[Samba] Problems with nobody processes in Samba 3.0.4
Hi, Hopefully someone can help me with this because its driving me up the wall. I admin a Samba PDC which authenticates through an LDAP backend. Both the samba server and pam authenticate through the entries in the LDAP database. I recently upgraded to 3.0.4 to combat the M$ hotfix that destroyed password changing. Since then things have been squiffy. All runs fine (apart from a grouping problem that I shall describe later) until a rogue samba thread appears which is owned by nobody. PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 2639 root 20 0 13844 3832 804 S40.8 1.5 4317m 0 slapd 7889 nobody15 0 1528 492 372 S 4.9 0.1 76:19 0 smbd This particular top output is probably a bad example because the nightly backups are running at the same time. However the exhaustion of slapd as shown above occurs at the same time as this nobody thread appears. When the backup is not running the smbd thread usually hits about 40% CPU as well leading to a very congested fileserver. At this point the network slows to a crawl, killing these processes stops the slapd cpu usage but seems then to corrupt peoples smb sessions which seems to suggest the process is actually associated with a user. In trying to track down this bug I've rearranged the entire ldap tree; we used to have an ou=smb tree for all samba classes and ou=People and ou=Group trees for all the posix classes. These have ow been rearranged so that ou=People,ou=Computers and ou=Group exist with both their posix and samba attributes in each respective tree. I would really, really appriciate any help that you people can give. I've had success tracking down samba problems in the past but this one has me. -- One other problem which has confused me also exists. Now I don't know if this is related to the above or not (hence the line). We map the unix group users to Domain Users in windows. The correct entry in ou=Group exists dn: cn=users,ou=Group,dc=kwltd,dc=com sambaSID: S-1-5-21-661346169-342852810-2564848181-513 gidNumber: 100 displayName: Domain Users description: Domain Users objectClass: posixGroup objectClass: sambaGroupMapping cn: users sambaGroupType: 2 memberUid: root,test1645,test2 memberUid: test2711 memberUid: mwright memberUid: solitaire$ . . Such that if you run: [EMAIL PROTECTED] root]# id mwright uid=1016(mwright) gid=1000(smbadmin) groups=1000(smbadmin),100(users) [EMAIL PROTECTED] root]# I am clearly a member of the users group, however I do not show up in the Domain Users group in USRMGR. Further if I attempt to add myself I'm told I'm already in the group. Any ideas on this one?? Regards, Matt Wright Matt Wright Consulting [EMAIL PROTECTED] (Bcc: Phil Cooper) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 beta 1, LDAP and USRMGR
Hi, I've now got my Samba 3 domain successfully configured apart from a minor detail. When I use USRMGR to try and add a new user I get The filename, directory name, or volume label syntax is incorrect. About 10 minutes ago I successfully joined this machine to the domain and tested that the server correct adds all my details to the LDAP server. I'm confused, if you tell usrmgr to Copy a user it allows you to the copy dialog but gives the same error when you add however if you refresh the list it has actually added the user. I've got another, almost identical, setup at home but with using the ldapsam backend, it works perfectly (apart from not being able to use the delete in usrmgr). It's the same version (Samba 3.0beta1) as this one. Any ideas? Matt -- Quantum canis ille in fenestra est? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP and Samba 3 Beta 1
Hi, I have a slight problem, I've got the new Samba 3 Beta 1 on a machine. I've finally had chance to get to a VNC machine so that I can sort out the client side of things. I've hit a slight snag. LDAP seems to be working fine, I can log in etc etc through LDAP (once I realised you need guest as a backend to login) but when I open user manager on an XP client I get: [2003/06/13 22:46:58, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(2724) ldapsam_search_one_group: searching for:[((objectClass=sambaGroupMapping)(gidNumber=16))] [2003/06/13 22:46:58, 0] passdb/pdb_ldap.c:ldapsam_open(436) ldapsam_open: cannot access LDAP when not root.. [2003/06/13 22:46:58, 1] passdb/pdb_ldap.c:ldapsam_retry_open(521) Connection to LDAP Server failed for the 1 try! [2003/06/13 22:46:58, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2736) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access)ldapsam_search_one_group: Query was: ou=smb,dc=kwltd,dc=com, ((objectClass=sambaGroupMapping)(gidNumber=16)) [2003/06/13 22:46:58, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(2724) ldapsam_search_one_group: searching for:[((objectClass=sambaGroupMapping)(gidNumber=78))] There's loads of these, I've tried ldapsearch -x and that returns fine. I've checked teh smbpasswd -w and re-set the password to its proper setting. Any ideas people? Regards, Matt -- Quantum canis ille in fenestra est? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and LDAP
Hey guys, After having got ACL and Samba working I'm now onto getting LDAP support running as well. I've compiled my Samba 3 with --with-ldap, (I'm actually compiling it as an RPM as it needs to go on a RedHat machine this time) The include/config.h shows that LDAP successfully compiled but when I come to setting up LDAP in smb.conf testparm gives the following: Unknown parameter encountered: ldap bind as Ignoring unknown parameter ldap bind as Unknown parameter encountered: ldap passwd file Ignoring unknown parameter ldap passwd file Unknown parameter encountered: ldap server Ignoring unknown parameter ldap server Unknown parameter encountered: ldap scope Ignoring unknown parameter ldap scope Which is odd considering that they are in the smb.conf man page as part of the new experimental LDAP. So I ran testparm -s /dev/null -v | grep ldap and got hte follow: ldap suffix = ldap machine suffix = ldap user suffix = ldap filter = (uid=%u) ldap admin dn = ldap ssl = ldap passwd sync = no ldap trust ids = No ldap delete dn = No So there is some LDAP stuff in the samba compile I did just not the main stuff like what server I'm going to use and the password etc etc. Any ideas people, or have I forgotten a compile switch?? Regards, Matt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP
Hi, I've used the Samba 3.0alpha24 SRPM off the samba website. Just after I emailed you I checked the man pages that I got when I compiled my version for debian from the unstable Samba 2.999+3.0alpha24 deb sources and foudn the correct information. Should the new man pages be coming up and if so is this an RPM problem?? I got the right settings in the end passdb backend = ldapsam etc. Just need to get my unix add script going as it doesn't like adding without unix user. Regards, Matt On Sunday 08 June 2003 11:56, Andrew Bartlett wrote: On Sun, 2003-06-08 at 20:29, Matt Wright wrote: Hey guys, After having got ACL and Samba working I'm now onto getting LDAP support running as well. I've compiled my Samba 3 with --with-ldap, (I'm actually compiling it as an RPM as it needs to go on a RedHat machine this time) The include/config.h shows that LDAP successfully compiled but when I come to setting up LDAP in smb.conf testparm gives the following: Unknown parameter encountered: ldap bind as Ignoring unknown parameter ldap bind as Unknown parameter encountered: ldap passwd file Ignoring unknown parameter ldap passwd file Unknown parameter encountered: ldap server Ignoring unknown parameter ldap server Unknown parameter encountered: ldap scope Ignoring unknown parameter ldap scope Which is odd considering that they are in the smb.conf man page as part of the new experimental LDAP. Which manpage? Where? The Samba 3.0 beta should not have these documented anywhere, as most of these have not been in Samba for a *long* time. LDAP server has been moved to a parameter in the 'passdb backend' parameter. So I ran testparm -s /dev/null -v | grep ldap and got hte follow: ldap suffix = ldap machine suffix = ldap user suffix = ldap filter = (uid=%u) ldap admin dn = ldap ssl = ldap passwd sync = no ldap trust ids = No ldap delete dn = No So there is some LDAP stuff in the samba compile I did just not the main stuff like what server I'm going to use and the password etc etc. These are specified differently - see the documentation. Any ideas people, or have I forgotten a compile switch?? Regards, Matt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Retry: RedHat, XFS, and ACL Support
Hi, I've been trying to do this compile as well (but on Debian) however it seems that some of the acl functions have been moved from the acl libs to attr. I can get Samba to compile by adding -lattr to the places in configure where -lacl occur. Regards, Matt PS. I haven't actually got samba 3 to recoginse my acl's on the drive once it's compiled, not sure what's wrong but it's compiled and the ACL's work on the disk as samba 2.2.x sees them. On Thursday 05 June 2003 13:41, Dragan Krnic wrote: make sure you have the devel packages for ACL and EA (acl-devel and attr-devel) Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! http://login.mail.lycos.com/r/referral?aid=27005 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] User Manager for Domains
Hi, Now ACL's work I'm up against another hurdle, I've got UMFD connected to my Samba 3 PDC. I have the following lines in my smb.conf. The adding user's works perfectly. add user script = /usr/sbin/useradd -m -g 100 -s /bin/bash %u add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false %u delete user script = /usr/sbin/userdel %u When I ask UMFD to delete a user I get: [2003/06/05 16:22:28, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2513) Returning domain sid for domain HOME - S-1-5-21-906874104-2335227451-3449403371 [2003/06/05 16:22:28, 0] rpc_server/srv_samr_nt.c:_samr_unknown_2d(4211) _samr_unknown_2d: Not yet implemented. So it looks like the delete function isn't implemented, but I could have sworn I've used it before?? Regards, matt -- Quantum canis ille in fenestra est? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0 and ACL's
Hi, I've been trying to update my samba installation from samba 2.2.x to samba 3.0. I use Debian r3.0 Stable and have one partition that is XFS with ACL's. After compiling Samba 3.0alpha24 I found that the ACL were not being enabled even though all my libraries were in place. After opening ./configure I found that the -lattr flag is needed when compiling the ACL test programs. Once Samba 3 was compiled and installed the ACL's on the XFS drive do not permeate through to Samba, they worked correctly in version 2.2.x. I realise that Samba 3 is a development version but I can't find out if ACL's are supposed to be working or not, I can't see anything wrong with my setup. If you need more information please don't hesitate to email me. Regards, Matt Wright -- Quantum canis ille in fenestra est? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba