Re: [Samba] [CIFS] mount error(13): Permission denied
On 2013-08-09 00:20 (GMT-0400) Felix Miata composed: This is from mount mountpoint on openSUSE 13.1m3 running 3.10.1 desktop kernel. The mountpoint and fstab entries are identical and working in openSUSE 12.3 on same system. I just spent several hours on IRC and elsewhere trying to figure this out before thinking to try booting something other than 13.1. :-( Fstab entry (redacted): //HOST/share /mountpoint cifs guest,nounix,uid=,gid=,dir_mode=0777,file_mode=0664,noauto 0 0 The host is a Linux satellite receiver, running kernel 3.3.1 and sambaserver 3.0.37-r8. It's configuration options are crippled. Security = user seems not to be an option, but since the device runs on FOSS and there is no manual, whether that is in fact the case is unclear. I simply haven't been able to make it work except with security = share. A developer on IRC told me how to get extra debug info: http://fm.no-ip.com/Tmp/Linux/messages-suse131CIFSfailure7proc-fs-cifs-cifsFYI.txt He said it smells like regression/fallout from removal of security = share and will look at it more after sleeping. Anyone else want to comment? Is this the right place to discuss? Found a solution in option sec=none. -- The wise are known for their understanding, and pleasant words are persuasive. Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Quota support in Samba4
Hi, Is it possible to handle quota management on a samba4 share ? To be more precise, is it possible to have the same quota management as in Windows File Servers. It is possible to have quotas on samba shares using the filesystem quota. but I think you have to use edquota to manage them. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [CIFS] mount error(13): Permission denied
This is from mount mountpoint on openSUSE 13.1m3 running 3.10.1 desktop kernel. The mountpoint and fstab entries are identical and working in openSUSE 12.3 on same system. I just spent several hours on IRC and elsewhere trying to figure this out before thinking to try booting something other than 13.1. :-( Fstab entry (redacted): //HOST/share /mountpoint cifs guest,nounix,uid=,gid=,dir_mode=0777,file_mode=0664,noauto 0 0 The host is a Linux satellite receiver, running kernel 3.3.1 and sambaserver 3.0.37-r8. It's configuration options are crippled. Security = user seems not to be an option, but since the device runs on FOSS and there is no manual, whether that is in fact the case is unclear. I simply haven't been able to make it work except with security = share. A developer on IRC told me how to get extra debug info: http://fm.no-ip.com/Tmp/Linux/messages-suse131CIFSfailure7proc-fs-cifs-cifsFYI.txt He said it smells like regression/fallout from removal of security = share and will look at it more after sleeping. Anyone else want to comment? Is this the right place to discuss? -- The wise are known for their understanding, and pleasant words are persuasive. Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT_STATUS_TOO_MANY_OPENED_FILES with Samba 4.0.6 and Internal DNS
I posted an question about something that might be the same problem in ServerFault: http://serverfault.com/questions/527214/samba-4-file-server-will-not-allow-any-additional-users-to-log-on Den 10.07.13 16:43, skrev Andrew Martin: Hello, I am using Samba 4.0.6 on Ubuntu 12.04 with the internal DNS and dns forwarder set to forward to an upstream dnsmasq server as follows: [global] workgroup = EXAMPLE realm = EXAMPLE.COM netbios name = DC0 server role = active directory domain controller dns forwarder = 192.168.010 idmap_ldb:use rfc2307 = Yes # disable printing since we're not using it and to get rid of printcap errors in log printcap name = /dev/null load printers = no printing = bsd [netlogon] path = /var/lib/samba/sysvol/example.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No Samba 4 has been working well so far as an AD DC, however I have seen this message appear in the samba log: [2013/07/10 08:52:35, 0] ../source4/smbd/process_single.c:57(single_accept_connection) single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES I found this bug report and thread regarding this issue, and stating that it had been fixed in 4.0.0 rc3: https://bugzilla.samba.org/show_bug.cgi?id=8878 http://samba.2283325.n4.nabble.com/Samba3-gt-samba-4-td4638214.html I confirmed that the attached patch is indeed applied in my copy of 4.0.6. What else can I do to debug this problem? Thanks, Andrew It happened to me too last weekend, with almost no users connected. but I'm using samba4 with bind_dlz. my samba4 last update was 2 weeks ago. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] dns query not giving back all registers (solved)
Hello list. If I query my samba4 Active Directory domain with dig mydomain ANY or MX it answers just with SOA and NS records, but not MX or some others I have already defined. Is it right?? I've tried from the own samba4 server and from another linux host. My samba4 is up-to-date. Using bind9.7.3 with samba_dlz. my mistake. I created the records from DNS console in Windows in a wrong way. I should have left the first space blank when creating a mx record. After leaving the first space in blank (host or child domain) everything worked fine! Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] dns query not giving back all registers
Hello list. If I query my samba4 Active Directory domain with dig mydomain ANY or MX it answers just with SOA and NS records, but not MX or some others I have already defined. Is it right?? I've tried from the own samba4 server and from another linux host. My samba4 is up-to-date. Using bind9.7.3 with samba_dlz. Thanks in advance. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Doubt about Trust Relationships
I have a question about trust relationships. I searched the wiki and other links, but did not find a specific page with the Features of Samba4. So I ask here on the list. I created a setting for studies with 2 servers, each with a different domain, both are talking, however I can not establish a trust relationship between them, whenever I run the wizard, is reported an error message saying that the domain already exists. This functionality has not been implemented or may be some configuration error? I appreciate the attention. Note: I'm using version: 4.1.0pre1-GIT-f1781ad. --- I guess Samba can be trusted, but it can not trust. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 access to Samba server: Strange performance/delay problems while opening share
Hello list! I have strange performance issue with an single Windows 7 client in a simple network setup with one samba server, and various windows clients (Win XP, Windows 7). All clients can open shares with explorer, without any delay (the share contents are listed directly). But one client, a lenovo Windows 7 Laptop has strange problems opening these same shares. The time from opening a share, until the share is listed, varies betwenn (seldom) direct response, and in most cases delays between 3 and 20 seconds, in seldom extrem cases 1-2 minutes. Because this is the only Windows 7 client with this kind of problems, i reinstalled the machine from scratch (with the lenovo version of windows 7 from the hidden partition), hoping this problem was caused by any kind of windows weiredness (the windows 7 installation was one or two years old). The only change was, there were no more delays in listing shares, longer than 20 seconds, so the core problem still exists. What possibilities do I have, to solve this problem? My next step was, to capture the network traffic this client does, while opening an specific share. I captured also the traffic caused by two other windows 7 clients, which do not have any delay issues while opening the same share. My knowledge about samba network packages is far to low, to be able to find the problem. In my desparation now, I joined this list, hoping there is anybody, who can give me a hint to the right direction, to solve this problem. I had a similar issue and it happened to be that my laptop network card didn't work well with my switch (I tested in several ports of that network switch and with other computers there were no problems with these ports). So I plugged this laptop to another switch in my network and then it worked! Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Dynamic dns updates fail for (most) xp, vista and win7 clients
My mistake. The time was not being synced due to the same permissions issue that was preventing dns updates. The solution was to log on to each client as a domain admin and issue the following commands net time /domain /set /y ipconfig /registerdns On one windows 7 clinet I had to do the folllowing: 1) Sync the time with the net time command 2) drop the machine off the network and rejoin it under a different name 3) register dns with the ipconfig command. I have no idea why that one machine was difficult but other then that you were right it was a time issue. -Original message- From:Felix Mason felixma...@oilmovements.com Sent:Sat 27-04-2013 11:49 Subject:RE: [Samba] Dynamic dns updates fail for (most) xp, vista and win7 clients CC:samba@lists.samba.org; To:?icro MEGAS microme...@mail333.com; Hi Lucas Thanks, but the time is in sync on all clients and is updated on login by a login script. There's is no discrepancy in this regard between those clients that work and those that don't. :) On Wed 24-04-2013 10:47:?icro MEGAS microme...@mail333.com wrote Check your time sync between clients and server. If the time is not in sync, it can result to Kerberos errors and therefore no updates. Cheers, Lucas Втр 23 Апр 2013 22:36:48 +0400, Felix Mason felixma...@oilmovements.com написал: Hi Banging my head against a wall with this. Dynamic dns updates for windows clients are failing. Log exceprt: Apr 13 00:20:50 server named[30147]: samba_dlz: disallowing update of signer=newboywin7\$\@example.lan name=newboywin7.example.lan type= error=insufficient access rights Apr 13 00:20:50 server named[30147]: client 192.168.12.205#61162: updating zone 'example.lan/NONE': update failed: rejected by secure update (REFUSED) Apr 13 00:20:50 server named[30147]: samba_dlz: cancelling transaction on zone example.lan Apr 13 00:20:50 server named[30147]: samba_dlz: starting transaction on zone example.lan Apr 13 00:20:50 server named[30147]: client 192.168.12.205#62052: update 'example.lan/IN' denied Apr 13 00:20:50 server named[30147]: samba_dlz: cancelling transaction on zone example.lan Apr 13 00:20:50 server named[30147]: samba_dlz: starting transaction on zone example.lan Apr 13 00:20:50 server named[30147]: samba_dlz: disallowing update of signer=newboywin7\$\@example.lan name=newboywin7.example.lan type= error=insufficient access rights Apr 13 00:20:50 server named[30147]: client 192.168.12.205#64861: updating zone 'example.lan/NONE': update failed: rejected by secure update (REFUSED) First two clients I got this problem with were winxp and win7. I did the following: sudo samba_upgradedns --dns-backend=BIND9_DLZ They started working. Since then I have the same problem and this doesn't resolve the issue. Someone previously suggested this ldbdel -H /opt/samba4/private/sam.ldb DC=wxp1,DC=Kernevil.lan,CN=MicrosoftDNS,DC=Kernevil,DC=lan It doesn't work I don't find any entries for the affected workstations + they were not added to the domain with beta versions of samba. I'm running Zentyal which is a version of ubuntu 12.4, samba package 4.0.4-zentyal1. Have posted a question to there formum (with no success here) http://forum.zentyal.org/index.php/topic,14152.0.html http://forum.zentyal.org/index.php/topic,14152.0.html Any help appreciated - this is infuriating. cheers sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Dynamic dns updates fail for (most) xp, vista and win7 clients
Hi Banging my head against a wall with this. Dynamic dns updates for windows clients are failing. Log exceprt: Apr 13 00:20:50 server named[30147]: samba_dlz: disallowing update of signer=newboywin7\$\@example.lan name=newboywin7.example.lan type= error=insufficient access rights Apr 13 00:20:50 server named[30147]: client 192.168.12.205#61162: updating zone 'example.lan/NONE': update failed: rejected by secure update (REFUSED) Apr 13 00:20:50 server named[30147]: samba_dlz: cancelling transaction on zone example.lan Apr 13 00:20:50 server named[30147]: samba_dlz: starting transaction on zone example.lan Apr 13 00:20:50 server named[30147]: client 192.168.12.205#62052: update 'example.lan/IN' denied Apr 13 00:20:50 server named[30147]: samba_dlz: cancelling transaction on zone example.lan Apr 13 00:20:50 server named[30147]: samba_dlz: starting transaction on zone example.lan Apr 13 00:20:50 server named[30147]: samba_dlz: disallowing update of signer=newboywin7\$\@example.lan name=newboywin7.example.lan type= error=insufficient access rights Apr 13 00:20:50 server named[30147]: client 192.168.12.205#64861: updating zone 'example.lan/NONE': update failed: rejected by secure update (REFUSED) First two clients I got this problem with were winxp and win7. I did the following: sudo samba_upgradedns --dns-backend=BIND9_DLZ They started working. Since then I have the same problem and this doesn't resolve the issue. Someone previously suggested this ldbdel -H /opt/samba4/private/sam.ldb DC=wxp1,DC=Kernevil.lan,CN=MicrosoftDNS,DC=Kernevil,DC=lan It doesn't work I don't find any entries for the affected workstations + they were not added to the domain with beta versions of samba. I'm running Zentyal which is a version of ubuntu 12.4, samba package 4.0.4-zentyal1. Have posted a question to there formum (with no success here) http://forum.zentyal.org/index.php/topic,14152.0.html Any help appreciated - this is infuriating. cheers sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Dynamic dns updates fail for (most) xp, vista and win7 clients
Hi Lucas Thanks, but the time is in sync on all clients and is updated on login by a login script. There's is no discrepancy in this regard between those clients that work and those that don't. :) On Wed 24-04-2013 10:47:?icro MEGAS microme...@mail333.com wrote Check your time sync between clients and server. If the time is not in sync, it can result to Kerberos errors and therefore no updates. Cheers, Lucas Втр 23 Апр 2013 22:36:48 +0400, Felix Mason felixma...@oilmovements.com написал: Hi Banging my head against a wall with this. Dynamic dns updates for windows clients are failing. Log exceprt: Apr 13 00:20:50 server named[30147]: samba_dlz: disallowing update of signer=newboywin7\$\@example.lan name=newboywin7.example.lan type= error=insufficient access rights Apr 13 00:20:50 server named[30147]: client 192.168.12.205#61162: updating zone 'example.lan/NONE': update failed: rejected by secure update (REFUSED) Apr 13 00:20:50 server named[30147]: samba_dlz: cancelling transaction on zone example.lan Apr 13 00:20:50 server named[30147]: samba_dlz: starting transaction on zone example.lan Apr 13 00:20:50 server named[30147]: client 192.168.12.205#62052: update 'example.lan/IN' denied Apr 13 00:20:50 server named[30147]: samba_dlz: cancelling transaction on zone example.lan Apr 13 00:20:50 server named[30147]: samba_dlz: starting transaction on zone example.lan Apr 13 00:20:50 server named[30147]: samba_dlz: disallowing update of signer=newboywin7\$\@example.lan name=newboywin7.example.lan type= error=insufficient access rights Apr 13 00:20:50 server named[30147]: client 192.168.12.205#64861: updating zone 'example.lan/NONE': update failed: rejected by secure update (REFUSED) First two clients I got this problem with were winxp and win7. I did the following: sudo samba_upgradedns --dns-backend=BIND9_DLZ They started working. Since then I have the same problem and this doesn't resolve the issue. Someone previously suggested this ldbdel -H /opt/samba4/private/sam.ldb DC=wxp1,DC=Kernevil.lan,CN=MicrosoftDNS,DC=Kernevil,DC=lan It doesn't work I don't find any entries for the affected workstations + they were not added to the domain with beta versions of samba. I'm running Zentyal which is a version of ubuntu 12.4, samba package 4.0.4-zentyal1. Have posted a question to there formum (with no success here) http://forum.zentyal.org/index.php/topic,14152.0.html http://forum.zentyal.org/index.php/topic,14152.0.html Any help appreciated - this is infuriating. cheers sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Dynamic dns updates fail for (most) xp, vista and win7 clients
Hi Banging my head against a wall with this. Dynamic dns updates for windows clients are failing. Log exceprt: Apr 13 00:20:50 server named[30147]: samba_dlz: disallowing update of signer=newboywin7\$\@example.lan name=newboywin7.example.lan type= error=insufficient access rights Apr 13 00:20:50 server named[30147]: client 192.168.12.205#61162: updating zone 'example.lan/NONE': update failed: rejected by secure update (REFUSED) Apr 13 00:20:50 server named[30147]: samba_dlz: cancelling transaction on zone example.lan Apr 13 00:20:50 server named[30147]: samba_dlz: starting transaction on zone example.lan Apr 13 00:20:50 server named[30147]: client 192.168.12.205#62052: update 'example.lan/IN' denied Apr 13 00:20:50 server named[30147]: samba_dlz: cancelling transaction on zone example.lan Apr 13 00:20:50 server named[30147]: samba_dlz: starting transaction on zone example.lan Apr 13 00:20:50 server named[30147]: samba_dlz: disallowing update of signer=newboywin7\$\@example.lan name=newboywin7.example.lan type= error=insufficient access rights Apr 13 00:20:50 server named[30147]: client 192.168.12.205#64861: updating zone 'example.lan/NONE': update failed: rejected by secure update (REFUSED) First two clients I got this problem with were winxp and win7. I did the following: sudo samba_upgradedns --dns-backend=BIND9_DLZ They started working. Since then I have the same problem and this doesn't resolve the issue. Someone previously suggested this ldbdel -H /opt/samba4/private/sam.ldb DC=wxp1,DC=Kernevil.lan,CN=MicrosoftDNS,DC=Kernevil,DC=lan It doesn't work I don't find any entries for the affected workstations + they were not added to the domain with beta versions of samba. I'm running Zentyal which is a version of ubuntu 12.4, samba package 4.0.4-zentyal1. Have posted a question to there formum (with no success here) http://forum.zentyal.org/index.php/topic,14152.0.html http://forum.zentyal.org/index.php/topic,14152.0.html Any help appreciated - this is infuriating. cheers sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] network neighborhood (Solved)
/nmbd_sendannounce.c:207(send_host_announcement) send_host_announcement: type 809b03 for host DOS on subnet 10.30.100.6 for workgroup EPEPM [2013/03/22 08:26:12.159952, 4] nmbd/nmbd_packets.c:2129(send_mailslot) send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from DOS00 IP 10.30.100.6 to EPEPM1d IP 10.30.100.6 [2013/03/22 08:26:12.159997, 4] nmbd/nmbd_packets.c:95(debug_browse_data) debug_browse_data(): 0 char ..DOS... hex 01 01 c0 d4 01 00 44 4f 53 00 00 00 00 00 00 00 10 char ..U. hex 00 00 00 00 00 00 04 09 03 9b 80 00 0f 01 55 aa 20 char Servidor Dos.hex 53 65 72 76 69 64 6f 72 20 44 6f 73 00 [2013/03/22 08:26:12.160141, 5] nmbd/nmbd_packets.c:2136(send_mailslot) send_mailslot: sending packet to ourselves. [2013/03/22 08:26:12.160196, 10] nmbd/nmbd_sendannounce.c:371(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: no unicast subnet, ignoring The problem was broadcasting. This server is virtualized with proxmox, using openvz. venet doesn't support broadcasting so I switched to veth and now everything is working. It wasn't a samba problem. sorry!! I hope this could help someone else. Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] replication error
I'm having replication issues among my samba DCs. when I run samba-tool dbcheck this is what I get: root@capital:/usr/local/samba/bin# ./samba-tool dbcheck Checking 15211 objects ERROR: incorrect GUID component for member in object CN=Domain Controllers,CN=Users,DC=eccmg,DC=cupet,DC=cu - GUID=bd0fa1c6-1abd-41c2-89d4-0485c064ff2a;SID=S-1-5-21-673721863-1998900342-1412008047-14135;CN=xx\0ADEL:bd0fa1c6-1abd-41c2-89d4-0485c064ff2a,CN=Deleted Objects,DC=eccmg,DC=cupet,DC=cu unable to find object for DN CN=xx\0ADEL:bd0fa1c6-1abd-41c2-89d4-0485c064ff2a,CN=Deleted Objects,DC=eccmg,DC=cupet,DC=cu - (No such Base DN: CN=xx\0ADEL:bd0fa1c6-1abd-41c2-89d4-0485c064ff2a,CN=Deleted Objects,DC=eccmg,DC=cupet,DC=cu) Not removing dangling forward link ERROR: incorrect GUID component for member in object CN=Domain Controllers,CN=Users,DC=eccmg,DC=cupet,DC=cu - GUID=5606aaf6-3931-45c4-8f5e-f56ebf514564;SID=S-1-5-21-673721863-1998900342-1412008047-13555;CN=test\0ADEL:5606aaf6-3931-45c4-8f5e-f56ebf514564,CN=Deleted Objects,DC=eccmg,DC=cupet,DC=cu unable to find object for DN CN=test\0ADEL:5606aaf6-3931-45c4-8f5e-f56ebf514564,CN=Deleted Objects,DC=eccmg,DC=cupet,DC=cu - (No such Base DN: CN=test\0ADEL:5606aaf6-3931-45c4-8f5e-f56ebf514564,CN=Deleted Objects,DC=eccmg,DC=cupet,DC=cu) Not removing dangling forward link What's going on here??? Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS Replication Between Samba4 DCs
On Wed, 2013-02-27 at 16:14 -0500, Andrew Hamilton wrote: I have been able to successfully install and configure a primary DC with Ubuntu 12.04 and the samba4 package as well as configure and join a secondary DC to the primary. However, I cannot DNS entries to replicate from the primary to the secondary (I haven't tried the other way around but I would like that working as well). Both are using BIND9_DLZ. Is DNS replication even supported with this setup or do I have to use the SAMBA INTERNAL setting? Yes, replication is supported, and should work just as well with DLZ and it would using the internal server. Andrew Bartlett I'd like to know how I should set up resolv.conf in a future secondary DC to join an existing domain. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] network neighborhood
You can try, [global] announce as = system type You are running in an windows ADS there is no netbios but dns. So it could be PCs are not show up In the neighborhood. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von fe...@epepm.cupet.cu Gesendet: Donnerstag, 21. März 2013 16:04 An: samba@lists.samba.org Betreff: [Samba] network neighborhood Mensaje original Asunto: network neighborhood De: fe...@epepm.cupet.cu Fecha: Mie, 20 de Marzo de 2013, 8:07 am Para: samba@lists.samba.org -- Hello: I would like to know what is wrong in my configuration. I can't see this server in network neighborhood. samba 3.5.6 joined to my active directory domain. [global] # message command = /bin/sh -c '/usr/bin/linpopup %f %m %s; rm %s' security = ADS netbios name = dos realm = EPEPM.CUPET.CU password server = ad.epepm.cupet.cu workgroup = EPEPM log level = 1 syslog = 0 idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes domain master = no server string = Servidor Dos encrypt passwords = true Yes, all windows computers are shown in network neigborhood, even an ubuntu 12.04 desktop, but not this debian 6. I tried your suggestion but it didn't work. I read that default is announce as = NT Server -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] network neighborhood
You can try, [global] announce as = system type You are running in an windows ADS there is no netbios but dns. So it could be PCs are not show up In the neighborhood. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von fe...@epepm.cupet.cu Gesendet: Donnerstag, 21. März 2013 16:04 An: samba@lists.samba.org Betreff: [Samba] network neighborhood Mensaje original Asunto: network neighborhood De: fe...@epepm.cupet.cu Fecha: Mie, 20 de Marzo de 2013, 8:07 am Para: samba@lists.samba.org -- Hello: I would like to know what is wrong in my configuration. I can't see this server in network neighborhood. samba 3.5.6 joined to my active directory domain. [global] # message command = /bin/sh -c '/usr/bin/linpopup %f %m %s; rm %s' security = ADS netbios name = dos realm = EPEPM.CUPET.CU password server = ad.epepm.cupet.cu workgroup = EPEPM log level = 1 syslog = 0 idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes domain master = no server string = Servidor Dos encrypt passwords = true Yes, all windows computers are shown in network neigborhood, even an ubuntu 12.04 desktop, but not this debian 6. I tried your suggestion but it didn't work. I read that default is announce as = NT Server I set loglevel = 10 and I got this: [2013/03/22 08:26:02.154496, 4] nmbd/nmbd_workgroupdb.c:281(dump_workgroups) dump_workgroups() dump workgroup on subnet 10.30.100.6: netmask=255.255.255.255: EPEPM(1) current master browser = UNKNOWN DOS 40809b03 (Servidor Dos) [2013/03/22 08:26:12.159757, 4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for EPEPM on subnet 10.30.100.6: found. [2013/03/22 08:26:12.159879, 8] lib/util.c:1869(is_myname) is_myname(DOS) returns 1 [2013/03/22 08:26:12.159912, 3] nmbd/nmbd_sendannounce.c:207(send_host_announcement) send_host_announcement: type 809b03 for host DOS on subnet 10.30.100.6 for workgroup EPEPM [2013/03/22 08:26:12.159952, 4] nmbd/nmbd_packets.c:2129(send_mailslot) send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from DOS00 IP 10.30.100.6 to EPEPM1d IP 10.30.100.6 [2013/03/22 08:26:12.159997, 4] nmbd/nmbd_packets.c:95(debug_browse_data) debug_browse_data(): 0 char ..DOS... hex 01 01 c0 d4 01 00 44 4f 53 00 00 00 00 00 00 00 10 char ..U. hex 00 00 00 00 00 00 04 09 03 9b 80 00 0f 01 55 aa 20 char Servidor Dos.hex 53 65 72 76 69 64 6f 72 20 44 6f 73 00 [2013/03/22 08:26:12.160141, 5] nmbd/nmbd_packets.c:2136(send_mailslot) send_mailslot: sending packet to ourselves. [2013/03/22 08:26:12.160196, 10] nmbd/nmbd_sendannounce.c:371(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: no unicast subnet, ignoring -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] network neighborhood
Mensaje original Asunto: network neighborhood De: fe...@epepm.cupet.cu Fecha: Mie, 20 de Marzo de 2013, 8:07 am Para: samba@lists.samba.org -- Hello: I would like to know what is wrong in my configuration. I can't see this server in network neighborhood. samba 3.5.6 joined to my active directory domain. [global] # message command = /bin/sh -c '/usr/bin/linpopup %f %m %s; rm %s' security = ADS netbios name = dos realm = EPEPM.CUPET.CU password server = ad.epepm.cupet.cu workgroup = EPEPM log level = 1 syslog = 0 idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes domain master = no server string = Servidor Dos encrypt passwords = true any ideas? Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] network neighborhood
Hello: I would like to know what is wrong in my configuration. I can't see this server in network neighborhood. samba 3.5.6 joined to my active directory domain. [global] # message command = /bin/sh -c '/usr/bin/linpopup %f %m %s; rm %s' security = ADS netbios name = dos realm = EPEPM.CUPET.CU password server = ad.epepm.cupet.cu workgroup = EPEPM log level = 1 syslog = 0 idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes domain master = no server string = Servidor Dos encrypt passwords = true Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Migrating Win2000 PDC to Samba4 AD
Hi! We want to replace an old Win2000 Server (PDC). As we've already some Samba4 AD-Controllers up and running we would like to migrate to that setup. Unfortunatly we're not really good at Windows-Stuff - our main Focus ist Linux. So perhaps someone could point as to a good (and ideally painless :-)) way to migrate. So the current setup is: A single Win2000 PDC used mainly as File- and Printserver on some ancient Hardware. Clients run WinXP and Win7. What we want to achieve: A Samba4 AD server offering File- and Printservices on new Hardware. (Later on we add another Samba4 Server in the same AD which we've already done on another Installation, so no problem here) What we consider as possibly helpful things we have available: A Windows 2003 License and a Win2008R2 License which is currently unused. All new hardware is virtualized, so it's no problem to setup some additional server as intermediate step if necessary. So, any Windows-Guru available that can help us with that task and without having to recreate the whole Windows domain with all it's users and rejoining and reconfiguring all client-PCs? I think this is what you're looking for: https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] MS-SNTP signd block
Hello, How can I solve the following message ? MS-SNTP signd operations currently block ntpd degrading service to all clients I think it is normal behaviour. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Share permission problem
I have a samba 3.5.6 joined to my samba AD. I set this share: [Nodo$] path = /media/almacen/Admin/Windows/ read only = yes valid users = @EPEPM + epepm_nodo From Windows XP only users from this group epepm_nodo are allowed. But when I try from Windows 7 any user is granted access to this share. Any help will be really appreciated. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] S3 as domain member with S4
Dewayne, I would never have posted the message if my DNS was not functional. Here are the answers (on the AD server and on the S3 server) for the tests of the HOWTO : host -t SRV _ldap._tcp.sc.isc84.org. _ldap._tcp.sc.isc84.org has SRV record 0 100 389 vspdc.sc.isc84.org. host -t SRV _kerberos._udp.sc.isc84.org. _kerberos._udp.sc.isc84.org has SRV record 0 100 88 vspdc.sc.isc84.org. host -t A vspdc.sc.isc84.org. vspdc.sc.isc84.org has address 192.168.77.1 All seems good unless I have missed something. The problem is when I join my S3 in the AD (kerberos is functionnal) net join -Uadministrateur *Using short domain name -- SC Joined 'SSC011' to realm 'sc.isc84.org'* /*DNS Update for ssc011.sc.isc84.org failed: ERROR_DNS_INVALID_MESSAGE DNS update failed!*/ The join seems to have worked in spite of the error message concerning the DNS. And in a windows box \\ssc011 does not work. But I don't know if these problems are bounded. I've followed the document and i can see in the AD the server included. But I've the following error when doing the following command : net join -Uadministrateur Using short domain name -- SC Joined 'SSC011' to realm 'sc.isc84.org' *DNS Update for ssc011.sc.isc84.org failed: ERROR_DNS_INVALID_MESSAGE DNS update failed!* Moreover I can't access from a window box to my server with \\ssc011 (the name of my server). My /ets/hosts 127.0.0.1 ssc011.sc.isc84.org ssc011 localhost 192.168.77.4ssc011.sc.isc84.org ssc011 192.168.77.1vspdc.sc.isc84.org vspdc sc is the samba3 domain 192.168.77.1 - is the samba4 PDC 192.168.77.4 - is the samba 3.6 file server which has the name ssc011 Hello How to set a S3 file server as a domain member with a S4 PDC server ? You can join Samba 3.x or Samba 4.0 as a domain member of a Samba 4.0 AD DC in the same way you would join any other AD domain. eg 'net ads join. See https://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adss dm -- Hervé Hénoch Responsable informatique Institut Sainte Catherine 250 chemin de Baigne-Pieds CS 80005 --- 84918 AVIGNON cedex 9 Téléphone : 04.90.27.57.44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Herve, Samba4 provides a lot of features though it does have some prerequisites; please review the HowTo, and particularly https://wiki.samba.org/index.php/Samba4/HOWTO#Step_7:_Configure_DNS noting the first line A working DNS setup is essential to the correct operation of Samba. It's a hard road (if you're not familiar with being a Windows Admin) but well worth the effort. Regards, Dewayne. I think you should use net ads join -U Administrator%password to join to an AD domain. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DNS problem
A records added manually get the answer: unknown host. No matter how they are added. I tried using MMC and samba-tool. I can see them in MMC and with samba-tool, but when I do tests again my samba server using ping or nslookup the answer is unknown host. It happens since I moved my samba container (I'm using proxmox) from a server to another. both hp proliant. I guess it has something to do with keys. I´m using: samba Version 4.1.0pre1-GIT-UNKNOWN bind9.9.1-P1 ntp-4.2.6p5 Any help will be really appreciated! Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS problem (Solved)
Have you checked the samba log for errors? Did you create the necessary firewall exceptions on the new server? Have you ensured there is nothing conflicting with the ports required for BIND? Can you install dig on the server and see what it reports? On Mon, Feb 11, 2013 at 10:56 AM, fe...@epepm.cupet.cu wrote: A records added manually get the answer: unknown host. No matter how they are added. I tried using MMC and samba-tool. I can see them in MMC and with samba-tool, but when I do tests again my samba server using ping or nslookup the answer is unknown host. It happens since I moved my samba container (I'm using proxmox) from a server to another. both hp proliant. I guess it has something to do with keys. I´m using: samba Version 4.1.0pre1-GIT-UNKNOWN bind9.9.1-P1 ntp-4.2.6p5 Any help will be really appreciated! Thanks for answering. Everything is OK after: /usr/local/samba/sbin/samba_upgradedns --dns-backend=BIND9_DLZ Felix -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] about samba4 and external ldap and dns
Could I use samba4 as a domain controller with and external ldap? Could I use samba4 as a domain controller with and external dns? samba4 as DC uses an internal ldap server, you can't change that. but you can use an external dns server: bind9 Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] NetBIOS browsing
Hello: why an ubuntu 12.04 machine with samba3 joined to my samba AD domain can be seen in network neighborhood and not my debian 6 with samba3? Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Migrating from Internal DNS to bind9_dlz
Hello All, I would like to migrate our production S4 instance from internal DNS to bind9_dlz. Has anyone else done this? Is it even possible? I did it using samba_upgradedns. Check this in your server: /usr/local/samba/sbin/samba_upgradedns --help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Server Under Microsoft Windows Network
This is because as an AD DC we do not support net iOS browsing. This is normal, access the server by name and it will work fine. Fabian von Romberg fromberg...@hotmail.com wrote: Hi All, Im running a samba4 server. When I logged onto the server from a XP Machine and then I go to My Network Places - Microsoft Windows Network - Mydomain my samba4 server is not listed. What could be the reason? Should I set up anything on my XP machine? Surprisingly, an ubuntu 12.04 with samba3 joined to my samba4 AD domain can be seen in network neighborhood. but not my debian squeeze member server with samba3 from squeeze repo nor my samba4 AD DC. Felix -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Quotas
I was really surprised to see user quotas working in samba in my particular configuration: 1 proxmox server with an openvz container, samba4 AD DC 1 proxmox server with an openvz container, a bind mount, samba3 AD domain member User quotas defined and working with AD users in samba3, even in the bind mount Really great job Samba and Proxmox Teams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] /home with Samba4 and Windows Server 2012
Hi, we have installed Samba4 to work with a Windows 2012 server. By now users may log on (remotely) to the Windows Server using domain authentification. Now we were trying to include /home for the users. I understand this is now working in a different fashion than with Samba3, but makes use of the RSAT tools. As far as I have found out the server administration console in Win2012 server does the job of RSAT, but I am not able to administrate the Samba server. Does anyone know how to add the Samba server to the server console under Win Server 2012? And how do I use /home correctly then? Best regards, Felix -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 internal DNS not responding to DNS requests
I am not able to get the Samba4 internal DNS server to respond to DNS requests on the network. I am running Samba4 4.1.0pre1-GIT-c1fb37d on my CentOS 6.3 system. I followed the instructions here: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO I configured Samba4 to use the internal DNS server. My Samba4 server is 192.168.0.13. Its full hostname is ubuntu-ad.allenlan.net. The realm is ALLENLAN.NET. The DNS testing section of the document passes: $host -t SRV _ldap._tcp.allenlan.net. _ldap._tcp.allenlan.net has SRV record 0 100 389 ubuntu-ad.allenlan.net. $host -t SRV _kerberos._udp.allenlan.net. _kerberos._udp.allenlan.net has SRV record 0 100 88 ubuntu-ad.allenlan.net. $host -t A ubuntu-ad.allenlan.net. ubuntu-ad.allenlan.net has address 192.168.0.13 I configured my Windows XP system with a DNS of 192.168.0.13 (Samba4 server). When I perform the Windows command nslookup ubuntu-ad.allenlan.net (or any variation of that) it reports: DNS request timed out. timeout was 2 seconds. *** Can't find server name for address 192.168.0.13: Timed out (above 3 messages repeat again) Default servers are not available Server: UnKnown Address: 192.168.0.13 The Windows system can ping the Samba4 server by IP address. Any help would be appreciated! More configuration information below. /etc/resolv.conf: domain allenlan.net nameserver 192.168.0.13 /usr/local/samba/etc/smb.conf: [global] workgroup = ALLENLAN realm = ALLENLAN.NET netbios name = UBUNTU-AD server role = active directory domain controller dns forwarder = 192.168.0.1 interfaces = 192.168.0.13 127.0.0.1 bind interfaces only = yes log level = 3 server services = smb, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns /etc/hosts: 192.168.0.13ubuntu-ad ubuntu-ad.allenlan.net 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 $hostname ubuntu-ad.allenlan.net That was the reason I switched to bind9. The internal dns server used to keep connections open, without closing old ones, until reaching the limit of max files... I don't know wether it's been already fixed or not. But it doesn't happen with bind. This topic is been in the list before. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] about AD replication
Hi everyone, First of all, apologize me for my language, i don't speak english fluentlly, Well, I have been testing samba 4.0.0 from the sources in: http://ftp.samba.org/pub/samba/samba-4.0.0.tar.gz i have been using bind as dns backend and following these turorials(internal dns is not working fine for me): http://wiki.samba.org/index.php/Samba4/HOWTO http://wiki.samba.org/index.php/Samba_4/OS_Requirements OS: Ubuntu precise - 12.04.1(i686) LTS (bind version: 9.8.1-p1) Everything is working fine for me. My principal objective is for replicating an Active directory domain controller. I have been reading this tutorial using the dlz driver for bind9( internal dns is not working for me): http://wiki.samba.org/index.php/Samba4_joining_a_domain Operating systems: - Windows Domain Controller: Microsoft Windows Server 2003 Enterprise Edition Service Pack 2(using i386) - Linux domain controller: Ubuntu precise - 12.04.1(i686) LTS (bind version: 9.8.1-p1) I have been testing that: - I can add a user on the Samba DC using either the Samba command line tools, or the Windows GUI admin tools and that the user shows up within a few seconds on the Windows domain controller. - I can add a user on the Windows Server domain controller using the Windows GUI admin tools and that the user shows up within a few seconds on the Samba DC The main problem is that while the windows domain controller is turn on the user's autentication in domain controllers works fine, but, when I turn off the windows domain controller the users can't login in the linux domain controller. Amaury: I guess that your problem is with roles. You have to pass all the roles from the windows server to the samba server. You should do that using the MMC or samba-tool. Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] about AD replication
On 01/08/2013 12:19 PM, fe...@epepm.cupet.cu wrote: Hi everyone, First of all, apologize me for my language, i don't speak english fluentlly, Well, I have been testing samba 4.0.0 from the sources in: http://ftp.samba.org/pub/samba/samba-4.0.0.tar.gz i have been using bind as dns backend and following these turorials(internal dns is not working fine for me): http://wiki.samba.org/index.php/Samba4/HOWTO http://wiki.samba.org/index.php/Samba_4/OS_Requirements OS: Ubuntu precise - 12.04.1(i686) LTS (bind version: 9.8.1-p1) Everything is working fine for me. My principal objective is for replicating an Active directory domain controller. I have been reading this tutorial using the dlz driver for bind9( internal dns is not working for me): http://wiki.samba.org/index.php/Samba4_joining_a_domain Operating systems: - Windows Domain Controller: Microsoft Windows Server 2003 Enterprise Edition Service Pack 2(using i386) - Linux domain controller: Ubuntu precise - 12.04.1(i686) LTS (bind version: 9.8.1-p1) I have been testing that: - I can add a user on the Samba DC using either the Samba command line tools, or the Windows GUI admin tools and that the user shows up within a few seconds on the Windows domain controller. - I can add a user on the Windows Server domain controller using the Windows GUI admin tools and that the user shows up within a few seconds on the Samba DC The main problem is that while the windows domain controller is turn on the user's autentication in domain controllers works fine, but, when I turn off the windows domain controller the users can't login in the linux domain controller. Amaury: I guess that your problem is with roles. You have to pass all the roles from the windows server to the samba server. You should do that using the MMC or samba-tool. Cheers, Felix. Well, Cold you help me using samba-tool? there is any documentation available about it? Never done that before, but may be this, in your samba server, could help: /usr/local/samba/bin/samba-tool fsmo transfer -h This shows help about it. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Eliminating Samba4 (as a name)
On 2012-12-22 02:00 (GMT-0500) Andrew Bartlett composed: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO That page seems to assume every potential reader, including Google, knows that AD DC means. I had to think about it for a while, as it doesn't appear to be defined on the page except by inference. When my brain sees it, what it thinks initially is AC DC typo. -- The wise are known for their understanding, and pleasant words are persuasive. Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Branches
On 11/29/2012 11:23 AM, fe...@epepm.cupet.cu wrote: Hello list: which git branch contains the latest changes of samba4 as AD DC? Regards, Felix. the master branch Thanks Matthieu. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Branches
Hello list: which git branch contains the latest changes of samba4 as AD DC? Regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DNS error
We have setup separate 2 Samba4 Domains in test environments and are having some errors in DNS. The errors are the same on both domains and they are as follows. Domain 1: Ubuntu 12.04 Samba 4.1.0pre1-GIT-92e17d5 This domain was a clean provision as a new domain. Domain 2: Debian 6.0.6 Samba 4.1.0pre1-GIT-92e17d5 Classic upgrade from Samba3 When trying to add a Forwarder to DNS using the DNS Remote Administration tool on Windows 7 we receive The server forwarders cannot be upgraded. This function is not supported on this system. On both systems we are using Samba4's internal DNS. Internal dns server supports only one forwarder and it must be declared in smb.conf as follows: dns forwarder = ip addr of external dns server See https://wiki.samba.org/index.php/DNS for more info. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unable to create GPO with rc3 and a few authentication problems
