[Samba] Samba and connections to LDAP timeout
Hi We have an all SAMBA Domain (all samba-3.0.23d) running with two OpenLDAP servers (2.3.27). We experience quite a few NT_STATUS_IO_TIMEOUTs when using smbclient. Windows clients just experience delays (up to several minutes). I've done some debugging: On the client i issue: smbclient -Umhansen //lfs1/mhansen lfs1 is a domain member server. On lfs1 (log level 10) i get the following in log.wb-CS.AAU.DK: [2006/12/01 13:21:08, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine PDC pipe \NETLOGON fnum 0x71f2returned critical error. Error was Call timed out: server did not respond after 1 milliseconds On the PDC (named pdc) we get in the log that matches the lfs1 host: [2006/12/01 13:20:58, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base = [dc=cs,dc=aau,dc=dk], filter = [((uid=mhansen)(objectclass=sambaSamAccount))], s cope = [2] [2006/12/01 13:20:58, 10] lib/smbldap.c:smbldap_search_ext(1237) Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP server () [2006/12/01 13:20:59, 10] lib/smbldap.c:smbldap_search_ext(1237) Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP server () [2006/12/01 13:21:00, 10] lib/smbldap.c:smbldap_search_ext(1237) Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP server () [2006/12/01 13:21:01, 10] lib/smbldap.c:smbldap_search_ext(1237) Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP server () [2006/12/01 13:21:02, 10] lib/smbldap.c:smbldap_search_ext(1237) Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP server () [2006/12/01 13:21:03, 10] lib/smbldap.c:smbldap_search_ext(1237) Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP server () [2006/12/01 13:21:04, 10] lib/smbldap.c:smbldap_search_ext(1237) Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP server () [2006/12/01 13:21:05, 10] lib/smbldap.c:smbldap_search_ext(1237) Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP server () [2006/12/01 13:21:06, 10] lib/smbldap.c:smbldap_search_ext(1237) Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP server () [2006/12/01 13:21:07, 10] lib/smbldap.c:smbldap_search_ext(1237) Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP server () [2006/12/01 13:21:08, 10] lib/smbldap.c:smbldap_search_ext(1237) Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP server () [2006/12/01 13:21:09, 10] lib/smbldap.c:smb_ldap_setup_conn(632) Raising it make the errors appear less often. This relates to the idletimeout on the ldap servers. Changing the idletimeout value to a lower number makes the errors appear more often. Unfortunately not including idletimout in the ldap configuration is now an option. The LDAP servers only have 50-60 active connection (wih the idletimeout). We have no special settings in smb.conf related to LDAP. See it at http://www.cs.aau.dk/~mhansen/pdc.smb.conf Now the question: How can I affect the behaviour samba has towards the LDAP server so it does not have any problems contacting the LDAP server? Shouldn't it just reestablish the connection if it is has beenclosed by the server. From what I can see i lib/smbldap.c (smbldap_open) it reopens the connection if it has been closed. But I cannot see if smbldap_open is actually called before smbldap_search_ext is called in this case. Any thoughts or recommendations are greatly appreciated. -- MVH / Best regards Mikael M. Hansen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbindd and idletimeout on the LDAP server
Hi Sorry, forgot to mention which versions we run. The samba servers (PDC,BDC and CUPS) are all running 3.0.23d. OpenLDAP is 2.3.27. All are compiled from source. I've noticed that increasing the value of idletimeout from 15 to 60 on the LDAP servers makes the errors appear less often - but they still appears. Any hints on where to look for more specific debug logging on the PDC/BDC servers? Mikael M. Hansen wrote: Hi We have a problem with samba (winbind) when we enable idletimeout on the OpenLDAP servers. If it is set we sometimes get an error: [EMAIL PROTECTED]:~ smbclient -Umhansen //cups/p6 Password: session setup failed: NT_STATUS_IO_TIMEOUT The log entries (log.wb-DOMAIN)on the DOMAIN MEMBER server (cups in this case) are: [2006/11/20 14:24:07, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine BDC pipe \NETLOGON fnum 0x7357returned critical error. Error was Call timed out: server did not respond after 1 milliseconds [2006/11/20 14:24:07, 1] libsmb/clientgen.c:cli_rpc_pipe_close(376) cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x7357 to machine BDC. Error was Call timed out: server did not respond after 1 milliseconds It should be said that we sometimes also see the same errors when the connection is successful. I would like to include some more debug info from the BDC/PDC server involved in the connection. But I need some info on which part of samba to increase the log for. If we remove the idletimeout from the ldap servers we no longer get this type of errors. Is it possible that samba does not check if the connection to the LDAP is still valid (not closed on the server side) and returns an error - due to the timeout - to the client rather than re-establishing the connection? -- MVH / Best regards Mikael M. Hansen IT-administrator Computer Science Dept. Email: [EMAIL PROTECTED] Aalborg University Phone: +45 9635 8905 Fredrik Bajers Vej 7E Room: E2-121 DK-9220 Aalborg, Denmark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Foreign SID's and winbind use default domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi In the Samba HOWTO (ch. 24 section 24.3.2) is written When winbind is used, the default condition is that the local user george will be treated as the account DOMAIN\george and the foreign (non-member of the domain) account will be treated as MACHINE\george because each has a different SID. I have enable 'winbind use default domain' in smb.conf in the hope that it changes the above stated behaviour to treat local user george as DOMAIN\george Is this correct to hope for (it seems to work in some cases)? - -- MVH / Best regards Mikael M. Hansen IT-administrator Computer Science Dept. Email: [EMAIL PROTECTED] Aalborg University Phone: +45 9635 8905 Fredrik Bajers Vej 7E Room: E2-121 DK-9220 Aalborg, Denmark -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFEnTD1ZklRSLjnxgRAnXGAJ9+9jvRJ+aRA9lLRYPWLNqxkeMb+QCaAuDR 7F5Ki4BHn7ruMrln0486OPc= =ss8V -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem in rpc_api_pipe related to the \spoolss pipe
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 i I have a problem with a samba-3.0.21a (as a PDC), when I use rpcclient to set the driver for a printer. I receive the following error (log level 12 for relevant parts rpc*, printerdrivers,tdb attached): rpc_api_pipe: Remote machine pdc pipe \spoolss fnum 0x76dereturned critical error. Error was Call returned zero bytes (EOF) prs_mem_get: reading data of size 4 would overrun buffer by 4 bytes. SetPrinter call failed! rpc_api_pipe: Remote machine pdc pipe \spoolss fnum 0x76dereturned critical error. Error was Call returned zero bytes (EOF) prs_mem_get: reading data of size 4 would overrun buffer by 4 bytes. result was WERR_GENERAL_FAILURE cli_rpc_pipe_close: cli_close failed on pipe \spoolss, fnum 0x76de to machine pdc. Error was Call returned zero bytes The command I use is: rpcclient -Umhansen -c 'setdriver e21a HP LaserJet 5000' localhost Enumprinters and enumdrivers works correctly (adddriver also worked perfectly): rpcclient -Umhansen -c 'enumprinters 2' localhost servername:[\\pdc] printername:[\\pdc\e21a] sharename:[e21a] portname:[Samba Printer Port] drivername:[e21a] comment:[HP5000Duplex] location:[] sepfile:[] printprocessor:[winprint] datatype:[RAW] parameters:[] attributes:[0x1048] priority:[0x1] defaultpriority:[0x1] starttime:[0x0] untiltime:[0x0] status:[0x0] cjobs:[0x0] averageppm:[0x0] rpcclient -Umhansen -c 'enumdrivers 3' localhost [Windows NT x86] Printer Driver Info 3: Version: [2] Driver Name: [e21a] Architecture: [Windows NT x86] Driver Path: [LOCALHOST\print$\W32X86\2\ADOBEPS5.DLL] Datafile: [LOCALHOST\print$\W32X86\2\e21a.PPD] Configfile: [LOCALHOST\print$\W32X86\2\ADOBEPSU.DLL] Helpfile: [LOCALHOST\print$\W32X86\2\ADOBEPSU.HLP] Monitorname: [] Defaultdatatype: [RAW] Printer Driver Info 3: Version: [3] Driver Name: [HP LaserJet 5000] Architecture: [Windows NT x86] Driver Path: [LOCALHOST\print$\W32X86\3\PSCRIPT5.DLL] Datafile: [LOCALHOST\print$\W32X86\3\HP_LaserJet_5000_Series.ppd] Configfile: [LOCALHOST\print$\W32X86\3\PS5UI.DLL] Helpfile: [LOCALHOST\print$\W32X86\3\PSCRIPT.HLP] Monitorname: [] Defaultdatatype: [RAW] Any suggestions on whats wrong? I wonder if something was changed in the printing tdb from version 3.0.20rc2 that might cause this? I copied the old ones to the new installation. - -- MVH / Best regards Mikael M. Hansen - -- MVH / Best regards Mikael M. Hansen IT-administrator Computer Science Dept. Email: [EMAIL PROTECTED] Aalborg University Phone: +45 9635 8905 Fredrik Bajers Vej 7E Room: E2-121 DK-9220 Aalborg, Denmark -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDzjxV1ZklRSLjnxgRAndHAKCI2hSFtow/KicC11P9bPgup4EYgACfarPu kibgjW7SZf5Y2pdVhAO8/k8= =E0ke -END PGP SIGNATURE- Opening cache file at /q/disk_0/testcups/samba-3.0.21a/var/locks/gencache.tdb Returning valid cache entry: key = NBT/PDC#20, value = 130.225.194.5:0, timeout = Wed Jan 18 13:08:59 2006 Bind RPC Pipe[7304]: \lsarpc auth_type 0, auth_level 0 Bind Abstract Syntax: Bind Transfer Syntax: 00 smb_io_rpc_hdr hdr major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 000c call_id : 0001 10 smb_io_rpc_hdr_rb 10 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 0018 num_contexts: 01 001c context_id : 001e num_transfer_syntaxes: 01 1f smb_io_rpc_iface 20 smb_io_uuid uuid 0020 data : 12345778 0024 data : 1234 0026 data : abcd 0028 data : ef 00 002a data : 01 23 45 67 89 ab 0030 version: 34 smb_io_rpc_iface 34 smb_io_uuid uuid 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 003e data : 08 00 2b 10 48 60 0044 version: 0002 rpc_api_pipe: Remote machine pdc pipe \lsarpc fnum 0x7304 00 smb_io_rpc_hdr rpc_hdr major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 000c call_id : 0001 rpc_api_pipe: got PDU len
[Samba] XP not joining domain
Hi I have a small problem with joining a XP box to a Samba domain, which I hope that someone can put some light on. The setup: Samba 3.0.4 using ldap for users. All users are created with both posix and samba accounts. Users can login with ssh (pam/nss), smbclient and net use \\pdc\share /USER:username (also from XP pro). W2k workstations can join the domain. When I try to join a XP (pro) workstation I get the following in the log: [2004/06/01 11:51:47, 2] lib/smbldap.c:smbldap_search_domain_info(1344) Searching for:[((objectClass=sambaDomain)(sambaDomainName=SAMBA))] [2004/06/01 11:51:47, 2] lib/smbldap.c:smbldap_open_connection(639) smbldap_open_connection: connection opened [2004/06/01 11:51:47, 2] smbd/sesssetup.c:setup_new_vc_session(602) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/06/01 11:51:47, 2] smbd/sesssetup.c:setup_new_vc_session(602) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/06/01 11:51:47, 2] passdb/pdb_ldap.c:init_sam_from_ldap(483) init_sam_from_ldap: Entry found for user: root [2004/06/01 11:51:48, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [root] - [root] - [root] succeeded [2004/06/01 11:51:48, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2477) Returning domain sid for domain SAMBA - S-1-5-21-3689821868-1502956241-3879604288 [2004/06/01 11:51:52, 2] smbd/server.c:exit_server(568) Closing connections It appears that the PDC returns the domain SID and the client just chooses to ignore it i.e. closing the connection. I have tried both with and without the signorseal registry change. The most recent info seems to indicate that it is not needed, but I was not sure. The machine account gets created automatically. I have tried to create it manually (using smbldap-useradd -w from IDEALIX's smbldap tools), but with the same result. The global section of the smb.conf file are included below. I have searched the archives and google but found nothing except one other having the same problem, but no solution was found. Does anyone have any ideas? Best regards Mikael M. Hansen smb.conf: [global] workgroup = SAMBA interfaces = eth0, lo bind interfaces only = Yes passdb backend = 'ldapsam:ldap://ldap1.cs.auc.dk ldap://ldap2.cs.auc.dk' passwd program = /var/lib/samba/sbin/smbldap-passwd-auto %u passwd chat = *New*password*:* %n\n *Retype*new*password*:* %n\n passwd chat debug = Yes username map = /etc/samba/smbusers unix password sync = Yes log level = 2 smb ports = 139 445 name resolve order = wins hosts bcast add user script = /var/lib/samba/sbin/smbldap-useradd -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel %u add group script = /var/lib/samba/sbin/smbldap-groupadd -p '%g' delete group script = /var/lib/samba/sbin/smbldap-groupdel '%g' add user to group script = /var/lib/samba/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /var/lib/samba/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /var/lib/samba/sbin/smbldap-usermod -h '%g' '%u' add machine script = /var/lib/samba/sbin/smbldap-useradd -w '%u' logon script = scripts\logon.bat logon path = \\%L\%U\.profile logon drive = X: domain logons = Yes preferred master = Yes wins support = Yes ldap suffix = dc=cs,dc=aau,dc=dk ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=cs,dc=aau,dc=dk ldap ssl = start tls ldap passwd sync = Yes idmap backend = ldap:ldap://ldap1.cs.auc.dk idmap uid = 1-2 idmap gid = 1-2 map acl inherit = Yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbclient-2.2.8a cannot connect to samba-3.0.0 server
]=16887 (0x41F7) smb_vwv[14]=50117 (0xC3C5) smb_vwv[15]=50177 (0xC401) smb_vwv[16]=255 (0xFF) smb_bcc=6 [000] 43 00 53 00 00 00 C.S... Password: write_socket(3,120) write_socket(3,120) wrote 120 got smb length of 35 size=35 smb_com=0x73 smb_rcls=109 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=11282 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=0 size=35 smb_com=0x73 smb_rcls=109 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=11282 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=0 session setup failed: NT_STATUS_LOGON_FAILURE Any help is greatly appreciated. MVH / Best regards Mikael M. Hansen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
