Re: [Samba] Dual booted clients with different name drop each other out of domain
Quoting Roman Muñoz ta...@infonegocio.com: But XP and Ubuntu keep dropping each other out of domain. Any ideas? You might not be seeing this, but it is something to think about... I needed (or chose to) create separate machine accounts for each dual booted OS. One OS would change the machine account password, and the other OS would not be able to join the domain since it had the wrong password. Giving each OS a separate machine name made life a lot nicer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7
A while back, Volker sent out the following: [Hide Quoted Text] That won't work. Your only chance is Samba 3.3.4 with HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOnSeal = 0 DWORD RequireStrongKey = 0 Haven't tested that yet, but you should get some steps further. Volker I gave it a shot this afternoon, and was able to get to the Welcome to the XXX domain message. Afterwards I immediately received an error Changing the primary DNS name of this computer to failed. The specified domain does not exist, or could not be contacted. Just an FYI for those interested. Attempts to logon afterwards were met with an error about not being able to establish a trust relationship with the server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smbd processes sticking around
We are running 3.4.2-0.42.fc11, and I have been noticing some extra processes sticking around, for lack of a better term. If I run w on the server I see around 11 users logged on running smbd -D. Here is an example (with the user name removed): smb/12 :::10.0.1.7 Fri160.00s 0.00s 1:10 smbd -D Nobody is in the lab, and the accounts are not logged on. (Well one might be, but not all of these entries). Furthermore, there are multiple daemons associated with the same IP address. 10.0.1.7 has entries on smb/9, smb/10, and smb/12. What might cause this? And is there a way to ensure that smb users do not show up as being logged onto the server? I do not recall this behavior in the past. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can't compiling over CIFS Shares
Quoting Bruno MACADRE bruno.maca...@univ-rouen.fr: Volker Lendecke a écrit : On Mon, Oct 05, 2009 at 04:30:41PM +0200, Bruno MACADRE wrote: Hi, My problems with Samba continue... I'm very disappointed, i've never had as problems with Samba before (on my old server with Gentoo/Samba 3.0.23...). So the new problem is : When a student want to compile a C program into his home (mounted in CIFS), the produced executable can't be executed ./tst: cannot execute binary file. Tried on ubuntu-9.04 with mount.cifs 3.2.3 and mount.cifs 3.4.2. Isn't this more a problem with linux cifs rather than Samba on the server? The mount.cifs version has only minor relevance on the behaviour of the in-kernel module. Volker Maybe, Actually my kernel is 2.6.28-15-generic (basic ubuntu-desktop kernel). I'll try another kernel and tell you what's happened Another kernel seems overkill, and slow. This sounds like a problem with mounting options to me. What was the command-line or the fstab entry for this filesystem? Perhaps we can see something wrong there. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] FAT32 format HDD recognizes as NTFS
Quoting Sallow Yang sallow.y...@gmail.com: Hi, The following are my steps: 1. Insert a FAT32 format HDD into usb port of Linux PC. 2. After HDD mounted successfully, configure and start samba to share the HDD. 3. Using Map Network Drive of Windows XP to map the HDD to a windows network drive. 4.Open the mapped network drive, can see NTFS file system on the left details. It shows the wrong info, could anybody help me? Thanks in advance!! Samba allows a directory your Linux box to appear to be an NTFS volume. That is its purpose. It really doesn't matter what the original filesystem is: you can export an ext3 filesystem, ext4, xfs, FAT32... whatever the original filesystem is, the Samba clients (for example your XP machine) will see it as an NTFS volume. This isn't really all that different (in my opinion) from the way that NFS will make directories appear as NFS volumes. It didn't matter what the original filesystem was in that case either. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot Access Workgroup shares
Quoting Dan Grindstaff d...@oakrun.net: Hello All, I have set up samba server 3.0.33-0.fc8 and successfully created a share accessible by all machines in my workgroup. When I open up network on my linux box I can see all other machines in the workgroup. I have set up other shares on other machines and am able to see them but when I try to open the share from linux I get login message. I do not want to have to log in from linux. I have set up the shares on the windows machines to be accessible to everyone. TIA for any and all advice. Well the Linux client behavior probably has little to do with the server side. You might consider providing credentials in /etc/fstab and mount the shares that way. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] No responses, not a one?
Quoting John Drescher dresche...@gmail.com: One thing you can do to try to generate help is to try to debug the problem yourself. I mean do your logs show anything suspicious when the failure occurs? If so post that output. Also if you could update your samba to the current version (3.0.35) and test that. Isn't 3.4 the current version? Or is that prerelease? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 3.2.11 not compiling on solaris 9 (libtalloc.so.1 error)
Quoting Hambleton, Tom tom.hamble...@lmco.com: I am consistently getting libtalloc.so.1: No such file or directory when attempting to 'make' any version of samba. I've tried all of the suggestions from the list archives on this subject. Using Solaris 9 sparc. Current versions are: gcc 3.4.6 (sunfreeware pkg) samba-3.2.11 (and any other version of samba I try) Admittedly - compiling from source is not something I do very often. My 'configure' options: $ ./configure --prefix=/opt/sambatest CFLAGS=-I/opt/local/include CPPFLAGS=-I/opt/local/inlcude LDFLAGS=-L/opt/local/lib It completes successfully, except I get many similar messages to: configure:3925: checking how to run the C preprocessor configure:3965: gcc -E -I/opt/local/inlcude conftest.c configure:3972: $? = 0 configure:4003: gcc -E -I/opt/local/inlcude conftest.c conftest.c:9:28: ac_nonexistent.h: No such file or directory configure:4010: $? = 1 configure: failed program was: | /* confdefs.h. */ You have 'include' spelled wrong. Since configure didn't get to do its job, the rest of the errors are probably expected. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] server response does not appear to correspond to request
Here is a second, somewhat related question to my last one. When looking over the network trace I have ran into something I cannot explain. It may be quite proper, in which case I am misreading the trace. But I would appreciate it if someone would explain this to me. In packet 109 of the trace (during a login with no profile on the server), I see a NT Create AndX request for the path \jon.V2. I'll provide the captured packet below. But for now, this makes perfect sense. I am certainly interested in the resolution of this request. The trace lists the response as coming in packet 110. Well, that is convenient, as I don't have far to look. In packet 110 I learn that the request failed. The packet shows that it is a response to packet 109, so we are consistent so far. But the filename in the response is \jon\Desktop. Desktop never appeared in the original request, yet my read of the response is that a create failed on a path which differed from that in the request. Assuming that I am mistaken, it would be very helpful if I understood where I am going wrong in my thinking. As always, feedback from the list is appreciated. Jonathon Doran University of North Texas, LARC Frame 109 (158 bytes on wire, 158 bytes captured) Ethernet II, Src: warcraft.larc.local (00:1e:4f:d3:65:a9), Dst: unreal.larc.local (00:14:85:14:f5:78) Internet Protocol, Src: warcraft.larc.local (10.0.1.5), Dst: unreal.larc.local (10.0.0.2) Transmission Control Protocol, Src Port: 49159 (49159), Dst Port: netbios-ssn (139), Seq: 5200, Ack: 4597, Len: 104 Source port: 49159 (49159) Destination port: netbios-ssn (139) [Stream index: 2] Sequence number: 5200(relative sequence number) [Next sequence number: 5304(relative sequence number)] Acknowledgement number: 4597(relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) Window size: 65700 (scaled) Checksum: 0xf3d6 [validation disabled] [SEQ/ACK analysis] NetBIOS Session Service SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 110] SMB Command: NT Create AndX (0xa2) NT Status: STATUS_SUCCESS (0x) Flags: 0x18 Flags2: 0xc807 Process ID High: 0 Signature: Reserved: Tree ID: 4 (\\UNREAL\PROFDATA) Process ID: 980 User ID: 102 (LARC\jon) Multiplex ID: 2304 NT Create AndX Request (0xa2) Word Count (WCT): 24 AndXCommand: No further commands (0xff) Reserved: 00 AndXOffset: 57054 Reserved: 00 File Name Len: 14 Create Flags: 0x0010 Root FID: 0x Access Mask: 0x00100100 Allocation Size: 0 File Attributes: 0x Share Access: 0x0007 SHARE_DELETE SHARE_WRITE SHARE_READ Disposition: Open (if file exists open it, else fail) (1) Create Options: 0x0020 Impersonation: Impersonation (2) Security Flags: 0x00 Byte Count (BCC): 17 File Name: \jon.V2 Frame 110 (93 bytes on wire, 93 bytes captured) Ethernet II, Src: unreal.larc.local (00:14:85:14:f5:78), Dst: warcraft.larc.local (00:1e:4f:d3:65:a9) Internet Protocol, Src: unreal.larc.local (10.0.0.2), Dst: warcraft.larc.local (10.0.1.5) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 49159 (49159), Seq: 4597, Ack: 5304, Len: 39 Source port: netbios-ssn (139) Destination port: 49159 (49159) [Stream index: 2] Sequence number: 4597(relative sequence number) [Next sequence number: 4636(relative sequence number)] Acknowledgement number: 5304(relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) Window size: 23040 (scaled) Checksum: 0x1548 [validation disabled] [SEQ/ACK analysis] NetBIOS Session Service SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 109] [Time from request: 0.001582000 seconds] SMB Command: NT Create AndX (0xa2) NT Status: STATUS_ACCESS_DENIED (0xc022) Flags: 0x88 Flags2: 0xc801 Process ID High: 0 Signature: Reserved: Tree ID: 4 (\\UNREAL\PROFDATA) Process ID: 980 User ID: 102 (LARC\jon) Multiplex ID: 2304 NT Create AndX Response (0xa2) Word Count (WCT): 0 Byte Count (BCC): 0 [FID: 0x (\jon\Desktop)] [Opened in: 22103] [Closed in: 22103] [File Name: \jon\Desktop] Create Flags: 0x0010 Access Mask: 0x0011 File Attributes: 0x0080 Share Access: 0x0003 SHARE_WRITE SHARE_READ Create Options: 0x0021 -- To unsubscribe from this list go to the following URL and read the instructions: https
Re: [Samba] File Size Limit - Why/How?
Quoting Jeremy Allison j...@samba.org: On Thu, Jul 23, 2009 at 09:58:51AM -0700, Lance Gropper wrote: Hello Jeremy: Only 4GB RAM... Try doing the same thing against Samba with a Linux client (using CIFSFS). If it works correctly then you are running into a Windows client bug. would smbclient be an appropriate alternative? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Request for feedback
Quoting John H Terpstra - Samba Team j...@samba.org: What size limit should we observe for messages to this list? 1) 64 KBytes I would hope that larger files would be compressed and put on an ftp/web server. Or send as attachments to individuals on request. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba is deleting samba-passwords out of ldap-tree
Could you be running an out of data samba.schema?
Quoting Daniel Spannbauer d...@marco.de:
Hello,
I try to install a PDC with Samba 3.0.23 and openldap 2.3.27.
I can join the domain with a win-xp-Machine, the User-Accounts are in
ldap and looks like the following:
dn: uid=ds,ou=people,dc=marco,dc=de
userPassword: {crypt}RVp32Kd9mkUek
sambaLogonTime: 0
sambaLogoffTime: 0
sambaPwdLastSet: 0
sambaProfilePath: \\homedirs\ds\.ntprofile
sambaPwdCanChange: 0
sambaSID: S-1-5-21-2539381339-996027264-670411106-2015
sambaHomePath: \\homedirs\ds
uid: ds
cn: Daniel Spannbauer
telephoneNumber: 27
roomNumber: bab
givenName: Daniel
sn: Spannbauer
mail: d...@marco.de
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: shadowAccount
objectClass: posixAccount
objectClass: top
businessCategory: Software Entwicklung
street: Rechbergstr. 4 - 6
postalCode: 87727
registeredAddress: Babenhausen
loginShell: /usr/uti/bash
uidNumber: 2015
gidNumber: 52
homeDirectory: /node/test/ds
gecos: Daniel Spannbauer,bab,27
sambaAcctFlags: [U ]
sambaHomeDrive: H:
sambaKickoffTime: 2147483647
sambaPwdMustChange: 2147483647
sambaLMPassword: 590C5C5A8C08D6692CC208E556B42461
sambaNTPassword: 5B43D9E033AF01F1AC8AAA97751AE14E
Each time I try to login on the xp-machine both, sambaLMPassword and
sambaNTPassword are deleted from the ldaptree.