Hello. I had encountered a few problems with 2 Samba 4 rc3 DCs serving domain migrated from Windows 2003 R2. I post them altogether, since they look related. 1. Unable to create or delete GPOs. # bin/samba-tool gpo create somegpo ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - dsdb_access: Access check failed on CN=Policies,CN=System,DC=klin,DC=kifato-mk,DC=com File /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/gpo.py, line 952, in run self.samdb.add(m) I'm not sure if this is a schema or authentication problem. Could someone suggest how should that be investigated? 2. Some hosts fail to update records via Samba internal DNS (Andrew, sorry for duplicating, but this is updated). It looks like this on debug level = 5: [2012/10/30 02:23:38, 1] ../source4/dns_server/dns_server.c:150(dns_process_send) Failed to verify TSIG! Hosts are Windows XP, Windows 7, Samba 3 on Linux. Some do update succesfully, some can succeed some time (say, 5 hours) later, or may still fail. This is weird. I should mention that we had some problem with Windows 2k3 demotion - during the process it had rewritten the SOA on (the only at that moment) Samba DC and put it's own hostname in SOA's primary NS field. We had to fix that manually by replacing the SOA record in corresponding LDB. Maybe we had just missed something? Any ideas on what's wrong? 3. Some hosts may suddenly reject valid tickets for RPC calls. Somewhat like the previous one. For example, on some non-DC host I do: $ kinit $ #Got a ticket for some admin user, btw MIT is used here $ net rpc shutdown -S somehost -f -k # Samba 3's net command It may succeed for some hosts, but fail with NT_LOGON_FAILURE few hours later, before the ticket expires (and DCs still accept this ticket for e.g. samba-tool drs showrepl). Or it may later suceed for a host it was failing for. Renewing the ticket doesn't change anything. So, something strange for me, too. I had tried to reset some machine accounts and to rejoin some hosts. No luck. 4. Unrelated to the previous ones. Well, I'm sorry, I hadn't read the source to see if this is supposed to happen. But I'd better say that before I forget, just in case. Try to rename some host using Windows GUI (My Computer - Properties) and check if CN, sAMAccountName and member for corresponding groups are changed correctly. In my experience, only sAMAccountName is changed. Once again, sorry if this is OK. Something similar happens to me. But I noticed that I can create a new GPO only with the first user the system had: administrator. None of the new admin users I created worked, only administrator. Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] git pull error
Hi everyone: I've been getting this error today. What can I do to solve it? It's happened before and I have deleted my copy of samba and started from scratch again. Is there any other way to solve it? felix@laz:~/Descargas/samba-master$ git clean -fdx felix@laz:~/Descargas/samba-master$ git pull error: Unable to find f6b8919c44b379e83697a99c808c72e13d38b4b6 under http://gitweb.samba.org/samba.git Cannot obtain needed commit f6b8919c44b379e83697a99c808c72e13d38b4b6 while processing commit d8fc4cd25e40164e23c0375b073cb42723892146. error: Fetch failed. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 upgrade compatability
I have an existing install of Samba4 ( I think beta6 vintage ), which uses ntvfs and bind9. It's only providing AD and Group Policy. I have a seperate file server running 3.6.x. I want to add a server to the domain running the most recent RC. I know they are using internal by default and s3fs for the file shares on sysvol. Can s3fs coexist with ntvfs? Can the internal DNS coexist with Bind? Is there a specific reason to use the internal now? I'm happy with bind so if it's literally just a preference issue I'll probably stick with what I have. If there are good reasons to move to s3fs and internal? is there an easy way to migrate the older domains via the upgrade? Thanks in advance to everyone. Caleb O'Connell Until a couple of weeks ago the internal dns server had an issue with the forwarder (kept connections open until it reached more than 1000, then it didn't reply to requests out of the local domain) and it also didn't update the reverse zone. I don't know whether it it's been fixed or not. Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 upgrade compatability
I have an existing install of Samba4 ( I think beta6 vintage ), which uses ntvfs and bind9. It's only providing AD and Group Policy. I have a seperate file server running 3.6.x. I want to add a server to the domain running the most recent RC. I know they are using internal by default and s3fs for the file shares on sysvol. Can s3fs coexist with ntvfs? Can the internal DNS coexist with Bind? Is there a specific reason to use the internal now? I'm happy with bind so if it's literally just a preference issue I'll probably stick with what I have. If there are good reasons to move to s3fs and internal? is there an easy way to migrate the older domains via the upgrade? Thanks in advance to everyone. Caleb O'Connell Until a couple of weeks ago the internal dns server had an issue with the forwarder (kept connections open until it reached more than 1000, then it didn't reply to requests out of the local domain) and it also didn't update the reverse zone. I don't know whether it it's been fixed or not. Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 successful deployment
On 10/16/2012 03:27 PM, fe...@epepm.cupet.cu wrote: Recently I migrated to samba4 in my company. So far so good. debian 6 samba4.1.0pre1 bind9.9.1-P1 (working pretty well. it even updates the reverse zone and no problems at all with the forwarder) ntp-4.2.6p5 All services authenticating with samba4: mail (postfix + dovecot + squirrelmail), jabber (openfire), proxy (squid), even MS Sql server 2000, Net Support Manager and GFI Endpoint Security. It's really a great job you've been doing, Samba Team!! Hi Felix, I have a question for you: Do you put file sharing on the same box, or still on Samba3? I plan to do the same migration. Hi Allen, well I'm not sharing anything in the DC except what it needs to work (sysvol and netlogon). My shares are still on a Windows server machine, acting as member of the domain, but I think that samba3 could do that job pretty well too. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.0.0rc3 Available for Download
On 16/10/12 15:17, Rowland Penny wrote: On 16/10/12 14:10, steve wrote: To get rc3 do I have to download the tarball and rebuild? Cheers, Steve Hi again Steve, in a nutshell, yes Hi Rowland Where do you get it? I looked here: https://ftp.samba.org/pub/samba/samba4/ Look here: http://ftp.samba.org/pub/samba/rc/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Is there any limitation in cn field length??
Hello: I'm using samba4.1.0pre1. I'm having some issues with users whose cn field length is shorter than 5 characters in specific with the openfire server (jabber server). It was working fine when I had a windows 2003 server as a domain controller and once I migrated to samba4, users with short cn fields get an authentication error: Not authorized. Is there any limitation on the length of cn field?? Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 successful deployment
Recently I migrated to samba4 in my company. So far so good. debian 6 samba4.1.0pre1 bind9.9.1-P1 (working pretty well. it even updates the reverse zone and no problems at all with the forwarder) ntp-4.2.6p5 All services authenticating with samba4: mail (postfix + dovecot + squirrelmail), jabber (openfire), proxy (squid), even MS Sql server 2000, Net Support Manager and GFI Endpoint Security. It's really a great job you've been doing, Samba Team!! Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How can I switch from internal dns server to bind9
On Tue, 2012-10-09 at 17:18 -0400, fe...@epepm.cupet.cu wrote: On 10/9/12, fe...@epepm.cupet.cu fe...@epepm.cupet.cu wrote: How can I switch from internal dns server to bind9??? Add into [global] section of smb.conf server services = -dns. Configure Bind (see named.* files which comes with samba) to use dlz plugin or good old plain files (requires basic zone definition). -- I guess it's not that easy. First, I added by hand the file named.conf to /usr/local/samba/private. Second the dlz complains: Failed to connect to /usr/local/samba/private/dns/sam.ldb and there is no such directory, instead sam.ldb is directly under /usr/local/samba/private/ Run samba_upgradedns to create the extra files and the account. Andrew Bartlett Now that I'm using bind9 I have two sam.ldb and sam.ldb.d. One pair directly under /usr/local/samba/private/ and the other pair under /usr/local/samba/private/dns/ The last pair was created when I switched to bind9. Can I delete the pair directly under /private ??? Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How can I switch from internal dns server to bind9
2012-10-12 14:34 keltezéssel, fe...@epepm.cupet.cu írta: On Tue, 2012-10-09 at 17:18 -0400, fe...@epepm.cupet.cu wrote: On 10/9/12, fe...@epepm.cupet.cu fe...@epepm.cupet.cu wrote: How can I switch from internal dns server to bind9??? Add into [global] section of smb.conf server services = -dns. Configure Bind (see named.* files which comes with samba) to use dlz plugin or good old plain files (requires basic zone definition). -- I guess it's not that easy. First, I added by hand the file named.conf to /usr/local/samba/private. Second the dlz complains: Failed to connect to /usr/local/samba/private/dns/sam.ldb and there is no such directory, instead sam.ldb is directly under /usr/local/samba/private/ Run samba_upgradedns to create the extra files and the account. Andrew Bartlett Now that I'm using bind9 I have two sam.ldb and sam.ldb.d. One pair directly under /usr/local/samba/private/ and the other pair under /usr/local/samba/private/dns/ The last pair was created when I switched to bind9. Can I delete the pair directly under /private ??? Cheers, Felix. NO! You will lose your samba domain. The sam.ldb in the private directory is the master part of the domain and the one under dns is just a replica which is created to do not give to bind access to the whole domain. Regards Geza Gemes -- Thanks for your answer Geza. Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] about samba 4 rc2
Hello, I'm testing samba 4 rc2. I have created the domain without troubles using the command: /usr/local/samba/bin/samba-tool domain provision \ --realm=samdom.example.com --domain=SAMDOM \ --adminpass='p4$$word' --server-role=dc All is good, but in the step 7 Configure DNS(according to the samba4/howto(http://wiki.samba.org/index.php/Samba4/HOWTO)) i can not find the file /usr/local/samba/private/named.conf the provision step is not creating this file can you help me please? If you want to keep using the provision you did with bind9 then you need to run samba_upgradedns this way. /usr/local/samba/sbin/samba_upgradedns --dns-backend=BIND9_DLZ This step creates the extra files and the account. If you need to use a forwarder in dns I don't recommend the internal dns server. Furthermore, I couldn't make it update the reverse zone either. It's a pity because is very light indeed. Bind9 does the job very well. Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Internal DNS stops forwarding
Hi Felix, I think it is. Because all the connections I see when the error occurs are related to the forwarder I declared in smb.conf. The number of connections keeps growing again until the error appears. So I have to restart samba. And, yes, lsof, shows that all connections but 2 are related to the forwarder. An interesting question of course is why your forwarder never answers the requests from the internal DNS server. Is it set up correctly? I agree we really need to fix the timeout, but even then your DNS setup would be broken if the forwarder never answers to queries. Hi Kai: yes, the forwarder does answer the requests but the connections keep open. The internal dns servers stops forwarding when the number of connections is above 1000. Could you, please, help me? Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Internal DNS stops forwarding
Happened again with rc2 but found that at the same time this error shows every second: [2012/10/05 09:01:39, 0] ../source4/smbd/process_single.c:56(single_accept_connection) single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES root@ad:~# netstat -anp | grep 53|grep samba|wc -l 1003 I think this is the direct cause of the too many open files error. https://bugzilla.samba.org/show_bug.cgi?id=8878 In a nutshell I suspect that our server sends forward requests to the forwarder that are never answered and the connections piles up, once we reached the limit (1024 ?) the server didn't accept any new connections. Seems likely. I think it is. Because all the connections I see when the error occurs are related to the forwarder I declared in smb.conf. The number of connections keeps growing again until the error appears. So I have to restart samba. And, yes, lsof, shows that all connections but 2 are related to the forwarder. Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How can I switch from internal dns server to bind9
I provisioned using the defaults. So now I'm using the internal DNS server. Since I've been having some issues with it (see Internal dns server stops forwarding) I would like to change to bind9, but now I don't have the files samba4 creates to use with it because I started using the internal dns server. How can I switch from internal dns server to bind9??? Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How can I switch from internal dns server to bind9
On 10/9/12, fe...@epepm.cupet.cu fe...@epepm.cupet.cu wrote: How can I switch from internal dns server to bind9??? Add into [global] section of smb.conf server services = -dns. Configure Bind (see named.* files which comes with samba) to use dlz plugin or good old plain files (requires basic zone definition). -- I guess it's not that easy. First, I added by hand the file named.conf to /usr/local/samba/private. Second the dlz complains: Failed to connect to /usr/local/samba/private/dns/sam.ldb and there is no such directory, instead sam.ldb is directly under /usr/local/samba/private/ any ideas?? Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Internal DNS stops forwarding
Happened again with rc2 but found that at the same time this error shows
every second:
[2012/10/05 09:01:39, 0]
../source4/smbd/process_single.c:56(single_accept_connection)
single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES
After restarting everything is OK, but it happened yesterday though I
didn't notice it was at the same time the dns error and this too many
opened files.
Next time when it happens can you do this:
netstat -anp | grep 53 to get the pid of the samba process that is
listening on port 53 then do
gdb -p pid
bt full
thread apply all bt full
info locals
generate-core-file /tmp/core_for_dns
And send to the list the info, keep the corefile in a safe place and
send it upon request to one of the samba developer.
Matthieu.
Here we go:
root@ad:~# netstat -anp | grep 53|grep samba|wc -l
1003
Matthieu here the results of the commands you sent me:
(gdb) bt full
#0 0x009c4fbb in nanosleep () from /lib/libc.so.6
No symbol table info available.
#1 0x009c4ead in sleep () from /lib/libc.so.6
No symbol table info available.
#2 0x00cb0f4c in single_accept_connection (ev=0x98f4f38,
lp_ctx=0x98e5f80, listen_socket=0x9e7b9d0, new_conn=0x7f8aad
stream_new_connection, private_data=0xa153510)
at ../source4/smbd/process_single.c:68
status = {v = 3221225759}
connected_socket = 0x1c809b
__FUNCTION__ = single_accept_connection
#3 0x007f8f2a in stream_accept_handler (ev=0x98f4f38, fde=0x9d74830,
flags=1, private_data=0xa153510) at ../source4/smbd/service_stream.c:247
stream_socket = 0xa153510
#4 0x007e2c31 in epoll_event_loop (std_ev=0x9fbaa78, tvalp=0xbfcc11f4) at
../lib/tevent/tevent_standard.c:328
fde = 0x9d74830
flags = 1
ret = 1
i = 0
events = {{events = 1, data = {ptr = 0x9d74830, fd = 165103664,
u32 = 165103664, u64 = 165103664}}}
timeout = 3
#5 0x007e32f3 in std_event_loop_once (ev=0x98f4f38, location=0x3be5f0
../source4/smbd/process_standard.c:186) at
../lib/tevent/tevent_standard.c:567
std_ev = 0x9fbaa78
tval = {tv_sec = 30, tv_usec = 0}
#6 0x007de414 in _tevent_loop_once (ev=0x98f4f38, location=0x3be5f0
../source4/smbd/process_standard.c:186) at ../lib/tevent/tevent.c:507
ret = 0
nesting_stack_ptr = 0x0
#7 0x007de633 in tevent_common_loop_wait (ev=0x98f4f38, location=0x3be5f0
../source4/smbd/process_standard.c:186) at ../lib/tevent/tevent.c:608
ret = 0
#8 0x007de6e5 in _tevent_loop_wait (ev=0x98f4f38, location=0x3be5f0
../source4/smbd/process_standard.c:186) at ../lib/tevent/tevent.c:627
No locals.
#9 0x003be212 in standard_new_task (ev=0x98f4f38, lp_ctx=0x98e5f80,
service_name=0x782d17 dns, new_task=0x7f9e59 task_server_callback,
private_data=0x99fabc8)
at ../source4/smbd/process_standard.c:186
pid = 13445
#10 0x007fa013 in task_server_startup (event_ctx=0x98f4f38,
lp_ctx=0x98e5f80, service_name=0x782d17 dns, model_ops=0x3bf718,
task_init=0x77bf0f dns_task_init) at ../source4/smbd/service_task.c:110
state = 0x99fabc8
#11 0x007f8545 in server_service_init (name=0x98e8ab0 dns,
event_context=0x98f4f38, lp_ctx=0x98e5f80, model_ops=0x3bf718) at
../source4/smbd/service.c:63
srv = 0x98f4c68
#12 0x007f8692 in server_service_startup (event_ctx=0x98f4f38,
lp_ctx=0x98e5f80, model=0x8055da1 standard, server_services=0x98e9618)
at ../source4/smbd/service.c:95
status = {v = 0}
i = 12
model_ops = 0x3bf718
__FUNCTION__ = server_service_startup
#13 0x08052469 in binary_smbd_main (binary_name=0x8055c0b samba, argc=1,
argv=0xbfcc1634) at ../source4/smbd/server.c:477
opt_daemon = true
opt_interactive = false
opt = -1
pc = 0x98e5028
static_init = {0x7f830c server_service_auth_init, 0x7faed9
server_service_echo_init, 0}
shared_init = 0x99088e0
event_ctx = 0x98f4f38
stdin_event_flags = 0
status = {v = 0}
model = 0x8055da1 standard
max_runtime = 0
long_options = {{longName = 0x0, shortName = 0 '\000', argInfo =
4, arg = 0x12a8e0, val = 0, descrip = 0x8055daa Help options:,
argDescrip = 0x0}, {longName = 0x8055db8 daemon,
shortName = 68 'D', argInfo = 0, arg = 0x0, val = 1000,
descrip = 0x8055dbf Become a daemon (default), argDescrip =
0x0}, {longName = 0x8055dd9 interactive, shortName = 105
'i',
argInfo = 0, arg = 0x0, val = 1001, descrip = 0x8055de8 Run
interactive (not a daemon), argDescrip = 0x0}, {longName =
0x8055e07 model, shortName = 77 'M', argInfo = 1, arg = 0x0,
val = 1002, descrip = 0x8055e0d Select process model,
argDescrip = 0x8055e22 MODEL}, {longName = 0x8055e28
maximum-runtime, shortName = 0 '\000', argInfo = 2, arg =
0xbfcc1508,
val = 0, descrip = 0x8055e38 set maximum runtime of the
server process, till autotermination, argDescrip = 0x8055e78
seconds}, {longName = 0x8055e80 show-build, shortName = 98
'b',
argInfo = 0, arg =
Re: [Samba] Internal DNS stops forwarding
Ok we found some bugs that could lead to a frozen dns server can you try rc2? Matthieu. Happened again with rc2 but found that at the same time this error shows every second: [2012/10/05 09:01:39, 0] ../source4/smbd/process_single.c:56(single_accept_connection) single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES After restarting everything is OK, but it happened yesterday though I didn't notice it was at the same time the dns error and this too many opened files. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Internal DNS stops forwarding
Hello to everyone From one day to another my internal dns server in samba4 stopped forwarding queries. It was resolving well my domain. I had to restart samba4 then it worked fine. Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Error in RC1
I'm getting this error continuosly: 2012/10/04 12:36:08, 0] ../source4/smbd/process_single.c:56(single_accept_connection) single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES [2012/10/04 12:36:09, 0] ../source4/smbd/process_single.c:56(single_accept_connection) single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES [2012/10/04 12:36:10, 0] ../source4/smbd/process_single.c:56(single_accept_connection) single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES What can I do to solve it? Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 ADC cannot edit GPO with W2K3
Hello, I have been trying to setup a working environment with samba4-rc1 on fedora 17 following the samba4 howto at the wiki. DNS and ldap are internal. Everything looks like working, I can create and edit GPOs with WinXP Pro but with Win2K3 server I can create GPOs but I can't edit them. I cannot see any error at the log.samba file. Win2k3 gives an error that I will try to translate to english below: Group Policy Error: It is not possible to open the group policy object. It is possible that you have not the right permissions to do so. Details: It is not possible to find the access route on the network. Try: /usr/local/samba/bin/samba-tool ntacl sysvolcheck and if it yields some error then: /usr/local/samba/bin/samba-tool ntacl sysvolreset It worked for me. Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Internal DNS not updating
I am using samba4 on debian squeeze virtualized on proxmox. git snapshot 968da5f. today morning. I compiled and installed as usual. Though this is my first time using the internal DNS server. The internal DNS server is not doing automatic updates. And this is the message I get in log.samba: /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for AD$@EPEPM.CUPET.CU failed (Client not found in Kerberos database) [2012/09/26 13:35:24, 0] ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler) Any idea of what is going wrong? It seems that the internal DNS server doesnt like the original administrator user. When I created a new user with administrative rights everything went OK. in fact it was a problem in resolv.conf. it was pointing to another dns server instead of itself. my mistake. it ocurred because i changed resolv.conf to the right options but as i am virtualizing with proxmox i forgot to change dns setting in the container so it took the previous value at restart. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Internal DNS not updating
I am using samba4 on debian squeeze virtualized on proxmox. git snapshot 968da5f. today morning. I compiled and installed as usual. Though this is my first time using the internal DNS server. The internal DNS server is not doing automatic updates. And this is the message I get in log.samba: /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for AD$@EPEPM.CUPET.CU failed (Client not found in Kerberos database) [2012/09/26 13:35:24, 0] ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler) Any idea of what is going wrong? Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Internal DNS not updating
I am using samba4 on debian squeeze virtualized on proxmox. git snapshot 968da5f. today morning. I compiled and installed as usual. Though this is my first time using the internal DNS server. The internal DNS server is not doing automatic updates. And this is the message I get in log.samba: /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for AD$@EPEPM.CUPET.CU failed (Client not found in Kerberos database) [2012/09/26 13:35:24, 0] ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler) Any idea of what is going wrong? It seems that the internal DNS server doesnt like the original administrator user. When I created a new user with administrative rights everything went OK. Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 successful deployment
I've just installed samba4 beta 7 with defaults and everything went OK. As I download bind9.9.1 tarball and compiled it I had to follow steve's advice: to declare we'll be using DLZ_DLOPEN_VERSION 2 in /samba-master/source4/dns_server/dlz_minimal.h /*#ifdef BIND_VERSION_9_8 #define DLZ_DLOPEN_VERSION 1 #else #define DLZ_DLOPEN_VERSION 2 #endif */ #define DLZ_DLOPEN_VERSION 2 I commented the first block and then added the second block explicitly to avoid a message complaining about DLZ_DLOPEN_VERSION. GPOs seem to be working OK. DNS secure automatic updates are working OK too. I've been using: Debian 6 samba4 beta 7 bind9.9.1-P1 ntp4.2.6p5 Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 successful deployment
On 22/08/12 20:00, steve wrote: On 22/08/12 19:35, fe...@epepm.cupet.cu wrote: I've just installed samba4 beta 7 with defaults and everything went OK. As I download bind9.9.1 tarball and compiled it I had to follow steve's advice: to declare we'll be using DLZ_DLOPEN_VERSION 2 in /samba-master/source4/dns_server/dlz_minimal.h /*#ifdef BIND_VERSION_9_8 #define DLZ_DLOPEN_VERSION 1 #else #define DLZ_DLOPEN_VERSION 2 #endif */ #define DLZ_DLOPEN_VERSION 2 I commented the first block and then added the second block explicitly to avoid a message complaining about DLZ_DLOPEN_VERSION. GPOs seem to be working OK. DNS secure automatic updates are working OK too. I've been using: Debian 6 samba4 beta 7 bind9.9.1-P1 ntp4.2.6p5 Best regards, Felix. Hola Felix Ya con beta7 no hace falta cambiar el código fuente. Basta con seleccionar la versión de bind, editando named.conf en la carpeta private. ¡Un poquitín menos trabajo para nosotros jejeje! --- --- --- Not necesssary. Just change the bind version in the private directory in named.conf. Salu2, Steve I think what Steve meant was, open /usr/local/samba/private/named.conf in your favorite editor and change it to match your version of Bind, I think you need to do this anyway. Rowland I would like to thank Steve and Rowland for their answers. Indeed I hadn't noticed the options available in /usr/local/samba/private/named.conf Thanks a lot. Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] About s3fs in samba4
Reading Whatsnew.txt in samba I understand that If I use s3fs, as it is set by default in the provision step, I won't be able to modify GPOs later, right? So I have a couple of questions: - What's the advantage of using s3fs over ntvfs in new installations? - If I'm planning to deploy a new Domain, probably needing to change GPOs later, should I select ntvfs??? Best regards, Felix -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About s3fs in samba4
2012-08-17 17:31 keltezéssel, fe...@epepm.cupet.cu írta: Reading Whatsnew.txt in samba I understand that If I use s3fs, as it is set by default in the provision step, I won't be able to modify GPOs later, right? So I have a couple of questions: - What's the advantage of using s3fs over ntvfs in new installations? - If I'm planning to deploy a new Domain, probably needing to change GPOs later, should I select ntvfs??? Best regards, Felix If you use s3fs, the only thing you may need to do (first test if it is still necessary it was with the git version a week ago) is to give group Domain Admins, full access to the sysvol share (and recursively all subfolders) from a Windows domain member computer (loged in of course as a member of the Domain Admins group). The major problem with ntvfs is that it isn't actively developed anymore and hasn't received those protocol dialect updates (smb2-3) which were introduced in Vista and 7, and thus it may have compatibility problems later (no known problem exist so far) Regards Geza Gemes -- Thanks a lot for your answer! I'll give it a try to s3fs. Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Access and group issues on domain member server (PDC is Samba as well)
Hi List, I created a domain member server in my samba domain. I start to realize that there are some issues when colleagues could not access some folders in the their shares. After searching for a solution I found that on that member server I have no samba groups available. First of all my setup: Domain controller: CentOS 6.2 x86_64, latest updates installed Samba 3.5.10 (from CentOS repo: samba-3.5.10-116.el6_2.x86_64) LDAP backend (OpenLDAP from CentOS repo: openldap-2.4.23-20.el6.x86_64) Domain member: exact same OS and versions as on domain controller also with LDAP backend I followed the instructions from http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html ( Procedure 7.1. Configuration of NSS_LDAP-Based Identity Resolution) for adding the member server. (BTW: If anyone on this list has access to this guide: Paragraph 8: the wbinfo --set-auth-user= has been replaced with net setauthuser) Both servers access the same LDAP directory for the linux accounts and for Samba incl. IDMAPs Everything in this guide worked as described. getent passwd and getent groups works successfully on both servers (shows all entries from LDAP) net rpc group list shows all groups correctly on the PDC net groupmap list shows all group mappings correctly on the PDC On the member server though: net rpc group list only gives me Administrators and Users net groupmap list only gives me: Administrators (S-1-5-32-544) - 16777216 Users (S-1-5-32-545) - 16777217 I also tried to run winbind on the domain member, domain member+PDC and whithout winbind at all (We only have this one domain, do I even need winbind then? As I understood it would only be needed if I have multiple domains running. Is this correct?) But these commands always show me the same output on the member server. Should this commands even produce more output on domain members? Or is it just for PDCs? smb.confs from both servers are added at the end. Thanks in advance! best regards, philipp PS: some additional info to our folder sharing system: All users only connect to their home-share. Inside this share we add symbolic links to the allowed group shares of the user. This group share folders are owned by root, group is one of the (allowed) Usergroups. Directory mask is 770, group-sticky bit is set. smb.conf from PDC: [root@srvad1 samba]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = ATV server string = SRVAD1 interfaces = 192.168.249.0/24, 127.0.0.1/8 passdb backend = ldapsam:ldap://192.168.249.7/ log file = /var/log/samba/%m.log max log size = 50 smb ports = 139 time server = Yes unix extensions = No socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = CUPS add user script = /usr/sbin/smbldap-useradd -m add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = login.bat logon path = logon drive = U: logon home = \\SRVFILE1\%U domain logons = Yes os level = 65 preferred master = Auto domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=Manager,dc=at-visions,dc=com ldap delete dn = Yes ldap group suffix = ou=Groups,o=default ldap machine suffix = ou=Computers,ou=Samba,ou=System ldap passwd sync = yes ldap suffix = dc=at-visions,dc=com ldap ssl = no ldap user suffix = ou=Users,o=default idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 cups options = raw case sensitive = No veto files = /.*/ hide files = /.*/ locking = No wide links = Yes dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd [netlogon] path = /home/samba/netlogon share modes = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers write list = @adm, root guest ok = Yes smb.conf from domain member: [root@srvfile1 samba]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section [homes] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] unix charset = LOCALE workgroup = ATV server string = SRVFILE1 interfaces = 192.168.249.0/24, 127.0.0.1/8 security = DOMAIN log level = 4 ads:10 auth:10
Re: [Samba] Access and group issues on domain member server (PDC is Samba as well)
Hi Daniel, thank you for you response. [root@srvfile1 home]# id phoefler uid=1663(phoefler) gid=1105(VISIONS) groups=1105(VISIONS),512(Domain Admins),513(Domain Users),1103(IT),1069(Marketing),1079(TimeSheetReports) This is working correctly. Also all other linux - LDAP stuff is working without any problems. Only Samba seems to be unhappy :( best regards, philipp On 8/1/12 1:22 PM, Daniel Müller wrote: try : id youruser.ldap on the memberserver, ex.: [root@tuepdc ~]# id tester uid=1010(tester) gid=513(Domain Users) Gruppen=513(Domain Users),2154(orbis),34709(Dienstplan),61092(HS3),47140(DIFAEM),17162(agfa),29 998(OpenHearts),26630(Personal),27525(pflege),19307(agaterm),46212(TerminalS erver User) Should id not work there is something wrong. Maybe your ldapclient is not working properly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access and group issues on domain member server (PDC is Samba as well)
Hi Daniel! Oh my god, how embarrassing ;-) This was it! Resolved all problems. Vielen Dank! Liebe Grüsse nach Tübingen, philipp On 8/1/12 1:42 PM, Daniel Müller wrote: Did you miss this in your members smb.conf: passdb backend = ldapsam:ldap://192.168.249.7/ So your ldapclient is working but Samba does not now where to auth? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
... [2012/07/10 14:57:42.225332, 0] printing/print_cups.c:110(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2012/07/10 14:57:42.228331, 0] printing/print_cups.c:487(cups_async_callback) failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL [2012/07/10 15:00:35.503126, 0] printing/print_cups.c:110(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2012/07/10 15:00:35.505125, 0] printing/print_cups.c:487(cups_async_callback) failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL [2012/07/10 15:02:31.449204, 0] printing/print_cups.c:110(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2012/07/10 15:02:31.452203, 0] printing/print_cups.c:487(cups_async_callback) failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL [2012/07/10 15:03:46.462854, 0] printing/print_cups.c:110(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2012/07/10 15:03:46.465853, 0] printing/print_cups.c:487(cups_async_callback) failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL [2012/07/10 15:16:47.175386, 0] printing/print_cups.c:110(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2012/07/10 15:16:47.177386, 0] printing/print_cups.c:487(cups_async_callback) failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL [2012/07/10 15:29:47.951909, 0] printing/print_cups.c:110(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2012/07/10 15:29:47.953909, 0] printing/print_cups.c:487(cups_async_callback) failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL [2012/07/10 15:38:14.843530, 0] printing/print_cups.c:110(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2012/07/10 15:38:14.846530, 0] printing/print_cups.c:487(cups_async_callback) failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL Can whatever is causing smbd to attempt these two processes be made not to, and stop the recurring resource waste? My only printer is an IP printer, so AFAICT, Samba is never involved with printing from any machine on my local network, and I expect it never to be. -- The wise are known for their understanding, and pleasant words are persuasive. Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
On 2012/07/10 16:03 (GMT-0500) Dale Schroeder composed: Felix Miata wrote: ... [2012/07/10 14:57:42.225332, 0] printing/print_cups.c:110(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2012/07/10 14:57:42.228331, 0] printing/print_cups.c:487(cups_async_callback) failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL ... [2012/07/10 15:38:14.843530, 0] printing/print_cups.c:110(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2012/07/10 15:38:14.846530, 0] printing/print_cups.c:487(cups_async_callback) failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL Can whatever is causing smbd to attempt these two processes be made not to, and stop the recurring resource waste? My only printer is an IP printer, so AFAICT, Samba is never involved with printing from any machine on my local network, and I expect it never to be. http://lists.samba.org/archive/samba/2006-February/117184.html As I had stripped out or commented every line that looked print or cups related from smb.conf, this is quite an unexpected response. I thought with no printing configured in smb.conf, which I thought for the server only, that those messages must be created by some unknown/tough to discover client operation. -- The wise are known for their understanding, and pleasant words are persuasive. Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 provision error (Solved)
On 02/15/2012 11:30 PM, fe...@epepm.cupet.cu wrote: git checkout dd5868d when I try to provision I get the following: Populating ForestDnsZones partition bin/tdbbackup: /home/samba-master/bin/shared/private/libtdb.so: version `SAMBA_4.0.0ALPHA18_DEVELOPERBUILD' not found (required by bin/tdbbackup) Failed to setup database for BIND, AD based DNS cannot be used Traceback (most recent call last): File ./source4/setup/provision, line 262, inmodule useeadb=eadb, next_rid=opts.next_rid, lp=lp) File bin/python/samba/provision/__init__.py, line 1757, in provision am_rodc=am_rodc, lp=lp) File bin/python/samba/provision/__init__.py, line 1491, in provision_fill targetdir=targetdir, site=DEFAULTSITE) File bin/python/samba/provision/sambadns.py, line 990, in setup_ad_dns create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid) File bin/python/samba/provision/sambadns.py, line 751, in create_samdb_copy os.path.join(dns_dir, sam.ldb)) File bin/python/samba/provision/sambadns.py, line 688, in tdb_copy raise Exception(Error copying %s % file1) Exception: Error copying /usr/local/samba/private/sam.ldb Run make again and then it should provision OK. HTH Steve Thanks, Steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ddns in samba4
I followed this http://linuxcostablanca.blogspot.com/2012/01/samba-4-ubuntu.html and got dynamic dns updates working in forward zone. any ideas to get it working in the reverse zone too? By the way, nice article Steve. Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 provision error
git checkout dd5868d when I try to provision I get the following: Populating ForestDnsZones partition bin/tdbbackup: /home/samba-master/bin/shared/private/libtdb.so: version `SAMBA_4.0.0ALPHA18_DEVELOPERBUILD' not found (required by bin/tdbbackup) Failed to setup database for BIND, AD based DNS cannot be used Traceback (most recent call last): File ./source4/setup/provision, line 262, in module useeadb=eadb, next_rid=opts.next_rid, lp=lp) File bin/python/samba/provision/__init__.py, line 1757, in provision am_rodc=am_rodc, lp=lp) File bin/python/samba/provision/__init__.py, line 1491, in provision_fill targetdir=targetdir, site=DEFAULTSITE) File bin/python/samba/provision/sambadns.py, line 990, in setup_ad_dns create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid) File bin/python/samba/provision/sambadns.py, line 751, in create_samdb_copy os.path.join(dns_dir, sam.ldb)) File bin/python/samba/provision/sambadns.py, line 688, in tdb_copy raise Exception(Error copying %s % file1) Exception: Error copying /usr/local/samba/private/sam.ldb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Great LWN Samba article !
On Tue, 2012-01-17 at 11:09 -0800, Jeremy Allison wrote: Is here: https://lwn.net/Articles/475592/ (sorry if it's not available to non-subscribers yet). This is the link that will allow non-subscribers to have a look (provided for situations such exactly like this): https://lwn.net/SubscriberLink/475592/263ca50b47faccfb/ Really good overview of our current status. I thanked Jonathan Corbet personally, because indeed, it is a great write-up of the talk we gave. Andrew Bartlett Could this article be posted in this list, please? I don't have access to that site. Thanks, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 kerberos and kinit
ERROR(runtime): uncaught exception - Key table entry not found File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 167, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 88, in run I don't know if the issue I had is related some way with yours but I got similar error (above) when using samba-tool dns, but it worked when used the IP of the samba server. Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 error joining W2003 DC
Hi Geza Thanks for your help. I've followed the how to from samba wiki and there's no example of the smb.conf in it. Can you help me configure it? I only know about samba 3 and have no idea about samba 4 options. The how to is at https://wiki.samba.org/index.php/Samba4_joining_a_domain Regards, As stated in https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC ...¨You should remove any existing smb.conf in /usr/local/samba/etc/smb.conf ¨... Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 and ntp
I have configured samba4 and ntp following the official HowTO. Client computers running Windows XP synchronize their time correctly but only when windows starts or after a restart (same thing). My ntp.conf is the same found in the HowTo. ntp version is 4.2.6p4 and I set the following domain policy: In Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\ - Enabled Windows NTP client - Configuration of NTP clients: NtpServer: mysamba4server,0x01 What it is needed to get these clients synchronize their time without restarting? Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and Bind with DLZ
On Wed, 2011-12-07 at 13:13 -0500, fe...@epepm.cupet.cu wrote: Could you, please, give me some clue on how to configure dlz in Bind to work with Samba4? I installed samba4 from git check out from a week ago, then I provisioned it but DNS is not working. Now with a more recent checkout my DNS is working. Maybe it was me. there are no documents related to DLZ in the HowTo. And I'm a newbie. Thanks anyway. I think that I will update the HowTo to include hints on DLZ from my own experience. Adam, I'm sorry I sent this mail directly to your address. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 and Bind with DLZ
Could you, please, give me some clue on how to configure dlz in Bind to work with Samba4? I installed samba4 from git check out from a week ago, then I provisioned it but DNS is not working. Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA4 user password field / objectSid
Hello, In order to migrate from samba3 to samba4, i've to know where passwords are stored in the ldap base. I've to know how to see clear objectSids and how to change them too. You should install phpldapadmin with this configuration file /usr/local/samba/private/phpldapadmin-config.php so you can see everything you want. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 joining a domain as DC
I followed https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC but when I get to samba-tool drs kcc -Uadministrator windowsdc.samba.example.com then the result is: ERROR(runtime): DsExecuteKCC failed - (8409, ´WERR_DS_DATABASE_ERROR´) and in samba.log: [2011/11/14 16:03:30, 0] ../source4/smbd/server.c:365(binary_smbd_main) samba version 4.0.0alpha17 started. Copyright Andrew Tridgell and the Samba Team 1992-2011 [2011/11/14 16:03:31, 0] ../source4/smbd/server.c:460(binary_smbd_main) samba: using 'standard' process model [2011/11/14 16:03:31, 0] ../source4/lib/tls/tlscert.c:70(tls_cert_generate) Attempting to autogenerate TLS self-signed keys for https for hostname 'LAST.mydomain.com' [2011/11/14 16:03:32, 0] ../source4/lib/tls/tlscert.c:166(tls_cert_generate) TLS self-signed keys generated OK [2011/11/14 16:03:47, 0] ../source4/dsdb/repl/drepl_ridalloc.c:43(drepl_new_rid_pool_callback) ../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID allocation - WERR_BADFILE - extended_ret[0x0] [2011/11/14 16:08:47, 0] ../source4/dsdb/repl/drepl_ridalloc.c:43(drepl_new_rid_pool_callback) ../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID allocation - WERR_BADFILE - extended_ret[0x0] [2011/11/14 16:14:43, 0] ../source4/dsdb/repl/drepl_ridalloc.c:43(drepl_new_rid_pool_callback) ../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID allocation - WERR_BADFILE - extended_ret[0x0] [2011/11/14 16:19:45, 0] ../source4/smbd/server.c:365(binary_smbd_main) samba version 4.0.0alpha17 started. Copyright Andrew Tridgell and the Samba Team 1992-2011 [2011/11/14 16:19:46, 0] ../source4/smbd/server.c:460(binary_smbd_main) samba: using 'standard' process model [2011/11/14 16:20:39, 0] ../source4/dsdb/repl/drepl_ridalloc.c:43(drepl_new_rid_pool_callback) ../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID allocation - WERR_BADFILE - extended_ret[0x0] [2011/11/14 16:25:35, 0] ../source4/dsdb/repl/drepl_ridalloc.c:43(drepl_new_rid_pool_callback) ../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID allocation - WERR_BADFILE - extended_ret[0x0] Thanks. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and sysvol share
For beginners, I would like to contribute with the steps I followed to make Bind, Ntp and Samba4 work together on Debian Lenny. How can I do it? Make a wiki account, and then let me know the username. Try not to make a duplicate of the main HOWTO, but feel free to create a page with distribution-specific assistance. Andrew Bartlett Thank you. I made an account. Username: felixcarb. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and sysvol share
Hello Felix, Sorry for the very late answer, Well I remade a test today, in gpmc.msc (group policy management console), I have no errors from Windows about the ACLs of the folders for my policies. Thanks a lot for your answers, Matthieu and Christopher. It makes me happy to know that you guys don't forget to answer the questions of samba users. My first solution was changing the permissions of the sysvol directory in my linux box to 755 (I think 644 could work too) after defining the policies I needed for my domain. I'm a newbie in Linux and in Samba that's why at the begining I didn't realize that my filesystem did not support the user_xattr option and I had skipped that part of the HowTo. I'm so sorry for taking some of your precious time. Now I'm learning how to compile a kernel to include the needed options and I'm pretty sure that will fix my issue. For beginners, I would like to contribute with the steps I followed to make Bind, Ntp and Samba4 work together on Debian Lenny. How can I do it? My best wishes for the Samba team and users. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Re: Samba4 and sysvol share]
To see the content of sysvol from a Windows client I had to authenticate using a user of my new domain, but again when I checked the Security Tab in sysvol I saw that Everyone has special permissions, meaning Full Access. Does it have something to do with the filesystem support mentioned in the HowTo??? I found a temporary solution. Once I have defined the Policies for my domain I edit smb.conf and change read only to Yes in sysvol section, then restart samba. This way I ensure nobody can modify sysvol content. The main disadvantage is that if we need to make any modification to policies, etc. we have to set back read only to No in sysvol section, restart samba, and do the previous steps again after modifications. Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and sysvol share
Alright, here is update Felix. From a default install, at least on the server I set up, sysvol is Authenticated Users(read/execute), Domain Admins(all), System(all). It and all children. As you dive deeper into folder structure there are some more added like Enterprise Admins and so forth(will full privileges). I believe Owner is also one as you get further down and it has no privileges set. Chris Today I downloaded samba4 alpha 17 tar again. I made a new virtual machine and I installed ntp 4.2.6, Bind9 9.8.0 and Samba4 alpha 17 on Debian Lenny. To see the content of sysvol from a Windows client I had to authenticate using a user of my new domain, but again when I checked the Security Tab in sysvol I saw that Everyone has special permissions, meaning Full Access. Does it have something to do with the filesystem support mentioned in the HowTo??? Thanks in advance. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and sysvol share
On 27/09/2011 13:07, fe...@epepm.cupet.cu wrote: Hello. I noticed that any domain user can delete the content of the shared folder sysvol in the domain controller from a windows client. How can I avoid that? Greetings, Felix What's the default windows behavior with this ? Matthieu. Windows users Windows permissions - Domain Admins--- Full Access Authenticated Users-- Read Execute, List folder contents, Read CREATOR OWNER--- Special permissions (Maybe we don't need this) Server Operators Read Execute, List folder contents, Read SYSTEM-- Full Access I think that what it is needed here is: Domain Admins- Full Access and everybody else Read Execute, List folder contents, Read I think that GPOs and some scripts are delivered to windows clients through sysvol, that's why I don't want any of my users to be able to delete the sysvol content. What should I do to accomplish that goal? Thanks in advance. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and sysvol share
On 28/09/2011 04:59, fe...@epepm.cupet.cu wrote: On 27/09/2011 13:07, fe...@epepm.cupet.cu wrote: Hello. I noticed that any domain user can delete the content of the shared folder sysvol in the domain controller from a windows client. How can I avoid that? Greetings, Felix What's the default windows behavior with this ? Matthieu. Windows users Windows permissions - Domain Admins--- Full Access Authenticated Users-- Read Execute, List folder contents, Read CREATOR OWNER--- Special permissions (Maybe we don't need this) Server Operators Read Execute, List folder contents, Read SYSTEM-- Full Access I think that what it is needed here is: Domain Admins- Full Access and everybody else Read Execute, List folder contents, Read I think that GPOs and some scripts are delivered to windows clients through sysvol, that's why I don't want any of my users to be able to delete the sysvol content. What should I do to accomplish that goal? In theory we should have the ACLs ok, I have to check this things but it won't be before next week I'm at IOLAB with microsoft this week focusing on FRS replication. Sorry. Matthieu. I understand. I'll be waiting for an answer. Thanks. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and sysvol share
Definitely that is where your login scripts and so forth are or the general place that you are suppose to put them. I've got to go do some work over at a place I have a Samba4 PDC setup tomorrow. Did you mess with the permissions or don't recall? Was it like that when you installed? I wouldn't allow Everyone to have access. Go the Authenticated Users route or maybe Domain Users with read/execute permissions. I'll check all the different users on it tomorrow for ya and drop back a line to this thread though. There might be a phantom User that only Samba knows about that is listed there that might be specific to your install. It would be nice if someone chimed in here, have been wondering about that... ;) Chris Hi Chris: It's a recent test installation using Samba4 alpha 17 tar. I have done nothing with the permissions. I haven't even touched smb.conf. I was browsing the content of sysvol in my Samba4 server with a domain user I created and then I tried deleting a file and I could do it, tried with the whole content of sysvol and I could delete all. Then I reinstalled samba and tried again with a new domain user, and could do it again. The permission on a Windows 2003 server are as shown below and you're right only authenticated users should have read and execute permissions. But I tried with a windows client in a virtual pc against a real windows 2003 server and surprisingly I could list the content of sysvol in spite of this virtual pc not being a member of the windows 2003 server domain. That's why I suggested that may be it would be ok to allow everyone read and execute permissions. On Wed, Sep 28, 2011 at 1:55 PM, fe...@epepm.cupet.cu wrote: On 28/09/2011 04:59, fe...@epepm.cupet.cu wrote: On 27/09/2011 13:07, fe...@epepm.cupet.cu wrote: Hello. I noticed that any domain user can delete the content of the shared folder sysvol in the domain controller from a windows client. How can I avoid that? Greetings, Felix What's the default windows behavior with this ? Matthieu. Windows users Windows permissions - Domain Admins--- Full Access Authenticated Users-- Read Execute, List folder contents, Read CREATOR OWNER--- Special permissions (Maybe we don't need this) Server Operators Read Execute, List folder contents, Read SYSTEM-- Full Access I think that what it is needed here is: Domain Admins- Full Access and everybody else Read Execute, List folder contents, Read I think that GPOs and some scripts are delivered to windows clients through sysvol, that's why I don't want any of my users to be able to delete the sysvol content. What should I do to accomplish that goal? In theory we should have the ACLs ok, I have to check this things but it won't be before next week I'm at IOLAB with microsoft this week focusing on FRS replication. Sorry. Matthieu. I understand. I'll be waiting for an answer. Thanks. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and sysvol share
Definitely that is where your login scripts and so forth are or the general place that you are suppose to put them. I've got to go do some work over at a place I have a Samba4 PDC setup tomorrow. Did you mess with the permissions or don't recall? Was it like that when you installed? I wouldn't allow Everyone to have access. Go the Authenticated Users route or maybe Domain Users with read/execute permissions. I'll check all the different users on it tomorrow for ya and drop back a line to this thread though. There might be a phantom User that only Samba knows about that is listed there that might be specific to your install. It would be nice if someone chimed in here, have been wondering about that... ;) Chris Hi Chris: It's a recent test installation using Samba4 alpha 17 tar. I have done nothing with the permissions. I haven't even touched smb.conf. I was browsing the content of sysvol in my Samba4 server with a domain user I created and then I tried deleting a file and I could do it, tried with the whole content of sysvol and I could delete all. Then I reinstalled samba and tried again with a new domain user, and could do it again. The permission on a Windows 2003 server are as shown below and you're right only authenticated users should have read and execute permissions. But I tried with a windows client in a virtual pc against a real windows 2003 server and surprisingly I could list the content of sysvol in spite of this virtual pc not being a member of the windows 2003 server domain. That's why I suggested that may be it would be ok to allow everyone read and execute permissions. My mistake. Unauthenticated users have no access to sysvol in windows 2003 server. Sorry!!! On Wed, Sep 28, 2011 at 1:55 PM, fe...@epepm.cupet.cu wrote: On 28/09/2011 04:59, fe...@epepm.cupet.cu wrote: On 27/09/2011 13:07, fe...@epepm.cupet.cu wrote: Hello. I noticed that any domain user can delete the content of the shared folder sysvol in the domain controller from a windows client. How can I avoid that? Greetings, Felix What's the default windows behavior with this ? Matthieu. Windows users Windows permissions - Domain Admins--- Full Access Authenticated Users-- Read Execute, List folder contents, Read CREATOR OWNER--- Special permissions (Maybe we don't need this) Server Operators Read Execute, List folder contents, Read SYSTEM-- Full Access I think that what it is needed here is: Domain Admins- Full Access and everybody else Read Execute, List folder contents, Read I think that GPOs and some scripts are delivered to windows clients through sysvol, that's why I don't want any of my users to be able to delete the sysvol content. What should I do to accomplish that goal? In theory we should have the ACLs ok, I have to check this things but it won't be before next week I'm at IOLAB with microsoft this week focusing on FRS replication. Sorry. Matthieu. I understand. I'll be waiting for an answer. Thanks. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 and sysvol share
Hello. I noticed that any domain user can delete the content of the shared folder sysvol in the domain controller from a windows client. How can I avoid that? Greetings, Felix -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and sysvol share
On 27/09/2011 13:07, fe...@epepm.cupet.cu wrote: Hello. I noticed that any domain user can delete the content of the shared folder sysvol in the domain controller from a windows client. How can I avoid that? Greetings, Felix What's the default windows behavior with this ? Matthieu. Windows users Windows permissions - Domain Admins--- Full Access Authenticated User-- Read Execute, List folder contents, Read CREATOR OWNER--- Special permissions (Maybe we don't need this) Server Operators Read Execute, List folder contents, Read SYSTEM-- Full Access Thanks for your attention. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Access rights from ACLs not honored when setting file attributes?
This is somewhat a reincarnation of a problem I am facing since upgrading to samba 3.5.6 (3.5.8 is identical). I use samba on an ext3 ACL enabled file system. Typically a users access rights are determined by his or her membership in different groups. The access right is therefore defined and granted by/to the group, not the user. These groups then appear in the ACL of directories and files whereby the access is granted. This system works perfect when creating, modifying and delete files or directories - no issues at all. However using the windows function 'SetFileAttributes' fails in case the user who is connected to the samba server and executes the function is not either the owner of the file/directory or member of the owning group of the file/directory. Therefore it looks like samba is ignoring any ACL entry when using the windows function 'SetFileAttributes'. No matter if there is an ACE granting the proper access right, samba fails. Is there a principle difference in how samba interprets access rights depending on whom (user, primary group membership or ACL) grants them? Why do file/directory operations such as create/modify/delete work, no matter how the access right was granted (including from ACL)? regards Felix -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access rights from ACLs not honored when setting file attributes?
