Re: [Samba] MS Access macro's running very slowly
Looks like increasing the send and receive buffers has done the trick so far - although that page has given me a few extra things to look at/think about in the future. Thanks for that. From: Gerald Drouillard [EMAIL PROTECTED] Organization: Drouillard Associates, Inc. Date: Fri, 04 Nov 2005 14:06:58 -0500 To: Gibbs, Simon [EMAIL PROTECTED] Cc: samba@lists.samba.org samba@lists.samba.org Subject: Re: [Samba] MS Access macro's running very slowly Gibbs, Simon wrote: Hi, I¹ve recently migrated to a Samba3 server and everything seems to be running well apart from a problem with some users that run macros in MS Access. I¹m told that a process which used to take 15min on the old W2K server took over an hour on the new samba box. After having a scan through the archives I think the problem may be related to oplocks/locking but I¹m pretty sure I¹ve got these setup OK. Checking usage through top and vmstat shows that the server isn¹t overloaded so I guess there may be a problem in my config somewhere. If anyone has any ideas please let me know. Thanks Have a look at: http://drouillard.ca/TipsTricks/Samba/Oplocks.htm -- Regards -- Gerald Drouillard Technology Architect Drouillard Associates, Inc. http://www.Drouillard.ca The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by TF Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] MS Access macro's running very slowly
Hi, I¹ve recently migrated to a Samba3 server and everything seems to be running well apart from a problem with some users that run macros in MS Access. I¹m told that a process which used to take 15min on the old W2K server took over an hour on the new samba box. After having a scan through the archives I think the problem may be related to oplocks/locking but I¹m pretty sure I¹ve got these setup OK. Checking usage through top and vmstat shows that the server isn¹t overloaded so I guess there may be a problem in my config somewhere. If anyone has any ideas please let me know. Thanks The box is running RHEL4, kernel version 2.6.9-11.ELsmp and samba-3.0.10-1.4E. smb.conf is as follows: [global] # General Settings netbios name = UKFS01 server string = UKFS01 Samba Server template homedir = /mnt/emcpowerb/user/%D/%U # template shell = /bin/bash admin users = @Domain Admins # Active Directory/Winbind Settings workgroup = xx winbind separator = / password server = security = ADS realm = xx winbind use default domain = yes # Winbind LDAP/IDMAP Settings ldap ssl = no idmap uid = 1-1000 idmap gid = 1-1000 ldap admin dn = cn=,dc=xx,dc=,dc= ldap idmap suffix = ou=Idmap ldap suffix = dc=,dc=,dc= idmap backend = ldap:ldap://x.x.x.x # winbind enum users = yes # winbind enum groups = yes # Network Configuration ;socket address = ;bind interfaces = ;bind interfaces only = socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Tuning parameters #encrypt passwords = yes browseable = yes username map = /etc/samba/smbusers hide dot files = yes case sensitive = no preserve case = yes acl compatibility = auto write cache size = 262144 # for a 256k cache size per file max xmit = 65535 dead time = 15 getwd cache = yes large readwrite = yes inherit acls = yes inherit permissions = yes nt acl support = yes map acl inherit = yes map archive = yes security mask = 0777 enhanced browsing = yes client use spnego = yes use spnego = yes defer sharing violations = true fake oplocks = no kernel oplocks = yes level2 oplocks = yes oplock break wait time = 0 oplock contention limit = 2 oplocks = yes veto oplock files = /*.mdb/*.MDB/*.ldb/*.LDB/ posix locking = yes blocking locks = yes lock spin count = 30 # Logging Information #log level = 10 ads:10 auth:10 sam:10 rpc:10 idmap:10 log level = 1 syslog = 1 log file = /var/log/samba/%m max log size = 50 # Share Definitions == [LMIUData] comment = LMIU Data Share path = /mnt/emcpowera/data/LMIUData public = yes browseable = yes writeable = yes nt acl support = true force unknown acl user = yes admin users = @Domain Admins The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by TF Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Data migration using net rpc share migrate
NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_start_connection(1388) Connecting to host=127.0.0.1 [2005/09/15 15:17:21, 3] lib/util_sock.c:open_socket_out(752) Connecting to 127.0.0.1 at port 445 [2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(713) Doing spnego session setup (blob length=98) [2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738) got OID=1 2 840 113554 1 2 2 [2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738) got OID=1 2 840 48018 1 2 2 [2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738) got OID=1 3 6 1 4 1 311 2 2 10 [2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(745) got [EMAIL PROTECTED] [2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(878) Got challenge flags: [2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60890215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(900) NTLMSSP: Set