Re: [Samba] Samba 4.0 released - The First Free Software Active Directory Compatible Server is now available !
of the underlying clustered file system. Written and tested to be compatible with most clustered file systems, both Free Software and proprietary, Samba 4.0 with ctdb provides a scalable clustered file server solution with full Windows file sharing semantics. Samba and ctdb have been shipping in production file serving products for many years, to some of the most demanding customers in the world. Easy Integration into Existing Directory Services = Samba 4.0 ships with an improved winbind, which allows Samba 4.0 file servers to easily integrate into existing Active Directory services as member servers. Both Microsoft Active Directory and Samba 4.0 Active Directory Compatible servers are supported. Stability, Security and Performance === Samba 4.0 has been tested using our widely accepted smbtorture test suite, created by the Samba Team to test Samba itself and now used by most of the companies writing SMB3/SMB2/SMB/CIFS file server software to test their own products. We also regularly test interoperability with other major vendors at plug-fest events to make sure Samba 4.0 deployments work correctly with existing customer equipment. In addition, Samba is one of eleven open source projects that leading software integrity vendor Coverity has certified as secure and has reached Coverity Integrity Rung 2 certification. The Samba Team provides immediate responses to any security vulnerabilities, and provides fixes to all vendors using the Samba code in coordination with industry standard security reporting agencies. A Modular Toolbox for OEM Vendor Needs == As Free Software, Samba 4.0 is the ideal choice for Original Equipment Manufacturers (OEMs) to use for their file, print and authentication products. It is easily integrated into a whole host of different tasks, and can be customized at will by the vendor to satisfy their needs. In addition, Samba 4.0 includes a modular Virtual File System (VFS) interface that vendors can use to quickly and efficiently customize Samba to take advantage of any specific features of their underlying technology without having to modify any of the core Samba code. From advanced file systems to network traffic analysis, the Samba VFS layer allows external code to be easily integrated with Samba. Example modules are provided as source code for vendors to customize as they wish. Samba is the leading choice for Microsoft Windows connectivity == Samba is the leading technology choice for Windows file serving on Linux and UNIX platforms and in embedded Network Attached Storage (NAS) solutions. Samba is used by vendors selling NAS solutions ranging from high end clustered business-critical systems, to low end consumer devices, and everything in between. Samba is fully IPv6 enabled and meets all mandates for modern network interoperability. Commercial support is available for Samba from many different vendors. Getting Samba 4.0 = Samba 4.0 source code is available now from the Samba Web site. http://www.samba.org About Active Directory == Microsoft Windows and Active Directory are trademarks of Microsoft Corporation. About the Samba Team The Samba Team is a worldwide group of computer professionals working together via the Internet to produce the highest quality Free Software Windows (SMB3/SMB2/SMB/CIFS) server and client software. We are the undisputed experts in providing interoperability with computers running Microsoft Windows. Members of the Samba Team work for many of the largest companies in the software Industry and even helped Microsoft produce the protocol documentation that fully specifies the SMB/CIFS protocol. -- Greg Dickie just a guy 514-983-5400 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 4 alpha 19 cannot join existing AD
: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 1: DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 1: DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 1: DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND 1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO 1: DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 1: DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP 1: DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 1: DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT 0: DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS 0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2 0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3 site_guid: ---- pid : 0x (0) repl_epoch : 0x (0) Join failed - cleaning up checking sAMAccountName Deleted CN=ADS,OU=Domain Controllers,DC=tribalnova,DC=local Deleted CN=ADS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tribalnova,DC=local ERROR(runtime): uncaught exception - (-1073741790, 'Access denied') File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 162, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 180, in run machinepass=machinepass) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 966, in join_DC ctx.do_join() File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 871, in do_join ctx.join_add_objects() File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 467, in join_add_objects ctx.join_add_ntdsdsa() File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 416, in join_add_ntdsdsa ctx.DsAddEntry([rec]) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 326, in DsAddEntry ctx.drsuapi_connect() File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 305, in drsuapi_connect (ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drs_DsBind(ctx.drsuapi) File /usr/local/samba/lib64/python2.6/site-packages/samba/drs_utils.py, line 144, in drs_DsBind (info, handle) = drs.DsBind(misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID), bind_info) Any idea what I'm doing wrong or where to look? Thanks, Greg -- Greg Dickie just a guy 514-983-5400 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] bogus file times in samba 3.5.4
Hi, I am seeing some very dodgy behavior from samba where the files times displayed to the client seem to have no basis in reality. In the example below The file was created on Oct. 5th but samba is saying the file time was way back on Sep. 30th. [r...@tungsten KOSRCFLM]# ls -l 1321-538.dpn -rw-rw-r-- 1 resin resin 387 Oct 5 15:49 1321-538.dpn [r...@tungsten KOSRCFLM]# stat 1321-538.dpn File: `1321-538.dpn' Size: 387 Blocks: 8 IO Block: 4096 regular file Device: fd08h/64776dInode: 268583304 Links: 1 Access: (0664/-rw-rw-r--) Uid: ( 500/ resin) Gid: ( 500/ resin) Access: 2010-10-05 15:49:16.025314771 -0400 Modify: 2010-10-05 15:49:16.025314771 -0400 Change: 2010-10-05 15:49:16.025314771 -0400 [r...@tungsten KOSRCFLM]# smbclient //tungsten/pro-orders -Ugreg Enter greg's password: Domain=[36PIX] OS=[Unix] Server=[Samba 3.5.4-GREG] smb: \ cd 54378-1 smb: \54378-1\ cd KOSRCFLM smb: \54378-1\KOSRCFLM\ ls 1321-538.dpn 1321-538.dpn 387 Thu Sep 30 14:30:19 2010 4 blocks of size 262144. 3 blocks available smb: \54378-1\KOSRCFLM\ Any ideas? Thanks, Greg -- Greg Dickie just a guy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] bogus file times in samba 3.5.4
Hey Jeremy, Thank you for the super quick response. I was not aware that they were stored in an EA. Is there anyway to see the contents of the EA? (attr -l shows nothing). This is an XFS filesystem. I'm pretty sure the user told me that those files were only put on the server on the 5th but I will verify that. So if a file is created outside samba I assume it will use the POSIX dates right? That's confusing Thanks, Greg On Thu, 2010-10-07 at 12:44 -0700, Jeremy Allison wrote: On Thu, Oct 07, 2010 at 03:41:04PM -0400, Greg Dickie wrote: Hi, I am seeing some very dodgy behavior from samba where the files times displayed to the client seem to have no basis in reality. In the example below The file was created on Oct. 5th but samba is saying the file time was way back on Sep. 30th. [r...@tungsten KOSRCFLM]# ls -l 1321-538.dpn -rw-rw-r-- 1 resin resin 387 Oct 5 15:49 1321-538.dpn [r...@tungsten KOSRCFLM]# stat 1321-538.dpn File: `1321-538.dpn' Size: 387 Blocks: 8 IO Block: 4096 regular file Device: fd08h/64776dInode: 268583304 Links: 1 Access: (0664/-rw-rw-r--) Uid: ( 500/ resin) Gid: ( 500/ resin) Access: 2010-10-05 15:49:16.025314771 -0400 Modify: 2010-10-05 15:49:16.025314771 -0400 Change: 2010-10-05 15:49:16.025314771 -0400 [r...@tungsten KOSRCFLM]# smbclient //tungsten/pro-orders -Ugreg Enter greg's password: Domain=[36PIX] OS=[Unix] Server=[Samba 3.5.4-GREG] smb: \ cd 54378-1 smb: \54378-1\ cd KOSRCFLM smb: \54378-1\KOSRCFLM\ ls 1321-538.dpn 1321-538.dpn 387 Thu Sep 30 14:30:19 2010 4 blocks of size 262144. 3 blocks available smb: \54378-1\KOSRCFLM\ Any ideas? Thanks, Greg They probably do have a basis in reality. That's probably the real create time (which UNIX doesn't store). Remember, in 3.5.x we now store the Windows create time in an EA which gets updated according to Windows rules. Jeremy. -- Greg Dickie just a guy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] id mapping
Hi Robert, Thanks for the response. You are referring to idmap backend = rid correct? Greg On Tue, 2010-08-24 at 09:10 -0400, Robert Freeman-Day wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have been the most happy with the hash idmap. It really is the least invasive and just works (does that need to be trademarked these days?). Since it hashes the SID with the same algorithm, all members get the same UID/GID mappings, which is a big win. Robert On 08/23/2010 05:21 PM, Greg Dickie wrote: Hi, Today I'm trying to debug a problem on samba 3.5.4 where a domain member server is having trouble mapping UIDs to SIDs. I must admit I never really looked at this before as everything seemed to just work. Today I discovered that idmap backend on the PDC and the member server were both defaulted to tdb. This means they have independent views of UID to SID mappings I guess. That sucks. So I'm looking at the ldap backend but I notice that it uses a special ou in the LDAP tree to store mappings. Why do we need that if the sambaSamAccount schema also has SIDs and UIDs for each user. Also, how is that tree populated? Looking at my PDC it seems to just pull everything out of gencache.tdb or say that no mapping exists. Doing a tdbdump of winbind_idmap.tdb shows only a few entries. This seems to be more complicated than I expected. I'm sorry if this is a silly question but what am I doing wrong? Thanks a lot, Greg - -- Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxzxMMACgkQup357T5MfTY0VACfSGOY2vXg05lUplINAeqxr42s iR0AnA3P/DdGApB0+WIJZTzNN99qiv/z =ddTf -END PGP SIGNATURE- -- Greg Dickie just a guy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] id mapping
Hi, Today I'm trying to debug a problem on samba 3.5.4 where a domain member server is having trouble mapping UIDs to SIDs. I must admit I never really looked at this before as everything seemed to just work. Today I discovered that idmap backend on the PDC and the member server were both defaulted to tdb. This means they have independent views of UID to SID mappings I guess. That sucks. So I'm looking at the ldap backend but I notice that it uses a special ou in the LDAP tree to store mappings. Why do we need that if the sambaSamAccount schema also has SIDs and UIDs for each user. Also, how is that tree populated? Looking at my PDC it seems to just pull everything out of gencache.tdb or say that no mapping exists. Doing a tdbdump of winbind_idmap.tdb shows only a few entries. This seems to be more complicated than I expected. I'm sorry if this is a silly question but what am I doing wrong? Thanks a lot, Greg -- Greg Dickie just a guy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 machine account fails to authenticate against samba PDC
Hi, I've just been debugging something related to this. Environment is samba 3.4.6 with LDAP backend and windows 7 clients. In my case the user in passdb but getpwnam() fails led me to adjust /etc/ldap.conf so that machine accounts were also listed as valid users on the system. I don't really understand why this is required since ldapsam:trusted = yes in my case and I thought that parameter would bypass the getpwnam() check. No idea about the credentials failing, I'm just happy I can give domain users privilege on the win7 machines ;-) hope this helps, Greg On Sat, 2010-02-06 at 13:58 +, graham wrote: Re. the ongoing failure of the windows7 client to authenticate its machine account, I've upped the log level and added an extra debug statement to getpwnam_alloc(). There are a couple of discrepancies which I very much hope someone can explain, or at least point me in the direction of how to resolve! Comparing the output for a winXP client (successful) and the win7 client (unsuccessful), it seems that: 1 - the challenge-response mechanism is different for the win7 machine to that of the winXp machine (and the win7 machine fails this authentication). Can anyone enlighten me as to why the different challenge, and why the client might fail it? This is the trace for the unsuccessful win7 machine: [2010/02/05 22:55:10, 5] libsmb/credentials.c:70(creds_init_128) creds_init_128 [2010/02/05 22:55:10, 5] libsmb/credentials.c:71(creds_init_128) clnt_chal_in: 444EA615F23340F2 [2010/02/05 22:55:10, 5] libsmb/credentials.c:72(creds_init_128) srv_chal_in : DE62C1B8DCC1E4AD [2010/02/05 22:55:10, 5] libsmb/credentials.c:221(netlogon_creds_server_check) netlogon_creds_server_check: challenge : 2818DBF48BE4EBC0 [2010/02/05 22:55:10, 5] libsmb/credentials.c:222(netlogon_creds_server_check) calculated: EDC837F244BC1EBB [2010/02/05 22:55:10, 2] libsmb/credentials.c:223(netlogon_creds_server_check) netlogon_creds_server_check: credentials check failed. This is the trace for the successful winXP machine: [2010/02/05 23:06:44, 5] libsmb/credentials.c:121(creds_init_64) clnt_chal_in: DF0D76C6D2BF3CDB [2010/02/05 23:06:44, 5] libsmb/credentials.c:122(creds_init_64) srv_chal_in : EE4404370EE4219C [2010/02/05 23:06:44, 5] libsmb/credentials.c:123(creds_init_64) clnt+srv : CD527AFDE0A35E77 [2010/02/05 23:06:44, 5] libsmb/credentials.c:124(creds_init_64) sess_key_out : 6D4885F56283E87B 2 - later, (perhaps as some fallback authentication?) the get_pwnam() is called a number of times for this machine account, initially it succeeds then in a later call fails NOT because the machine account isn't in /etc/passwd, but because it is looked up in UPPER case. Is this a bug? Here's the trace for the failure: [2010/02/05 22:55:18, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/02/05 22:55:18, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/02/05 22:55:18, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/02/05 22:55:18, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/02/05 22:55:18, 5] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/02/05 22:55:18, 5] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/02/05 22:55:18, 1] lib/util_pw.c:59(getpwnam_alloc) my extra debug: sys_getpwnam(WIN7HOST$) failed ^ *the name as passed to getpwnam_alloc* [2010/02/05 22:55:18, 1] auth/auth_util.c:577(make_server_info_sam) User WIN7HOST$ in passdb, but getpwnam() fails! rgds, graham. -- Greg Dickie just a guy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 in 3.4.3
I figured it out. Should have gone right to the source the first time http://wiki.samba.org/index.php/Windows7 In my case I had set the netlogon parameters as the other articles on the internet had suggested. That actually breaks it. Setting them back to default makes everything work great. thanks! Greg On Mon, 2009-11-16 at 16:02 +, Chris Hall wrote: Greg Dickie wrote (on 15-Nov-2009 at 19:36) Sorry in advance if this is a FAQ but I have not been watching the list for a while. I have a customer who is foolish enough to want to use windows 7 so I updated them to a samba 3.4.3 PDC and successfully joined the domain however domain users cannot log in due to trust relationship failure. I have exactly the same experience with 3.4.3 running as a PDC. I assume there is something I haven't configured properly, because I cannot imagine that Samba does not support Domain Login for Windows 7. I just wish I could divine the right spells to cast :-( Chris -- Greg Dickie just a guy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] windows 7 in 3.4.3
Hi, Sorry in advance if this is a FAQ but I have not been watching the list for a while. I have a customer who is foolish enough to want to use windows 7 so I updated them to a samba 3.4.3 PDC and successfully joined the domain however domain users cannot log in due to trust relationship failure. I've seen postings that look related that seem to have been fixed by moving to 3.3.6 but somehow I thought the new 3.4.3 would also work. Is that not the case? thanks, Greg -- Greg Dickie just a guy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] object class 'sambaSamAccount' requires attribute 'sambaSID'
Hi, In the continuing saga of not being able to join machines to my openldap 2 samba 3.0.23c controlled domain I now get the above error. The schema is the one distributed with 3.0.23c. I've seen many postings about the same error but no fixes for it. Does anyone know where to look? Thanks alot, Greg -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problems adding a computer to LDAP domain in 3.0.23c
Hi, In 3.0.23 and 3.0.23c in our domain controlled by samba with an ldapsam backend when I try to add a machine to the domain I now get this message: [2006/10/04 12:08:03, 0] passdb/pdb_interface.c:pdb_new_rid(1067) 'algorithmic rid base' is set but a passdb backend without algorithmic RIDs is chosen. Please map all used groups using 'net groupmap add', set the maximum used RID using 'net setmaxrid' and remove the parameter While it seems very helpful the net setmaxrid command does not appear to exist. If I just remove the algorithmic rid base parameter then smbd dies on startup because its not there. Any ideas on how to proceed? Thanks, Greg -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] performance regression between 30.14a and 3.0.20
Actually it was my much smarter colleagues that found this, I'm just the mouth ;-) Thanks for looking at this, I'll check out SAMBA_3_0 when I get back! Greg Jeremy Allison wrote: On Wed, Apr 26, 2006 at 01:20:23PM -0400, Greg Dickie wrote: OK all my gobbledy-gook stats aside. sorry for being incoherent. Stracing reveals that files after 3.0.20b are opened with O_SYNC. Could that be the source of the problems? I'll try and find that and test it when I get home but the question is is it necessary? Greg - I LOVE YOU :-). That's almost certainly the problem. Back in the Win9x protocols days (the openX style of calls) we had the problem that Windows clients were setting the sync this data flag for almost every open - completely unneccessary. For 3.0.20x we changed to the NTcreateX style of open, and mapped the create option FILE_WRITE_THROUGH to the O_SYNC. I bet the Windows redirector in W2K, XP and W2K3 is just as dim, and is adding that on almost every open (I'm on a plane right now so can't get to my vmware sessions easily to check). We have an option strict sync which if unset allows us to ignore these calls - I've just added it into the ntcreate open path so we don't set O_SYNC unless strict sync is set. Please check out SAMBA_3_0 and test - this will be in the next 3.0.23 pre-release. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] performance regression between 30.14a and 3.0.20
OK all my gobbledy-gook stats aside. sorry for being incoherent. Stracing reveals that files after 3.0.20b are opened with O_SYNC. Could that be the source of the problems? I'll try and find that and test it when I get home but the question is is it necessary? Thanks, Greg Jeremy Allison wrote: On Mon, Apr 24, 2006 at 10:56:29AM -0400, Greg Dickie wrote: Hey Jeremy, Sorry, I'm at NAB in vegas and a little burned myself so we graph output from /proc/diskstats when we test. If I run a test with 3.0.21c the wio (field 7) and wblk (field 9) stats both show activity. This does not happen with 3.0.14a. eg: it appears that there is double the amount of write traffic. Does that make any more sense? Not really :-). I don't know enough about xfs to be dangerous :-). Is it possible we're doing larger bulk writes with 3.0.2x that we weren't doing with 3.0.14a which might trigger this ? In which case it'd be an xfs issue not a Samba one. Can you test with ext3 jfs or reiser to see if they show different performance characteristics ? Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] performance regression between 30.14a and 3.0.20
Hey Jeremy, Sorry, I'm at NAB in vegas and a little burned myself so we graph output from /proc/diskstats when we test. If I run a test with 3.0.21c the wio (field 7) and wblk (field 9) stats both show activity. This does not happen with 3.0.14a. eg: it appears that there is double the amount of write traffic. Does that make any more sense? Thanks, Greg Jeremy Allison wrote: On Sun, Apr 23, 2006 at 10:24:37PM -0400, Greg Dickie wrote: Perhaps another data point that might ring a bell. While using 3.0.21c and monitoring direct IO vs. buffered IO (on XFS): if you see 40MBs of direct IO you will see another 40 MBs of buffered IO on 21c that you do not see on 14a. According to a colleague he saw this at one point in a previous revision and thought it was a problem of an extraneous sync somewhere This might explain why you don't see this with your ram disk. Ok, I don't understand this message :-). Can you explain exactly what you mean with 40 MBs of bufferd IO on 21c that you do not see on 14a - how are you measuring this and where do you see it ? Use small words please, I'm very jet-lagged :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] performance regression between 30.14a and 3.0.20
Perhaps another data point that might ring a bell. While using 3.0.21c and monitoring direct IO vs. buffered IO (on XFS): if you see 40MBs of direct IO you will see another 40 MBs of buffered IO on 21c that you do not see on 14a. According to a colleague he saw this at one point in a previous revision and thought it was a problem of an extraneous sync somewhere This might explain why you don't see this with your ram disk. Thanks, Greg Greg Dickie wrote: So this is testing 14a and SVN on the exact same machine with the exact same configuration. The only difference is switching samba RPM. I wanted to get 14a numbers to cre-confirm the setup but unfortunately the KVM seems to have gone on strike. More news as soon as possible. Thanks, Greg On Wed, 2006-04-19 at 17:32 -0700, Jeremy Allison wrote: On Wed, Apr 19, 2006 at 07:26:16PM -0400, Greg Dickie wrote: Hi Jeremy, Bad news I'm afraid. Doesn't seem to be much of a difference between that svn checkout and 3.0.20. Thats just the first run on it, we'll try and poke it some more. Thanks alot for your work on this, No problem. But I'm testing here on a Linux ram disk with ext2 as a target to remove any possible variance caused by disk activity and with iometer get equal performance (within noise values) between 3.0.14a and SVN SAMBA_3_0. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] performance regression between 30.14a and 3.0.20
Thanks Volker, we'll try that, at least that may indicate where the bottleneck is. Greg On Thu, 2006-04-20 at 10:35 +0200, Volker Lendecke wrote: On Wed, Apr 19, 2006 at 07:26:16PM -0400, Greg Dickie wrote: Bad news I'm afraid. Doesn't seem to be much of a difference between that svn checkout and 3.0.20. Thats just the first run on it, we'll try and poke it some more. One thing that had smoothed it for me is to use use spnego = no Please be aware that this is nothing I would recommend for production, but I'd be interested if setting that parameter also equalizes 3.0.14 and the latest code for you. Volker -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] performance regression between 30.14a and 3.0.20
So this is testing 14a and SVN on the exact same machine with the exact same configuration. The only difference is switching samba RPM. I wanted to get 14a numbers to cre-confirm the setup but unfortunately the KVM seems to have gone on strike. More news as soon as possible. Thanks, Greg On Wed, 2006-04-19 at 17:32 -0700, Jeremy Allison wrote: On Wed, Apr 19, 2006 at 07:26:16PM -0400, Greg Dickie wrote: Hi Jeremy, Bad news I'm afraid. Doesn't seem to be much of a difference between that svn checkout and 3.0.20. Thats just the first run on it, we'll try and poke it some more. Thanks alot for your work on this, No problem. But I'm testing here on a Linux ram disk with ext2 as a target to remove any possible variance caused by disk activity and with iometer get equal performance (within noise values) between 3.0.14a and SVN SAMBA_3_0. Jeremy. -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] performance regression between 30.14a and 3.0.20
Hi Jeremy, Bad news I'm afraid. Doesn't seem to be much of a difference between that svn checkout and 3.0.20. Thats just the first run on it, we'll try and poke it some more. Thanks alot for your work on this, Greg On Tue, 2006-04-18 at 11:20 -0700, Jeremy Allison wrote: On Fri, Apr 07, 2006 at 01:05:43PM -0400, Greg Dickie wrote: Hey Jeremy, I think that just means 3 runs 1 reads, 1 writes and one 50-50. I could have sworn I sent the config file already but here it is again along with the binaries. Thanks alot, Greg Greg - is it possible for you to test the current code in the svn branch SAMBA_3_0 with this application and your test case ? I've been doing a lot of work on this issue (it's very important obviously :-) and would like to get some feedback if possible. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] performance regression between 30.14a and 3.0.20
Absolutely! Checking it out and building now. news ASAP. Thanks alot, Greg On Tue, 2006-04-18 at 11:20 -0700, Jeremy Allison wrote: On Fri, Apr 07, 2006 at 01:05:43PM -0400, Greg Dickie wrote: Hey Jeremy, I think that just means 3 runs 1 reads, 1 writes and one 50-50. I could have sworn I sent the config file already but here it is again along with the binaries. Thanks alot, Greg Greg - is it possible for you to test the current code in the svn branch SAMBA_3_0 with this application and your test case ? I've been doing a lot of work on this issue (it's very important obviously :-) and would like to get some feedback if possible. Thanks, Jeremy. -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] performance regression between 30.14a and 3.0.20
Hi Jeremy, Just want to confirm that you received the iometer binary and config. I tried sending to the list but it never got posted so I tried just sending to you but maybe there is a hyper virus filter somewhere that blocked it... Greg Jeremy Allison wrote: On Fri, Mar 31, 2006 at 09:49:02AM -0500, Greg Dickie wrote: Yes, it is the win32 version, but its an old one (1998), not sure how the config file will carry to a more recent version. IOmeter Access specifications: Transfer req. size = 64Kb 8Kb Percent of Access Specification = 100% Type of Operation: 100% read; 100% write; 50% read Percent Random/Sequential Distribution: 100% sequential Queue Depth = 8 Reply Size: No Reply Burst Length = 25 I/Os Align I/Os on: 64Kb 8Kb Ramp up Time = 30sec Run Time = 3 min # of clients used: 1 to 9 clients (Linear Stepping) Ok, I'm trying to work out how to specify this but it doesn't make sense (this line in particular : Type of Operation: 100% read; 100% write; 50% read with the new version. Can you just attach the config file as an attachment and I'll see if it can read it ? (you could just send the 1998 binary for complete reproducibility). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] performance regression between 30.14a and 3.0.20
Hey Jeremy, I think that just means 3 runs 1 reads, 1 writes and one 50-50. I could have sworn I sent the config file already but here it is again along with the binaries. Thanks alot, Greg On Thu, 2006-04-06 at 18:33 -0700, Jeremy Allison wrote: On Fri, Mar 31, 2006 at 09:49:02AM -0500, Greg Dickie wrote: Yes, it is the win32 version, but its an old one (1998), not sure how the config file will carry to a more recent version. IOmeter Access specifications: Transfer req. size = 64Kb 8Kb Percent of Access Specification = 100% Type of Operation: 100% read; 100% write; 50% read Percent Random/Sequential Distribution: 100% sequential Queue Depth = 8 Reply Size: No Reply Burst Length = 25 I/Os Align I/Os on: 64Kb 8Kb Ramp up Time = 30sec Run Time = 3 min # of clients used: 1 to 9 clients (Linear Stepping) Ok, I'm trying to work out how to specify this but it doesn't make sense (this line in particular : Type of Operation: 100% read; 100% write; 50% read with the new version. Can you just attach the config file as an attachment and I'll see if it can read it ? (you could just send the 1998 binary for complete reproducibility). Jeremy. -- Greg Dickie just a guy Maximum Throughput 'Version 1998.10.08 'Access specifications 'Access specification name,default assignment Read 100% 64k,1 'size,% of size,% reads,% random,delay,burst,align,reply 65536,100,100,0,0,25,65536,0 'Access specification name,default assignment Write 100% 64k,1 'size,% of size,% reads,% random,delay,burst,align,reply 65536,100,0,0,0,25,65536,0 'Access specification name,default assignment Read 50% 64k,1 'size,% of size,% reads,% random,delay,burst,align,reply 65536,100,50,0,0,25,65536,0 'Access specification name,default assignment Read 100% 8k,1 'size,% of size,% reads,% random,delay,burst,align,reply 8192,100,100,0,0,25,8192,0 'Access specification name,default assignment Write 100% 8k,1 'size,% of size,% reads,% random,delay,burst,align,reply 8192,100,0,0,0,25,8192,0 'Access specification name,default assignment Read 50% 8k,1 'size,% of size,% reads,% random,delay,burst,align,reply 8192,100,50,0,0,25,8192,0 'End access specifications 'Test Setup 'Test Description 'Run Time ' hoursminutesseconds 0 3 0 'Ramp Up Time (ms) 30 'Default Disk Workers to Spawn -1 'Default Network Workers to Spawn 0 'Record Results 0 'Worker Cycling ' start step step type 1 1 0 'Disk Cycling ' start step step type 1 1 0 'Queue Depth Cycling ' startend step step type 1 32 2 1 'Test Type 4 'Version 1998.10.08 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] performance regression between 30.14a and 3.0.20
Yes, it is the win32 version, but its an old one (1998), not sure how the config file will carry to a more recent version. IOmeter Access specifications: Transfer req. size = 64Kb 8Kb Percent of Access Specification = 100% Type of Operation: 100% read; 100% write; 50% read Percent Random/Sequential Distribution: 100% sequential Queue Depth = 8 Reply Size: No Reply Burst Length = 25 I/Os Align I/Os on: 64Kb 8Kb Ramp up Time = 30sec Run Time = 3 min # of clients used: 1 to 9 clients (Linear Stepping) Note that the problem is visible with only one client. The clients are GbE as is the server, not sure if you will see a difference on 100BT. Thank you very much for looking at this, please let me know if there is anything I can do to help. Regards, Greg On Thu, 2006-03-30 at 17:20 -0800, Jeremy Allison wrote: On Thu, Mar 30, 2006 at 08:04:21PM -0500, Greg Dickie wrote: Hey Jeremy, This happens when testing under iometer. I can give you the exact paramaters if you want. That's the Win32 version ? If so, yes please the exact parameters would be extremely useful as I can reproduce this here. Thanks, Jeremy. -- Greg Dickie just a guy Maximum Throughput 'Version 1998.10.08 'Access specifications 'Access specification name,default assignment Read 100% 64k,1 'size,% of size,% reads,% random,delay,burst,align,reply 65536,100,100,0,0,25,65536,0 'Access specification name,default assignment Write 100% 64k,1 'size,% of size,% reads,% random,delay,burst,align,reply 65536,100,0,0,0,25,65536,0 'Access specification name,default assignment Read 50% 64k,1 'size,% of size,% reads,% random,delay,burst,align,reply 65536,100,50,0,0,25,65536,0 'Access specification name,default assignment Read 100% 8k,1 'size,% of size,% reads,% random,delay,burst,align,reply 8192,100,100,0,0,25,8192,0 'Access specification name,default assignment Write 100% 8k,1 'size,% of size,% reads,% random,delay,burst,align,reply 8192,100,0,0,0,25,8192,0 'Access specification name,default assignment Read 50% 8k,1 'size,% of size,% reads,% random,delay,burst,align,reply 8192,100,50,0,0,25,8192,0 'End access specifications 'Test Setup 'Test Description 'Run Time ' hoursminutesseconds 0 3 0 'Ramp Up Time (ms) 30 'Default Disk Workers to Spawn -1 'Default Network Workers to Spawn 0 'Record Results 0 'Worker Cycling ' start step step type 1 1 0 'Disk Cycling ' start step step type 1 1 0 'Queue Depth Cycling ' startend step step type 1 32 2 1 'Test Type 4 'Version 1998.10.08 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] performance regression between 30.14a and 3.0.20
I am unfamiliar with cachegrind but I assume this is just a profiler. Do you have to compile instrumentation into smbd? Have fun in Boston, great city. Greg On Fri, 2006-03-31 at 09:17 -0800, Jeremy Allison wrote: On Fri, Mar 31, 2006 at 09:49:02AM -0500, Greg Dickie wrote: Yes, it is the win32 version, but its an old one (1998), not sure how the config file will carry to a more recent version. IOmeter Access specifications: Transfer req. size = 64Kb 8Kb Percent of Access Specification = 100% Type of Operation: 100% read; 100% write; 50% read Percent Random/Sequential Distribution: 100% sequential Queue Depth = 8 Reply Size: No Reply Burst Length = 25 I/Os Align I/Os on: 64Kb 8Kb Ramp up Time = 30sec Run Time = 3 min # of clients used: 1 to 9 clients (Linear Stepping) Note that the problem is visible with only one client. The clients are GbE as is the server, not sure if you will see a difference on 100BT. Thank you very much for looking at this, please let me know if there is anything I can do to help. No problem. What I'll do is run the version against a smbd running with cachegrind. That will point out any extra CPU usage we're accumulating between the two versions. If we've regressed because of a code path this will tell us. Might take a while though as I have to be at LinuxWorld Boston next week. Jeremy. -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] performance regression between 30.14a and 3.0.20
Hey Jeremy, This happens when testing under iometer. I can give you the exact paramaters if you want. Thanks, Greg On Wed, 2006-03-29 at 09:50 -0800, Jeremy Allison wrote: On Wed, Mar 29, 2006 at 11:03:02AM -0500, Greg Dickie wrote: Suddenly occurred to me that I wasn't seeing the performance I used to while running 3.0.21c. Went back and tested 3.0.14a on the exact same configuration and boom, smaller writes (8K) were about twice as fast. I narrowed it down to a change between 14a and 20 but there were alot of changes in there. Can anyone think of what this could be? How are you testing this ? If you can give me the exact same test config I can run under cachegrind and it'll tell me exactly where the extra time is being spent between the 3.0.14a and 3.0.20 versions. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] status of samba joining Windows 2003 SP1 ADS
Hi, I haven't been keeping up with my list reading lately so I apologize in advance if this is a stupid question... I tried joining a 3.0.21b samba server to a windows 2003 SP1 ADS yesterday and it seemed to join fine except the logs were full of failed to verify incoming ticket messages which I gather indicates a problem with kerberos. The server is based on redhat 9 and so has MIT krb5 1.2.7. Is this supposed to work? Thanks, Greg -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] corrupt tdb problems
Hi, I'm seeing this in log.winbind [2004/07/16 13:26:57, 0] tdb/tdbutil.c:tdb_log(725) tdb(/var/lib/samba/winbindd_idmap.tdb): rec_free_read bad magic 0x42424242 at offset=25528 [2004/07/16 13:26:57, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50) error getting user id for sid S-1-5-21-2216088991-3827457959-3939315012-1283 [2004/07/16 13:26:57, 0] tdb/tdbutil.c:tdb_log(725) tdb(/var/lib/samba/winbindd_idmap.tdb): rec_free_read bad magic 0x42424242 at offset=25528 [2004/07/16 13:26:57, 0] nsswitch/winbindd_acct.c:wb_storepwnam(467) wb_storepwnam: Failed to store testing:x:2422:99:testing:/home/%D/%U:/bin/false and I'm assuming this is due to a corrupt tdb so I stopped samba and ran tdbbackup and I get this: # tdbbackup *.tdb failed to copy winbindd_idmap.tdb Does this mean it cannot be repaired? Have I lost all my SID-UID mappings and if so why would this happen? THanks alot, Greg -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem Restarting Samba3
Not even. New shares are available immediately AFAIK. At least the were in 2.2.x. Greg On Monday 22 December 2003 10:55 am, David Morel wrote: Le lun 22/12/2003 à 16:49, [EMAIL PROTECTED] a écrit : Is there any trick to adding new shares and making them accessible to Windows without restarting either Samba3 or the whole server? it doesn't usually take more than a killall -HUP smbd -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] why does this happen?
I had problems with that as well. Try doing net groupmad add rid=512 ntgroup=Domain Admins unixgroup=adm At one point I was just going to hack it into the LDAP by hand. On Sunday 21 December 2003 08:47, Craig White wrote: do I somehow have to add RID's? [EMAIL PROTECTED] sbin]# ldapsearch -x -h localhost -b o=Mullen,c=US '(cn=Domain Admins)' version: 2 # # filter: (cn=Domain Admins) # requesting: ALL # # Domain Admins, Groups, Mullen, US dn: cn=Domain Admins,ou=Groups,o=Mullen,c=US objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins memberUid: Administrator description: Netbios Domain Administrators sambaSID: S-1-5-21-3186189367-1246494297-1334198316-512 sambaGroupType: 2 displayName: Domain Admins # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [EMAIL PROTECTED] sbin]# ldapsearch -x -h localhost -b o=Mullen,c=US '(cn=adm)' version: 2 # # filter: (cn=adm) # requesting: ALL # # adm, Group, Mullen, US dn: cn=adm,ou=Group,o=Mullen,c=US objectClass: posixGroup objectClass: top cn: adm gidNumber: 4 memberUid: daemon memberUid: root # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [EMAIL PROTECTED] sbin]# net groupmap add ntgroup=Domain Admins unixgroup=adm No rid or sid specified, choosing algorithmic mapping [2003/12/21 06:43:12, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1612) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP e + rror: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Problem during + adding entry for group Domain Admins failed! -- Greg Dickie just a guy [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can some files be invisible to some users?
HI Andy, The only way I can see to do what you want is to use a preexec script that creates a directory for the machine thats connecting and then maybe symlinks all the frames files into it. You could then use preexec close to clean it up when you disconnect. The downside is that you'd need a share for each clip directory. There's probably a really elegant way to do this via VFS hooks but I've never played with them. hth, Greg On Friday 19 December 2003 13:14, [EMAIL PROTECTED] wrote: This may or may not be relevant to Samba -- hiding files, permissions, etc. I have half a dozen Windows XP video editing workstations all accessing the same data on my Linux Box. Each video editing worstation ideally would like to create it's own index of the video files in the shared directory. The video editing program stores the index data in a file that it HAS to write to the same directory where the media itself is. Does anybody know of a way to let each workstation write it's own index file (they all have to have the same name -- i.e., data.mdb) and put them in a common directory -- yet have each machine's file point to different data? Similarly, each machine needs a directory for temporary storage of captured video files (the directory is called creating) but the machines don't like to share the same directory. Again, this directory has to be a sub-directory of the one with the media files. Is there a solution to my problem? I have a workaround that keeps the machines from interfering with each other -- but it's a little clunky and I'm seeking a more elegant solution. -- Greg Dickie just a guy [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB 3.0.1/LDAP Cannot add computer to domain
On Friday 19 December 2003 04:09 pm, Petri Asikainen wrote: Thanks, I particaly solved this. I have to create machine account by hand and then join domain. It would be be nice that machine account would be automaticly created, like it was before 3.0.x... It can be. You need to put add machine script in your smb.conf. Greg Petri Bertrand Maugain wrote: hi, You could check if everything is okay with each user : pdbedit -L -v -u username Check if the path are fine or not... -Message d'origine- De : Petri Asikainen [mailto:[EMAIL PROTECTED] Envoyé : vendredi 19 décembre 2003 07:07 À : samba Objet : [Samba] SMB 3.0.1/LDAP Cannot add computer to domain I'm trying to setup samba with ldapsam (Novell eDir 8.7.1). Right now I can login to samba and browse my shares with user Administrator, but when I'm trying to add computer to domain I get unknown user name or bad password error. I have administrator, root and nobody accounts in ldap. And I have manualy added following groupmappings to ldap-groups: Domain Users (S-1-5-21-1216271347-3991190149-1732390643-513) - yklusers Domain Admins (S-1-5-21-1216271347-3991190149-1732390643-512) - root System Operators (S-1-5-32-549) - sysops Replicators (S-1-5-32-552) - replicat Guests (S-1-5-32-546) - guests Power Users (S-1-5-32-547) - powerusr Print Operators (S-1-5-32-550) - printop Administrators (S-1-5-32-544) - admins Account Operators (S-1-5-32-548) - accopp Backup Operators (S-1-5-32-551) - bakoper Users (S-1-5-32-545) - users What I should check next? Petri -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SWAT won't work.
On Wednesday 17 December 2003 12:23 am, Phillip Tilleman wrote: It is configured under xinetd. It looks like this. # default: off # description: SWAT is the Samba Web Admin Tool. Use swat \ # to configure your Samba server. To use SWAT, \ # connect to port 901 with your favorite web browser. service swat { disable = no port= 901 socket_type = stream wait= no only_from = localhost ^^^ I think this only allows connections from localhost which might not be what you want. user= root server = /usr/local/samba/bin/swat ^^^ Is this the correct path for swat? log_on_failure += USERID } What else would you suggest? Remember I'm using Red Hat 7.3. That might help. Phillip -Original Message- From: Greg Dickie [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 16, 2003 8:33 PM To: Phillip Tilleman; [EMAIL PROTECTED] Subject: Re: [Samba] SWAT won't work. Swat runs as a separate service, not under the webserver. You need to have it configured in inetd or xinetd. Greg On Tuesday 16 December 2003 22:06, Phillip Tilleman wrote: Ok, here is the problem. Samba is working, I can access it from a account I created from a windows XP machine. So that is good. But I can't get swat to work when I go to my browser windows explorer and go to http://192.168.1.125 http://192.168.1.125/ :901 (which is my static IP address for the machine). Of course with out port 901. But nothing happens when I try to open it. I do have my web server up and going, infact I have a squirl mail up and running. So I know the httpd is up. I'm running Red Hat 7.3 and running samba 3.1. I tried to telnet from the actual machine with samba on it to telnet 192.168.1.125:901 and it says telnet: 127.0.0.1:901: Name or service not known so it's not working. I think that is the problem. How do I get it so httpd service will interact with port 901 and make samba work? Help is appreciated, I'm trying to get samba up and running for a non-profit org. that can not afford to buy windows 2000 server and pay for it, and pay for the 5 licenses we will have to buy. HELP is much appreciated. THANKS Phillip -- Greg Dickie just a guy [EMAIL PROTECTED] -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.1 Available for Download
I had a problem similar to this that Gerry has been working on. Please turn the log level up to 5 and try again then grep the log file for 'incorrect password'. If its there then its the same problem and rumor has it there is a patch. You can also try going back to 3.0.0, that version always seemed to work for me. Greg On Wednesday 17 December 2003 12:05 am, Beast wrote: Tuesday, December 16, 2003, 7:16:35 AM, Gerald wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In an attempt to avoid the holiday rush common to software releases, the Samba Team is proud to announce the availability of the first patch release of the Samba 3.0 code base. Anyone having success story using this version? I'm having weird problem. I can not joint Win-2k/WinXP-Pro with ldapsam (open ldap 2.2.22). With W2000 error says bad username or password, with WXP access denied. I'm trying to create clean ldif entry with only having 2 account, but still no luck, both cretae machine trust 'on the fly' or manual create machine account. Admin user has given SID-500/sambaPrimaryGroupSID=512 and uid/gid=0 [EMAIL PROTECTED] samba]# net groupmap list Domain Admins (S-1-5-21-3005840292-418818142-688599051-512) - root Domain Users (S-1-5-21-3005840292-418818142-688599051-513) - domuser Domain Guests (S-1-5-21-3005840292-418818142-688599051-514) - domguest log from ldap and samba did not give anything usefull (for me at least :) .. [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0048 uni_str_len: 0006 [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) 004c buffer : T.R.G.2.0... [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_uint8s(721) 0058 data: b5 59 ba 7f a7 fc dc 08 [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_debug(81) 00 net_io_r_auth [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_uint8s(721) data: b8 f5 ff bf 45 c3 1b 08 [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) 0008 status: NT_STATUS_ACCESS_DENIED [2003/12/16 18:53:21, 5] rpc_server/srv_pipe.c:api_rpcTNP(1535) api_rpcTNP: called NETLOGON successfully [2003/12/16 18:53:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 46 [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_debug(81) 00 smb_io_rpc_hdr hdr ... If anyone got working setup, please share smb.config and ldif entry if possible :-) Big thanks. --beast -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] I'm confused. What is winbindd supposed to get me?
They are seen as different users. Thats the thing if you have all the same users in AD and /etc/passwd then you don't need winbind. Greg On Wednesday 17 December 2003 08:51 am, David Gadoury wrote: One thing that I am not clear on as of yet, is how winbind will handle the fact that I have duplicate users on both my Linux machines and on my W2K domain, user1 in AD and user1 in /etc/passwd -dG -Original Message- From: Greg Dickie [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 16, 2003 8:40 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Samba] I'm confused. What is winbindd supposed to get me? Hi, winbind is used to import accounts from a windows machine. If all your accounts already exist on the samba machine then you don't need winbind. If you had a disjoint set of users on the samba machine and the windows machine then you would be able to see the union set by using winbind. Does that help at all? Greg On Tuesday 16 December 2003 20:09, [EMAIL PROTECTED] wrote: I've got a Samba member server as part of a Windows NT domain. User accounts have the same name in both domain. I was having all sorts of trouble when winbindd was running with wierd groups showing up. I happened to screw up the winbindd configuration without noticing causing it to crash, but I ran snmd and nmbd anyway and suddenly everything started working perfectly. The docs say you MUST run winbindd. I'm confused. -- Greg Dickie just a guy [EMAIL PROTECTED] -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Variables and TCP/IP Throughput
I believe samba just does setsockopt or ioctl on the sockets. Do you get any errors on the interfaces in jumbo? Does your switch support jumbo? Setting use sendfile=yes will help alot on read speeds from samba. On the windows side check the settings. I think the e1000 has some adaptive spacing setting that kills throughput. Also some things to check on the linux side. e1000 module options like rxIntDelay, etc. You will not get much more performance out of jumbo unless your CPUs are maxed but you should not get less. What kind of numbers are you seeing? hope this helps. Greg On Wednesday 17 December 2003 08:23 am, [EMAIL PROTECTED] wrote: Thanks for the reply. Do you know (and if so, caan you tell me) what the relationship is between these Samba settings and Linux settings such as net.core.rmem_default (or _max), net.core.wmem_default (or _max), net.ipv4.tcp_rmem and net.ipv4.tcp_wmem. Do the Samba options override the Linux socket options, or do they act as another layer of limits and buffers? Perhaps your TCP window is too small You should try the following global settings: read size = 65535 max xmit = 65535 socket options = TCP_NODELAY SO_SNDBUF=65535 SO_RCVBUF=65535 Rgds Per [EMAIL PROTECTED] wrote: Hi, I am trying to optimize my gigabit network. I have two Intel 1000 MT Gigabit Server Adapters, which support Jumbo Frames -- as well as a Switch that supports Jumbo Frames. However, I am observing some strange behavior in my file transfers from Windows XP to Linux and I am wondering if it has anything to do with the way the Samba variables are set on my Linux box? The strange behavior is that when I set both NICs to use Jumbo Frames [MTU=9014 on the Windows side (includes IP headers) , 9000 on the Linux side (doesn't include the headers], I am getting about half the throughput that I get when I set both NICs to use the standard MTU of 1514/1500. I see the same behavior even if I take the switch out of the system and connect the Windows XP and Linux machines directly to each other (crossover cable not required for computer-to-computer connection with these NICs -- and by the way all of my cables are CAT6). On the Linux side, I am using Samba 3.0.0 on Mandrake Linux 9.2 with all of Mandrake's current updates -- kernel = 2.4.22-21enterprisemdk. The Linux machine is a P4-3.06 Ghz with 1 GB of RAM -- running in hyperthreading mode. I am wondering if any of the Samba socket options settings like tcp_nodelay, so_sndbuf=8192 or so_rcvbuf=8192 are affecting my throughput -- particularly when I am using Jumbo Frames? And are there any other Samba settings that might be interacting in a negative way with my TCP/IP and NIC driver settings that are causing me to get lower throughput with Jumbo Frames instead of higher throughput (which is what I am told I should be getting). Any guidance would be appreciated. I have purchased The Official Samba 3 HOW-TO and Reference Guide but it really isn't very helpful when it comes to understanding how to tune these options and how various socket options settings interact with other network settings and hardware. Andy Liebman Resolute Films 119 Braintree Street, Suite 410 Boston, MA 02134 Tel: 617-782-0479 Cell: 617-308-0488 Fax: 617-782-1071 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] change_trust_account_password errors with winbind on 2.2.8a
Hi, We are seeing errors like change_trust_account_password: Failed to change password for domain on a server configured with winbind. wbinfo -t reports a good secret and we can see groups and users. Any idea where this is coming from? Thanks, Greg -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] I'm confused. What is winbindd supposed to get me?
Hi, winbind is used to import accounts from a windows machine. If all your accounts already exist on the samba machine then you don't need winbind. If you had a disjoint set of users on the samba machine and the windows machine then you would be able to see the union set by using winbind. Does that help at all? Greg On Tuesday 16 December 2003 20:09, [EMAIL PROTECTED] wrote: I've got a Samba member server as part of a Windows NT domain. User accounts have the same name in both domain. I was having all sorts of trouble when winbindd was running with wierd groups showing up. I happened to screw up the winbindd configuration without noticing causing it to crash, but I ran snmd and nmbd anyway and suddenly everything started working perfectly. The docs say you MUST run winbindd. I'm confused. -- Greg Dickie just a guy [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Domains and Network Browsing
I'm sure you can make this work better if you only use one wins server. If you are migrating to samba anyway is it an option to at least point everyone to samba as WINS? I've never had any luck with remote announce and in any case it will only announce the server and not any of the other workstations. You might try using the broadcast address of that subnet instead though in case the server is not the browse master. Could you add an interface on the samba machine that was on the other VLAN (ie: multihomed). This way it would announce itself on both broadcast domains. WINS and broadcast seems to be the only way to make network neighborhoods work. hope this helps, Greg On Tuesday 16 December 2003 21:42, Jason Gray wrote: Hi all, I have been working on a multi-domain network (2 of them) with one domain being controlled by Samba/Openldap config and the other a standard Win2k AD. I have had success getting all computers on the Samba domain to see the Win2k controller via the Network browser but it does not seem to be working the other way around. My network config is split up into two separate VLANs using an extreme switch (192.168.1.0 and 192.168.1.0). They talk to each other through a router, have gateways out to a firewall and then pass into the internet. Both domains have WINS/DNS/DHCP running. Each domain has each others WINS/DNS in their config files. Both DHCP servers have propagated each others DNS/WINS to the various workstations (Each DHCP services only one sub-net). On workstations within the Win2k domain I can type in the desired workstation and it does appear or I can search for it. However, the Domain container for the SAMBA group is missing on workstations within the Win2k domain (hope that makes sense). Below is a version of my smb.conf file: server string = workgroup = BOGUSGROUP netbios name = BOGUSNAME null passwords = yes passdb backend = ldapsam:ldap://localhost log level =1 add user script = /usr/local/sbin/smbldap-useradd.pl -a -m %u add group script = /usr/local/sbin/smbldap-groupadd.pl -g %g add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u logon path = \{}\{}%L\{}profiles\{}$user logon drive = H: logon home = \{}\{}%L\{}$user\{}.profiles domain logons = yes os level = 64 preferred master =yes domain master = yes ldap suffix = dc=group,dc=ca ldap machine suffix = cn=Computers,ou=Systems,sambaDomainName=BOGUSGROUP,dc=group,dc=ca ldap user suffix = cn=Users,ou=People,sambaDomainName=BOGUSGROUP,dc=group,dc=ca #ldap group suffix = cn=Group,ou=Groups,sambaDomainName=BOGUSGROUP,dc=group,dc=ca ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) ldap admin dn = cn=Manager,dc=group,dc=ca ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/%D/%U template shell = /bin/bash winbind separator = + wins support = yes wins server = 192.168.2.17, 192.168.1.9 wins proxy = yes dns proxy = yes admin users = administrator, root remote announce = 192.168.1.9/SAMBADOMAIN interfaces = 192.168.2.16/24 192.168.2.17/24 I thought that maybe the remote announce would work but it hasn't seemed to. The problem is it is hard to tell which domain controller is at fault. I don't think that the Samba is the problem. The WINS on the win2k box was mangled until recently and the DNS is also flaky (hence the move over to Samba). But I have to keep both domains up for the next little while (production environment) and then we will slowly migrate everyone over. Any thoughts would be appreciated. Jason -- Greg Dickie just a guy [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SWAT won't work.
Swat runs as a separate service, not under the webserver. You need to have it configured in inetd or xinetd. Greg On Tuesday 16 December 2003 22:06, Phillip Tilleman wrote: Ok, here is the problem. Samba is working, I can access it from a account I created from a windows XP machine. So that is good. But I cant get swat to work when I go to my browser windows explorer and go to http://192.168.1.125 http://192.168.1.125/ :901 (which is my static IP address for the machine). Of course with out port 901. But nothing happens when I try to open it. I do have my web server up and going, infact I have a squirl mail up and running. So I know the httpd is up. Im running Red Hat 7.3 and running samba 3.1. I tried to telnet from the actual machine with samba on it to telnet 192.168.1.125:901 and it says telnet: 127.0.0.1:901: Name or service not known so its not working. I think that is the problem. How do I get it so httpd service will interact with port 901 and make samba work? Help is appreciated, Im trying to get samba up and running for a non-profit org. that can not afford to buy windows 2000 server and pay for it, and pay for the 5 licenses we will have to buy. HELP is much appreciated. THANKS Phillip -- Greg Dickie just a guy [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain account
Hi Dede, Just to confirm. You are logged onto the workstation as local administrator (or a local account with admin privileges) correct? Then you try to join the domain and when it asks you for the username password you use root and the root password yes? Have you added the root user in your samba password database with smbpasswd? This usually works pretty easily and I don't understand why you would get that error. Greg On Tuesday 16 December 2003 23:35, Dede NURMANSYAH wrote: Dear All, Sorry if this question has been posted before but there's no enough answer to solved my problem and I'm going crazy because of it:( I'm currently installed Samba-2.2.8a as logon server on My FreeBSD 5.0. For Win 9.X client there's no problem at all. But when I tried to joining W2K client into samba domain it's shown an error message such as : the account used is a computer account. use your global user account or local user account to access this server I've already used root account to joining W2K client into my Samba Server and already put @wheel in domain admin group on my smb.conf too. Before that I've already added machine account using vipw into my passwd file. I hope there's anybody who could show me the missing part that I've forgot. Sorry if my English makes you confused. :) Regards, Dede Nurmansyah Here's my global part of smb.conf [global] workgroup = NIX netbios name = FreeBSD server string = Samba 2.2.8a on FreeBSD 5.0 encrypt passwords = yes domain admin group = @wheel, @smbuser domain logons = yes os level = 65 preferred master = yes domain master = yes wins proxy = yes wins support = yes -- Greg Dickie just a guy [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] incorrect password length when joining domain, need help
Hi, Just tried this and it fixes my problem as well. thanks! I guess this needs to be fixed before 3.0.1 releases. Jerry, if you need me to play with the broken code to get more info please let me know. Greg On Monday 15 December 2003 12:26 pm, Matthew Schumacher wrote: Confirmed, 3.0.0 fixes the problem. Does samba have a trouble ticket system where we could submit a issue? Charles Hamel wrote: I fixed my problem, This problem started to appear with 3.0.1rc1 ( maybe pre3 too ). I installed RC2 and it did not fix the problem, 3.0.0 works fine! Charles On Fri, 12 Dec 2003 14:01:51 -0500, Charles Hamel wrote Hi I just re-initiated by ldap sam database using smbldap-populate.pl, modified the Administrator account (uid/gid=0). I can join the domain from a Samba 2.2.7 linux machine, it creates the machine account etc... The problem happens with Windows 2000 SP2, It tells me wrong user/password. Here is the samba error : decode_pw_buffer: incorrect password length (-2118884061). Here is the full log : Attempting administrator password change (level 23) for user workstation$ [2003/12/12 13:25:57, 0] libsmb/smbencrypt.c:decode_pw_buffer(501) decode_pw_buffer: incorrect password length (-2118884061). [2003/12/12 13:25:57, 0] libsmb/smbencrypt.c:decode_pw_buffer(502) decode_pw_buffer: check that 'encrypt passwords = yes' [2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_debug(82) 00 samr_io_r_set_userinfo [2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) status: NT_STATUS_ACCESS_DENIED [2003/12/12 13:25:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549) api_rpcTNP: called samr successfully Here is my smb.conf file [global] ADD SCRIPTS add machine script = /usr/local/samba/share/smbldap-useradd.pl -w %u add user script = /usr/local/samba/share/smbldap-useradd.pl %u delete user script = /usr/local/samba/share/smbldap-userdel.pl %u add group script = /usr/local/samba/share/smbldap-groupadd.pl %g delete group script = /usr/local/samba/share/smbldap-groupdel.pl %g add user to group script = /usr/local/samba/share/smbldap- groupmod.pl -m %u %g delete user from group script = /usr/local/samba/share/smbldap-groupmod.pl -x %u %g set primary group script = /usr/local/samba/share/smbldap-usermod.pl -G %g %u null passwords = yes #unix charset = UTF-8 passdb backend = ldapsam:ldap://localhost/ ldap suffix = o=smb,dc=qc,dc=ca ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=root,o=smb,dc=qc,dc=ca guest account = nobody workgroup = LINUX netbios name = PDC comment = Server security = user encrypt passwords = yes logon script = scripts\%U.bat domain logons = Yes os level = 255 preferred master = Yes domain master = Yes #hosts allow = 192.168.0.0/255.255.255.0 share modes = No wins support = Yes [homes] path=/home/domainusers read only = No create mask = 0700 directory mask = 0700 locking = No oplocks = No [netlogon] path = /usr/local/samba/netlogon locking = no read only = yes [profiles] path = /home/domainusers/profiles read only = no writeable = yes create mask = 0600 directory mask = 0700 Here is the LDIF entry of Administrator : dn: uid=Administrator,ou=Users,o=smb,dc=qc,dc=ca cn: Administrator sn: Administrator objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount uid: Administrator sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaHomePath: \\PDC\homes sambaHomeDrive: U: sambaProfilePath: \\PDC\profiles\ loginShell: /bin/false gecos: Netbios Domain Administrator sambaSID: S-1-5-21-3655003630-1527190663-3647191254-1000 sambaPrimaryGroupSID: S-1-5-21-3655003630-1527190663-3647191254-1001 uidNumber: 0 gidNumber: 0 homeDirectory: / sambaLMPassword: XX (removed) sambaAcctFlags: [U] sambaNTPassword: XX (removed) sambaPwdLastSet: 1071185436 sambaPwdMustChange: 1075073436 userPassword:: XX (removed) I am running Samba 3.0.1rc1 on Redhat 9.0 Please help me Thank you Charles -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Open WebMail Project (http://openwebmail.org) -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.1rc2 LDAP - problems joining domain
yup. saw that after I reported it and downgraded. thanks very much, Greg On Monday 15 December 2003 02:45 pm, you wrote: You are not the only one have this problem, the samba team is working to fix this. I had the same problem, downgraded to 3.0.1pre3 and it works. Charles Hamel On 03-12-15, at 11:48, Greg Dickie wrote: Hi, I'm back on the list ;-) I seem to be having some trouble getting W2K machines to join the domain in 3.0.1rc2. I haven't looked at this in detail since 2.2.8a but it looks like the account gets created in LDAP and then it has trouble setting the password appropriately. I believe this is the relevant part of the log: api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82) 00 samr_io_q_set_userinfo [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635) data1: [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 0008 [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 71 e1 dd 3f 61 70 00 00 [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 switch_value: 0018 [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 switch_value: 0018 [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 password: 2d 71 6b 2a f1 b4 66 69 84 2b 0c ec 88 4d 53 90 21 b8 a9 99 47 86 d2 81 67 6b a3 ac 11 3d 30 31 e6 5d 54 4e ae c1 7e a6 85 eb 7f 9c 33 be 4e 62 60 5c f4 9b aa b3 87 fa 03 cc b7 be 0d ab 1c 62 07 34 63 37 dc 27 3b f7 d8 69 70 b6 b3 18 dd e6 aa ec 8a 53 98 9a a9 2d 93 f8 da b7 83 be 6d 5f ed e0 bc fd c0 d7 6f 9e 6c 5b d5 2b 94 86 52 f2 4a ce c0 54 3e 25 8d 91 42 0d 08 a4 9f 8c 3b 05 2f bd 60 c2 eb 57 c6 8d 0b 43 aa 48 49 32 30 1f a8 71 22 b7 e7 5e 73 c5 d2 8b 33 9b b3 e4 64 b9 18 9f 22 86 f2 d7 78 bc 37 0b cb da 09 b2 88 42 0a 5e 91 8c 3d eb 1f fb 97 06 54 f6 04 92 40 d4 8a b0 34 b9 5c 02 73 e0 34 95 b0 e2 dd 57 44 30 45 6b 10 ca a0 19 40 9c 26 f5 ad 15 ac a9 5a 43 ca 9b 7e cb 30 de fe 77 24 13 ea 75 ea c3 c2 46 de c7 be 2a dd 68 dc 49 ad 12 73 94 98 cd 8a 3d f5 e4 dd 07 d3 0f 8a 7f ce 95 d4 2c 0f 64 4c 51 ac 98 28 21 e7 0d 7e 4a ea 5b 72 d7 e7 e8 a6 9b ec fb b7 56 b6 7e 09 fe 0c 47 a5 02 e9 03 ec bb 99 b3 6c 96 92 d9 12 f7 71 d0 6b c9 44 87 5a 45 44 c3 7b d6 e2 4b b1 a3 19 8b 08 2 + 4 4d b0 91 e0 1a 37 37 30 59 5e e3 5b d9 a0 c2 89 da 5a d5 23 a9 37 c4 36 bd d0 72 29 45 c1 ee 12 88 bf 30 89 32 de 20 9e 61 fc 81 7e 27 4f 2a a3 b0 b6 c7 2d 5f e3 43 45 3f 57 f6 a2 31 56 32 cf eb e0 dd 5d 8a bd 4e ce 64 d1 83 d7 87 95 53 d0 ef e0 18 7d ed c9 c4 d3 1c 48 6c b5 17 dc 69 27 2c 1c b5 b7 db d9 34 09 21 c0 d4 98 1e fe 9f 0f 67 f3 ca f6 52 13 d8 27 e8 52 99 20 e0 ba a7 49 66 90 ac dc 4a cb ba d8 cd cf 66 e1 0e 53 0b 24 22 d1 4d 6f 86 d0 7f aa a2 24 cc 70 34 cc cb 4b 29 a4 cd 1f 9d f5 6a c2 70 15 12 5c 86 b8 79 6c 64 89 21 62 7a a2 18 f9 [2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2937) _samr_set_userinfo: 2937 [2003/12/15 11:29:37, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 08 00 00 00 00 00 00 00 71 E1 DD 3F q? [010] 61 70 00 00 ap.. [2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(105) _samr_set_userinfo: access check ((granted: 0x00b0; required: 0x0024) [2003/12/15 11:29:37, 4] rpc_server/srv_samr_nt.c:access_check_samr_function(109) _samr_set_userinfo: ACCESS should be DENIED (granted: 0x00b0; required: 0x0024) but overwritten by euid == 0 [2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2950) _samr_set_userinfo: sid:S-1-5-21-2656636599-2098491866-229994164-3044, level:24 [2003/12/15 11:29:37, 2] lib/smbldap.c:smbldap_search_suffix(1068) smbldap_search_suffix: searching for:[((sambaSID=S-1-5-21-2656636599-2098491866-229994164 -3044)(objectclass=sambaSamAccount))] [2003/12/15 11:29:37, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: gt1$ [2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(2877) Attempting administrator password change for user gt1$ [2003/12/15 11:29:37, 0] libsmb/smbencrypt.c:decode_pw_buffer(501) decode_pw_buffer: incorrect password length (-2128390977). [2003/12/15 11:29:37, 0] libsmb/smbencrypt.c:decode_pw_buffer(502) decode_pw_buffer: check that 'encrypt passwords = yes' [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82) 00
Re: [Samba] 3.0.1rc2 LDAP - problems joining domain
Here's the wierd part though. I was just trying to reproduce the problem to get some level 10 logs and now it seems to work (of course just when I want it to screw-up ;-). So its not like its always busted. thanks, Greg On Monday 15 December 2003 02:53 pm, Greg Dickie wrote: yup. saw that after I reported it and downgraded. thanks very much, Greg On Monday 15 December 2003 02:45 pm, you wrote: You are not the only one have this problem, the samba team is working to fix this. I had the same problem, downgraded to 3.0.1pre3 and it works. Charles Hamel On 03-12-15, at 11:48, Greg Dickie wrote: Hi, I'm back on the list ;-) I seem to be having some trouble getting W2K machines to join the domain in 3.0.1rc2. I haven't looked at this in detail since 2.2.8a but it looks like the account gets created in LDAP and then it has trouble setting the password appropriately. I believe this is the relevant part of the log: api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82) 00 samr_io_q_set_userinfo [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635) data1: [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 0008 [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 71 e1 dd 3f 61 70 00 00 [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 switch_value: 0018 [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 switch_value: 0018 [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 password: 2d 71 6b 2a f1 b4 66 69 84 2b 0c ec 88 4d 53 90 21 b8 a9 99 47 86 d2 81 67 6b a3 ac 11 3d 30 31 e6 5d 54 4e ae c1 7e a6 85 eb 7f 9c 33 be 4e 62 60 5c f4 9b aa b3 87 fa 03 cc b7 be 0d ab 1c 62 07 34 63 37 dc 27 3b f7 d8 69 70 b6 b3 18 dd e6 aa ec 8a 53 98 9a a9 2d 93 f8 da b7 83 be 6d 5f ed e0 bc fd c0 d7 6f 9e 6c 5b d5 2b 94 86 52 f2 4a ce c0 54 3e 25 8d 91 42 0d 08 a4 9f 8c 3b 05 2f bd 60 c2 eb 57 c6 8d 0b 43 aa 48 49 32 30 1f a8 71 22 b7 e7 5e 73 c5 d2 8b 33 9b b3 e4 64 b9 18 9f 22 86 f2 d7 78 bc 37 0b cb da 09 b2 88 42 0a 5e 91 8c 3d eb 1f fb 97 06 54 f6 04 92 40 d4 8a b0 34 b9 5c 02 73 e0 34 95 b0 e2 dd 57 44 30 45 6b 10 ca a0 19 40 9c 26 f5 ad 15 ac a9 5a 43 ca 9b 7e cb 30 de fe 77 24 13 ea 75 ea c3 c2 46 de c7 be 2a dd 68 dc 49 ad 12 73 94 98 cd 8a 3d f5 e4 dd 07 d3 0f 8a 7f ce 95 d4 2c 0f 64 4c 51 ac 98 28 21 e7 0d 7e 4a ea 5b 72 d7 e7 e8 a6 9b ec fb b7 56 b6 7e 09 fe 0c 47 a5 02 e9 03 ec bb 99 b3 6c 96 92 d9 12 f7 71 d0 6b c9 44 87 5a 45 44 c3 7b d6 e2 4b b1 a3 19 8b 08 2 + 4 4d b0 91 e0 1a 37 37 30 59 5e e3 5b d9 a0 c2 89 da 5a d5 23 a9 37 c4 36 bd d0 72 29 45 c1 ee 12 88 bf 30 89 32 de 20 9e 61 fc 81 7e 27 4f 2a a3 b0 b6 c7 2d 5f e3 43 45 3f 57 f6 a2 31 56 32 cf eb e0 dd 5d 8a bd 4e ce 64 d1 83 d7 87 95 53 d0 ef e0 18 7d ed c9 c4 d3 1c 48 6c b5 17 dc 69 27 2c 1c b5 b7 db d9 34 09 21 c0 d4 98 1e fe 9f 0f 67 f3 ca f6 52 13 d8 27 e8 52 99 20 e0 ba a7 49 66 90 ac dc 4a cb ba d8 cd cf 66 e1 0e 53 0b 24 22 d1 4d 6f 86 d0 7f aa a2 24 cc 70 34 cc cb 4b 29 a4 cd 1f 9d f5 6a c2 70 15 12 5c 86 b8 79 6c 64 89 21 62 7a a2 18 f9 [2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2937) _samr_set_userinfo: 2937 [2003/12/15 11:29:37, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 08 00 00 00 00 00 00 00 71 E1 DD 3F q? [010] 61 70 00 00 ap.. [2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(105) _samr_set_userinfo: access check ((granted: 0x00b0; required: 0x0024) [2003/12/15 11:29:37, 4] rpc_server/srv_samr_nt.c:access_check_samr_function(109) _samr_set_userinfo: ACCESS should be DENIED (granted: 0x00b0; required: 0x0024) but overwritten by euid == 0 [2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2950) _samr_set_userinfo: sid:S-1-5-21-2656636599-2098491866-229994164-3044, level:24 [2003/12/15 11:29:37, 2] lib/smbldap.c:smbldap_search_suffix(1068) smbldap_search_suffix: searching for:[((sambaSID=S-1-5-21-2656636599-2098491866-229994164 -3044)(objectclass=sambaSamAccount))] [2003/12/15 11:29:37, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: gt1$ [2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(2877
Re: [Samba] 3.0.1rc2 LDAP - problems joining domain
I downgraded all the way to 3.0.0 just because that rpm was already there. do you want me to try 1pre3 although I can't seem to reproduce it with 1rc2 anymore? Greg On Monday 15 December 2003 03:17 pm, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charles Hamel wrote: | You are not the only one have this problem, the samba | team is working to fix this. | | I had the same problem, downgraded to 3.0.1pre3 and | it works. 3.0.1pre3 ? or 3.0.0 ? cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/3hbkIR7qMdg1EfYRAjXdAKC84daYNnSlRo0d6NK1BYpLkyaBkACaAot0 SPtVPCKlz2VHOqFwLNgr7Qo= =/4S8 -END PGP SIGNATURE- -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.1rc2 LDAP - problems joining domain
heh heh On Monday 15 December 2003 03:10 pm, Adam Williams wrote: Here's the wierd part though. I was just trying to reproduce the problem to get some level 10 logs and now it seems to work (of course just when I want it to screw-up ;-). So its not like its always busted. Don't ya' hate it when that happens. Now you've probably jinx'd me, and next time it won't work although it always has. :) -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.1rc2 LDAP - problems joining domain
Hi, I'm back on the list ;-) I seem to be having some trouble getting W2K machines to join the domain in 3.0.1rc2. I haven't looked at this in detail since 2.2.8a but it looks like the account gets created in LDAP and then it has trouble setting the password appropriately. I believe this is the relevant part of the log: api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82) 00 samr_io_q_set_userinfo [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635) data1: [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 0008 [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 71 e1 dd 3f 61 70 00 00 [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 switch_value: 0018 [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 switch_value: 0018 [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 password: 2d 71 6b 2a f1 b4 66 69 84 2b 0c ec 88 4d 53 90 21 b8 a9 99 47 86 d2 81 67 6b a3 ac 11 3d 30 31 e6 5d 54 4e ae c1 7e a6 85 eb 7f 9c 33 be 4e 62 60 5c f4 9b aa b3 87 fa 03 cc b7 be 0d ab 1c 62 07 34 63 37 dc 27 3b f7 d8 69 70 b6 b3 18 dd e6 aa ec 8a 53 98 9a a9 2d 93 f8 da b7 83 be 6d 5f ed e0 bc fd c0 d7 6f 9e 6c 5b d5 2b 94 86 52 f2 4a ce c0 54 3e 25 8d 91 42 0d 08 a4 9f 8c 3b 05 2f bd 60 c2 eb 57 c6 8d 0b 43 aa 48 49 32 30 1f a8 71 22 b7 e7 5e 73 c5 d2 8b 33 9b b3 e4 64 b9 18 9f 22 86 f2 d7 78 bc 37 0b cb da 09 b2 88 42 0a 5e 91 8c 3d eb 1f fb 97 06 54 f6 04 92 40 d4 8a b0 34 b9 5c 02 73 e0 34 95 b0 e2 dd 57 44 30 45 6b 10 ca a0 19 40 9c 26 f5 ad 15 ac a9 5a 43 ca 9b 7e cb 30 de fe 77 24 13 ea 75 ea c3 c2 46 de c7 be 2a dd 68 dc 49 ad 12 73 94 98 cd 8a 3d f5 e4 dd 07 d3 0f 8a 7f ce 95 d4 2c 0f 64 4c 51 ac 98 28 21 e7 0d 7e 4a ea 5b 72 d7 e7 e8 a6 9b ec fb b7 56 b6 7e 09 fe 0c 47 a5 02 e9 03 ec bb 99 b3 6c 96 92 d9 12 f7 71 d0 6b c9 44 87 5a 45 44 c3 7b d6 e2 4b b1 a3 19 8b 08 2 + 4 4d b0 91 e0 1a 37 37 30 59 5e e3 5b d9 a0 c2 89 da 5a d5 23 a9 37 c4 36 bd d0 72 29 45 c1 ee 12 88 bf 30 89 32 de 20 9e 61 fc 81 7e 27 4f 2a a3 b0 b6 c7 2d 5f e3 43 45 3f 57 f6 a2 31 56 32 cf eb e0 dd 5d 8a bd 4e ce 64 d1 83 d7 87 95 53 d0 ef e0 18 7d ed c9 c4 d3 1c 48 6c b5 17 dc 69 27 2c 1c b5 b7 db d9 34 09 21 c0 d4 98 1e fe 9f 0f 67 f3 ca f6 52 13 d8 27 e8 52 99 20 e0 ba a7 49 66 90 ac dc 4a cb ba d8 cd cf 66 e1 0e 53 0b 24 22 d1 4d 6f 86 d0 7f aa a2 24 cc 70 34 cc cb 4b 29 a4 cd 1f 9d f5 6a c2 70 15 12 5c 86 b8 79 6c 64 89 21 62 7a a2 18 f9 [2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2937) _samr_set_userinfo: 2937 [2003/12/15 11:29:37, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 08 00 00 00 00 00 00 00 71 E1 DD 3F q? [010] 61 70 00 00 ap.. [2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(105) _samr_set_userinfo: access check ((granted: 0x00b0; required: 0x0024) [2003/12/15 11:29:37, 4] rpc_server/srv_samr_nt.c:access_check_samr_function(109) _samr_set_userinfo: ACCESS should be DENIED (granted: 0x00b0; required: 0x0024) but overwritten by euid == 0 [2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2950) _samr_set_userinfo: sid:S-1-5-21-2656636599-2098491866-229994164-3044, level:24 [2003/12/15 11:29:37, 2] lib/smbldap.c:smbldap_search_suffix(1068) smbldap_search_suffix: searching for:[((sambaSID=S-1-5-21-2656636599-2098491866-229994164-3044)(objectclass=sambaSamAccount))] [2003/12/15 11:29:37, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: gt1$ [2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(2877) Attempting administrator password change for user gt1$ [2003/12/15 11:29:37, 0] libsmb/smbencrypt.c:decode_pw_buffer(501) decode_pw_buffer: incorrect password length (-2128390977). [2003/12/15 11:29:37, 0] libsmb/smbencrypt.c:decode_pw_buffer(502) decode_pw_buffer: check that 'encrypt passwords = yes' [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82) 00 samr_io_r_set_userinfo [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) status: NT_STATUS_ACCESS_DENIED [2003/12/15 11:29:37, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549) api_rpcTNP: called samr successfully In particular, I find the decode_pw_buffer warnings to be troubling (there are no passwords in the LDAP entry at this point). Perhaps an initialized variable? Any help would be most appreciated. regards, Greg -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list
[Samba] Re: Need help in reproducing Incorrect password length error
picky picky ;-) tomorrow I'll try replicating the problem again using the same machine that I initially had the problem with. Its the accounting guy and he was doing payroll so we don't want to interrupt that ;-) In our case its ldapsam and we are using the smbldap-tools although from what Ive seen we could probably just use useradd co. Greg On Monday 15 December 2003 18:00, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: | We're having some trouble reproducing this error. If | anyone who is seeing this error in the smbd logs when | attempting to join a Samba domain: | | decode_pw_buffer: incorrect password length | | Please send me a level 10 smbd debug log for the entire | join attempt. We're think we know what the problem is | but need to confirm it in the logs. This is the *last* | thing holding up 3.0.1. Any help would be appreciated. | Thanks. Has anyone seen this using tdbsam ? Or are the only people experiencing the problem using an LDAP backend ? If the latter are people only using the smbldap-tools ? I'm looking for a common thread. As of yet, I still don't have any usable log files from anyone. - -- ciao, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/3j0fIR7qMdg1EfYRAj7MAJsGgy7eX8QEGw0+GppuIm1GDJEKnwCfehwt IEnuU6th2EbIe2IWmB1p1fs= =bods -END PGP SIGNATURE- -- -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group Mapping problems
I think a debug level 5 will show you exactly what its looking for. You can do smbcontrol smbd debug 5 to set that. hth, Greg On Monday 15 December 2003 17:27, Robert Rati wrote: I'm trying to map my LDAP groups to Windows Groups, but I'm not having any luck. Here is a group I'm trying to map: dn: cn=dom_admin,ou=Groups,dc=wdselab objectClass: sambaGroupMapping objectClass: posixGroup gidNumber: 1000 cn: dom_admin memberUid: dom_admin description: Domain Admininistrators Group sambaSID: S-1-5-21-835892245-73647866-3919785651-512 sambaGroupType: 2 but when I do a net groupmap command, I get this error over and over again: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: invalid DN (Invalid DN syntax) What DN syntax is being used for this search? How do I modify it/fix this problem? Rob -- Greg Dickie just a guy [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba