Re: [Samba] Authenticating IMAP using kerberos
Found the problem. When creating the SPN you shouldn't put @YOUR_REALM_NAME.TLD in the principal name (also shouldn't be there for the export). The wiki should probably be updated to reflect this. Cheers, Justin. Sent: Tuesday, 4 June 2013 5:42 PM Hi, I'm trying to get an IMAP server to authenticate using Kerberos rather than storing and sending passwords all over the place. I've tried to do this following the instructions for setting up Apache SSO (https://wiki.samba.org/index.php/Samba4/beyond#Apache_Single_Sign- On) but am unable to export the keytab. Searching through the list it looks like a few others have experienced the same problem but I don't see any solutions. The error I get when exporting is as follows. ERROR(runtime): uncaught exception - Key table entry not found File /usr/local/samba/lib/python2.7/site- packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site- packages/samba/netcmd/domain.py, line 103, in run net.export_keytab(keytab=keytab, principal=principal) I've checked to see that the spn has been created and is associated with the user and it is. Any ideas on what could be causing this? Also, wouldn't it be a better idea to add the spn to the machine account rather than create a user account? How could this be done? Is there a way to create machine accounts from the command line rather than through AD Users and Computers on a Windows box? Cheers, Justin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Authenticating IMAP using kerberos
Hi, I'm trying to get an IMAP server to authenticate using Kerberos rather than storing and sending passwords all over the place. I've tried to do this following the instructions for setting up Apache SSO (https://wiki.samba.org/index.php/Samba4/beyond#Apache_Single_Sign-On) but am unable to export the keytab. Searching through the list it looks like a few others have experienced the same problem but I don't see any solutions. The error I get when exporting is as follows. ERROR(runtime): uncaught exception - Key table entry not found File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 103, in run net.export_keytab(keytab=keytab, principal=principal) I've checked to see that the spn has been created and is associated with the user and it is. Any ideas on what could be causing this? Also, wouldn't it be a better idea to add the spn to the machine account rather than create a user account? How could this be done? Is there a way to create machine accounts from the command line rather than through AD Users and Computers on a Windows box? Cheers, Justin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DC Replication issue
Cool, wish my issue was that simple. *runs to double-check firewall on Samba server* -Original Message- From: Tanner, Douglas C CIV SPAWARSYSCEN-ATLANTIC, 58500 [mailto:douglas.c.tan...@navy.mil] Sent: Friday, 1 February 2013 5:48 PM To: Justin Clacherty; samba@lists.samba.org Subject: RE: DC Replication issue Thanks for the reply. Unfortunately it turned out to be a firewall on the Samba server. Once disabled, everything worked as expected. Thanks, Doug Tanner From: Justin Clacherty [mailto:jus...@redfish.com.au] Sent: Fri 2/1/2013 12:37 AM To: Tanner, Douglas C CIV SPAWARSYSCEN-ATLANTIC, 58500; samba@lists.samba.org Subject: RE: DC Replication issue I've had a similar issue with replication working in the Windows to Samba direction but not Samba to Windows. Mine complains about the schema not being correct (even though it got it from Windows when it first joined). Haven't been able to get it working yet and then got side-tracked with actual work :-) I'm wondering if Samba is adding Unix services the schema and is trying to send that up to the Windows box during the schema replication. Given it's not the schema master it probably isn't allowed to so Windows ignores it, then ignores all other replication because of a schema mismatch. Justin. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of Tanner, Douglas C CIV SPAWARSYSCEN-ATLANTIC, 58500 Sent: Tuesday, 8 January 2013 6:53 AM To: samba@lists.samba.org Subject: Re: [Samba] DC Replication issue More information included. I am still unable to replicated data from my Samba4 DC to my Windows 2008 R2 AD DC. Any help would be greatly appreciated. C:\Windows\system32repadmin /showrepl Repadmin: running command /showrepl against full DC localhost Default-First-Site-Name\DODAGM2008R2 DSA Options: IS_GC Site Options: (none) DSA object GUID: e8f1e94c-3e5a-4422-aefb-bfe6f7260e6f DSA invocationID: e8f1e94c-3e5a-4422-aefb-bfe6f7260e6f Source: Default-First-Site-Name\RHEL6-WS *** 2 CONSECUTIVE FAILURES since 2013-01-07 15:39:14 Last error: 1722 (0x6ba): The RPC server is unavailable. Naming Context: CN=Schema,CN=Configuration,DC=dougt,DC=local,DC=spawar,DC=navy Source: Default-First-Site-Name\RHEL6-WS *** WARNING: KCC could not add this REPLICA LINK due to error. Naming Context: DC=dougt,DC=local,DC=spawar,DC=navy Source: Default-First-Site-Name\RHEL6-WS *** WARNING: KCC could not add this REPLICA LINK due to error. Naming Context: CN=Configuration,DC=dougt,DC=local,DC=spawar,DC=navy Source: Default-First-Site-Name\RHEL6-WS *** WARNING: KCC could not add this REPLICA LINK due to error. Thanks, Doug -Original Message- From: Tanner, Douglas C CIV SPAWARSYSCEN-ATLANTIC, 58500 Sent: Friday, January 04, 2013 2:47 PM To: 'samba@lists.samba.org' Subject: DC Replication issue Hello all. I have successfully joined a Samba 4 DC running RHEL6 to an existing Windows AD DC running on 2008 R2, with the exception that users created via the samba-tool are not replicating to the Windows AD DC. Replication is working from Windows to Samba. I'm sure this is probably an issue on the Windows side of the house, but I cannot find any errors in the logs. Has anyone else run into a similar issue? Thanks, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DC Replication issue
I've had a similar issue with replication working in the Windows to Samba direction but not Samba to Windows. Mine complains about the schema not being correct (even though it got it from Windows when it first joined). Haven't been able to get it working yet and then got side-tracked with actual work :-) I'm wondering if Samba is adding Unix services the schema and is trying to send that up to the Windows box during the schema replication. Given it's not the schema master it probably isn't allowed to so Windows ignores it, then ignores all other replication because of a schema mismatch. Justin. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of Tanner, Douglas C CIV SPAWARSYSCEN-ATLANTIC, 58500 Sent: Tuesday, 8 January 2013 6:53 AM To: samba@lists.samba.org Subject: Re: [Samba] DC Replication issue More information included. I am still unable to replicated data from my Samba4 DC to my Windows 2008 R2 AD DC. Any help would be greatly appreciated. C:\Windows\system32repadmin /showrepl Repadmin: running command /showrepl against full DC localhost Default-First-Site-Name\DODAGM2008R2 DSA Options: IS_GC Site Options: (none) DSA object GUID: e8f1e94c-3e5a-4422-aefb-bfe6f7260e6f DSA invocationID: e8f1e94c-3e5a-4422-aefb-bfe6f7260e6f Source: Default-First-Site-Name\RHEL6-WS *** 2 CONSECUTIVE FAILURES since 2013-01-07 15:39:14 Last error: 1722 (0x6ba): The RPC server is unavailable. Naming Context: CN=Schema,CN=Configuration,DC=dougt,DC=local,DC=spawar,DC=navy Source: Default-First-Site-Name\RHEL6-WS *** WARNING: KCC could not add this REPLICA LINK due to error. Naming Context: DC=dougt,DC=local,DC=spawar,DC=navy Source: Default-First-Site-Name\RHEL6-WS *** WARNING: KCC could not add this REPLICA LINK due to error. Naming Context: CN=Configuration,DC=dougt,DC=local,DC=spawar,DC=navy Source: Default-First-Site-Name\RHEL6-WS *** WARNING: KCC could not add this REPLICA LINK due to error. Thanks, Doug -Original Message- From: Tanner, Douglas C CIV SPAWARSYSCEN-ATLANTIC, 58500 Sent: Friday, January 04, 2013 2:47 PM To: 'samba@lists.samba.org' Subject: DC Replication issue Hello all. I have successfully joined a Samba 4 DC running RHEL6 to an existing Windows AD DC running on 2008 R2, with the exception that users created via the samba-tool are not replicating to the Windows AD DC. Replication is working from Windows to Samba. I'm sure this is probably an issue on the Windows side of the house, but I cannot find any errors in the logs. Has anyone else run into a similar issue? Thanks, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba AD replication on new installation of Samba 4.0
From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of Justin Clacherty From: Andrew Bartlett [mailto:abart...@samba.org] As to why things are failing, and your mention of a schema mismatch, if the import of the exchange schema has caused problems, this might be an issue. Are there any more details in the logs? I don't see anything else in the logs. You might want to try current master, if you are in an experimental mood, as we have some DRS improvements, but otherwise I'm sorry I can't help more. Happy to give that a go. Will let you all know how it goes. Perhaps not tonight though. I've tried the current master but am seeing the same problem. I've run it in interactive mode at debug level 5, you'll see the output when replication is done below. It looks as though samba is adding some fields to the schema which Windows 2k8 doesn't like (even though schema replication appears to be successful). ../source4/rpc_server/drsuapi/getncchanges.c:1426: getncchanges on DC=redfish,DC=local using filter (uSNChanged=1) ../source4/dsdb/samdb/ldb_modules/operational.c:295: Object DC=redfish,DC=local is NC No element 'sn' for attributeID 4 in message No element 'givenName' for attributeID 42 in message No element 'displayName' for attributeID 131085 in message No element 'codePage' for attributeID 589840 in message No element 'countryCode' for attributeID 589849 in message No element 'unicodePwd' for attributeID 589914 in message No element 'ntPwdHistory' for attributeID 589918 in message No element 'pwdLastSet' for attributeID 589920 in message No element 'primaryGroupID' for attributeID 589922 in message No element 'supplementalCredentials' for attributeID 589949 in message No element 'accountExpires' for attributeID 589983 in message No element 'lmPwdHistory' for attributeID 589984 in message No element 'sAMAccountType' for attributeID 590126 in message No element 'userPrincipalName' for attributeID 590480 in message No element 'objectCategory' for attributeID 590606 in message DsGetNCChanges with uSNChanged = 1 flags 0x00201070 on DC=redfish,DC=local gave 2 objects (done 357/357) 113 links (done 113/113 (as S-1-5-21-2891700502-2178176344-4046082489-1613)) ../source4/rpc_server/drsuapi/getncchanges.c:1426: getncchanges on CN=Schema,CN=Configuration,DC=redfish,DC=local using filter (uSNChanged=3744) DsGetNCChanges with uSNChanged = 3744 flags 0x0070 on GUID=91f93976-a4ad-4a75-a982-1e53c2be3317;CN=Schema,CN=Configuration,DC=redfish,DC=local gave 0 objects (done 0/0) 0 links (done 0/0 (as S-1-5-21-2891700502-2178176344-4046082489-1613)) ../source4/rpc_server/drsuapi/getncchanges.c:1426: getncchanges on DC=redfish,DC=local using filter (uSNChanged=1) ../source4/dsdb/samdb/ldb_modules/operational.c:295: Object DC=redfish,DC=local is NC No element 'sn' for attributeID 4 in message No element 'givenName' for attributeID 42 in message No element 'displayName' for attributeID 131085 in message No element 'codePage' for attributeID 589840 in message No element 'countryCode' for attributeID 589849 in message No element 'unicodePwd' for attributeID 589914 in message No element 'ntPwdHistory' for attributeID 589918 in message No element 'pwdLastSet' for attributeID 589920 in message No element 'primaryGroupID' for attributeID 589922 in message No element 'supplementalCredentials' for attributeID 589949 in message No element 'accountExpires' for attributeID 589983 in message No element 'lmPwdHistory' for attributeID 589984 in message No element 'sAMAccountType' for attributeID 590126 in message No element 'userPrincipalName' for attributeID 590480 in message No element 'objectCategory' for attributeID 590606 in message DsGetNCChanges with uSNChanged = 1 flags 0x00201070 on DC=redfish,DC=local gave 2 objects (done 357/357) 113 links (done 113/113 (as S-1-5-21-2891700502-2178176344-4046082489-1613)) ../source4/rpc_server/drsuapi/getncchanges.c:1426: getncchanges on CN=Schema,CN=Configuration,DC=redfish,DC=local using filter (uSNChanged=3744) DsGetNCChanges with uSNChanged = 3744 flags 0x0070 on GUID=91f93976-a4ad-4a75-a982-1e53c2be3317;CN=Schema,CN=Configuration,DC=redfish,DC=local gave 0 objects (done 0/0) 0 links (done 0/0 (as S-1-5-21-2891700502-2178176344-4046082489-1613)) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba AD replication on new installation of Samba 4.0
From: Andrew Bartlett [mailto:abart...@samba.org] No, you shouldn't need to add DNS information manually. The samba_dnsupdate script should run once Samba starts and handle all this. Ok. The wiki says to check DNS first (well, that's how I read it), I'll try it again without adding anything in manually. As to why things are failing, and your mention of a schema mismatch, if the import of the exchange schema has caused problems, this might be an issue. Are there any more details in the logs? I don't see anything else in the logs. You might want to try current master, if you are in an experimental mood, as we have some DRS improvements, but otherwise I'm sorry I can't help more. Happy to give that a go. Will let you all know how it goes. Perhaps not tonight though. Happy New Year! Cheers, Justin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba AD replication on new installation of Samba 4.0
Hi, Fantastic that Samba 4.0 has been released, I've just installed and joined it to an existing AD (single Win2k8R2 server running Exchange). The installation seemed to go well but I'm seeing odd messages when I show the replication status on both the Samba server and the Win2k8R2 server. Is there something I missed in the install? I followed the instructions outlined at https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC The problems I'm seeing are: 1. showrepl under Samba shows all inbound and outbound neighbours have successfully replicated, but the last line after the KCC Connections Objects has Warning: No NC replicated for Connection! What would cause this? 2. under Windows showrepl (/all) shows all outbound neighbours have successfully replicated, however, the inbound neighbours show failures for the first two entries complaining of a schema mismatch. The third entry shows success (it's the schema replication). Everything else looks good 3. before joining the domain I ensured there was an A record and associated PTR record for the Samba server. After joining I had to manually add the CNAME record for the object GUID in _msdcs. Is this normal or should joining do this automatically? Below is the full output of showrepl on both the Samba and Windows servers. Cheers, Justin. Samba output: Brisbane\FSERVER DSA Options: 0x0001 DSA object GUID: dc3a9e08-fbbc-49dd-a3dd-2f3f6951f08e DSA invocationId: 0118d84f-9308-461f-8727-7ee89699 INBOUND NEIGHBORS CN=Configuration,DC=redfish,DC=local Brisbane\EXCHANGE via RPC DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a Last attempt @ Mon Dec 31 15:12:49 2012 EST was successful 0 consecutive failure(s). Last success @ Mon Dec 31 15:12:49 2012 EST DC=ForestDnsZones,DC=redfish,DC=local Brisbane\EXCHANGE via RPC DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a Last attempt @ Mon Dec 31 15:12:49 2012 EST was successful 0 consecutive failure(s). Last success @ Mon Dec 31 15:12:49 2012 EST DC=DomainDnsZones,DC=redfish,DC=local Brisbane\EXCHANGE via RPC DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a Last attempt @ Mon Dec 31 15:12:49 2012 EST was successful 0 consecutive failure(s). Last success @ Mon Dec 31 15:12:49 2012 EST CN=Schema,CN=Configuration,DC=redfish,DC=local Brisbane\EXCHANGE via RPC DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a Last attempt @ Mon Dec 31 15:12:50 2012 EST was successful 0 consecutive failure(s). Last success @ Mon Dec 31 15:12:50 2012 EST DC=redfish,DC=local Brisbane\EXCHANGE via RPC DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a Last attempt @ Mon Dec 31 15:12:50 2012 EST was successful 0 consecutive failure(s). Last success @ Mon Dec 31 15:12:50 2012 EST OUTBOUND NEIGHBORS CN=Configuration,DC=redfish,DC=local Brisbane\EXCHANGE via RPC DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a Last attempt @ Mon Dec 31 13:10:54 2012 EST was successful 0 consecutive failure(s). Last success @ Mon Dec 31 13:10:54 2012 EST CN=Schema,CN=Configuration,DC=redfish,DC=local Brisbane\EXCHANGE via RPC DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a Last attempt @ Mon Dec 31 13:10:59 2012 EST was successful 0 consecutive failure(s). Last success @ Mon Dec 31 13:10:59 2012 EST DC=redfish,DC=local Brisbane\EXCHANGE via RPC DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a Last attempt @ Mon Dec 31 13:10:59 2012 EST was successful 0 consecutive failure(s). Last success @ Mon Dec 31 13:10:59 2012 EST KCC CONNECTION OBJECTS Connection -- Connection name: f45f57b6-8835-47c8-ab9c-a4d1bdedf811 Enabled: TRUE Server DNS name : exchange.redfish.local Server DN name : CN=NTDS Settings,CN=EXCHANGE,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=redfish,DC=local TransportType: RPC options: 0x0001 Warning: No NC replicated for Connection! Windows output: Repadmin: running command /showrepl against full DC localhost Brisbane\EXCHANGE DSA Options: IS_GC Site Options: (none) DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a DSA invocationID: 2a3ebbfa-b68b-496a-8dd0-7a4966df4082 INBOUND NEIGHBORS == DC=redfish,DC=local Brisbane\FSERVER via RPC DSA object GUID: dc3a9e08-fbbc-49dd-a3dd-2f3f6951f08e Last attempt @ 2012-12-31 14
[Samba] Bug(?) in Samba 3.6.0
Hi, When I connect to my machine via samba to a share (to the root volume, /home/$USER), samba must stat()? all file systems and it wakes my my RAID subsystem (also shared in smb.conf) but not accessed. Is there anyway to prevent this? Windows - Access \\myserver\ssd\user Linux - Samba wakes up a sleeping RAID: Sep 03, 2011 01:32:37PM - Controller 1 INFORMATION - Unit now in active mode: unit=0 Justin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Bug in 3.6.0 saving files.
Hi, If you open a word document on a Windows 7 PC on a samba share and attempt to save it (or ppt, etc) it will fail (SMB2 enabled). Go back to 3.5.10, it works fine (SMB2 removed obviously). Not sure if anyone has seen this but FYI. Happens with Office 2007 2010. Justin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3.6.0 core dump
On Thu, 18 Aug 2011, Jeremy Allison wrote: On Sat, Aug 13, 2011 at 01:18:00PM -0400, Justin Piszcz wrote: Hello, Any thoughts on what is causing this? Aug 13 12:42:00 box smbd[29073]: [2011/08/13 12:42:00.489676, 0] lib/fault.c:47(fault_report) Aug 13 12:42:00 box smbd[29073]: === Aug 13 12:42:00 box smbd[29073]: [2011/08/13 12:42:00.490368, 0] lib/fault.c:48(fault_report) Aug 13 12:42:00 box smbd[29073]: INTERNAL ERROR: Signal 11 in pid 29073 (3.6.0) Aug 13 12:42:00 box smbd[29073]: Please read the Trouble-Shooting section of the Samba3-HOWTO Aug 13 12:42:00 box smbd[29073]: [2011/08/13 12:42:00.490448, 0] lib/fault.c:50(fault_report) Aug 13 12:42:00 box smbd[29073]: Aug 13 12:42:00 box smbd[29073]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf Aug 13 12:42:00 box smbd[29073]: [2011/08/13 12:42:00.490516, 0] lib/fault.c:51(fault_report) Aug 13 12:42:00 box smbd[29073]: === Aug Can you install with debug symbols, and then add the line: panic action = /bin/sleep 999 to the [global] section of your smb.conf. Once it crashes, this will cause the crashed process to stay around waiting for the sleep process to finish. Find the crashed process using ps (it'll be the parent of the sleep) then attach to it using gdb - then type bt which will give a full backtrace with symbols - allowing us to track it down much more easily. Thanks ! Jeremy. Hello, This is done, will do if it crashes again, thanks. Justin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.6.0 core dump
table info available. #9 0x7f1ecc5a30e8 in close_file () No symbol table info available. #10 0x7f1ecc549e7c in file_close_conn () No symbol table info available. #11 0x7f1ecc5bf26c in close_cnum () ---Type return to continue, or q return to quit--- No symbol table info available. #12 0x7f1ecc5cf884 in ?? () No symbol table info available. #13 0x7f1ec9b88905 in _talloc_free () from /usr/lib/x86_64-linux-gnu/libtalloc.so.2 No symbol table info available. #14 0x7f1ecc5d0250 in smbd_smb2_request_process_tdis () No symbol table info available. #15 0x7f1ecc5cba5e in smbd_smb2_request_dispatch () No symbol table info available. #16 0x7f1ecc5cc7bd in ?? () No symbol table info available. #17 0x7f1ecc5ca440 in ?? () No symbol table info available. #18 0x7f1ecc667902 in ?? () No symbol table info available. #19 0x7f1ecc6673e4 in ?? () No symbol table info available. #20 0x7f1ecc666344 in ?? () No symbol table info available. #21 0x7f1ecc870da2 in tevent_common_loop_immediate () No symbol table info available. #22 0x7f1ecc86ee98 in run_events_poll () ---Type return to continue, or q return to quit--- No symbol table info available. #23 0x7f1ecc5bc07b in smbd_process () No symbol table info available. #24 0x7f1eccad11ef in ?? () No symbol table info available. #25 0x7f1ecc86f19e in run_events_poll () No symbol table info available. #26 0x7f1ecc86f33a in ?? () No symbol table info available. #27 0x7f1ecc86fec0 in _tevent_loop_once () No symbol table info available. #28 0x7f1ecc53adc6 in main () No symbol table info available. (gdb) Justin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] TDB hash size
Sorry for the widespread distribution, but I cannot find much with regard to documentation on this question. Can anyone think of any issues that would arise from increasing the samba (3.0.33) printing tdb hash size using the following method: rm -f /var/cache/samba/printing/* rm -f /var/spool/samba/* cd /var/cache/samba tdbbackup -s .bck -n 10 nt*.tdb mv ntprinters.tdb.bck ntprinters.tdb mv ntforms.tdb.bck ntforms.tdb mv ntdrivers.tdb.bck ntdrivers.tdb More specifically, does anyone know of a method for calculating the proper hash size required for a specific environment? The issue arose by print queues not being cleared. After the hash sizes of the above tdb's were increased, the problem went away. Thanks, Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind not starting in AD member(samba joining domain)configuration.
t...@tms3.com wrote: --- Original message --- Subject: Re: [Samba] Winbind not starting in AD member(samba joining domain)configuration. From: justin joseph jus...@elinanetworks.com To: t...@tms3.com Date: Monday, 14/06/2010 6:21 AM t...@tms3.com wrote: SNIP Facing an issue with winbind not starting with below error log(taken from /var/log/syslog): Jun 14 15:48:33 enpaq winbindd[15941]: [2010/06/14 15:48:33, 0] param/loadparm.c:6767(service_ok) Jun 14 15:48:33 enpaq winbindd[15941]: WARNING: No path in service printers - making it unavailable! Jun 14 15:48:33 enpaq winbindd[15942]: [2010/06/14 15:48:33, 0] winbindd/winbindd_cache.c:2578(initialize_winbindd_cache) Jun 14 15:48:33 enpaq winbindd[15942]: initialize_winbindd_cache: clearing cache and re-creating with version number 1 Jun 14 15:48:33 enpaq winbindd[15942]: [2010/06/14 15:48:33, 0] winbindd/winbindd_util.c:782(init_domain_list) Jun 14 15:48:33 enpaq winbindd[15942]: Could not fetch our SID - did we join? SNIP What does net ads testjoin say? I get the below pasted response: r...@enpaqadserver.com:/etc/samba# net ads testjoin Enter enp...@enpaqadserver.com's password: [2010/06/14 18:47:09, 0] libads/kerberos.c:333(ads_kinit_password) kerberos_kinit_password enp...@enpaqadserver.com failed: Clients credentials have been revoked Join to domain is not valid: Access denied r...@enpaqadserver.com:/etc/samba# Rejoin the domain. I am unable to join the domain. I thought the service winbind had to start before one can join, is it not right? r...@enpaqadserver.com:/etc/samba# net ads join -S enpaqadserver.com -U Administrator Enter Administrator's password: [2010/06/15 13:17:14, 0] libnet/libnet_join.c:1062(libnet_join_ok) libnet_join_ok: failed to get schannel session key from server enpaqadserver.com for domain ENPAQADSERVER. Error was NT_STATUS_INVALID_COMPUTER_NAME Failed to join domain: failed to verify domain membership after joining: Invalid computer name r...@enpaqadserver.com:/etc/samba# Cheers, Cheers, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Winbind not starting in AD member(samba joining domain) configuration.
Hello
Facing an issue with winbind not starting with below error log(taken
from /var/log/syslog):
Jun 14 15:48:33 enpaq winbindd[15941]: [2010/06/14 15:48:33, 0]
param/loadparm.c:6767(service_ok)
Jun 14 15:48:33 enpaq winbindd[15941]: WARNING: No path in service
printers - making it unavailable!
Jun 14 15:48:33 enpaq winbindd[15942]: [2010/06/14 15:48:33, 0]
winbindd/winbindd_cache.c:2578(initialize_winbindd_cache)
Jun 14 15:48:33 enpaq winbindd[15942]: initialize_winbindd_cache:
clearing cache and re-creating with version number 1
Jun 14 15:48:33 enpaq winbindd[15942]: [2010/06/14 15:48:33, 0]
winbindd/winbindd_util.c:782(init_domain_list)
Jun 14 15:48:33 enpaq winbindd[15942]: Could not fetch our SID - did
we join?
Jun 14 15:48:33 enpaq winbindd[15942]: [2010/06/14 15:48:33, 0]
winbindd/winbindd.c:1393(main)
Jun 14 15:48:33 enpaq winbindd[15942]: unable to initialize domain list
the version installed is Version 3.4.7(lucid packages), the
configuration files (given below) were working
as is on Ubundy hardy, the winbind issue started only when I migrated to
lucid.
knit works and smbd and nmbd processes starts up as well:
r...@enpaqadserver.com:/etc/samba# kinit administra...@enpaqadserver.com
Password for administra...@enpaqadserver.com:
r...@enpaqadserver.com:/etc/samba# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administra...@enpaqadserver.com
Valid starting ExpiresService principal
06/14/10 16:01:11 06/15/10 01:59:00
krbtgt/enpaqadserver@enpaqadserver.com
renew until 06/15/10 16:01:11, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
r...@enpaqadserver.com:/etc/samba#
Configurations files below:
r...@enpaqadserver.com:/etc/samba# cat /etc/krb5.conf
[libdefaults]
default_realm = ENPAQADSERVER.COM
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
[realms]
ENPAQADSERVER.COM = {
kdc = winserver.enpaqadserver.com:88
admin_server = winserver.enpaqadserver.com:749
default_domain = enpaqadserver.com
}
[domain_realm]
.enpaqadserver.com = ENPAQADSERVER.COM
enpaqadserver.com = ENPAQADSERVER.COM
r...@enpaqadserver.com:/etc/samba# cat smb.conf
# Global parameters
[global]
workgroup = ENPAQADSERVER
realm = ENPAQADSERVER.COM
password server = ENPAQADSERVER.COM
preferred master = no
domain master = false
local master = no
server string = Samba file and print server
security = ADS
encrypt passwords = true
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind separator = /
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
printcap name = cups
printing = cups
idmap uid = 1-2
idmap gid = 1-2
[homes]
comment = Home Directories
path= /opt/samba/data/share
valid users = %S
read only = No
browseable = No
[printers]
comment = All Printers
browseable = no
printable = yes
guest ok = yes
The same adserver and these same configuration files, including the same
DNS settings on
the samba machine works fine when I were using Ubuntu hardy
distribution. I tried googling
for this issue and tried on my own but could not resolve this.
Thanks in advance
justin
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind not starting in AD member(samba joining domain)configuration.
t...@tms3.com wrote: SNIP Facing an issue with winbind not starting with below error log(taken from /var/log/syslog): Jun 14 15:48:33 enpaq winbindd[15941]: [2010/06/14 15:48:33, 0] param/loadparm.c:6767(service_ok) Jun 14 15:48:33 enpaq winbindd[15941]: WARNING: No path in service printers - making it unavailable! Jun 14 15:48:33 enpaq winbindd[15942]: [2010/06/14 15:48:33, 0] winbindd/winbindd_cache.c:2578(initialize_winbindd_cache) Jun 14 15:48:33 enpaq winbindd[15942]: initialize_winbindd_cache: clearing cache and re-creating with version number 1 Jun 14 15:48:33 enpaq winbindd[15942]: [2010/06/14 15:48:33, 0] winbindd/winbindd_util.c:782(init_domain_list) Jun 14 15:48:33 enpaq winbindd[15942]: Could not fetch our SID - did we join? SNIP What does net ads testjoin say? I get the below pasted response: r...@enpaqadserver.com:/etc/samba# net ads testjoin Enter enp...@enpaqadserver.com's password: [2010/06/14 18:47:09, 0] libads/kerberos.c:333(ads_kinit_password) kerberos_kinit_password enp...@enpaqadserver.com failed: Clients credentials have been revoked Join to domain is not valid: Access denied r...@enpaqadserver.com:/etc/samba# ps: sorry, replied to reponder without CC-ing list. Posting once more. Cheers, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Vista clients having Issues Copying files from Samba Server
On Sun, 13 Dec 2009, Anthony Giggins wrote: Hello, I'm running samba-3.0.33 (samba-3.0.33-3.15.el5_4) On Centos 5.4 and some files have issues being copied from the Samba server to the Vista (Service Pack 1) clients local disk via Windows Explorer, copying too the Samba server also has no issues and copying via the CMD prompt has no problem, I'm getting the following errors 1. Invalid MS-DOS Function http://seven.dorksville.net/gallery/v/Misc+Photos/image001.png.html 2. invalid file handle (When you click Try Again) http://seven.dorksville.net/gallery/v/Misc+Photos/image002.png.html It will then cycle through these 2 errors each time you click try again. Windows XP does not have any issues with the same files and other files also dont have an issue to the Vista Clients. There are also the following logs generated on the server that correspond to these errors lib/util_sock.c:send_smb(761) Error writing 75 bytes to client. -1. (Broken pipe) lib/util_sock.c:write_data(562) write_data: write failure in writing to client 192.168.0.237. Error Broken pipe lib/util_sock.c:write_data(562) write_data: write failure in writing to client 192.168.0.240. Error Broken pipe Any help or suggestions would be greatly apprieciated. Regards, Anthony Seeing as I got not replies I went and upgraded to 3.2.15 from sernet http://ftp.sernet.de/pub/samba/tested/centos/5/repodata/index.html And I'm seeing the same errors on the vista side but here are the logs from the server, Dec 13 11:16:39 newsrv smbd[32555]: [2009/12/13 11:16:39, 0] lib/util_sock.c:read_socket_with_timeout(939) Dec 13 11:16:39 newsrv smbd[32555]: [2009/12/13 11:16:39, 0] lib/util_sock.c:get_peer_addr_internal(1676) Dec 13 11:16:39 newsrv smbd[32555]: getpeername failed. Error was Transport endpoint is not connected Dec 13 11:16:39 newsrv smbd[32555]: read_socket_with_timeout: client 0.0.0.0 read error = Connection reset by peer. are there any known issues with Vista? and is there any known working minimum version? I see the same thing with Windows 7 Vista: Dec 13 06:27:11 svr smbd[28206]: [2009/12/13 06:27:11, 0] lib/util_sock.c:539(read_fd_with_timeout) Dec 13 06:27:11 svr smbd[28206]: [2009/12/13 06:27:11, 0] lib/util_sock.c:1491(get_peer_addr_internal) Dec 13 06:27:11 svr smbd[28206]: getpeername failed. Error was Transport endpoint is not connected Dec 13 06:27:11 svr smbd[28206]: read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. Justin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 Point and Print
Please see https://bugzilla.samba.org/show_bug.cgi?id=6883 Justin Brian May wrote: Was a bugzilla report filed? Was anything worked out? I seem to be suffering the same issue. Only seems to have happened after joining a Samba domain, and affects non-domain accounts as well as domain accounts. Brian May -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.4.2-1: ERROR! Out of file structures
Hello, When performing a lot of file I/O on a samba share, I see the following: Nov 15 16:01:47 l1 smbd[31472]: ERROR! Out of file structures Nov 15 16:01:49 l1 smbd[31472]: [2009/11/15 16:01:49, 0] smbd/files.c:61(file_new) Nov 15 16:01:49 l1 smbd[31472]: ERROR! Out of file structures Nov 15 16:01:49 l1 smbd[31472]: [2009/11/15 16:01:49, 0] smbd/files.c:61(file_new) Nov 15 16:01:49 l1 smbd[31472]: ERROR! Out of file structures Nov 15 16:01:49 l1 smbd[31472]: [2009/11/15 16:01:49, 0] smbd/files.c:61(file_new) Nov 15 16:01:49 l1 smbd[31472]: ERROR! Out of file structures Nov 15 16:01:49 l1 smbd[31472]: [2009/11/15 16:01:49, 0] smbd/files.c:61(file_new) Nov 15 16:01:49 l1 smbd[31472]: ERROR! Out of file structures Nov 15 16:01:49 l1 smbd[31472]: [2009/11/15 16:01:49, 0] smbd/files.c:61(file_new) Nov 15 16:01:49 l1 smbd[31472]: ERROR! Out of file structures Is the proper fix to, e.g.: ulimit -n 32768 before starting samba? Or is there a samba-specific option that should be used instead? Justin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Broken pipe in Samba logs when using Samba with Windows 7 x64?
Hello, After upgrading a host from XP/32 to Windows 7/64, I see the following entries in the logs, what is the root cause of this issue? Nov 14 10:10:18 l1 smbd[6174]: getpeername failed. Error was Transport endpoint is not connected Nov 14 10:10:18 l1 smbd[6174]: write_data: write failure in writing to client 0.0.0.0. Error Broken pipe Nov 14 10:10:18 l1 smbd[6174]: [2009/11/14 10:10:18, 0] smbd/process.c:62(srv_send_smb) Nov 14 10:10:18 l1 smbd[6174]: Error writing 75 bytes to client. -1. (Transport endpoint is not connected) Nov 14 10:10:18 l1 smbd[6174]: [2009/11/14 10:10:18, 0] lib/util_sock.c:738(write_data) Nov 14 10:10:18 l1 smbd[6174]: [2009/11/14 10:10:18, 0] lib/util_sock.c:1491(get_peer_addr_internal) Nov 14 10:10:18 l1 smbd[6174]: getpeername failed. Error was Transport endpoint is not connected Nov 14 10:10:18 l1 smbd[6174]: write_data: write failure in writing to client 0.0.0.0. Error Broken pipe Nov 14 10:10:18 l1 smbd[6174]: [2009/11/14 10:10:18, 0] smbd/process.c:62(srv_send_smb) Nov 14 10:10:18 l1 smbd[6174]: Error writing 75 bytes to client. -1. (Transport endpoint is not connected) Nov 14 10:10:18 l1 smbd[6174]: [2009/11/14 10:10:18, 0] lib/util_sock.c:738(write_data) Nov 14 10:10:18 l1 smbd[6174]: [2009/11/14 10:10:18, 0] lib/util_sock.c:1491(get_peer_addr_internal) Nov 17 13:26:23 l1 smbd[19701]: [2009/11/17 13:26:23, 0] lib/util_sock.c:539(read_fd_with_timeout) Nov 17 13:26:23 l1 smbd[19701]: [2009/11/17 13:26:23, 0] lib/util_sock.c:1491(get_peer_addr_internal) Nov 17 13:26:23 l1 smbd[19701]: getpeername failed. Error was Transport endpoint is not connected Nov 17 13:26:23 l1 smbd[19701]: read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. Justin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 Point and Print
Hello, I'm migrating from Samba 3.0.24 to 3.4.3 to add support for Windows 7 on my print server. I've kept the smb.conf essentially the same, changing only the directives corresponding to Kerberos authentication as changed in the 3.4 series. Please see http://pastebin.com/m9c0409 Note that the LPRng backend isn't installed on this server...I am only testing samba. When I go to add a printer in Windows 7 (after configuring appropriate drivers, permissions, etc), I get an error: Windows cannot connect to the printer. Operation failed with error 0x06f7 The operation succeeds when I try the same procedure on Windows XP. What setting am I missing? Thanks for any insight you can provide. Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade samba from 3.28 to 3.29 to fix winbind issue.
How do you upgrade samba from 3.0.28 to 3.0.29 to fix winbind issue? My OS is CentOS 4.5. I haven't been able to find a RPM above 3.0.28. for samba. I backed all of the files that I needed and removed the RPM's for 3.28 and installed 3.0.33 doing a ./configure, make, make install and was hoping to reconfigure all the data but the smb service was not where to be found I even rebooted the system but no good. So I used Clone Zilla and restored the system back to the original. I'm at a loss what to do any help would be appreciated. Turner -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Owner and Group ignored over preference to ACLs
Hi Karolin After some time, I finally managed to recompile samba rather than using the default RPMs. I have a feeling that the default didn't have --enable-acls support, which would explain it ignoring ACL information. Thanks for your help; it works now! Regards, Justin On Tue, 2008-07-29 at 08:35 +0200, Karolin Seeger wrote: Hi Justin, On Mon, Jul 28, 2008 at 03:07:51PM +0100, Justin Finkelstein wrote: I've just recently upgraded one of our servers from Fedora Core to CentOS 5.2 and a side effect of this is that Samba is now version 3.0.28-1.el5_2.1. Following this upgrade, I have noticed an odd behaviour: samba ONLY uses ACLs to provide permissions to XP clients connecting to the server. Some research as has said that this may be due to the deprecation of acl group control, which is now replaced by the 'dos filemode' option. However, changing this doesn't the desired affect. To be clear: the desired effect, for me, is to have owner and group information (as well as ACLs) used to determine permissions for connected users. I've yet to find an answer to this via google. Has anyone else experience this and have some feedback? I think this one is fixed in 3.0.31 with the attached patch. Details can be found at https://bugzilla.samba.org/show_bug.cgi?id=5202. Can you try that? Karolin -- Redwire Design Limited 54 Maltings Place 169 Tower Bridge Road London SE1 3LJ www.redwiredesign.com [ 020 7403 1444 ] - voice [ 020 7378 8711 ] - fax -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Shortfalls?
Hello, 1) Can not support .chm help files 2) Does not support locks for multi-user access to Access 3) Does support URLs from windows with '%' in the path 4) Numerous problems with multiple users accessing same folder. Comments/suggestions for fixing the above mentioned problems? Justin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Owner and Group ignored over preference to ACLs
Hello all I've just recently upgraded one of our servers from Fedora Core to CentOS 5.2 and a side effect of this is that Samba is now version 3.0.28-1.el5_2.1. Following this upgrade, I have noticed an odd behaviour: samba ONLY uses ACLs to provide permissions to XP clients connecting to the server. Some research as has said that this may be due to the deprecation of acl group control, which is now replaced by the 'dos filemode' option. However, changing this doesn't the desired affect. To be clear: the desired effect, for me, is to have owner and group information (as well as ACLs) used to determine permissions for connected users. I've yet to find an answer to this via google. Has anyone else experience this and have some feedback? Thanks, justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Large Backups to Windows
Hi, This is a kind of scenario question for best practices -- within limits. I've inherited a less than ideal backup situation: backups are transferred from Samba to Windows. I can't get out of this situation without major re-engineering and the only problem is the time it takes to do full backups. Specifically: -200GiB is taking a few days to backup -Cpio is doing the backup across cifs Here are optimizations I've tried so far: +switch from smbfs to cifs -- yes this is an old-ish system but Samba 3.0.10 +mount local noatime +installed 1G more memory -- almost 1.5G is cached +verified low processor vm usage -- data i/o doesn't +appear to be spreading to other subsystems configure Windows for larger +FS cache These Samba and Windows hosts are on the same network (and the same, Gig switch as far as I can tell). What scares me is the latency of backups (because it's really no longer a Saturday backup) and the time to restore. Anyone tried cpio smbd blocking factors? Or what other networking suggestions are there? The only kind of tweaking I've done is for tape backups but that was local to a host ... Justin -- AIM/YIM/ICQ: vap0rtranz Homepage: http://appstate.edu/~jp59031/ Here on the moon, our weekends are so advanced, they encompass the entire week. - Ignignokt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Large Backups to Windows
Hi, This is a kind of scenario question for best practices -- within limits. I've inherited a less than ideal backup situation: backups are transferred from Samba to Windows. I can't get out of this situation without major re-engineering and the only problem is the time it takes to do full backups. Specifically: -200GiB is taking a few days to backup -Cpio is doing the backup across cifs Here are optimizations I've tried so far: +switch from smbfs to cifs -- yes this is an old-ish system but Samba 3.0.10 +mount local noatime +installed 1G more memory -- almost 1.5G is cached +verified low processor vm usage -- data i/o doesn't +appear to be spreading to other subsystems configure Windows for larger +FS cache These Samba and Windows hosts are on the same network (and the same, Gig switch as far as I can tell). What scares me is the latency of backups (because it's really no longer a Saturday backup) and the time to restore. Anyone tried cpio smbd blocking factors? Or what other networking suggestions are there? The only kind of tweaking I've done is for tape backups but that was local to a host ... Justin -- AIM/YIM/ICQ: vap0rtranz Homepage: http://appstate.edu/~jp59031/ Here on the moon, our weekends are so advanced, they encompass the entire week. - Ignignokt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind ignores idmap configuration (3.0.28a)
Naadir Jeewa wrote: Hullo, After having my Samba server joined to a domain, I'm now having difficulties configuring winbind. I want to use the idmap_rid backend, and have recompiled Samba from scratch with the requisite rid.so module. However, no matter how idmap domains / idmap config is set up, it seems to get totally ignored. Here is my smb.conf: [global] workgroup = DEPARTMENTDOMAIN server string = NAS Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 security = ads realm = DEPARTMENTDOMAIN use kerberos keytab = true load printers = no local master = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 smb ports = 445 disable netbios = yes idmap domains = ORGUSERDOMAIN # Winbind RID idmap config ORGUSERDOMAIN: backend = rid idmap config ORGUSERDOMAIN: base_rid = 1000 idmap config ORGUSERDOMAIN: range = 1-2 Here is output from winbind: [ 7677]: lookupsid bleh get_cache: Setting MS-RPC methods for domain ORGUSERDOMAIN rpc: query_user sid=bleh error getting user info for sid bleh query_user returned an error Could not query domain ORGUSERDOMAIN SID bleh Thanks in advance, Naadir Jeewa Try setting your base_rid to 513. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind ignores idmap configuration (3.0.28a)
Naadir Jeewa wrote: No joy. Still seems to look in AD for a uid instead of calculating using rid. Naadir Does adding the following help idmap backend = rid -Original Message- From: Justin Payne [mailto:[EMAIL PROTECTED] Sent: 03 April 2008 20:31 To: Naadir Jeewa Cc: samba@lists.samba.org Subject: Re: [Samba] Winbind ignores idmap configuration (3.0.28a) Naadir Jeewa wrote: Hullo, After having my Samba server joined to a domain, I'm now having difficulties configuring winbind. I want to use the idmap_rid backend, and have recompiled Samba from scratch with the requisite rid.so module. However, no matter how idmap domains / idmap config is set up, it seems to get totally ignored. Here is my smb.conf: [global] workgroup = DEPARTMENTDOMAIN server string = NAS Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 security = ads realm = DEPARTMENTDOMAIN use kerberos keytab = true load printers = no local master = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 smb ports = 445 disable netbios = yes idmap domains = ORGUSERDOMAIN # Winbind RID idmap config ORGUSERDOMAIN: backend = rid idmap config ORGUSERDOMAIN: base_rid = 1000 idmap config ORGUSERDOMAIN: range = 1-2 Here is output from winbind: [ 7677]: lookupsid bleh get_cache: Setting MS-RPC methods for domain ORGUSERDOMAIN rpc: query_user sid=bleh error getting user info for sid bleh query_user returned an error Could not query domain ORGUSERDOMAIN SID bleh Thanks in advance, Naadir Jeewa Try setting your base_rid to 513. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.26a-1 / Debian/Lenny sendfile(?) performance problems
= 3 Segments Received = 5051709 Segments Sent = 3654327 Segments Retransmitted = 76 UDP Statistics for IPv4 Datagrams Received= 1826 No Ports = 58 Receive Errors= 3 Datagrams Sent= 716 Justin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.26a-1 / Debian/Lenny sendfile(?) performance problems
Package: samba Version: 3.0.26a-1 One note to add: I remember seeing this bug on my old system as well, so I do not think it is hardware related. Justin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 2.6.22/realtek bug in hardware, any kernel work-around?
= 5051709 Segments Sent = 3654327 Segments Retransmitted = 76 UDP Statistics for IPv4 Datagrams Received= 1826 No Ports = 58 Receive Errors= 3 Datagrams Sent= 716 Justin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Looks like it is hardware related after all: http://forums.gentoo.org/viewtopic-p-2820556.html http://ubuntuforums.org/showthread.php?t=531505 http://www.fedoraforum.org/forum/showthread.php?p=452451 One poster wrote I got similar problems: http://forums.gentoo.org/viewtopic-t-570392.html http://forums.gentoo.org/viewtopic-t-389449-postdays-0-postorder-asc-start-25.html?sid=4251f92bbc6db32fd200c4ea0ea9c9be I found out that poor smb performance is related to a broken udp-perfomance of the 8169 NIC in outgoing udp. But, only in Gb Mode of the 8169 NIC, with 100Mbps it is ok. http://forums.gentoo.org/viewtopic-t-570392.html I have: 03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 01) 04:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 01) That must be the issue, time to buy an Intel PCI-e NIC if I want better performance with samba in Linux. I do have another one of these motherboards (ABIT AW9D-MAX) running XP and it does not seem to suffer from this problem, I guess the [proprietary? Realtek driver does not suffer from this bug]? Justin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with print driver information stored in ntprinters.tdb
Hi Guys, I've have an issue (or perhaps more accurately a feature) with my production system running Samba 3.0.24 (Cups 1.2.9). We do not make use of server side print drivers, the reason for this is below. We therefore install drivers manually on our client systems. The issue that has arisen lately is that when a printer is added to a client workstation, Samba somehow picks up the name of the driver and stores this in ntprinters.tdb. Then on the next client when we go to add the same printer the client workstation picks up this driver name and refuses to allow any other driver to be chosen (say PCL vs. PS). After proceeding with the printer install and checking the ports tab in printer properties instead of listing all of the client's local ports it lists the 'samba printer port' as is seen on the server. Deleting ntprinters.tdb and restarting Samba cleans the slate but it's not very workable. Is there a way to prevent the Windows client from being able to update the TDB database? Any recommendations? Here is my config: [global] workgroup = DOMAIN netbios aliases = SERVER-ALIAS realm = realm.com server string = interfaces = 10.70.1.42/255.255.0.0 security = ADS password server = DC1, DC2 log level = 1 log file = /var/log/samba/log.%m max log size = 50 deadtime = 5 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = No local master = No domain master = No dns proxy = No wins server = 10.70.1.1 ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/%U template shell = /bin/bash winbind separator = + winbind use default domain = Yes admin users = root dos filemode = Yes [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes force printername = Yes browseable = No [print$] path = /etc/samba/drivers read only = No guest ok = Yes Our use of Canon ImageRunner class printers has caused the main source of our problems in using server side drivers. The Canon drivers have a 'Get Device Status' button in the Printer Properties dialog that acquires information on the printer's configuration such as tray types and number of trays, etc. When using Windows as a print server the Canon Net Assistant service appears to receive this information and forward it to the printer. Canon of course does not provide the equivalent for Linux. Canon therefore provides a workaround application that can be run on the Windows client called 'PortSet'. This application allows you to bind IP addresses with specific printers so that the driver can communicate directly with the printer for the device status. PortSet unfortunately does not work at all if the printer's been installed with the server side drivers. Thanks guys Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] error when trying to execute net join..
I get this error after executing the net join ads command: ads_connect: Invalid or incomplete multibyte or wide character anybody have any idea what that means? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can't get single sign on to work after joining linux to an AD domain
methods (such as /etc/hosts and DNS). The order of items on this line defines the order Linux uses. For instance, you might end up with a line like this: hosts: files wins dns This configuration isn't strictly necessary, and it requires its own library (libnss_wins.so, installed much like libnss_winbind.so, as described earlier). Still, it can be handy if your system is running on a network that uses NetBIOS names locally and you don't want to maintain all your local names in /etc/hosts or run a local DNS server. You needn't restart anything to have NSS begin using the new configuration you've specified in /etc/nsswitch.conf. You may want to check that the NSS portion of the configuration is working by using getent. This command returns information on user and group database entries. In particular, typing getent passwd returns user information, and getent group returns group information. On Linux systems with default configurations, these commands' outputs are similar to what you'd get by typing cat /etc/passwd or cat /etc/group. On a system with a working Winbind NSS configuration, you should see the contents of these files plus accounts maintained by the NT domain controller. If you don't see these accounts, review your configuration and consult your log files (on both the Linux system and the domain controller) for clues. Testing the Configuration At this point, everything should be working, and you should have tested the Winbind and NSS subsystems. To test PAM and everything else, you should try an ordinary login using a domain account --- that is, one that's defined on the domain controller but not on the local system. You can do this via whatever login methods you chose to configure in PAM, and in fact you should test all of these login methods, to be sure there's not a problem with some of them but not others. Be sure to test both valid and invalid logins, that is, correct usernames and passwords, correct usernames and incorrect passwords, and incorrect usernames. Some configurations will enable anybody to log in, using correct or incorrect passwords. Presumably that's not what you want to do! You should also test your local accounts while you're at it --- some types of configurations will disable those accounts, but you should leave them enabled. If nothing else, root should be defined locally, not via the domain controller. Roderick W. Smith is the author or co-author of over a dozen books, including Linux in a Windows World and The Definitive Guide to Samba 3. He can be reached at [EMAIL PROTECTED] / -- Justin Ehrlichman Computer Technician Online Stores Inc. 724-925-5600 ext 610 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.onlinestores.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] BUIILTIN accounts with Samba 3.0.24 + LDAP
On 5/21/2007 8:29 AM, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin Zipperle wrote: ...and everything worked well until I migrated all the user, machine, and group accounts from the old domain and the PDC went into production this morning. Once the machine went live, I started to notice that there were significant delays when connecting to shares or viewing security on files or folders within shares from WinXP Pro SP2 workstations. When viewing security, certain builtin accounts (Domain Users, Domain Admins, etc) wouldn't resolve to their DisplayNames and would instead show the SID...this after much delay. Two things. (a) Domain Users, etc...are not builtin groups. BUILTIN represents a specific domain (S-1-5-32) (b) make sure that you installed the latest schema file and included eq and sub nidexes for sambaSID (c) group mapping entries can be view and/or modified using 'net sam' and 'net groupmap' I stand corrected :) After verifying that I had the latest schema file, I found the problem by looking more closely at the data in my LDAP database. Some of the SIDs didn't match the SID of the domain I had created. I can only guess that I screwed something up during the install which caused the SID of the domain to be changed, which would explain why my manually created users and groups resolved and the smbldap-populate populated ones did not. After I manually adjusted all of the SIDs back to match the domain SID, everything started working properly. Thanks for the nudge! -Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] errors - cannot access LDAP when not root
I'm hardly an OpenLDAP expert, but check your ACLs in your slapd.conf. Make sure you've got something like this: access to * by * read You should probably tighten up your LDAP security a bit more than that, but you get my point. You should be able to do an anonymous bind and search LDAP from the command line: ldapsearch -x -b dc=yourbase,dc=net (ObjectClass=*) In my experience, that should be working before you can do anything useful with Samba. Hope this helps! -Justin On 5/21/2007 10:07 AM, Bradley Tate wrote: Hi I was happy enough running SuSE 9.3 and samba 3.0.20 with openldap but hardware problems forced me to move. I tried openSuSe 10.2 with samba 3.0.23 and 3.0.24 but kept getting strange interactions with openldap and Internal Errors from samba, I realise now possibly due to copying .dat files from the old setup. I've now moved to something I know a bit better, which is a more redhat like Centos 5 and have virtually installed from scratch except for the LDAP directory and the smb.conf. I'm now getting heaps of the same errors in the user logs. Typically a fragment is: [2007/05/21 23:45:18, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base = [ou=Groups,dc=objectmastery,dc=com], filter = [((objectClass=sambaGroupMapping)(gidNumber=10 0))], scope = [2] [2007/05/21 23:45:18, 0] lib/smbldap.c:smbldap_open(1009) smbldap_open: cannot access LDAP when not root.. Any clues on how to get rid of the problem would be helpful, even if it's to tell me more information is needed or where I should start looking. Rollback is not an option. Thanks, Bradley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] BUIILTIN accounts with Samba 3.0.24 + LDAP
Does Samba cache info about builtin accounts? If so, where? I'd appreciate any nudges in the right direction here. I really don't have the option of rebuilding this server (unless there's a way to tell it what SID to use so that I don't have to re-migrate all of the user profiles). Any ideas are appreciated! Thanks! -Justin Justin Zipperle wrote: I'm having a problem with BUILTIN accounts on a Samba 3.0.24 PDC with an LDAP backend on Ubuntu. I followed this guide for setting up the server: http://samba.org/samba/docs/man/Samba-Guide/happy.html ...and everything worked well until I migrated all the user, machine, and group accounts from the old domain and the PDC went into production this morning. Once the machine went live, I started to notice that there were significant delays when connecting to shares or viewing security on files or folders within shares from WinXP Pro SP2 workstations. When viewing security, certain builtin accounts (Domain Users, Domain Admins, etc) wouldn't resolve to their DisplayNames and would instead show the SID...this after much delay. I've reindexed LDAP w/ slapindex thinking this was part of the problem, but it had no effect. I can see all of the BUILTIN accounts using net groupmap list and getent group, but I don't see them with net rpc rights list accounts. Any idea what I may have changed that broke this? -Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] BUIILTIN accounts with Samba 3.0.24 + LDAP
I'm having a problem with BUILTIN accounts on a Samba 3.0.24 PDC with an LDAP backend on Ubuntu. I followed this guide for setting up the server: http://samba.org/samba/docs/man/Samba-Guide/happy.html ...and everything worked well until I migrated all the user, machine, and group accounts from the old domain and the PDC went into production this morning. Once the machine went live, I started to notice that there were significant delays when connecting to shares or viewing security on files or folders within shares from WinXP Pro SP2 workstations. When viewing security, certain builtin accounts (Domain Users, Domain Admins, etc) wouldn't resolve to their DisplayNames and would instead show the SID...this after much delay. I've reindexed LDAP w/ slapindex thinking this was part of the problem, but it had no effect. I can see all of the BUILTIN accounts using net groupmap list and getent group, but I don't see them with net rpc rights list accounts. Any idea what I may have changed that broke this? -Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming Profile Folders Pulled Over Read-Only
Hello, I'm using Samba 3.0.14a-3 on Debian 3.1 (Sarge). It's functioning as a domain controller for a lot of WinXP SP2 machines. As such, it serves up roaming profiles for most of our staff. I've noticed that all of the folders in the root of the profile are pulled over as read-only. The UNIX permissions for a user's profile on the server is 700, and I'm not sure why WinXP is interpreting this as read-only. Everywhere I read, as long as a user as write permission on the server, it's not read-only. I've tried maping the system, archive, and hidden bits in the configuration and changing the permissions to 600, but no luck there. The only real issue that this has been causing is problems with IE cookies. The read-only bit is keeping IE from using the Cookies folder properly, causing problems with logging in with some websites. It's mostly interfering with our company website and its functionality. Any ideas? -- Justin Churchey Network Engineer Mount de Sales Academy 851 Orange Street Macon, GA 31201 (478) 751-3240 ext. 179 jchurchey -at- mountdesales -dot- net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.22 bug?
Sep 7 04:15:20 server smbd[2341]: [2006/09/07 04:15:20, 0] tdb/tdbutil.c:tdb_log(772) Sep 7 04:15:20 server smbd[2341]: [2006/09/07 04:15:20, 0] tdb/tdbutil.c:tdb_log(772) Sep 7 04:15:20 server smbd[2341]: tdb(/var/cache/samba/printing/hp.tdb): rec_read bad magic 0x44fc2015 at offset=22596 Sep 7 04:15:20 server smbd[2341]: tdb(/var/cache/samba/printing/hp.tdb): rec_read bad magic 0x44fc2015 at offset=22596 Sep 7 04:17:56 server smbd[2341]: [2006/09/07 04:17:56, 0] tdb/tdbutil.c:tdb_log(772) Sep 7 04:17:56 server smbd[2341]: [2006/09/07 04:17:56, 0] tdb/tdbutil.c:tdb_log(772) Sep 7 04:17:56 server smbd[2341]: tdb(/var/cache/samba/printing/hp.tdb): rec_read bad magic 0x44fc2015 at offset=22596 Sep 7 04:17:56 server smbd[2341]: tdb(/var/cache/samba/printing/hp.tdb): rec_read bad magic 0x44fc2015 at offset=22596 What causes this? The printing via Samba works fine. Any idea? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows XP 64-bit, Samba 3 and permissions
Hi guys I've been running Samba 3 for a while as my PDC in our office with a number of XP clients and a MacOS 10 client, without undue problems. Recently, though, we upgraded a couple of workstations to 64bit and these two workstations now have problems getting up the user dialog that 32bit XP has no problem with. When you select a folder, go to it's security options and hit 'add' to add a user. This brings up a dialog which reads: The program cannot open the required dialog box because it cannot determine whether the computer named server is joined to a domain. Close this message, and try again. Then if you close it, you get the following message pop up: Unable to display the user selection dialog. This action is only valid for products that are currently installed. I've no idea why this is a problem. The Samba box is configured as a PDC and doesn't appear to cause problems for any other workstations. For ref, I am running Samba 3.0.22 and my smb.conf is included below. Any thoughts on this? Chances are it's a config problem, but it's just very bizarre. Thanks, Justin --- smb.conf --- # Samba config file created using SWAT # from 192.168.2.11 (192.168.2.11) # Date: 2006/04/10 12:23:07 # Global parameters [global] workgroup = DOMAIN passdb backend = tdbsam log level = 3 log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins bcast load printers = No add user script = /usr/local/sbin/smb-add-user %u delete user script = /usr/local/sbin/smb-rm-user %u add group script = /usr/local/sbin/smb-add-group %g delete group script = /usr/local/sbin/smb-rm-group %g add user to group script = /usr/local/sbin/smb-add-user-group %u %g delete user from group script = /usr/local/sbin/smb-rm-user-group %u %g add machine script = /usr/local/sbin/smb-add-machine %u domain logons = Yes os level = 33 lm announce = Yes lm interval = 120 preferred master = Yes domain master = Yes wins support = Yes ldap ssl = no admin users = @wheel [homes] comment = Home Directories read only = No browseable = No csc policy = disable [netlogon] comment = Network Logon Service path = /home/netlogon write list = justin guest ok = Yes browseable = No share modes = No [stuff] path = /home/stuff read only = No create mask = 0774 force create mode = 0774 force security mode = 0760 inherit permissions = Yes inherit acls = Yes profile acls = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Issue joining samba to W2K domain
Hello All, I am having an issue joining my samba server to an Windows 2000 Active Directory domain. When I run the net ads join -U Administrator command and enter the password, it simply hangs there until terminated. The machine account gets created on the domain controller, but the join does not complete sucessfully. I have verified that kerberos is working with kinit [EMAIL PROTECTED] and klist. The odd part is that I can join the that same samba server to a Windows 2003 Domain with no issue whatsoever. Has anyone seen an issue similar to this while joining a 2000 domain? Thanks, Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] make: Circular /cygdrive/c/Documents - /cygdrive/c/Documents
Hello, I followed the instructions from samba.org to compile release-3.0.4 and I got the following error message: make: Circular /cygdrive/c/Documents - /cygdrive/c/Documents dependency dropped. make: Circular and - /cygdrive/c/Documents dependency dropped. make: Circular and - and dependency dropped. ... I cannot execute make. What should I do to fix this problem? Thank you for your assistance. Regards, Justin Akazan Wireless Ve. McLean, VA __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: OpenLDAP and Active Directory synchronize
Paul Matthews wrote: well I looked into this about 6 months ago now and the answer then way not without a lot of effort and scripts and it was just a messy answer. But if you find an answer i'd be interested in hearing it, try http://www.ldapguru.com/ I think there is a constant topic about this. This probably isn't an option if you've already deployed OpenLDAP, but Novell's eDirectory has an addon called Identity Manager which does this kind synchronization to AD (and many, many other applications) very smoothly. Yes it's commercial, but it is relatively inexpensive and it's the best damn directory out there in my opinion if you're going to be serious about this. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba LDAP gidNumber=-1 queries?
Greetings, using samba-3.0.20b. I've been doing some packet traces of Samba's LDAP queries, and I notice that it does a lot of queries on various idmaps for gidnumber=-1 before it performs functions. What happens if this object is present in the directory? Does it disable functionality? It'd be good to know if it provides a system-wide disable feature. Thanks. -Justin Grote -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Sharing a Secondary Hard Drive
I just recently installed a second hard drive in my Samba server with the hopes of sharing it with the rest of my home network. It seems like Samba can not get the correct permissions to the drive, however. I have the drive mounted under /media/public, and when I try to map a share directly to it and open the share with a client, I get an NT_STATUS_BAD_NETWORK_NAME error. When I map the share to /media and try the client again, I can see the cdrom folder, but not public. I have also tried scp and ftp using /media/public, and they both work fine, so it doesn't seem like a common case of poor permission settings. Has anyone else ever experienced this or know of a possible cause? I'm running Fedora Core 4 if that helps. Thanks in advance, Justin McCullough -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Sharing a Secondary Hard Drive
I installed a second hard drive on my Samba server box with the hopes of creating a share for the rest of my home network. It doesn't seem like Samba is able to read the drive for some reason, however. The new drive is mounted on /media/public. When I create a share directly to the drive and try to connect through the smbclient, I get an NT_STATUS_BAD_NETWORK_NAME error. Moving the share up a level to /media allows smbclient to connect, but the public folder does not even appear and trying to cd into it returns an NT_STATUS_ACCESS_DENIED message. The drive itself seems fine as I'm able to write to it using any of my accounts directly and I can ftp and scp into it, so I am completely stumped. Does any one else have any experience with this or know what may be the cause? I'm running Fedora Core 4 by the way, if that helps. Thanks in advance, Justin McCullough -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba over PVFS: Corrupted Data
On Tue, Dec 20, 2005 at 08:08:24AM -0800, Jeremy Allison wrote: Ok, what you need is to create files locally on the windows client of 512 bytes, 1024 bytes etc. and then just copy them onto the Samba drive. Check what the smallest size is that the first file becomes corrupted. That will show the simplest problem that reproduces the issue. At *that* point then send in logs etc. Without an *exact* method of reproducing this with detailed information on what is going wrong (ie. the last 20 bytes of a 512 byte file get corrupted, but a 256 byte file is fine - here is the comparitive copy) it will be a massive investment of time to track this down, that we currently don't have. You're going to have to do more work on this I'm afraid. OK, I made a bunch of files consisting of the string 123456789abcdef\n where \n is the UNIX newline (ASCII 0xA) and performed the binary search. Files 64KB (=65536 bytes) and higher are corrupted and files under 64KB are fine. In the attached tarball area the results of my tests for two files, one 64KB in length and one 65535B (64K-1B) in length. In more detail: pvfs-detailed-test/log.andy-ibm.64k pvfs-detailed-test/log.andy-ibm.65535 - samba logs with the log level = 10 pvfs-detailed-test/64k-orig.txt pvfs-detailed-test/65535-orig.txt - original files pvfs-detailed-test/64k-share.txt pvfs-detailed-test/65535-share.txt - files as put on the share by our Windows client. The 64k file from the share starts to differ from the original file at offset 0xF000. The file from the share is filled with 0 bytes. pvfs-detailed-test/ethereal-64k pvfs-detailed-test/ethereal-65535 - whole-packet ethereal traces. pvfs-detailed-test/smb.conf - the Samba configuration for this test. The client was accessing the Cluster share. I did these tests with just-released Samba 3.0.21a on a Mandrake 2005LE (10.2) system. Sorry for the delay in getting this extra information -- holidays and such. If there is any more information you need, please let me know! --Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SAMBA PDC for Windows and Mac clients questions
Hey Matthew, Thanks for the link. Reading their implementation gave me better insight into how it should all fit together and work. I was able to get out test boxes to talk happily to one another. Justin -Original Message- From: Matthew Easton [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 27, 2005 2:45 AM To: Justin Pearce Cc: samba@lists.samba.org Subject: Re: [Samba] SAMBA PDC for Windows and Mac clients questions On Dec 26, 2005, at 5:43 PM, Justin Pearce wrote: In the interest of better compatibility for file stores and authentication, we are trying to implement a Linux machine as a primary domain controller using SAMBA and LDAP. The goal is to have both Windows XP computers and Mac OS X computers able to authenticate against the PDC, thereby allowing access to appropriate file stores on the network. On the Mac clients, take a look at Directory Access in the Utilities subdirectory of the Applications directory -- if you haven't already. There seems to be an option to configure Samba/CIFS authentication. Check it, select it, and choose configure to set the workgroup and wins server. While it is easy to have the Windows machines authenticate against the server without LDAP, I seem to be unable to use the server as an authentication source for the Mac OS X machines unless I try to use LDAP. Apple's Xserve uses OpenLDAP for authentication, so if you get it right, the Macs will behave pretty much like they would in a native Mac environment. Note that a Mac user can authenticate against an LDAP server to mount his home directory through NFS, and then mount file shares using SAMBA or NFS or Appletalk, and that could be a second authentication to the same or to a different server. The problem I seem to have is that I can only get Windows to work with the server or OS X to work with the server, but not both. Unfortunately, I am rather new to this area and I cannot seem to find any good documentation or examples thus far. Has anyone tried this or have some experience in this area and could provide some suggestions or references to implementation? But here are some folks who have apparently done just what you are trying. http://www.cs.dixie.edu/ldap/server/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA PDC for Windows and Mac clients questions
Greetings, In the interest of better compatibility for file stores and authentication, we are trying to implement a Linux machine as a primary domain controller using SAMBA and LDAP. The goal is to have both Windows XP computers and Mac OS X computers able to authenticate against the PDC, thereby allowing access to appropriate file stores on the network. While it is easy to have the Windows machines authenticate against the server without LDAP, I seem to be unable to use the server as an authentication source for the Mac OS X machines unless I try to use LDAP. The problem I seem to have is that I can only get Windows to work with the server or OS X to work with the server, but not both. Unfortunately, I am rather new to this area and I cannot seem to find any good documentation or examples thus far. Has anyone tried this or have some experience in this area and could provide some suggestions or references to implementation? Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba over PVFS: Corrupted Data
On Mon, Dec 19, 2005 at 08:01:27AM -0800, Jeremy Allison wrote: 1. Corruption of PDF files. Copying PDF files from my Windows desktop to the Samba share results in corruption. It looks like only the beginning of the file is getting corrupted. For example, the file normally starts with: Get an ethereal trace and debug level 10 of this and then do an The samba log, ethereal trace, the original PDF and the version we get via samba are attached in a tarball. md5 checksum of a truncated copy of the start of the file - say 512 bytes then 1024 bytes then 2048 and binary chop until you find the sizer that's being corrupted. I did a more careful study of the files and the corrupted version seems corrupt throughout -- including an odd string of NULs at the end of the file. The files are the same size, so perhaps something is padding the file to be the right length? Samba works well with many network filesystems so it's doubtful this is a Samba bug (although anything is possible :-). Indeed, Samba's great on most everything we've thrown at it! Sincerely, --Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba over PVFS: Corrupted Data
On Sat, Dec 17, 2005 at 09:46:08AM -0800, Andrew Bartlett wrote: The Samba 3.0.13 would be the first thing I would fix. Samba 3.0.21 is about to be released, and with oplock rewrites and other things since 3.0.13, it should provide a better basis for distributed filesystem work. My guess is that the lack of posix locking is causing Word to fail, as it uses a lot of locks. I upgraded to 3.0.21rc2 last night and still have the same problems, though I kept much better records of what's going on, so maybe that helps. 1. Corruption of PDF files. Copying PDF files from my Windows desktop to the Samba share results in corruption. It looks like only the beginning of the file is getting corrupted. For example, the file normally starts with: %PDF-1.4 5 0 obj /Length 3232 /Filter /FlateDecode But after the copy from the windows desktop, the same file starts with: 678 0 729 562 716 0 0 0 0 0 0 0 0 0 0 0 0 511 460 460 511 460 307 460 511 307 0 460 256 818 562 511 0 460 422 409 332 537 460 0 0 486 ] endobj 25 0 obj /Length1 1997 /Length2 14184 /Length3 532 /Length 15276 /Filter /FlateDecode The binary data that follows is different too. 2. We can copy Word files to and from the share without any problems. However, Word refuses to save to the share. It reports the error The save failed due to out of memory or disk space. The share has terabytes of space available (as reported by du), so this shouldn't be a problem. 3. We also use Avid -- a video editing program -- that complains Assertion Failed: ReadSize 0, file/coresw/core/filesys/diskrtnsWIN.c,line 444 and then locks up. We've run some other tests: 1. using the same configuration, but writing to an ext3 or xfs partition works normally with no problems. 2. Writing to and from the PVFS partition from within Linux also works with no problems. All of the above lead me to believe that there's something about PVFS that samba doesn't like. We have logs for these tests, at log level 3 and at log level 10. They're quite big, so I can put them on a website instead of posting them to the list if they would be helpful. Sincerely, --Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba over PVFS: Corrupted Data
Hello, I'm trying to export Samba shares that access a PVFS2 (http://www.pvfs.org/pvfs2)-mounted partition. PVFS2 is a parallel, distributed file system for Linux clusters. PVFS2 gets mounted like any other partition and it offers non-POSIX file semantics similar to NFS. We can use standard shell commands (mv, ls, cp, etc.) to read and write files on the PVFS2 file system without any problems. On Samba (3.0.13) we've had quite a few problems: 1. When we first made a Samba share, Windows (XP) explorer could see files, but would not let us manipulate them. For example, if we tried copying a file on the share, Windows would complain about a bad file handle. The Samba logs indicated that send_file_readX was causing a problem, so we put use sendfile = no in the share's configuration. We can now read from the share and save files using Notepad. 2. However, if we try copying files to the share with explorer or cmd, such as a pdf file, they get corrupted. The files are consistently corrupted in the same way. Similarly, Word refuses to write to the share. Unfortunately, for these problems, the samba logs say nothing -- I just see that the Windows computer connected to Samba server and the logs stop there. Has anyone had luck sharing PVFS volumes, or if not, are there any special settings I need for file systems with NFS-like semantics? I'm using a 2.6.14 Linux kernel on Mandrake 10.2. Samba is the aforementioned version 3.0.13. Thanks, --Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba over PVFS: Corrupted Data
Hello, I'm trying to export Samba shares that access a PVFS2 (http://www.pvfs.org/pvfs2)-mounted partition. PVFS2 is a parallel, distributed file system for Linux clusters. PVFS2 gets mounted like any other partition and it offers non-POSIX file semantics similar to NFS. We can use standard shell commands (mv, ls, cp, etc.) to read and write files on the PVFS2 file system without any problems. On Samba (3.0.13) we've had quite a few problems: 1. When we first made a Samba share, Windows (XP) explorer could see files, but would not let us manipulate them. For example, if we tried copying a file on the share, Windows would complain about a bad file handle. The Samba logs indicated that send_file_readX was causing a problem, so we put use sendfile = no in the share's configuration. We can now read from the share and save files using Notepad. 2. However, if we try copying files to the share with explorer or cmd, such as a pdf file, they get corrupted. The files are consistently corrupted in the same way. Similarly, Word refuses to write to the share. Unfortunately, for these problems, the samba logs say nothing -- I just see that the Windows computer connected to Samba server and the logs stop there. Has anyone had luck sharing PVFS volumes, or if not, are there any special settings I need for file systems with NFS-like semantics? I'm using a 2.6.14 Linux kernel on Mandrake 10.2. Samba is the aforementioned version 3.0.13. Thanks, --Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem running .avi file over samba share
When I run an avi file from a local machine (Win XP) the file plays without a problem. However, when I then move the file over to our Samba file server the file no longer plays. The file has the same md5 sum locally and on the file server so it would appear that something is changing in the file when it is cached and played. Has anyone seen or heard of his problem? Best, -- Justin R. Pessa - BOFH Brontes Technologies 400 West Cummings Park Suite 2600 Woburn, MA 01801 tel: (781) 756-1700 x248 www: http://www.brontes3d.com irc: irc.freenode.net | asdf_ on ##freebsd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] not seeing windows XP
I had some similar problems with my samba setup with XP Pro machines. The fix that I found was to disable the computer browser service on the XP Pro machines to prevent them from taking over the master browser role from the samba server and force the samba server to be master browser through the smb.conf file. Also I made my samba server into a WINS server and pointed the XP machines to that although I am not sure if this step is required. More than likely the problem is that you have 2 master browsers on the network so if you disable the computer browser service on the other 2 machines then that will likely fix the problem. Hope this helps, Justin On 9/7/05, Shelagh Manton [EMAIL PROTECTED] wrote: Hello, I've got two problems in my very small home network. 2 xp (pro) machines and me, who is the printer server on ubuntu. I've read through the samba 3 by example and the earlier chapters of samba 3 howtos, but there are some things I still don't seem to be understanding. One of my big issues is that one of the xp computers is totally invisible to me. I can't call it using its name or it's (static) ip address. I have no problem with the other computer. I can access the shared folders, copy, make folders etc. We have looked through the settings of this computer and can't spot what might be different from the visible one. Has anyone else had this problem and tracked it down? The two windows computers can see each other, so the network seems to be fine on their end. One problem I do have is that while I am admin for my machine, I don't control what happens on these machines as they were saved up for and built by my sons. So I have to be wary of teenage territorial feelings. I am using the standard ubuntu samba which is Version 3.0.14a-Ubuntu. One xp machine has been updated to service pack 2, but the one I can't see is the one who hasn't. I would have thought from my reading that it might be the other way around. The second problem is that I don't seem to be understanding the printing setup. (maybe 'cause I'm blonde?) Or maybe its trying to set up the printer to work over port:9100. for an HPlaserjet6l, or probably one of many different things. Oh well, I've just found another howto which may help me. I'll leave this till later. At the moment, if they want to print I have to copy from the shared folder and do it on my computer. If the niban wants to print, he has to copy it to the shared folder, then I have to copy it to my computer, you probably get the picture. Shelagh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot Authenticate to Samba Shares after switching laptop from wired to wireless nic.
= Connection reset by peer [2005/07/15 14:47:12, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 5 bytes to socket 5: ERRNO = Connection reset by peer [2005/07/15 14:47:12, 0] lib/util_sock.c:send_smb(647) Error writing 5 bytes to client. -1. (Connection reset by peer) [2005/07/27 20:26:01, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2005/07/27 20:26:01, 0] lib/access.c:check_access(328) [2005/07/27 20:26:01, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected Denied connection from (0.0.0.0 http://0.0.0.0) [2005/07/27 20:26:01, 1] smbd/process.c:process_smb(1084) [2005/07/27 20:26:01, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected Connection denied from 0.0.0.0 http://0.0.0.0 [2005/07/27 20:26:01, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2005/07/27 20:26:01, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 5 bytes to socket 22: ERRNO = Connection reset by peer [2005/07/27 20:26:01, 0] lib/util_sock.c:send_smb(647) Error writing 5 bytes to client. -1. (Connection reset by peer) [EMAIL PROTECTED] samba]# cat 192.168.1.111.log [EMAIL PROTECTED] samba]# Any help is greatly apprciated I have been working on this problem for months and have not found the answer yet I was hoping the new version of samba would fix it but no such luck. I have also tried another wireless card with the same configurations and had the same results. I do not have another wired card to try. Both interfaces have 192.168.1.5 http://192.168.1.5(fangorn's IP address configured for wins. Also the laptop client is Windows XP Professional SP2 (I know I wish it didn't have sp2 but it came with it). The server (fangorn) is Redhat 9.0 with Samba 3.020. Thanks, Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot Authenticate to Samba Shares after switching laptop from wired to wireless nic.
is not connected Connection denied from 0.0.0.0 http://0.0.0.0 [2005/07/15 14:47:12, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2005/07/15 14:47:12, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 5 bytes to socket 5: ERRNO = Connection reset by peer [2005/07/15 14:47:12, 0] lib/util_sock.c:send_smb(647) Error writing 5 bytes to client. -1. (Connection reset by peer) [2005/07/27 20:26:01, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2005/07/27 20:26:01, 0] lib/access.c:check_access(328) [2005/07/27 20:26:01, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected Denied connection from (0.0.0.0 http://0.0.0.0) [2005/07/27 20:26:01, 1] smbd/process.c:process_smb(1084) [2005/07/27 20:26:01, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected Connection denied from 0.0.0.0 http://0.0.0.0 [2005/07/27 20:26:01, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2005/07/27 20:26:01, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 5 bytes to socket 22: ERRNO = Connection reset by peer [2005/07/27 20:26:01, 0] lib/util_sock.c:send_smb(647) Error writing 5 bytes to client. -1. (Connection reset by peer) [EMAIL PROTECTED] samba]# cat 192.168.1.111.log [EMAIL PROTECTED] samba]# Any help is greatly apprciated I have been working on this problem for months and have not found the answer yet I was hoping the new version of samba would fix it but no such luck. I have also tried another wireless card with the same configurations and had the same results. I do not have another wired card to try. Both interfaces have 192.168.1.5 http://192.168.1.5(fangorn's IP address configured for wins. Also the laptop client is Windows XP Professional SP2 (I know I wish it didn't have sp2 but it came with it). The server (fangorn) is Redhat 9.0 with Samba 3.020. Thanks, Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdbedit - can't set password expiry, etc?
On Fri, 2005-07-29 at 14:28, Justin wrote: Hi All Have recently moved from a machine running 2.2 to a new machine running 3.0.10-1. I've just converted the smbpasswd database to tdbsam as I understand password ageing etc does not work with smbpasswd. I've set the line 'passdb backend = tdbsam' in the smb.conf, restarted the daemon and now I'm trying to force a user account to have to change his password the next time he logs in. I'm using the command #pdbedit -u justinh --pwd-must-change-time 0 and also tried #pdbedit --pwd-must-change-time=0 justinh but neither seems to modify the user; # pdbedit -Lv justinh Unix username:justinh NT username: Account Flags:[U ] User SID: S-1-5-21-179224907-3521905181-1287225574-2032 Primary Group SID:S-1-5-21-179224907-3521905181-1287225574-2201 Full Name:Justin.Hyde Home Directory: \\agnes\justinh HomeDir Drive: Logon Script: logon.bat Profile Path: \\agnes\justinh\profile Domain: MIDALIA Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sat, 14 Dec 1901 04:45:51 GMT Kickoff time: Sat, 14 Dec 1901 04:45:51 GMT Password last set:Fri, 29 Jul 2005 13:12:12 GMT Password can change: Fri, 29 Jul 2005 13:12:12 GMT Password must change: Sat, 14 Dec 1901 04:45:51 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF Can anyone suggest where I've gone wrong here? TIA Justin So nobody can offer a suggestion here? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] pdbedit - can't set password expiry, etc?
Hi All Have recently moved from a machine running 2.2 to a new machine running 3.0.10-1. I've just converted the smbpasswd database to tdbsam as I understand password ageing etc does not work with smbpasswd. I've set the line 'passdb backend = tdbsam' in the smb.conf, restarted the daemon and now I'm trying to force a user account to have to change his password the next time he logs in. I'm using the command #pdbedit -u justinh --pwd-must-change-time 0 and also tried #pdbedit --pwd-must-change-time=0 justinh but neither seems to modify the user; # pdbedit -Lv justinh Unix username:justinh NT username: Account Flags:[U ] User SID: S-1-5-21-179224907-3521905181-1287225574-2032 Primary Group SID:S-1-5-21-179224907-3521905181-1287225574-2201 Full Name:Justin.Hyde Home Directory: \\agnes\justinh HomeDir Drive: Logon Script: logon.bat Profile Path: \\agnes\justinh\profile Domain: MIDALIA Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sat, 14 Dec 1901 04:45:51 GMT Kickoff time: Sat, 14 Dec 1901 04:45:51 GMT Password last set:Fri, 29 Jul 2005 13:12:12 GMT Password can change: Fri, 29 Jul 2005 13:12:12 GMT Password must change: Sat, 14 Dec 1901 04:45:51 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF Can anyone suggest where I've gone wrong here? TIA Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] testparm dumping core
Hello everyone, I'm trying to run testparm to parse my config file and it's dumping out on me. I ran strace on it and received the following: [EMAIL PROTECTED] strace -vv /usr/local/bin/testparm execve(0xbfbfe800, [0xbfbfece8], [0xbfbfecf0]PIOCWSTOP: Input/output error [EMAIL PROTECTED] Load smb config files from /usr/local/etc/smb.conf I would include the core file but it's over 400M. Another problem is that smbd is crashing as well and dumping core. I don't know what brought this on, as things were working fine earlier. My system is FreeBSD-5.4-p2 and I'm using samba-3.0.14a,1 compiled from an updated ports collection. Any help is appreciated! - Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re: [Samba] Samba 3.0.10 - Error With Latest Win2K Patches
The patch fixes a 'drag and drop' vulnerability. The patch ID is: KB890047 http://www.microsoft.com/technet/security/bulletin/MS05-008.mspx?pf=true On Sat, 12 Feb 2005, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin Piszcz wrote: | I have found the problem; it was a single patch | from microsoft, remove it and fixed! :) which patch ? We'll need to fix Samba to work with it. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCDhRqIR7qMdg1EfYRAuLNAKCIKlVkgd68mlk/sq0iSJjTERVpRwCeIjzl 14bH6rODdhvzvnTCjhja2Mo= =Ti52 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re:Re: [Samba] Samba 3.0.10 - Error With Latest Win2K Patches
I can confirm by uninstalling and re-installing that patch the problem exists and is fixed by removing that patch on two separate windows 2000 professional (SP4) machines and additionally; another win2k box (sp1?) with no patches never had any problem during any of this (used as a control). On Sat, 12 Feb 2005, Doug VanLeuven wrote: Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin Piszcz wrote: | I have found the problem; it was a single patch | from microsoft, remove it and fixed! :) which patch ? We'll need to fix Samba to work with it. Samba 3.0.11, AIX 5.2 linux RH9 2.4.20-28.9smp win2000 clients all current hotfixes and winXP all current hotfixes are not having any problem dragging files to and from samba 3.0.11. Samba servers are 2003 AD native mode member machines. I have sendfile disabled on both OS otherwise mostly defaults. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.10 - Error With Latest Win2K Patches
When Microsoft released their 8-9 new patches this week, around Tuesday, 02/08/05; I can no longer copy files to any of my samba shares. Before Microsoft's patches, everything worked OK; I have multiple Linux SAMBA servers and two separate Windows 2000 Professional SP4 machines; each were patched. Trying to connect to any of the Samba servers I am running Samba 3.0.10 with Debian Sarge and kernel 2.6.10. When I try to drag any file over an (explorer window) with a (samba share) open it puts a circle with a (/) slash through it. When I run xcopy file.zip \\ip\share, it works. 1) I can remove a directory on my Samba share. 2) I can remove a file on my Samba share. 3) I can make a directory on my Samba share. 4) I cannot copy anything over to the Samba share (file, link or directory). Has anyone experienced these problems with the latest Windows 2000 Professional patches? What is the recommended fix? Please CC me as I am not on the list, thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re: [Samba] Samba 3.0.10 - Error With Latest Win2K Patches
Just a note: It has _ALWAYS_ worked, I applied the patches on Windows 2000 yesterday and it stopped working after that. Perhaps a Windows 2000 problem? Do you use Windows 2000 and have updated to the latest patches? *THAT* is when the error began! Here it is: # The global is required for all global virables. [global] # We want the workgroup set to WORKGROUP. workgroup = WORKGROUP # Set the server string to describe the machine. server string = %h - Pentium III 500MHZ # Set the interface so Samba only works with the LAN. interfaces = 192.168.0.0/24 # Make sure it only binds to this interface. bind interfaces only = yes # Set the security to user. security = user # Make sure encrypt passwords is on! encrypt passwords = yes # Increase overall throughput of samba. socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=32768 SO_RCVBUF=8192 # Set max xmit size. max xmit = 8192 [x] comment = x path= /d1/x writable= yes valid users = jpiszcz create mask = 644 On Fri, 11 Feb 2005, Andreas Koch wrote: Hi Justin, i have also W2K and samba 3.0.8-2 It's work fine. Send me please your smb.conf Andreas Am Freitag, den 11.02.2005, 06:20 -0500 schrieb Justin Piszcz: When Microsoft released their 8-9 new patches this week, around Tuesday, 02/08/05; I can no longer copy files to any of my samba shares. Before Microsoft's patches, everything worked OK; I have multiple Linux SAMBA servers and two separate Windows 2000 Professional SP4 machines; each were patched. Trying to connect to any of the Samba servers I am running Samba 3.0.10 with Debian Sarge and kernel 2.6.10. When I try to drag any file over an (explorer window) with a (samba share) open it puts a circle with a (/) slash through it. When I run xcopy file.zip \\ip\share, it works. 1) I can remove a directory on my Samba share. 2) I can remove a file on my Samba share. 3) I can make a directory on my Samba share. 4) I cannot copy anything over to the Samba share (file, link or directory). Has anyone experienced these problems with the latest Windows 2000 Professional patches? What is the recommended fix? Please CC me as I am not on the list, thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.10 - Error With Latest Win2K Patches
I really don't think Samba has anything to do with it as when I drag the cursor over the Window (in Windows) which contains the SMB share, Windows itself does not let me even copy or do anything over that window! Does anyone else have this problem? On Fri, 11 Feb 2005, Andreas Koch wrote: Yes i have the ServicePack 4 on my Win2K, and is works fine. Set your debug Level to 10 and debug it... I have not this Problem and the same Server and Client. I Think Win2K have a security-user Patch in the Service Pack 4 and this make your Problems. You must debug your Problem, or i hope other People can you help :-( Testing your Config with security = share or don't use the socket options Andreas Am Freitag, den 11.02.2005, 09:24 -0500 schrieb Justin Piszcz: Just a note: It has _ALWAYS_ worked, I applied the patches on Windows 2000 yesterday and it stopped working after that. Perhaps a Windows 2000 problem? Do you use Windows 2000 and have updated to the latest patches? *THAT* is when the error began! Here it is: # The global is required for all global virables. [global] # We want the workgroup set to WORKGROUP. workgroup = WORKGROUP # Set the server string to describe the machine. server string = %h - Pentium III 500MHZ # Set the interface so Samba only works with the LAN. interfaces = 192.168.0.0/24 # Make sure it only binds to this interface. bind interfaces only = yes # Set the security to user. security = user # Make sure encrypt passwords is on! encrypt passwords = yes # Increase overall throughput of samba. socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=32768 SO_RCVBUF=8192 # Set max xmit size. max xmit = 8192 [x] comment = x path= /d1/x writable= yes valid users = jpiszcz create mask = 644 On Fri, 11 Feb 2005, Andreas Koch wrote: Hi Justin, i have also W2K and samba 3.0.8-2 It's work fine. Send me please your smb.conf Andreas Am Freitag, den 11.02.2005, 06:20 -0500 schrieb Justin Piszcz: When Microsoft released their 8-9 new patches this week, around Tuesday, 02/08/05; I can no longer copy files to any of my samba shares. Before Microsoft's patches, everything worked OK; I have multiple Linux SAMBA servers and two separate Windows 2000 Professional SP4 machines; each were patched. Trying to connect to any of the Samba servers I am running Samba 3.0.10 with Debian Sarge and kernel 2.6.10. When I try to drag any file over an (explorer window) with a (samba share) open it puts a circle with a (/) slash through it. When I run xcopy file.zip \\ip\share, it works. 1) I can remove a directory on my Samba share. 2) I can remove a file on my Samba share. 3) I can make a directory on my Samba share. 4) I cannot copy anything over to the Samba share (file, link or directory). Has anyone experienced these problems with the latest Windows 2000 Professional patches? What is the recommended fix? Please CC me as I am not on the list, thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [SPAM] Re: Re: [Samba] Samba 3.0.10 - Error With Latest Win2K Patches
I have found the problem; it was a single patch from microsoft, remove it and fixed! :) On Fri, 11 Feb 2005, Andreas Koch wrote: Yes i have the ServicePack 4 on my Win2K, and is works fine. Set your debug Level to 10 and debug it... I have not this Problem and the same Server and Client. I Think Win2K have a security-user Patch in the Service Pack 4 and this make your Problems. You must debug your Problem, or i hope other People can you help :-( Testing your Config with security = share or don't use the socket options Andreas Am Freitag, den 11.02.2005, 09:24 -0500 schrieb Justin Piszcz: Just a note: It has _ALWAYS_ worked, I applied the patches on Windows 2000 yesterday and it stopped working after that. Perhaps a Windows 2000 problem? Do you use Windows 2000 and have updated to the latest patches? *THAT* is when the error began! Here it is: # The global is required for all global virables. [global] # We want the workgroup set to WORKGROUP. workgroup = WORKGROUP # Set the server string to describe the machine. server string = %h - Pentium III 500MHZ # Set the interface so Samba only works with the LAN. interfaces = 192.168.0.0/24 # Make sure it only binds to this interface. bind interfaces only = yes # Set the security to user. security = user # Make sure encrypt passwords is on! encrypt passwords = yes # Increase overall throughput of samba. socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=32768 SO_RCVBUF=8192 # Set max xmit size. max xmit = 8192 [x] comment = x path= /d1/x writable= yes valid users = jpiszcz create mask = 644 On Fri, 11 Feb 2005, Andreas Koch wrote: Hi Justin, i have also W2K and samba 3.0.8-2 It's work fine. Send me please your smb.conf Andreas Am Freitag, den 11.02.2005, 06:20 -0500 schrieb Justin Piszcz: When Microsoft released their 8-9 new patches this week, around Tuesday, 02/08/05; I can no longer copy files to any of my samba shares. Before Microsoft's patches, everything worked OK; I have multiple Linux SAMBA servers and two separate Windows 2000 Professional SP4 machines; each were patched. Trying to connect to any of the Samba servers I am running Samba 3.0.10 with Debian Sarge and kernel 2.6.10. When I try to drag any file over an (explorer window) with a (samba share) open it puts a circle with a (/) slash through it. When I run xcopy file.zip \\ip\share, it works. 1) I can remove a directory on my Samba share. 2) I can remove a file on my Samba share. 3) I can make a directory on my Samba share. 4) I cannot copy anything over to the Samba share (file, link or directory). Has anyone experienced these problems with the latest Windows 2000 Professional patches? What is the recommended fix? Please CC me as I am not on the list, thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.10 - Error With Latest Win2K Patches
Bogofilter needs to be trained. On Fri, 11 Feb 2005, JLB wrote: [SPAM]? Ur, what spam is this in response to? On Fri, 11 Feb 2005, Justin Piszcz wrote: Date: Fri, 11 Feb 2005 18:38:01 -0500 (EST) From: Justin Piszcz [EMAIL PROTECTED] To: Andreas Koch [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: Re: [SPAM] Re: Re: [Samba] Samba 3.0.10 - Error With Latest Win2K Patches I have found the problem; it was a single patch from microsoft, remove it and fixed! :) On Fri, 11 Feb 2005, Andreas Koch wrote: Yes i have the ServicePack 4 on my Win2K, and is works fine. Set your debug Level to 10 and debug it... I have not this Problem and the same Server and Client. I Think Win2K have a security-user Patch in the Service Pack 4 and this make your Problems. You must debug your Problem, or i hope other People can you help :-( Testing your Config with security = share or don't use the socket options Andreas Am Freitag, den 11.02.2005, 09:24 -0500 schrieb Justin Piszcz: Just a note: It has _ALWAYS_ worked, I applied the patches on Windows 2000 yesterday and it stopped working after that. Perhaps a Windows 2000 problem? Do you use Windows 2000 and have updated to the latest patches? *THAT* is when the error began! Here it is: # The global is required for all global virables. [global] # We want the workgroup set to WORKGROUP. workgroup = WORKGROUP # Set the server string to describe the machine. server string = %h - Pentium III 500MHZ # Set the interface so Samba only works with the LAN. interfaces = 192.168.0.0/24 # Make sure it only binds to this interface. bind interfaces only = yes # Set the security to user. security = user # Make sure encrypt passwords is on! encrypt passwords = yes # Increase overall throughput of samba. socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=32768 SO_RCVBUF=8192 # Set max xmit size. max xmit = 8192 [x] comment = x path= /d1/x writable= yes valid users = jpiszcz create mask = 644 On Fri, 11 Feb 2005, Andreas Koch wrote: Hi Justin, i have also W2K and samba 3.0.8-2 It's work fine. Send me please your smb.conf Andreas Am Freitag, den 11.02.2005, 06:20 -0500 schrieb Justin Piszcz: When Microsoft released their 8-9 new patches this week, around Tuesday, 02/08/05; I can no longer copy files to any of my samba shares. Before Microsoft's patches, everything worked OK; I have multiple Linux SAMBA servers and two separate Windows 2000 Professional SP4 machines; each were patched. Trying to connect to any of the Samba servers I am running Samba 3.0.10 with Debian Sarge and kernel 2.6.10. When I try to drag any file over an (explorer window) with a (samba share) open it puts a circle with a (/) slash through it. When I run xcopy file.zip \\ip\share, it works. 1) I can remove a directory on my Samba share. 2) I can remove a file on my Samba share. 3) I can make a directory on my Samba share. 4) I cannot copy anything over to the Samba share (file, link or directory). Has anyone experienced these problems with the latest Windows 2000 Professional patches? What is the recommended fix? Please CC me as I am not on the list, thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] upgrade to 3.0.11, lost domain control
Have you checked the domain for a master browser? It's possible that a Windows XP (or other) client has taken over whilst smbd was down. Do a browstat status from an XP machine and see what it reports. You may need to force a browser election. Justin On Wed, 2005-02-09 at 08:20, Gordon Russell wrote: Hello-- I upgraded my RH9 samba PDC server from 3.0.9pre3 to 3.0.11 using packaged RH9 rpm from samba site, using rpm -U samba*rpm. no complaints from rpm. samba stops/starts fine. However, clients can no longer log in to domain. All clients (W2k,XP) get the same error message The system could not log you on,...etc. clients can mount samba shares, however. I saved a copy of /etc/samba before the upgrade, and copied old secrets.tdb smbpasswd to /etc/samba/., but this made no difference, I still have no domain control. Im at a loss to where to go next and this will really be a drag tommorrow when everyone comes in to work if I cant get domain control working again thanks--- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + linux subdirectory 'other' permissions
Still struggling with this issue ... anyone able to provide some feedback please? On Tue, 2005-02-01 at 15:18, Justin wrote: Hi All I'm sure this is a fairly basic question out there for someone however I haven't had much luck googling for an answer hence I thought I'd try here. I'm having issues getting the correct permissions on a directory for the 'other' users. Each time a file is created in this subdirectory the permissions are set as -rw-rw and what I want to achieve is -rwxrwx-r-x In other words, read/write/execute for user and group but read only for other users. I have one parent directory shared as follows: [public] comment = Staff file sharing folders path = /home/public create mask = 0660 directory mask = 770 force create mode = 020 force directory mode = 020 read only = no writeable = yes guest ok = yes I want to create a sub directory under this parent directory with the permissions as indicated in my opening paragraph. Is that possible? TIA, Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba + linux subdirectory 'other' permissions
Hi All I'm sure this is a fairly basic question out there for someone however I haven't had much luck googling for an answer hence I thought I'd try here. I'm having issues getting the correct permissions on a directory for the 'other' users. Each time a file is created in this subdirectory the permissions are set as -rw-rw and what I want to achieve is -rwxrwx-r-x In other words, read/write/execute for user and group but read only for other users. I have one parent directory shared as follows: [public] comment = Staff file sharing folders path = /home/public create mask = 0660 directory mask = 770 force create mode = 020 force directory mode = 020 read only = no writeable = yes guest ok = yes I want to create a sub directory under this parent directory with the permissions as indicated in my opening paragraph. Is that possible? TIA, Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba member server user authentication
Hi List, I have a PDC running version 2.2.7a (RH9) and a member server running 3.0.10-1 (FC2). I'm trying to authenticate users who need to access the member server by utilising the username/passwords on the PDC however I'm not having much luck. I don't want to create/replicate any users on the member server. Is there any way to authenticate users with the PDC so as they can access resources etc on the member server? Basically what I wanted to do was authenticate against the samba PDC and map home directories to the another (member) server. Is this possible? Thanks in advance Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] mixed local roaming profiles?
Before I join all my W2K clients to my 3.0.8-2 Samba server (Debian), I plan to remove logon path = ... due to sporatic problems I'm seeing. We're only ~10 regular Windows2000 users, and ~30 VMware Win2K users, so roaming doesn't buy us much. However, it might be helpful if I could enable roaming either by user or by host, particularly with the VMware users. Is there a _simple_ option for this? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] root ownership on some profile files cause login errors
Okay, I'm making progress... here's a better directed question: The problem is that when a profile is created on the Samba server (pushed up from the Win2K client by Copy To... dialog, run as Local Admin) some of the profile files are owned by root and not readable by group or other. This task is performed by a local Administrator, and using my account zippy as the PDC admin login (admin users = @ntadmin) (I'm in Unix group 'ntadmin') What I did to fix my account's roaming profile was to (as root on the Samba server) chown -R zippy zippy and chmod -R 700 zippy So the question becomes: Will a create mask, directory mask, or force create mode fix this? For every profile I push up to the server do I need to login to the server and tweak permissions as root? Thanks again!! -Justin Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin Zachor wrote: | Here's another question related to how to use masks -- | | In my PDC area I specify: | | logon path = \\netapp\profiles\%u I recommend %U and not %u for the 'logon path' in most cases -snip- | So, is this the sytax for masks? | Do I add create mask = 0744 -OR- force create mask = 0744? | Where do I put it? Anywhere in smb.conf? | | Should the mask be 0077? (it's a mask, not chown | notation, right??) the 'create mask' is a bitwise logical AND with the requested permissions. The force create mode is a bitwise logical OR. -snip- admin users = @ntadmins ^^ It's probably this line. See the smb.conf(5) man page for details. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mixed local roaming profiles?
Nevermind -- I just clued in on the Profile Type dialog. Sorry for the static. -J Justin Zachor wrote: Before I join all my W2K clients to my 3.0.8-2 Samba server (Debian), I plan to remove logon path = ... due to sporatic problems I'm seeing. We're only ~10 regular Windows2000 users, and ~30 VMware Win2K users, so roaming doesn't buy us much. However, it might be helpful if I could enable roaming either by user or by host, particularly with the VMware users. Is there a _simple_ option for this? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] root ownership on some profile files cause login errors
On a newly migrated profile (migrated onto Samba server, from local) some files/dirs get root ownership. How can I stop this from happening, without having to manually adjust the permissions? Should I use force create mode = 0600 or force directory mode = 0700? If so, then where? For example drwx--2 root daemon4096 Nov 12 14:58 S-1-5-21-515... Windows cannot copy file \\netapp\profiles\user\Application Data\Microsoft\Protect\S-1-5-21-515...\ to location C:\Documents and Settings\user.FOOBAR\Application Data\Microsoft\Protect\S-1-5-21-515...\. Contact your network administrator. DETAIL - Access is denied. Windows cannot load the profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. smb.conf-- [global] # -- BEGIN PDC -- domain logons = yes logon path = \\netapp\profiles\%u logon drive = H: logon home = \\netapp\%u\.winprofile logon script = logon.bat add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/adduser --firstuid 9001 \ --lastuid 9500 \ --gid 9000 --home /dev/null --shell /bin/false \ --no-create-home \ --disabled-password --gecos %u Samba Machine Account \ --force-badname %u admin users = @ntadmins workgroup = FOOBAR # -- END PDC -- invalid users = root snip (many misc settings here -- omitted for ease of reading) [netlogon] comment = Network Logon Service browseable = no path = /var/lib/samba/netlogon read only = yes write list = @ntadmins #[profiles] #path = /var/lib/samba/profiles # path = /netapp/profiles ??? #read only = no #create mask = 0600 #directory mask = 0700 [homes] comment = Home Directories browseable = no force create mode = 0755 force directory mode = 0755 writable = yes Thanks in advance JAZ == -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] root ownership on some profile files cause login errors
Here's another question related to how to use masks -- In my PDC area I specify: logon path = \\netapp\profiles\%u This puts server-based (roaming) profiles on my Network Appliance (which itself is an SMB/PDC client). A previous admin here left this commented section: #[profiles] # path = /var/lib/samba/profiles # path = /netapp/profiles ??? # read only = no # create mask = 0600 # directory mask = 0700 So, is this the sytax for masks? Do I add create mask = 0744 -OR- force create mask = 0744? Where do I put it? Anywhere in smb.conf? Should the mask be 0077? (it's a mask, not chown notation, right??) PS, When I had Windows login trouble, these perms tweaks fixed it: /home/profiles# chown -R user user /home/profiles# chmod -R 700 user NOTE: We're using Samba as a PDC fine with the below smb.conf. So I don't want to muck up permission by adding an improper mask statement. So Again, this permissions issue only came up when I copied a profile from a local Win2K box to the PDC profile dir using local administrator Copy To... feature under System | User Profiles (control panel). Thanks again! -JAZ joec wrote: Try this: net mask = 0744 (or 755 depending on what you want the permissions to be) directory mask = 0755 Check a samba book for the correct options, but that is how I did the trick on my network at home. Joe Justin Zachor [EMAIL PROTECTED] wrote : On a newly migrated profile (migrated onto Samba server, from local) some files/dirs get root ownership. How can I stop this from happening, without having to manually adjust the permissions? Should I use quot;force create mode = 0600quot; or quot;force directory mode = 0700quot;? If so, then where? For example drwx--2 root daemon4096 Nov 12 14:58 S-1-5-21-515... quot;Windows cannot copy file \\netapp\profiles\user\Application Data\Microsoft\Protect\S-1-5-21-515...\ to location C:\Documents and Settings\user.FOOBAR\Application Data\Microsoft\Protect\S-1-5-21-515...\. Contact your network administrator. DETAIL - Access is denied.quot; quot;Windows cannot load the profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.quot; smb.conf-- [global] # -- BEGIN PDC -- domain logons = yes logon path = \\netapp\profiles\%u logon drive = H: logon home = \\netapp\%u\.winprofile logon script = logon.bat add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/adduser --firstuid 9001 \ --lastuid 9500 \ --gid 9000 --home /dev/null --shell /bin/false \ --no-create-home \ --disabled-password --gecos quot;%u Samba Machine Accountquot; \ --force-badname %u admin users = @ntadmins workgroup = FOOBAR # -- END PDC -- invalid users = root lt;snipgt; (many misc settings here -- omitted for ease of reading) [netlogon] comment = Network Logon Service browseable = no path = /var/lib/samba/netlogon read only = yes write list = @ntadmins #[profiles] #path = /var/lib/samba/profiles # path = /netapp/profiles ??? #read only = no #create mask = 0600 #directory mask = 0700 [homes] comment = Home Directories browseable = no force create mode = 0755 force directory mode = 0755 writable = yes Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] storing profiles on a 3rd host (NetApp), and [profiles] section of smb.conf
1. Is it okay to use an NFS-mounted path in the [profiles] path statement? 2. How do I make sure that owner permissions don't get set to root on certain profile files when the user profile is migrated to the PDC 'logon path' area? I've set out to move our Windows PCs into a samba PDC domain, and my first profile migration was tripped up by some improper permissions that were set on some of the profile files when I copied the profile (as Administrator, on the Windows client) from the Win2K client to the PDC. (this was using the typical Windows utility: System | User Profiles | Copy To...) Plus, our previous Samba admin set a few things in smb.conf that I don't understand: 1. There's a [profiles] section that is commented -- Can I change /var/lib/samba/profiles to a directory on our NetApp filer? (the Samba server has root privilege on the NetApp, and the NetApp is a PDC client of Samba). 2. Do I even need this section? The logon path = \\netapp\profiles\%u in PDC section seems to work somewhat, but my permissions need to be tweaked after being uploaded; How do I force create/directory modes? Should I use a [profiles] section for that? (please see smb.conf below) 3. In the [netlogon] section, can I move /var/lib/samba/netlogon to a path nfs-mounted from my NetApp? (e.g. would /netapp/samba/netlogon only be accessed by the smb/PDC daemon?) 4. path was left out of [Homes] section -- I don't know why this section has no paths. BTW, I know there's a ton of info on this around the web, but I didn't find much of anything written about this scenario, where the general file server is a third host, not the Samba server. Also, the NetApp can act as a PDC, but we're using NIS in a mostly Debian/Max OSX environment. What happens now: After adding a Win2K system to the domain, using local Administrator I copied a local user profile to \\netapp\profiles\user However, upon trying to login I get these errors: Windows cannot copy file \\netapp\profiles\user\Application Data\Microsoft\Protect\S-1-5-21-515...\ to location C:\Documents and Settings\user.FOOBAR\Application Data\Microsoft\Protect\S-1-5-21-515...\. Contact your network administrator. DETAIL - Access is denied. Windows cannot load the profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Performing a chown -R user:group to the profile makes the errors go away. Is there a better fix, such as Otto's notes below? Otto writes: http://lists.samba.org/archive/samba/1999-November/015480.html Excerpt of above URL -- use these in [profiles] section force create mode = 0600 force directory mode = 0700 Sure enough, permissions are: drwx--2 root daemon4096 Nov 12 14:58 S-1-5-21-515... Only after recursively chown'ing user's profile can they login: netapp:/profiles# chown -R user /profiles/user My setup is: - Debian Samba server - NetApp filer (fileserver) - Win2K clients smb.conf-- [global] # -- BEGIN PDC -- domain logons = yes logon path = \\netapp\profiles\%u logon drive = H: logon home = \\netapp\%u\.winprofile logon script = logon.bat add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/adduser --firstuid 9001 \ --lastuid 9500 \ --gid 9000 --home /dev/null --shell /bin/false \ --no-create-home \ --disabled-password --gecos %u Samba Machine Account \ --force-badname %u admin users = @ntadmins workgroup = FOOBAR # -- END PDC -- invalid users = root snip (many misc settings) [netlogon] comment = Network Logon Service browseable = no path = /var/lib/samba/netlogon read only = yes write list = @ntadmins #[profiles] #path = /var/lib/samba/profiles # path = /netapp/profiles ??? #read only = no #create mask = 0600 #directory mask = 0700 [homes] comment = Home Directories browseable = no force create mode = 0755 force directory mode = 0755 writable = yes Thanks in advance JAZ == -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] root ownership on some profile files cause login errors
On a newly migrated profile (migrated onto Samba server, from local) some files/dirs get root ownership. How can I stop this from happening, without having to manually adjust the permissions? Should I use force create mode = 0600 or force directory mode = 0700? If so, then where? For example drwx--2 root daemon4096 Nov 12 14:58 S-1-5-21-515... Windows cannot copy file \\netapp\profiles\user\Application Data\Microsoft\Protect\S-1-5-21-515...\ to location C:\Documents and Settings\user.FOOBAR\Application Data\Microsoft\Protect\S-1-5-21-515...\. Contact your network administrator. DETAIL - Access is denied. Windows cannot load the profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. smb.conf-- [global] # -- BEGIN PDC -- domain logons = yes logon path = \\netapp\profiles\%u logon drive = H: logon home = \\netapp\%u\.winprofile logon script = logon.bat add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/adduser --firstuid 9001 \ --lastuid 9500 \ --gid 9000 --home /dev/null --shell /bin/false \ --no-create-home \ --disabled-password --gecos %u Samba Machine Account \ --force-badname %u admin users = @ntadmins workgroup = FOOBAR # -- END PDC -- invalid users = root snip (many misc settings here -- omitted for ease of reading) [netlogon] comment = Network Logon Service browseable = no path = /var/lib/samba/netlogon read only = yes write list = @ntadmins #[profiles] #path = /var/lib/samba/profiles # path = /netapp/profiles ??? #read only = no #create mask = 0600 #directory mask = 0700 [homes] comment = Home Directories browseable = no force create mode = 0755 force directory mode = 0755 writable = yes Thanks in advance JAZ == -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] research inquiry
Greetings, I'm currently doing research into corporate contributions towards open source projects, such as Linux. One of the recent Credits Files lists Mr. Anton Blanchard as a contributor. Is Mr. Blanchard still an employee with the company? Also, does the company have any policies regarding open source contributions by employees? If so, are there any differences between on and off the clock contributions? Thanks very much for your time and apologies for posting on your mailing list. I did not find any other contacts on your website related to this side of your business. Best, Justin Orndorff _ MSN Toolbar provides one-click access to Hotmail from any Web page FREE download! http://toolbar.msn.click-url.com/go/onm00200413ave/direct/01/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] FreeBSD nss_winbind library broken (was: Samba requesting nonexistent keytab type?)
This should be fixed in the latest Samba 3.0 cvs tree. Please test the 3.0.2pre1 release which is due out tomorrow. Jerry, 3.0.2pre1 does indeed fix the Kerberos Unknown key table type problem, but winbind nss support under FreeBSD is broken. I filed a bug (#948) along with a simple patch which fixes the problem. Basically: winbind_nss_freebsd.c needs to be used along with winbind_nss_linux.c, not as a replacement. winbind_nss_freebsd.c is just a wrapper around the Linux/glibc NSS functions. I'm not sure if I changed the right configure variable in the patch, but I'm sure someone will correct me if I didn't. As a sidenote, winbind still doesn't work for me personally, but at least I can see that winbind is actually receiving and processing getpwnam/getgrent/etc requests now. :) -Justin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD nss_winbind library broken
Applied, thanks. Jeremy. As a sidenote, everything works Exactly As Expected now. Winbind is working flawlessly. Thanks, -Justin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba requesting nonexistent keytab type?
Hello, I have been working diligently since my last post to solve the error I've been receiving. I did manage to fix the credentials problem, but now I am at the same point where many others are, mainly, when doing hostname mapping (net use X: \\foo\bar), Samba prompts for a username and password and does not use Kerberos. In my error logs: [2004/01/05 15:51:59, 10] libads/kerberos_verify.c:create_keytab(56) creating keytab: MEMORY: [2004/01/05 15:51:59, 10] libads/kerberos_verify.c:create_keytab(59) going to krb5_kt_resolveunable to create MEMORY: keytab (Unknown Key table type) [2004/01/05 15:51:59, 3] libads/kerberos_verify.c:ads_verify_ticket(283) ads_verify_ticket: unable to setup keytab [2004/01/05 15:51:59, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to verify incoming ticket! [2004/01/05 15:51:59, 3] smbd/error.c:error_packet(118) error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE After looking at kerberos_verify.c and doing some debugging, I found exactly where the problem is occuring (I think). The krb5_kt_resolve immediately before is returning KRB5_KT_UNKNOWN_TYPE. Doing some looking at the source for MIT krb5, and a bit of reading, it looks like there are two key table types defined: FILE and WRFILE. Specifically, in lib/krb5/keytab/ktbase.c:krb5_kt_resolve(112), it cycles through a list of registered key table types, and MEMORY is definitely not one of them. It has no associated krb5_kt_ops struct, at least not one that I can locate. However, this definition _does_ exist in Heimdal Kerberos 0.6 (keytab_memory.c), along with a corresponding krb5_kt_ops struct. What gives? Am I just making this up, or does this seem slightly reasonable? I'm using FreeBSD 5.1; when I compiled Samba 3.0 with Heimdal (the system krb5 libs) I couldn't even get Samba to join a Windows 2003 domain, no matter what the krb5.conf said. Only after I went to MIT and recompiled was I able to join and do queries on the domain. Does anyone have Samba 3.0 + FreeBSD 5 + Heimdal working? If so, please let me know? :) Thoughts, questions, flames? Any errors are a result of my ignorance. -Justin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with Samba 3.0.1 authenticating through AD
Hello, I am trying to set up Samba 3.0.1 to be a member of Active Directory. The setup is very simple: There is one Windows 2003 AD server on the network. Samba is running on FreeBSD 5.1R. So far, I can successfully join the domain (using net ads join -U Administrator), and I can use kinit / smbclient successfully against the Windows domain controller (kinit [EMAIL PROTECTED] followed by smbclient -L \\host -k). However, whenever I try to authenticate against the machine running Samba from a Windows domain client, I get prompted for a username and password. Even if I enter in a valid domain username and password, Samba says that the password is incorrect. Here is my smb.conf: [global] server string = Samba 3.0 security = ads load printers = yes log file = /var/log/samba/log.%m max log size = 500 workgroup = REQUEST realm = CORP.REQUEST.COM encrypt passwords = yes debuglevel = 100 socket options = TCP_NODELAY local master = no wins support = yes wins server = 10.1.8.7 client use spnego = yes A full debug log can be found at http://www.aosda.net/samba.txt . I am confused by the fact that the logs seem to indicate it is using NTLM authentication - I thought with security = ads it was only supposed to use Kerberos? Also, is it possible to use security = ads along with nss_ldap (i.e. Samba would get a static uid/gid/etc from an AD server for local use)? I suppose I am a bit confused as to how these different parts work together. Essentially, I want statically mapped uid/gid's and usernames across all machines. Thanks for any help or pointers to documentation, -Justin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] User/groups between samba and active directory
I have an active directory server which I can authenticate to in order to access shares on the samba server (3.0.0). When I create a file on the samba server from a windows client the user name is DOMAIN+username and the group is DOMAIN+Domain Users. My question is how to set permissions on folders in linux to allow DOMAIN+Domain Users/username to create files without setting the permissions to world write access. Any good online reading about this anywhere? Justin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Failure joining W2k Domain [debug info included]
: Attempting host lookup for name deviant.corp-a.standingtrustee.com0x20 1 addresses returned internal_resolve_name: returning 1 addresses: 192.168.1.4 Connecting to 192.168.1.4 at port 445 socket option SO_KEEPALIVE = 0 socket option SO_REUSEADDR = 0 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 4 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_REUSEPORT = 0 socket option SO_SNDBUF = 33304 socket option SO_RCVBUF = 57920 socket option SO_SNDLOWAT = 2048 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 write_socket(7,168) write_socket(7,168) wrote 168 got smb length of 107 size=107 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=11905 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=7 (0x7) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=1024 (0x400) smb_vwv[4]=65 (0x41) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=64768 (0xFD00) smb_vwv[10]=243 (0xF3) smb_vwv[11]=36864 (0x9000) smb_vwv[12]=56540 (0xDCDC) smb_vwv[13]=28020 (0x6D74) smb_vwv[14]=50110 (0xC3BE) smb_vwv[15]=11265 (0x2C01) smb_vwv[16]=2049 (0x801) smb_bcc=38 [000] 8B F5 07 D9 CE 5D D6 2B 43 00 4F 00 52 00 50 00 .].+ C.O.R.P. [010] 2D 00 41 00 00 00 44 00 45 00 56 00 49 00 41 00 -.A...D. E.V.I.A. [020] 4E 00 54 00 00 00 N.T... size=107 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=11905 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=7 (0x7) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=1024 (0x400) smb_vwv[4]=65 (0x41) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=64768 (0xFD00) smb_vwv[10]=243 (0xF3) smb_vwv[11]=36864 (0x9000) smb_vwv[12]=56540 (0xDCDC) smb_vwv[13]=28020 (0x6D74) smb_vwv[14]=50110 (0xC3BE) smb_vwv[15]=11265 (0x2C01) smb_vwv[16]=2049 (0x801) smb_bcc=38 [000] 8B F5 07 D9 CE 5D D6 2B 43 00 4F 00 52 00 50 00 .].+ C.O.R.P. [010] 2D 00 41 00 00 00 44 00 45 00 56 00 49 00 41 00 -.A...D. E.V.I.A. [020] 4E 00 54 00 00 00 N.T... write_socket(7,178) write_socket(7,178) wrote 178 got smb length of 129 size=129 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49153 smb_tid=0 smb_pid=11905 smb_uid=2048 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=129 (0x81) smb_vwv[2]=0 (0x0) smb_bcc=88 [000] FD 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [010] 00 35 00 2E 00 30 00 00 00 57 00 69 00 6E 00 64 .5...0.. .W.i.n.d [020] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 [030] 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 00 6E . .L.A.N . .M.a.n [040] 00 61 00 67 00 65 00 72 00 00 00 43 00 4F 00 52 .a.g.e.r ...C.O.R [050] 00 50 00 2D 00 41 00 00 .P.-.A.. size=129 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49153 smb_tid=0 smb_pid=11905 smb_uid=2048 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=129 (0x81) smb_vwv[2]=0 (0x0) smb_bcc=88 [000] FD 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [010] 00 35 00 2E 00 30 00 00 00 57 00 69 00 6E 00 64 .5...0.. .W.i.n.d [020] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 [030] 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 00 6E . .L.A.N . .M.a.n [040] 00 61 00 67 00 65 00 72 00 00 00 43 00 4F 00 52 .a.g.e.r ...C.O.R [050] 00 50 00 2D 00 41 00 00 .P.-.A.. session setup ok Domain=[CORP-A] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] write_socket(7,62) write_socket(7,62) wrote 62 got smb length of 35 size=35 smb_com=0x75 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=49153 smb_tid=0 smb_pid=11905 smb_uid=2048 smb_mid=1 smt_wct=0 smb_bcc=0 failed tcon_X Error connecting to deviant.corp-a.standingtrustee.com - NT_STATUS_ACCESS_DENIED This is my first attempt at joining a W2K domain with Samba, however I require winbind capabilities for user authentication and file sharing from this machine. Any help would be apprciated! Thanx, Justin Crone Systems Manager Office of the Chapter 13 Standing Trustee Isabel C. Balboa Standing Trustee Telephone: 856.663.5002 Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] sysconfdir
I compiled samba 3.0.0 with the following configure options: ./configure --prefix=/usr --sysconfdir=/etc/samba --with-privatedir=/etc/ samba/private --with-ldap --with-ads --with-krb5=/usr --with-smbmount --without-sys-quotas The problem is that it seems to disregard the sysconfdir param and looks for the smb.conf file in /usr/lib/. Any help? Thanks Justin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] authentication question: pptp tunnels for cisco vpn 3000
I have a Cisco VPN Concentrator 3000, It has the ability to auth PPTP tunnels off of a WinNT Domain controler. Well, I to use my samba3 box instead of a WinNT box. I have samba3 running off of an LDAP back end. Anyway, I setup the VPN Concentrator to auth off of the samba box, and when I test it with the test option, and it works, but when I try to auth a pptp tunnel, it fails saying the password is wrong. Any ideas? My vote is for the stupid concentrator to meet some thermite or a metal baseball batt. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] authentication question: pptp tunnels for cisco vpn 3000
I will next week. On Fri, 2003-10-31 at 19:38, Jeremy Allison wrote: On Fri, Oct 31, 2003 at 07:35:18PM -0500, Justin Kreger wrote: I have a Cisco VPN Concentrator 3000, It has the ability to auth PPTP tunnels off of a WinNT Domain controler. Well, I to use my samba3 box instead of a WinNT box. I have samba3 running off of an LDAP back end. Anyway, I setup the VPN Concentrator to auth off of the samba box, and when I test it with the test option, and it works, but when I try to auth a pptp tunnel, it fails saying the password is wrong. Any ideas? My vote is for the stupid concentrator to meet some thermite or a metal baseball batt. Can you send in a debug level 10 of the concentrator trying to auth against the smbd ? That might help. Jeremy. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Quickbooks revisited
Well, since Intuit strongly recommends not letting your QB data file get much bigger than 40MB for this very reason, I would say the file size is your problem. Just checked the db that is on our servers, one is only 10 megs, the other is only 1 meg. /me bashes quickbooks I've been trying to get our Comptroller to look at it, but he's pushing for MAS90 because thats what he knows (I guess its good, but its expensive). MAS90 is a very good product, but it raises hell even on NT servers. At one job we had mas90, we had sage (they changed their name after a class action lawsuit regarding year 2000 bugs) come in and fix our problems... they were never able to fix them completely, apparently, they spent lots of time hacking our server's registry, from what I've read about what happened (they visited before I started), they essentially hacked NT to turn off all file locking... fun fun. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Win2k File Locking/performance/getting kicked off (kindawas: quickbooks)
Ok, My controller continues to have issues. I'm getting fed up as he is, and I'm disabling file locking for him tonight, but apparently, word/excel are locking up and coming up with debug screens. I don't necessarily think these problems are dude to samba, but as always, I must eliminate all possibilities. The controler uses Win2k Pro, He says it takes 5+ minutes to open word/excel, that they are just crashing when interacting with the server, and that he is getting the good old disconnected, etc etc message from quickbooks. Anybody else running into simular problems with win2k? signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] what is the default amount of time that smbpasswdincrements the sambaPwdMustChange value
So I get a phone call about my companie's controler not being able to log into samba. About two weeks ago we migrated from Win2k Server to Samba running on LDAP. What would be the default value that sambaPwdMustChange would be incremented? This is NT Time Right (1 unit for every 100 ms from 1600 right?) I just had to bump everybody what I'm guessing is three weeks, but I need to know soon so I don't get woken up out of bed again! signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Quickbooks revisited
How about mas90? /me runs On Thu, 2003-06-19 at 14:31, Brandon Lederer wrote: Quickbooks is SO slow, we are having all of the same issues listed here. Our QB file is about 250 MB and is slow as a turtle. It is nearly unusable in a networked environment. If i put the file on the Local Machine, it is fine. It is only Slightly faster on a win2k server, i believe. Im not convinced its samba by any stretch. But can anyone reccomend a better product, cuz this product (QB) is terrible. -Original Message- From: Justin Kreger [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2003 12:04 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [Samba] Quickbooks revisited -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] WinXP can`t log on Samba PDC
So what does this XP Patch do? In regards to XP, I have XP Home and Pro laptops that have issues when talking to samba, they connect, then eventually time out, or disconnect, upon reconnect, XP tries to log in with administrator or a blank username. Its driving me to insomnia because I work third shift, and my coworkers batty because they keep having to call me during the day. On Wed, 2003-06-18 at 23:39, Mark wrote: You need the XP signorseal registry patch. Download it, apply and reboot the pc. http://us1.samba.org/samba/ftp/docs/Registry/WinXP_SignOrSeal.reg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gino Vergara Sent: Wednesday, June 18, 2003 7:36 PM To: [EMAIL PROTECTED] Subject: [Samba] WinXP can`t log on Samba PDC I`m folowing the steps on the unofficial Samba how to. I already join my WinXP box to the domain but I can`t login from my WinXP box after restart. There is an error message that sais: Windows can`t connect to the domain because the domain controller is unable or I`m using Samba-2.2.7a on red hat 9.0 with kernel 2.4.20-18.9 this is my smb.conf [global] domain logons = yes encrypt passwords = yes guest account = smbguest log level = 2 log file = /var/log/samba.log logon drive = p: netbios name = server os level = 99 preferred master = yes security = user socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins support = yes workgroup = workgroup [public] path = /tmp guest ok = yes writeable = yes EOF I already made the changes on regedit in my WinXP box. this is how vipw looks like: gino:x:500:500::/home/gino:/bin/bash R32$:x:1200:300:workstation:/dev/null:/bin/false this vigr: gino:x:500: R32:x:1200: workstation::300: -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] WinXP can`t log on Samba PDC
On Thu, 2003-06-19 at 00:32, Mark wrote: From the actual reg file itself This registry key is needed for a Windows XP Client to join and logon to a Samba domain. I felt like a dummy when I opened up that file and looked at it. Keep in mind that if you are using Samba in a workgroup setting, the patch is not needed. Also the patch is only good for XP ProXP does not support domain logins. Yeah, I hate that some users have home, I'm itching to move everybody to a domain.. I figure even though I hate windows, I might as well use it's best features. As far as XP timing out or disconnecting, do you mean the actual mapped drives timeout and lose connection.?? One thing my I have found that helps eleviate this particular issue is to turn off the web client service if you do not use it. Web Client Service? What is that? Keep in mind, I've been slowly going to Linux over the last 7 years, and I don't have a windows box to my name, I only have to support XP because ppl like it where I work :( I think I need to start hinting with all the Redhat 9 Demo Cds I have in my appartment. Now with XP loginng in with the admin password, I am not sure about this one. It will probably get fixed in service pack 12 :-). Seriously maybe some one else knows. Geee... I have a strange feeling its some stupid setting that the windows admin has been setting laptops up with, I finally had her fedex me a laptop that she had just setup so I can check inter-op correctly. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Quickbooks revisited
What about file locking? I've run into lots of file locking problems, leading me to slowly just turn off file locking on several shares due to quickbooks. My user also reports that quickbooks is now slower since I took the server to linux/samba from the win2k server that was limited to . On Tue, 2003-06-17 at 16:03, [EMAIL PROTECTED] wrote: I have QucikBooks on our network too. I have had a number of problems with this crappy software. If my client actually wanted me too I'd rather create my own accounting software with a better interface and a mysql backend but that isn't going to happen. A few things with QuickBooks that I have noticed that maybe will help. #1. QuickBooks in multi-user mode is much slower than in single user mode. This is the (crappy) design of QuickBooks. It has to do with the fact that QuickBooks checks everything everywhere when in multiuser mode to make sure that no data gets corrupted (even though it has corrupted before). Our company datafile is around ~180mb. #2. This problem will not be solved easily at all. Quickbooks appears to be as slow as the weakest client link. In our case a P2 300 w/ 64 megs of ram. Again, this has to do with #1. #3. Upgrading Quickbooks won't help. We've had many versions in the past and currently run the Enterprise Edition. It still can be as slow as a turtle under certain operations. #4. My biggest complain with this software is that it requires it's users to be Power Users. Boy do I hate that With samba it's very difficult for me to limit a Power user's ability and I have had people take advantge of it repeatedly. Damn QuickBooks -Peter signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3.0b1 Issues with XP, LDAP, and ACLs
Okay, I've got a decently sized network (well, very large, multiple locations, and a small number of users... 10-15, but multiple servers). I've got Win2k, XP Home, XP Pro accessing these servers. The servers are running a version of Samba3.0b1 I pulled from CVS a few days before the offical announcement. I'm seeing some really odd behaviour with it all. I honeslty think i'm looking at client side issues, but I need to explore all options. With Win2k, I have a user having issues with lock files not being reset, samba reports that the client stopped responding after it initiated the removal of the lock. With XP Home/Pro I'm seeing some weird Authentication issues. Mainly on XP Home, it suddenly decides that it needs to authenticate with the username Administrator instead of the user's actual user name. What worries me most is that these users are claiming to be connecting, and there is NOTHING in the logs unless I turn on full debugging output. I'm also seeing some weird behaviour with XP if the user's password is changed in LDAP, but i'm sure that is a client side issue with XP caching passwords. Also, on XP, I'm getting users reporting access denied attempting to write new files, even though the POSIX ACLs on the file system say they always should be able to write. With Win2k, The ACL interaction is perfect, I've had 0 problems with the ACLs and Win2k. I've also noticed some browse list issues with nautilus (whatever that file/web browser for gnome is that supports getting a browse list by doing smb://) I don't see all of the servers in the list, this may be because they are on different subnets, but they are all operating off the same wins servers and I don't even see one of the wins servers in nautilus or in windows *ugh*. nautilus never prompts for a login/password when trying to connect to the servers. Looking at the talking using etherreal shows it only tries to auth and the server disconnects them. This behaviour on the server's part could be part of my issues with my XP users as none of them use the same passwd for thier laptops. With LDAP, for some reason samba keeps 8+ connections at any given time with no users logged in. Any reason why this is? TIA, -LW signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Local guru wanted: Fort Wayne Indiana
My company is looking for a local computer guru who could do hourly or contract work. If you have experience with at least two of these technologies: PostgreSQL, Access 97, FreeBSD and Samba, please drop us an email with point of contact info. We are located in Fort Wayne Indiana and you must submit a telephone number that is in our area code to be considered. Thank you, Justin Tocci Tailored Logistics Corporation phone 260.490.6533 x107 fax 260.490.8454 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: XP irratic delay in opening files....
This server has 512MB and only has 8 XP machines connected to it... Justin On Mon, 2003-02-24 at 21:55, Nolan Garrett wrote: I experienced the same problem - it was fixed when I added more RAM to the server. Nolan Justin Anderson wrote: I think this sorts out the problem, I had some one try it out tonight a couple of times (seems to be fine) but will try it out tomorrow to make absolutely sure... oplocks = False level2oplocks = False added to the samba config file Cheers Justin. On Mon, 2003-02-24 at 20:31, Justin Anderson wrote: Hi all I am fairly new to samba and XP. I have a client who we set up a samba server for, they are complaining about documents taking about 30 secs -2-3mins to open but only sometimes (it can be very frequent). I have seen this and captured a piece of the log file I wonder if any one can make any sense of it... I have been looking on the net and trying various things all day but to no avail... 2003/02/24 15:53:42, 3] smbd/trans2.c:call_trans2qfilepathinfo(1560) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 257 [2003/02/24 15:53:42, 3] smbd/trans2.c:call_trans2qfilepathinfo(1646) call_trans2qfilepathinfo Saranes_Documents/NJC/Invoices/NJC Invoice25 R001.xls level=257 call=7 total_data=0 [2003/02/24 15:53:42, 3] smbd/process.c:process_smb(860) Transaction 7344 of length 120 [2003/02/24 15:53:42, 3] smbd/process.c:switch_message(667) switch message SMBtrans2 (pid 10033) [2003/02/24 15:53:42, 3] smbd/sec_ctx.c:set_sec_ctx(313) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2003/02/24 15:53:42, 3] smbd/sec_ctx.c:set_sec_ctx(319) 1 user groups: 99 [2003/02/24 15:53:42, 3] smbd/trans2.c:call_trans2setfilepathinfo(2350) call_trans2setfilepathinfo(8) Saranes_Documents/NJC/Invoices/NJC Invoice25 R001.xls info_level=257 totdata=40 [2003/02/24 15:53:42, 3] smbd/process.c:process_smb(860) Transaction 7345 of length 45 [2003/02/24 15:53:42, 3] smbd/process.c:switch_message(667) switch message SMBclose (pid 10033) [2003/02/24 15:53:42, 3] smbd/sec_ctx.c:set_sec_ctx(313) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2003/02/24 15:53:42, 3] smbd/sec_ctx.c:set_sec_ctx(319) 1 user groups: 99 [2003/02/24 15:53:42, 3] smbd/reply.c:reply_close(2926) close fd=22 fnum=12979 (numopen=2) [2003/02/24 15:53:42, 2] smbd/close.c:close_normal_file(210) nobody closed file Saranes_Documents/NJC/Invoices/NJC Invoice25 R001.xls (numopen=1) [2003/02/24 15:53:42, 3] smbd/process.c:process_smb(860) Transaction 7346 of length 142 [2003/02/24 15:53:42, 3] smbd/process.c:switch_message(667) switch message SMBntcreateX (pid 10033) [2003/02/24 15:53:42, 3] smbd/sec_ctx.c:set_sec_ctx(313) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2003/02/24 15:53:42, 3] smbd/sec_ctx.c:set_sec_ctx(319) 1 user groups: 99 [2003/02/24 15:53:42, 3] lib/util.c:unix_clean_name(387) unix_clean_name [/Saranes_Documents/NJC/Invoices/NJC Invoice25 R001.xls] [2003/02/24 15:53:42, 3] smbd/dosmode.c:unix_mode(111) unix_mode(Saranes_Documents/NJC/Invoices/NJC Invoice25 R001.xls) returning 0744 [2003/02/24 15:53:42, 3] lib/util.c:unix_clean_name(387) unix_clean_name [Saranes_Documents/NJC/Invoices/NJC Invoice25 R001.xls] [2003/02/24 15:53:42, 4] smbd/open.c:open_file_shared(778) calling open_file with flags=0x0 flags2=0x0 mode=0744 [2003/02/24 15:53:42, 2] smbd/open.c:open_file(213) brigitte opened file Saranes_Documents/NJC/Invoices/NJC Invoice25 R001.xls read=Yes write=No (numopen=2) [2003/02/24 15:53:42, 3] smbd/oplock_linux.c:linux_set_kernel_oplock(182) set_file_oplock: got kernel oplock on file Saranes_Documents/NJC/Invoices/NJC Invoice25 R001.xls, dev = 903, inode = 13385874, file_id = 2048 [2003/02/24 15:53:42, 3] smbd/process.c:process_smb(860) Transaction 7347 of length 63 [2003/02/24 15:53:42, 3] smbd/process.c:switch_message(667) switch message SMBreadX (pid 10033) [2003/02/24 15:53:42, 3] smbd/sec_ctx.c:set_sec_ctx(313) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2003/02/24 15:53:42, 3] smbd/sec_ctx.c:set_sec_ctx(319) 1 user groups: 99 [2003/02/24 15:53:42, 3] smbd/reply.c:reply_read_and_X(2381) readX fnum=12980 min=4096 max=4096 nread=4096 [2003/02/24 15:53:42, 3] smbd/process.c:process_smb(860) Transaction 7348 of length 142 [2003/02/24 15:53:42, 3] smbd/process.c:switch_message(667) switch message SMBntcreateX (pid 10033) [2003/02/24 15:53:42, 3] smbd/sec_ctx.c:set_sec_ctx(313) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2003/02/24 15:53:42, 3] smbd/sec_ctx.c:set_sec_ctx(319) 1 user groups: 99 [2003/02/24 15:53:42, 3] lib/util.c:unix_clean_name(387) unix_clean_name [/Saranes_Documents/NJC/Invoices/NJC Invoice25 R001.xls] [2003/02/24 15:53:42, 3] smbd/dosmode.c:unix_mode(111) unix_mode
[Samba] XP irratic delay in opening files....
) Transaction 7348 of length 76 [2003/02/24 15:53:42, 3] smbd/process.c:switch_message(667) switch message SMBtrans2 (pid 10033) [2003/02/24 15:53:42, 2] smbd/process.c:switch_message(678) switch_message: queueing message due to being in oplock break state. [2003/02/24 15:53:42, 3] smbd/oplock.c:initial_break_processing(491) initial_break_processing: called for dev = 903, inode = 13385874 file_id = 2048 Current oplocks_open (exclusive = 1, levelII = 0) This is the point at which it waits for some time Thanks in advance Justin Anderson -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