Finally! Many thanks, that did it. The option 'store dos attributes' was not enabled. After I did enable it everything works as expected. I did just a little research on 3 servers here and this is the result: on samba 3.2.5 the problem dose not show up if 'store dos attributes' is disabled. However on samba 3.5.6 and 3.5.8 this option is definitely required for my setup. I must have missed somewhere between samba version 3.2.5 and 3.5.6 that this option became mandatory for my kind of setup, shame on me. You saved my weekend which starts right now! Felix On 01.06.2011 17:37, TAKAHASHI Motonobu wrote: From: Felix Brack (Mailinglist)f...@ltec.ch Date: Wed, 01 Jun 2011 12:31:34 +0200 This is somewhat a reincarnation of a problem I am facing since upgrading to samba 3.5.6 (3.5.8 is identical). (snip) However using the windows function 'SetFileAttributes' fails in case the user who is connected to the samba server and executes the function is not either the owner of the file/directory or member of the owning group of the file/directory. Therefore it looks like samba is ignoring any ACL entry when using the windows function 'SetFileAttributes'. No matter if there is an ACE granting the proper access right, samba fails. Can you set file attributes with GUI and Is store dos attributes set? As far as I examined at Samba 3.5.6, I can manually set attributes. I accessed with user monyo to test2.doc whose ACL is set as below: - # getfacl test2.doc # file: test2.doc # owner: tako # group: root user::rw- group::rw- group:aclshare3ro:r-x group:aclshare3rw:rwx mask::rwx other::--- # id ika uid=2018(ika) gid=2030(ika) groups=2030(ika),2005(aclshare3rw) - My smb.conf is : [global] (nothing is defined) [aclshare3] path = /var/lib/samba/shares/aclshare3 writeable = yes force group = root inherit permissions = yes store dos attributes = yes map archive = no map read only = no --- TAKAHASHI Motonobumo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Confusion berween file and direcory
On Fri, 27 May 2011 00:50:36 +0900, TAKAHASHI Motonobu wrote: From: Felix f...@ltec.ch Date: Thu, 26 May 2011 14:28:07 + (UTC) I have some trouble with a samba 3.5.8 server when setting directory attributes. On a windows XP I execute a small peace of code that calls 'SetFileAttributes' for the directory 'test-dir' located on the samba server. Using log level 10 I find this: (snip) [2011/05/26 15:27:02.145766, 10] smbd/open.c:170(fd_open) fd_open: name test-dir, flags = 01 mode = 0764, fd = -1. Is a directory [2011/05/26 15:27:02.145779, 3] smbd/open.c:461(open_file) Error opening file test-dir (NT_STATUS_FILE_IS_A_DIRECTORY) (local_flags=1) (flags=1) As I said, 'test-dir' is a directory. If my understand of the log is correct samba confuses a directory with a file? Why would this happen? The patch attached at Newly create files are always failed with NT_STATUS_FILE_IS_A_DIRECTORY https://bugzilla.samba.org/show_bug.cgi?id=8042 maybe solve you problem?? --- TAKAHASHI Motonobu mo...@samba.gr.jp This patch deals with problems during file creation. I do not have a problems creating files or directories. The problem occurs when trying to modify the attributes of a directory. Felix -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Confusion berween file and direcory
= 28903, share_access = 0x7, private_options = 0x20, access_mask = 0x100180, mid = 0x0, type= 0x0, gen_id = 6, uid = 1000, flags = 0, file_id fe01:2d6001:0 [2011/05/26 15:27:02.145706, 10] smbd/open.c:671(share_conflict) share_conflict: entry-access_mask = 0x100180, entry-share_access = 0x7, entry-private_options = 0x20 [2011/05/26 15:27:02.145732, 10] smbd/open.c:674(share_conflict) share_conflict: access_mask = 0x2, share_access = 0x7 [2011/05/26 15:27:02.145742, 10] smbd/open.c:683(share_conflict) share_conflict: No conflict due to entry-access_mask = 0x100180 [2011/05/26 15:27:02.145751, 4] smbd/open.c:1977(open_file_ntcreate) calling open_file with flags=0x1 flags2=0x0 mode=0764, access_mask = 0x2, open_access_mask = 0x2 [2011/05/26 15:27:02.145766, 10] smbd/open.c:170(fd_open) fd_open: name test-dir, flags = 01 mode = 0764, fd = -1. Is a directory [2011/05/26 15:27:02.145779, 3] smbd/open.c:461(open_file) Error opening file test-dir (NT_STATUS_FILE_IS_A_DIRECTORY) (local_flags=1) (flags=1) As I said, 'test-dir' is a directory. If my understand of the log is correct samba confuses a directory with a file? Why would this happen? Felix -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nt acl inheritance
Is there any solution / Work around to make this work in current samba releases, can one expect this to be resolved some time? Felix Am 2011-05-22 01:24, schrieb TAKAHASHI Motonobu: From: Felix Jousseinfelix.jouss...@gmx.at Date: Mon, 16 May 2011 13:42:44 +0200 I've observed the following missbehaivoure, while playing around with nc acl's. (see relevant configuration below): Working with Windows XP: Open acl enabled share Set default share permissions by right click on the explorer's top left clip control - properties. Under security I remove the CREATOR-OWNER and CREATORUSER Group, as I already know, that these two default groups cause trouble while saving acl's and result in a Windows Error Message Invalid Parameter. Also I set some default security settings for users and groups accordingly to my needs and I apply it to This Folder, and any sub folder or file. After applying to all new settings, I create a folder. As expected my default share security settings have been inherited to the new folder. I add an additional user to the acl and take care, that the inheritance is also Folder, sub folder and file. I create a new sub folder to this one and check the acl. Here is the unwanted behavior: The new sub folder got user permissions from it's parent folder, but unlike the default share permissions which have been inherited, the additional user's permissions have not been inherited but have been copied. When I set the option Inherit permissions to sub elements as far as applicable, and apply, then a new acl entry is created with the same user but this time inherited. Now I can delete the copied settings, and apply to everything. I hope, these explanations where clear enough. Here now the configuration: Version: 3.5.8~dfsg-1ubuntu2.1 smb.conf: [acl] comment = ACL Labor path = /home/acllabor vfs objects = acl_xattr read only = no browsable = yes valid users = me,you acl map full control = false inherit acls = yes map acl inherit = yes map read only = Permissions map archive = no map hidden = no map system = no nt acl support = yes acl group control = true dos filemode = yes enable privileges = yes store dos attributes = yes mount options: /dev/mapper/system-user on /home type ext4 (rw,errors=remount-ro,acl,user_xattr,) AFAIK, map acl inherit = yes does not work well: https://bugzilla.samba.org/show_bug.cgi?id=6841 Also acl_xattr will not work as you expected, because even if you enable acl_xattr, POSIX ACL semantics is still used in actual access control and inheriting ACLs. P.S. map read only parameter is always ignored when store dos attributes = yes. --- TAKAHASHI Motonobumo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] nt acl inheritance
Hello List, I've observed the following missbehaivoure, while playing around with nc acl's. (see relevant configuration below): Working with Windows XP: Open acl enabled share Set default share permissions by right click on the explorer's top left clip control - properties. Under security I remove the CREATOR-OWNER and CREATORUSER Group, as I already know, that these two default groups cause trouble while saving acl's and result in a Windows Error Message Invalid Parameter. Also I set some default security settings for users and groups accordingly to my needs and I apply it to This Folder, and any sub folder or file. After applying to all new settings, I create a folder. As expected my default share security settings have been inherited to the new folder. I add an additional user to the acl and take care, that the inheritance is also Folder, sub folder and file. I create a new sub folder to this one and check the acl. Here is the unwanted behavior: The new sub folder got user permissions from it's parent folder, but unlike the default share permissions which have been inherited, the additional user's permissions have not been inherited but have been copied. When I set the option Inherit permissions to sub elements as far as applicable, and apply, then a new acl entry is created with the same user but this time inherited. Now I can delete the copied settings, and apply to everything. I hope, these explanations where clear enough. Here now the configuration: Version: 3.5.8~dfsg-1ubuntu2.1 smb.conf: [acl] comment = ACL Labor path = /home/acllabor vfs objects = acl_xattr read only = no browsable = yes valid users = me,you acl map full control = false inherit acls = yes map acl inherit = yes map read only = Permissions map archive = no map hidden = no map system = no nt acl support = yes acl group control = true dos filemode = yes enable privileges = yes store dos attributes = yes mount options: /dev/mapper/system-user on /home type ext4 (rw,errors=remount-ro,acl,user_xattr,) any help appreciated! Felix -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Issue with Bind
On 12 May 2011 18:09, fe...@epepm.cupet.cu wrote: [...] Finally, I would like to know if I'll need a KDC, and if so, which one, MIT or Heimdal??? Samba4 has a built-in version of heimdal. -- Michael Wood esiot...@gmail.com But I keep reveceiving the following message in log.samba: RuntimeError: kinit for sam...@mydomain.com failed (Cannot contact any KDC for requested realm) Best regards, Felix. P.D.: Maybe I should open a new thread with this topic. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Issue with Bind
Thanks a lot for your hint. I finally made it in Debian Lenny (with Samba4 alpha15 and Bind9.8.0) installing libkrb5-dev. My named.conf just has an include /usr/local/samba/private/named.conf; and there I also included the options, related to tkey, suggested in the HowTo. I would like to notice that I followed the recommendation from Bind source and I used the option tkey-gssapi-keytab instead of tkey-gssapi-credential and tkey-domain which I finally commented. Finally, I would like to know if I'll need a KDC, and if so, which one, MIT or Heimdal??? Best regards, Felix. It looks like kerberos support installs the proper files, Check for the packages listed below. This is Ubuntu Lucid, not sure how the names have changed for your distribution. root@FILESRV1:/usr/include/mit-krb5# dpkg -S gssapi.h libkrb5-dev: /usr/include/gssrpc/auth_gssapi.h krb5-multidev: /usr/include/mit-krb5/gssapi/gssapi.h libkrb5-dev: /usr/include/gssapi.h libkrb5-dev: /usr/include/gssapi/gssapi.h krb5-multidev: /usr/include/mit-krb5/gssapi.h krb5-multidev: /usr/include/mit-krb5/gssrpc/auth_gssapi.h On 05/11/2011 02:12 PM, fe...@epepm.cupet.cu wrote: I'm trying to compile using --with-gssapi but I found gssapi.h in /usr/loca/include/dst/ and I used this path but the answer is gssapi.h not found??? I'm using Debian Lenny. I think this gssapi.h I have becomes from the previous installation of bind9 because I found that file in Bind9 source directory. My question is how can I install gssapi??? Best regards, Felix. did you compile bind with gssapi? my compile options with ubuntu are this..Verify your pointing to the proper path when compiling for gssapi. ./configure --prefix=/usr/local/bind9 --with-gssapi=/usr/include/gssapi verify that you have the proper environments in bind,,, I have this in the init script.. KEYTAB_FILE=/usr/local/samba1/private/dns.keytab KRB5_KTNAME=/usr/local/samba1/private/dns.keytab export KEYTAB_FILE export KRB5_KTNAME and verify that the options are in named.conf properly.. CASE matters.. tkey-gssapi-credential DNS/example.com; tkey-domain EXAMPLE.COM; Verify all this and modify for your environment... On 05/11/2011 12:15 PM, fe...@epepm.cupet.cu wrote: I followed the Howto http://wiki.samba.org/index.php/Samba4/HOWTO Using: -Samba4 alpha15 -Bind9.8.0 When I added an XP PC (192.168.123.244) to my domain I got this in syslog: May 11 12:04:18 samba4 named[10705]: client 192.168.123.244#1061: update 'mydomain.com/IN' denied May 11 12:04:18 samba4 named[10705]: tkey.c:486: ENSURE(result == (((1) 16) + 28) || result == 0) failed, back trace May 11 12:04:18 samba4 named[10705]: #0 0x805ac45 in assertion_failed()+0x45 May 11 12:04:18 samba4 named[10705]: #1 0x81c62f7 in isc_assertion_failed()+0x27 May 11 12:04:18 samba4 named[10705]: #2 0x81659ba in dns_tkey_processquery()+0x98a May 11 12:04:18 samba4 named[10705]: #3 0x80696ff in ns_query_start()+0x40f May 11 12:04:18 samba4 named[10705]: #4 0x8051d44 in client_request()+0xdc4 May 11 12:04:18 samba4 named[10705]: #5 0x81e270d in isc__taskmgr_dispatch()+0x17d May 11 12:04:18 samba4 named[10705]: #6 0x81e5e34 in evloop()+0x74 May 11 12:04:18 samba4 named[10705]: #7 0x81e60af in isc__app_ctxrun()+0x12f May 11 12:04:18 samba4 named[10705]: #8 0x81e6182 in isc__app_run()+0x12 May 11 12:04:18 samba4 named[10705]: #9 0x805bd56 in main()+0xc96 May 11 12:04:18 samba4 named[10705]: #10 0xb7d04455 in _fini()+0xafb0d6b9 May 11 12:04:18 samba4 named[10705]: #11 0x804bb61 in _start()+0x21 May 11 12:04:18 samba4 named[10705]: exiting (due to assertion failure) Any ideas?? Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Issue with Bind
I followed the Howto http://wiki.samba.org/index.php/Samba4/HOWTO Using: -Samba4 alpha15 -Bind9.8.0 When I added an XP PC (192.168.123.244) to my domain I got this in syslog: May 11 12:04:18 samba4 named[10705]: client 192.168.123.244#1061: update 'mydomain.com/IN' denied May 11 12:04:18 samba4 named[10705]: tkey.c:486: ENSURE(result == (((1) 16) + 28) || result == 0) failed, back trace May 11 12:04:18 samba4 named[10705]: #0 0x805ac45 in assertion_failed()+0x45 May 11 12:04:18 samba4 named[10705]: #1 0x81c62f7 in isc_assertion_failed()+0x27 May 11 12:04:18 samba4 named[10705]: #2 0x81659ba in dns_tkey_processquery()+0x98a May 11 12:04:18 samba4 named[10705]: #3 0x80696ff in ns_query_start()+0x40f May 11 12:04:18 samba4 named[10705]: #4 0x8051d44 in client_request()+0xdc4 May 11 12:04:18 samba4 named[10705]: #5 0x81e270d in isc__taskmgr_dispatch()+0x17d May 11 12:04:18 samba4 named[10705]: #6 0x81e5e34 in evloop()+0x74 May 11 12:04:18 samba4 named[10705]: #7 0x81e60af in isc__app_ctxrun()+0x12f May 11 12:04:18 samba4 named[10705]: #8 0x81e6182 in isc__app_run()+0x12 May 11 12:04:18 samba4 named[10705]: #9 0x805bd56 in main()+0xc96 May 11 12:04:18 samba4 named[10705]: #10 0xb7d04455 in _fini()+0xafb0d6b9 May 11 12:04:18 samba4 named[10705]: #11 0x804bb61 in _start()+0x21 May 11 12:04:18 samba4 named[10705]: exiting (due to assertion failure) Any ideas?? Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