I increased the loglevel, but can't find anything that gives me a hint.
Any clues how to find the error?
Loglevel etc.?
Regards
Daniel
--
Daniel Spannbauer Software Entwicklung
marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11
Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220
http://www.marco.de/ Email d...@marco.de
Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba is deleting samba-passwords out of ldap-tree
... and my apologies for the top post. I wasn't planning on quoting anything. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security Policy.
Quoting Agustin Eguia agustin.eg...@gmail.com: I already readed the manual and found the information given there somewhat confusing at least for people who hasn't been working with samba for a long time. I edited my smb.conf file and added the following lines : [records] vfs objects = full_audit path = /shared/records full_audit:prefix = %u|%I|%T|%M|%m full_audit:success = open opendir read readdir rmdir sendfile write chmod chmod_acl chown connect disconnect mkdir full_audit:failure = all I restarted the smb service but there are no log files to be found at the path I gave, am I missing something ? Also I don't know in the following line full_audit:facility = LOCAL7 what LOCAL7 stands for. I tryed opening various files on the shares from another computer and nothing happened Samba requires a certain level of familiarity with Unix. You need to learn this stuff. In the case of the audit facility, while I haven't used it nor read up on it I recognize LOCAL7 as a syslog logging facility. Please go read man rsyslogd or man syslogd if you have an older system. You'll then need to edit the configuration file for your logging system, for example /etc/rsyslog.conf on my system, and indicate where you'd like the data logged. The log files are not stored at the path, the path is the directory you are exporting to other machines. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba on RHEL issue
Quoting Frank Murphy frankl...@gmail.com: su setenforce 0 For the benefit of others, under Fedora I edit /etc/sysconfig/selinux to turn this off. Please recognize the risks you may be adding to your network by disabling selinux. For some people, this is an acceptable situation (me for one), but in other environments this could be a bad thing. I think it is often advisable to try temporarily selinux and/or iptables in an environment where things aren't working properly. This can be done for a short period of time, so the risk of compromise is lessened. Knowing that one of these two products is behind your troubles is well worth the risk, in my opinion. I have spent considerable time on a new Fedora 11 install tweaking iptables. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba on RHEL issue
Quoting Shuaib Ilyas (shilyas) shil...@cisco.com: I am trying to install samba on the RHEL. The installation completes but after that I get the smbd dead message upon checking the status: What does the samba logfile say about this? On Fedora (which should have the same layout as RHEL), the samba logfile is in /var/log/samba/log.smbd Have you ran testparm to check smb.conf? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Simple group question...
Quoting steve st...@greengecko.co.nz: New to this windows domain stuff, sorry ( at my age learning new stuff can take a while ). I've set up a domain and joined a couple of XP workstations to is and all is fine. What I want to do now is to ensure that the users of these PCs still have administrative rights on their PC's. Can anyone show me the basics / point me to a good guide on how to do this??? What I did was to create a new group Desktop Administrators, and add that group to the local administrator group on each of my machines. I keep a master image for a lab machine and update it periodically, then copy it to the other machines. So an update to the local settings doesn't require running around to all machines. Since we use LDAP to manage user/groups, adding/removing people from this new group is trivial. I'm pretty new to all of this, so I'll be interested in hearing of any better solutions. But this one seems to work well. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
On Wed, Jul 8, 2009 at 11:41 AM, David Christensendavid.christen...@viveli.com wrote: I took a look at the /var/log/message log and see: with ldap ssl = off ??? Yes, as soon as I enable ldapsam as the password DB, even with ldap ssl = off, smb keeps trying to do a StartTLS. Did you put ssl off in ldap.conf? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] scary fill_share_mode_lock failed message
I'm still working on figuring out why some accesses to profile data are failing. We are running 3.3.2-0.33.fc11 (the latest release for FC11). I saw this in the log file stat_cache_lookup: lookup succeeded for name [USER/STARTMENU] - [user/StartMenu] [2009/07/08 17:39:59, 3] locking/locking.c:fetch_share_mode_unlocked(857) fill_share_mode_lock failed I saw Volker had a fix which went into 3.2.8 (I'm looking at the 3.2.9 maintenance release notes). It would be a big help if I could get a little clarification on this. The files being accessed are on an NFS share from a large file server, since I have people who want to put 10G on their desktop. Locking and NFS seem a likely culprit. I would like to know if this is a scary message to ignore, if a newer version of Samba is required, or if this likely unrelated to any of my problems. I see 3.4.0 is available, and if it isn't critical to install I'd rather wait for an official package. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] permissions problems
Quoting Dale Schroeder d...@briannassaladdressing.com: Jonathan, Any chance there could be a duplicate user? getent passwd|grep /user/ would narrow the list down. Dale Thanks for the idea, but no. Just one occurrence. I'm pretty sure the namespace with the collision is the profile. There is already a Desktop and it wants to create another. Note that I am *not* adding this user, it is already in the system and the profile is already on the share. PS: to followup the group membership nonsense I was seeing yesterday. In the evening I logged in from home and saw the group membership was correct for that user. Nobody was logged on, and I certainly didn't fix it. I wonder if there was a cache somewhere which timed out. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Best way to setup Samba + OpenLDAP + Linux to use a different partition for /home?
1) Would it be better to only have the Samba users files on the large RAID drive, leaving the admin and root homes on the OS drive? 2) If it is, how would I set up for the admin account. For example, the admin is a user named 'fred' and he will also be logging onto the Samba server. Should I create a separate admin account? Or could I simply create two different home directories - one for the regular users and one for the admins? 3) What is the easiest way to set this up so a person with little technical background can do it fairly easily? I'm perhaps the last person who should be answering any questions here, as I'm unable to get some things working on my own. But I'll throw out my two cents and see what comments come from it. We have our users files on an external RAID. If you have that RAID mounted on the server, there is no reason I can think of why you couldn't point the user's home directories at the RAID. We use smbldap-useradd to create new users, and the configuration file for the smbldap tools has a userHome variable which specifies the default path for home directories (ie /home/%U). There is nothing (again that I can think of) to prevent you from placing different user's home directories in different locations. smbldap-useradd has a -d switch to override, and I suppose one could edit the LDAP record for the user. We have two accounts which have their credentials in the shadow password file, and can therefore login without LDAP running. I think this is important not to put all of your eggs in one basket. In the case of your third question, I created a page on our internal wiki with some examples of performing basic operations like adding accounts. Each semester we need to bulk add class accounts, so I threw something together which created accounts based on a list of users. As long as the person can follow directions they are fine. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] permissions problems
While I have a moment, I'd like to followup yesterdays post with another data point. I backed up one user's profile, then went into the directory and did chmod -R 777 .. The user is able to login, and access their profile normally. This really makes me believe this is an ownership/permissions problem. I started with the advise in Samba By Example, and really want those folders to be 750, or perhaps 2750. Neither 750, nor 755 allowed Windows to write into the profile. I base this interpretation on the fact that the profile seems to load OK, but only operations like cleaning up the recycle bins cause problems. Now since the suggested permissions only allow write access to the owner (which is the user (ie a chown -R username:Domain\ Users was performed) it seems like accesses should either be done as that user, or as root. To repeat earlier statements, both the user and root can read/write anything in that tree from the shell. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] permissions problems
My apologies for the extra post, but I spoke too soon. I'm on my way out the door to check on another lab, so I'm trying to summarize where things are. With 777 permissions and logging set to 4, I still see the OBJECT_NAME_COLLISION in the logfile. And upon logout and logging back in there are problems with deleting files (the recycle bin is reported as corrupted). Here is a subset of the smbstatus output, with username redacted: 8750 1055 DENY_NONE 0x100081RDONLY NONE /home /profiles/profdata user Tue Jul 7 13:39:17 2009 8750 1055 DENY_NONE 0x2019f RDWR NONE /home /profiles/profdata user/AppData/Microsoft/Windows/Explorer/thumbcache_1024.db Tue Jul 7 13:37:56 2009 8750 1055 DENY_NONE 0x2019f RDWR NONE /home /profiles/profdata user/AppData/Microsoft/Windows/Explorer/thumbcache_96.db Tue Jul 7 13:37:56 2009 8750 1055 DENY_NONE 0x100081RDONLY NONE /home /profiles/profdata user/Desktop Tue Jul 7 13:39:10 2009 8750 1055 DENY_NONE 0x2019f RDWR NONE /home /profiles/profdata user/Cookies/index.dat Tue Jul 7 13:37:56 2009 8750 1055 DENY_NONE 0x2019f RDWR NONE /home /profiles/profdata user/History/History.IE5/index.dat Tue Jul 7 13:37:56 2 009 Do those RDONLY entries mean that the path is read-only? It suggests that this is the case, but I am getting in trouble with assumptions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: Samba Windows resolve issue
Quoting Doug Coats dcoats...@gmail.com: Does anybody have a clue what the issue might be? Maybe even a hint as to what I could look into? Is there more information that I could supply that would help? Your choice appears to be between a quick response from someone who doesn't know what they are talking about, or you can wait a bit and hear from someone who does. I'm not clear on the topology of your network. It sounds like you have two subnets (lets call them A and B). Your clients are on A, your H3 server is on subnet B, and H1 is a router between the two. But then I see two interfaces listed for H3. Depending on the topology, the following may or may not apply. I would worry that things like broadcasts stop at subnet boundaries. (Note that I use DNS not WINS, so I must speculate). I believe you'll need to have one master browser per subnet. Encouraging H1 to be the master browser seems like the best choice. What you don't want is machines fighting over who is master. I am thinking that whatever machine is routing between subnets should either be the master for both, or for neither. I see you have H3 configured as a domain master (ie a PDC), does testparm agree with that? If so, is that what you intend. You described this machine as a file server, which suggests to me that you didn't want this machine acting as a domain controller. Next, you have H3 configured as a WINS proxy, yet H1 is your server and is on subnet B (as well as A). I wouldn't think a proxy would be needed. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
Quoting Norberto Bensa nbe...@gmail.com: On Tue, Jul 7, 2009 at 7:20 PM, David Christensendavid.christen...@viveli.com wrote: Does anyone know what this error means: [r...@ldap2 samba]# net getlocalsid [2009/07/07 17:04:00, 0] lib/smbldap.c:smb_ldap_start_tls(600) Failed to issue the StartTLS instruction: Protocol error I completely missed this message to the list. It may still be on its way to me. Not in my inbox, nor deleted mail. Oh well, we all have bigger things to worry about. I have to respond, since this TLS stuff gave me fits for a bit. Unfortunately I don't remember exactly what I did to make it go away, but I think it was adding ssl off to the ldap.conf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] permissions problems
I am obviously confused about something, and feel like I am chasing ghosts. Any help or clarification would be appreciated. When a user logs in we get messages about corrupt recycle bins. Setting the logging to level 2 for that client, we have errors like: open_directory: unable to create user/Desktop. Error was NT_STATUS_OBJECT_NAME_COLLISION. OK, the folder already exists in the profile. Why try to create it? I can use smbclient and connect to the profile share as the user, and I have no trouble reading or writing files. The root account can access the raw folders without any problem. I expected that the existing profile would be read and used. And it sort of is, since a folder on the desktop is preserved across sessions. When I up the logging to 4, I see messages like get_privileges: No privileges assigned to SID [S-1-5-21-1786355187-4025355074-2784741737-501] Hmm. That RID doesn't look correct. This user is in two groups, Domain Users (513) and a local lab group (3011). Slapcat does not show that SID, nor does net groupmap list. I looked this up, and it appears to be a guest account. OK, maybe not a problem. As you might be able to tell, the slightest thing sets me off. The login continues with accesses using user nobody (uid=99,gid=99), and the user is authenticated. I saw this in the log: [2009/07/06 16:33:33, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1613) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-1786355187-4025355074-2784741737-513] count=0 [2009/07/06 16:33:34, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348) init_group_from_ldap: Entry found for group: 513 RID 513 is in the group map. getent group Domain\ Users returns a bunch of names. So maybe _this_ isn't an error either. Then I see: [2009/07/06 16:33:34, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-1786355187-4025355074-2784741737-3110] [2009/07/06 16:33:34, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-1786355187-4025355074-2784741737-513] (the two groups which this user should be a member). A bit further down: ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(sambaSID=S-1-5-11)) That SID does not show up in the group map, and I have no idea where it comes from. All of my SIDS seem to start with S-1-5-21. So that looks bad. But... init_group_from_ldap: Entry found for group: 1005 Well, that is good. Group 1005 is the group with RID 3011, in case that was confusing. A VUID is registered later. And a connection is made to the profdata service (uid=1055, gid = 513). The user's main group is 1005, but the user is not showing up in group 513. By that I mean that getent group Domain\ Users shows a list of users, but does not include this user. Nor does groups user. Sounds like a big problem. But slapcat shows the user in the group, and LdapAdmin shows the user in the group. /etc/nsswitch.conf has group: compat ldap. I have rebooted the system, and this problem persists. Removing the user from Domain Users in LdapAdmin, and then readding them did nothing. Although slapcat did reflect the removal. I'm guessing that this is at the root of most of my problems. Where in the world is getent getting its information, if not from LDAP? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] confused about directory permissions for profdata
This week I migrated out main server from Fedora 8 to Fedora 11. It has been a stressful time, but things are mostly working. Samba and LDAP weren't really a problem, but I've beat down the list of problems to something Samba related. (For the benefit of anyone else going this route, the biggest problem by far was iptables. Maybe we had it turned off under FC8, but I suspect it has grown some teeth. Pretty quickly you learn that when faced with a new problem one first should shut down iptables and see if it goes away.) I spent half a day looking into why smbldap-useradd was generating an error about a missing object. After saving copies of the PERL scripts, I started adding print statements to them. It turns out that I had dropped the 's' off of Groups in a dn. Right now I can add machines to the domain, and then log in on accounts pulled off the backup. I am pleasantly surprised that I didn't have to edit the SIDs for the users. I did one account by hand to test with, and then when I sat down to do the rest I saw that something had gone in and fixed all the SIDs. Maybe I'm crazy, and maybe I am imagining things. But what I am stuck on at the moment is some sort of permissions problem with user profiles. Perhaps someone can set me straight. I have the split profile structure (profiles and profdata) as mentioned in ch 5 of Samba By Example. The files live on a NAS box, and are exported via NFS. Root squashing is turned on. Smb.conf rexports these to client machines. I'm sure this is probably making my life harder, but we just don't have the disk space on the server since there are people who don't blink at putting 10G on their desktop. I can ask them not to, but that doesn't help. I give them a mounted home directory with tons of free disk space, but they are addicted to the Windows desktop. In this case, happy users means I need to accept they are going to do this. We have folder redirection in place, and the profiles on a nice big/fast disk. The problem is that Windows does not have permission to work with these directories. It seems like a trivial problem, but it isn't making any sense and I am exhausted from no sleep this week. As root, I can run access files in the folders. With samba's debugging set at 10 for a client, it appears that the accesses are performed as root but failing. If I have a folder set to 2770 owned by the user, and the user's primary group, Windows cannot access the share. If I give the world access, Windows is happy. If I move the profile out of the way, Windows creates a new one with 2755 and the same owner/group. When one tries to log out and log back in, Windows has a fit about corrupted recycle bins, which I take to mean that it doesn't have write permission. Samba by example suggests 750 for the profdata subdirectories, and Windows is definitely unhappy with that. If anyone has any suggestions, I would very much like to hear them. Jon Doran University of North Texas LARC -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