final flags: [2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2005/09/15 15:17:21, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2005/09/15 15:17:21, 3] utils/net_rpc.c:sync_files(2763) calling cli_list with mask: \* [2005/09/15 15:17:21, 3] libsmb/clilist.c:cli_list_new(310) received 33 entries (eos=1) [2005/09/15 15:17:21, 3] utils/net_rpc.c:copy_fn(2674) got mask: \*, name: 3DP-2KXP-2181.exe [2005/09/15 15:17:21, 3] utils/net_rpc.c:copy_fn(2719) got file: \3DP-2KXP-2181.exe opening file \3DP-2KXP-2181.exe on originating server opening file \3DP-2KXP-2181.exe on destination server copying [\\10.36.32.36\Build$\3DP-2KXP-2181.exe] = [\\127.0.0.1\Build$\3DP-2KXP-2181.exe] with ACLs and with DOS Attributes (preserving timestamps) opening file \3DP-2KXP-2181.exe on originating server DACL ACL Num ACEs: 1 revision: 2 --- ACE type: ACCESS ALLOWED (0) flags: 16 Specific bits: 0x1ff Permissions: 0x1f01ff: SYNCHRONIZE_ACCESS WRITE_OWNER_ACCESS WRITE_DAC_ACCESS READ_CONTROL_ACCESS DELETE_ACCESS SID: S-1-5-21-25276289-2414859457-3260481563-2975 Owner SID: S-1-5-21-25276289-2414859457-3260481563-2975 Parent SID: S-1-5-21-1547161642-839522115-682003330-513 [2005/09/15 15:17:32, 1] libsmb/clisecdesc.c:cli_set_secdesc(127) NT_TRANSACT_SET_SECURITY_DESC failed [2005/09/15 15:17:32, 0] utils/net_rpc_printer.c:net_copy_fileattr(384) could not set secdesc on \3DP-2KXP-2181.exe: NT_STATUS_ACCESS_DENIED could not copy file \3DP-2KXP-2181.exe: NT_STATUS_ACCESS_DENIE Thanks, Simon From: Guenther Deschner [EMAIL PROTECTED] Date: Tue, 6 Sep 2005 12:25:30 +0200 To: Gibbs, Simon [EMAIL PROTECTED] Cc: samba@lists.samba.org samba@lists.samba.org Subject: Re: [Samba] Data migration using net rpc share migrate Hi, On Mon, Sep 05, 2005 at 05:04:04PM +0100, Gibbs, Simon wrote: Hi, I¹m in the process of testing out the net rpc share migrate data migration tool but keep running into an error message when using the --acl option. I¹m testing using the following command: net rpc share migrate files -S 10.36.32.36 --acls --attrs --timestamps -v -U gibbss but get with this error for each file in the share: [2005/09/05 16:50:02, 0] utils/net_rpc_printer.c:net_copy_fileattr(384) could not set secdesc on \WinAXE_Plus_v7\xwpdllid.dll: NT_STATUS_ACCESS_DENIED could not copy file \WinAXE_Plus_v7\xwpdllid.dll: NT_STATUS_ACCESS_DENIED Each file copies OK and the timestamp is correct but none of the ACL¹s are there. ACL/xattrs mount options have already been added to the filesystem and I can use setfacl/getfacl so can¹t see a problem with ACL support and the share is on a PC logged in with the user account specified so all the files are owned by that account. I guess this must be a permission problem somewhere but can¹t think what it may be. Can anyone point me in the right direction? this can happen because of: - smbd not being built
[Samba] Data migration using net rpc share migrate
Hi, I¹m in the process of testing out the net rpc share migrate data migration tool but keep running into an error message when using the --acl option. I¹m testing using the following command: net rpc share migrate files -S 10.36.32.36 --acls --attrs --timestamps -v -U gibbss but get with this error for each file in the share: [2005/09/05 16:50:02, 0] utils/net_rpc_printer.c:net_copy_fileattr(384) could not set secdesc on \WinAXE_Plus_v7\xwpdllid.dll: NT_STATUS_ACCESS_DENIED could not copy file \WinAXE_Plus_v7\xwpdllid.dll: NT_STATUS_ACCESS_DENIED Each file copies OK and the timestamp is correct but none of the ACL¹s are there. ACL/xattrs mount options have already been added to the filesystem and I can use setfacl/getfacl so can¹t see a problem with ACL support and the share is on a PC logged in with the user account specified so all the files are owned by that account. I guess this must be a permission problem somewhere but can¹t think what it may be. Can anyone point me in the right direction? Thanks, Simon The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by TF Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting Winbind IDMAP into LDAP?
Hi, The uidNumber and gidNumber are in already in LDAP - they're shown using ldapsearch but not slapcat. I think they automatically get added by samba. Thanks, Simon From: Sam [EMAIL PROTECTED] Newsgroups: linux.samba Date: Tue, 16 Aug 2005 11:16:10 +1000 To: Gibbs, Simon [EMAIL PROTECTED] Subject: Re: [Samba] Getting Winbind IDMAP into LDAP? snip idmap uid = 1-1000 idmap gid = 1-1000 snip [EMAIL PROTECTED] etc]# slapcat | grep -i IDMAP o: Samba Idmap Directory dn: ou=Idmap,dc=uk,dc=corplan,dc=net ou: idmap I've googled about a bit and haven't bee able to find to much except this in ur LDIF used to populate LDAP add gidNumber: 1 uidNumber: 1 this provides initial seed for IDMAP. Thats how it worked for me. YMMV. Lookfor LDAP debug logs for more clues about its failure wrt LDAP connection. regards Shirish [EMAIL PROTECTED] The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by TF Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Getting Winbind IDMAP into LDAP?
Hi Gints, Changing nsswitch.conf from: passwd: files ldap group: files ldap to passwd: files winbind group: files winbind did the trick. Running getent passwd/group began populating LDAP and I can search all the records using ldapsearch and slapcat. Would this be an error in the documentation as (unless I was reading the wrong section) it uses the ldap entries in it's example? My one concern is that when winbind is stopped and restarted the winbindd_idmap.tdb and winbindd_cache.tdb files are recreated and entries are added. Would this be expected? I guess I can test this today when I begin configuring a second node. Thanks for your help. Simon From: gints neimanis [EMAIL PROTECTED] Date: Tue, 16 Aug 2005 11:57:48 +0300 To: Gibbs, Simon [EMAIL PROTECTED], samba@lists.samba.org Subject: Re: Getting Winbind IDMAP into LDAP? Hi, to use ldap as winbind idamp backend, you don't need the NSS_LDAP at all. All queries and updates to ldap is performed by winbind itself. Your smb.conf looks fine. You may check 2 things: * Have you stored the LDAP Manager password to LDAP database with command smbpasswd -w 'verysecretldapmanager password' ? * and look if you have added winbind to /etc/nsswitch.conf (and then command getent passwd should show all domain users with id from ldap)? like: === ... passwd: files winbind group: files winbind ... === Next - you may increase the loglevel (loglevel 256) for LDAP server and look in ldap messages what is wrong in connection. Gints Gibbs, Simon wrote: Hi, I?ve been trying to populate an LDAP directory with IDMAP information from Winbind using NSS_LDAP without much success over the last week. Can anybody tell me if I?ve done anything obviously wrong? I?ve followed the example shown in the Samba ?By Example? doc and am at the stage where the LDAP directory has been created and configured, NSS_LDAP config is amended, smb.conf contains entries to use LDAP as a backend and I have deleted /var/cache/samba/winbindd_cache.tdb and winbindd_idmap.tdb. Now wbinfo ?u and wbinfo ?g show users and groups on the domain but getent passwd/groups only displays local users. The winbindd_cache.tdb and winbindd_idmap.tdb files have been recreated but only winbindd_cache.tdb holds any information. When I attempt to access a Samba share I?m prompted to enter a username and password. As I understand it once the wbinfo commands have been run this process should automatically populate the Idmap ou with the ID mappings ? is this correct? If so there must be something wrong with my config. Here?s the current config and relevent info ? sorry it?s a bit long: /etc/samba/smb.conf [global] workgroup = UKCORPLAN netbios name = UKFS01 server string = UKFS01 Samba Server winbind separator = / ldap ssl = no idmap uid = 1-1000 idmap gid = 1-1000 ldap admin dn = cn=Manager,dc=uk,dc=corplan,dc=net ldap idmap suffix = ou=Idmap ldap suffix = dc=uk,dc=corplan,dc=net idmap backend = ldap:ldap://10.10.4.111/ winbind enum users = yes winbind enum groups = yes template homedir = /mnt/emcpowerb/user/%D/%U template shell = /bin/bash password server = ukdc01.uk.corplan.net security = ADS #encrypt passwords = yes realm = uk.corplan.net browseable = yes username map = /etc/samba/smbusers log level = 10 ads:10 auth:10 sam:10 rpc:10 idmap:10 syslog = 0 log file = /var/log/samba/%m max log size = 50 # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes [public] comment = Public Stuff path = /home/samba public = yes read only = no [test] comment = test share path = /mnt/emcpowera/shared/test public = yes browseable = yes writeable = yes /etc/nsswitch.conf passwd: files ldap shadow: files ldap group: files ldap #hosts: db files nisplus nis dns hosts: files dns /etc/openldap/slapd.conf # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # ## schema files (core.schema is required by default) include /etc/openldap/schema/core.schema ## needed for sambaSamAccount include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema # Allow LDAPv2 client connections. This is NOT the default. allow bind_v2 # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/slapd.pid argsfile/var/run/slapd.args # Load dynamic backend modules: # modulepath/usr/sbin/openldap # moduleloadback_bdb.la # moduleloadback_ldap.la # moduleloadback_ldbm.la # moduleloadback_passwd.la # moduleload
Re: [Samba] Re: Getting Winbind IDMAP into LDAP?
Hi John, I was using the online By-Example documentation at: http://us3.samba.org/samba/docs/man/Samba-Guide/unixclients.html#id2579097 Starting at the sub heading IDMAP Storage in LDAP using Winbind. The example that appears to be incorrect is related to /etc/nsswitch.conf: ... passwd: files ldap shadow: files ldap group: files ldap ... hosts: files wins ... The correct entries (working for me now) are: ... passwd: files winbind shadow: files group: files winbind ... hosts: files dns (we don't use wins) From a personal point of view it would have been useful to have an additional entry in this section explaining how the the idmap ou is populated, but I guess you can figure it out in the end. Hope this helps, Simon From: John H Terpstra [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 16 Aug 2005 08:46:45 -0600 To: samba@lists.samba.org Cc: gints neimanis [EMAIL PROTECTED], Gibbs, Simon [EMAIL PROTECTED] Subject: Re: [Samba] Re: Getting Winbind IDMAP into LDAP? On Tuesday 16 August 2005 04:27, gints neimanis wrote: Hi Simon, I thnik it is not the error in documentation (I don't know about which chapter we are talking :)). I have reviewed the documentation on IDMAP in LDAP and it looks to me like something got deleted from the documentation sources somewhere in the editing cycle. That is why I would like to know precisely what version and section of the documentation has been referred to. I will fix any weaknesses, or lack of clarity, that can be uncovered. If you use winbdind authentication (+ idmap/ldap) only, you don't need the NSS_LDAP. Correct. But if you build a domain, where all user data is stored in LDAP, then you may authenticate users (from *nix) directly to LDAP database - and then you should use the NSS_LDAP (and Windows clients are using (SAMBA)Domain authentication. And the Samba guides are more explaining how to build the full Samba domain with LDAP backend. Correct. Cheers, John T. The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by TF Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Getting Winbind IDMAP into LDAP?
Hi, I¹ve been trying to populate an LDAP directory with IDMAP information from Winbind using NSS_LDAP without much success over the last week. Can anybody tell me if I¹ve done anything obviously wrong? I¹ve followed the example shown in the Samba ³By Example² doc and am at the stage where the LDAP directory has been created and configured, NSS_LDAP config is amended, smb.conf contains entries to use LDAP as a backend and I have deleted /var/cache/samba/winbindd_cache.tdb and winbindd_idmap.tdb. Now wbinfo u and wbinfo g show users and groups on the domain but getent passwd/groups only displays local users. The winbindd_cache.tdb and winbindd_idmap.tdb files have been recreated but only winbindd_cache.tdb holds any information. When I attempt to access a Samba share I¹m prompted to enter a username and password. As I understand it once the wbinfo commands have been run this process should automatically populate the Idmap ou with the ID mappings is this correct? If so there must be something wrong with my config. Here¹s the current config and relevent info sorry it¹s a bit long: /etc/samba/smb.conf [global] workgroup = UKCORPLAN netbios name = UKFS01 server string = UKFS01 Samba Server winbind separator = / ldap ssl = no idmap uid = 1-1000 idmap gid = 1-1000 ldap admin dn = cn=Manager,dc=uk,dc=corplan,dc=net ldap idmap suffix = ou=Idmap ldap suffix = dc=uk,dc=corplan,dc=net idmap backend = ldap:ldap://10.10.4.111/ winbind enum users = yes winbind enum groups = yes template homedir = /mnt/emcpowerb/user/%D/%U template shell = /bin/bash password server = ukdc01.uk.corplan.net security = ADS #encrypt passwords = yes realm = uk.corplan.net browseable = yes username map = /etc/samba/smbusers log level = 10 ads:10 auth:10 sam:10 rpc:10 idmap:10 syslog = 0 log file = /var/log/samba/%m max log size = 50 # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes [public] comment = Public Stuff path = /home/samba public = yes read only = no [test] comment = test share path = /mnt/emcpowera/shared/test public = yes browseable = yes writeable = yes /etc/nsswitch.conf passwd: files ldap shadow: files ldap group: files ldap #hosts: db files nisplus nis dns hosts: files dns /etc/openldap/slapd.conf # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # ## schema files (core.schema is required by default) include /etc/openldap/schema/core.schema ## needed for sambaSamAccount include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema # Allow LDAPv2 client connections. This is NOT the default. allow bind_v2 # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/slapd.pid argsfile/var/run/slapd.args # Load dynamic backend modules: # modulepath/usr/sbin/openldap # moduleloadback_bdb.la # moduleloadback_ldap.la # moduleloadback_ldbm.la # moduleloadback_passwd.la # moduleloadback_shell.la # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base= by * read # access to dn.base=cn=Subschema by * read #access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., access to * by * read) # # rootdn can always read and write EVERYTHING! ### # ldbm and/or bdb database definitions ### databasebdb suffix dc=uk,dc=corplan,dc=net rootdn cn=Manager,dc=uk,dc=corplan,dc=net # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap/samba # Indices to maintain for this database # Required by OpenLDAP index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShelleq,pres index uid,memberUid eq,pres,sub index
Re: [Samba] AD group membership limits?
Marc, Thanks for the info (and sorry about my delay in posting back). I've just tested FC3 running the 2.6 kernel and it does resolve the issue. So in an ideal world I'd prefer to wait for RHEL4 but because of required third party drivers and apps that are required it looks like I'm going to have to recompile with the patches. I've downloaded the patches from the paths you gave me but I'm not to sure how to apply them as I've never had to do anything like this before. Have you (or anyone else out there) got any good pointers - specifically for these patches. Thanks for your help. Simon From: Kaplan, Marc [EMAIL PROTECTED] Date: Wed, 2 Mar 2005 13:24:28 -0800 To: Gibbs, Simon [EMAIL PROTECTED], samba@lists.samba.org Subject: RE: [Samba] AD group membership limits? Simon, Yes, I have recompiled the kernel with support for a static NGROUPS with a patch from tridge and Rusty Russell. This does not seem to cause any problems at all on Samba servers, or with the Linux box in general and it does properly allow more supplementary groups. Here is what I used IIRC: http://ccache.samba.org/ftp/tridge/misc/more_groups_simple.patch http://ccache.samba.org/ftp/tridge/misc/maxgroups.patch Though I just checked on this, and maybe support for dynamic NGROUPS is now in the 2.6 kernel? See: http://www.linuxhq.com/kernel/changelog/v2.6/4/ -Marc -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Gibbs, Simon Sent: Wednesday, March 02, 2005 2:58 AM To: samba@lists.samba.org Subject: [Samba] AD group membership limits? Hi, I'm running Samba 3.0.11 on RedHat ES 3 kernel version 2.4.21-15.0.4.ELsmp and have a quick question about AD group membership limits Am I right in assuming that Samba is limited by the group membership parameters (ie NGROUP = 32) imposed by the Linux kernel? Is there any workaround in Samba for this? At the moment if a user is a member of more then 32 domain groups they cannot access any shares. If I remove some of the groups to below the 32 group limit everything is fine. If there isn't a workaround in Samba has anyone reliably recompiled the kernel and run Samba after changing the group parameters? I guess this must be a fairly common problem in a lot of sites? Any help with this much appreciated. Cheers, Simon ** ** The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by TF Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD group membership limits?
I've just attempted to apply (in dry-run mode) the supplied kernel patch but received a number of errors. Does anyone know if these are critical errors? Thanks Here is the output: [ukfs02 linux-2.4]# patch -p1 --dry-run -i more_groups_simple.patch patching file arch/i386/kernel/init_task.c Hunk #1 succeeded at 11 with fuzz 2 (offset 1 line). patching file arch/s390/kernel/init_task.c Hunk #1 succeeded at 17 with fuzz 2 (offset 1 line). patching file include/asm-i386/param.h patching file include/asm-i386/processor.h Hunk #1 FAILED at 452. 1 out of 1 hunk FAILED -- saving rejects to file include/asm-i386/processor.h.rej patching file include/asm-s390/param.h Hunk #1 succeeded at 19 (offset 3 lines). patching file include/asm-s390/processor.h Hunk #1 FAILED at 144. 1 out of 1 hunk FAILED -- saving rejects to file include/asm-s390/processor.h.rej patching file include/linux/limits.h patching file include/linux/mm.h Hunk #1 FAILED at 454. 1 out of 1 hunk FAILED -- saving rejects to file include/linux/mm.h.rej patching file include/linux/sched.h Hunk #1 succeeded at 520 (offset 146 lines). Hunk #2 succeeded at 546 (offset 76 lines). Hunk #3 FAILED at 587. Hunk #4 succeeded at 1143 (offset 196 lines). 1 out of 4 hunks FAILED -- saving rejects to file include/linux/sched.h.rej patching file kernel/fork.c Hunk #1 FAILED at 580. Hunk #2 FAILED at 601. 2 out of 2 hunks FAILED -- saving rejects to file kernel/fork.c.rej patching file kernel/sched.c Hunk #1 FAILED at 1314. 1 out of 1 hunk FAILED -- saving rejects to file kernel/sched.c.rej patching file mm/page_alloc.c Hunk #1 FAILED at 439. 1 out of 1 hunk FAILED -- saving rejects to file mm/page_alloc.c.rej From: Gibbs, Simon [EMAIL PROTECTED] Date: Wed, 09 Mar 2005 16:19:22 + To: Kaplan, Marc [EMAIL PROTECTED], samba@lists.samba.org Subject: Re: [Samba] AD group membership limits? Marc, Thanks for the info (and sorry about my delay in posting back). I've just tested FC3 running the 2.6 kernel and it does resolve the issue. So in an ideal world I'd prefer to wait for RHEL4 but because of required third party drivers and apps that are required it looks like I'm going to have to recompile with the patches. I've downloaded the patches from the paths you gave me but I'm not to sure how to apply them as I've never had to do anything like this before. Have you (or anyone else out there) got any good pointers - specifically for these patches. Thanks for your help. Simon From: Kaplan, Marc [EMAIL PROTECTED] Date: Wed, 2 Mar 2005 13:24:28 -0800 To: Gibbs, Simon [EMAIL PROTECTED], samba@lists.samba.org Subject: RE: [Samba] AD group membership limits? Simon, Yes, I have recompiled the kernel with support for a static NGROUPS with a patch from tridge and Rusty Russell. This does not seem to cause any problems at all on Samba servers, or with the Linux box in general and it does properly allow more supplementary groups. Here is what I used IIRC: http://ccache.samba.org/ftp/tridge/misc/more_groups_simple.patch http://ccache.samba.org/ftp/tridge/misc/maxgroups.patch Though I just checked on this, and maybe support for dynamic NGROUPS is now in the 2.6 kernel? See: http://www.linuxhq.com/kernel/changelog/v2.6/4/ -Marc -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Gibbs, Simon Sent: Wednesday, March 02, 2005 2:58 AM To: samba@lists.samba.org Subject: [Samba] AD group membership limits? Hi, I'm running Samba 3.0.11 on RedHat ES 3 kernel version 2.4.21-15.0.4.ELsmp and have a quick question about AD group membership limits Am I right in assuming that Samba is limited by the group membership parameters (ie NGROUP = 32) imposed by the Linux kernel? Is there any workaround in Samba for this? At the moment if a user is a member of more then 32 domain groups they cannot access any shares. If I remove some of the groups to below the 32 group limit everything is fine. If there isn't a workaround in Samba has anyone reliably recompiled the kernel and run Samba after changing the group parameters? I guess this must be a fairly common problem in a lot of sites? Any help with this much appreciated. Cheers, Simon ** ** The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by TF Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any
[Samba] AD group membership limits?
Hi, I'm running Samba 3.0.11 on RedHat ES 3 kernel version 2.4.21-15.0.4.ELsmp and have a quick question about AD group membership limits Am I right in assuming that Samba is limited by the group membership parameters (ie NGROUP = 32) imposed by the Linux kernel? Is there any workaround in Samba for this? At the moment if a user is a member of more then 32 domain groups they cannot access any shares. If I remove some of the groups to below the 32 group limit everything is fine. If there isn't a workaround in Samba has anyone reliably recompiled the kernel and run Samba after changing the group parameters? I guess this must be a fairly common problem in a lot of sites? Any help with this much appreciated. Cheers, Simon The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by TF Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating data from W2K - losing Windows ACL's
Hi, I've been running some test data copying from a W2K box to our new Samba box but have noticed that the assigned Windows ACL's are lost when copying. The only ACL's specified are those assigned to the directory in Linux that the data is being copied to. Is there any way to retain the Windows ACL's? Either through an smb.conf parameter or some other feature? System config is Redhat ES 3 Taroon update 3 running Samba 3.0.11 compiled with acl support. Mounted luns have ext3 filesystem and are mounted with acl option. Any help/info appreciated. Thanks Simon The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by TF Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Active Directory integration - where to go next??
Hi, I think I've hit a bit of a brick wall with integrating Samba and Active Directory and aren't sure which direction I should go - I've had a look through the How-To and this made me doubt myself even more. At the moment I've configured a Samba domain member to authenticate users against AD. wbinfo and getent both correctly produce user/groups lists from AD and test shares/ACL's are working OK. But should I be storing the mapped Windows user ID's in some kind of DB? Ie LDAP or tdbsam? My aim is to have a second Samba member that will act as a failover. How would this affect the user mappings? I think I read somewhere that each box would map the Windows users separately, so they may not have identical UID's - which would in turn cause problems with permissions and ACL's. Is this the case?? If so do I need to create a single repository to store the user mappings that both Samba members use? Again how does this work?? And how does this get updated when new users are added to AD? Thanks for your time - I'm getting a bit frustrated and need a push in the right direction. Simon The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by TF Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.x 2-node cluster / ID mapping
Hi, I¹m looking to implement a 2-node Samba cluster using Samba version 3.0.9 running on Redhat Enterprise 3 Taroon update 3. Each node will be located in a separate location and connected via dual fibre to individual EMC storage (the data will be mirrored between each storage unit) and we are aiming to run Legato AAM to provide the clustering. At the moment each Samba node is a member of our Windows domain and can individually authenticate users against Active Directory and share files with ACL¹s etc. My understanding is that both nodes within the cluster must have an understanding of the ID mappings allocated on each node otherwise when a failover is initiated the mappings will be inconsistent and the defined permissions will be incorrect. How do I go about ensuring the ID mappings are correct? Is it a case of adding the users to an LDAP backend and then pointing both smb.conf files to that? I did read a small section in the Samba How-To under Section 6: Domain Membership that covered ³Sharing User ID Mappings between Samba Domain members² but it didn¹t go into to much detail. Is this the correct path to go down or am I barking up the wrong tree? If anyone has any advice/experience or ²best practice² ideas please let me know. Thanks in advance, Simon The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by TF Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind/wbinfo question
Finally managed to get this problem fixed. A combination of recompiling the latest SRPM of Samba, adding additional KDC¹s to krb5.conf and leaving/rejoining the domain seemed to do the trick. Thanks, Simon The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by TF Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind/wbinfo question
Hi, I¹m testing samba version 3.0.2-6.3E on Redhat ES 3 Taroon update2 Samba is configured with a test share and winbind is authenticating against Windows Active Directory. But scanning the output of wbinfo u and wbinfo g I don¹t seem to be getting any information for the ³Domain Admins² group or any of the users belonging to that group although I am for all other users and groups within the domain. Can anybody point me in the right direction? Thanks, Simon The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by TF Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Non-primary group permissions
Hi, I have a problem that if I set a file or directory group owner, users that are members of this group cannot access it unless this is their primary group. This is using samba 3.0.2a - all user and group info is coming from winbind. I've tried using the setgid bit so users run with the permission of the group that owns the directory but this only works if the permissions are set to 2777 which is effectively allowing any user access with the setgid group permission. I could use the 'force group' option on the share, but this still means that only one group can be of any use for that share which isn't practical. Is this expected behaviour or is something going wrong? Thanks, Simon Here's my smb.conf: # Global parameters [global] workgroup = DOMAINNAME realm = KERBEROS.REALM server string = data-cl2a samba server security = DOMAIN password server = kerberosserver.domain idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind separator = / [Data] comment = Test Data Dir path = /Data read only = No The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: winbind/wbinfo not pulling info from W2K AD PDC
A bit of success! I've change the security parameter in smb.conf to domain and the windbind pipe is created OK and running wbinfo -u -g -t -p and getent is all good. Obviously this doesn't give me full AD support but it's better than nothing. I can only think that because we have multiple DC's for different domains on our WAN winbindd wasn't starting correctly as it was in the process of still scanning them - looking at log.winbindd at one point it didn't come back for close to 4 hours after the process was started. Does anyone know if there is any way to configure samba/winbind to only connect to the local AD domain rather than hunting down all the DC's in every domain. Thanks -- From: Gibbs, Simon Sent: Friday, February 13, 2004 13:51 PM To: '[EMAIL PROTECTED]' Subject: winbind/wbinfo not pulling info from W2K AD PDC I've had a further look at this now and a hunt through some mail lists and I think it must have something to do with the windbind pipe in /tmp/.windbind/pipe. From what I understand it's the pipe that passes the windbind info onto other processes - although I may be wrong? Looking at my setup the pipe file isn't being created when starting winbind and after a full reboot and starting winbind it doesn't get created. Does anyone know why the pipe file isn't being created or a way to force the creation of the file?? I've checked permissions for the /tmp/.winbind directory and they're 755 and root:root. Thanks again. -- From: Gibbs, Simon Sent: Friday, February 13, 2004 13:51 PM To: '[EMAIL PROTECTED]' Subject: winbind/wbinfo not pulling info from W2K AD PDC Hi list, I have samba-3.0.2-2 rpm installed on Redhat Enterprise Linux 3 AS kernel version. I've been using the Samba 3 How-To and messages on various mailing lists to join Samba to an AD domain and authenticate using winbind/pam. So far Samba has successfully become a member of the AD domain and can browse file servers using smbclient but I haven't been able to get winbind working - specifically wbinfo -u, wbinfo -g and wbinfo -t return errors. Below is a dump of the install/configuration process so far and the relevant config files. Any help on this is much appreciated as I've spent 3 days trying to get it to work and it refuses to for love nor money! The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind/wbinfo not pulling info from W2K AD PDC
Hi list,
I have samba-3.0.2-2 rpm installed on Redhat Enterprise Linux 3 AS kernel version.
I've been using the Samba 3 How-To and messages on various mailing lists to join
Samba to an AD domain and authenticate using winbind/pam.
So far Samba has successfully become a member of the AD domain and can browse file
servers using smbclient but I haven't been able to get winbind working - specifically
wbinfo -u, wbinfo -g and wbinfo -t return errors.
Below is a dump of the install/configuration process so far and the relevant config
files.
Any help on this is much appreciated as I've spent 3 days trying to get it to work and
it refuses to for love nor money!
# rpm -ivh samba*.rpm
#rpm -q samba
samba-3.0.2.2
#rpm -qa | grep openldap
openldap-2.0.27-11
openldap-devel-2.0.27-11
openldap-clients-2.0.27-11
#rpm -qa | grep krb
krbafs-1.1.1-11
krbafs-utils-1.1.1-11
krbafs-devel-1.1.1-11
krb5-libs-1.2.7-19
krb5-workstation-1.2.7-19
pam_krb5-1.70-1
krb5-devel-1.2.7-19
krb5-server-1.2.7-19
Edit /etc/samba/smb.conf
[global]
realm = KERBEROS.REALM
security = ADS
encrypt passwords = yes
password server = kerberos.server
Edit /etc/krb5.conf
[libdefaults]
default_realm = KERBEROS.REALM
[realms]
KERBEROS.REALM = {
kdc = kerberos.server - should :88 be appended to this line?
}
[domain_realms]
.kerberos.server=KERBEROS.REALM
#net ads join -U administrator
password:
Joined 'SERVERNAME' to realm 'DOMAIN'
#kinit [EMAIL PROTECTED]
password:
#smbclient //servername/share -k
smb //
Up to here everything is OK and the server account can be seen in AD.
#ls -l /lib | grep libnss_winbind
libnss_winbind.so - libnss_winbind.so.2
Edit /etc/nsswitch.conf
passwd: files winbind
shadow: files
group: files winbind
#ldconfig -v | grep winbind
libnss_winbind.so - libnss_winbind.so.2
Edit /etc/samba/smb.conf
[global]
realm = KERBEROS.REALM
security = ADS
encrypt passwords = yes
password server = kerberos.server
winbind separator = +
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
#testparm
Load smb config file from /etc/samba/smb.conf
Loaded services file OK
'winbind separator = +' might cause problems with group membership
server role: ROLE_DOMAIN_MEMBER
#net rpc join -S PDC -U administrator
password:
Joined domain DOMAIN
#winbindd -B
# wbinfo -u
Error looking up domain
#wbinfo -g
Error looking up domain
# wbinfo -t
Checking the trust secret vi RPC calls failed
Error code was (0x0)
Could not check secret
#wbinfo -p
Ping to winbindd failed on fd-1
Could not pin winbindd!
# ps -ae | grep winbindd
PID winbind
PID winbind
This is the output from /var/log/samba/log.winbind
[2004/02/13 13:35:47, 1] nsswitch/winbindd.c:main(843)
winbindd version 3.0.2 started.
Copyright The Samba Team 2000-2004
[2004/02/13 13:35:47, 0] libsmb/cliconnect.c:cli_session_setup_spnego(724)
Kinit failed: Preauthentication failed
[2004/02/13 13:35:47, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain INFORMA-UK uk.informa.com S-1-5-21-1547161642-839522115-68200333
0
[2004/02/13 13:35:47, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
[2004/02/13 13:35:47, 0] libads/kerberos.c:ads_kinit_password(133)
kerberos_kinit_password HOST/[EMAIL PROTECTED] failed: Preauthenticati
on failed
[2004/02/13 13:35:47, 1] nsswitch/winbindd_ads.c:ads_cached_connection(65)
ads_connect for domain INFORMA-UK failed: Preauthentication failed
[2004/02/13 13:35:47, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot find KDC for
requested realm)
[2004/02/13 13:35:47, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(516)
spnego_gen_negTokenTarg failed: Cannot find KDC for requested realm
[2004/02/13 13:35:47, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain INFORMA informa.com S-1-5-21-872949640-2421699758-2984176268
[2004/02/13 13:35:48, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain DEFAULT S-1-5-21-2136767079-1738235858-945835055
[2004/02/13 13:35:49, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain AGRA_UK S-1-5-21-591026277-1029915393-619646970
[2004/02/13 13:35:50, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain MRC_UK S-1-5-21-1670978810-1498184290-1845911597
[2004/02/13 13:35:50, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain LLP S-1-5-21-2047764551-82006601-1874078741
[2004/02/13 13:35:51, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain CODA S-1-5-21-1310659078-2099469345-1236795852
[2004/02/13 13:35:52, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain INFORMA_ASIA
[Samba] winbind/wbinfo not pulling info from W2K AD PDC
I've had a further look at this now and a hunt through some mail lists and I think it must have something to do with the windbind pipe in /tmp/.windbind/pipe. From what I understand it's the pipe that passes the windbind info onto other processes - although I may be wrong? Looking at my setup the pipe file isn't being created when starting winbind and after a full reboot and starting winbind it doesn't get created. Does anyone know why the pipe file isn't being created or a way to force the creation of the file?? I've checked permissions for the /tmp/.winbind directory and they're 755 and root:root. Thanks again. Simon The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RES: [Samba] winbind/wbinfo not pulling info from W2K AD PDC
I've had a further look at this now and a hunt through some mail lists and I think it must have something to do with the windbind pipe in /tmp/.windbind/pipe. From what I understand it's the pipe that passes the windbind info onto other processes - although I may be wrong? Looking at my setup the pipe file isn't being created when starting winbind and after a full reboot and starting winbind it doesn't get created. Does anyone know why the pipe file isn't being created or a way to force the creation of the file?? I've checked permissions for the /tmp/.winbind directory and they're 755 and root:root. Apologies. I think I responded incorrectly to my original post - still getting the hang of this! Thanks again. Simon The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
