[Samba] Re: Authentication requests being handled by PDC not local BDC
It seems leaving password server = * on the domain member causes it to fail after a while as it fails to find any servers. Setting it to explicitly saying password server = BISHOP ROSS gets it working again but it still only talks to the PDC(in a different subnet). On Wed, Jul 8, 2009 at 10:53 AM, David M Noriegadavidmnori...@gmail.com wrote: I have a PDC+LDAP as well as a BDC+LDAP in another subnet setup with a domain member in the same subnet as the BDC. From my understanding the domain member should be hitting the BDC for all authentication but watching the logs I see the PDC is the one handling it all. The BDC just sits there. Am I missing something? Here are the smb.conf for each servers: PDC: [global] workgroup = X.X.X netbios name = Ross server string = PDC %v map to guest = Bad User encrypt passwords = yes passdb backend = ldapsam:ldap://ldap1.x.x.x enable privileges = yes log level = 2 syslog = 0 time server = Yes socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768 add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-group-del '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon path = \\%L\profiles\%U logon script = netlogin.bat # logon drive = M: # logon home = \\cajal.x.x.x\%U domain logons = Yes os level = 225 domain master = Yes local master = Yes wins support = Yes # remote announce = x.x.x.255/X.X.X #bishop subnet ldap admin dn = cn=samba,ou=DSA,dc=x,dc=x,dc=x ldap group suffix = ou=group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=machines ldap passwd sync = Yes ldap suffix = dc=x,dc=x,dc=x ldap ssl = start tls ldap user suffix = ou=people create mask = 0640 directory mask = 0750 case sensitive = No dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd interfaces = eth0 lo bind interfaces only = yes hosts deny = ALL hosts allow = xxx.xxx.0.0/255.255.0.0 BDC: [Global] workgroup = X.X.X netbios name = BISHOP server string = BDC %v interfaces = eth0 lo bind interfaces only = yes hosts deny = ALL hosts allow = xxx.xxx.0.0/255.255.0.0 passdb backend = ldapsam:ldap://ldap2.x.x.x domain master = no domain logons = yes ldap suffix = dc=x,dc=x,dc=x ldap user suffix = ou=people ldap group suffix = ou=group ldap machine suffix = ou=machines ldap admin dn = cn=manager,dc=x,dc=x,dc=x encrypt passwords = yes enable privileges = yes log level = 3 syslog = 0 domain master = no wins server = ross.x.x.x wins proxy = yes remote announce = xxx.xxx.xxx.255/X.X.X #Ross subnet remote browse sync = xxx.xxx.xxx.xxx #ross ip ntlm auth = yes lanman auth = yes ldap ssl = start tls local master = yes os level = 65 preferred master = yes Domain Member: [Global] workgroup = X.X.X server string = CAJAL %v security = domain password server = * lanman auth = Yes encrypt passwords = yes enable privileges = yes loglevel = 2 syslog = 0 deadtime = 5 os level = 8 local master = No domain master = No remote announce = xxx.xxx.xxx.255/X.X.XXX interfaces = ce0 lo0 bind interfaces only = yes hosts allow = xxx.xxx.0.0/255.255.0.0 hosts deny = ALL -- Personally, I liked the university. They gave us money and facilities, we didn't have to produce anything! You've never been out of college! You don't know what it's like out there! I've worked in the private sector. They expect results. -Ray Ghostbusters -- Personally, I liked the university. They gave us money and facilities, we didn't have to produce anything! You've never been out of college! You don't know what it's like out there! I've worked in the private sector. They expect results. -Ray Ghostbusters -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem building 3.4.0 from source
I've never seen this but the problem is that ld cannot find crt1. Doing some searching it seems its part of the libc library. So for some reason ld cannot find it. I'd say find where crt1 is located on the system and make sure the path is right in ld.so.conf. And just to be sure, install libc-devel - Show quoted text - On Thu, Jul 9, 2009 at 2:42 PM, David Armstrongdarmstr...@moca.org wrote: I am attempting to build 3.4.0 from source on my Ubuntu 8.04 box. I have gcc installed. When I run ./configure it returns C compiler cannot create executables. I have been looking through the config.log file and I think I found the error message. configure:3304: gcc conftest.c 5 /usr/bin/ld: crt1.o: No such file: No such file or directory collect2: ld returned 1 exit status configure:3307: $? = 1 configure:3345: result: configure: failed program was: | /* confdefs.h. */ | #define PACKAGE_NAME Samba | #define PACKAGE_TARNAME samba | #define PACKAGE_VERSION 3 | #define PACKAGE_STRING Samba 3 | #define PACKAGE_BUGREPORT samba-techni...@samba.org | #define CONFIG_H_IS_FROM_SAMBA 1 | /* end confdefs.h. */ | I checked and there is an ld file in /usr/bin. It is about 430k in size. David Armstrong Database Administrator MOCA THE MUSEUM OF CONTEMPORARY ART -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Personally, I liked the university. They gave us money and facilities, we didn't have to produce anything! You've never been out of college! You don't know what it's like out there! I've worked in the private sector. They expect results. -Ray Ghostbusters -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Authentication requests being handled by PDC not local BDC
I have a PDC+LDAP as well as a BDC+LDAP in another subnet setup with a domain member in the same subnet as the BDC. From my understanding the domain member should be hitting the BDC for all authentication but watching the logs I see the PDC is the one handling it all. The BDC just sits there. Am I missing something? Here are the smb.conf for each servers: PDC: [global] workgroup = X.X.X netbios name = Ross server string = PDC %v map to guest = Bad User encrypt passwords = yes passdb backend = ldapsam:ldap://ldap1.x.x.x enable privileges = yes log level = 2 syslog = 0 time server = Yes socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768 add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-group-del '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon path = \\%L\profiles\%U logon script = netlogin.bat #logon drive = M: #logon home = \\cajal.x.x.x\%U domain logons = Yes os level = 225 domain master = Yes local master = Yes wins support = Yes # remote announce = x.x.x.255/X.X.X #bishop subnet ldap admin dn = cn=samba,ou=DSA,dc=x,dc=x,dc=x ldap group suffix = ou=group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=machines ldap passwd sync = Yes ldap suffix = dc=x,dc=x,dc=x ldap ssl = start tls ldap user suffix = ou=people create mask = 0640 directory mask = 0750 case sensitive = No dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd interfaces = eth0 lo bind interfaces only = yes hosts deny = ALL hosts allow = xxx.xxx.0.0/255.255.0.0 BDC: [Global] workgroup = X.X.X netbios name = BISHOP server string = BDC %v interfaces = eth0 lo bind interfaces only = yes hosts deny = ALL hosts allow = xxx.xxx.0.0/255.255.0.0 passdb backend = ldapsam:ldap://ldap2.x.x.x domain master = no domain logons = yes ldap suffix = dc=x,dc=x,dc=x ldap user suffix = ou=people ldap group suffix = ou=group ldap machine suffix = ou=machines ldap admin dn = cn=manager,dc=x,dc=x,dc=x encrypt passwords = yes enable privileges = yes log level = 3 syslog = 0 domain master = no wins server = ross.x.x.x wins proxy = yes remote announce = xxx.xxx.xxx.255/X.X.X #Ross subnet remote browse sync = xxx.xxx.xxx.xxx #ross ip ntlm auth = yes lanman auth = yes ldap ssl = start tls local master = yes os level = 65 preferred master = yes Domain Member: [Global] workgroup = X.X.X server string = CAJAL %v security = domain password server = * lanman auth = Yes encrypt passwords = yes enable privileges = yes loglevel = 2 syslog = 0 deadtime = 5 os level = 8 local master = No domain master = No remote announce = xxx.xxx.xxx.255/X.X.XXX interfaces = ce0 lo0 bind interfaces only = yes hosts allow = xxx.xxx.0.0/255.255.0.0 hosts deny = ALL -- Personally, I liked the university. They gave us money and facilities, we didn't have to produce anything! You've never been out of college! You don't know what it's like out there! I've worked in the private sector. They expect results. -Ray Ghostbusters -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Curious Transport Endpoint message
I have a curious message I get repeatedly every so often on a samba domain member that serves up our network's home and group shares. [2009/07/07 12:24:56, 0] lib/util_sock.c:read_socket_with_timeout(939) [2009/07/07 12:24:56, 0] lib/util_sock.c:get_peer_addr_internal(1607) getpeername failed. Error was Transport endpoint is not connected read_socket_with_timeout: client 0.0.0.0 read error = Transport endpoint is not connected. I dont know of any reason for this and this doesnt seems to impact performance. Its just a slow day and thought I'd fix something that isnt broken smb.conf: [Global] workgroup = X.X.X server string = XXX %v security = domain password server = * lanman auth = Yes encrypt passwords = yes enable privileges = yes loglevel = 0 syslog = 0 name resolve order = wins bcast host deadtime = 5 os level = 8 local master = No domain master = No wins server = x.x.x.x remote announce = x.x.x.x/X.X.X interfaces = ce0 hosts allow = xxx.xxx.0.0/255.255.0.0 hosts deny = ALL -- Personally, I liked the university. They gave us money and facilities, we didn't have to produce anything! You've never been out of college! You don't know what it's like out there! I've worked in the private sector. They expect results. -Ray Ghostbusters -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Best way to setup Samba + OpenLDAP + Linux to use a different partition for /home?
I would think the same thing. For my setup here [homes] path = /tray2/home/%U That is simply the path to where our zfs raid is at on the system. Should be simple as that, though dont know if your admin software can handle creating zfs filesystems instead of just creating directories. On Tue, Jul 7, 2009 at 1:16 PM, Charles Marcuscmar...@media-brokers.com wrote: On 7/7/2009, Matt Burkhardt (m...@imparisystems.com) wrote: However, it creates home directories on the small OS drive and he would like to have them all moved to the large RAID array. Can't you just set the default Home directory for new Users to wherever you want it (ie, the large RAID array)? I don't use Webmin, but I'd be surprised if you can't set some defaults, and it seems like the home dir would be one of them... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Personally, I liked the university. They gave us money and facilities, we didn't have to produce anything! You've never been out of college! You don't know what it's like out there! I've worked in the private sector. They expect results. -Ray Ghostbusters -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba BDC + LDAP failing to authenticate users
I have Samba 3.2.4 running on Solaris 10 from sunfreeware. From what I can tell just recently happened to this server, which runs as a BDC + LDAP. Previously I have been able to authenticate against it as well as map drives from it. Though now it complains about no such user exists, though they do. here is the log entries, level 2 With correct password [2009/07/02 12:21:33, 2] smbd/sesssetup.c:setup_new_vc_session(1363) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/07/02 12:21:33, 2] smbd/sesssetup.c:setup_new_vc_session(1363) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/07/02 12:21:33, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: user.name [2009/07/02 12:21:33, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210) pdb_get_group_sid: Failed to find Unix account for user.name [2009/07/02 12:21:33, 1] auth/auth_util.c:make_server_info_sam(562) User user.name in passdb, but getpwnam() fails! [2009/07/02 12:21:33, 0] auth/auth_sam.c:check_sam_security(355) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2009/07/02 12:21:33, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [user.name] - [user.name] FAILED with error NT_STATUS_NO_SUCH_USER with wrong password [2009/07/02 12:22:40, 2] smbd/sesssetup.c:setup_new_vc_session(1363) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/07/02 12:22:40, 2] smbd/sesssetup.c:setup_new_vc_session(1363) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/07/02 12:22:40, 2] lib/smbldap.c:smbldap_open_connection(796) smbldap_open_connection: connection opened [2009/07/02 12:22:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: user.name [2009/07/02 12:22:40, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210) pdb_get_group_sid: Failed to find Unix account for user.name [2009/07/02 12:22:40, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [user.name] - [user.name] FAILED with error NT_STATUS_WRONG_PASSWORD smb.conf [Global] workgroup = x.x.x netbios name = xxx server string = BDC %v passdb backend = ldapsam:ldap://x.x.x.x domain master = no domain logons = yes ldap suffix = dc=x,dc=x,dc=x ldap user suffix = ou=people ldap group suffix = ou=group ldap machine suffix = ou=machines ldap admin dn = cn=manager,dc=x,dc=x,dc=x encrypt passwords = yes enable privileges = yes log level = 0 syslog = 0 domain master = no wins support = no wins server = x.x.x.x ntlm auth = yes lanman auth = yes ldap ssl = start tls local master = yes os level = 33 preferred master = yes [gtest] path = /var/gtest browseable = yes writeable = yes create mask = 0777 directory mask = 0777 force group = Domain Users public = yes Any ideas? -- Personally, I liked the university. They gave us money and facilities, we didn't have to produce anything! You've never been out of college! You don't know what it's like out there! I've worked in the private sector. They expect results. -Ray Ghostbusters -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba