldap: could not search LDAP server - Can't contact LDAP server" and Samba shares are dropped
List, I am encountering some really strange behaviour with Samba 3.0.20 and OpenLDAP 2.2.28. Everything in terms of PAM and NSS has been working correctly for a long time and have not been changed in months. This week it has started playing up, with NT_STATUS_LOGON_FAILURE type errors. The local ldap server is replicated from a master. In syslog, I see things like Jun 16 16:06:14 s-sophia smbd: nss_ldap: could not search LDAP server - Can't contact LDAP server At this point, the samba shares are no longer available, but LDAP is not down: I can do a search: s-sophia:~# ldapsearch -b "ou=People,dc=bpinet,dc=com" -xh localhost '(uid=xxx)' # extended LDIF # # LDAPv3 # base with scope sub # filter: (uid=xxx) # requesting: ALL # # xxx, Sophia Antipolis, People, bpinet.com dn: uid=xxx,ou=Sophia Antipolis,ou=People,dc=bpinet,dc=com cn: xxx description: xxx displayName: xxx gecos: xxx gidNumber: 513 homeDirectory: /home/xxx loginShell: /bin/false sambaHomeDrive: H: [...stuff deleted...] # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 ## Also, while Samba is out to lunch, I can also see the account via pdbedit: s-sophia:~# pdbedit -vu xxx Unix username:xxx NT username: xxx Account Flags:[U ] User SID: S-1-5-21-1150874807-1180408084-429402335-13524 Primary Group SID:S-1-5-21-1150874807-1180408084-429402335-513 [...etc etc...] ## Things run fine for a number of minutes (never the same duration) and then samba sessions begin to be refused. I've cranked up the openldap logs, and see that queries continue to be sent and answered: Jun 16 14:14:33 s-sophia slapd[7077]: conn=37 op=13 SRCH base="ou=People,dc=bpinet,dc=com" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uidNumber=6739))" Jun 16 14:14:33 s-sophia slapd[7077]: conn=37 op=13 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Jun 16 14:14:33 s-sophia slapd[7077]: conn=37 op=13 SEARCH RESULT tag=101 err=0 nentries=1 text= If I stop samba and slapd and restart slapd and samba (in that order), things start working again. No db_recover, no nothing else. I don't know what else to look at. Any ideas on how I can zero in on the underlying cause? Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can gencache.tdb be deletely at will?
On 2/22/06, Gerald (Jerry) Carter <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Wed, 22 Feb 2006, David Landgren wrote: > > > When I look at the client smbd log file, I see that the printer server > > is trying to open a connection to the IP address that corresponds to > > the address the client had when it connects via the VPN tunnel, > > instead of the address it currently has. I've even reconnected the PC > > via the VPN, where it acquired a different VPN address, but when I > > bring the PC back inside the corporate network, the old VPN address > > continues to pop up in the client Samba log. > > Try reducing the 'name cache timeout' in smb.conf. That had no effect. (The server is running 3.0.20 btw). Eventually we pulled the machine out of the domain, renamed the NetBIOS and inserted it back into the domain with the new name, which is a bit severe but it appears to have corrected the symptoms, even if I don't understand the underlying cause. But the question remains... can one delete the gencache.tdb file when Samba is halted with no ill effects? I would imagine so, but it would be nice to have the confirmation from a voice of authority. Thanks, Daid -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can gencache.tdb be deletely at will?
List, I have a client PC that is able to connect to my network via a VPN tunnel. When the client PC comes back to the mother ship, it acquires an ordinary network address via DHCP. In this situation, the PC is currently having problems viewing Samba printers... the printer folder takes several minutes to open all the printers, and requesting a print from an application takes a couple of minutes before getting the dialog box. When I look at the client smbd log file, I see that the printer server is trying to open a connection to the IP address that corresponds to the address the client had when it connects via the VPN tunnel, instead of the address it currently has. I've even reconnected the PC via the VPN, where it acquired a different VPN address, but when I bring the PC back inside the corporate network, the old VPN address continues to pop up in the client Samba log. I cannot find any reference to the VPN address in either the client registry, or the wins.dat or browse.dat files on the server. In fact, the only place I do find the address on the server is the gencache.tdb database. I have tried to find some more information about this file, with no luck. What I would like to know is whether it is safe to stop Samba, rename this file, and then restart Samba. I would hope that this fixes up the problem, but I don't know how critical this file is. Given its name, I suppose it can be blown away at will, but I'd like to be sure. Only in the hope that this is the cause of the problem, but I am not even sure about that. Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] login scripts not being run at session startup
List, I have a weird problem on a 3.0.20 PDC. My users can log on correctly (user credentials is in LDAP) to the domain but the login.bat file is not always run. For some people, it is always run. For other people, it is never run. For a final group, sometimes it runs, sometimes it doesn't. There aren't any real differences in the LDAP entry for the account. The relevant line in smb.confis: logon script = \\ns1\netlogon\login\%U In all cases, it is possible to go manually to \\pdc\netlogin\logindirectory, and double-click on the script and it runs correctly, so its not a permisssions problem. At log level 3, I don't see any glaring errors in the log file of the client machine. Nor do I see anything out of the ordinary in smbd.log. Can anyone give me a few pointers on things to try to find out what's happening? Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CUPS error with 3.0.11
On Wed, 16 Mar 2005 08:57:32 EST, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > I recently upgraded from Samba 3.0.2a to Samba 3.0.11. I didn't change > anything in my smb.conf file. > > But Now, when a user logs on to my Linux server and access a Samba share, in > the log file for that machine there is always a message repeated twice: > > [2005/03/16 05:40:23, 0] printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused > > As far as I can tell, I do NOT have any CUPS lines in my smb.conf file. I > have CUPS running as a service on my machine (which I should probably stop), > but I don't want to make any printers available to network users. > > Any clues as to why this error message is appearing now, and it never > appeared with Samba 3.0.2a? Probably because configuration detected cups was installed on the machine and thus compiled Samba to use it. You should rerun Configure again with --disable-cups to stop that from occurring. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Password Generator
On Tue, 15 Mar 2005 22:45:05 +0100 (CET), Tony Earnshaw <[EMAIL PROTECTED]> wrote: > > Aaron J. Zirbes: > > > Are you suggesting you wish to generate easily crackable passwords for > > all your users? I would strongly advise against this. How soon do you > > want your systems broken into? > > > > I would suggest you assign fully randomized passwords (mixed-case + > > numbers and characters), and then set a strict password requirements on > > your domain controller and workstations. Then make sure your users change > > their passwords on their first logon to something they can remember. > > So you never heard of APG and never heard of shell/awk scripting and never > heard of LDAP. Learn about them, before posting such nonsense again. Jeeze Tony, you spread your good humour and grace every where you go, don't you? The OP was asking the question because he didn't know of such things, and was seeking advice. We were all clueless newbies once. This is a very high traffic list: please engage your brain before posting such nonsense again. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Copying printer drivers across many servers
List, I am deploying a number of Samba servers across a WAN. To date I have manually uploaded printer drivers from an XP client to the Samba server. But it's slow, and I systematically upload the same drivers over and over again. I'm not quite sure of the recipe, but I'm sure there must be a way of replicating all the drivers, from a central point, out to the remote servers. Copying the files is simple enough, but how do I make the various .tdb files contain the right records? Has anyone done something like this before? Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] joining a domain without having Windows admin privileges
On Fri, 04 Mar 2005 00:06:10 -0600, J Raynor <[EMAIL PROTECTED]> wrote: > > I would like to use "security = domain" for a samba server, but the only > way I've found to do that is to issue the command "net rpc join -U > admin%password" where "admin" is a Windows user that has the authority > to create machine accounts. I don't have that authority, and I don't > think I can get it. Then you won't be able to join. Domains are an invite-only thing. You can't come and play if you haven't been asked. > Is there another way to do this? For instance, if the Windows admins > add the machine account for me, can I issue a different command to join > the domain? What command? Ask the admins to insert if for you into the domain. There's a reason it's done this way, so that the admins have a nominal idea of what machines are on their network, and thus, potentially responsible for. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Still having trouble with slow opening of printer properties
List, I asked a while back about problems with very slow openings of printer properties windows. This afternoon our main internet link was upgraded to 6Mb (symmetric) and so I thought I might see some improvements in response. But no change. I really don't think it's the pipe that's at fault, there's something wrong with my samba configuration. When I open the properties of a printer, I see the following lines in the log trickle by, always pausing at the line send_file_readX [2005/03/02 19:16:09, 3] smbd/process.c:switch_message(887) switch message SMBreadX (pid 6856) conn 0x839a388 [2005/03/02 19:16:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 103) - sec_ctx_stack_ndx = 0 [2005/03/02 19:16:09, 3] smbd/reply.c:send_file_readX(2154) send_file_readX fnum=7066 max=256 nread=256 [2005/03/02 19:16:09, 3] smbd/process.c:process_smb(1092) Transaction 3387 of length 63 [2005/03/02 19:16:09, 3] smbd/process.c:switch_message(887) switch message SMBreadX (pid 6856) conn 0x839a388 [2005/03/02 19:16:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 103) - sec_ctx_stack_ndx = 0 [2005/03/02 19:16:09, 3] smbd/reply.c:send_file_readX(2154) send_file_readX fnum=7066 max=256 nread=256 [2005/03/02 19:16:09, 3] smbd/process.c:process_smb(1092) Transaction 3388 of length 63 [2005/03/02 19:16:09, 3] smbd/process.c:switch_message(887) switch message SMBreadX (pid 6856) conn 0x839a388 [2005/03/02 19:16:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 103) - sec_ctx_stack_ndx = 0 [2005/03/02 19:16:09, 3] smbd/reply.c:send_file_readX(2154) send_file_readX fnum=7066 max=256 nread=256 [2005/03/02 19:16:09, 3] smbd/process.c:process_smb(1092) Transaction 3389 of length 63 [2005/03/02 19:16:09, 3] smbd/process.c:switch_message(887) switch message SMBreadX (pid 6856) conn 0x839a388 [2005/03/02 19:16:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 103) - sec_ctx_stack_ndx = 0 [2005/03/02 19:16:09, 3] smbd/reply.c:send_file_readX(2154) send_file_readX fnum=7066 max=256 nread=256 [2005/03/02 19:16:10, 3] smbd/process.c:process_smb(1092) Transaction 3390 of length 63 [2005/03/02 19:16:10, 3] smbd/process.c:switch_message(887) switch message SMBreadX (pid 6856) conn 0x839a388 [2005/03/02 19:16:10, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 103) - sec_ctx_stack_ndx = 0 [2005/03/02 19:16:10, 3] smbd/reply.c:send_file_readX(2154) send_file_readX fnum=7066 max=256 nread=256 [2005/03/02 19:16:10, 3] smbd/process.c:process_smb(1092) Transaction 3391 of length 63 [2005/03/02 19:16:10, 3] smbd/process.c:switch_message(887) switch message SMBreadX (pid 6856) conn 0x839a388 [2005/03/02 19:16:10, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 103) - sec_ctx_stack_ndx = 0 [2005/03/02 19:16:10, 3] smbd/reply.c:send_file_readX(2154) send_file_readX fnum=7066 max=256 nread=256 [2005/03/02 19:16:10, 3] smbd/process.c:process_smb(1092) Transaction 3392 of length 63 [2005/03/02 19:16:10, 3] smbd/process.c:switch_message(887) switch message SMBreadX (pid 6856) conn 0x839a388 [2005/03/02 19:16:10, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 103) - sec_ctx_stack_ndx = 0 [2005/03/02 19:16:10, 3] smbd/reply.c:send_file_readX(2154) send_file_readX fnum=7066 max=256 nread=256 [2005/03/02 19:16:10, 3] smbd/process.c:process_smb(1092) Transaction 3393 of length 63 [2005/03/02 19:16:10, 3] smbd/process.c:switch_message(887) switch message SMBreadX (pid 6856) conn 0x839a388 [2005/03/02 19:16:10, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 103) - sec_ctx_stack_ndx = 0 [2005/03/02 19:16:10, 3] smbd/reply.c:send_file_readX(2154) send_file_readX fnum=7066 max=256 nread=256 [2005/03/02 19:16:10, 3] smbd/process.c:process_smb(1092) Transaction 3394 of length 63 [2005/03/02 19:16:10, 3] smbd/process.c:switch_message(887) switch message SMBreadX (pid 6856) conn 0x839a388 [2005/03/02 19:16:10, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 103) - sec_ctx_stack_ndx = 0 [2005/03/02 19:16:10, 3] smbd/reply.c:send_file_readX(2154) send_file_readX fnum=7066 max=256 nread=256 [2005/03/02 19:16:10, 3] smbd/process.c:process_smb(1092) Transaction 3395 of length 63 [2005/03/02 19:16:10, 3] smbd/process.c:switch_message(887) switch message SMBreadX (pid 6856) conn 0x839a388 [2005/03/02 19:16:10, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 103) - sec_ctx_stack_ndx = 0 [2005/03/02 19:16:10, 3] smbd/reply.c:send_file_readX(2154) send_file_readX fnum=7066 max=256 nread=256 [2005/03/02 19:16:10, 3] smbd/process.c:process_smb(1092) Transaction 3396 of length 63 [2005/03/02 19:16:10, 3] smbd/process.c:switch_message(887) switch message SMBreadX (pid 6856) conn 0x839a388 [2005/03/02 19:16:10, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 103) - sec_ctx_stack_ndx = 0 [2005/03/02 19:16:10, 3] smbd/reply.c:send_file_readX(2154) send_file_readX fnum=7066 max=256 nread=256 [2005/03/02 19:16:10, 3] smbd/
[Samba] Excessive file traffic when viewing Printer Properties with 3.0.11
List, I have a printer on a BDC at the other end of a VPN tunnel, and updating the printer properties (such as loading additional driver files or configuring the paper size) of a printer that is installed on it is very slow, on the order of half an hour for basic operations. Just opening the properties dialog box results in all the driver files for the printer being read. Many times. Very slowly. The server in question is running 3.0.11. When I look at the logfile of my workstation on the server I see traces like: [2005/02/23 11:59:28, 2] smbd/open.c:open_file(245) dlandgre opened file W32X86/3/HPBFTM32.DLL read=Yes write=No (numopen=9) [2005/02/23 11:59:29, 2] smbd/open.c:open_file(245) dlandgre opened file W32X86/3/HPBFTM32.DLL read=Yes write=No (numopen=10) [2005/02/23 11:59:39, 2] smbd/close.c:close_normal_file(270) dlandgre closed file W32X86/3/HPBFTM32.DLL (numopen=9) [2005/02/23 11:59:50, 2] smbd/close.c:close_normal_file(270) dlandgre closed file W32X86/3/HPBFTM32.DLL (numopen=8) [2005/02/23 11:59:50, 2] smbd/open.c:open_file(245) dlandgre opened file W32X86/3/HPBFTM32.DLL read=Yes write=No (numopen=9) [2005/02/23 11:59:55, 2] smbd/open.c:open_file(245) dlandgre opened file W32X86/3/HPBFTM32.DLL read=Yes write=No (numopen=10) [2005/02/23 12:00:01, 2] smbd/close.c:close_normal_file(270) dlandgre closed file W32X86/3/HPBFTM32.DLL (numopen=9) [2005/02/23 12:00:15, 2] smbd/close.c:close_normal_file(270) dlandgre closed file W32X86/3/HPBFTM32.DLL (numopen=8) [2005/02/23 12:00:15, 2] smbd/open.c:open_file(245) dlandgre opened file W32X86/3/HPBFTM32.DLL read=Yes write=No (numopen=9) [2005/02/23 12:00:17, 2] smbd/open.c:open_file(245) dlandgre opened file W32X86/3/HPBFTM32.DLL read=Yes write=No (numopen=10) [2005/02/23 12:00:27, 2] smbd/close.c:close_normal_file(270) dlandgre closed file W32X86/3/HPBFTM32.DLL (numopen=9) [2005/02/23 12:00:40, 2] smbd/close.c:close_normal_file(270) dlandgre closed file W32X86/3/HPBFTM32.DLL (numopen=8) [2005/02/23 12:00:40, 2] smbd/open.c:open_file(245) dlandgre opened file W32X86/3/HPBFTM32.DLL read=Yes write=No (numopen=9) [2005/02/23 12:00:45, 2] smbd/open.c:open_file(245) dlandgre opened file W32X86/3/HPBAFD32.DLL read=Yes write=No (numopen=10) [2005/02/23 12:00:51, 2] smbd/close.c:close_normal_file(270) dlandgre closed file W32X86/3/HPBFTM32.DLL (numopen=9) [2005/02/23 12:01:01, 2] smbd/close.c:close_normal_file(270) dlandgre closed file W32X86/3/HPBAFD32.DLL (numopen=8) [2005/02/23 12:01:01, 2] smbd/open.c:open_file(245) dlandgre opened file W32X86/3/HPBAFD32.DLL read=Yes write=No (numopen=9) [2005/02/23 12:01:03, 2] smbd/open.c:open_file(245) dlandgre opened file W32X86/3/HPBAFD32.DLL read=Yes write=No (numopen=10) It opens and closes the same files repeatedly. The latency is much more than the VPN tunnel alone would suggest. At higher debug levels, it spends lots of time spitting out [2005/02/23 12:24:47, 3] smbd/reply.c:send_file_readX(2226) send_file_readX fnum=8325 max=512 nread=512 [2005/02/23 12:24:47, 3] smbd/process.c:process_smb(1091) Transaction 23864 of length 63 [2005/02/23 12:24:47, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 6827) conn 0x83cb6e0 [2005/02/23 12:24:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 103) - sec_ctx_stack_ndx = 0 [2005/02/23 12:24:47, 3] smbd/reply.c:send_file_readX(2226) send_file_readX fnum=8327 max=64 nread=64 [2005/02/23 12:24:47, 3] smbd/process.c:process_smb(1091) Transaction 23865 of length 63 [2005/02/23 12:24:47, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 6827) conn 0x83cb6e0 [2005/02/23 12:24:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 103) - sec_ctx_stack_ndx = 0 [2005/02/23 12:24:47, 3] smbd/reply.c:send_file_readX(2226) 8325 max=512 nread=512 [2005/02/23 12:24:47, 3] smbd/process.c:process_smb(1091) Transaction 23866 of length 76 ..the log always pauses at the "send_file_readX fnum=" entries. If there's something I can do to tune the performance of this I'd be most grateful. Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.11rc1 Available for Download
On Tue, 01 Feb 2005 15:47:22 -0600, Gerald (Jerry) Carter <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > David Landgren wrote: > > | # time smbclient //jersey/dsvi -U david%foobar -c 'exit' > | creating lame upcase table > | creating lame lowcase table > | Domain=[BPINET] OS=[Unix] Server=[Samba 3.0.11rc1] > | > | real0m8.817s > | user0m0.180s > | sys 0m0.020s > | > > David, I'm not seeing anything like that here. > > time bin/smbclient //queso/public -U jerry%foo -W VALE -c 'exit' > Domain=[VALE] OS=[Unix] Server=[Samba 3.0.11rc1] > > real0m0.386s > user0m0.027s > sys 0m0.005s > > This is a on linux 2.6 box. Maybe a name resolution issue? > Have you looked on the server for dns timeouts or wins > server timeouts? This is Solaris 2.9. Name resolution is fine (ns0 is my WINS server). # time ./nmblookup -RU ns0 jersey querying jersey on 0.0.0.0 172.17.0.101 jersey<00> real0m0.167s user0m0.150s sys 0m0.010s DNS performance is correct..Solaris lacks a 'host' command by default which is a bit of a hassle, but watching the logs of the DNS server shows that requests are handled in milliseconds. You raised an eyebrow at security = domain in my config. It's been that way since 2.2.8 and (poor) performance was never sufficiently noticeable to warrant benchmarking. Other servers are running Linux and have security = user and the following params for querying the LDAP server directly: passdb backend = ldapsam:"ldap://ldap-master.example.com"; ldap suffix = dc=bpinet,dc=com ldap admin dn = cn=Manager,dc=example,dc=com ldap passwd sync = yes ldap delete dn = no ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap group suffix = ou=Group When I use this in the config, authenticated shares don't work, and the following is logged: [2005/02/02 08:10:32, 0] passdb/pdb_interface.c:make_pdb_methods_name(684) No builtin nor plugin backend for ldapsam found I didn't compile --with-ldapsam. From what I read in the archives, I thought it was a compatibility shim for 2.x ldap backends, and that with nsswitch things would Just Work. Now that I look more carefully at similar problems, I think I do have to compile --with-ldapsam. Which means I can then use the above params, which hopefully means the performance issues will sort themselves out. Does that sound reasonable? Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.11rc1 Available for Download
On Mon, 31 Jan 2005 16:31:28 -0600, Gerald (Jerry) Carter <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > David Landgren wrote: > > | Not sure where those lame tables are coming from, but whatever. This > | is on a machine with no-one else online, debug level set to zero. > | Turning the debug level up doesn't show anything in particular. The > | user and system is pretty negligeable anyway. Authentication is done > | via ldap on another server (running Samba 3.0.10) on the same network > | segment. > > So are you running with security = user or security = domain here ? > I think the former no, domain: validation is being done by passing to it off the PDC or BDC. (But if that means I'm missing something else from the config then feel free to thump me :) In fact, security = user does not work. I can't switch over right now to catch the error message, but in essence, non-guest shares no longer authenticate and everyone is locked out. > Try testing the times for 'getent passwd david'. How > responsive it the LDAP server ? Instantaneous: # time getent passwd david david::1001:513:david sys acct:/home/david:/bin/bash real0m0.014s user0m0.000s sys 0m0.010s David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.11rc1 Available for Download
On Mon, 31 Jan 2005 13:26:45 -0600, Gerald (Jerry) Carter <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > David Landgren wrote: > > |>Common bugs fixed in 3.0.11rc1 include: > | > | > | Light testing here appears to indicate that it has fixed the > | bug of ever-increasing number of documents appearing > | in Printer job windows. > > kewl. Thanks for the feedback. > > We're working towards 3.0.11-final at the end of this week if > all continues to goes well. We did just fix a a problem with > wbinfo -m and security = ads this morning though. Hopefully > just a few more small patches. Me again. Don't know if this is related, but I'm experiencing extreme slowness in session setups. Doing an smbclient on localhost (ok, so it *is* Solaris, but all the same...) # time smbclient //jersey/dsvi -U david%foobar -c 'exit' creating lame upcase table creating lame lowcase table Domain=[BPINET] OS=[Unix] Server=[Samba 3.0.11rc1] real0m8.817s user0m0.180s sys 0m0.020s Not sure where those lame tables are coming from, but whatever. This is on a machine with no-one else online, debug level set to zero. Turning the debug level up doesn't show anything in particular. The user and system is pretty negligeable anyway. Authentication is done via ldap on another server (running Samba 3.0.10) on the same network segment. I've cut the global section down to [global] unix charset = CP850 workgroup = BPINET server string = jersey security = DOMAIN log file = /var/log/samba/%m.log socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = No domain master = No wins server = 172.17.0.8 hide dot files = No Don't know if I've left something crucial out, or done something silly with what's left, but I'm at a bit of a loss as to why this is occurring. Any clues will be gratefully received, otherwise I expect I shall hear a lot of users moaning tomorrow. Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] documentation patch for winbindd (3.0.11rc1)
Just spotted a minor typo in winbindd: s/privilage/privilege/ . The attached patch corrects this. David --- winbindd.8.orig 2005-01-31 23:02:11.67846 +0100 +++ winbindd.8 2005-01-31 23:02:46.803379000 +0100 @@ -289,8 +289,8 @@ The UNIX pipe over which clients communicate with the \fBwinbindd\fR program\&. For security reasons, the winbind client will only attempt to connect to the winbindd daemon if both the \fI/tmp/\&.winbindd\fR directory and \fI/tmp/\&.winbindd/pipe\fR file are owned by root\&. .TP -$LOCKDIR/winbindd_privilaged/pipe -The UNIX pipe over which 'privilaged' clients communicate with the \fBwinbindd\fR program\&. For security reasons, access to some winbindd functions \- like those needed by the \fBntlm_auth\fR utility \- is restricted\&. By default, only users in the 'root' group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privilaged to allow programs like 'squid' to use ntlm_auth\&. Note that the winbind client will only attempt to connect to the winbindd daemon if both the \fI$LOCKDIR/winbindd_privilaged\fR directory and \fI$LOCKDIR/winbindd_privilaged/pipe\fR file are owned by root\&. +$LOCKDIR/winbindd_privileged/pipe +The UNIX pipe over which 'privileged' clients communicate with the \fBwinbindd\fR program\&. For security reasons, access to some winbindd functions \- like those needed by the \fBntlm_auth\fR utility \- is restricted\&. By default, only users in the 'root' group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privileged to allow programs like 'squid' to use ntlm_auth\&. Note that the winbind client will only attempt to connect to the winbindd daemon if both the \fI$LOCKDIR/winbindd_privileged\fR directory and \fI$LOCKDIR/winbindd_privileged/pipe\fR file are owned by root\&. .TP /lib/libnss_winbind\&.so\&.X-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.11rc1 Available for Download
On Fri, 28 Jan 2005 15:15:07 -0600, Gerald Carter <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > This is a release candidate of the Samba 3.0.11 code base > and is provided for testing only. While close to the final > stable release, this snapshot is *not* intended for production > servers. If all goes well, this this version will become the > final 3.0.11 stable release (with possible minor changes). > > Common bugs fixed in 3.0.11rc1 include: Light testing here appears to indicate that it has fixed the bug of ever-increasing number of documents appearing in Printer job windows. thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] What's the deal with connecting back to the client on port 445?
hi list, I'm a bit of an old skool Samba user, have started using it back in the dark 0.9-ish days. To that end, the ports 137, 138 and 139 and burned deep into my neurons. I've just recently upgraded everything to 3.0.10 (the oldest Samba installation running was 2.2.3). I've seen a lot of garbage disappear from the Network Neighborhood, which is a good thing. One thing, however, has been puzzling me. If I try to browse the printers on another subnet, the server immediately comes back to me and tries to start talking to my client on port 445 (I'm aware that it's the AD service port). The firewall silently discards the packet, the connection eventually times out, and then proceeds on the older Netbios ports and stuff starts to work. I'm looking for best practices with port 445. Can I open just this port, and close down the 137-139 ports, or open it in addition, or do something else so that Samba doesn't try to attempt the initial connection? (Considering that I have only XP clients, WinNT 200x and Samba 3.0.10+ servers)? I can understand why the client might try to see whether 445 is open, I'm a bit puzzled as to why the servers do. The main point is that I want to kill the initial delay as the 445 connection times out. Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] reload configuration without a stop ?
You can send all the processes a HUP and they will reload the config. Ordinarily this should not affect them (unless the config change is, for instance, the suppression of a share they happen to be using). smbstatus -p | tail +5 | awk '{print $1}' | xargs kill -HUP The above should do the trick. Yes, there are probably killall or killproc commands that do this, but they have the same name from one OS or distro to another. David On Mon, 31 Jan 2005 11:46:21 +0100, fluppe <[EMAIL PROTECTED]> wrote: > > Hello, > > i am planning to use samba in my company, first on a test system and > later on operational. > I have a question about reloading the configuration file. > > When i do some changes in the configuration file about mappings etc for > new users, new folders on request etc and i have to reload the > configuration, is that a problem for the connected users ? > > Will they lose their connection while they are writing or saving or > whatever ? > > cheers, > Phil. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Best practices for long-running Samba server
On Thu, 27 Jan 2005 14:14:46 -0800, Spike Burkhardt <[EMAIL PROTECTED]> wrote: > Paul & David, > > Good points that I agree with but at least at three managers I've had want > to the uptime get bigger & bigger. Something about the 99.95% uptime > "industry standard." :-((( Ridiculous. They are wrong. Tell them gently that they should not confuse uptime with availability. A planned reboot at 03:00 that has no effect on the availability of the server is much better than an unexpected outage at 14:25 because a leaking database backend ate all your shared memory segments. That does wonders for availability. If you can't trust your machines to reboot themselves unattended and bring themselves back up to operational status then you have shall have to bring a pair of pyjamas into work and set up a cot in the machine room. 99.95% is about 4 and half hours per year. Ask your managers to cover you for the allowance of having a server being offline one whole afternoon per year. Ask for it in writing. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] new printing patch for 3.0.10 may fix the 'failure to remove print jobs from queue list display'
> | I'm using 3.0.11pre1 (compiled on the 18th) and looking at the source > | it looks like the patch is in (printing.c is dated Jan 4 21:30). > | Printing with cups. > | > | I am experiencing similar behaviour. I have 40 or so users > | pounding on a number printers, and by the end of the day some > | of them show upwards of 800 jobs in queue. > | > | I am seeing things like "attempt to delete job 3575 not > | seen by lpr" in the logs. > > Please test 3.0.11rc1 when it is released tomorrow and let > me know if you still see the issue. That release will have > integrated all the current printing fixes. I assume you mean 3.0.11rc3. I shall, and will report back. Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] new printing patch for 3.0.10 may fix the 'failure to remove print jobs from queue list display'
On Wed, 26 Jan 2005 16:25:35 +0100, Alex de Vaal <[EMAIL PROTECTED]> wrote: > On Wed 5 Jan 2005, at 17:57, Gerald (Jerry) Carter wrote: > > > I've uploaded a new draft of the printing patch for 3.0.10 > > to http://www.samba.org/~jerry/patches/post-3.0.10/ > > The only change is a small fix to fix the register_message_flags() > > error messages in the logs. After some thought, I think this > > might address the 'jobs failing to be removed from the queue > > list' bug. If people could test and let me know, I would > > appreciate it. I'm using 3.0.11pre1 (compiled on the 18th) and looking at the source it looks like the patch is in (printing.c is dated Jan 4 21:30). Printing with cups. I am experiencing similar behaviour. I have 40 or so users pounding on a number printers, and by the end of the day some of them show upwards of 800 jobs in queue. I am seeing things like "attempt to delete job 3575 not seen by lpr" in the logs. smb.conf contains [global] load printers = yes printing = cups printcap = cups printcap cache time = 60 printer admin = @prtadmin [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes public = yes guest ok = yes writable = no create mode = 0700 printer admin = root, @prtadmin If anyone can throw me some clues I'd be very grateful. Thanks, David > Hi Jerry, > > The patch (version #2) is working; when I print from an XP client to a CUPS > queue > (queue on hold), the print icon appears in the taskbar of the XP client. > When I remove > the print job from the CUPS queue, within 30 seconds the print icon on the > XP client > disappears. > > I also added this patch from Jerome Borsboom to your patch. > > --- samba-3.0.10/source/printing/printing.c 2005-01-10 > 15:07:27.060999122 +0100 > +++ samba-3.0.10.new/source/printing/printing.c 2005-01-10 > 15:07:36.784464292 +0100 > @@ -1077,6 +1077,7 @@ > >if ( !print_cache_expired(sharename, False) ) { >DEBUG(5,("print_queue_update_internal: print cache for %s is > still ok\n", sharename)); > + release_print_db( pdb ); >return; >} > > Is your printing patch Ok to use in production environments? > > I saw that in the SAMBA_3_0 branch that printing/printing.c is changed with > your patch, but your patch also patches: > > param/loadparm.c > smbd/lanman.c > smbd/negprot.c > smbd/reply.c > smbd/server.c > > but I can see that these files are not updated with your patch in the > SAMBA_3_0 > branch, or am I wrong? > > Regards, > Alex. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Best practices for long-running Samba server
> The client running our first Samba3 PDC production server had an uptime of > 115 days, then the uptime got spoiled by them moving to a new building. I'm not quite sure what the fascination is with long uptimes. It's good to reboot the system from time to time, not because it needs it, but just to prove that you still can. There's nothing like sweating profusely when a server crashes at 9:25 one morning and refuses to come back up and you don't know where to start looking to make you think that uptimes aren't the be-all and end-all. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Upgrading samba.schema post 3.0.6
On Fri, 21 Jan 2005 12:01:00 +0100, David Landgren <[EMAIL PROTECTED]> wrote: > List, > > I upgraded to 3.0.10 the other day, and completely missed the fact > that the samba.schema for openldap had to be upgraded as well. I > learnt that this was the case when passwords could no longer be > changed... > > Searching the web revealed that the only thing to do was to "copy over > samba.schema" and everything would be fine. So I backed up the > previous copy of samba.schema, copied the new version over (and I see > it contains the definition for sambaPasswordHistory, which is what I > need) and then restarted openldap. Answering myself: it turns out that there was nothing else to do. Copy the files over and restart openldap. What helps is to restart your openldap browser apps, so that they load a new version of the schema! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrading samba.schema post 3.0.6
List, I upgraded to 3.0.10 the other day, and completely missed the fact that the samba.schema for openldap had to be upgraded as well. I learnt that this was the case when passwords could no longer be changed... Searching the web revealed that the only thing to do was to "copy over samba.schema" and everything would be fine. So I backed up the previous copy of samba.schema, copied the new version over (and I see it contains the definition for sambaPasswordHistory, which is what I need) and then restarted openldap. When I browse the directory, however, I don't see the that the changes appear to have taken hold. Nor can I edit a user entry directly to add the attribute. Do I need to perform some sort of compilation on the schemas before restarting openldap? Thanks for the pointers, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-3 PDC: Home directories in other machine
On Thu, 20 Jan 2005 14:05:09 +0100, Juan José Vidal <[EMAIL PROTECTED]> wrote: > > Hi, > > I've a Samba-3 PDC LDAP Based and I want to put the home directories in > other machine. It's impossible that this machine was a BDC; this machine > only exports via NFS. > > My idea is mount via NFS this machine in my Samba-3 PDC machine > (i.e: /users/), and share this directory from my users. > > Is it possible? Yes, I've already done this. > I've searched, but nothing... Some links?? This depends on your OS. Just find a recipe that tells you how to set up NFS. From experience, the HOWTOs for Linux, FreeBSD and Solaris are all very straightforward. Samba doesn't care really care one way or another whether the path of a share is an NFS mount or not. Well, it may underneath, but not that I noticed. The main question is one of permissions. Does the exporting server use nsswitch to authenticate off LDAP, or does it use its own /etc/passwd? David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba(-3.0.10) + Excel(2003), file locking issue?
> >> I open an excel file from a samba share, modify it, the *first* (and > >> only first) time I save, Excel says: > >> > >> The file 'foo.xls' may have been changed by another user since you last > >> saved it. In that case, what do you want: > >> O Save a copy > >> O Overwrite changes > >> > >> Any ideas what's going on here? > > > > It's a known bug we've fixed in the Samba 3.0.11 pre-release. > > Thanks a bunch. Now I can stop worrying that it was something I > caused... *and* be comforted that a fix is on the way. I asked the same question two days ago. I can confirm that the problem is indeed resolved in .11pre1 David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] need some assistance - Samba 3.09 on FreeBSD 4.5
On Tue, 11 Jan 2005 12:10:12 -0800, Jon Starbird <[EMAIL PROTECTED]> wrote: > Hello, You say you're running FreeBSD 4.5. That's a really *really* old version. And the 4.x series just doesn't do nsswitching. A consultant and I tried long and hard to get FreeBSD 4.8 or so to work just as Samba 3.0 was coming out but in the end gave up and switched to Linux. The lack of support for nss in the kernel just kills the idea dead. FreeBSD 5.2 more or less worked, but there were a few quirks that stopped it from happening for me. I built a box with 5.3-RELEASE the other day and I can confirm everything (ldap, nss, samba, pam) works perfectly. > Any help will be greatly apprecicated. Hate to break the news to you, but an upgrade of the box is your only solution. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Excel "file may have been modified by another user since"with Samba 3.0.10
On Tue, 11 Jan 2005 10:29:50 -0800, Jeremy Allison <[EMAIL PROTECTED]> wrote: > On Tue, Jan 11, 2005 at 06:02:41PM +0100, David Landgren wrote: > > On Tue, 11 Jan 2005 11:24:00 -0500 (EST), > > [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > You may also want to read article 324491 at support.microsoft.com. It > > > applies to Excel 2002, but may be pertinent. > > > > Oops, I got the exact message wrong, I'll restate it here so that web > > searches can find it: > > > > The file (foo.xls) may have been changed by another user since you last > > saved it > > > > Thanks for the link, it may indeed relate to my problem. Anyway, in > > the meantime, while poring over samba logs, I found aawful hack, and > > that is to add > > > > veto oplock files = /*.xls/ > > > > to the [globals] section of smb.conf. That's pretty suboptimal, but it > > gets the users off my back. There must be a better way. > > Yep there is - it's fixed in 3.0.11. Try the pre release if you need it > now. > > Jeremy. Hello Jeremy, thanks for the reply. I have installed 3.0.11pre1and it does appear to have fixed the problem. I've backed out the veto parameter and Excel continues to behave itself. uname of the host: SunOS jersey 5.9 Generic_112233-08 sun4u sparc SUNW,Ultra-4 Thanks again, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Excel "file may have been modified by another user since"with Samba 3.0.10
On Tue, 11 Jan 2005 11:24:00 -0500 (EST), [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > You may also want to read article 324491 at support.microsoft.com. It > applies to Excel 2002, but may be pertinent. Oops, I got the exact message wrong, I'll restate it here so that web searches can find it: The file (foo.xls) may have been changed by another user since you last saved it Thanks for the link, it may indeed relate to my problem. Anyway, in the meantime, while poring over samba logs, I found aawful hack, and that is to add veto oplock files = /*.xls/ to the [globals] section of smb.conf. That's pretty suboptimal, but it gets the users off my back. There must be a better way. Thanks, David > Mark Orenstein > East Granby, CT School System > > > Hello list, > > > > I am encountering a problem with Excel 2003 on Samba shares. If I open > > an Excel file, edit a cell and then try to save it, I get a dialog box > > with a "file may have been modified by another user since" message, > > with the option to save a new copy, or overwrite the current file. > > Subsequent saves don't exhibit this behaviour, it occurs only on the > > first save after opening a file. > > > > This was using Samba 3.0.2. I went through the Changelogs and saw the > > line in the 3.0.5 changes (Implement deferred open code to fix a bug > > with Excel files on Samba shares.) and thought that this would do the > > trick. > > > > I have built and rolled out 3.0.10, but the problem is still present. > > The only file that smbstatus shows is as follows: > > > > PidDenyMode Access R/WOplock Name > > -- > > 15586 DENY_NONE 0x2019f RDWR EXCLUSIVE+BATCH > > /home/d/david/a.xls Tue Jan 11 15:02:14 2005 > > > > I have tried the 'defer sharing violations' set to yes, set to no, but > > that doesn't change anything. I assume I have to change something in > > smb.conf but I don't know what it is. > > > > Thanks for any clues I can use, > > David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Excel "file may have been modified by another user since" with Samba 3.0.10
Hello list, I am encountering a problem with Excel 2003 on Samba shares. If I open an Excel file, edit a cell and then try to save it, I get a dialog box with a "file may have been modified by another user since" message, with the option to save a new copy, or overwrite the current file. Subsequent saves don't exhibit this behaviour, it occurs only on the first save after opening a file. This was using Samba 3.0.2. I went through the Changelogs and saw the line in the 3.0.5 changes (Implement deferred open code to fix a bug with Excel files on Samba shares.) and thought that this would do the trick. I have built and rolled out 3.0.10, but the problem is still present. The only file that smbstatus shows is as follows: PidDenyMode Access R/WOplock Name -- 15586 DENY_NONE 0x2019f RDWR EXCLUSIVE+BATCH /home/d/david/a.xls Tue Jan 11 15:02:14 2005 I have tried the 'defer sharing violations' set to yes, set to no, but that doesn't change anything. I assume I have to change something in smb.conf but I don't know what it is. Thanks for any clues I can use, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba