Re: [Samba] DNSMasq and OpenWRT as DHCP and Internal DNS

[Gerry Reno]

dnsmasq: not authoritative, no SOA, no NS, no master-slaves, just has caching 
and forwarding

basically just a client side solution.
---

If this has changed I would like to know.


On 09/05/2013 02:26 PM, Szymon Życiński wrote:
> Hello
>
> I use DNSMasq on OpenWRT router, OpenWRT provides also DHCP. Another linux 
> box works as PDC with Samba 4. Everything
> seems to be ok except  Internal DNS. Whole Domain (60 machines) works ok 
> but only Domain Controler created it's
> account in dns.
>
> How can i diagnose problem? Maybe it is fault of DHCP on OpenWRT and should 
> switch to DHCP on samba box?
>
> Szymon
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Losing Permissions of Files

[Gerry Reno]

On 06/18/2013 09:49 AM, Jonathan Buzzard wrote:
> On Tue, 2013-06-18 at 12:37 +1000, Andrew Bartlett wrote:
>> On Wed, 2013-06-12 at 16:37 -0700, bogdan_bartos wrote:
>>> Are these directives working for samba 4??? This looks like samba 3 to me. 
>>> We
>>> need a fix for samba 4...
>> Samba 4.0 uses largely the same parameter set as Samba 3.x, because it
>> really is just the next version of Samba as far as the file server is
>> concerned.
>>
>> The main distinction in the case of the AD DC is that we set some
>> defaults differently in that mode.  That is, we set:
>>
>>  map archive = No
>>  map readonly = no
>>  store dos attributes = Yes
>>  vfs objects = dfs_samba4, acl_xattr
>>
>> And these are defaults in all modes:
>> map system = no
>> map hidden = no
>>
>> I hope this helps clarify things.
>>
> I wonder if the issue is that the file system being used by the OP does
> not have extended attributes enabled at mount time. If they don't then
> Samba of whatever version is not able to store the DOS attributes in
> files extended attributes and Office 2007/2010 will still get confused
> and do the wrong thing.
>
> Remember ext3 and ext4 file systems have to be explicitly mounted with
> extended attributes enabled, where as XFS always has them enabled.
>
> JAB.
>

I use a little script to test extended attributes and acls on new systems.

Attached.  Rename it from .txt to .sh after downloading.

Gerry




#!/bin/bash
CD=$(pwd)
cd /var/tmp

# TEST EXTENDED ATTRIBUTES
echo -n "extended attributes: "
TESTFILE=extendedattrtest.txt
touch $TESTFILE
setfattr -n user.test -v test  $TESTFILE
setfattr -n security.test -v test2 $TESTFILE
if [ "$(getfattr -n user.test -d $TESTFILE --only-values)" == "test" -a 
"$(getfattr -n security.test -d $TESTFILE --only-values)" == "test2" ]; then
echo PASS
else
echo FAIL
fi
### getfattr -d $TESTFILE
rm $TESTFILE

# TEST ACLS
echo -n "   acls: "
TESTFILE=acttest.txt
touch $TESTFILE
setfacl -m g:adm:rwx $TESTFILE
if [ "$(getfacl -t $TESTFILE | sed -e "s/[ ]*$//" -e "s/[ ][ ]*/ /g" | grep 
adm)" == "group adm rwx" ];then
echo PASS
else
echo FAIL
fi
### getfacl -t $TESTFILE
rm $TESTFILE

cd $CD
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 + cups - it is working for someone?

[Gerry Reno]

On 06/10/2013 12:16 PM, steve wrote:
> On Mon, 2013-06-10 at 09:54 -0400, Gerry Reno wrote:
>> On 06/10/2013 03:47 AM, steve wrote:
>>> On 09/06/13 20:16, Gerry Reno wrote:
>>>> On 06/09/2013 06:45 AM, steve wrote:
>>>>> On 09/06/13 11:00, Adam Sienkiewicz wrote:
>>>>>> Hi Steve
>>>>>>
>>>>>> I procceeded regarding this howtu. All seems to be fine except
>>>>>> connection samba-cups. From windows I can add printer, print test page
>>>>>> but all print jobs from samba are lost between samba and cups I think.
>>>>>> There is no entries in cups logs only issue in samba logs
>>>>> Hi
>>>>> I just found my eror. i hope it's the same for you:
>>>>>
>>>>> Here is my smb.conf:
>>>>>
>>>>> [printers]
>>>>>   path = /var/spool/samba
>>>>>   printable = yes
>>>>>   printing = CUPS
>>>>>
>>>>> [print$]
>>>>>   path = /srv/samba/Printer_drivers
>>>>>   comment = Printer Drivers
>>>>>   writeable = yes
>>>>>
>>>>> [hpdeskjetf2200series]
>>>>>   path = /var/spool/samba/
>>>>>   browseable = yes
>>>>>   printable = yes
>>>>>   printer name = hpdeskjetf2200series
>>>>> #printer name = "HP Deskjet F2200 series"
>>>>>
>>>>> Note the printer name lines. I had the windows name "HP Deskjet F2200 
>>>>> series"
>>>>>
>>>>> The clue was in the logs:
>>>>> /usr/local/samba/sbin/smbd: Unable to get jobs for 
>>>>> ipp://localhost/printers/HP Deskjet F2200 series -
>>>>> client-error-not-found
>>>>>
>>>>> I changed to the Linux/cups printer name and print jobs got sent without 
>>>>> error.
>>>>> HTH
>>>>> Steve
>>>>>
>>>>>
>>>> Steve, still not working for me.
>>>>
>>>> What is the output of  lpinfo -v  on your system?
>>>>
>>>> Gerry
>>>>
>>>>
>>>>
>>>>
>>> Hi Gerry
>>> lpinfo -v
>>> network http
>>> network ipp
>>> network ipps
>>> network https
>>> direct usb://HP/Deskjet%20F2200%20series?serial=CN8BO1S0S605CC
>>> network socket
>>> network lpd
>>> direct hp:/usb/Deskjet_F2200_series?serial=CN8BO1S0S605CC
>>> network smb
>>> direct parallel:/dev/lp0
>>> network beh
>>> direct hpfax
>>>
>>> I wonder if you have the cups dev libraries and headers installed before 
>>> you compile. I didn't so that was another
>>> problem I had. On openSUSE it's cups-devel. Just to make sure, I built with 
>>> ./configure --enable-cups
>>>
>>> Suerte,
>>> Steve
>>>
>>
>> Ok, here's lpinfo -v on my test system:
>> # lpinfo -v
>> network ipp
>> network lpd
>> file cups-pdf:/
>> network socket
>> direct scsi
>> network https
>> network http
>> network socket://192.168.2.180
>>
>> The last entry is a networked printer
>>
>> I notice that "network smb" is missing.  Going to CH10 in the Samba manual I 
>> see that it takes a symlink from smbspool. 
>> Did you have to do that manually?  Or did it just get made during install?
>>
>> Gerry
> Hi
> No idea about the symlink until you mentioned it so it must have been
> made during the install.
>
>

I don't understand then why my Samba git stable (4.0.6)  install doesn't have 
this symlink.
$ find . -name config.h
./source4/heimdal_build/config.h
./bin/default/include/config.h

Is there some configure switch that causes this to be generated?

Gerry



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 + cups - it is working for someone?

[Gerry Reno]

On 06/10/2013 03:47 AM, steve wrote:
> On 09/06/13 20:16, Gerry Reno wrote:
>> On 06/09/2013 06:45 AM, steve wrote:
>>> On 09/06/13 11:00, Adam Sienkiewicz wrote:
>>>> Hi Steve
>>>>
>>>> I procceeded regarding this howtu. All seems to be fine except
>>>> connection samba-cups. From windows I can add printer, print test page
>>>> but all print jobs from samba are lost between samba and cups I think.
>>>> There is no entries in cups logs only issue in samba logs
>>> Hi
>>> I just found my eror. i hope it's the same for you:
>>>
>>> Here is my smb.conf:
>>>
>>> [printers]
>>>   path = /var/spool/samba
>>>   printable = yes
>>>   printing = CUPS
>>>
>>> [print$]
>>>   path = /srv/samba/Printer_drivers
>>>   comment = Printer Drivers
>>>   writeable = yes
>>>
>>> [hpdeskjetf2200series]
>>>   path = /var/spool/samba/
>>>   browseable = yes
>>>   printable = yes
>>>   printer name = hpdeskjetf2200series
>>> #printer name = "HP Deskjet F2200 series"
>>>
>>> Note the printer name lines. I had the windows name "HP Deskjet F2200 
>>> series"
>>>
>>> The clue was in the logs:
>>> /usr/local/samba/sbin/smbd: Unable to get jobs for 
>>> ipp://localhost/printers/HP Deskjet F2200 series -
>>> client-error-not-found
>>>
>>> I changed to the Linux/cups printer name and print jobs got sent without 
>>> error.
>>> HTH
>>> Steve
>>>
>>>
>> Steve, still not working for me.
>>
>> What is the output of  lpinfo -v  on your system?
>>
>> Gerry
>>
>>
>>
>>
> Hi Gerry
> lpinfo -v
> network http
> network ipp
> network ipps
> network https
> direct usb://HP/Deskjet%20F2200%20series?serial=CN8BO1S0S605CC
> network socket
> network lpd
> direct hp:/usb/Deskjet_F2200_series?serial=CN8BO1S0S605CC
> network smb
> direct parallel:/dev/lp0
> network beh
> direct hpfax
>
> I wonder if you have the cups dev libraries and headers installed before you 
> compile. I didn't so that was another
> problem I had. On openSUSE it's cups-devel. Just to make sure, I built with 
> ./configure --enable-cups
>
> Suerte,
> Steve
>


Ok, here's lpinfo -v on my test system:
# lpinfo -v
network ipp
network lpd
file cups-pdf:/
network socket
direct scsi
network https
network http
network socket://192.168.2.180

The last entry is a networked printer

I notice that "network smb" is missing.  Going to CH10 in the Samba manual I 
see that it takes a symlink from smbspool. 
Did you have to do that manually?  Or did it just get made during install?

Gerry



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 + cups - it is working for someone?

[Gerry Reno]

On 06/09/2013 06:45 AM, steve wrote:
> On 09/06/13 11:00, Adam Sienkiewicz wrote:
>> Hi Steve
>>
>> I procceeded regarding this howtu. All seems to be fine except
>> connection samba-cups. From windows I can add printer, print test page
>> but all print jobs from samba are lost between samba and cups I think.
>> There is no entries in cups logs only issue in samba logs
> Hi
> I just found my eror. i hope it's the same for you:
>
> Here is my smb.conf:
>
> [printers]
>  path = /var/spool/samba
>  printable = yes
>  printing = CUPS
>
> [print$]
>  path = /srv/samba/Printer_drivers
>  comment = Printer Drivers
>  writeable = yes
>
> [hpdeskjetf2200series]
>  path = /var/spool/samba/
>  browseable = yes
>  printable = yes
>  printer name = hpdeskjetf2200series
> #printer name = "HP Deskjet F2200 series"
>
> Note the printer name lines. I had the windows name "HP Deskjet F2200 series"
>
> The clue was in the logs:
> /usr/local/samba/sbin/smbd: Unable to get jobs for 
> ipp://localhost/printers/HP Deskjet F2200 series -
> client-error-not-found
>
> I changed to the Linux/cups printer name and print jobs got sent without 
> error.
> HTH
> Steve
>
>

Steve, still not working for me.

What is the output of  lpinfo -v  on your system?

Gerry




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Procedure for installing Windows drivers on Samba with CUPS

[Gerry Reno]

> I tried again after pulling 4.0.6 and it still does not install the cups 
> drivers:
>
> # PATH=/usr/local/samba/bin:$PATH cupsaddsmb -v -H localhost -U root -a
> Password for root required to access localhost via SAMBA:
> Running command: smbclient //localhost/print$ -N -A /tmp/cupsqd8nsE -c 
> 'mkdir W32X86;put /tmp/cups8yiElz
> W32X86/Cups-PDF.ppd;put /usr/share/cups/drivers/ps5ui.dll 
> W32X86/ps5ui.dll;put /usr/share/cups/drivers/pscript.hlp
> W32X86/pscript.hlp;put /usr/share/cups/drivers/pscript.ntf 
> W32X86/pscript.ntf;put
> /usr/share/cups/drivers/pscript5.dll W32X86/pscript5.dll'
> Domain=[XX] OS=[Unix] Server=[Samba 4.0.6]
> NT_STATUS_OBJECT_NAME_COLLISION making remote directory \W32X86
> NT_STATUS_ACCESS_DENIED opening remote file \W32X86/Cups-PDF.ppd
> NT_STATUS_ACCESS_DENIED opening remote file \W32X86/ps5ui.dll
> NT_STATUS_ACCESS_DENIED opening remote file \W32X86/pscript.hlp
> NT_STATUS_ACCESS_DENIED opening remote file \W32X86/pscript.ntf
> NT_STATUS_ACCESS_DENIED opening remote file \W32X86/pscript5.dll
>

I opened a new bug on this issue because it may not be the same as the Win7 
printing issue bug:

https://bugzilla.samba.org/show_bug.cgi?id=9901


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Procedure for installing Windows drivers on Samba with CUPS

[Gerry Reno]

On 05/22/2013 07:41 AM, Tim Vangehugten wrote:
> Hi,
>
> Just an update:
>
> Tried today samba 4.0.6, printing works there with the automatic driver 
> install.
>
> Best regards
> Tim Vangehugten
>
>

I tried again after pulling 4.0.6 and it still does not install the cups 
drivers:

# PATH=/usr/local/samba/bin:$PATH cupsaddsmb -v -H localhost -U root -a
Password for root required to access localhost via SAMBA:
Running command: smbclient //localhost/print$ -N -A /tmp/cupsqd8nsE -c 
'mkdir W32X86;put /tmp/cups8yiElz
W32X86/Cups-PDF.ppd;put /usr/share/cups/drivers/ps5ui.dll 
W32X86/ps5ui.dll;put /usr/share/cups/drivers/pscript.hlp
W32X86/pscript.hlp;put /usr/share/cups/drivers/pscript.ntf 
W32X86/pscript.ntf;put
/usr/share/cups/drivers/pscript5.dll W32X86/pscript5.dll'
Domain=[XX] OS=[Unix] Server=[Samba 4.0.6]
NT_STATUS_OBJECT_NAME_COLLISION making remote directory \W32X86
NT_STATUS_ACCESS_DENIED opening remote file \W32X86/Cups-PDF.ppd
NT_STATUS_ACCESS_DENIED opening remote file \W32X86/ps5ui.dll
NT_STATUS_ACCESS_DENIED opening remote file \W32X86/pscript.hlp
NT_STATUS_ACCESS_DENIED opening remote file \W32X86/pscript.ntf
NT_STATUS_ACCESS_DENIED opening remote file \W32X86/pscript5.dll




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Procedure for installing Windows drivers on Samba with CUPS

[Gerry Reno]

On 05/16/2013 10:46 AM, steve wrote:
> On Thu, 2013-05-16 at 15:22 +0200, Tim Vangehugten wrote:
>> if
>> only the printing in samba 4.0.5 would work that would be nice...
> Hi
> The printing doesn't work in 4.0.5
> https://bugzilla.samba.org/show_bug.cgi?id=9745
>
> maybe you could add this thread/your use case to the bugzilla?
> Cheers,
> Steve
>

4.0.5 is useless without printing.

I've backed out of 4.0.5.


.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] frequent tdb corruption

[Gerry Reno]

On 05/14/2013 11:17 AM, Adam Thorn wrote:
>> What type of filesystem are you using?  Do you have barriers enabled?
>>
>> I know in Linux that you should set barrier=1 on the ext3/ext4 filesystem in 
>> order to prevent corruption of sam.ldb in
>> cases of power loss.
> It's all on ZFS, so I don't believe there's an equivalent setting.
>
> Adam
>

https://groups.google.com/a/zfsonlinux.org/forum/#!msg/zfs-discuss/DKweF6DtaMo/zn6WDNV3OIgJ




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] frequent tdb corruption

[Gerry Reno]

On 05/14/2013 05:59 AM, Adam Thorn wrote:
> Hi,
>
> I'm seeing regular tdb corruption; typical log messages are:
>
> tdb(/var/db/samba/sessionid.tdb): tdb_rec_read bad magic 0x42424242 at
> offset=672032
>
> tdb(/var/db/samba/connections.tdb): tdb_rec_read bad magic 0x0 at
> offset=638594
>
> tdb(/var/db/samba/locking.tdb): tdb_rec_read bad magic 0x42424242 at
> offset=1034396
>
> which then prevents fileserving from working properly (N.B. the bad
> magic is not limited to those three tdbs). At the moment I'm running
> Samba 3.6.6 on FreeBSD 9.0, but I've seen exactly the same behaviour
> with 3.6.9 and 3.6.13, and also the same behaviour on FreeBSD 9.1 as
> well. I also currently have the tdb-1.2.9,1 FreeBSD port installed at
> present, but have seen the same problem with tdb-1.2.11,1
>
> I found a few forum posts that suggested setting "use mmap=no" - I have
> tried that, but saw no change in behaviour.
>
> Restarting samba invariably clears the problem for a while: sometimes
> it's just a few hours before we get further bad magic messages,
> sometimes it's continued working fine for ~10 days or so, and pretty
> much everything in between. There is no obvious pattern of which tdbs
> are corrupting; I've seen pretty much all of them become corrupt over
> the last couple of months.
>
> The server has multiple IP addresses which samba listens on; first of
> all we just start smbd with 
>
> [global]
>include = /data/config/samba/servers/%i
>
> and I've attached the result from running testparm on one of those
> included files. It's very very slightly redacted to hide IP addresses
> and group names. We have another similarly-configured server (FreeBSD
> 9.0, Samba 3.6.6) with the same pattern of "include a config file
> dependent on the IP address the client connects to", and that has been
> running smoothly with no problems at all for over a year.
>
> I don't think (but have not absolutely conclusively ruled out) that it's
> a hardware problem on the server itself; the samba service (and the
> associated IP addresses) is managed by heartbeat, so I've tried running
> samba on the two nominally identical servers in the HA cluster - I see
> the same problematic behaviour on both nodes. 
>
> I've also attached the output of "smbd -b", in case that is informative.
>
> I'm kind of running out of ideas of what to try next; any and all advice
> will thus be gratefully received! It's been especially hard to diagnose
> because the corruption happens seemingly at random, and I've not been
> able to identify a definite action that leads to the errors. (Also,
> because it's a production server, I'm not keen to try to deliberately
> provoke errors..)
>
> Adam
>
>

What type of filesystem are you using?  Do you have barriers enabled?

I know in Linux that you should set barrier=1 on the ext3/ext4 filesystem in 
order to prevent corruption of sam.ldb in
cases of power loss.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 CUPS: NT_STATUS_ACCESS_DENIED opening remote file

[Gerry Reno]

On 05/13/2013 03:59 PM, steve wrote:
> On 13/05/13 21:36, Gerry Reno wrote:
>> I'm setting up cups printing with Samba 4.0.5.
>>
>> I downloaded both the windows drivers and the postscript drivers and put 
>> them into /usr/share/cups/drivers/.
>>
>> I configured cups through the web interface.  Created a printer and printed 
>> a test page.
>>
>> I edited smb.conf and put in the necessary entries for cups printing:
>>
>>  [global]
>>  ...
>>  load printers = yes
>>  printing = cups
>>  printcap name = cups
>>  ...
>>
>>  [printers]
>>  comment = All Printers
>>  path = /srv/share/spool
>>  browseable = Yes
>>  read only = No
>>  printable = Yes
>>
>>  [print$]
>>  comment = Point and Print Printer Drivers
>>  path = /srv/share/print
>>  browseable = Yes
>>  read only = No
>>  write list = root
>>
>> Checked the permissions on files and target directories:
>>
>>  # ls -l /usr/share/cups/drivers/
>>  total 2348
>>  -rw-r--r-- 1 root root 803 May 13 12:02 cups6.inf
>>  -rw-r--r-- 1 root root  72 May 13 12:02 cups6.ini
>>  -rw-r--r-- 1 root root   12568 May 13 12:02 cupsps6.dll
>>  -rw-r--r-- 1 root root   13672 May 13 12:02 cupsui6.dll
>>  -rwxr-xr-x 1 root root  728576 May 13 15:01 ps5ui.dll
>>  -rwxr-xr-x 1 root root  543232 May 13 15:01 pscript5.dll
>>  -rwxr-xr-x 1 root root   26038 May 13 15:01 pscript.hlp
>>  -rwxr-xr-x 1 root root 1060548 May 13 15:01 pscript.ntf
>>  #
>>  # ls -l /srv/share/print
>>  /srv/share/print:
>>  total 32
>>  drwxr-xr-x 2 root root 4096 May 12 23:13 COLOR
>>  drwxr-xr-x 2 root root 4096 May 12 23:13 IA64
>>  drwxr-xr-x 2 root root 4096 May 12 23:13 W32ALPHA
>>  drwxr-xr-x 2 root root 4096 May 12 23:13 W32MIPS
>>  drwxr-xr-x 2 root root 4096 May 12 23:13 W32PPC
>>  drwxr-xr-x 2 root root 4096 May 12 23:13 W32X86
>>  drwxr-xr-x 2 root root 4096 May 12 23:13 WIN40
>>  drwxr-xr-x 2 root root 4096 May 12 23:13 x64
>>
>>
>> Then ran cupsaddsmb to install the drivers into Samba:
>>
>>  # PATH=/usr/local/samba/bin:$PATH cupsaddsmb -v -H localhost -U root -a
>>  Password for root required to access localhost via SAMBA:
>>  Running command: smbclient //localhost/print$ -N -A /tmp/cupsjExFEC -c 
>> 'mkdir W32X86;put /tmp/cupshtyLSS
>>  W32X86/Cups-PDF.ppd;put /usr/share/cups/drivers/ps5ui.dll 
>> W32X86/ps5ui.dll;put /usr/share/cups/drivers/pscript.hlp
>>  W32X86/pscript.hlp;put /usr/share/cups/drivers/pscript.ntf 
>> W32X86/pscript.ntf;put
>>  /usr/share/cups/drivers/pscript5.dll W32X86/pscript5.dll'
>>  Domain=[XXX] OS=[Unix] Server=[Samba 4.0.5]
>>  NT_STATUS_OBJECT_NAME_COLLISION making remote directory \W32X86
>>  NT_STATUS_ACCESS_DENIED opening remote file \W32X86/Cups-PDF.ppd
>>  NT_STATUS_ACCESS_DENIED opening remote file \W32X86/ps5ui.dll
>>  NT_STATUS_ACCESS_DENIED opening remote file \W32X86/pscript.hlp
>>  NT_STATUS_ACCESS_DENIED opening remote file \W32X86/pscript.ntf
>>  NT_STATUS_ACCESS_DENIED opening remote file \W32X86/pscript5.dll
>>
>>
>> And I end up getting access errors.
>>
>> All the permissions look right.  I can manually create files in the 
>> directories as root.  I made sure that root user was
>> in smbpasswd.
>>
>> What I am missing here?
>>
>>
> Hi
> I don't think printing works with 4.0.5:
> https://bugzilla.samba.org/show_bug.cgi?id=9745
> We also get access denied errors when installing the drivers.
> Shall we add this tread to the bugzilla?
> Cheers,
> Steve
>

Done.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba4 CUPS: NT_STATUS_ACCESS_DENIED opening remote file

[Gerry Reno]

I'm setting up cups printing with Samba 4.0.5.

I downloaded both the windows drivers and the postscript drivers and put them 
into /usr/share/cups/drivers/.

I configured cups through the web interface.  Created a printer and printed a 
test page.

I edited smb.conf and put in the necessary entries for cups printing:

[global]
...
load printers = yes
printing = cups
printcap name = cups
...

[printers]
comment = All Printers
path = /srv/share/spool
browseable = Yes
read only = No
printable = Yes

[print$]
comment = Point and Print Printer Drivers
path = /srv/share/print
browseable = Yes
read only = No
write list = root

Checked the permissions on files and target directories:

# ls -l /usr/share/cups/drivers/
total 2348
-rw-r--r-- 1 root root 803 May 13 12:02 cups6.inf
-rw-r--r-- 1 root root  72 May 13 12:02 cups6.ini
-rw-r--r-- 1 root root   12568 May 13 12:02 cupsps6.dll
-rw-r--r-- 1 root root   13672 May 13 12:02 cupsui6.dll
-rwxr-xr-x 1 root root  728576 May 13 15:01 ps5ui.dll
-rwxr-xr-x 1 root root  543232 May 13 15:01 pscript5.dll
-rwxr-xr-x 1 root root   26038 May 13 15:01 pscript.hlp
-rwxr-xr-x 1 root root 1060548 May 13 15:01 pscript.ntf
#
# ls -l /srv/share/print
/srv/share/print:
total 32
drwxr-xr-x 2 root root 4096 May 12 23:13 COLOR
drwxr-xr-x 2 root root 4096 May 12 23:13 IA64
drwxr-xr-x 2 root root 4096 May 12 23:13 W32ALPHA
drwxr-xr-x 2 root root 4096 May 12 23:13 W32MIPS
drwxr-xr-x 2 root root 4096 May 12 23:13 W32PPC
drwxr-xr-x 2 root root 4096 May 12 23:13 W32X86
drwxr-xr-x 2 root root 4096 May 12 23:13 WIN40
drwxr-xr-x 2 root root 4096 May 12 23:13 x64


Then ran cupsaddsmb to install the drivers into Samba:

# PATH=/usr/local/samba/bin:$PATH cupsaddsmb -v -H localhost -U root -a
Password for root required to access localhost via SAMBA:
Running command: smbclient //localhost/print$ -N -A /tmp/cupsjExFEC -c 
'mkdir W32X86;put /tmp/cupshtyLSS
W32X86/Cups-PDF.ppd;put /usr/share/cups/drivers/ps5ui.dll 
W32X86/ps5ui.dll;put /usr/share/cups/drivers/pscript.hlp
W32X86/pscript.hlp;put /usr/share/cups/drivers/pscript.ntf 
W32X86/pscript.ntf;put
/usr/share/cups/drivers/pscript5.dll W32X86/pscript5.dll'
Domain=[XXX] OS=[Unix] Server=[Samba 4.0.5]
NT_STATUS_OBJECT_NAME_COLLISION making remote directory \W32X86
NT_STATUS_ACCESS_DENIED opening remote file \W32X86/Cups-PDF.ppd
NT_STATUS_ACCESS_DENIED opening remote file \W32X86/ps5ui.dll
NT_STATUS_ACCESS_DENIED opening remote file \W32X86/pscript.hlp
NT_STATUS_ACCESS_DENIED opening remote file \W32X86/pscript.ntf
NT_STATUS_ACCESS_DENIED opening remote file \W32X86/pscript5.dll


And I end up getting access errors.

All the permissions look right.  I can manually create files in the directories 
as root.  I made sure that root user was
in smbpasswd.

What I am missing here? 






-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Setting password expiration policy

[Gerry Reno]

Can I use samba-tool to globally set passwords to never expire like this:

/usr/local/samba/bin/samba-tool domain passwordsettings set --max-pwd-age=0


Or  do I have to set max age to some positive value and set expiration in ADUC 
when creating each user as "Password
never expires"?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba git: build error when upgrading

[Gerry Reno]

On 05/12/2013 02:18 AM, Andrew Bartlett wrote:
> On Sat, 2013-05-11 at 20:11 -0400, Gerry Reno wrote:
>
>> Running git clean -x -f -d  does not help:
>>
>> $ git clean -x -f -d
>> Removing .lock-wscript
>> Removing bin/
>> warning: failed to remove 'bin/'
> Remove bin/, using rootly powers if required.
>
> We moved some symlinks around, and that causes this error when re-using
> an old build tree.
>
> Andrew Bartlett
>

Thanks Andrew.   Removing the bin got things moving again.

But now I'm see some errors during the build.

$ sudo rm -rf bin
$ ./configure ...
'configure' finished successfully (1m16.736s)
$ make clean
'clean' finished successfully (1.304s)
$ make
...
[ 244/3871] Compiling IDL librpc/idl/auth.idl
...
/home/gerryr/build/samba4/librpc/idl/auth.idl:104: error: Unable to 
determine origin of type `struct cli_credentials'
/home/gerryr/build/samba4/librpc/idl/auth.idl:104: error: Unable to 
determine origin of type `struct cli_credentials'
...
[ 311/3871] Compiling IDL source4/librpc/idl/irpc.idl
...
/home/gerryr/build/samba4/source4/librpc/idl/irpc.idl:70: error: 
nbtd_information: [out] argument 'info' is not a
pointer or array, skip client functions
/home/gerryr/build/samba4/source4/librpc/idl/irpc.idl:83: error: 
nbtd_getdcname: [out] argument 'dcname' is a
pointer to type 'string', skip client functions
/home/gerryr/build/samba4/source4/librpc/idl/irpc.idl:91: error: 
nbtd_proxy_wins_challenge: [out] argument
'num_addrs' is not a pointer or array, skip client functions
/home/gerryr/build/samba4/source4/librpc/idl/irpc.idl:113: error: 
kdc_check_generic_kerberos: [out] argument
'generic_reply' is not a pointer or array, skip client functions
/home/gerryr/build/samba4/source4/librpc/idl/irpc.idl:159: error: 
smbsrv_information: [out] argument 'info' is not a
pointer or array, skip client functions
...
[ 316/3871] Compiling IDL source4/librpc/idl/winbind.idl
...
/home/gerryr/build/samba4/source4/librpc/idl/winbind.idl:35: error: 
winbind_SamLogon: [out] argument 'validation' is
not a pointer or array, skip client functions
...
'build' finished successfully (13m18.600s)



How critical are these build errors I'm seeing?





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba git: build error when upgrading

[Gerry Reno]

On 05/11/2013 06:43 PM, Gerry Reno wrote:
> Seeing a build problem after updating my git tree:
>
> $ git remote -v
> origingit://git.samba.org/samba.git (fetch)
> origingit://git.samba.org/samba.git (push)
>
> $ git pull
> $ ./configure ...
> $ make clean
> WAF_MAKE=1 python ./buildtools/bin/waf build
> ./buildtools/wafsamba/samba_utils.py:397: DeprecationWarning: the md5 
> module is deprecated; use hashlib instead
>   import md5
> Waf: Entering directory `/home/gerryr/build/samba4/bin'
> symlink: samba/__init__.py -> python/samba/__init__.py
> /home/gerryr/build/samba4/wscript: error: Traceback (most recent call 
> last):
>   File "/home/gerryr/build/samba4/buildtools/wafadmin/Utils.py", line 
> 647, in recurse
> exec(compile(txt, file_path, 'exec'), dc)
>   File "/home/gerryr/build/samba4/wscript_build", line 43, in 
> bld.RECURSE('python')
>   File "./buildtools/wafsamba/samba_utils.py", line 472, in RECURSE
> return ctx.add_subdirs(relpath)
>   File "/home/gerryr/build/samba4/buildtools/wafadmin/Build.py", line 
> 993, in add_subdirs
> self.recurse(dirs, 'build')
>   File "/home/gerryr/build/samba4/buildtools/wafadmin/Utils.py", line 
> 650, in recurse
> raise WscriptError("".join(traceback.format_exception(exc_type, 
> exc_value, tb)), base)
> WscriptError: /home/gerryr/build/samba4/python/wscript: error: Traceback 
> (most recent call last):
>   File "/home/gerryr/build/samba4/buildtools/wafadmin/Utils.py", line 
> 647, in recurse
> exec(compile(txt, file_path, 'exec'), dc)
>   File "/home/gerryr/build/samba4/python/wscript_build", line 37, in 
> 
> installdir='python')
>   File "./buildtools/wafsamba/wafsamba.py", line 685, in SAMBA_SCRIPT
> os.symlink(link_src, link_dst)
> OSError: [Errno 17] File exists
>
>
> Are there some files I should remove before upgrading my tree from 4.0.4 to 
> current?
>

Running git clean -x -f -d  does not help:

$ git clean -x -f -d
Removing .lock-wscript
Removing bin/
warning: failed to remove 'bin/'
Removing buildtools/wafadmin/Build.pyc
Removing buildtools/wafadmin/Configure.pyc
Removing buildtools/wafadmin/Constants.pyc
Removing buildtools/wafadmin/Environment.pyc
Removing buildtools/wafadmin/Logs.pyc
Removing buildtools/wafadmin/Node.pyc
Removing buildtools/wafadmin/Options.pyc
Removing buildtools/wafadmin/Runner.pyc
Removing buildtools/wafadmin/Scripting.pyc
Removing buildtools/wafadmin/Task.pyc
Removing buildtools/wafadmin/TaskGen.pyc
Removing buildtools/wafadmin/Tools/ar.pyc
Removing buildtools/wafadmin/Tools/cc.pyc
Removing buildtools/wafadmin/Tools/ccroot.pyc
Removing buildtools/wafadmin/Tools/compiler_cc.pyc
Removing buildtools/wafadmin/Tools/config_c.pyc
Removing buildtools/wafadmin/Tools/cxx.pyc
Removing buildtools/wafadmin/Tools/gcc.pyc
Removing buildtools/wafadmin/Tools/gnu_dirs.pyc
Removing buildtools/wafadmin/Tools/icc.pyc
Removing buildtools/wafadmin/Tools/intltool.pyc
Removing buildtools/wafadmin/Tools/perl.pyc
Removing buildtools/wafadmin/Tools/preproc.pyc
Removing buildtools/wafadmin/Tools/python.pyc
Removing buildtools/wafadmin/Tools/suncc.pyc
Removing buildtools/wafadmin/Utils.pyc
Removing buildtools/wafadmin/ansiterm.pyc
Removing buildtools/wafsamba/__init__.pyc
Removing buildtools/wafsamba/configure_file.pyc
Removing buildtools/wafsamba/gccdeps.pyc
Removing buildtools/wafsamba/generic_cc.pyc
Removing buildtools/wafsamba/hpuxcc.pyc
Removing buildtools/wafsamba/irixcc.pyc
Removing buildtools/wafsamba/pkgconfig.pyc
Removing buildtools/wafsamba/samba3.pyc
Removing buildtools/wafsamba/samba_abi.pyc
Removing buildtools/wafsamba/samba_autoconf.pyc
Removing buildtools/wafsamba/samba_autoproto.pyc
Removing buildtools/wafsamba/samba_bundled.pyc
Removing buildtools/wafsamba/samba_conftests.pyc
Removing buildtools/wafsamba/samba_cross.pyc
Removing buildtools/wafsamba/samba_deps.pyc
Removing buildtools/wafsamba/samba_dist.pyc
Removing buildtools/wafsamba/samba_headers.pyc
Removing buildtools/wafsamba/samba_install.pyc
Removing buildtools/wafsamba/samba_optimisation.pyc
Removing buildtools/wafsamba/samba_patterns.pyc
Removing buildtools/wafsamba/samba_pidl.pyc
Removing buildtools/wafsamba/samba_python.pyc
Removing buildtools/wafsamba/samba_utils.pyc
Removing buildtools/wafsamba/samba_version.pyc
Removing buildtools/wafsamba/samba_wildcard.pyc
Removing buildtools/wafsamba/stale_fi

[Samba] Samba git: build error when upgrading

[Gerry Reno]

Seeing a build problem after updating my git tree:

$ git remote -v
origingit://git.samba.org/samba.git (fetch)
origingit://git.samba.org/samba.git (push)

$ git pull
$ ./configure ...
$ make clean
WAF_MAKE=1 python ./buildtools/bin/waf build
./buildtools/wafsamba/samba_utils.py:397: DeprecationWarning: the md5 
module is deprecated; use hashlib instead
  import md5
Waf: Entering directory `/home/gerryr/build/samba4/bin'
symlink: samba/__init__.py -> python/samba/__init__.py
/home/gerryr/build/samba4/wscript: error: Traceback (most recent call last):
  File "/home/gerryr/build/samba4/buildtools/wafadmin/Utils.py", line 647, 
in recurse
exec(compile(txt, file_path, 'exec'), dc)
  File "/home/gerryr/build/samba4/wscript_build", line 43, in 
bld.RECURSE('python')
  File "./buildtools/wafsamba/samba_utils.py", line 472, in RECURSE
return ctx.add_subdirs(relpath)
  File "/home/gerryr/build/samba4/buildtools/wafadmin/Build.py", line 993, 
in add_subdirs
self.recurse(dirs, 'build')
  File "/home/gerryr/build/samba4/buildtools/wafadmin/Utils.py", line 650, 
in recurse
raise WscriptError("".join(traceback.format_exception(exc_type, 
exc_value, tb)), base)
WscriptError: /home/gerryr/build/samba4/python/wscript: error: Traceback 
(most recent call last):
  File "/home/gerryr/build/samba4/buildtools/wafadmin/Utils.py", line 647, 
in recurse
exec(compile(txt, file_path, 'exec'), dc)
  File "/home/gerryr/build/samba4/python/wscript_build", line 37, in 

installdir='python')
  File "./buildtools/wafsamba/wafsamba.py", line 685, in SAMBA_SCRIPT
os.symlink(link_src, link_dst)
OSError: [Errno 17] File exists


Are there some files I should remove before upgrading my tree from 4.0.4 to 
current?






-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Making users local administrators

[Gerry Reno]

On 03/21/2013 05:29 AM, L.P.H. van Belle wrote:
> DONT DO IT !!  
>
> This is Administrators 1ste rule !! 
> NEVER, but then NEVER giver users Administrator/PowerUser rights. 
>
> Do not give the users ability to install software, wrong wrong... 
>
> This is you trojans/Virussus etc come in your computer. 
>
> and if you do give these rights, 
> Do not install Adobe Flash, Adobe Reader, Java. ( especialy Java ) 
>
>
> Its simpel, without Admin rights on users, you pc is about 90% more safer. 
> if you also remove flash java adobe, you are about 99,5% safe. 
>
> If you have an application which needs extra rights. 
> Do it save, how...  
>
> 1 create a network group voor this App.. example PHOTOSHOPRIGHTS 
>
> Set in het registry, on the photoshop, the domain group to able to write.
> ( if needed, us a monitor tool to look which registry things need write 
> access ) 
>
> Set on the folder ) c:\program files\Photoshop ) the domain group to write. 
>
> Now you have a hole on the pc, but no trojan/virus is able to install itself.
>
> Good luck.  
>
> Louis
>
>

I would agree, Louis.

Giving out local admin rights is pretty much sysadmin suicide.

-Gerry


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] upgrade procedure

[Gerry Reno]

On 03/20/2013 09:17 PM, Gerry Reno wrote:
> On 03/19/2013 05:37 PM, Andrew Bartlett wrote:
>> On Tue, 2013-03-19 at 08:39 -0500, Cristian Saavedra wrote:
>>> Hello
>>>
>>> I'm upgrading to 4.0.4 as far as i remember the samba_upgradeprovision must 
>>> not be used, so i'm asking for the current upgrade procedure:
>>>
>>> - configure samba 4.0.4
>>> - make
>>> - create current samba backup (just in case)
>>> - killall samba process
>>> - make install
>>> - run samba
>>>
>>> After that, the new binaries are in place, should i do something else? run 
>>> an script? delete a file? anything?
>> The WHATSNEW includes a suggestion on how to fix the world-writeable
>> permissions on any additional file shares.  Make sure you do that. 
>>
>> Other than that, this looks correct.
>>
>> Andrew Bartlett
>>
> I have a clone of v4.0-stable which was 4.0.3 when I pulled.
>
> Do I just need to do a 'git pull'?  to get 4.0.4?  Or is 4.0.4 on some other 
> tag?
>
> -Gerry
>
>

git pull on v4.0-stable looks like it pulled in 4.0.4.  Building now.

-Gerry



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] upgrade procedure

[Gerry Reno]

On 03/19/2013 05:37 PM, Andrew Bartlett wrote:
> On Tue, 2013-03-19 at 08:39 -0500, Cristian Saavedra wrote:
>> Hello
>>
>> I'm upgrading to 4.0.4 as far as i remember the samba_upgradeprovision must 
>> not be used, so i'm asking for the current upgrade procedure:
>>
>> - configure samba 4.0.4
>> - make
>> - create current samba backup (just in case)
>> - killall samba process
>> - make install
>> - run samba
>>
>> After that, the new binaries are in place, should i do something else? run 
>> an script? delete a file? anything?
> The WHATSNEW includes a suggestion on how to fix the world-writeable
> permissions on any additional file shares.  Make sure you do that. 
>
> Other than that, this looks correct.
>
> Andrew Bartlett
>

I have a clone of v4.0-stable which was 4.0.3 when I pulled.

Do I just need to do a 'git pull'?  to get 4.0.4?  Or is 4.0.4 on some other 
tag?

-Gerry


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 AD DC and BIND

[Gerry Reno]

I spent the better part of this morning playing around with samba-tool dns and 
also nsupdate -g.

I was never able to add delegation records using this samba-tool dns.  It 
always kept giving me errors about dns name
not found. 

I was however fully successful at adding delegation records to samba when using 
the nsupdate -g.

Just a note in case anyone else has problems adding delegation records to samba.


-Gerry


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 AD DC and BIND

[Gerry Reno]

On 03/20/2013 08:59 AM, Gerry Reno wrote:
> On 03/20/2013 02:59 AM, Daniel Müller wrote:
>> /usr/local/samba/bin/samba-tool dns query yourdnshost.your.domain
>> your.domain @ ALL
>>
>> Ex: samba-tool dns query samba4.tplechler.kkh  tlechler.kkh @ ALL
>> Will do:
>> Password for [administra...@tplechler.kkh]:
>>
>>
>> Greetings Daniel
>>
>>
> Hi Daniel, yes you're correct.  That works with my BIND9 DLZ backend.
>
> When I use dns name for the samba machine, eg: samba.company.com then it 
> works both with and without Kerberos auth.  But
> if I use anything else, even the machine IP, it fails.   Seems like it should 
> work if you use the machine IP but it doesn't
>
>
> -Gerry

Correction, ok IP will work but just not using Kerberos.

-Gerry


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 AD DC and BIND

[Gerry Reno]

On 03/20/2013 02:59 AM, Daniel Müller wrote:
> /usr/local/samba/bin/samba-tool dns query yourdnshost.your.domain
> your.domain @ ALL
>
> Ex: samba-tool dns query samba4.tplechler.kkh  tlechler.kkh @ ALL
> Will do:
> Password for [administra...@tplechler.kkh]:
>
>
> Greetings Daniel
>
>

Hi Daniel, yes you're correct.  That works with my BIND9 DLZ backend.

When I use dns name for the samba machine, eg: samba.company.com then it works 
both with and without Kerberos auth.  But
if I use anything else, even the machine IP, it fails.   Seems like it should 
work if you use the machine IP but it doesn't


-Gerry
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 AD DC and BIND

[Gerry Reno]

On 03/19/2013 10:57 PM, Ricky Nance wrote:
> Try first a kinit administrator, then enter the administrator password, then 
> /usr/local/samba/bin/samba-tool dns query
> COMPANY.company.com  company.com 
>  @ ALL (notice no -U this time, and
> the format of host.realm instead of just host... I mistyped that in the last 
> message) and see if it works, this will
> cause that tool to use kerberos instead of the regular login.
>
> Ricky
>

Nope.

Did the kinit and got a good ticket.

# /usr/local/samba/bin/samba-tool dns query COMPANY.company.com company.com @ 
ALL
ERROR(runtime): uncaught exception - (-1073741772, 
'NT_STATUS_OBJECT_NAME_NOT_FOUND')
  File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 
175, in _run
return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py", 
line 970, in run
dns_conn = dns_connect(server, self.lp, self.creds)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py", 
line 37, in dns_connect
dns_conn = dnsserver.dnsserver(binding_str, lp, creds)

-Gerry


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 AD DC and BIND

[Gerry Reno]

On 03/19/2013 09:00 PM, Ricky Nance wrote:
> Try samba-tool dns query netbiosname company.com  @ ALL 
> -Uadministrator%HIDDEN (where netbiosname
> is generally the same as your computers hostname)... try to avoid using 
> 127.0.0.1 or localhost. Also that error is
> often signs of DNS server not running, so doublecheck that with netstat -anp 
> | grep 53 | grep "LISTEN ".
>
> Ricky
>

DNS is running just fine.  Otherwise I would not have gotten answers on the 
first good query.

# ps -ef | grep named
named93131013:36 ?00:00:00/usr/sbin/named  -u  named

And that last netbiosname style command gives this error:   

# /usr/local/samba/bin/samba-tool dns query COMPANY company.com @ ALL 
-Uadministrator%HIDDEN
ERROR(runtime): uncaught exception - (-1073741772, 
'NT_STATUS_OBJECT_NAME_NOT_FOUND')
  File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 
175, in _run
return self.run(*args, **kwargs)
  File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py", line 970, 
in run
dns_conn = dns_connect(server, self.lp, self.creds)
  File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py", line 37, 
in dns_connect
dns_conn = dnsserver.dnsserver(binding_str, lp, creds)

-Gerry


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 AD DC and BIND

[Gerry Reno]

On 03/19/2013 08:38 PM, Ricky Nance wrote:
> I seen this error recently myself, and haven't yet investigated whats going 
> on for sure, but I suspect its the way
> dns_connect is parsing everything (I seen it with the | or >) ... try with 
> -Uadministrator%password (replacing
> password to be the administrator password you use) and report back please.
>
> Ricky
>
If you search for a label that is in the DNS then the command succeeds.

If you search for a label that is not in the DNS it yields the following error:

/usr/local/samba/bin/samba-tool dns query 127.0.0.1 company.com 
www.company.com ALL -Uadministrator%HIDDEN
ERROR(runtime): uncaught exception - (9714, 
'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')
  File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 
175, in _run
return self.run(*args, **kwargs)
  File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py", line 974, 
in run
None, record_type, select_flags, None, None)


samba-tool behaving badly

-Gerry




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 AD DC and BIND

[Gerry Reno]

I have Samba 4 AD DC running with BIND9_DLZ.

I am trying to use samba-tool to administer dns but I keep getting this error:

# /usr/local/samba/bin/samba-tool dns query 127.0.0.1 company.com 
www.company.com ALL
Password for [COMPANY\root]:
Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for
50abc2a4-574d-40b3-9d66-ee4fd5fba076@ncacn_ip_tcp:127.0.0.1[1024,sign] 
NT_STATUS_NET_WRITE_FAULTERROR(runtime):
uncaught exception - (-1073741614, 'NT_STATUS_NET_WRITE_FAULT')
  File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 
175, in _run
return self.run(*args, **kwargs)
  File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py", line 970, 
in run
dns_conn = dns_connect(server, self.lp, self.creds)
  File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py", line 37, 
in dns_connect
dns_conn = dnsserver.dnsserver(binding_str, lp, creds)


What is this error?  And how do I get rid of it?

-Gerry


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 AD DC and BIND

[Gerry Reno]

On 03/17/2013 05:10 PM, Thomas Simmons wrote:
> Ideally you should not use the same domain name for your AD domain. Microsoft 
> used to use "domain.local" for a default
> configuration, but this can cause problems with certain external services 
> (Exchange/Office365 for example) and it also
> conflicts with some "local" Apple services if you have Macs on your networks. 
> You could also purchase and use
> "domain.net <http://domain.net>" if it's available. Finally, what I did was 
> use a sub-domain for AD (I used
> internal.domain.com <http://internal.domain.com> but others use ad.domain.com 
> <http://ad.domain.com>, etc...) If you
> really must use your external FQDN, a split-dns setup (your last statement) 
> is probably going to be your only option.
>
> On Sun, Mar 17, 2013 at 3:57 PM, Gerry Reno  <mailto:gr...@verizon.net>> wrote:
>
> When you setup Samba 4 AD DC using BIND9_DLZ and your domain has external 
> servers (eg: www,mail) at external providers
> this means that the ISP and the internal network nameservers will both 
> have SOA record for the domain.
>
> /etc/resolv.conf looks like this:
>
> domain company.com <http://company.com>
> nameserver 192.168.2.105
>
>
> /etc/named.conf contains:
>
> forwarders  { isp_nameservers; };
> recursion   yes;
>
> What is the preferred way to forward DNS requests to the ISP nameservers 
> in order to resolve the domain's external
> servers without using BIND views?
>
> Right now, all of Samba 4 AD DC DNS is working with the exception of 
> being able to resolve the domain's external
> servers.
>
> One solution could be to dump all our domain records at the ISP and 
> duplicate them in the AD DNS Zone which seems
> unnecessary.
>
> -Gerry
>

Please try to avoid top posting.


Certainly having different internal and external domains is easier, but I'm 
trying to work out the use case for how we
do it when the domain must be the same both internal and external.

Duping the records from the ISP works and we could live with this if necessary. 
 But I'm trying to avoid Split-DNS
solution and to find a way to use forwarding to do it without having to 
maintain duplicated records.


-Gerry

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 AD DC and BIND

[Gerry Reno]

When you setup Samba 4 AD DC using BIND9_DLZ and your domain has external 
servers (eg: www,mail) at external providers
this means that the ISP and the internal network nameservers will both have SOA 
record for the domain.

/etc/resolv.conf looks like this:

domain company.com
nameserver 192.168.2.105


/etc/named.conf contains:

forwarders  { isp_nameservers; };
recursion   yes;

What is the preferred way to forward DNS requests to the ISP nameservers in 
order to resolve the domain's external
servers without using BIND views?

Right now, all of Samba 4 AD DC DNS is working with the exception of being able 
to resolve the domain's external servers.

One solution could be to dump all our domain records at the ISP and duplicate 
them in the AD DNS Zone which seems
unnecessary.

-Gerry




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 AD DC and BIND

[Gerry Reno]

On 03/13/2013 01:39 PM, Gregory Sloop wrote:
>>>  If you are doing that,
>>> then I suggest you find a different way to operate - the AD DC is the
>>> security heart of the network, and should be more protected than that. 
> GR> My AD DC is not directly connected to the internet.   It is
> GR> behind an internet gateway router which has 53 open and
> GR> routing traffic to/from the BIND server on the AD DC.  Nothing unusual 
> about this.
>
> GR> The point of the split DNS and views is exactly to prevent
> GR> exposing internal network to the outside world.
>
> Which, to me at least, means that queries from the world are hitting
> the BIND server on your AD - which is *exactly* what Andrew was
> talking about.
>
> ...And when someone finds a way to compromise BIND, your AD is also
> totally compromised. It's probably a lot easier to burn down and
> rebuild a BIND server vs your whole AD infrastructure.
>
> I guess this whole branch of the discussion is essentially off-topic,
> but were I in your shoes, I'd be running a stand-alone BIND server
> completely separate from the AD for security as well as simplicity
> purposes. [Or moving the "external" DNS services into a service
> provider somewhere.]
>
> ...Or run it in a VM if you have to. Just don't, IMO, run a
> world-reachable BIND server as part of AD.
>
>


I have plenty of installations that are setup running separate DNS machines.  

Just not this one which is running just for some testing.















-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 AD DC and BIND

[Gerry Reno]

On 03/13/2013 12:53 AM, Andrew Bartlett wrote:
> On Mon, 2013-03-11 at 19:16 -0400, Gerry Reno wrote:
>> Since I am using views, where should I include the provision-generated 
>> named.conf?
>>
>> Just in the local network view?
> Why are you using views?
>
> My understanding is that these are normally used when external clients
> and internal clients may hit the same name server.  That implies that
> there is direct internet access to your AD DC.  If you are doing that,
> then I suggest you find a different way to operate - the AD DC is the
> security heart of the network, and should be more protected than that. 
>
> One approach is to have your DNS server (with views) use a zone of type
> 'forward' to point at the Samba server, which would not need to know
> about these complex thigs. 
>
> Otherwise, if you insist you will have to manually determine how the
> view statements and the include statements interact.  This hasn't ever
> been done before, and I don't know if the dlz module is compatible with
> that, as it dynamically creates the zones. 
>
> Andrew Bartlett
>

My AD DC is not directly connected to the internet.   It is behind an internet 
gateway router which has 53 open and
routing traffic to/from the BIND server on the AD DC.  Nothing unusual about 
this.

The point of the split DNS and views is exactly to prevent exposing internal 
network to the outside world.

I am going to try the dlz with the views.  I can think of no reason why it 
should not work.  If I run into trouble I'll
post back.

-Gerry


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 AD DC and BIND

[Gerry Reno]

On 03/11/2013 08:50 PM, Ricky Nance wrote:
> I am not 100% sure, but anywhere in the named.conf config should be 
> sufficient, DLZ is Dynamically Loadable Zones, so
> samba ends up being its own zone as far as I know.
>
> Ricky
>
>
> On Mon, Mar 11, 2013 at 7:43 PM, Gerry Reno  <mailto:gr...@verizon.net>> wrote:
>
> On 03/11/2013 08:27 PM, Ricky Nance wrote:
> > Sorry I don't understand what you mean by views... the provision 
> generated named.conf should be inserted into your
> > /etc/named/named.conf (again this varies on different distros) as an 
> include directive, it is not meant to be a full
> > named.conf.
> >
>     > Ricky
> >
> >
> > On Mon, Mar 11, 2013 at 6:16 PM, Gerry Reno  <mailto:gr...@verizon.net>
> <mailto:gr...@verizon.net <mailto:gr...@verizon.net>>> wrote:
> >
> > Since I am using views, where should I include the 
> provision-generated named.conf?
> >
> > Just in the local network view?
> >
> > -Gerry
> >
>
> This is BIND views:   
> http://www.cyberciti.biz/faq/linux-unix-bind9-named-configure-views/
>
> aka  Split-DNS  related to Stealth-DNS.
>
> My question is asking where in our main named.conf do we include this 
> provision-generated named.conf when we are using
> BIND views.
>
> -Gerry
>

Ricky, that will not work.   By definition, all zones need to be inside of one 
or more views when you are using views.  
So we need to know in what view(s) we need to include this file.

-Gerry

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 AD DC and BIND

[Gerry Reno]

On 03/11/2013 08:27 PM, Ricky Nance wrote:
> Sorry I don't understand what you mean by views... the provision generated 
> named.conf should be inserted into your
> /etc/named/named.conf (again this varies on different distros) as an include 
> directive, it is not meant to be a full
> named.conf.
>
> Ricky
>
>
> On Mon, Mar 11, 2013 at 6:16 PM, Gerry Reno  <mailto:gr...@verizon.net>> wrote:
>
> Since I am using views, where should I include the provision-generated 
> named.conf?
>
> Just in the local network view?
>
> -Gerry
>

This is BIND views:   
http://www.cyberciti.biz/faq/linux-unix-bind9-named-configure-views/

aka  Split-DNS  related to Stealth-DNS.

My question is asking where in our main named.conf do we include this 
provision-generated named.conf when we are using
BIND views.

-Gerry

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 AD DC as file server?

[Gerry Reno]

On 03/11/2013 06:34 PM, Andrew Bartlett wrote:
> On Tue, 2013-03-12 at 01:30 +0800, d tbsky wrote:
>> hi:
>>I want to setup a small samba4 server with AD and file server function.
>> I know that samba4 AD DC has no netbios browsing support. are there other
>> missing functions, like winbindd or something else?
> The next release will include this patch, which avoids mistakenly
> creating world-writeable files in additional file shares. 
>
>>   and if I install two samba4 instance, one to "/usr/local/samba"(for file
>> server), one to "/usr/local/samba-ad"(for AD DC). and give them two seprate
>> ip to bind. will it work better?
> No, it would need to be a different virtual machine (you can only have
> one winbind per machine, and the different winbind is most important
> difference between the operating modes). 
>
> Andrew Bartlett
>
>

Are you saying that it is not possible to use a Samba 4 AD DC as a file server?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 AD DC and BIND

[Gerry Reno]

Since I am using views, where should I include the provision-generated 
named.conf?

Just in the local network view?

-Gerry

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 provision password complexity error

[Gerry Reno]

On 03/11/2013 06:32 PM, Andrew Bartlett wrote:
> On Sun, 2013-03-10 at 22:21 -0400, Gerry Reno wrote:
>> I am trying to provision my samba 4 domain and even though I have 
>> deactivated password complexity using the samba-tool I
>> still receive this error during the provision:
>>
>> ERROR(ldb): uncaught exception - 052D: Constraint violation - 
>> check_password_restrictions: the password does not
>> meet the complexity criteria!
>>
>>
>> Is this a known issue or do I need to do something else to get this working 
>> (not counting making the password more complex)?
> Just make the password more complex.  This is by design, because
> provision resets the password complexity settings (and all other
> settings).
>
> You may reset the settings and then reset the admin password with
> 'samba-tool user setpassword administrator' later if you really, really
> must so dramatically reduce the security of your network.
>
> Andrew Bartlett
>

Thanks Andrew.

I already did that.  My point about password complexity in general is that no 
two orgs define it by the same criteria. 
And that gets annoying after a while.

I set complexity off and set the password using our own complexity.   Plenty 
secure.

Gerry


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 AD DC and BIND

[Gerry Reno]

On 03/11/2013 12:53 PM, Ricky Nance wrote:
> With the BIND9_DLZ backend, bind actually handles the forwarding, so you will 
> need to set that up in your named conf,
> something like the following:
>
> options {
> forwarders { 192.249.249.1; 192.249.249.3; };
> };
>
> Although, some distros break apart the named stuff, so you may need to find 
> information specific to your distro on this.
>
> Ricky
>
>
> On Mon, Mar 11, 2013 at 11:30 AM, Gerry Reno  <mailto:gr...@verizon.net>> wrote:
>
> When I ran the provision I selected BIND9_DLZ.
>
> The provision did not prompt me for a DNS forwarder IP.
>
> So after the provision finished I entered the DNS forwarder IP manually 
> into smb.conf.
>
> Should the provision have prompted for the DNS forwarder IP?
>
>

Thanks.  That makes sense.  So the provision only prompts for the DNS forwarder 
IP when you select SAMBA_INTERNAL as the
DNS backend.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 AD DC and BIND

[Gerry Reno]

When I ran the provision I selected BIND9_DLZ.

The provision did not prompt me for a DNS forwarder IP.

So after the provision finished I entered the DNS forwarder IP manually into 
smb.conf.

Should the provision have prompted for the DNS forwarder IP?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 AD DC and BIND

[Gerry Reno]

On 03/11/2013 03:52 AM, Daniel Müller wrote:
> I think it is NO.
> If you think about what bind is doing?!: bind needs to read/write in
> ex.:/usr/local/samba/private/dns and reads
> /usr/local/samba/private/named.conf. 
> In my case the named conf: 
> dlz "AD DNS Zone" {
> # For BIND 9.8.0
> database "dlopen /usr/local/samba/lib/bind9/dlz_bind9.so";
>
> In my production environment I point bind on my samba4 ads to addresses
> outside the domain with the forwarder option to another
> bind running.
>
> Greetings
> Daniel
>
>
>
> ---
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: muel...@tropenklinik.de
> Internet: www.tropenklinik.de
> ---
> -Ursprüngliche Nachricht-
> Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
> Auftrag von Gerry Reno
> Gesendet: Sonntag, 10. März 2013 14:14
> An: samba@lists.samba.org
> Betreff: [Samba] Samba 4 AD DC and BIND
>
> When setting up Samba 4 AD DC to use BIND DNS is it possible to use BIND
> located on a separate server?
>
> Or do you need to run BIND on the same machine as Samba 4 AD DC?
>
>
Thanks.   That is how I ended up setting it up with a forwarder to the existing 
BIND server in the network.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 provision password complexity error

[Gerry Reno]

On 03/11/2013 01:09 AM, Gregory Sloop wrote:
> GR> Ok I finally gave up and made something really complex:   Administrator1
>
> GR> Boy, we feel really secure now.:rolleyes:
>
>
> GR> RANT:  I wish people would stop all this complexity nonsense and
> GR> just let people set their passwords how they want to
> GR> set them.
>
> I really hope you're venting at Microsoft who set the standard 
Them and at all orgs that set these kind of ridiculous complexity restrictions. 
 None of which are the same. 


> [Not to mention a poke in the Samba Devs' eyes
> about what you have not paid a penny for.]
>
Certainly not.  It was a general complaint about all this complexity nonsense.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 provision password complexity error

[Gerry Reno]

On 03/10/2013 10:39 PM, Gerry Reno wrote:
> On 03/10/2013 10:21 PM, Gerry Reno wrote:
>> I am trying to provision my samba 4 domain and even though I have 
>> deactivated password complexity using the samba-tool I
>> still receive this error during the provision:
>>
>> ERROR(ldb): uncaught exception - 052D: Constraint violation - 
>> check_password_restrictions: the password does not
>> meet the complexity criteria!
>>
>>
>> Is this a known issue or do I need to do something else to get this working 
>> (not counting making the password more complex)?
>>
>>
> When I check the complexity before the provision it is off.
>
> When I check the complexity after the error it is on !!
>
> Something is turning the complexity back on during the provision.   BUG
>
>
>

Ok I finally gave up and made something really complex:   Administrator1

Boy, we feel really secure now.:rolleyes:


RANT:  I wish people would stop all this complexity nonsense and just let 
people set their passwords how they want to
set them.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 provision password complexity error

[Gerry Reno]

On 03/10/2013 10:21 PM, Gerry Reno wrote:
> I am trying to provision my samba 4 domain and even though I have deactivated 
> password complexity using the samba-tool I
> still receive this error during the provision:
>
> ERROR(ldb): uncaught exception - 052D: Constraint violation - 
> check_password_restrictions: the password does not
> meet the complexity criteria!
>
>
> Is this a known issue or do I need to do something else to get this working 
> (not counting making the password more complex)?
>
>

When I check the complexity before the provision it is off.

When I check the complexity after the error it is on !!

Something is turning the complexity back on during the provision.   BUG



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba4 provision password complexity error

[Gerry Reno]

I am trying to provision my samba 4 domain and even though I have deactivated 
password complexity using the samba-tool I
still receive this error during the provision:

ERROR(ldb): uncaught exception - 052D: Constraint violation - 
check_password_restrictions: the password does not
meet the complexity criteria!


Is this a known issue or do I need to do something else to get this working 
(not counting making the password more complex)?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 4 AD DC and BIND

[Gerry Reno]

When setting up Samba 4 AD DC to use BIND DNS is it possible to use BIND 
located on a separate server?

Or do you need to run BIND on the same machine as Samba 4 AD DC?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] sysvolreset failing on glusterfs

[Gerry Reno]

Do you have extended attributes enabled on your glusterfs filesystem?

Out of curiosity, what version of glusterfs are you seeing this problem?



On 03/06/2013 04:21 PM, Andreas Gaiser wrote:
> thanks for your answer.
>
> I don't think it's a permission issue, as the script is invoked as root
> and I don't think it's changing its uid.
>
> I've had a look into the code and what I see is, it's somewhat selective
> about the method to set ACLs depending on the filesystem AFAIR. The
> stack trace only shows the python part. The actual error results from C
> code. Setting ACLs using a windows client seems to work.
>
> Furthermore, if I'm mounting the glusterfs volume, in the mount list,
> the acl option is not shown.
>
> I think somewhere a decision about the availabilty of ACLs is going wrong.
>
> Very funny, at one occasion it did work, though complaining after
> minutes of activity, and ACLs were present after that (can't tell if
> they're correct). But this part is not well reproducable. In fact there
> is no reasonable way to do a sysvolreset at the moment, lengthening my
> list of issues.
>
> Andreas
>
> On 06.03.13 17:44, Mr J Potter wrote:
>> Hi,
>> I had similar problems with gluster. I set up a gluster sysvol first
>> then tried provisioning and it failed with the same error. So it maybe
>> to do with permissions on the sysvol folder itself?
>>
>> It worked if I set up dc and bdc each with local sysvols then moved them
>> onto gluster.
>>
>> Jim
>>
>> On Mar 3, 2013 5:32 PM, "Andreas Gaiser/L" > > wrote:
>>> Hi,
>>>
>>>
>>> I'm trying to setup a domain with two DCs based on 4.0.3. Following some
>>> hint, I wanna use glusterfs for the sysvol. Glusterfs it runs nicely. I
>>> can set acls on both machines using setfacl and the other one lists them
>>> almost immediately with getfacl.
>>>
>>> But running "samba-tool ntacl sysvolreset is failing badly giving the
>>> following error.
>>>
>>> In a later attempt, without significant changes I remember, the script
>>> more or less seemed to work and created indeed ACEs, but still came up
>>> with this error after some minutes.
>>>
>>> root@dc1:~# samba-tool ntacl sysvolreset
>>> set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_NOT_SUPPORTED.
>>> ERROR(runtime): uncaught exception - (-1073741637,
>>> 'NT_STATUS_NOT_SUPPORTED')
>>>   File
>>> "/opt/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py", line
>>> 175, in _run
>>> return self.run(*args, **kwargs)
>>>   File "/opt/samba/lib/python2.6/site-packages/samba/netcmd/ntacl.py",
>>> line 214, in run
>>> lp, use_ntvfs=use_ntvfs)
>>>   File
>>> "/opt/samba/lib/python2.6/site-packages/samba/provision/__init__.py",
>>> line 1563, in setsysvolacl
>>> setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs,
>>> skip_invalid_chown=True, passdb=s4_passdb)
>>>   File "/opt/samba/lib/python2.6/site-packages/samba/ntacls.py", line
>>> 154, in setntacl
>>> smbd.set_nt_acl(file, security.SECINFO_OWNER |
>>> security.SECINFO_GROUP | security.SECINFO_DACL |
>> security.SECINFO_SACL, sd)
>>> Running mount is showing the target fs without ACLs, although they do
>>> work, as said before, and although I do have mounted the fs using -o
>>> acl,rw. The underlying ext3 fs is of cause running with acls enabled,
>>> too. This is what mount looks like for the involved fs's:
>>>
>>> fusectl on /sys/fs/fuse/connections type fusectl (rw)
>>> /dev/xvda3 on /var/glusterfs/brick1 type ext3 (rw,acl,user_xattr)
>>> localhost:/dc-vol on /export/dc-vol type fuse.glusterfs
>>> (rw,allow_other,max_read=131072)
>>>
>>>
>>> Andreas
>>> --
>>> Andreas Gaiser, Berlin, Germany
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 4 using MIT Kerberos

[Gerry Reno]

I've been looking around trying to find status on Samba 4 AD DC using MIT 
Kerberos and didn't find anything real recent.

Most of the wiki, list posts I see are about a year old talking about this.

I'd like to know if there has been progress on this.  Is it 0% , 99%?

I saw that Fedora  F18 had Samba 4 but if you enable AD DC then it breaks or is 
incompatible with other packages using
MIT Kerberos which is basically anything using kerberos in Fedora.


Can someone from Samba comment on the state of things regarding Samba 4 AD DC 
using MIT Kerberos.   And if possible as
it relates to Fedora/CentOS/RedHat.

Thanks.


-Gerry


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba