Re: [Samba] Network browsing in S4
On Mon, Aug 12, 2013 at 4:32 PM, Gregory Sloop gr...@sloop.net wrote: So, if I understand things correctly, NMBD or network browsing isn't functional under S4 yet. [At least I don't believe it was in 4.03 - and I don't think that's changed.] I have some cases where I need accurate NetBIOS name resolution, [and perhaps Network browsing services.] If not, should I run nmbd on it's own outside the the S4 servers - that's something perfectly easy for me to do. I could be mistaken (definitely not an expert) but I believe NetBIOS function is defaulted to On regarding samba shares under the file server services; but, as far as the AD DC folders relating to profiles, GPO's, and other domain user content, I think you're correct -- network browsing is not functional at this time. From Samba 4.0.8 man samba: disable netbios (G) Enabling this parameter will disable netbios support in Samba. Netbios is the only available form of browsing in all windows versions except for 2000 and XP. Note Clients that only support netbios won't be able to see your samba server when netbios support is disabled. Default: disable netbios = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Suggestions testing Samba 4 on same subnet as Standalone Samba 3 Server
Hi Schmerold, thank you, between subnetting and iproute2, I'll be able to insulate testing from production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Joining DC
Alex- A few things: 1) Don't run DCs on the same domain with different versions of Samba. Either add in another 4.0.1 DC and replicate, or use the backup tool to create a copy of the database first. 2) CN=DeletedObjects is hidden by design. You can view it using ldp.exe on a windows box (http://technet.microsoft.com/en-us/library/cc978013.aspx) and a google search will show you where to look for it in ASDIEdit. 3) In this instance, I see why you are trying to delete this item; in 99% of other cases though, the tombstone policy should take care of removing deleted objects. Good luck, Mike Ray - Original Message - From: Alex Ferrara a...@receptiveit.com.au To: samba@lists.samba.org List samba@lists.samba.org Sent: Sunday, August 4, 2013 3:03:11 PM Subject: Re: [Samba] Joining DC Does nobody know how to manually remove items from Samba4 directory? I've tried using adsiedit but cn=deleted items doesn't show up. Sent from my iPhone On 02/08/2013, at 1:58 PM, Alex Ferrara a...@receptiveit.com.au wrote: I am having some trouble joining a new samba4 server as a DC. I am pretty sure this stems from trying to use OpenChange and subsequently removing it. The new samba4 machine is running 4.0.7 and the existing is running 4.0.1. I am a little hesitant to do an in-place upgrade of the last working DC, so I wanted a replica to fall back on in case things go bad. Any help would be appreciated. On the new machine samba-tool domain join domain.local DC -Uadministrator realm=domain.local --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'domain.local' Found DC tachyon.domain.local Password for [DOMAIN\administrator]: workgroup is DOMAIN realm is domain.local checking sAMAccountName Adding CN=NEXUS,OU=Domain Controllers,DC=domain,DC=local Adding CN=NEXUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local Adding CN=NTDS Settings,CN=NEXUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local Adding SPNs to CN=NEXUS,OU=Domain Controllers,DC=domain,DC=local Setting account password for NEXUS$ Enabling account Calling bare provision No IPv6 address will be assigned Provision OK for domain DN DC=domain,DC=local Starting replication Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[402/2620] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[804/2620] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[1206/2620] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[1608/2620] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[2010/2620] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[2412/2620] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[2620/2620] linked_values[0/0] Analyze and apply schema objects Join failed - cleaning up checking sAMAccountName Deleted CN=NEXUS,OU=Domain Controllers,DC=domain,DC=local Deleted CN=NTDS Settings,CN=NEXUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local Deleted CN=NEXUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local ERROR(runtime): uncaught exception - (8442, 'WERR_DS_DRA_INTERNAL_ERROR') File /usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/lib/python2.7/dist-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/lib/python2.7/dist-packages/samba/join.py, line 1104, in join_DC ctx.do_join() File /usr/lib/python2.7/dist-packages/samba/join.py, line 1009, in do_join ctx.join_replicate() File /usr/lib/python2.7/dist-packages/samba/join.py, line 734, in join_replicate replica_flags=ctx.replica_flags) File /usr/lib/python2.7/dist-packages/samba/drs_utils.py, line 248, in replicate (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req) On the existing DC logs [2013/08/02 13:53:04, 0] ../source4/rpc_server/drsuapi/getncchanges.c:220(get_nc_changes_build_object) ../source4/rpc_server/drsuapi/getncchanges.c:220: Failed to find attribute in schema for attrid 2786216 mentioned in replPropertyMetaData of CN=Recipient Update Service (DOMAIN)\0ADEL:cbf078d9-a0ff-4609-a05b-743816af619d,CN=Deleted Objects,CN=Configuration,DC=domain,DC=local Alex Ferrara Director Receptive IT Solutions -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go
Re: [Samba] Suggestions testing Samba 4 on same subnet as Standalone Samba 3 Server
On Tue, Jul 30, 2013 at 5:00 PM, Gary Dale garyd...@torfree.net wrote: You're way overthinking this. Just give the new server an IP address that is on a different subnet. e.g. if your current server is 192.168,.1.10/24, give your new server 192.168.2.10/24. Secondly, since you don't have an NT domain, the differences between it and AD are not relevant. What you will find is the difference between a workgroup and a domain. This involves the logins and roaming profiles. What really doesn't change much are the file shares, although you can now simplify them by setting sharing according to domain group rather than individual ids. An even simpler way is to simply NOT use a separate subdomain. Set up the new server as the domain controller for the group. Leave the files printers on the old server. Once all the clients have been switched from the workgroup to the domain, move the files and printers over to the new server, shut down the old one, then create an alias for the old server on the new one. This way, there are no more changes required on the clients. If a problem is identified, you can simply remove the alias and bring the old server back. Of course, you can convert the individual workstations to use the new server name at your leisure so that you can eventually remove the alias. However this is not necessary. In fact, if you later replace the new server, the replacement can assume the old name so that the alias isn't needed any more. Gary, Thank you very much for the helpful response. Definitely going to find more info about creating an alias for the old server on the new S-4 DC server. One question regarding giving S-4 server address on different subnet -- how would you ssh into it from a client on the other subnet -- 192.168.10/24? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Intermittent access to Sysvol/Netlogon shares
After some digging, I believe it to be an issue where samba-tool demote does not remove the DFS records. This causes clients to attempt to map \\domain\ with a DC that is unavailable, giving the error. A manual solution is to remove the bad entries from CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain. I've filed a bug report. https://bugzilla.samba.org/show_bug.cgi?id=10060 - Original Message - From: Mike Ray m...@xes-inc.com To: samba@lists.samba.org Sent: Tuesday, July 30, 2013 2:14:30 PM Subject: [Samba] Intermittent access to Sysvol/Netlogon shares Hello all- Cutting to the chase, I'm noticing varying/intermittent access to the netlogon and sysvol shares. All clients are windows 7 and samba is 4.0.6. Some clients are able to run 'gpupdate /force' and will successfully apply updates. Other clients fail out on this and state that it can't read the default domain policy GPT.INI file from \\domain\ When I try to manually navigate there, I can connect to \\domain\ but am denied access to both netlogon and sysvol with an 'access denied, internal error' message. Connecting to either DC via \\dc\ works and from there, for the clients that failed \\domain\ it seems to be arbitrary if they can browse the entire directory (no relation to nltest /dsgetdc). Additionally, they might not be able to access say netlogon, but if i browse through sysvol, I can get into what is the netlogon folder no problem. Clients that have no issue connecting to \\domain\ are equally able to browse all parts of \\dc\. samba-tool ntacl sysvolcheck, samba-tool drs showrepl, samba_dnsupdate --verbose and samba-tool dbcheck all report zero errors. There is presently nothing in the logs either. Of the two DCs, for the last week or so, one of them was panicking internally and crashing to an weird state every few minutes; a patch provided by Andrew Bartlett has since stopped that behavior. If that DC is the only one running or if the other one is running concurrently, seemingly random clients will experience the above issues and some will be fine. If the DC who didn't have that glitch is the only one running, it appears that this issue does not ever occur. Anyone have any clue what might be so messed up with that first DC? -Mike Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Intermittent access to Sysvol/Netlogon shares
Hello all- Cutting to the chase, I'm noticing varying/intermittent access to the netlogon and sysvol shares. All clients are windows 7 and samba is 4.0.6. Some clients are able to run 'gpupdate /force' and will successfully apply updates. Other clients fail out on this and state that it can't read the default domain policy GPT.INI file from \\domain\ When I try to manually navigate there, I can connect to \\domain\ but am denied access to both netlogon and sysvol with an 'access denied, internal error' message. Connecting to either DC via \\dc\ works and from there, for the clients that failed \\domain\ it seems to be arbitrary if they can browse the entire directory (no relation to nltest /dsgetdc). Additionally, they might not be able to access say netlogon, but if i browse through sysvol, I can get into what is the netlogon folder no problem. Clients that have no issue connecting to \\domain\ are equally able to browse all parts of \\dc\. samba-tool ntacl sysvolcheck, samba-tool drs showrepl, samba_dnsupdate --verbose and samba-tool dbcheck all report zero errors. There is presently nothing in the logs either. Of the two DCs, for the last week or so, one of them was panicking internally and crashing to an weird state every few minutes; a patch provided by Andrew Bartlett has since stopped that behavior. If that DC is the only one running or if the other one is running concurrently, seemingly random clients will experience the above issues and some will be fine. If the DC who didn't have that glitch is the only one running, it appears that this issue does not ever occur. Anyone have any clue what might be so messed up with that first DC? -Mike Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Suggestions testing Samba 4 on same subnet as Standalone Samba 3 Server
My network currently has the following server running Samba 3 as a standalone server to 50 client boxes: Linux a1 2.6.35.7 #3 SMP Samba Version 3.5.6. Currently, no true NT Domain Controller, in Windows speak - it's a Workgroup only. I have another server that I want to configure to use Samba 4 as an Active Directory Domain Controller and file server: Linux a10 3.7.10-gentoo-r1 #1 SMP Samba Version 4.0.4. I only have one subnet and cannot disrupt the users, but have read the following concerns on the Samba wiki: Make sure you thoroughly test your conversion and how your clients react before you activate your new server in your production environment! Once a Windows client finds and connects to the new server, it is not possible to go back! Also, it is necessary to do testing on a separate network so that the old and new domain controllers don't clash. The issues with having both domains 'live' at the same time are: The databases are not syncronised after the initial migration Even if no changes are made to the DB, clients which see an AD DC will no longer honour NT4 system policies The new Samba4 PDC and the old DC will both claim to hold the #1b name as the netbios domain master The paths to certain files and directories for your Samba3 installation are often distribution specific (for example, /var/lib/samba vs. /etc/samba). Please be sure to verify and if necessary, modify paths used in examples appropriately. - - - - - - Has anyone dealt with only having one subnet upon which to configure and test a new Samba 4 server in the presence of a currently active Samba 3 server? I was thinking maybe the simplest way would be to make an iptables firewall on the Samba 4 server -- allowing connections from only one particular address on the subnet and use that one address for a client box to test on. Possible iptables rule (allowing one client address, blocking all others on subnet): iptables -t filter -A INPUT -i eth0 -s 192.168.1.200 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -t filter -A INPUT -i eth0 ! -s 192.168.1.200 -j DROP Would this be adequate to separate the Samba 4 server from others on the LAN? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] memory consumption with treesize pro and cifs shares
More info on this: The NAS running FreeBSD has 48GB RAM, same as the test NAS we are duplicating the error on. Both machines see this error with 3.6.9 Samba. The initial try at duplicating the error didn't produce it. It wasn't until we increased the amount of files in the CIFS share that we were able to duplicate it. Number of files is in the millions. Drive freespace is large on the test machine and the error still occurs. According to LindaW here, the test hasn't been reproduce yet using Samba 3.6.16, so we're looking into another test on our box using the updated version. Has anyone else encountered an issue like with using TreeSize Pro? Does anyone need more information to help sort this out? We'll be running additional tests today looking for a solution and I will post back more on this later. Thanks, Mike On Tue, Jul 23, 2013 at 6:59 PM, Cy Mike cym...@gmail.com wrote: Hi everyone. I'm looking to solve an issue with Samba on a NAS being accessed with TreeSize Pro. Using that program to scan through millions of files is eating up memory on swap and eventually crashing the system. It's scanning mounted CIFS shares on the NAS running TrueNAS with samba version 3.6.9 We have a test case and have been able to replicate the issue on another machine. The solution right now is to simply not run TreeSize Pro. Not the best of plans. In the meantime, I'm going to continue to check the usual manuals/google sources to see if I can find anything. I haven't as yet and am short on time with this. Basically looking to see if this is an actual bug that might require a patch/upgrade, or something I can fix with some tuneables. Thanks, Mike -- that's not a bald head, that's a solar panel for a dumbass machine - jon stewart 5/9/12 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error demoting
Jonis- Are you running this on the DC that you originally provisioned the domain on? If that is the case, this has been the behavior for several months now and I was never able to get to the bottom of it, nor able to demote/remove that original DC. However, in my experience, the command works just fine on any non-original DCs. Is this the case for you? While certainly not ideal, having one old relic sit around in your directory probably isn't a deal breaker. Mike Ray - Original Message - From: Jonis Maurin Ceará jmce...@gmail.com To: samba@lists.samba.org Sent: Friday, July 26, 2013 8:45:29 AM Subject: [Samba] Error demoting Hi. I'm trying to demote my samba4, but i'm getting an error: [root@adteste bin]# ./samba-tool domain demote -U administrator ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC The thing is that all roles are transfered to my another controller, as you can see (SERVER2): [root@adteste bin]# ./samba-tool fsmo show InfrastructureMasterRole owner: CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fearp,DC=usp,DC=br RidAllocationMasterRole owner: CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fearp,DC=usp,DC=br PdcEmulationMasterRole owner: CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fearp,DC=usp,DC=br DomainNamingMasterRole owner: CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fearp,DC=usp,DC=br SchemaMasterRole owner: CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fearp,DC=usp,DC=br So, what's those 2 other roles and how can i change? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] memory consumption with treesize pro and cifs shares
Hi everyone. I'm looking to solve an issue with Samba on a NAS being accessed with TreeSize Pro. Using that program to scan through millions of files is eating up memory on swap and eventually crashing the system. It's scanning mounted CIFS shares on the NAS running TrueNAS with samba version 3.6.9 We have a test case and have been able to replicate the issue on another machine. The solution right now is to simply not run TreeSize Pro. Not the best of plans. In the meantime, I'm going to continue to check the usual manuals/google sources to see if I can find anything. I haven't as yet and am short on time with this. Basically looking to see if this is an actual bug that might require a patch/upgrade, or something I can fix with some tuneables. Thanks, Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Setting password expiration policy
On 18/06/2013 12:07, Thomas Harold wrote: On 5/13/2013 11:23 AM, Gerry Reno wrote: Can I use samba-tool to globally set passwords to never expire like this: /usr/local/samba/bin/samba-tool domain passwordsettings set --max-pwd-age=0 Or do I have to set max age to some positive value and set expiration in ADUC when creating each user as Password never expires? My assumption would be that since the allowed range is only 0-999 for that argument that a value of zero would be don't expire. But I'm also curious as the Samba4 wiki doesn't have much to say on the subject. A value of zero does indeed cause a password to never expire. You can use ADUC from a windows PC to confirm. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.6 Ubuntu Package Available
Andrew- I'll be sure to join the mailing list and help out when I can. However, a bit of bad news, I started to use that package that resulted from your debian directory, and I'm having issues with LDB and replication (again!). Any ldb utility (e.g. ldbsearch) errors out as follows: WARNING: Module [samba_dsdb] not found - do you need to set LDB_MODULES_PATH? Unable to load modules for /var/lib/samba/private/sam.ldb: (null) Failed to connect to /var/lib/samba/private/sam.ldb - (null) On a possibly related note: replication spits out WERR_BADFILE for all inbound/outbound neighbors on the PDC. The secondary DC states the inbound is successful (even though they appear to not actually be) but attempts nothing for outbound. Manually setting LDB_MODULES_PATH=/usr/lib/x86_64-linux-gnu/samba/ldb/ fixes the ldb errors; however, I do not recall having to set this variable with older variables. Additionally, neither this nor manually replicated zones (listed as successful) seem to not fix the replication issues (WERR_BADFILE perists). My package doesn't seem to have the replication issues (at least with Samba Internal DNS) but does have the ldb modules issue. Any ideas on what could be going wrong with replication on the other package? Also, ideas on how to fix the ldb modules issue? -Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.6 Ubuntu Package Available
Ricky- Thanks for the response. Unfortunately that did not work. The domain controllers that are running with the package created using the up-to-date debian folder continue to show the WERR_BADFILE error. Following your advice, I have tried resolv.conf with dc1 specified, with dc2 specified, with each specifying themselves via static IP and each specifying themselves via 127.0.0.1, but no luck with any (samba was restarted between every change). The domain controllers that are running with the package created using my debian do not show this error. Presently the resolv.conf on both state the nameserver as 127.0.0.1. -Mike - Original Message - From: Ricky Nance ricky.na...@gmail.com To: Mike Ray m...@xes-inc.com Cc: Andrew Bartlett abart...@samba.org, samba@lists.samba.org Sent: Tuesday, June 11, 2013 11:49:41 AM Subject: Re: [Samba] Samba 4.0.6 Ubuntu Package Available On Tue, Jun 11, 2013 at 11:38 AM, Mike Ray m...@xes-inc.com wrote: On a possibly related note: replication spits out WERR_BADFILE for all inbound/outbound neighbors on the PDC. The secondary DC states the inbound is successful (even though they appear to not actually be) but attempts nothing for outbound. A lot of times the WERR_BADFILE is due to the nameserver line in your /etc/resolv.conf, you need to set it to one of your DC's, then restart BOTH samba servers and see if that line goes away. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.6 Ubuntu Package Available
Andrew- After git-building the package with your debian directory (as it was at about 9:00 AM UTC-0600), I installed it and started comparing it to the package I had crafted. There are a large number of differences, but almost all of them seem to stem from the work-arounds I implemented to cope with my lack of knowledge in package crafting. For instance, with the samba4_4.0.3+dfsg1-0.1 debian that we started with, certain variables and paths were not expanding properly which led to build failures; I remedied this problem by changing the install paths and associated rules. It was barbaric methodology, but it did eventually pan out. Other than that though, our packages seem to both function (though one morning of light usage is not a fair trial); though I'm glad to have a proper install thanks to the git tree you linked. One difference though that will matter is that wafsamba.py does not properly expand python as an environment variable when it preforms substitution on the interpreter line for samba_dnsupdate, samba_kcc, samba_spnupdate and samba_upgradedns. The interpreter line as is, will read #!/usr/bin/python2.7# vim: expandtab which causes the 'bad interpreter' error when invoked. Changing wafsamba.py as follows seems to fix the issue: if task.env[PYTHON][0] == /: - replacement_shebang = #!%s % task.env[PYTHON] + replacement_shebang = #!%s\n % task.env[PYTHON] else: - replacement_shebang = #!/usr/bin/env %s % task.env[PYTHON] + replacement_shebang = #!/usr/bin/env %s\n % task.env[PYTHON] I'm rebuilding the package I made available previously with the up-to-date debian folder as well as that newline fix and my unofficial exclude ip patch. Thanks much for the help, Mike Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Folder permissions not working
I seem to be having a bit of a brain fade with regard to permissions in samba. I have a share with several folders owned by different groups: drwxrws--- 13 root accounts 4.0K Jun 7 12:12 Accounts drwxrws--- 16 ian accounts 4.0K Jun 7 11:24 Administration drwxrws--- 14 accounts users4.0K Apr 22 12:05 Downloads drwxrwsr-x 7 ian users4.0K Mar 22 13:51 Graphics drwxrws--- 14 marion admins 4.0K Jun 6 14:39 Ian Marion drwxrws--- 5 ian myob 4.0K Jun 5 12:02 MYOB Accounts drwxrws--- 41 ian users4.0K Jun 4 16:03 Plant Health drwxrwsr-x 8 ian users4.0K Jan 8 07:49 Research drwxrws--- 12 ian users4.0K Apr 16 16:57 Staff drwxrws--- 21 ldapuser coffeecentre 4.0K Jun 5 13:32 The Australian Coffee Centre I have a user (marion) who is a member of all these groups and more: # groups marion admins users coffeecentre accounts domadmins domusers myob The issue is, Marion can't access the folder called The Australian Coffee Centre, Windows 7 says no permission and the samba server shows: # tail /var/log/samba/log.marionhome-pc [2013/06/07 08:28:31.144321, 1] smbd/service.c:805(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2013/06/07 08:28:31.240024, 1] smbd/service.c:805(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED All other sub-folders in this folder are accessible as expected. Where do I need to go looking for this problem? Anyone struck this before? Happy to provide further info as directed. -- Have a Nice Day! Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4.0.6 Ubuntu Package Available
Hello everyone- Just a quick little blurb to anyone interested: I've spend some time packaging Samba4 for Ubuntu 12.04 and I believe it is finally ready. A couple of notes about the package: - it is compiled from the 4.0.6 tarball available from Samba - it has packages for amd64 and i386* class machines - it requires various other non-stable class packages - it uses the file system hierarchy - BIND9_DLZ as a dns-backend has issues with replication between DCs due to a TKEY error that I have not figured out* * - it contains 2 totally unofficial, handcrafted patches -- very briefly one fixed an issue with environment variable substitution and the the other adds some flexibility to samba_dnsupdate to skip IP addresses If anyone wants to give it a try, all the necessary packages are available from here: ppa:xespackages/samba4 Though if you are not going to use bind, you can omit the bind9-upstart package. I'm going to be testing with it before it goes live at my place; however, any feedback -- either on the package itself or on the functionality of the resulting Samba install -- is greatly appreciated. A huge shout-out to the Samba Team for developing this software . A personal shout-out to Jelmer for his help in packaging matters . Have a good one, Mike Ray *I've only tested amd64 versions **these issues were also present for me in the source tarball so I am unsure as to whether or not this is a package issue or a Samba bug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.3 on CentOS 6.3 as PDC.
Hi Thomas, Thanks for the reply. Yes, I followed the S4 standard install from the wiki (and repeated it on a second VM just to make sure I didn't miss something.) I have the following in my smb.cfg services line: server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate Anything obviously missing? Thanks again, -Mike On Tue, Feb 26, 2013 at 8:23 AM, Mike Stroven mike.stro...@visole-energy.com wrote: Any help here? I have included all of the output of the suggested diags that Thomas said I should run, but I admit that I'm not sure what I'm looking for, as I'm not familiar with RPC functionality on Linux. Something is not working with RPC on my Samba 4.0.3 server. (FWIW, it doesn't work with IPTables stopped either.) On Mon, Feb 25, 2013 at 2:21 PM, Mike Stroven wrote: I finally have everything working that can be verified from the server command line. Running Bind9.8 with DLZ support. Verified Kerberos 5 running. Now attempting to join Windows XP machines to the domain, and am getting an error: The RPC server is unavailable. Any pointers? On Mon, Feb 25, 2013 at 6:55 PM, Thomas Simmons wrote: You're likely to get more support on the user's list ( samba@lists.samba.org ). If you're certain everything is working on the server and the client network config is correct (you have the DC's IP as the primary DNS server), then my first guess would be iptables or selinux. If you need further assistance, output from the following commands would be useful: # test samba [root@grumpy ~]# /usr/local/samba/bin/smbclient //grumpy/netlogon -UAdministrator%'**' -c ls Domain=[TROY] OS=[Unix] Server=[Samba 4.0.3] . D 0 Mon Feb 25 09:53:33 2013 .. D 0 Fri Feb 22 17:09:24 2013 40757 blocks of size 131072. 20332 blocks available # test kerberos [root@grumpy ~]# kinit administra...@visole-energy.com Password for administra...@visole-energy.com : Warning: Your password will expire in 41 days on Mon Apr 8 18:14:03 2013 # check iptables [root@grumpy ~]# iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 /* SSH */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 /* DNS */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 /* DNS UDP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 /* HTTP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:88 /* Kerberos */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123 /* NTP */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:135 /* RPC UDP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:135 /* RPC TCP */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138 /* NetBIOS Netlogon and Browsing */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139 /* NetBIOS Session */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:389 /* LDAP UDP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 /* HTTPS */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:445 /* SMB CIFS */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:445 /* SMB CIFS UDP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:464 /* Kerberos Password Management */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:464 /* Kerberos Password Management UDP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:636 /* LDAP SSL */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3268 /* LDAP Global Catalog */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3269 /* LDAP Global Catalog SSL */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:1 /* Webmin */ REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination # check selinux root@grumpy ~]# sestatus SELinux status: disabled # netstat output [root@grumpy ~]# netstat -anp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 1114/samba tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 1114/samba tcp 0 0 0.0.0.0:39689 0.0.0.0:* LISTEN 922/rpc.statd tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN /smbd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 904/rpcbind tcp 0 0 0.0.0.0:1 0.0.0.0:* LISTEN 1150/perl tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 1116/samba tcp 0 0 192.168.60.200:53 0.0.0.0:* LISTEN 882/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 882/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1091/sshd tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 1116/samba tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 882/named tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN
Re: [Samba] Samba 4.0.3 on CentOS 6.3 as PDC.
Hi Daniel, Thanks for the reply. I have disabled portreserve service, and unfortunately did not see a change in behavior. Mike Stroven, IT Manager ViSole Energy, Inc. 5750 New King St., Suite 330 Troy, MI 48098 Office: 248 852-1300 x2115 Skype: mstroven This email communication is confidential and is intended only for the individual(s) or entity named above and others who have been specifically authorized to receive it. It may contain confidential, proprietary or legally privileged information or may otherwise be protected by work product immunity or other legal rules. No confidentiality or privilege is waived or lost by any mis-transmission. If you are not the intended recipient, please do not read, copy, use or disclose the contents of this communication to others. Please notify the sender that you have received this email in error by replying to the email. Please then delete the email and any copies of it. Thank you. Save a tree! Please don't print this e-mail unnecessarily. - Original Message - From: Daniel Müller muel...@tropenklinik.de To: Thomas Simmons twsn...@gmail.com, Mike Stroven mike.stro...@visole-energy.com Cc: samba@lists.samba.org Sent: Monday, March 18, 2013 3:52:02 AM Subject: AW: [Samba] Samba 4.0.3 on CentOS 6.3 as PDC. I had an issue with portreserve running. After shutdown the service samba4 on Centos 6.3 did run. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Thomas Simmons Gesendet: Samstag, 16. März 2013 18:26 An: Mike Stroven Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba 4.0.3 on CentOS 6.3 as PDC. On Tue, Feb 26, 2013 at 8:23 AM, Mike Stroven mike.stro...@visole-energy.com wrote: Any help here? I have included all of the output of the suggested diags that Thomas said I should run, but I admit that I'm not sure what I'm looking for, as I'm not familiar with RPC functionality on Linux. Something is not working with RPC on my Samba 4.0.3 server. (FWIW, it doesn't work with IPTables stopped either.) On Mon, Feb 25, 2013 at 2:21 PM, Mike Stroven wrote: I finally have everything working that can be verified from the server command line. Running Bind9.8 with DLZ support. Verified Kerberos 5 running. Now attempting to join Windows XP machines to the domain, and am getting an error: The RPC server is unavailable. Any pointers? On Mon, Feb 25, 2013 at 6:55 PM, Thomas Simmons wrote: You're likely to get more support on the user's list ( samba@lists.samba.org). If you're certain everything is working on the server and the client network config is correct (you have the DC's IP as the primary DNS server), then my first guess would be iptables or selinux. If you need further assistance, output from the following commands would be useful: # test samba [root@grumpy ~]# /usr/local/samba/bin/smbclient //grumpy/netlogon -UAdministrator%'**' -c ls Domain=[TROY] OS=[Unix] Server=[Samba 4.0.3] . D 0 Mon Feb 25 09:53:33 2013 .. D 0 Fri Feb 22 17:09:24 2013 40757 blocks of size 131072. 20332 blocks available # test kerberos [root@grumpy ~]# kinit administra...@visole-energy.com Password for administra...@visole-energy.com: Warning: Your password will expire in 41 days on Mon Apr 8 18:14:03 2013 # check iptables [root@grumpy ~]# iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 /* SSH */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 /* DNS */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 /* DNS UDP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 /* HTTP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:88 /* Kerberos */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123 /* NTP */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:135 /* RPC UDP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:135 /* RPC TCP */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138 /* NetBIOS Netlogon and Browsing */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139 /* NetBIOS Session */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:389 /* LDAP UDP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 /* HTTPS */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:445 /* SMB CIFS */ ACCEPT udp -- 0.0.0.0
Re: [Samba] winbind use default domain = Yes (not working in 4.0.5)
This must be something that changed recently -- version 4.0.3 works with winbind use default domain = yes (i.e. getent passwd does *not* return DOMAIN\username, but just username). - Original Message - From: Luc Lalonde luc.lalo...@polymtl.ca To: Johan Hendriks jo...@double-l.nl Cc: samba@lists.samba.org Sent: Tuesday, April 16, 2013 8:54:06 AM Subject: [Samba] winbind use default domain = Yes (not working in 4.0.5) Hello folks, Well it seems that I'm not the only one having this problem: https://bugzilla.samba.org/show_bug.cgi?id=9780 I am able to bypass the problem with PAM_MOUNT by using '%(DOMAIN_USER)' instead of '%(USER). Bye. - Original Message - From: Johan Hendriks jo...@double-l.nl To: Luc Lalonde luc.lalo...@polymtl.ca Cc: samba@lists.samba.org Sent: Tuesday, April 16, 2013 8:27:30 AM GMT -05:00 US/Canada Eastern Subject: RE: [Samba] Winbind strip domain from username? Hello Folks, This directive works with Samba3 but does not seem to work with Samba-4.0.5: winbind use default domain = Yes I want to get a username that does not contain the domain (GIGL). Instead here's what I get: [root@roquefort ~]# getent passwd | grep GIGL GIGL\Administrator:*:0:100::/usagers/%U:/bin/bash GIGL\Guest:*:302:303::/usagers/%U:/bin/bash GIGL\krbtgt:*:307:100::/usagers/%U:/bin/bash GIGL\dns-stilton:*:308:100::/usagers/%U:/bin/bash GIGL\testuser:*:309:100::/usagers/%U:/bin/bash GIGL\llalonde:*:310:100::/usagers/%U:/bin/bash How do I remove the 'GIGL\' from the username? This is causing me problems mounting the user's home directory at logon with 'PAM_MOUNT' What am I missing? Thank You! -- Luc Lalonde, analyste - Département de génie informatique: École polytechnique de Montréal (514) 340-4711 x5049 luc.lalo...@polymtl.ca - I had something similar, but i can not look what it was from where i am now, but i think i did change the %U in %u in my home share regards Johan -- Luc Lalonde, analyste - Département de génie informatique: École polytechnique de Montréal (514) 340-4711 x5049 luc.lalo...@polymtl.ca - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] python scripting samba
Check out the python command call -- it allows you to run a command as if you were at a shell prompt. Using this and the ldb tools to modify the SAM database included with Samba4 you can create pretty much script any conceivable action for users/groups. I'd personally recommend using ldbmodify with an ldif file over any of the other ldbtool, this will be the easiest to script. For some basics on ldif files, check out http://www.zytrax.com/books/ldap/ch8/ Also don't forget about MS AD tools -- they might not lend themselves to scripting but they give a very nice front for management. Good luck, Mike Ray - Original Message - From: Geoff Crompton geo...@trinity.unimelb.edu.au To: samba samba@lists.samba.org Sent: Monday, April 15, 2013 6:30:37 PM Subject: [Samba] python scripting samba Can someone point me to some documentation on scripting samba user and group management from python? I'd much rather not do this via calls out to samba-tool, and if I could do this remotely (via LDAP like calls) I'd be even happier. Cheers, Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba-tool modify users info?
Luc- You can modify a user's attributes manually by using ldbedit. You can also modify a user's attributes via an LDIF file and the ldbmodify command . The first one may be easier/faster if you have to change only one thing; the second one is definitely more robust for large amounts of modifying and lends itself well to scripting. Check out http://www.zytrax.com/books/ldap/ch8/ for information on LDIF files. Good luck, -Mike Ray - Original Message - From: Luc Lalonde luc.lalo...@polymtl.ca To: samba@lists.samba.org Sent: Thursday, April 11, 2013 10:41:28 AM Subject: [Samba] Samba-tool modify users info? Hello, I'm wondering if there's a plan for including the possibility of modifying user attributes (must-change-at_next-login, profile-path, home-drive, home-directory, etc)? For the moment, it seems the only way to do this is when the user is created (samba-tool newuser) or by doing so via 'administrative tools' via a Windows machine. Thank You! -- Luc Lalonde, analyste - Département de génie informatique: École polytechnique de Montréal (514) 340-4711 x5049 luc.lalo...@polymtl.ca - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Packaging Issues
Jelmer- Unfortunately not, I am still unable to get the 4.0.3 package to build successfully due to the aforementioned error. I have yet to try a different version as I think this to be a problem with my packaging attempts, not with anything within that version of samba. As I'm new to this, I've been poking around for even just beginner tutorials on the whole 'debianization' of packages in the hopes that maybe I made an obvious slip-up. This has also not yielded anything particularly helpful. I think the problem probably has to do with me attempting to use the --bundled-libraries option in the rules. As I understand it, --bundled-libraries incorporates libraries into the package itself so that the package need not rely on system libraries. This seemed like a safe way to ensure that (even if for however unlikely) once the package built successfully, it would *always* be functional. If I've gone astray in that thinking or you have some advice for me, I would greatly appreciate it. Thanks for responding, Mike Ray - Original Message - From: Jelmer Vernooij jel...@samba.org To: Mike Ray m...@xes-inc.com Sent: Thursday, April 4, 2013 7:11:14 AM Subject: Re: Fwd: Samba 4 Packaging Issues Hi Mike, Did you manage to get an updated version of the Samba package built in the mean time? If not, let me know. Cheers, Jelmer -- Forwarded message -- From: Mike Ray m...@xes-inc.com Date: Wed, Mar 27, 2013 at 10:44 AM Subject: Samba 4 Packaging Issues To: debian-ment...@lists.debian.org Hello all- (After posting in -user, it was suggested I try this mailing list instead) Long story short, I am trying to package up a current version of Samba4 for Ubuntu Precise 12.04 so that I can easily and reliably deploy it to hardware from a PPA. I'm very new to debian packaging so I'll just start out by stating that anyone who can offer help on this is encouraged to *not* make assumptions about what I have or haven't done -- I'm new and bad at this. In any case, the samba 4.0.3 package (available in the experimental branch of debian packages http://packages.debian.org/source/experimental/samba4) is my base package and the provided debian folder was my starting point. I didn't use the samba packages for Precise because they are woefully old. I've tried to modify the files to meet my needs but am currently hitting an error on dpkg-shlibdeps. It spits out a lot of warnings about not being able to extract the name and version from certain libraries, but it is actually erroring out because it can't find certain libraries. dpkg-shlibdeps: error: couldn't find library libkrb5-samba4.so.26 needed by debian/libsamdb0/usr/lib/x86_64-linux-gnu/libsamdb.so.0.0.1 (ELF format: 'elf64-x86-64'; RPATH: '/usr/lib/x86_64-linux-gnu/samba'). dpkg-shlibdeps: error: couldn't find library libgssapi-samba4.so.2 needed by debian/libsamdb0/usr/lib/x86_64-linux-gnu/libsamdb.so.0.0.1 (ELF format: 'elf64-x86-64'; RPATH: '/usr/lib/x86_64-linux-gnu/samba'). And also: dpkg-shlibdeps: error: no dependency information found for /home/USER/samba4_4.0.4/samba4-4.0.4/debian/tmp/usr/lib/x86_64-linux-gnu/samba/libldb.so.1 (used by debian/libsamdb0/usr/lib/x86_64-linux-gnu/samba/libsamdb-common.so). dh_shlibdeps says this: dh_shlibdeps: dpkg-shlibdeps -Tdebian/libsamdb0.substvars debian/libsamdb0/usr/lib/x86_64-linux-gnu/samba/libldbsamba.so debian/libsamdb0/usr/lib/x86_64-linux-gnu/samba/libsamdb-common.so debian/libsamdb0/usr/lib/x86_64-linux-gnu/samba/libldb-cmdline.so debian/libsamdb0/usr/lib/x86_64-linux-gnu/libsamdb.so.0.0.1 returned exit code 2 make[1]: *** [override_dh_shlibdeps] Error 2 However, LD_LIBRARY_PATH, which to my understanding is what shlib uses to find libraries it needs to resolve dependencies, is set to a parent directory of where that library is: LD_LIBRARY_PATH evaluates to /home/USER/samba4_4.0.4/samba4-4.0.4/debian/tmp/usr/lib/x86_64-linux-gnu/samba. /home/USER/samba4_4.0.4/samba4-4.0.4/debian/tmp/usr/lib/x86_64-linux-gnu/samba/libkrb5-samba4.so.26 So how can't dpkg-shlibdeps find the library? Also, the only dependency listed for libsamdb0 in the subtvars file is: libsamdb 0 libsamdb0 So why is it getting mad about libldb not having dependencies? Here are pastebin links to the debian/rules and debian/control. rules: http://pastebin.com/dmVcyr0Y control: http://pastebin.com/QMdhWn3Z And insight/help would be much appreciated. -Mike Ray -- :wq -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] member server and groups
When running a samba 3 member server joined to a samba AD with winbind, we were having some issues with ACLs over CIFS mounts. If you are noticing issues with CIFS mounts, then something to keep in mind that I only found out after quite some time, is that permissions over mounts work as the logical AND of basic unix permissions and ACLs. That is if your user would be denied by the basic unix permissions, ACLs are never checked. However, if you get the greenlight from basic permissions, it then contacts the server and does the ACL checks. The reason that you are noticing no issue when you chgrp it to Domain Users is that at that point your domain users pass on the unix permissions. Without them owning (say the file/dir is root/root) then they fall to the last octal, the 'other' portion of file permissions. So what I'd try is chmod 777 the file/dir and then adding ACLs on top of that to restrict access. Hope that helps, Mike Ray - Original Message - From: Neil Price npr...@gibb.co.za To: samba@lists.samba.org Sent: Thursday, April 4, 2013 8:42:06 AM Subject: [Samba] member server and groups I have a samba 3 member server joined to a samba pdc using ldap. Join is OK. Version is from debian wheezy: 3.6.6 With servers that are bdc's I have no problems with authentication, with the member server I cannot get group file permissions to work. User file permissions work fine Samba share user and group permissions work fine getent group shows expected groups with correct gid, which is an improvement on the 3.5.4 that I tried before. Only thing interesting the logs show is access denied. BUT if I change the dir/file permission to domain users group THEN it works. So I think samba is only looking up the primary group. I know there was bug like this somewhere around 3.6.0 Is net idmap secret alloc no longer needed? It responds with The only currently supported backend is LDAP. smbpasswd -w seemed to do all I needed. Critical parts of my smb.conf I'm using the nss_ldap method with nss-ldapd security = domain workgroup = DOMAIN ldap admin dn = cn=System Administrator,ou=people,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=people ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=winstations,ou=systems ldap ssl = Off idmap config DOMAIN : backend = ldap idmap config DOMAIN : range = 8-99000 idmap config DOMAIN : ldap_url = ldap://my.ldap.serverl/ winbind use default domain = yes [comp] path = /home/shares/comp inherit permissions = yes public = no browsable = yes writeable = yes valid users = @computer Directory perms drwxrwx--- 19 root computer 4096 Jan 18 15:25 comp nsswitch.conf passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files dns wins networks: files /etc/nslcd.conf # The user and group nslcd should run as. uid nslcd gid nslcd # The location at which the LDAP server(s) should be reachable. uri ldap://my.ldap.server/ # The search base that will be used for all queries. base dc=domain,dc=com # The LDAP protocol version to use. #ldap_version 3 # SSL options #ssl off #tls_reqcert never # The search scope. #scope sub -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot access share from Kodak printer
I'm trying to use a Samba (3.0.37) share on my ASUS RT-ac66R router as a destination for scans from my Kodak Office Hero 6.1 all-in-one printer. ... I have put the printer and my laptop onto a hub and am using Wireshark to see what's going on. From the captures, it appears that printer is using a product called BlueShare 3.0 I've continued to experiment with smb.conf tweaks with no real progress. I have noticed new syslog entries: Mar 27 07:56:36 smbd[692]: [2013/03/27 07:56:36, 0] smbd/sesssetup.c:reply_sesssetup_and_X(1265) Mar 27 07:56:36 smbd[692]: reply_sesssetup_and_X: Rejecting attempt at SPNEGO session setup when it was not negoitiated. I tried setting the spnego options in smb.conf to yes, but these messages continue. I may have also noticed that the username/password isn't being sent from the printer to the router. The Session Setup AndX Request doesn't seem to contain either the username or password. It also doesn't seem to grow when I make the username and password both 8 bytes longer. Suggestions will be gratefully received. - Original Message - From: MIKE BLAKEKNOX bk1...@knology.net To: samba@lists.samba.org Sent: Sunday, March 24, 2013 11:45:39 AM Subject: [Samba] Cannot access share from Kodak printer I'm trying to use a Samba (3.0.37) share on my ASUS RT-ac66R router as a destination for scans from my Kodak Office Hero 6.1 all-in-one -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 DC Firewall settings
Tcp and Udp ports 137 - 139 and 445 On Mar 24, 2013 7:04 AM, steve st...@steve-ss.com wrote: Samba 4.0.4 on openSUSE 12.3 Hi everyone. Does anyone have a list of ports which have to be open to allow full DC operation? I'm no expert in firewalls and only have Yast at my disposal to configure it. I've tried opening samba server and DNS server ports via Yast but I must be missing something because I have to turn off the firewall to e.g. join a Windows client to the domain. Maybe Yast isn't the right tool? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot access share from Kodak printer
:5f:f0 (00:07:5c:2e:5f:f0) Internet Protocol Version 4, Src: 192.168.11.1 (192.168.11.1), Dst: 192.168.11.91 (192.168.11.91) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 4758 (4758), Seq: 100, Ack: 190, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 7] [Time from request: 0.00099 seconds] SMB Command: Session Setup AndX (0x73) Error Class: DOS Error (0x01) Reserved: 00 Error Code: Access denied Flags: 0x80 1... = Request/Response: Message is a response to the client/redirector .0.. = Notify: Notify client only on open ..0. = Oplocks: OpLock not requested/granted ...0 = Canonicalized Pathnames: Pathnames are not canonicalized 0... = Case Sensitivity: Path names are case sensitive ..0. = Receive Buffer Posted: Receive buffer has not been posted ...0 = Lock and Read: LockRead, WriteUnlock are not supported Flags2: 0x8001 1... = Unicode Strings: Strings are Unicode .0.. = Error Code Type: Error codes are DOS error codes ..0. = Execute-only Reads: Don't permit reads if execute-only ...0 = Dfs: Don't resolve pathnames with Dfs 0... = Extended Security Negotiation: Extended security negotiation is not supported .0.. = Reparse Path: The request does not use a @GMT reparse path .0.. = Long Names Used: Path names in request are not long file names ...0 = Security Signatures Required: Security signatures are not required 0... = Compressed: Compression is not requested .0.. = Security Signatures: Security signatures are not supported ..0. = Extended Attributes: Extended attributes are not supported ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: Reserved: Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 345 Session Setup AndX Response (0x73) Word Count (WCT): 0 Byte Count (BCC): 0 Can anyone see what the problem might be? In case it's useful, here's my smb.conf: [global] workgroup = raintree netbios name = raintree server string = raintree unix charset = UTF8 display charset = UTF8 log file = /var/log.samba log level = 0 max log size = 5 security = USER guest ok = no map to guest = Bad User encrypt passwords = yes pam password change = no null passwords = yes force directory mode = 0777 force create mode = 0777 max connections = 5 socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=32768 SO_SNDBUF=32768 obey pam restrictions = no use spnego = no client use spnego = no disable spoolss = yes host msdfs = no strict allocate = No bind interfaces only = yes interfaces = lo br0 use sendfile = no map archive = no map hidden = no map read only = no map system = no store dos attributes = yes dos filemode = yes dos filetimes = yes dos filetime resolution = yes [mbk] comment = sambap's mbk in WD My Passport 0748 path = /tmp/mnt/sambap/mbk valid users = admin, mbk, new invalid users = read list = admin, mbk, new write list = admin, mbk, new Thanks Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4.0.3 on CentOS 6.3 as PDC.
Any help here? I have included all of the output of the suggested diags that Thomas said I should run, but I admit that I'm not sure what I'm looking for, as I'm not familiar with RPC functionality on Linux. Something is not working with RPC on my Samba 4.0.3 server. (FWIW, it doesn't work with IPTables stopped either.) On Mon, Feb 25, 2013 at 2:21 PM, Mike Stroven wrote: I finally have everything working that can be verified from the server command line. Running Bind9.8 with DLZ support. Verified Kerberos 5 running. Now attempting to join Windows XP machines to the domain, and am getting an error: The RPC server is unavailable. Any pointers? On Mon, Feb 25, 2013 at 6:55 PM, Thomas Simmons wrote: You're likely to get more support on the user's list (samba@lists.samba.org). If you're certain everything is working on the server and the client network config is correct (you have the DC's IP as the primary DNS server), then my first guess would be iptables or selinux. If you need further assistance, output from the following commands would be useful: # test samba [root@grumpy ~]# /usr/local/samba/bin/smbclient //grumpy/netlogon -UAdministrator%'**' -c ls Domain=[TROY] OS=[Unix] Server=[Samba 4.0.3] . D0 Mon Feb 25 09:53:33 2013 .. D0 Fri Feb 22 17:09:24 2013 40757 blocks of size 131072. 20332 blocks available # test kerberos [root@grumpy ~]# kinit administra...@visole-energy.com Password for administra...@visole-energy.com: Warning: Your password will expire in 41 days on Mon Apr 8 18:14:03 2013 # check iptables [root@grumpy ~]# iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 ACCEPT all -- 0.0.0.0/00.0.0.0/0 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:22 /* SSH */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:53 /* DNS */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:53 /* DNS UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:80 /* HTTP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:88 /* Kerberos */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:123 /* NTP */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:135 /* RPC UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:135 /* RPC TCP */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:138 /* NetBIOS Netlogon and Browsing */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:139 /* NetBIOS Session */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:389 /* LDAP UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:443 /* HTTPS */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:445 /* SMB CIFS */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:445 /* SMB CIFS UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:464 /* Kerberos Password Management */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:464 /* Kerberos Password Management UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:636 /* LDAP SSL */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:3268 /* LDAP Global Catalog */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:3269 /* LDAP Global Catalog SSL */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:1 /* Webmin */ REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination # check selinux root@grumpy ~]# sestatus SELinux status: disabled # netstat output [root@grumpy ~]# netstat -anp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:32690.0.0.0:* LISTEN 1114/samba tcp0 0 0.0.0.0:389 0.0.0.0:* LISTEN 1114/samba
[Samba] FSMO Roles / DC Deletion Errors
Hi all- I've been polishing my Samba4 AD set-up as we get close to deploying it the office. However, one thing that I'm having issues with is FSMO roles and DCs. The gist of the situation is that I can not demote the original DC. Both DCs are implemented with Samba4, running the same version (4.0.3) and have replication working* Here is a summary of everything I've noticed: · samba-tool fsmo transfer does not work: running it without specifying anything returns a success command, but no roles are transferred off the DC running it and specifying another DC with the -H flag yields this error: ERROR(ldb): uncaught exception - ldb_search: invalid basedn '(null)' running it with the -H and -b yields the error: samba-tool fsmo transfer: error: no such option: -b · samba-tool fsmo seize *appears* to work: running it with any one role gives the following output: Attempting transfer... FSMO transfer of 'pdc' role successful ERROR: Failed to initiate role seize of 'pdc' role: objectclass: modify message must have elements/attributes! checking with samba-tool fsmo show *does* show that the role has been transferred however, the error prevents --role=all from working as it hits the error and stops execution · windows MMC snapins (e.g. Users and Computers) *do* reflect changes made on role owners · windows utilities (e.g. ntdsutil) *do* reflect changes made on role owners · both DCs agree on who has what role with samba-tool fsmo show Now the issue: After transferring all 5 roles from dc1 to dc2 and verifying that both of them agree, I want to remove dc1, so I attempt to demote dc1: samba-tool domain demote -UAdministrator This returns the following: ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC What are the 2 hidden roles it has or thinks it has? If I try to delete it from the windows side using Users and Computers, after ticking the box that says 'yes, I can't dcpromo, it's permanently offline', I receive the following error: Windows cannot delete object LDAP://dc2.[...]/CN=DC1,OU=Domain Controllers,DC=[...],DC=[...] because: The specified module could not be found. Why is it referred to as a module? In any case, using ldbedit on DC1, I did find that exact DN, so it is there. I can't use ldbdel to remove the DC as it refuses the operation (probably reasonably so). I think it might be an issue with just the *original* DC because I did this exact process with dc2 (the DC created via replication) and it returns this on samba-tool domain demote: Using dc1.[...] as partner server for the demotion Password for [[...]\Administrator]: Desactivating inbound replication Asking partner server dc1.[...] to synchronize from us Changing userControl and container Demote successfull So what could possibly be wrong with the original DC? As I poked around on this error, I also found this: https://bugzilla.samba.org/show_bug.cgi?id=9461 So is anyone using the test branch and can verify this bug is fixed in that version? *replication is working 100% but I do see this error: Warning: No NC replicated for Connection! From back when I was setting up replication, I poked around and from what I understood, it was a glitch and not an issue Any insights would be great, Thanks, -Mike Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] FreeBSD 9.1 + Samba 3.6.12 : Winbind sid lookup issue
Hey Samba list. We recently had to switch from 3.5.x to 3.6, due to the ports tree dropping 3.5 Since then, I've have had issues with the looking up users consistently. It may work for 30 minutes, and then stop. I finally started to run winbindd -i -d and here are some of my findings: Environment: OS: FreeBSD 9.1-RELEASE uname -a: FreeBSD pkg-server 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 r...@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 Samba: pkg info -f samba36 Name : samba36 Version: 3.6.12 Origin : net/samba36 Prefix : /usr/local Categories : net Licenses : GPLv3 Maintainer : ti...@freebsd.org WWW: http://www.samba.org/ Comment: A free SMB and CIFS client and server for UNIX Options: LDAP: on ADS: on CUPS: off WINBIND: on SWAT: off ACL_SUPPORT: on AIO_SUPPORT: on FAM_SUPPORT: off SYSLOG: off QUOTAS: off UTMP: off PAM_SMBPASS: off DNSUPDATE: on AVAHI: off PTHREADPOOL: on EXP_MODULES: on POPT: on IPV6: on MAX_DEBUG: off SMBTORTURE: off smb.conf: [global] workgroup = DISCDRIVE server string = Samba Server security = ads hosts allow = 192.168. 10.250. 10.5.68. 10.29. 10.26. 10.7.1. 127. log file = /var/log/samba/log.%m max log size = 50 realm = DISCDRIVE.BAYPHOTO.COM wins server = dc-3.discdrive.bayphoto.com dns proxy = no kerberos method = system keytab idmap config DISCDRIVE : backend = rid idmap config DISCDRIVE : range = 20001-3 idmap config DISCDRIVE : base_rid = 0 idmap config BAYPHOTO : backend = rid idmap config BAYPHOTO : range = 1-2 idmap config BAYPHOTO : base_rid = 0 idmap config DISCDRIVE : default = yes allow trusted domains = Yes winbind use default domain = yes winbind enum users = Yes winbind enum groups = Yes template shell = /bin/zsh template homedir = /home/%D/%U winbind use default domain=Yes winbind nss info = sfu winbind offline logon = Yes winbind refresh tickets = True winbind nested groups = Yes winbind cache time = 3600 winbind reconnect delay = 30 winbind expand groups = 10 winbind max domain connections = 10 max protocol = SMB2 I can look up some of our users, but I cannot see ALL of them, or I'll see one and after a while it will no longer show up again. I've removed /var/db/samba/*, ran net cache flush, restarted samba, but the follow scenario happens everytime. samba 3.6.12 freebsd 9.1-RELEASE # id jenkins-ci id: jenkins-ci: no such user # pw usershow jenkins-ci pw: no such user `jenkins-ci' # pw usershow mikec mikec:*:21208:20514::0:0:Mike Carlson:/home/DISCDRIVE/mikec:/bin/zsh root@pkg-server:/root # getent passwd| grep jenkins jenkins-ci:*:21608:20514:jenkins:/home/DISCDRIVE/jenkins-ci:/bin/zsh # id 21608 id: 21608: no such user # wbinfo -i mikec mikec:*:21208:20514:Mike Carlson:/home/DISCDRIVE/mikec:/bin/zsh # wbinfo -i jenkins-ci failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user jenkins-ci # wbinfo -u|grep jenkins-ci jenkins-ci All the while, this is what winbindd reports: Winbindd -i -d9 getpwnam jenkins-ci offline logons active, restricting max domain connections to 1 offline logons active, restricting max domain connections to 1 Could not convert sid S-1-5-21-1193775395-2634469651-4076480956-1607: NT_STATUS_OBJECT_NAME_NOT_FOUND closing socket 25, client exited I've tried samba4 as well, and I experience the same problems. This has been tried on a few different systems as well and I'm at my wits end with it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Print Support Samba4
Hey all, One of that last pieces to be put in place before my site goes live on Samba4 as AD is printer support. Now I've seen https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Step_13:_Setup_a_Printer_share and at one point had Group Policy that was deploying a printer on CUPS using AD authentication/Samba shares. However, we found out that when Windows machines printed to this printer, it was bypassing CUPS, i.e. jobs weren't in CUPS logs, and in fact, CUPS could be off and it would still print. Since it appeared these machines were printing directly to the printer, we are worried about what happens when a bad/large job is sent and the printer becomes unresponsive -- without the machines going through CUPS we fear we won't be able to manage/maintain the printer. So to anyone who has said up printers with Samba4, what method/route did you elect? Additionally, a pointer to documentation (I haven't found anything great) would be most appreciated. Thanks much, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Auto-start
Greg, Rick-- Thanks both for your suggestions. Here is how it finally ended up: As Greg thought, /usr/local/samba/sbin/samba as part of that upstart script was trying to use the default smb.conf (in /etc/samba) as opposed to the properly configured one in /usr/local/samba/etc. The solution here was simply removing the bad configuration and then symlink to the proper one. One lingering question here is why manually calling /usr/local/samba/sbin/samba (after the killall) used the correct configuration file automatically, but why it didn't do that magic when part of a script. However, at this point, it still wasn't up and running properly. After some group analysis, we believed it was the fact that bind9 was not yet started when Samba was starting (we have --dns-backend=BIND9_DLZ). After poking around to set up a proper dependency between bind9 and Samba4, it worked as expected. In case anyone else wants to set this up, here the files -- note please that this converts bind9 to an upstart minion, not a sysV relic; thus bind9 must be removed from the sysV start method. This can be achieved with update-rc.d -f bind9 remove . /etc/init/samba4.conf : _ #description SMB/CIFS File and Active Directory Server #author Jelmer Vernooij jel...@ubuntu.com start on (local-filesystems and net-device-up and started bind9) stop on runlevel [!2345] expect fork normal exit 0 pre-start script [ -r /etc/default/samba4 ] . /etc/default/samba4 install -o root -g root -m 755 -d /var/run/samba install -o root -g root -m 755 -d /var/log/samba end script exec /usr/local/samba/sbin/samba -D _ /etc/init/bind9.conf : _ #UPSTART JOB FOR BIND9 start on runlevel [2345] stop on runlevel [!2345] pre-start script # dirs under /var/run can go away on reboots. mkdir -p /var/run/named chmod 775 /var/run/named chown root:bind /var/run/named /dev/null 21 || true end script #Add bind command-line options below exec /usr/sbin/named -f -u bind pre-stop exec rndc stop post-stop exec logger -p user.warning -t upstart-bind bind stopped respawn respawn limit 3 10 kill timeout 30 console none #END _ Thanks much, - Original Message - From: Ricky Nance ricky.na...@weaubleau.k12.mo.us To: Greg Sloop gr...@sloop.net Cc: Mike Ray m...@xes-inc.com, samba@lists.samba.org Sent: Wednesday, February 20, 2013 4:52:27 PM Subject: Re: [Samba] Samba4 Auto-start My bet is that smbd is spawning before your upstart script causing major problems. Try to issue a update-rc.d -f smbd remove then reboot and see if your problem goes away. Ricky On Wed, Feb 20, 2013 at 3:15 PM, Gregory Sloop gr...@sloop.net wrote: MR I'll cut to the chase -- several weeks ago, I thought I had an MR upstart configuration file that would start Samba4 when the VM was MR turned on; but it turns out I was wrong. At the time there was MR nothing on the wiki about it (the links were broken). MR The script I thought was working was simply: MR start on runlevel [2345] MR exec /usr/local/samba/sbin/samba MR In any case, looking at the official wiki today, I found a new MR note, stating that the links were indeed broken and that this one should probably work: -SNIP- MR I am running Version 4.1.0pre1-GIT-f25debf on Ubuntu 12.04 LTS, MR with the samba executable at /usr/local/samba/sbin/samba and the MR conf file as /etc/init/samba4.conf. I'm the one that dug up that upstart script and put it in the Wiki. [Since the link we broken.] But I don't think the upstart script has anything to do with what ports Samba's going to listen on. While someone else may be able to offer more helpful advice, I'd guess that the difference is that the upstart is starting samba with a different config than the manual start - if you figure out how it's getting a different config, then I suspect your problem will go away or be trivially solvable. Also, while I think there's no difference in terms of if the upstart script works properly or not, I used it on version 4.0.3. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 Auto-start
Hello all, I'll cut to the chase -- several weeks ago, I thought I had an upstart configuration file that would start Samba4 when the VM was turned on; but it turns out I was wrong. At the time there was nothing on the wiki about it (the links were broken). The script I thought was working was simply: start on runlevel [2345] exec /usr/local/samba/sbin/samba In any case, looking at the official wiki today, I found a new note, stating that the links were indeed broken and that this one should probably work: description SMB/CIFS File and Active Directory Server author Jelmer Vernooij jel...@ubuntu.com start on (local-filesystems and net-device-up) stop on runlevel [!2345] expect fork normal exit 0 pre-start script [ -r /etc/default/samba4 ] . /etc/default/samba4 install -o root -g root -m 755 -d /var/run/samba install -o root -g root -m 755 -d /var/log/samba end script exec /usr/local/samba/sbin/samba -D However, I am finding that this is not the case. From what I can tell, the script is doing something, just not anything useful (highlights denote difference between boot with conf file versus without). [netstat -tulpn on boot] tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 769/smbd tcp 0 0 10.52.2.91:53 0.0.0.0:* LISTEN 1076/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1076/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1076/named tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 769/smbd tcp6 0 0 :::139 :::* LISTEN 769/smbd tcp6 0 0 :::53 :::* LISTEN 1076/named tcp6 0 0 :::22 :::* LISTEN 900/sshd tcp6 0 0 ::1:953 :::* LISTEN 1076/named tcp6 0 0 :::445 :::* LISTEN 769/smbd Moreover, it seems to actually break samba, as a manual invocation does not get it to a functioning state (clients complain of no logon server to service the request). [netstat -tulpn after /usr/local/samba/sbin/samba after boot ] tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 1765/samba tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 769/smbd tcp 0 0 10.52.2.91:53 0.0.0.0:* LISTEN 1076/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1076/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1076/named tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 769/smbd tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN 1765/samba tcp6 0 0 :::135 :::* LISTEN 1765/samba tcp6 0 0 :::139 :::* LISTEN 769/smbd tcp6 0 0 :::53 :::* LISTEN 1076/named tcp6 0 0 :::22 :::* LISTEN 900/sshd tcp6 0 0 ::1:953 :::* LISTEN 1076/named tcp6 0 0 :::445 :::* LISTEN 769/smbd tcp6 0 0 :::1024 :::* LISTEN 1765/samba However, killing it all and starting it cleanly gets it to a proper, functioning state (clients can log in, etc.). [netstat -tulpn after killall samba and /usr/local/samba/sbin/samba after the aforementioned] tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 1805/samba tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 1805/samba tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 1805/samba tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 1801/samba tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1803/smbd tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 1807/samba tcp 0 0 10.52.2.91:53 0.0.0.0:* LISTEN 1076/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1076/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 1807/samba tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1076/named tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 1805/samba tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1803/smbd tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN 1801/samba tcp6 0 0 :::3268 :::* LISTEN 1805/samba tcp6 0 0 :::3269 :::* LISTEN 1805/samba tcp6 0 0 :::389 :::* LISTEN 1805/samba tcp6 0 0 :::135 :::* LISTEN 1801/samba tcp6 0 0 :::139 :::* LISTEN 1803/smbd tcp6 0 0 :::464 :::* LISTEN 1807/samba tcp6 0 0 :::53 :::* LISTEN 1076/named tcp6 0 0 :::22 :::* LISTEN 900/sshd tcp6 0 0 :::88 :::* LISTEN 1807/samba tcp6 0 0 ::1:953 :::* LISTEN 1076/named tcp6 0 0 :::636 :::* LISTEN 1805/samba tcp6 0 0 :::445 :::* LISTEN 1803/smbd tcp6 0 0 :::1024 :::* LISTEN 1801/samba Does anyone know what is going on here? And does anyone have a working script? I am running Version 4.1.0pre1-GIT-f25debf on Ubuntu 12.04 LTS, with the samba executable at /usr/local/samba/sbin/samba and the conf file as /etc/init/samba4.conf. Thanks much, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Auto-start
Clarification, as it looks as though highlighting is frowned upon: For that first netstat command, the lines that indicate smbd is on that port are the lines that are a direct consequence of the script (i.e. remove or comment out the script, and those lines wouldn't show) - Original Message - From: Mike Ray m...@xes-inc.com To: samba@lists.samba.org Sent: Wednesday, February 20, 2013 2:11:13 PM Subject: [Samba] Samba4 Auto-start Hello all, I'll cut to the chase -- several weeks ago, I thought I had an upstart configuration file that would start Samba4 when the VM was turned on; but it turns out I was wrong. At the time there was nothing on the wiki about it (the links were broken). The script I thought was working was simply: start on runlevel [2345] exec /usr/local/samba/sbin/samba In any case, looking at the official wiki today, I found a new note, stating that the links were indeed broken and that this one should probably work: description SMB/CIFS File and Active Directory Server author Jelmer Vernooij jel...@ubuntu.com start on (local-filesystems and net-device-up) stop on runlevel [!2345] expect fork normal exit 0 pre-start script [ -r /etc/default/samba4 ] . /etc/default/samba4 install -o root -g root -m 755 -d /var/run/samba install -o root -g root -m 755 -d /var/log/samba end script exec /usr/local/samba/sbin/samba -D However, I am finding that this is not the case. From what I can tell, the script is doing something, just not anything useful (highlights denote difference between boot with conf file versus without). [netstat -tulpn on boot] tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 769/smbd tcp 0 0 10.52.2.91:53 0.0.0.0:* LISTEN 1076/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1076/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1076/named tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 769/smbd tcp6 0 0 :::139 :::* LISTEN 769/smbd tcp6 0 0 :::53 :::* LISTEN 1076/named tcp6 0 0 :::22 :::* LISTEN 900/sshd tcp6 0 0 ::1:953 :::* LISTEN 1076/named tcp6 0 0 :::445 :::* LISTEN 769/smbd Moreover, it seems to actually break samba, as a manual invocation does not get it to a functioning state (clients complain of no logon server to service the request). [netstat -tulpn after /usr/local/samba/sbin/samba after boot ] tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 1765/samba tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 769/smbd tcp 0 0 10.52.2.91:53 0.0.0.0:* LISTEN 1076/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1076/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1076/named tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 769/smbd tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN 1765/samba tcp6 0 0 :::135 :::* LISTEN 1765/samba tcp6 0 0 :::139 :::* LISTEN 769/smbd tcp6 0 0 :::53 :::* LISTEN 1076/named tcp6 0 0 :::22 :::* LISTEN 900/sshd tcp6 0 0 ::1:953 :::* LISTEN 1076/named tcp6 0 0 :::445 :::* LISTEN 769/smbd tcp6 0 0 :::1024 :::* LISTEN 1765/samba However, killing it all and starting it cleanly gets it to a proper, functioning state (clients can log in, etc.). [netstat -tulpn after killall samba and /usr/local/samba/sbin/samba after the aforementioned] tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 1805/samba tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 1805/samba tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 1805/samba tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 1801/samba tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1803/smbd tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 1807/samba tcp 0 0 10.52.2.91:53 0.0.0.0:* LISTEN 1076/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1076/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 1807/samba tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1076/named tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 1805/samba tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1803/smbd tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN 1801/samba tcp6 0 0 :::3268 :::* LISTEN 1805/samba tcp6 0 0 :::3269 :::* LISTEN 1805/samba tcp6 0 0 :::389 :::* LISTEN 1805/samba tcp6 0 0 :::135 :::* LISTEN 1801/samba tcp6 0 0 :::139 :::* LISTEN 1803/smbd tcp6 0 0 :::464 :::* LISTEN 1807/samba tcp6 0 0 :::53 :::* LISTEN 1076/named tcp6 0 0 :::22 :::* LISTEN 900/sshd tcp6 0 0 :::88 :::* LISTEN 1807/samba tcp6 0 0 ::1:953 :::* LISTEN 1076/named tcp6 0 0 :::636 :::* LISTEN 1805/samba tcp6 0 0 :::445 :::* LISTEN 1803/smbd tcp6 0 0 :::1024 :::* LISTEN 1801/samba Does anyone know what is going on here? And does anyone have a working script? I am running Version 4.1.0pre1-GIT-f25debf on Ubuntu 12.04 LTS, with the samba executable at /usr/local/samba/sbin/samba and the conf file as /etc/init/samba4.conf. Thanks much, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: correction - Frustrated with there are currently no logon servers available
On 01/02/2013 15:59, Morgan Toal wrote: On 2/1/2013 8:54 AM, Morgan Toal wrote: OK I feel even dumber now... I pasted the wrong text into my email due to my frustration level. The error is: there are currently no logon servers available as opposed to: the network name is no longer available That error has always meant to me that the client in question has somehow become unjoined (for all intents and purposes). That is, it's SID no longer matches that held by the PDC. Have you tried unjoining the domain, ensuring the client record has actually been removed and rejoining? -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Group Policy Linux Machines
On 01/02/2013 18:52, Michael Ray wrote: Hey all- So linux machines in my domain, served by a Samba4 PDC, show up in the Administrative Tools. I was testing GP to see if it would apply to linux machines -- a basic one, just trying to deny a user from logging in. It does nothing; though from samba-tool, I can verify this policy is linked to the machine. Is it just that GP is designed for Windows machines such that they will have no effect on linux machines? Yes. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS updates working Windows only
On 12/01/2013 19:36, Robert Moggach wrote: I'm using BIND9_FLATFILE and able to join windows machines and have DNS updates working but Linux machines join with DNS update errors. Is there additional configuration necessary on Linux for the machines' NICs to be seen as valid? As far as I'm aware this has always been the case with Samba 4 (and cetainly in my experience), Linux clients aren't catered for in this respect. There are vey many posts on this subject on this list and over on samba-technical. The workaround is to use a script, usually in association with your dhcpd to accomplish the update. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] cannot join an existing AD as either a RODC or DC w/ samba4
I'm stuck trying to figure out what the next step should be. Any hints on what I could try? On Thu, Jan 10, 2013 at 04:53:59PM -0500, Mike Edwards babbled thus: I'm unable to have samba4 join an existing AD domain as either an RODC (preferrable) or merely a DC. AD domain is Win2k3, but we recently added a pair of Win2k8 DCs to it. Domain functional level is Win2k3. ### Adding samba4 as an RODC ### *chomp* ### Adding samba4 as a DC ### *chomp* -- Mike Edwards| If this email address disappears, Unsolicited advertisments to| assume it was spammed to death. To this address are not welcome. | reach me in that case, s/-.*@/@/ Our progress as a nation can be no swifter than our progress in education. The human mind is our fundamental resource. -- John F. Kennedy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] cannot join an existing AD as either a RODC or DC w/ samba4
: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1 bcast=fe80:::::%eth1 netmask=::::: added interface eth1 ip=192.168.42.1 bcast=192.168.42.255 netmask=255.255.255.0 added interface eth0 ip=10.2.40.194 bcast=10.2.40.255 netmask=255.255.255.0 added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1 bcast=fe80:::::%eth1 netmask=::::: added interface eth1 ip=192.168.42.1 bcast=192.168.42.255 netmask=255.255.255.0 added interface eth0 ip=10.2.40.194 bcast=10.2.40.255 netmask=255.255.255.0 added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1 bcast=fe80:::::%eth1 netmask=::::: added interface eth1 ip=192.168.42.1 bcast=192.168.42.255 netmask=255.255.255.0 added interface eth0 ip=10.2.40.194 bcast=10.2.40.255 netmask=255.255.255.0 added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1 bcast=fe80:::::%eth1 netmask=::::: added interface eth1 ip=192.168.42.1 bcast=192.168.42.255 netmask=255.255.255.0 added interface eth0 ip=10.2.40.194 bcast=10.2.40.255 netmask=255.255.255.0 added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1 bcast=fe80:::::%eth1 netmask=::::: added interface eth1 ip=192.168.42.1 bcast=192.168.42.255 netmask=255.255.255.0 added interface eth0 ip=10.2.40.194 bcast=10.2.40.255 netmask=255.255.255.0 added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1 bcast=fe80:::::%eth1 netmask=::::: added interface eth1 ip=192.168.42.1 bcast=192.168.42.255 netmask=255.255.255.0 added interface eth0 ip=10.2.40.194 bcast=10.2.40.255 netmask=255.255.255.0 Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 Password for [adminuser@MY.DOMAIN]: Timed out smb_krb5 packet Received smb_krb5 packet of length 148 Timed out smb_krb5 packet Received smb_krb5 packet of length 1450 gensec_gssapi: credentials were delegated GSSAPI Connection will be cryptographically sealed workgroup is MY realm is my.domain checking sAMAccountName Adding CN=NYSV-NIS1,OU=Domain Controllers,DC=my,DC=domain Adding CN=NYSV-NIS1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain Join failed - cleaning up checking sAMAccountName Deleted CN=NYSV-NIS1,OU=Domain Controllers,DC=my,DC=domain ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - CN=Sites,CN=Configuration,DC=my,DC=domain 208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=Sites,CN=Configuration,DC=my,DC=domain' File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 1104, in join_DC ctx.do_join() File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 1007, in do_join ctx.join_add_objects() File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 518, in join_add_objects ctx.samdb.add(rec) Any ideas? -- Mike Edwards| If this email address disappears, Unsolicited advertisments to| assume it was spammed to death. To this address are not welcome. | reach me in that case, s/-.*@/@/ Our progress as a nation can be no swifter than our progress in education. The human mind is our fundamental resource. -- John F. Kennedy -- To unsubscribe from this list go to the following URL and read
[Samba] A device attached to the system is not functioning(samba 3.6.3 + OpenLDAP)
Today's morning I got *Domain not available* on all windows xp machines(domain logon working only for users with cached profiles) I tried to rejoin machine to domain, but when I try to join, error *A device attached to the system is not functioning* occurs Here is error log when I tried to join http://pastebin.com/MCHKMjmL *Re-using invalid record* looks suspicious, but I don't understand how its related to my problem. I'm using samba 3.6.3 with OpenLDAP My samba config: http://pastebin.com/BKLVBeWv Also, I done absolutely nothing to server before error happens(just reboot 2 days ago) -- С уважением, Майоров Михаил. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 8 Pro no domain logon possible
On Thu, Sep 20, 2012 at 9:17 AM, Michael Wood esiot...@gmail.com wrote: What is the official plan here? Can the required portions for windows 8 be backported to samba 3? I doubt it. As far as I know recent versions of Windows will not work with an NT-style domain at all, unless the DC is a Samba server. i.e. you will not be able to join a Windows 8 (or 7 or maybe earlier) machine to a Windows NT-style domain controller. So I don't think there's some little bit of Samba 4 that could be backported to Samba 3 to allow you to join a Windows 8 machine to the domain. More likely there's something that needs to be fixed in Samba 3 or in Windows 8 to get this working again. Can a Samba-3 Standalone server [[http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/StandAloneServer.html]] be made a member of a Samba-4 AD-DC, and then Win7 and Win8 domain clients on the same network access shares on the Samba-3 Standalone? Thank you for your help. Best, Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba / AD connection issue
Hello list, We are receiving this error on our AD machine; The session setup from the computer COMPUTERNAME failed to authenticate. The following error occurred: %%5 I've searched internet, and it seems to be some kind of trust issue / windows NT 4.0 authentication method. But I couldn't find a answer on how to solve this on the samba server. Here is my samba config: [global] workgroup = DOMAIN security = ADS password server = * encrypt passwords = yes realm = DS.DOMAIN.NET dns proxy = no preferred master = no domain master = no local master = no log level = 0 log file = /opt/pware/var/log/log.%m interfaces = en0 en2 bind interfaces only = yes client use spnego = yes client signing = required server signing = required client ldap sasl wrapping = seal idmap config * : backend = tdb idmap config * : range = 20-50 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind cache time = 3600 [share] path = /share Valid Users = DOMAIN+username read only = no I am using samba version 3.6.5.0 on AIX 6.1 Met vriendelijke groet / With kind regards, Mike van Hoof AIX engineer Dit bericht is vertrouwelijk en kan geheime informatie bevatten enkel bestemd voor de geadresseerde. Indien dit bericht niet voor u is bestemd, verzoeken wij u dit onmiddellijk aan ons te melden en het bericht te vernietigen. Aangezien de integriteit van het bericht niet veilig gesteld is middels verzending via internet, kan Atos Nederland B.V. niet aansprakelijk worden gehouden voor de inhoud daarvan. Hoewel wij ons inspannen een virusvrij netwerk te hanteren, geven wij geen enkele garantie dat dit bericht virusvrij is, noch aanvaarden wij enige aansprakelijkheid voor de mogelijke aanwezigheid van een virus in dit bericht. Op al onze rechtsverhoudingen, aanbiedingen en overeenkomsten waaronder Atos Nederland B.V. goederen en/of diensten levert zijn met uitsluiting van alle andere voorwaarden de Leveringsvoorwaarden van Atos Nederland B.V. van toepassing. Deze worden u op aanvraag direct kosteloos toegezonden. This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos Nederland B.V. group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. On all offers and agreements under which Atos Nederland B.V. supplies goods and/or services of whatever nature, the Terms of Delivery from Atos Nederland B.V. exclusively apply. The Terms of Delivery shall be promptly submitted to you on your request. Atos Nederland B.V. / Utrecht KvK Utrecht 30132762 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] force group + acls
Hi everyone, So I'm trying to copy files from a windows share to a samba share. I'm using robocopy to mirror file files a permissions, but I've recently hit a little problem with the interaction of permissions, and I'm not sure how to fix it. What's happening is that after a file is copied, it's permissions are updated. What I end up with is Domain Users (the default group) is assigned to the file with no permissions, and the builtin Users group is assigned, via ACLs, with full permissions. Of course, the problem is that the builtin Users group actually contains the Domain Users group, so I end up with a case of Domain Users being unable to access the file. Now, in an ideal world, unix filesystems would implement ACLs in a way that isn't a kludgey bolt-on feature, but since it is, I'd like samba to help me work around it and set the unix group to something which will then be ignored when reporting file permissions back to Windows. I thought that I found this feature in the force group command, but I was wrong. Force group sounds exactly like what I want. I want samba to assign a default group, e.g. root, to all of my files, and then add and modify additional groups via the ACL system. This would prevent the wackiness I'm seeing, and get ACLs working properly. However, what ends up happening in this case is that the file is created as me, with the default group set to root (yay!), then the permissions are fixed, and the owner is set to root and the group is set to Domain Users. This seems a bit strange to me because Domain Users is not mentioned in the Windows ACLs at all, so it makes me wonder: a) Why is the group being set to Domain Users at all? b) Why isn't the group still forced to root as I asked? One option I've considered is messing with the various mode bits. I could, for example, ensure that the default group always had full permissions (or at least read-only permissions), but that changes the problem because now I am granting permissions where there were none before. I'm using samba version 3.6.3, on Ubuntu 12.04. Here is my config: == [global] log level = 3 server string = samba netbios name = samba interfaces = 10.0.0.36 security = ads realm = DOMAIN.COM workgroup = DOMAIN # I want to see the domain name as part of the user name: winbind use default domain = no winbind separator = + # From here we configure the idmaps idmap config * : backend = tdb idmap config * : range = 5000-6000 idmap config DOMAIN: default = yes idmap config DOMAIN: backend = rid idmap config DOMAIN: range = 10-20 winbind enum users = yes winbind enum groups = yes winbind nested groups = Yes # how many nested groups to traverse: winbind expand groups = 10 client use spnego = yes encrypt passwords = true restrict anonymous = 2 # Windows doesn't have this restriction, so neigther do we: hide dot files = no # Use extended ACL attributes to store windows permissions: vfs objects = acl_xattr ea support = yes map acl inherit = yes store dos attributes = yes map hidden = no map system = no map archive = no map readonly = no # Just to be safe: invalid users = root # Reccommended for ADS security mode: #name resolve order = wins bcast template homedir = /srv/Homes/%D/%U template shell = /bin/false unix extensions = no # Allocate file blocks at creation time (no sparse files), helps # with quotas. strict allocate = yes allocation roundup size = 1024 [Share] path = /srv/Share writable = yes admin users = DOMAIN+mike #force group = root #force directory security mode = 0070 == Please let me know if I can provide more information. Thanks, Mike (: -- m...@piratehaven.org---The_glass_is_too_big -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DC replication
On 26/06/2012 08:56, steve wrote: Hi We have just added a second DC to our existing domain. Replication is working fine. We have setup the second DC with bind DLZ and that too is working fine (except that the DNS partition is not replicated). So, we now have two DC's and so also two DNS servers. Question, Do I now have to go to every client and add the new IP for the new DNS? Cheers, Steve Just add the extra address to 'option domain-name-servers' in your dhcpd.conf file (comma separated list), unless of course all your clients are statically assigned. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Can we use two file-servers?
On 26/06/2012 09:04, steve wrote: Hi We've just added a second DC to our domain, both DCs are Samba4 DC1 is also the s3fs file server. If that goes down then so does the file-server. IOW, we can still authenticate via DC2 but we cannot do any work! What are my options here? Is it possible to sync the files to DC2 and use that in case of failure? Or maybe add a third box running smbd? Cheers, Steve It depends on your needs. For me, I use a couple of arm plugs as PDC BDC for authentiaction and dns etc and file serve files from elsewhere, also plugs. Where ever you serve files from, if that box goes down you lose your data/file serving capability. You can use (software or hardware) raid to provide redundancy for the disks and/or a complete backup device for full HA. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Can we use two file-servers?
On 26/06/2012 11:22, steve wrote: On 26/06/12 11:54, Mike Howard wrote: On 26/06/2012 09:04, steve wrote: Hi We've just added a second DC to our domain, both DCs are Samba4 DC1 is also the s3fs file server. If that goes down then so does the file-server. IOW, we can still authenticate via DC2 but we cannot do any work! What are my options here? Is it possible to sync the files to DC2 and use that in case of failure? Or maybe add a third box running smbd? Cheers, Steve It depends on your needs. For me, I use a couple of arm plugs as PDC BDC for authentiaction and dns etc and file serve files from elsewhere, also plugs. Where ever you serve files from, if that box goes down you lose your data/file serving capability. You can use (software or hardware) raid to provide redundancy for the disks and/or a complete backup device for full HA. Hi Mike Sorry, my English is over 30 years old! Can you give me a one liner on plugs and HA in a S4 context? We'd like to have a spare box with a backup of the data to substitute the DC/fileserver. What do you think about the possibility of syncing the data over to the secondary DC along with a copy of smb.conf and using that when the primary DC/fileserver goes down. Would the clients know to use the new fileserver: thinking about Kerberos here. Cheers Steve Sorry, by plug I meant Sheevaplug/Dreamplug/Guruplug which arem compact, low power arm devices. HA is High Availability, put (over) simply, the provision of backup devices/components in case of failure. Daniel mentioned in another reply, you can use GlusterFS (NAS type approach) to aggregate your data (you still need somewhere to aggregate it to though) or replication if your restricted to the two DCs, though I've never tried that approach. In either case the switch (of where data is accessed) should be automated from a client perspective. Cheers, -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] cross-compile samba4
On 28/05/2012 23:07, Andrew Bartlett wrote: Great news! I'm pretty sure you are the first person to have cross-compiled Samba4, or if not, the first person to have done it in a long time. (The ability was there, but you know the difference between theory and practice). Could you write up in the wiki what you needed to do, and if there are any small changes we could make to the build system to make it easier next time? Andrew Bartlett Sure, I can do that. I assume I just need to create an account? Cheers, Mike. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] cross-compile samba4
On 18/05/2012 08:54, Kai Blin wrote: On 2012-05-18 09:45, Mike Howard wrote: Hi Mike, I have compiled natively on the dreamplug and it did take ~2hrs. In the past I've usually had to compile numerous times and time is money as they say :), so compiling on my desktop, at just under 5mins, would be a boon. The Archlinux|ARM folks have a guide on using distcc cross-compiling guide on their website, http://archlinuxarm.org/developers/distcc-cross-compiling I haven't tried this myself yet, but it should be adaptable to your set-up and allow you to launch ARM builds that are distributed to your desktop machine. Hello again Kai, As previously mentioned, distcc turned out not to be of any improvement over my initial cross compile attempts. I also tried qemu which wasn't much of an improvement over compiling natively on my ARM device. I have eventually succeeded in cross compiling on my x86_64 desktop and although it's not as fast as a 5 minute native compile, I'll settle for 14 minutes as opposed to over 2 hours. Thanks for the input. Cheers, Mike. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 Re-provisioning
What's best practice when it comes to changing a samba4 provision, without screwing current domain objects (users, computers, policy etc)? If, for example, I wanted to change the DNS from internal to external bind9, is it just a case of re-running 'provision' with the different command line option or will that mangle the domain sid etc? Cheers, Mike. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DNS - Adding CNAME
On 21/05/2012 20:38, Charles Tryon wrote: I have been working on this too, and found that I needed to add the FQDN as the target of the CNAME. This is what appears to be happening... When I just put in the name, for example: samba-tool dns add dnsserver mydomain.org http://mydomain.org newname CNAME realname ...and I use the Windows DNS tool to look at the record in the mydomain.org http://mydomain.org zone, it maps newname to realname. --- NOTICE the dot at the end. In DNS parlance, that dot usually means, don't add anything after this. So, when DNS is trying to resolve the actual IP, it tries to look up realname with no domain, and eventually times out. If you change this to: samba-tool dns add dnsserver mydomain.org http://mydomain.org newname CNAME realname.mydomain.org http://realname.mydomain.org ... then doing a dig or ping or whatever seems to work correctly. I may be doing this wrong, but at least this is how I got it to work. On Sat, May 19, 2012 at 6:57 AM, Mike Howard m...@dewberryfields.co.uk mailto:m...@dewberryfields.co.uk wrote: On 19/05/2012 11:12, Michael Wood wrote: So, the question is; What am I doing wrong? I haven't tried the above myself, but it seems you are adding it the wrong way around. i.e. it looks like you are saying that the canonical name of centos is debian instead of what you want (i.e. that the canonical name of debian is centos.) i.e. it looks like you now have this situation: centos IN A 192.168.1.11 centos IN CNAME debian Yes, I did wonder about that and did try it the other way around. That resulted in a new record as follows; Name=debian, Records=1, Children=0 CNAME: centos. (flags=f0, serial=21, ttl=900) But it still doesn't resolve. OK, then try specifying the FQDN for centos when you add the CNAME record. From the output above it looks like it's adding a CNAME to centos. instead of centos.example.com http://centos.example.com. Also try: dig @192.168.1.254 http://192.168.1.254 debian.example.com http://debian.example.com. IN CNAME If everything is set up correctly you should get something like this: [...] ;; QUESTION SECTION: ;debian.example.com http://debian.example.com.IN CNAME ;; ANSWER SECTION: debian.example.com http://debian.example.com. 3600IN CNAME centos.example.com http://centos.example.com. [...] Ok, I used; samba-tool dns add 127.0.0.1 example.com http://example.com debian CNAME centos.example.com http://centos.example.com a query now returns; Name=centos, Records=1, Children=0 A: 192.168.1.11 (flags=f0, serial=2, ttl=900) Name=debian, Records=1, Children=0 CNAME: centos.example.com http://centos.example.com. (flags=f0, serial=23, ttl=900) and 'dig @192.168.1.254 http://192.168.1.254 debian.example.com http://debian.example.com. IN CNAME' returns; [...] ;; QUESTION SECTION: ;debian.example.com http://debian.example.com. IN CNAME ;; ANSWER SECTION: debian.example.com http://debian.example.com. 900 IN CNAME centos.example.com http://centos.example.com. [...] However, neither 'debian' nor 'debian.example.com http://debian.example.com' resolve to an IP, yet the output from dig implies the entry is correct? Of course, 'centos' does resolve. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Charles Tryon _ “Risks are not to be evaluated in terms of the probability of success, but in terms of the value of the goal.” - Ralph D. Winter Well I too got dig, on the server, to produce the correct output but the hostname (either short or fully qualified) would not resolve to an ip address from _any_ clients. I'm using the internal dns server by the way. As I mentioned, I bodged it by just adding would be CNAME entries as A records. Not orthodox but it works for now. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] cross-compile samba4
On 18/05/2012 08:15, Kai Blin wrote: On 2012-05-17 14:06, Andrew Bartlett wrote: Hi Mike, I've CC'ed Kai, who is our expert on Samba4 on ARM. Hopefully he can help you out. I have to admit that so far I've resorted to building natively on the ARM hardware I run things on. You need a target Python version in your path, and cross-compiling Python has so far been a stumbling block for me. The dreamplug is a Kirkwood-based ARMv5, right? With a reasonably fast disk, I can build on similar hardware in ~2 hours, iirc. Make sure you have enough RAM, the build takes 128 megs. HTH, Kai Hi Kai, I thought I'd give the cross-compile route a further try. To that end, I've a cross-compiled python and so have it available to put in my path. However, If I put the 'arm' version at the head of my path, configure fails immediately as it tries to use it and if I put it at the tail of my path, then during the configure process, configure finds the native python and tries to use it, which fails. Is/are there any configure options to specify which python to use and when? I guess not. The configure doesn't want to play nice with distcc either, again due to the python issue I guess. Regards, Mike. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 DNS - Adding CNAME
Hi All, I'm using samba 4.0.0alpha21-GIT-UNKNOWN provisioned to use the internal dns server. I'm having a bit of trouble adding a CNAME entry, or more correctly, getting it to resolve after adding. Prior to adding the CNAME a query returns (the relevant record); Name=centos, Records=1, Children=0 A: 192.168.1.11 (flags=f0, serial=2, ttl=900) It's more than likely me doing something wrong, I really am poking around in the dark a bit with samba-tool, so maybe somebody could help me out. I've added a CNAME entry using samba-tool as follows; samba-tool dns add 127.0.0.1 mydomain centos CNAME debian where mydomain is the zone, name is the name of a current A record (see above) and debian is the CNAME I want added. A query no returns (the relevant record); Name=centos, Records=2, Children=0 A: 192.168.1.11 (flags=f0, serial=2, ttl=900) CNAME: debian. (flags=f0, serial=19, ttl=900) On the face of it, to a layman like myself, the entry is added successfully (as per samba-tools output - Record added successfully), however, am 'nslookup' returns; # nslookup debian Server: 192.168.1.254 Address:192.168.1.254#53 Non-authoritative answer: *** Can't find debian: No answer So, the question is; What am I doing wrong? Cheers, Mike. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DNS - Adding CNAME
On 19/05/2012 10:34, Mike Howard wrote: Hi All, I'm using samba 4.0.0alpha21-GIT-UNKNOWN provisioned to use the internal dns server. I'm having a bit of trouble adding a CNAME entry, or more correctly, getting it to resolve after adding. Prior to adding the CNAME a query returns (the relevant record); Name=centos, Records=1, Children=0 A: 192.168.1.11 (flags=f0, serial=2, ttl=900) It's more than likely me doing something wrong, I really am poking around in the dark a bit with samba-tool, so maybe somebody could help me out. I've added a CNAME entry using samba-tool as follows; samba-tool dns add 127.0.0.1 mydomain centos CNAME debian where mydomain is the zone, name is the name of a current A record (see above) and debian is the CNAME I want added. A query no returns (the relevant record); Should have read A query now returns (the relevant record); Name=centos, Records=2, Children=0 A: 192.168.1.11 (flags=f0, serial=2, ttl=900) CNAME: debian. (flags=f0, serial=19, ttl=900) On the face of it, to a layman like myself, the entry is added successfully (as per samba-tools output - Record added successfully), however, am 'nslookup' returns; Should have read an 'nslookup' returns; # nslookup debian Server: 192.168.1.254 Address:192.168.1.254#53 Non-authoritative answer: *** Can't find debian: No answer So, the question is; What am I doing wrong? Apart from my inability to type! Cheers, MIke. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DNS - Adding CNAME
On 19/05/2012 10:41, Michael Wood wrote: Hi On 19 May 2012 11:34, Mike Howardm...@dewberryfields.co.uk wrote: Hi All, I'm using samba 4.0.0alpha21-GIT-UNKNOWN provisioned to use the internal dns server. I'm having a bit of trouble adding a CNAME entry, or more correctly, getting it to resolve after adding. Prior to adding the CNAME a query returns (the relevant record); Name=centos, Records=1, Children=0 A: 192.168.1.11 (flags=f0, serial=2, ttl=900) It's more than likely me doing something wrong, I really am poking around in the dark a bit with samba-tool, so maybe somebody could help me out. I've added a CNAME entry using samba-tool as follows; samba-tool dns add 127.0.0.1 mydomain centos CNAME debian wheremydomain is the zone,name is the name of a current A record (see above) anddebian is the CNAME I want added. A query no returns (the relevant record); Name=centos, Records=2, Children=0 A: 192.168.1.11 (flags=f0, serial=2, ttl=900) CNAME: debian. (flags=f0, serial=19, ttl=900) On the face of it, to a layman like myself, the entry is added successfully (as per samba-tools output - Record added successfully), however, am 'nslookup' returns; # nslookup debian Server: 192.168.1.254 Address:192.168.1.254#53 Non-authoritative answer: *** Can't find debian: No answer So, the question is; What am I doing wrong? I haven't tried the above myself, but it seems you are adding it the wrong way around. i.e. it looks like you are saying that the canonical name of centos is debian instead of what you want (i.e. that the canonical name of debian is centos.) i.e. it looks like you now have this situation: centos IN A 192.168.1.11 centos IN CNAME debian Yes, I did wonder about that and did try it the other way around. That resulted in a new record as follows; Name=debian, Records=1, Children=0 CNAME: centos. (flags=f0, serial=21, ttl=900) But it still doesn't resolve. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DNS - Adding CNAME
On 19/05/2012 11:12, Michael Wood wrote: So, the question is; What am I doing wrong? I haven't tried the above myself, but it seems you are adding it the wrong way around. i.e. it looks like you are saying that the canonical name of centos is debian instead of what you want (i.e. that the canonical name of debian is centos.) i.e. it looks like you now have this situation: centos IN A 192.168.1.11 centos IN CNAME debian Yes, I did wonder about that and did try it the other way around. That resulted in a new record as follows; Name=debian, Records=1, Children=0 CNAME: centos. (flags=f0, serial=21, ttl=900) But it still doesn't resolve. OK, then try specifying the FQDN for centos when you add the CNAME record. From the output above it looks like it's adding a CNAME to centos. instead of centos.example.com. Also try: dig @192.168.1.254 debian.example.com. IN CNAME If everything is set up correctly you should get something like this: [...] ;; QUESTION SECTION: ;debian.example.com.IN CNAME ;; ANSWER SECTION: debian.example.com. 3600IN CNAME centos.example.com. [...] Ok, I used; samba-tool dns add 127.0.0.1 example.com debian CNAME centos.example.com a query now returns; Name=centos, Records=1, Children=0 A: 192.168.1.11 (flags=f0, serial=2, ttl=900) Name=debian, Records=1, Children=0 CNAME: centos.example.com. (flags=f0, serial=23, ttl=900) and 'dig @192.168.1.254 debian.example.com. IN CNAME' returns; [...] ;; QUESTION SECTION: ;debian.example.com. IN CNAME ;; ANSWER SECTION: debian.example.com. 900 IN CNAME centos.example.com. [...] However, neither 'debian' nor 'debian.example.com' resolve to an IP, yet the output from dig implies the entry is correct? Of course, 'centos' does resolve. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DNS - Adding CNAME
On 19/05/2012 11:57, Mike Howard wrote: On 19/05/2012 11:12, Michael Wood wrote: So, the question is; What am I doing wrong? I haven't tried the above myself, but it seems you are adding it the wrong way around. i.e. it looks like you are saying that the canonical name of centos is debian instead of what you want (i.e. that the canonical name of debian is centos.) i.e. it looks like you now have this situation: centos IN A 192.168.1.11 centos IN CNAME debian Yes, I did wonder about that and did try it the other way around. That resulted in a new record as follows; Name=debian, Records=1, Children=0 CNAME: centos. (flags=f0, serial=21, ttl=900) But it still doesn't resolve. OK, then try specifying the FQDN for centos when you add the CNAME record. From the output above it looks like it's adding a CNAME to centos. instead of centos.example.com. Also try: dig @192.168.1.254 debian.example.com. IN CNAME If everything is set up correctly you should get something like this: [...] ;; QUESTION SECTION: ;debian.example.com.INCNAME ;; ANSWER SECTION: debian.example.com.3600INCNAMEcentos.example.com. [...] Ok, I used; samba-tool dns add 127.0.0.1 example.com debian CNAME centos.example.com a query now returns; Name=centos, Records=1, Children=0 A: 192.168.1.11 (flags=f0, serial=2, ttl=900) Name=debian, Records=1, Children=0 CNAME: centos.example.com. (flags=f0, serial=23, ttl=900) and 'dig @192.168.1.254 debian.example.com. IN CNAME' returns; [...] ;; QUESTION SECTION: ;debian.example.com. IN CNAME ;; ANSWER SECTION: debian.example.com. 900 IN CNAME centos.example.com. [...] However, neither 'debian' nor 'debian.example.com' resolve to an IP, yet the output from dig implies the entry is correct? Of course, 'centos' does resolve. I guess I could 'bodge' it and add intended CNAMEs as A records :) A workaround at least. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] cross-compile samba4
On 18/05/2012 08:15, Kai Blin wrote: On 2012-05-17 14:06, Andrew Bartlett wrote: Hi Mike, I've CC'ed Kai, who is our expert on Samba4 on ARM. Hopefully he can help you out. I have to admit that so far I've resorted to building natively on the ARM hardware I run things on. You need a target Python version in your path, and cross-compiling Python has so far been a stumbling block for me. The dreamplug is a Kirkwood-based ARMv5, right? With a reasonably fast disk, I can build on similar hardware in ~2 hours, iirc. Make sure you have enough RAM, the build takes 128 megs. HTH, Kai Thanks guys, that's very helpful. I have compiled natively on the dreamplug and it did take ~2hrs. In the past I've usually had to compile numerous times and time is money as they say :), so compiling on my desktop, at just under 5mins, would be a boon. Cheers, Mike. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] cross-compile samba4
Hi All, Are there any good, up-to-date hints out there for cross compiling Samba4 for Arm? I've looked at http://wiki.samba.org/index.php/Waf#cross-compiling but the info is a little dated it appears. I'm looking to build for the dreamplug and based on the info on the wiki I've installed qemu and an arm toolchain but 'cross-execute' appears to be ignored. At least that's what it looks like to me. The 'config' step fails complaining it can't find the python libraries but I suspect the process is failing to run the created arm code. Of course I could be way off of base with my assumtions. Maybe I'd be better off not using waf? Either way, any hints on cross-compiling samba4 greatly appreciated. Cheers, Mike. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] requesting help setting share permissions
Hi, I have a share I'm trying to lock down to a specific group and I'm not hold my mouth right. I want this share available to a single group. I want this share to have directory permissions 0770 when a directory is created and file permissions 0660. I want the users accessing this share to never be able to change these permissions. When a file or directory is created, I want the group to be the controlling group and nothing else. I currently have: [sales] comment = Sales files path = /opt/group/sales valid users = @GRP\sales force group = sales read only = No create mask = 0660 force create mode = 0660 security mask = 0660 directory mask = 0770 force directory mode = 0770 directory security mask = 0770 msdfs root = Yes What am I doing wrong? I'm testing by copying a file in windows over to this share, then checking the resulting permissions in unix. Mike Fedora Core 5 Samba 3.3.3 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] requesting help setting share permissions
On Thu, 10 May 2012, Dale Schroeder might have said: On 05/10/2012 11:21 AM, Mike Eggleston wrote: Hi, I have a share I'm trying to lock down to a specific group and I'm not hold my mouth right. I want this share available to a single group. I want this share to have directory permissions 0770 when a directory is created and file permissions 0660. I want the users accessing this share to never be able to change these permissions. When a file or directory is created, I want the group to be the controlling group and nothing else. I currently have: [sales] comment = Sales files path = /opt/group/sales valid users = @GRP\sales force group = sales read only = No create mask = 0660 force create mode = 0660 security mask = 0660 directory mask = 0770 force directory mode = 0770 directory security mask = 0770 msdfs root = Yes What am I doing wrong? I'm testing by copying a file in windows over to this share, then checking the resulting permissions in unix. Mike Fedora Core 5 Samba 3.3.3 Mike, You never mentioned what your results were or how they were wrong, so I'm making a few assumptions. chown your_user : your_group /opt/group/sales chmod 2770 /opt/group/sales In your share, modify 1st two and add the 3rd directive: directory mask = 2770 force directory mode = 2770 nt acl support = No # makes the Security tab inaccessible in Windows. This is my best guess of what you want. See if this works for you. If not, please clarify. Good luck. Dale Dale, Duh! When a file is placed in the share above the permissions come out 0666 and the group is not set to sales. I want the permissions to be 0660 and the group to be sales. That would be a good start. I'll try your suggestion. Thanks. Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] requesting help setting share permissions
On Thu, 10 May 2012, Chris Smith might have said: This: chgrp GRP\sales /opt/group/sales chmod 0770 /opt/group/sales if you already have a bunch of directories and files use find with xargs to properly set the permissions With this: [sales] comment = Sales files path = /opt/group/sales valid users = @GRP\sales force group = GRP\sales create mask = 0660 directory mask = 0770 nt acl support = No inherit permissions = No Works fine in Samba 3.6.5, don't know about possible behavior changes with that old 3.3.3. Or you can use SGID as Dale suggested instead of force group. Chris Chris and Dale, Following Dales suggestion I have set sgid for all directiories in the /opt/group/sales directory and below. Now when a file is placed by windows into this sales share the file has the right group permissions. The file is still appearing as 0666 rather than 0660. What should I try next? Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Destination share larger than windows source
On Fri, Apr 20, 2012 at 11:57:31AM -0700, Jeremy Allison wrote: Ah. Try setting the per share parameter allocation roundup size = 1024 (instead of the default 1mb). This resolved my problem! Thanks! Mike (: -- m...@piratehaven.org---The_glass_is_too_big -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Destination share larger than windows source
On Thu, Apr 19, 2012 at 05:21:33PM -0700, Mike Kelly wrote: That seems pretty strange to me, as if files are rounded up to the next 1k or so. Actually, I made a mistake, that was output from du -sk, so the sizes are larger by 1MB or so! I got some surprising results at the byte level (du -sb), which lead me to do a little more investigation. Here are the files which I picked before, these files are not special, they happened to be near the beginning of the file and of differing sizes. I've got thousands more with the same allocation behavior. I used find's printf to print %s %k %S for these files. I'll save you the trip to the man page: %s Size in bytes %k Amount of disk space in 1k blocks. %S Sparseiness: (512*st_blocks / st_size) As stated before I'm using ext4 with 4k blocks. All the files have the same size in bytes, but the block allocations differ: --- SA on --- --- SA off -- bytes %k%S%k%Sfile name --- - - 1070035 2052 1.96372 1052 1.00674 openvpn-2.0.5-gui-1.0.3-install.exe 197233 1028 5.3372 200 1.03837 rest2514.exe 318391 1028 3.30622316 1.01631 SCP Screens/Screenshot-1.png 318229 1028 3.30791316 1.01683 SCP Screens/Screenshot-2.png 319245 1028 3.29738316 1.01359 SCP Screens/Screenshot-3.png 324373 1028 3.24525324 1.02282 SCP Screens/Screenshot-4.png 314324 1028 3.349 312 1.01643 SCP Screens/Screenshot-5.png 384690 1028 2.73642380 1.01152 SCP Screens/Screenshot-6.png 388921 1028 2.70665384 1.01104 SCP Screens/Screenshot-7.png 320041 1028 3.28918320 1.02387 SCP Screens/Screenshot.png 28672 1028 36.7143 32 1.14286 SCP Screens/Thumbs.db This is really interesting. What you'd expect is that a normal file would have a sparseiness of about 1.0, while a sparse file would be less than 1.0. This is what we see for the SA off files. However, what we are seeing for the SA on files is super-un-sparseness, the opposite of sparsness. They have more blocks allocated to them than they could possibly need to store their bytes. I think we're looking at one of three possibilities: 1) Samba is miscalculating the allocation size. 2) The kernel is miscalculating the allocation size. 3) The ext4 file system driver is miscalculating the allocation size. Is there some other data or test results you'd like to see? Thanks, Mike (: -- m...@piratehaven.org---The_glass_is_too_big -- m...@piratehaven.org---The_glass_is_too_big -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Destination share larger than windows source
On Wed, Apr 18, 2012 at 07:00:55PM -0700, Jeremy Allison wrote: On Wed, Apr 18, 2012 at 06:05:26PM -0700, Mike Kelly wrote: On Tue, Apr 17, 2012 at 04:06:40PM -0700, Jeremy Allison wrote: Can you run a recursive du on both systems to see which directories have a discontinuity ? When using du -sk: windows: 370391711 E:\share SA off: 370932304 /share SA on:485500380 /share The key you missed here was *recursive* du :-). We know the size is different over all the share, we need to know what directories *within* the share have a different size. Sorry about that, so between the SA on and off files I rand du, and what I'm seeing is that files are about 1k larger than you'd expect: on offfile name --- 2052 1052 openvpn-2.0.5-gui-1.0.3-install.exe 1028200 rest2514.exe 1028316 SCP Screens/Screenshot-1.png 1028316 SCP Screens/Screenshot-2.png 1028316 SCP Screens/Screenshot-3.png 1028324 SCP Screens/Screenshot-4.png 1028312 SCP Screens/Screenshot-5.png 1028380 SCP Screens/Screenshot-6.png 1028384 SCP Screens/Screenshot-7.png 1028320 SCP Screens/Screenshot.png 1028 32 SCP Screens/Thumbs.db That seems pretty strange to me, as if files are rounded up to the next 1k or so. Mike (: -- m...@piratehaven.org---The_glass_is_too_big -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Destination share larger than windows source
On Tue, Apr 17, 2012 at 04:06:40PM -0700, Jeremy Allison wrote: Can you run a recursive du on both systems to see which directories have a discontinuity ? When using du -sk: windows: 370391711 E:\share SA off: 370932304 /share SA on:485500380 /share Mike (: -- m...@piratehaven.org---The_glass_is_too_big -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Destination share larger than windows source
On Wed, Apr 18, 2012 at 08:20:20AM -0500, Chris Weiss wrote: On Tue, Apr 17, 2012 at 5:41 PM, Mike Kelly m...@piratehaven.org wrote: I copied over a share as a test and was a bit surprised when the amount of space allocated in the file system was over 100GB larger than the Windows source. I am running on ext4 with strict allocate = yes Do your ntfs and ext4 filesystems have the same block size? According to fsutil fsinfo ntfsinfo: Bytes Per Sector: 512 Bytes Per Cluster:4096 Byter Per FileRecord Segment: 1024 According to tune2fs: Block size:4096 Yes, it appears so. also ntfs does support sparse files, and it's more than likely that whatever tool you copied would not preserve that by default if it encountered any. The problem isn't that the copying program doesn't support sparse files so much as when I have strict allocation turned on I get much larger file system usage. I would easily accept a few hundred megabytes of difference as an artifact of sparse files, but 117 GB seems much too large. Regardless of this, when you consider that the size, as reported by Windows, should represent how much space something takes up on say, a USB thumb drive formatted with FAT (which does not support sparse files), it starts to look like this is a bug. Mike (: -- m...@piratehaven.org---The_glass_is_too_big -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Destination share larger than windows source
Hi, I'm running Samba 3.6.3 on Ubuntu 12.04 (beta). Like many before me, I'm trying to migrate data from a Windows file server. I copied over a share as a test and was a bit surprised when the amount of space allocated in the file system was over 100GB larger than the Windows source. I am running on ext4 with strict allocate = yes because I want to be sure that when I turn on quotas, or my users fill up the file system, that they get the same error experience which they would get under windows. Or, put another way, software expecting windows allocate-on-open semantics will get what they expect. Now, if I were copying from a Unix file system I'd expect to blame this on sparse files or hard links. However I'm under the impression that both of these are exceedingly rare under Windows. Furthermore, I would expect the Properties dialog box to show useful numbers for Size and Size on disk. By useful I mean that if I were copying data to another disk of size X, I would expect my data to fit on that disk so long as these numbers are less than X. I'm using robocopy from the windows file server to copy the files. According to Windows there are 116,000 files and 2800 folders, and I get exactly the same values in Unix when running find /share -type f | wc -l and find /share -type d | wc -l, except that the latter is larger by one, which I assume is because windows doesn't count the share folder itself and find does. I would expect these numbers to be different if I was being bitten by some weird windows folder junction point. Windows share folder size: 353GB Samba share folder size: 470GB Can anyone explain this behavior? Mike -- m...@piratehaven.org---The_glass_is_too_big -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Proposal to change security=share in Samba 4.0
Andrew Bartlett wrote: On Mon, 2012-02-27 at 19:45 -0500, simo wrote: On Tue, 2012-02-28 at 10:16 +1100, Andrew Bartlett wrote: On Mon, 2012-02-27 at 17:53 -0500, David Collier-Brown wrote: Am I correct in thinking this would make all shares have the same password as the guest user, or do you mean there really is no password at all, or alternatively that one would specify the share, provide it's password and be logged on as guest??? It's been a while since I had a security=share setup, but I remember WfW clients thinking that they had per-share passwords... In the past, Samba tried to match the 'per share' password provided by the client against a list of users, falling back to guest if 'guest ok = yes' was set on the share. What will happen now is that the password will be ignored, and only the 'guest ok' will be checked, and access will be as guest. This in effect means dropping security = share, can't we just effectively drop it instead of deceiving our users and making them believe they are using it ? I am fully in support of dropping it. Kai asked that we still have a way to 'simply' configure the system for trivial file access. These semantics (guest only) broadly matches the default file sharing access on WinXP. (Windows 7 instead wants you to use a HomeGroup, and makes just sharing a folder with no pw substantially more difficult). If the consensus of the list is to drop it outright, and simply error on parsing security=share, I will prepare a patch to do that. The recommended simple sharing option of 'map to guest = bad user' naturally remains. Thanks, Andrew Bartlett FWIW. It's interesting that this comes up now. We (a school district in MI US) are now part way though the process of deploying about 25 boxes in our various buildings one of the purposes for which will be a simple sharing of public access space for users within a given building. Our goal was to have no user/password overhead and security (with the term applied loosely) is merely to limit access to the share to the network subnet the building lives in (all of our buildings have individual subnets). These shares are publicized as basically temporary scratch pads which are not backed up or supported in any way other than simply being there. In spite of that potentially transient nature they are still used heavily. From what I saw in the rest of the thread it looks like there will still be a way to do this but I thought I'd chime in since the subject has come up and we do use security=share to accomplish this at present. Regards, -- Mike Rambo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] APW and Windows 7
Hi, I have set up my samba server as a print only server. Nothing specific is wrong. The print server is working but I have a couple of questions about using APW to install printer drivers and Windows 7. Linux server: Centos 6 Samba version: 3.6.3 - Default install (./configure; make make install) I did the usual, net use \\myprinter\print$ /user:root Browse to \\myprinter. In my case a Windows 7 (32-bit) client shows 41 print queues. I then click on View remote printers which takes me to the place where I can actually install the drivers for each queue. Now, I don't see 41 queues. If I refresh the page I see 31 queues. On other Win7 clients I see more or less queues. My temp solution is to shutdown the samba server, remove the cache (rm -rf /usr/local/samba/var/locks), restart samba and all is well - for a while at least. It's clearly not a solution, but it does work. Can anyone tell me how this list is generated? Also, once you've installed a printer driver via APW (i.e. right click print queue/Properties/Advanced/ New Driver), the name of your print queue gets changed to the name of the driver after successful installation. I had the same problem on my old samba 3.0.33 samba server, so I know you can just refresh your window and then get Properties on the newly named queue and simply rename it. What I haven't figured out (but have managed to work around) is that when you install the driver via APW, it presents a list of Manufacturers and Printer Models. If I do the above from a Win7 (32-bit) client everything works as you would expect. If however I do the above from a Win7 (64-bit) client I do not get presented with the Manufacturers/Models window. Instead the drivers windows says No drivers found for your device. Does this have something to so with how the Windows Active Directory views \\myprinter as either a 32-bit or 64-bit server when I joined it to the domain? smb.conf for reference [global] server string = CMS Print Server netbios name = MYPRINTER log file = /var/log/samba/%m.log max log size = 50 log level = 5 security = ads realm = MYDOM.COM workgroup = MYDOM domain master = no name resolve order = host socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 winbind enum users = yes winbind enum groups = yes idmap config * : range = 100-199 cups options = raw printing = cups printcap name = cups [print$] comment = Printer Driver Download Area path = /usr/local/samba/drivers browseable = no guest ok = no read only = yes write list = root [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes Cheers, Mike Vallabh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Offline Caching
On 06/02/2012 06:43, Volker Lendecke wrote: On Sun, Feb 05, 2012 at 10:47:49AM -0500, Charles Marcus wrote: On 2012-02-04 10:33 AM, Volker Lendecke wrote: On Sat, Feb 04, 2012 at 02:54:13PM, Mike Howard wrote: I'm sure this has been asked before but I can't find anything recent. Using Samba4 and windows clients, the client logs include lots off 'windows has detected that offline caching is enabled on the roaming profile share...' messages. Is this an issue and if so, how do I sort it? I've found references to 'csc policy = disable' but this is not recognised in samba4 smb.conf. Probably someone needs to take the time to port this feature from the Samba3 based fileserver to the Samba4 based one. Patches welcome:-) Confused on both the question and answer... Is the question 'How do I enable offline caching for shares in Samba4', or 'how do I *disable* offline caching for a specific share in samba4'? My answer was in response to the csc policy parameter. The samba3 based file server has it, but it seems the samba4 based one does not. So if you require the samba4 based file server for some reason, someone needs to port this feature to the samba4 based file server to fulfill your requirements. So the info on the Samba4/Howto page about profiles is misleading then? Do the roaming profiles need to stored on a different, samba3 box, leaving the Samab4 box to to AD stuff only? The profiles area is still a share being served and if caching isn't disabled, is subject to corruption according to MS. If that is the case, then a 'Franky' like setup, with both 3 4 on the same box would make sense (at least to me). Is that viable? Cheers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Offline Caching
On 05/02/2012 15:47, Charles Marcus wrote: On 2012-02-04 10:33 AM, Volker Lendecke wrote: On Sat, Feb 04, 2012 at 02:54:13PM, Mike Howard wrote: I'm sure this has been asked before but I can't find anything recent. Using Samba4 and windows clients, the client logs include lots off 'windows has detected that offline caching is enabled on the roaming profile share...' messages. Is this an issue and if so, how do I sort it? I've found references to 'csc policy = disable' but this is not recognised in samba4 smb.conf. Probably someone needs to take the time to port this feature from the Samba3 based fileserver to the Samba4 based one. Patches welcome:-) Confused on both the question and answer... Is the question 'How do I enable offline caching for shares in Samba4', or 'how do I *disable* offline caching for a specific share in samba4'? Then, Volker, which one of these questions does your answer pertain to? Meaning, does Samba4 *not* have an option to 'disable offline caching' for specific shares? That said, Microsoft requires that offline caching be disabled on the roaming profiles share for Windows XP/2000 clients. Thankfully they have solved this problem with Vista/7 clients, and using Roaming Profiles + Redirected Folders (which is now recommended best practice) works much better, in fact pretty much seamlessly, even in cases where lots of 'disconnected' users (ie, laptops that come and go) exist... The question was 'how do I _disable_ offline caching' and no, there does not appear to be a way to do this in Samba4. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Offline Caching
Hi All, I'm sure this has been asked before but I can't find anything recent. Using Samba4 and windows clients, the client logs include lots off 'windows has detected that offline caching is enabled on the roaming profile share...' messages. Is this an issue and if so, how do I sort it? I've found references to 'csc policy = disable' but this is not recognised in samba4 smb.conf. Cheers, Mike. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 user add - memberOf
Hi All, After adding a new user, using 'samba-tool user add', what would be the best way to make the new user a 'memberOf' a specific group, from the command line/script? I was thinking, the obvious way would be the ldb* tools, are they documented anywhere? Regards, Mike. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 user add - memberOf
On 27/01/2012 11:15, Daniel Müller wrote: Look at: https://wiki.samba.org/index.php/Samba-tool-external --- Hi All, After adding a new user, using 'samba-tool user add', what would be the best way to make the new user a 'memberOf' a specific group, from the command line/script? I was thinking, the obvious way would be the ldb* tools, are they documented anywhere? Regards, Mike. Thanks for the link. I have now worked it out and ldbmodify has done the trick. Regards, Mike. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DNS update failed! - Samba 3 joining Samba 4 AD Domain
Hi All, I've got samba4 set up as AD domain controller (from latest git), works fine. I'm now attemptng to use a separate samba 3 box as the file server (as I'm assuming this is current best practice?) but when joining the domain (which succeeds) I get the message 'DNS update failed!'. I've seen a lot of issues with this whilst trawling the net but no solutions. Windows clients can join the domain, it's only samba3 clients that can't. I haven't done anything special on the S3 clients (as I didn't need to with the windows clients) but maybe I need to? Anyway, if anybody has any ideas I'd be grateful. Mike -- *//* This email is intended solely for the addressee, it is strictly private and confidential and may also be legally privileged. If you are not the addressee please do not read, print, email, store or act in reliance upon it or on any attachments. Instead, please email it back to the sender and then permanently delete it.-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: DNS update failed! - Samba 3 joining Samba 4 AD Domain
On 24/12/2011 10:21, David Roid wrote: Add following line to /etc/hosts client-IP client-hostname.domain-full-name Er, why would I want to do that? I'm using DHCP so if I have numerous linux clients that would be a royal pain. Can't try right now but are you saying that if I add a client to the hosts file on the samba4 server it will update DNS? Regards, -- Michael Howardmike at dewberryfields dot co dot uk Lancashire England -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: DNS update failed! - Samba 3 joining Samba 4 AD Domain
Hi All, I've got samba4 set up as AD domain controller (from latest git), works fine. I'm now attempting to use a separate samba3 box as the file server (as I'm assuming this is current best practice?) but when joining the domain (which succeeds) I get the message 'DNS update failed!'. I've seen a lot of issues with this whilst trawling the net but no solutions. Windows clients can join the domain and have DNS updated, it's only samba3 clients that can't. I haven't done anything special on the S3 clients (as I didn't need to with the windows clients) but maybe I need to? Anyway, if anybody has any ideas I'd be grateful. Mike. -- Michael Howardmike at dewberryfields dot co dot uk Lancashire England -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Permissions vs Linux Permissions
Hi Stephen, I'm not a Samba expert, but a long-time samba user. From what you stated, I believe any user would be able to enter the share and read/write/execute all of its contents. The three groups of three rwxrwxrwx = First, what the directory/file owner can do Second, what the directory/file members can do Third, what other users can do So, any person with a user account and who is an enabled samba user too, will be able to enter the directory. To restrict directory access, many use the valid users = user1,user2 option. Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Permission
On Tue, Oct 4, 2011 at 2:01 AM, Daniel Müller muel...@tropenklinik.dewrote: For every share in samba4 login as administator from a windows client. Give your rights according to your groups and users as you would for an windows ads server that’s all. Working for me. Greetings Daniel Daniel, Thank you for writing. Assume I have completed a new server installation, what commands are used in Samba4 to create the users,groups, and various share 'masks'. Best regards, Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Permission
On Tue, Oct 4, 2011 at 3:42 PM, Marcel de Reuver mar...@de.reuver.orgwrote: 2011/10/4 Mike 1100...@gmail.comDo it from a Windows pc with Administration Tools installed. See: http://wiki.samba.org/index.php/Samba4/HOWTO#Step_1:_Installing_Windows_Remote_Administration_Tools_onto_Windows Thank you, Marcel. It's quite a different world now -- configuring linux servers with gui tools, and windows tools at that. I need to go forward and try it. Best regards, Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Permission
On Fri, Sep 30, 2011 at 8:48 PM, Charles Tryon charles.tr...@gmail.comwrote: If the valid users directive is no longer used, is there some sort of equivalent in Samba4? I haven't been able to find a list of currently working directives for shares on Samba4. I'm beginning to see why you still need a samba3 server -- it appears that much of the control over properties of shares has yet to make its way into samba4. Is this accurate? Charles, I've held the same fundamental question about Samba4 for quite a while but always thought I must be missing something obvious. Thanks, now I don't feel alone in the matter and am eager to see what may be available. I thought about trying Franky and Samba4_s3compat, but at my current skill level, I cannot afford too many surprises. Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Slow Directory Access after upgrade to 3.5.6
On Tue, Sep 27, 2011 at 4:35 AM, sghaida saddam.abugha...@gmail.com wrote: hello again, can you make the os level 15 or 20 in order to force SAMBA not to become preferred master by election. and check if you will still have the same issue Would the following configuration be acceptable to test your suggestion: domain master = yes local master = yes os level = 15 Thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Slow Directory Access after upgrade to 3.5.6
On Tue, Sep 27, 2011 at 5:30 AM, saddam abu ghaida saddam.abugha...@gmail.com wrote: set local master to yes and domain master to no Excellent, will give it a try. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Slow Directory Access after upgrade to 3.5.6
I tried the settings but still no luck with find_domain_master_name_query_fail message. ~# cat /etc/samba/smb.conf #=== Global Settings = [global] netbios name = a1 workgroup = mw server string = A1 Server security = user hosts allow = 192.168.1. 127. hosts deny = 0.0.0.0/0 log file = /var/log/samba.%m max log size = 500 passdb backend = tdbsam encrypt passwords = Yes domain master = no local master = yes os level = 15 ## time server = yes ## preferred master = yes wins support = yes name resolve order = wins host bcast lmhosts wide links = no log level = 3 = ~#cat /var/log/samba.nmbd: [2011/09/27 07:06:13.170424, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MW1b for the workgroup MW. Unable to sync browse lists in this workgroup. [2011/09/27 07:21:18.364603, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MW1b for the workgroup MW. Unable to sync browse lists in this workgroup. [2011/09/27 07:36:25.026395, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MW1b for the workgroup MW. Unable to sync browse lists in this workgroup. [2011/09/27 07:51:32.479213, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MW1b for the workgroup MW. Unable to sync browse lists in this workgroup. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Slow Directory Access after upgrade to 3.5.6
On Sun, Sep 25, 2011 at 5:44 PM, sghaida saddam.abugha...@gmail.com wrote: hello, why do you use samba as preferred master ?? . it seems that you are using samba only for shares security=user so you can set preferred master = no and remove the OS entries since it only helps in master election, and regarding the wins (nmblookup) you need to run the nmb service. and to clarify the problem in more understandable way. can you dump the output of testparam -vv Hi Saddam, Thank you very much for your reply. A long time ago when I first set up the server, I thought I read the preferred master parameter was necessary for clients, but it appears I am wrong in this understanding. I will research this in the samba documentation. I am currently running the nmbd process, but I get the feeling perhaps running an nmb service may be something different. I have enclosed the testparm -vv dump below. The server role is stated as: ROLE_STANDALONE Thanks again for taking the time to respond; very much appreciated. Here's the other output: [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = MW netbios name = A1 netbios aliases = netbios scope = server string = A1 Server interfaces = bind interfaces only = No security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes map to guest = Never null passwords = No obey pam restrictions = No password server = * smb passwd file = /etc/samba/private/smbpasswd private dir = /etc/samba/private passdb backend = tdbsam algorithmic rid base = 1000 root directory = guest account = nobody enable privileges = Yes pam password change = No passwd program = passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No passwd chat timeout = 2 check password script = username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = No ntlm auth = Yes client NTLMv2 auth = No client lanman auth = No client plaintext auth = No preload modules = dedicated keytab file = kerberos method = default map untrusted to domain = No log level = 3 syslog = 1 syslog only = No log file = /var/log/samba.%m max log size = 500 debug timestamp = Yes debug prefix timestamp = No debug hires timestamp = Yes debug pid = No debug uid = No debug class = No enable core files = Yes smb ports = 445 139 large readwrite = Yes max protocol = NT1 min protocol = CORE min receivefile size = 0 read raw = Yes write raw = Yes disable netbios = No reset on zero vc = No acl compatibility = auto defer sharing violations = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts wins host bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = Yes unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes client ldap sasl wrapping = plain enable asu support = No svcctl list = deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 30 max smbd processes = 0 paranoid server security = Yes max disk size = 0 max open files = 16384 socket options = TCP_NODELAY use mmap = Yes hostname lookups = No name cache timeout = 660 ctdbd socket = cluster addresses = clustering = No ctdb timeout = 0 load printers = Yes printcap cache time = 750 printcap name = cups server = cups encrypt = No cups connection timeout = 30 iprint server = disable spoolss = No addport command = enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = mangling method = hash2 mangle prefix = 1 max stat cache size = 256 stat cache = Yes machine password timeout = 604800 add user script = rename user script = delete user script = add group script = delete group script = add user to group script = delete user from group script = set primary group script = add machine script = shutdown script = abort shutdown script = username map script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No init logon delayed hosts = init logon delay = 100 os level = 99 lm announce = Auto lm interval = 60 preferred master = Yes local master = Yes domain master = Auto browse list = Yes enhanced browsing = Yes dns proxy =
Re: [Samba] Slow Directory Access after upgrade to 3.5.6
On Mon, Sep 26, 2011 at 1:51 PM, Dale Schroeder d...@briannassaladdressing.com wrote: If you wish for your Samba system to be the domain master browser, then use domain master = Yes preferred master = Yes local master = Yes os level = 99# (65 or higher) That might solve your master browser error messages. See http://lists.samba.org/**archive/samba-technical/2000-**June/008259.htmlhttp://lists.samba.org/archive/samba-technical/2000-June/008259.html Another suggestion here: http://www.mail-archive.com/**samba@lists.samba.org/**msg61180.htmlhttp://www.mail-archive.com/samba@lists.samba.org/msg61180.html Dale, Thank you to you too for the thoughtful response. I've incorporated both your suggestions for now and want to see if the users report any difference. domain master = yes local master = yes ## preferred master = yes ## os level = 99 I've restarted both the nmbd and smbd daemons but the /var/log/samba.nmbd log continues to report: [2011/09/26 15:31:19.673919, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MW1b for the workgroup MW. Unable to sync browse lists in this workgroup. [2011/09/26 15:46:20.163072, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MW1b for the workgroup MW. Unable to sync browse lists in this workgroup. [2011/09/26 16:01:22.148946, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MW1b for the workgroup MW. Unable to sync browse lists in this workgroup. However, it may be that I need to do a killall to remove stray .pid's I didn't want to do so while all the users were still logged in and working. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Slow Directory Access after upgrade to 3.5.6
I am now using log level 3 in samba and the nmbd process shows the following just about every 15 minutes: [2011/09/23 12:09:35.535017, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MW1b for the workgroup MW. Unable to sync browse lists in this workgroup. [2011/09/23 12:24:42.934861, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MW1b for the workgroup MW. Unable to sync browse lists in this workgroup. [2011/09/23 12:39:50.847643, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MW1b for the workgroup MW. Unable to sync browse lists in this workgroup. [2011/09/23 12:55:00.264436, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MW1b for the workgroup MW. Unable to sync browse lists in this workgroup. smbd process shows the following: [2011/09/23 12:35:40.645624, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected [2011/09/23 12:42:15.882985, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Slow Directory Access after upgrade to 3.5.6
On Fri, Sep 23, 2011 at 1:01 PM, Mike 1100...@gmail.com wrote: I am now using log level 3 in samba and the nmbd process shows the following just about every 15 minutes: [2011/09/23 12:09:35.535017, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MW1b for the workgroup MW. Unable to sync browse lists in this workgroup. [2011/09/23 12:24:42.934861, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MW1b for the workgroup MW. Unable to sync browse lists in this workgroup. [2011/09/23 12:39:50.847643, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MW1b for the workgroup MW. Unable to sync browse lists in this workgroup. [2011/09/23 12:55:00.264436, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MW1b for the workgroup MW. Unable to sync browse lists in this workgroup. smbd process shows the following: [2011/09/23 12:35:40.645624, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected [2011/09/23 12:42:15.882985, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected Has anyone seen these kinds of log messages before and provide guidance on how to follow-up? Thank you for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Slow Directory Access after upgrade to 3.5.6
Follow-up on first post: /var/log/samba/nmbd.log -- [2011/09/19 13:13:07.959554, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MW1b for the workgroup MW. Unable to sync browse lists in this workgroup. [2011/09/19 13:28:07.204633, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) root@a1:/var/log/samba# smbclient -N -L a1 -- Anonymous login successful Domain=[MW] OS=[Unix] Server=[Samba 3.5.6] Sharename Type Comment - --- Ac Disk Ma Disk Ca Disk Ne Disk Ol Disk Ka Disk MzDisk Fa Disk Sc Disk IPC$IPC IPC Service (A1 Server) Anonymous login successful Domain=[MW] OS=[Unix] Server=[Samba 3.5.6] Server Comment ---- A1 A1 Server WorkgroupMaster ---- MW A1 /etc/samba/smb.conf -- #=== Global Settings = [global] netbios name = a1 workgroup = mw server string = A1 Server security = user hosts allow = 192.168.1. 127.0.0. hosts deny = 0.0.0.0/0 log file = /var/log/samba.%m max log size = 500 passdb backend = tdbsam encrypt passwords = Yes local master = yes os level = 99 time server = yes preferred master = yes wins support = yes wide links = no # Share Definitions == [Ac] writable = yes read only = no guest ok = yes public = yes oplocks = true level2 oplocks = true path = /abc/def create mask = 0777 directory mask = 0777 security mask = 0777 directory security mask = 0777 [Ma] writable = yes read only = no guest ok = yes public = yes oplocks = true level2 oplocks = true path = /abc/ghi create mask = 0777 directory mask = 0777 security mask = 0777 directory security mask = 0777 the settings on all other shares are precisely the same. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 64 bit xerox print drivers
Hi, We have been able to get Xerox windows 7 64 bit drivers to work with samba. The printer models we are using are WC 7345, WCP C3545, WC 7435, WC7242, WC 7545, and WC 7665. Plus, various older models and some Phasers. The first group is the problem ones we've seen and took special steps. We use samba 3.4.9 on fc 12. The above printers work with xp, vista, and win7, 32 and 64 bits. We added the drivers using the Windows add printer wizard. There were some extra steps we took, however. 1. Add the Xerox printer in cups like normal. 2. On XP add the Xerox printer as a local printer. 3. Use apw to add the XP driver to the Xerox samba printer. 4. Use the Cisco print_fix program to copy the local registry settings for the Xerox printer to the remote Samba registry for the Xerox printer. 5. Set the samba printer properties in the usual way. 6. From a Win 7 64 bit platform add the Xerox 64 bit driver to the Xerox samba printer using APW. There is something different about the above group of Xerox printers and the registry entries they install. Samba does not seem to support these settings or operations, which is why the print_fix program is used and it is able to copy over the missing registry settings to samba. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Greg Saunders Sent: Monday, September 19, 2011 8:21 PM To: samba@lists.samba.org Subject: Re: [Samba] windows 7 64 bit xerox print drivers I would like to respond to my own question ... yes ... one year later :-) My answer to this problem is * don't use Samba * to solve this type of problem. Instead I created a .dat file (using printui.dll) for each printer I wanted to install, scripted the creation of an LPR port ( objWMIService.Get(Win32_TCPIPPrinterPort) and install print drivers using printui.dll. I'm running LPD on the cups server. Works like a charm. No hassles joining this server to the domain, no wonky error messages, 500 desktops up and running at login, it just works. I'm posting this here because I'm genuinely curious if there has been any large scale success with Samba, Win 7 and Xerox (or other) 64 bit print drivers. Greg On Mon, Aug 9, 2010 at 5:47 PM, Greg Saunders g...@taord.com wrote: Samba 3.4.7 Ubuntu 10.04 Has anyone out there got Xerox 64 bit drivers working in a point and print samba set up? And if so, which Xerox drivers? And which method of driver installation? I'm at a complete loss. We currently have an environment with 500 + desktops and a couple dozen Xerox workgroup docucolor MFPs that are running fine now with XP clients and a Samba print server. We're moving to Win 7 64 bit clients over the next couple of months and this is going to be a huge stumbling block. Several months ago I posted a problem I was having installing 64 bit Xerox drivers into a shared samba queue. 32 bit drivers seem to be fine but the 64 bit are a world of pain. There didn't seem to be any resolution at that time and hoping things may have changed in the last few months. I've had success with 64 bit HP drivers ... just not Xerox. When adding the 64 bit driver as an additional driver under the sharing tab of the queue of the samba server, it complains, The specified location does not contain the driver driver name here for the requested processor architecture. It clearly is a 64 version, it will install locally. As far as cupsaddsmb is concerned ... it just doesn't seem to work with 64 bit ... unless I'm doing something wrong ... which is completely likely :) If anyone could shed some light on this, it would be immensely appreciated. Thanking you all in advance. Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba smime.p7s Description: S/MIME cryptographic signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Slow Directory Access after upgrade to 3.5.6
Upgraded to Samba 3.5.6 from 3.5.2. Samba is running as a standalone server on a box that was upgraded from Slackware 13.1 to Slackware 13.37. All Win XP Pro and Win 7 Pro clients can connect to the workgroup and browse shares and folders exactly as before; however, many complain of intermittent pauses, slowdowns and Not Responding messages when traversing directories. The samba server and users are all on the same LAN segment behind a firewall/router box (slackware linux 13.1) that also acts as the DHCP server for the LAN. No firewall changes have been made from the time of Samba 3.5.2 to 3.5.6. I'm wondering if there is a dns problem problem since I noticed openssh logins to the samba server box also became very slow upon upgrading the Samba server. It was not until I changed the openssh server to useDNS = no that the login speed went back to normal. I don't see anything of note in the samba logs; but, I may not have them tuned to the proper level. I can provide the smb.conf if that's helpful, but it's very simple and has not changed in two years. I would appreciate any guidance in how to troubleshoot this scenario. Thank you for your help. Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 - Cannot get quick test to succeed
Hi All, I'm currently using/testing samba-4.0.0alpha15. I downloaded the tar ball, followed the Samba4 HOWTO wiki at http://wiki.samba.org/index.php/Samba4/HOWTO and got stuff working pretty well. I have experienced issues with GPOs and such and dynamic dns and so thought I'd try the current version but I cannot now get samba4 to pass quicktest (or any other test). I've tried samba-4.0.0alpha16.tar.gz and also the latest via git. Obviously you guys would need some specifics but I'm not sure what info would best help diagnose the problem. There is spurious output during the build with reference to 'errors 1' or 'errors 4' etc, as there was with the alpha15 build which did pass quicktest. There are numerous processes left hanging around after quicktest fails and it always fails 5 tests but the st/summary doesn't give me any clues. It ends like so; samba: EOF on stdin - terminating ./bin/samba exited with no error ./bin/samba got signal 9 and exits with 0! samba: EOF on stdin - terminating ./bin/samba exited with no error samba: EOF on stdin - terminating ./bin/samba exited with no error samba: EOF on stdin - terminating ./bin/samba exited with no error samba: EOF on stdin - terminating ./bin/samba exited with no error samba: EOF on stdin - terminating ./bin/samba exited with no error samba: EOF on stdin - terminating ./bin/samba exited with no error FAILED (5 failures and 0 errors in 5 testsuites) A summary with detailed information can be found in: ./st/summary ERROR: test failed with exit code 1 make: *** [quicktest] Error 1 and sumary of st/summary; = Failed tests = == samba3.posix_s3.raw.open (s3dc) == == samba4.smb.signing disabled on with -k no --signing=off domain-creds(s3member) == == samba4.smb.signing disabled on with -k no --option=usespnego=no --signing=off domain-creds(s3member) == == samba4.smb.signing disabled on with -k no --option=gensec:spengo=no --signing=off domain-creds(s3member) == == samba4.smb.signing disabled on with -k yes --signing=off domain-creds(s3member) == and the processes still hanging around; /usr/bin/perl /root/samba4/samba-master/selftest/selftest.pl --target=samba --prefix=./st --srcdir=/root/samba4/samba-master --exclude=./st/skip --testlist=/usr/bin/ ./bin/timelimit 7500 ./bin/winbindd -F --no-process-group --stdout -s /root/samba4/samba-master/st/plugin_s4_dc/lib/server.conf -d0 ./bin/timelimit 7500 ./bin/smbd -F --no-process-group --log-stdout -s /root/samba4/samba-master/st/plugin_s4_dc/lib/server.conf -d0 ./bin/winbindd -F --no-process-group --stdout -s /root/samba4/samba-master/st/plugin_s4_dc/lib/server.conf -d0 ./bin/smbd -F --no-process-group --log-stdout -s /root/samba4/samba-master/st/plugin_s4_dc/lib/server.conf -d0 ./bin/winbindd -F --no-process-group --stdout -s /root/samba4/samba-master/st/plugin_s4_dc/lib/server.conf -d0 ./bin/winbindd -F --no-process-group --stdout -s /root/samba4/samba-master/st/plugin_s4_dc/lib/server.conf -d0 ./bin/winbindd -F --no-process-group --stdout -s /root/samba4/samba-master/st/plugin_s4_dc/lib/server.conf -d0 ./bin/smbd -F --no-process-group --log-stdout -s /root/samba4/samba-master/st/plugin_s4_dc/lib/server.conf -d0 As I say, there are no obvious signs as to why it's failing but if I can provide something more specific (I'm sure there is something more helpful) please let me know. Regards, Mike. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - Cannot get quick test to succeed
On 10/07/2011 09:32, Andrew Bartlett wrote: On Sun, 2011-07-10 at 08:55 +0100, Mike Howard wrote: Hi All, I'm currently using/testing samba-4.0.0alpha15. I downloaded the tar ball, followed the Samba4 HOWTO wiki at http://wiki.samba.org/index.php/Samba4/HOWTO and got stuff working pretty well. I have experienced issues with GPOs and such and dynamic dns and so thought I'd try the current version but I cannot now get samba4 to pass quicktest (or any other test). In need your config.h and smbd -b output, so I can disable the running of certain tests on systems without some of the libraries Samba3 requires for 'ADS' support (which is what the s3member tests test - the 'Samba3' binaries in an AD domain provided by Samba4). Hi Andrew, Thank you for the response. I've attached my config.h and smbd output. Regards, Mike. Build environment: Built by:root@squeeze Built on:Sun Jul 10 09:01:05 BST 2011 Built using: /usr/bin/gcc Build host: Linux squeeze 2.6.32-5-amd64 #1 SMP Wed Jan 12 03:40:32 UTC 2011 x86_64 GNU/Linux SRCDIR: /root/samba-4.0.0alpha16/source3 BUILDDIR:/root/samba-4.0.0alpha16/source3 Paths: SBINDIR: /usr/local/samba/sbin BINDIR: /usr/local/samba/bin SWATDIR: /usr/local/samba/share/swat CONFIGFILE: /usr/local/samba/etc/smb.conf LOGFILEBASE: /usr/local/samba/var LMHOSTSFILE: /usr/local/samba/etc/lmhosts LIBDIR: /usr/local/samba/lib MODULESDIR: /root/samba-4.0.0alpha16/bin/modules SHLIBEXT: so LOCKDIR: /usr/local/samba/var/lock STATEDIR: /usr/local/samba/var/locks CACHEDIR: /usr/local/samba/var/cache PIDDIR: /usr/local/samba/var/run SMB_PASSWD_FILE: /usr/local/samba/private/smbpasswd PRIVATE_DIR: /usr/local/samba/private System Headers: Headers: UTMP Options: HAVE_GETUTMPX HAVE_UTMPX_H HAVE_UTMP_H HAVE_UT_UT_ADDR HAVE_UT_UT_ADDR_V6 HAVE_UT_UT_EXIT HAVE_UT_UT_HOST HAVE_UT_UT_ID HAVE_UT_UT_NAME HAVE_UT_UT_PID HAVE_UT_UT_TIME HAVE_UT_UT_TV HAVE_UT_UT_TYPE HAVE_UT_UT_USER PUTUTLINE_RETURNS_UTMP WITH_UTMP HAVE_* Defines: HAVE_ACL_GET_FILE HAVE_ACL_LIBACL_H HAVE_ADDR_TYPE_IN_KRB5_ADDRESS HAVE_AIO HAVE_AIO64 HAVE_AIOCB64 HAVE_AIO_CANCEL HAVE_AIO_CANCEL64 HAVE_AIO_ERROR HAVE_AIO_ERROR64 HAVE_AIO_FSYNC HAVE_AIO_FSYNC64 HAVE_AIO_H HAVE_AIO_READ HAVE_AIO_READ64 HAVE_AIO_RETURN HAVE_AIO_RETURN64 HAVE_AIO_SUSPEND HAVE_AIO_SUSPEND64 HAVE_AIO_WRITE HAVE_AIO_WRITE64 HAVE_ALLOCA_H HAVE_AP_OPTS_USE_SUBKEY HAVE_ARPA_INET_H HAVE_ARPA_NAMESER_H HAVE_ASM_TYPES_H HAVE_ASM_UNISTD_H HAVE_ASPRINTF HAVE_ASSERT_H HAVE_ATEXIT HAVE_ATTRIBUTE_COLD HAVE_ATTRIBUTE_CONST HAVE_ATTRIBUTE_NORETURN HAVE_ATTRIBUTE_PRINTF HAVE_ATTRIBUTE_UNUSED HAVE_ATTRIBUTE_USED HAVE_ATTR_XATTR_H HAVE_AVAHI_CLIENT_CLIENT_H HAVE_AVAHI_CLIENT_NEW HAVE_AVAHI_COMMON_WATCH_H HAVE_AVAHI_STRERROR HAVE_BACKTRACE HAVE_BACKTRACE_SYMBOLS HAVE_BER_SCANF HAVE_BER_SOCKBUF_ADD_IO HAVE_BER_TAG_T HAVE_BINDTEXTDOMAIN HAVE_BIND_TEXTDOMAIN_CODESET HAVE_BLKCNT_T HAVE_BLKSIZE_T HAVE_BOOL HAVE_BUILTIN_CLZ HAVE_BUILTIN_CLZL HAVE_BUILTIN_CLZLL HAVE_BUILTIN_CONSTANT_P HAVE_BUILTIN_EXPECT HAVE_BUILTIN_POPCOUNTL HAVE_BUILTIN_TYPES_COMPATIBLE_P HAVE_BZERO HAVE_C99_VSNPRINTF HAVE_CAP_GET_PROC HAVE_CHARSET_CP850 HAVE_CHARSET_UTF_8 HAVE_CHECKSUM_IN_KRB5_CHECKSUM HAVE_CHMOD HAVE_CHOWN HAVE_CHROOT HAVE_CLOCK_GETTIME HAVE_CLOCK_MONOTONIC HAVE_CLOCK_PROCESS_CPUTIME_ID HAVE_CLOCK_REALTIME HAVE_COMPARISON_FN_T HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS HAVE_COMPOUND_LITERALS HAVE_COM_ERR HAVE_COM_ERR_H HAVE_COM_RIGHT_R HAVE_CONFIG_H HAVE_CONNECT HAVE_CPPFUNCTION HAVE_CREAT64 HAVE_CRYPT HAVE_CRYPT_H HAVE_CTYPE_H HAVE_CUPS HAVE_CUPS_CUPS_H HAVE_CUPS_LANGUAGE_H HAVE_CURSES_H HAVE_DECL_ASPRINTF HAVE_DECL_DLOPEN HAVE_DECL_FDATASYNC HAVE_DECL_GETGRENT_R HAVE_DECL_GETPWENT_R HAVE_DECL_H_ERRNO HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE HAVE_DECL_KRB5_GET_CREDENTIALS_FOR_USER HAVE_DECL_READAHEAD HAVE_DECL_RL_EVENT_HOOK HAVE_DECL_SNPRINTF HAVE_DECL_VASPRINTF HAVE_DECL_VSNPRINTF HAVE_DECL__RES HAVE_DEVICE_MAJOR_FN HAVE_DEVICE_MINOR_FN HAVE_DGETTEXT HAVE_DIRENT_D_OFF HAVE_DIRENT_H HAVE_DIRFD HAVE_DIRFD_DECL HAVE_DLCLOSE HAVE_DLERROR HAVE_DLFCN_H HAVE_DLOPEN HAVE_DLSYM HAVE_DN_EXPAND HAVE_DPRINTF HAVE_DUP2 HAVE_ENCTYPE_ARCFOUR_HMAC HAVE_ENCTYPE_ARCFOUR_HMAC_MD5 HAVE_ENDHOSTENT HAVE_ENDIAN_H HAVE_ENDMNTENT HAVE_ENDNETGRENT HAVE_ENDNETGRENT_PROTOTYPE HAVE_ENVIRON_DECL HAVE_EPOLL HAVE_EPOLL_CREATE HAVE_ERR HAVE_ERRNO_DECL HAVE_ERRNO_H HAVE_ERRX HAVE_ERR_H HAVE_ETYPE_IN_ENCRYPTEDDATA HAVE_EXECINFO_H HAVE_EXECL HAVE_EXPLICIT_LARGEFILE_SUPPORT
Re: [Samba] Win7 can't joint Samba domain?
On Sat, 02 Jul 2011, Linda Walsh might have said: Mike Eggleston wrote: On Fri, 01 Jul 2011, John Drescher might have said: We've been trying to get a newly loaded Win7 (64-bin) box to join our internal Samba domain. The error that keeps appearing is the win7 box can't find the domain controller and is looking for the registry keys NetpLoadParameters DNSNameResolutionRequired. We've set these registry keys before on other boxes, and have tried on this box, and stuff isn't working? Any suggestions on what to try? http://wiki.samba.org/index.php/Windows7 Also search for the samba mailing list trust issues with windows7 machines. In this you will find how to disable the machine password updates. John John (and anyone else), That link says the same registry keys we're trying to set. Attempting to join the Samba domain is still failing with an error those registry keys cannot be found. This same installation disk was used to install Win7 on another box and it worked just fine. I can't think of any changes. I don't understand why the previous box and win7 worked and this new box with win7 is failing. 1) The Wiki page, I feel is unclear. It uses CCS to stand for CurrentControlSet, i.e. put this in a .reg file and merge it from the desktop... Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters] DNSNameResolutionRequired=dword: DomainCompatibilityMode=dword:0001 Have you looked at a wireshark trace? This is fixed now. I don't understand why the first several attempts failed. I had the installer use a Dell recovery DVD rather than a DVD ISO I pulled from Microsoft. Anyway, things should be ready for the user on Tuesday afternoon. Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Win7 can't joint Samba domain?
Morning, We've been trying to get a newly loaded Win7 (64-bin) box to join our internal Samba domain. The error that keeps appearing is the win7 box can't find the domain controller and is looking for the registry keys NetpLoadParameters DNSNameResolutionRequired. We've set these registry keys before on other boxes, and have tried on this box, and stuff isn't working? Any suggestions on what to try? TIA Mike Fedora Core 5 Samba 3.3.3 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win7 can't joint Samba domain?
On Fri, 01 Jul 2011, John Drescher might have said: We've been trying to get a newly loaded Win7 (64-bin) box to join our internal Samba domain. The error that keeps appearing is the win7 box can't find the domain controller and is looking for the registry keys NetpLoadParameters DNSNameResolutionRequired. We've set these registry keys before on other boxes, and have tried on this box, and stuff isn't working? Any suggestions on what to try? http://wiki.samba.org/index.php/Windows7 Also search for the samba mailing list trust issues with windows7 machines. In this you will find how to disable the machine password updates. John John (and anyone else), That link says the same registry keys we're trying to set. Attempting to join the Samba domain is still failing with an error those registry keys cannot be found. This same installation disk was used to install Win7 on another box and it worked just fine. I can't think of any changes. I don't understand why the previous box and win7 worked and this new box with win7 is failing. Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win7 can't joint Samba domain?
On Fri, 01 Jul 2011, John Drescher might have said: That link says the same registry keys we're trying to set. Attempting to join the Samba domain is still failing with an error those registry keys cannot be found. This same installation disk was used to install Win7 on another box and it worked just fine. I can't think of any changes. I don't understand why the previous box and win7 worked and this new box with win7 is failing. Are you using WINS? I do and setup each machine client to use my wins servers. John This new box was using DHCP. Just to take DNS and DHCP out of it this box is now setup manually, with the DNS servers (2) and WINS. I'm monitoring the nmbd log and see nothing coming from this box to the samba server. Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win7 can't joint Samba domain?
On Fri, 01 Jul 2011, Mike Eggleston might have said: On Fri, 01 Jul 2011, John Drescher might have said: That link says the same registry keys we're trying to set. Attempting to join the Samba domain is still failing with an error those registry keys cannot be found. This same installation disk was used to install Win7 on another box and it worked just fine. I can't think of any changes. I don't understand why the previous box and win7 worked and this new box with win7 is failing. Are you using WINS? I do and setup each machine client to use my wins servers. John This new box was using DHCP. Just to take DNS and DHCP out of it this box is now setup manually, with the DNS servers (2) and WINS. I'm monitoring the nmbd log and see nothing coming from this box to the samba server. Mike We used a Dell recovery DVD for Win7 and things worked right. Maybe something is wrong with the DVD I downloaded from Microsoft. This is fixed. Thanks for your help, John. Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Accessing the root file system in a share.
My goal is to access / in a share for backup purposes. My samba has an LDAP password backend and has been working for some time with every other user. I created the following user in LDAP: root:x:0:0:Root User:/root:/bin/bash And then the following entry in samba: [slashroot] writeable = no path = / browseable = yes valid users = root And the system sees it and I can log in to it via samba. However, I cannot see all of the files. I thought the root user had permissions to see everything. Did I miss a step? Thanks. -- Mike A. Leonetti As warm as green tea -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba over IPX
On 4/12/2011 11:00 AM, Gaiseric Vandal wrote: Even Novell Netware made the switch from IPX/SPX to TCP/IP years ago as their preferred network stack. Netware 5, in ... 1999, IIRC. And netware itself is end-of-lifed. That I think would the the final nail for IPX. Shame. I always liked and preferred Netware's eDir to MS AD. Oh, well. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [SPAM] Re: WINS Server TIme out registering IP
Quoting TAKAHASHI Motonobu mo...@monyo.com: From: Mike Brady mike.br...@devnull.net.nz Date: Wed, 16 Mar 2011 06:44:23 +1300 Quoting TAKAHASHI Motonobu mo...@monyo.com: bind interfaces only = yes is not set. iptables has no rules loaded. (snip) # netstat -an | egrep '13[789]|445' (snip) Umm... Anyway I think it seems that you cannot connect to localhost:138/udp from localhost... How about SELinux? Does # setenforce 0 solve the problem? --- TAKAHASHI Motonobu mo...@monyo.com Nope. SELinux us in permissive mode. The box was kickstarted that way. # sestatus SELinux status: enabled SELinuxfs mount:/selinux Current mode: permissive Mode from config file: permissive Policy version: 21 Policy from config file:targeted -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba