RE: [Samba] Samba in VirtualBox
Is there any way to get in the same network so I can test/use Samba with my VirtualBox? First off, the vbox users list is by far the more appropriate forum to ask this question; your issue is not directly related to Samba at all. Secondly I'm very confident that if you google for 'VirtualBox bridge' you'll find the answers you're looking for: http://samiux.wordpress.com/2007/07/11/bridge-network-interface-on-virtualbox/ http://www.virtualbox.org/wiki/Advanced_Networking_Linux Ping doesn't work with VirtualBox networking: http://www.virtualbox.org/wiki/User_FAQ Good luck, Rubin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pGINA and samba - authentication against LDAP userPassword field?
On Mon, 2008-12-15 at 14:23 +, J Xu wrote: Hi, Back to a while ago, someone mentioned about taking pGINA code to samba, so samba can work against LDAP authentication, but instead of using the sambaNTPassword and sambaLMPassword, this way samba can use the userPassword field directly. This sounds very promissing because we can then just use one set of passwords. It may be not usable in a domain enviroment where machine accounts and other complex stuff are difficult to hand. But it is perfectly okey for a single linux machine in a workgroup mode. It can even provides user authentication to other Windows box with pGINA installed and configured. Here is the original thread discussed about this: http://lists.samba.org/archive/samba/2005-March/101660.html I am wondering where the samba team currently stand for this issue? Or is there anyone else interterested in this? There's a project that does something like this called smbk5pwd. Background: We've deployed LDAP as the authentication backend for a mixed environment: Samba DC, Windows XP workstations and LTSP server. The logon credentials are the same across environments (i.e. 'userx' can log in to both Windows workstations and LTSP clients). We wanted our users to be able to update their passwords from either environment; the Samba password change (i.e. on a Windows workstation) works fine - the ldap server updates both the md5 hash and the NTLM hash in the LDAP directory for that user. We wanted similar functionality in the LTSP environment. We found and tried for a time to deploy smbk5pwd but have so far been unsuccessful. That project seems like the most reasonable way to get where you are wanting to get however... dimming the security, or adding functionality that will certainly and spectacularly break other components of Samba seems like a bad idea. I would recommend contacting the smbk5pwd folks and see what they have to say. Hope that helps, Rubin Thanks, JX -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Rubin Bennett rbTechnologies, LLC 80 Carleton Boulevard East Montpelier, VT 05651 (802)223-4448 http://thatitguy.com Think for yourselves and let others enjoy the privilege to do so too. Voltaire, Essay on Tolerance French author, humanist, rationalist, satirist (1694 - 1778) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [OT] Outlook and roaming profiles?
On Thu, 2008-11-20 at 22:02 +0100, Martin Konold wrote: Am Donnerstag, 20. November 2008 21:36:17 schrieb Thierry Lacoste: Hi, Are there any recommandations about the maximum size of a pst file hosted on a samba server ? Simply don't do it. There are technical reasons why this is unreliable, dangerious and generally not recommended. see also: http://support.microsoft.com/kb/297019 http://blogs.technet.com/askperf/archive/2007/01/21/network-stored-pst-files- don-t-do-it.aspx Actually things are even worse than the above mentioned articles may make you think. Deadlocks and dataloss are part of the problem. I propose to look into a imap server based solution like Kolab www.kolab.org. Regards, -- martin I'm assuming this question is driven by your usage of Outlook against a POP server or something like that? The easiest and best way to get around this is to not user POP3, and deploy a proper IMAP or MAPI server. Courier, Dovecot and Cyrus all do IMAP but Outlook is a lousy IMAP client. My favorite way to address this need (implying that I actually think Outlook, for all it's technical flaws, is a good tool from a user perspective) is to deploy Scalix as the mailserver. If you're running a small network (under 10 Outlook users), Scalix is free and it works *very well*. We use it here, and we have client machines running Windows Vista/ Oulook 2007, Linux/ Evolution and Linux/ Kontact (KMail) and they all work great. Rubin -- Rubin Bennett rbTechnologies, LLC 80 Carleton Boulevard East Montpelier, VT 05651 (802)223-4448 http://thatitguy.com Think for yourselves and let others enjoy the privilege to do so too. Voltaire, Essay on Tolerance French author, humanist, rationalist, satirist (1694 - 1778) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: In place upgrade
On Fri, 2008-10-10 at 12:42 +0100, Kristian Davies wrote: On Wed, Oct 8, 2008 at 3:24 PM, Kristian Davies [EMAIL PROTECTED] wrote: Excuse the basic question but how do I do an in place upgrade from src? 3.2.2 to say 3.2.4. *bump* Please feel free to berate me on no already knowing this and if I don't already know it, maybe I shouldn't be installing src. The docs don't mention anything, I'm assuming this is because it expects you to already know how. -Kristian If you're on an RPM based system, then you just upgrade your rpms (rpm -Uvh {packages}. For a system installed without a package manager (i.e. make install), then you make a copy of your passdb.tdb, secrets.tdb and smb.conf, upgrade, and put those 3 files back in. -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 Think for yourselves and let others enjoy the privilege to do so, too. ~Voltaire -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: In place upgrade
On Fri, 2008-10-10 at 13:56 +0100, Kristian Davies wrote: For a system installed without a package manager (i.e. make install), then you make a copy of your passdb.tdb, secrets.tdb and smb.conf, upgrade, and put those 3 files back in. That's the puppy. So, stop services, mv sambadir, install new version afresh, copy over those three files and start services. Will that affect the machines AD machine account with sid's etc... or is that why the secrets.tdb are copied over? That's why secrets.tdb is copied over. However, if you're changing machines or upgrading OS at the same time, you'll need to copy the user/ machine entries in /etc/passwd, /etc/group and /etc/shadow as well or you'll get lots of ugly messages about your password database being corrupt. Rubin -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 Think for yourselves and let others enjoy the privilege to do so, too. ~Voltaire -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Writing to shares directly
On Fri, 2008-10-03 at 11:31 -0500, fixed wrote: Thank you for your reply. We are using Samba to create a redundant file system for failover between two servers. I am wondering if this is even a recommended use for Samba. For example: app01 -- /data/shares/app01 (local) /data/shares/app02 (remote) app02 - /data/shares/app01 (remote) /data/shares/app02 (local) So we have written our apps to write to both shares - if one goes down, this isn't a bad thing as it will read from the local share. I don't see any issue with this although there are perhaps better tools for writing to 2 systems simultaneously such as DRBD. Anyhoo, as I said before the issue that you'll need to be watchful of is ensuring that the filesystem permissions remain compatible with how you access the files via the samba shares. A dirty hack may be to mount the local filesystem as a samba share and not access it directly via the filesystem ever. Rubin Thank you Ogden On Fri, 3 Oct 2008, Rubin Bennett wrote: On Fri, 2008-10-03 at 09:46 -0500, Ogden wrote: Within a Samba configuration, is it not advisable to create files on the directory on the local machines themselves? Out setup is like so: Server 1 (where the files reside): /data/shares/app01 Server 2 (mounts the above drive): /data/mounts/app01 If, on Server 1, I create a file: # echo test /data/shares/app01/test The file is created, but on Server 2, I cannot seem to edit the file as I get the permission denied warning. However, if I mount the /data/shares/app01 directory on Server 1 and write to that directory, I can write to the files from other machines fine. It's not necessarily bad practice, but you have to use care when using multiple access methods to the Samba shared directory because Unix filesystem permissions trump Samba perms. Example:if you create a file as root (like you did above), then you have to make sure it's writable as the samba user who accesses the share. I.e. if /data/shares/app01/test is 755 and owned by root:root then only members of the root group would be able to write to that file. If you're creating files as root that you expect to write to as another user, you should expect to adjust ownership and/ or permissions on the files you create. Rubin Within smbstatus, it says the file is RDONLYand oplock is NONE when I write to the directory itself and not the mount. I'm wondering if I set things up alright and whether it is bad practice to write to the directory directly? Thank you Ogden -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 Think for yourselves and let others enjoy the privilege to do so, too. ~Voltaire -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] posix acls and reiserfs
On Sat, 2008-10-04 at 11:39 +0800, joel valenzuela wrote: hi smbusers, would like to ask some questions about posix acls and reiserfs.help and info is much appreciated.(to make it clear i am running mandriva 2007 free edition with samba 3.0.23d installed.) 1. is acl supported now on reiserfs filesystems by default? 2. do i have to recompile the kernel and apply the acl patch? (i currently have the 2.6.17 kernel) 3.which is best for samba?xfs?ext3? or reiserfs? This is probably best asked of the Mandriva folks. I run Mdv here but not with ReiserFS anymore since a few years ago when a corrupted reiserfs tree ate my homework one too many times :( Rubin Get your preferred Email name! Now you can @ymail.com and @rocketmail.com. http://mail.promotions.yahoo.com/newdomains/ph/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 Think for yourselves and let others enjoy the privilege to do so, too. ~Voltaire -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] need migration/upgrade help
You should only ever need to copy your passdb.tdb and secrets.tdb file from the old system to the new. The rest of the files will be generated for you when you start smbd. The trick I've found is that often different versions and/ or distros store those tdb files in different places, i.e.: Mandriva likes /var/lib/samba or /var/lib/samba/private and Centos likes /etc/samba. So if you try to modify the tdbsam directive in your config file you only end up with 1/2 the solution, i.e. on CentOS set: passdb backend = tdbsam:/var/lib/samba/private/passdb.tdb This would return a valid looking output from pdbedit -Lv but all the passwords would be wrong because it's quietly still looking at the (empty) secrets.tdb in /etc/samba! Does it sould like I've been through this before? :) Anyway, what I've learned to do is: Make a backup copy of passdb.tdb and secrets.tdb Delete all the tdb files in /etc/samba /etc/samba/private /var/lib/samba and /var/lib/samba/private. Copy my smb.conf file, and set passwd backend=tdbsam in it. Run smbpasswd -a and look for the newly created passdb.tdb and secrets.tdb files. Shut Samba down, and replace those new files with my backup copies. Restart Samba. This will return valid output (i.e. your list of users and computers) from pdbedit -L, and their passwords will actually work. Hope this saves you some pain! Rubin On Mon, 2008-09-22 at 17:36 -0700, g s wrote: Hello All, I am trying to migrate samba from a box with Mandrake 10.1 with Samba 3.0.10 to a new box running CentOS 5.2 with Samba 3.0.28. The two versions of samba are too differnet to simply copy the config and tdb files over to the new box and the Mandrake box won't upgrade past 3.0.10. I could really use some suggestions. Thanks The problem when I do that is the Centos box with Samba 3.0.28 generates an schannel_store.tdb in the private dir when I attempt to login from a client machine. It allows the login but denies access to the users home dir on the samba server. In the schannel_store.tdb some machine info is placed similar to what you see in the secrets.tdb file. This causes problems with the client machines not being able to find the user profile...etc. I would like to fix this issue the right way whatever that is, instead of starting over and rejoining all the machines in the domain again. Any insights would be appreciated. Thanks. Greg -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 Think for yourselves and let others enjoy the privilege to do so, too. ~Voltaire -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] need migration/upgrade help
On Mon, 2008-09-22 at 17:36 -0700, g s wrote: Hello All, I am trying to migrate samba from a box with Mandrake 10.1 with Samba 3.0.10 to a new box running CentOS 5.2 with Samba 3.0.28. The two versions of samba are too differnet to simply copy the config and tdb files over to the new box and the Mandrake box won't upgrade past 3.0.10. I could really use some suggestions. Thanks Whoops, sorry to all for the top post :( 50 lashes with a wet noodle for me... Rubin -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 Think for yourselves and let others enjoy the privilege to do so, too. ~Voltaire -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Network Help
On Mon, 2008-09-15 at 14:44 -0500, Darryl Tidd wrote: I have searched the internet, and have tried some things I have found, but cannot resolve my issue. Hoping to find some help here. I have a peer to peer network static IP on all workstations, approximately 100 computers running Windows XP pro, and Windows 2000 pro. My desktop, Ubuntu, and one Linux Server, running Red Hat 9. The RH9 machine has Samba v2.27 running as WINS. It is set as master browser and preferred master. However, it seems that it loses its master and preferred browser status. When browsing the network from a workstation, most of the computers or none of the computers, are listed in the View all Network Computers. Would like to have Samba as master at all times. Any ideas that may help me out? Thanks in advance. smb.conf # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2008/09/05 13:10:52 # Global parameters [global] netbios name = LINUXBOX server string = linuxbox security = user encrypt passwords = Yes null passwords = Yes username map = /etc/samba/smbusers syslog only = Yes announce version = 5 name resolve order = wins hosts bcast lmhosts socket options = SO_KEEPALIVE TCP_NODELAY SO_RCVBUF=8192 printcap name = CUPS os level = 66 I believe this is your issue - I've seen a number of non-definitive answers over the years on this one; clarification would be greatly appreciated. However, my general practice is to never exceed 64 for the os level parameter. I find that values over 64 ofter return unexpected results, and I've found that my Samba servers don't lose elections in recent memory and I usually leave them at the default value in smb.conf of 33. HTH, Rubin preferred master = Yes dns proxy = No wins support = Yes guest account = nobody printing = cups [print$] path = /var/lib/samba/printers write list = root create mask = 0664 directory mask = 0775 guest ok = Yes [printers] path = /tmp guest ok = Yes printable = Yes browseable = No [Myfiles] path = /media/samba force user = root force group = root read only = No create mask = 0664 [jakarta-tomcat-5] comment = TOMCAT path = ../jakarta-tomcat-5 read only = No [homes] valid users = %S read only = No browseable = yes -- Darryl Tidd PC Specialist Dealers Auto Auction of OKC 1028 S. Portland Oklahoma City, OK 73108 (405)947-2886 x130 Contact Me mailto:[EMAIL PROTECTED] -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 Think for yourselves and let others enjoy the privilege to do so, too. ~Voltaire -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Impossible to access folders
Are your groupmappings set up right net groupmap list I don't see how this would have changed with a reboot though. Rubin On Thu, 2008-07-24 at 10:45 +0200, Thomas Vito wrote: As i was receiving those errors : [2008/07/24 10:37:35, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2008/07/24 10:38:56, 0] lib/util_sock.c:get_peer_addr(1224) getpeername failed. Error was Transport endpoint is not connected [2008/07/24 10:38:56, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2008/07/24 10:38:56, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users i tried this: [EMAIL PROTECTED] acn]# net sam createbuiltingroup administrators Creating administrators failed with NT_STATUS_ACCESS_DENIED 2008/7/23 Charles Marcus [EMAIL PROTECTED]: On 7/23/2008, Thomas Vito ([EMAIL PROTECTED]) wrote: I promise i have changed anything ;) Obviously *something* changed between when you first *started* Samba and when you rebooted... That is where I would be looking... -- Best regards, Charles -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Impossible to access folders
We may be going down a rabit hole of unrelated issues, but you need to set up your groupmappings: http://www.mrp3.com/windows-to-unix-samba.html There's a shell script you'll want to check about 1/2 way down the page. Rubin On Thu, 2008-07-24 at 15:28 +0200, Thomas Vito wrote: Net groupmap list returns nothing 2008/7/24 Rubin Bennett [EMAIL PROTECTED]: Are your groupmappings set up right net groupmap list I don't see how this would have changed with a reboot though. Rubin On Thu, 2008-07-24 at 10:45 +0200, Thomas Vito wrote: As i was receiving those errors : [2008/07/24 10:37:35, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2008/07/24 10:38:56, 0] lib/util_sock.c:get_peer_addr(1224) getpeername failed. Error was Transport endpoint is not connected [2008/07/24 10:38:56, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2008/07/24 10:38:56, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users i tried this: [EMAIL PROTECTED] acn]# net sam createbuiltingroup administrators Creating administrators failed with NT_STATUS_ACCESS_DENIED 2008/7/23 Charles Marcus [EMAIL PROTECTED]: On 7/23/2008, Thomas Vito ([EMAIL PROTECTED]) wrote: I promise i have changed anything ;) Obviously *something* changed between when you first *started* Samba and when you rebooted... That is where I would be looking... -- Best regards, Charles -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Impossible to access folders
On Wed, 2008-07-23 at 09:57 +0200, Thomas Vito wrote: Well, what i meant (i was not very clear) is that i could access for a while the share but after a system restart (and i haven't changed anything to my setup, i just wanted to reboot to see what happens), i am now unable to access the share anymore. Well that's what you get for rebooting :^P I guess at this point I'd try a smbstatus and make sure that Samba is in fact running and correctly. If it was working and it's not now after a reboot, you're basically going to have to start your troubleshooting all over again. *something* changed, or it would be working like it was before the reboot :) If nothing changed in your smbd.conf and you're not able to access the share, I would look at things external to samba. Again the most likely are things like iptables etc.. IIRC testparm will run even if smbd is not started. Rubin The smbd.log file contains: [2008/07/23 09:48:17, 0] lib/util_sock.c:get_peer_addr(1224) getpeername failed. Error was Transport endpoint is not connected [2008/07/23 09:48:17, 0] lib/util_sock.c:get_peer_addr(1224) getpeername failed. Error was Transport endpoint is not connected [2008/07/23 09:48:17, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2008/07/23 09:48:17, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users I have checked iptables: [EMAIL PROTECTED] ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination And tested smb.conf: [EMAIL PROTECTED] ~]# testparm Load smb config files from /etc/samba/smb.conf Processing section [share] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = ACME realm = EU.ACME.COM server string = %h security = SHARE passdb backend = tdbsam username map = /etc/samba/smbusers local master = No dns proxy = No wins server = 10.130.12.120 ldap ssl = no cups options = raw [share] path = /home/acn/share read only = No guest ok = Yes [EMAIL PROTECTED] ~]# smbd -V Version 3.0.28-1.el5_2.1 2008/7/22 Rubin Bennett [EMAIL PROTECTED]: On Tue, 2008-07-22 at 12:25 +0200, Thomas Vito wrote: I changed the share name. I was able to access the share finally. I am now getting those errors after a sytem reboot: [2008/07/22 12:21:49, 0] lib/util_sock.c:get_peer_addr(1224) getpeername failed. Error was Transport endpoint is not connected [2008/07/22 12:22:13, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client 10.130.101.85. Error Connection reset by peer [2008/07/22 12:22:13, 0] lib/util_sock.c:send_smb(761) Error writing 4 bytes to client. -1. (Connection reset by peer) On the XP side i get the network path was not found. The 'endpoint is not connected' errors are common; I see them all over the place without impacting functionality. I've researched those and they seem to be largely ignored. So you can access the shares, but I'm not clear on what client you're using if XP still doesn't work? smbclient? from localhost? So Windows clients universally cannot access the share, or do you have some that can (i.e. Win2k works but XP does not)? If nothing but the local machine can access the share I'd be very suspicious that there is still some firewalling on the server: iptables -L should return something like this: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination If your iptables returned much more then run /etc/init.d/iptables stop (presuming you're on a RedHat-ish system). If some clients can access but others can't we'll have to dig a little deeper. Rubin XP is online they can ping with the samba server. The samba server has the firewall disabled and Selinux disabled too. I have read
Re: [Samba] Impossible to access folders
On Tue, 2008-07-22 at 12:25 +0200, Thomas Vito wrote: I changed the share name. I was able to access the share finally. I am now getting those errors after a sytem reboot: [2008/07/22 12:21:49, 0] lib/util_sock.c:get_peer_addr(1224) getpeername failed. Error was Transport endpoint is not connected [2008/07/22 12:22:13, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client 10.130.101.85. Error Connection reset by peer [2008/07/22 12:22:13, 0] lib/util_sock.c:send_smb(761) Error writing 4 bytes to client. -1. (Connection reset by peer) On the XP side i get the network path was not found. The 'endpoint is not connected' errors are common; I see them all over the place without impacting functionality. I've researched those and they seem to be largely ignored. So you can access the shares, but I'm not clear on what client you're using if XP still doesn't work? smbclient? from localhost? So Windows clients universally cannot access the share, or do you have some that can (i.e. Win2k works but XP does not)? If nothing but the local machine can access the share I'd be very suspicious that there is still some firewalling on the server: iptables -L should return something like this: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination If your iptables returned much more then run /etc/init.d/iptables stop (presuming you're on a RedHat-ish system). If some clients can access but others can't we'll have to dig a little deeper. Rubin XP is online they can ping with the samba server. The samba server has the firewall disabled and Selinux disabled too. I have read on some other ports that it could be a port issue. Any ideas? Thank you 2008/7/22 Rubin Bennett [EMAIL PROTECTED]: I've actually seen this a number of times. Change your share name in smb.conf from [Share] to [share] and I'll bet it works fine. I haven't picked it apart as to why this happens, but it seems like there's something about the case sensitivity/ insensitivity between *nix and *doze that disagree when the share is defined with mixed case. Has anyone else seen this besides me? It seems fairly consistent between versions and flavors of Linux and Samba in my experience. HTH, Rubin On Mon, 2008-07-21 at 22:30 -0500, Adam Williams wrote: are you trying to connect to \\server\acn or \\server\share? Thomas Vito wrote: Hello, On a RHEL 5 U2 server i am trying again to setup samba this time in user mode, see smb.conf below: [global] workgroup = ACME realm = EU.ACME.COM server string = %h password server = amsterdam-dc01.eu.acme.com passdb backend = tdbsam local master = No dns proxy = No wins server = 10.130.12.120 ldap ssl = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 cups options = raw [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [Share] path = /home/acn write list = acn, tci read only = No guest ok = Yes I have created two users acn and tci then used smbpasswd to create their password. I have created the share folder on the samba folder /home/acn and even tried a chmod 777 on it. Each time i try to connect to the share i get either an error from windows client : No network provider accepted the given network path. Sometimes i get a login prompt, enter my cred tci and password, then after a few minutes i get The specified network name is no longer available Here is the smbd.log: [2008/07/21 17:17:31, 0] lib/util_sock.c:get_peer_addr(1224) getpeername failed. Error was Transport endpoint is not connected [2008/07/21 17:17:31, 0] lib/util_sock.c:get_peer_addr(1224) getpeername failed. Error was Transport endpoint is not connected [2008/07/21 17:17:31, 0] lib/util_sock.c:read_data(534) read_data: read failure for 4
Re: [Samba] Impossible to access folders
I've actually seen this a number of times. Change your share name in smb.conf from [Share] to [share] and I'll bet it works fine. I haven't picked it apart as to why this happens, but it seems like there's something about the case sensitivity/ insensitivity between *nix and *doze that disagree when the share is defined with mixed case. Has anyone else seen this besides me? It seems fairly consistent between versions and flavors of Linux and Samba in my experience. HTH, Rubin On Mon, 2008-07-21 at 22:30 -0500, Adam Williams wrote: are you trying to connect to \\server\acn or \\server\share? Thomas Vito wrote: Hello, On a RHEL 5 U2 server i am trying again to setup samba this time in user mode, see smb.conf below: [global] workgroup = ACME realm = EU.ACME.COM server string = %h password server = amsterdam-dc01.eu.acme.com passdb backend = tdbsam local master = No dns proxy = No wins server = 10.130.12.120 ldap ssl = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 cups options = raw [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [Share] path = /home/acn write list = acn, tci read only = No guest ok = Yes I have created two users acn and tci then used smbpasswd to create their password. I have created the share folder on the samba folder /home/acn and even tried a chmod 777 on it. Each time i try to connect to the share i get either an error from windows client : No network provider accepted the given network path. Sometimes i get a login prompt, enter my cred tci and password, then after a few minutes i get The specified network name is no longer available Here is the smbd.log: [2008/07/21 17:17:31, 0] lib/util_sock.c:get_peer_addr(1224) getpeername failed. Error was Transport endpoint is not connected [2008/07/21 17:17:31, 0] lib/util_sock.c:get_peer_addr(1224) getpeername failed. Error was Transport endpoint is not connected [2008/07/21 17:17:31, 0] lib/util_sock.c:read_data(534) read_data: read failure for 4 bytes to client 0.0.0.0. Error = Connection reset by peer [EMAIL PROTECTED] ~]# smbd -V Version 3.0.28-1.el5_2.1 -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cannot add new machines to domain - Stumped
On Fri, 2008-05-30 at 08:19 +0200, David Böhm wrote: No prob :) It didn't show up because it's a default value in later versions of Samba and as I recall, testparm only outputs non-defaults. I'm sure we'll get this, although I have to be honest and tell you I haven't used LDAP (yet) as a backend. If you run the add machine script as root on the server, does it work correctly? Rubin Yes the script works fine. The machine will be created in ldap but without any samba attributes (no sid,..). I also allready tried just to comment the parameter algorithmic rid base = 5000. But if i do that samba doesn't start anymore. The log reportes, that i changed that parameter and after that core dump: [2008/05/28 09:55:03, 0] passdb/pdb_ldap.c:pdb_init_ldapsam(5733) The value of 'algorithmic RID base' has changed since the LDAP database was initialised. Aborting. [2008/05/28 09:55:03, 0] passdb/pdb_interface.c:make_pdb_method_name(146) pdb backend ldapsam:ldap://localhost:389 did not correctly init (error was NT_STATUS_UNSUCCESSFUL) [2008/05/28 09:55:03, 0] lib/util.c:smb_panic(1632) PANIC (pid 7067): pdb_get_methods_reload: failed to get pdb methods for backend ldapsam:ldap://localhost:389 [2008/05/28 09:55:03, 0] lib/util.c:log_stack_trace(1736) BACKTRACE: 7 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x1c) [0x5578186c] #1 /usr/sbin/smbd(smb_panic+0x43) [0x55781953] #2 /usr/sbin/smbd [0x5573c815] #3 /usr/sbin/smbd(initialize_password_db+0x9) [0x5573c849] #4 /usr/sbin/smbd(main+0x59b) [0x558369ab] #5 /lib64/libc.so.6(__libc_start_main+0xf4) [0x2b0c8832db54] #6 /usr/sbin/smbd [0x555c6259] [2008/05/28 09:55:03, 0] lib/fault.c:dump_core(181) dumping core in /var/log/samba/cores/smbd [2008/05/28 09:55:54, 1] smbd/service.c:make_connection_snum(1033) Btw, it don't realy know why need this parameter. I thought the association between UID and SID happends in ldap. Thx - David Unfortunately at this point you've gone beyone my experience with Samba running against an LDAP backend. Does anyone else out there have advice for David? Thanks Rubin -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cannot add new machines to domain
On Thu, 2008-05-29 at 15:21 +0200, David Böhm wrote: Rubin Bennett schrieb: On Thu, 2008-05-29 at 10:21 +0200, David Böhm wrote: Hi, i have running samba with ldap as a PDC. The PDC works fine, except adding new computer to the domain. The Computer how was added 2-3 Years ago works fine, but i cannot add new PCs to the domain. The samba log says to remove the paramtere 'algorithmic rid base' and use 'net groupmap add' and 'net setmaxrid'. The command net setmaxrid is not existent. For me it is important to add the new PCs to the Domain. So is there any way to add the PCs on Server side? Or any other workaround - it does not matter how. I hope you can help me! :) log.smb: [2008/05/28 09:57:15, 0] passdb/pdb_interface.c:pdb_new_rid(1072) 'algorithmic rid base' is set but a passdb backend without algorithmic RIDs is chosen. Please map all used groups using 'net groupmap add', set the maximum used RID using 'net setmaxrid' and remove the parameter smb.conf: [global] workgroup = FAB server string = zeus interfaces = 195.72.98.12/255.255.255.240, 10.14.45.12/255.255.255.0 map to guest = Bad User passdb backend = ldapsam algorithmic rid base = 5000 log level = 1 log file = /var/log/log.smb smb ports = 139 name resolve order = wins hosts bcast lmhosts time server = Yes deadtime = 15 socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY printcap name = cups add user script = ldapsmb -a -u %u delete user script = ldapsmb -d -u %u add group script = ldapsmb -a -g %g delete group script = ldapsmb -d -g %g add user to group script = ldapsmb -j -u %u -g %g delete user from group script = ldapsmb -r -u %u -g %g set primary group script = ldapsmb -m -u %u -gid %g add machine script = ldapsmb -a -w %u -gid 515 logon script = kix32 fab_login.scr logon path = \\%L\profiles\%U logon drive = h: domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Manager,dc=fab,dc=fh-wiesbaden,dc=de ldap group suffix = ou=Groups ldap machine suffix = ou=People ldap passwd sync = Yes ldap suffix = dc=fab,dc=fh-wiesbaden,dc=de ldap ssl = no ldap user suffix = ou=People admin users = @ntadmin, root hosts allow = 10.14.40., 10.14.41., 10.14.42., 10.14.45., 10.14.43., 10.14.44., 10.10.57. printing = cups print command = lpq command = %p lprm command = /usr/bin/lprm -P%p %j veto files = /*.eml/*.nws/riched20.dll/*.{*}/ SW: Opensuse 10.3 64bit Samba 3.0.26a Openldap: 2.3.37 Best regards, - David Böhm I'm guessing that somewhere along the line you upgraded your server and moved your Samba install to the new box? This has happened to me several times and there are a few items in the config that need to be added for later versions of Samba to work as expected. In the global section, add enable privileges = yes And see if that works. HTH, Rubin Hi, your supposition is right. There was a upgrade to a new box. The option you describe is already set. I don't know why it is not listed above. Maybe testparam doesn't dump the complete config? Here is the config with cat! :) Thx for supporting me! No prob :) It didn't show up because it's a default value in later versions of Samba and as I recall, testparm only outputs non-defaults. I'm sure we'll get this, although I have to be honest and tell you I haven't used LDAP (yet) as a backend. If you run the add machine script as root on the server, does it work correctly? Rubin best regards, David smb.conf: # smb.conf is the main samba configuration file. You find a full commented # version at /usr/share/doc/packages/samba/examples/smb.conf.SuSE # Date: 2002-09-12 # # [global] workgroup = FAB netbios name = zeus server string = zeus map to guest = Bad User encrypt passwords = yes enable privileges = yes passdb backend = ldapsam ldap admin dn = cn=Manager,dc=fab,dc=fh-wiesbaden,dc=de ldap suffix = dc=fab,dc=fh-wiesbaden,dc=de ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People ldap ssl = no ldap passwd sync = yes add user script = ldapsmb -a -u %u delete user script = ldapsmb -d -u %u add machine script = ldapsmb -a -w %u -gid 515 add group script = ldapsmb -a -g %g delete
RE: [Samba] Existing files don't show up in share, new files do
on the share from Windows! The new file will show up locally on the file server (as verified by logging in with SSH and checking the shared directory), and my other Windows client will see the new file as well. * I can also create new files locally on the file server, and these will also show up on the Windows clients. * I can see no difference between the existing files and any new files created locally or through a Windows client. The file permissions are all the same. * The only difference between the two shares is that my home directory is on the root filesystem (ext3) and the multimedia share (/mnt/data/multimedia) is on a mounted ext3 file system (/mnt/data). But this hasn't changed! * While googling the problem I found some references to a directory name cache size option which might be related, so I added a directory name cache size = 0 to my smb.conf, but that made no difference. I've attached my smb.conf (I've removed all the comments for brevity). I'll provide any log, trace or debug info if someone tells me how to. Hopefully somebody here can help me! Kind regards, Pepijn Schmitz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [Slightly OT] Mac and Samba
Hello all... I have a question that is outside the realm of my experience but that has come up several times recently. I have a mixed network (some Macs, some PCs) that needs a server. I'm going through the standard process of deciding between Samba and a Windows domain controller, my strong preference being to install Linux/Samba server. The sticking point seems to be that the Mac users need to be able to run Access and Quickbooks, recent versions, neither of which are ported to the Mac as I understand it. So my question is this: When faced with this situation, what do folks out there do? Install a Terminal server of some flavor (out of reach for this tiny non-profit)? Or is there some simple thing I could do that would bridge the gap in a cost effective and reasonably easy to administer way? Thanks very much in advance, Rubin -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Existing files don't show up in share, new files do
for some files but fail for others while having the same permissions? Kind regards, Pepijn Schmitz Rubin Bennett wrote: Unless I missed it there was no further discussion of ACLs? Run mount on the linux box and look to see if that filesystem is mounted with the acl option. If it was, you can either remountit without ACLs or reset the ACLs on the filesystem. Run getfacl on the directory and see if there's anything out of bounds there; that's quite frankly the only thing I can think of that would cause this behaviour. Disappearing files have *always* been due to a mismatch between Samba permissions and those set by the underlying filesystem in my experience (10+ years of Samba and counting). Not to say that it's impossible you've found something new and different, but statistics say it's very likely a permissions/ acl issue. HTH, Rubin On Wed, 2008-05-21 at 09:11 -0400, Jason Waters wrote: What about settings windows to view hidden files and system files. Do they show up then? Jason Waters -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greene, Joe Sent: Wednesday, May 21, 2008 8:42 AM To: samba@lists.samba.org Subject: RE: [Samba] Existing files don't show up in share, new files do His directory is already 777 and the 500 is the UID of pepijn on the serve unless I miss my guess. I also had him check all permissions on the directories above it to make sure they were at least 755 and they were. BTW Pepijn, you might want o make sure that your userid is the same on all of your linux boxes.. just check /etc/passwd to make sure username Pepijn is userid 500, then on any system you have to change it, I recommend running (as root) 'find / -user olduid -exec chown 500 {} \;' This may or may not have any affect on this problem. also check the usermapping, maybe there is something there. Joe Greene UNIX Systems Administrator Phone 317-707-2730 Fax 317-707-2397 Hours M-F 7am-4pm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Waters Sent: Wednesday, May 21, 2008 8:09 AM To: samba@lists.samba.org Subject: RE: [Samba] Existing files don't show up in share, new files do Let's see if it's permissions(which is what I think it is). chmod 777 * in that directory and then see if it works. Then we can figure out what went on. The uid of 500 of the new file seems strange. Jason Waters From: Pepijn Schmitz [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 21, 2008 7:56 AM To: Jason Waters Cc: samba@lists.samba.org Subject: Re: [Samba] Existing files don't show up in share, new files do Jason Waters wrote: What parameters are set on the share? Anything like map system, map hidden? This is the share definition: [multimedia] comment = Multimedia Files path = /mnt/data/multimedia public = yes writable = yes printable = no write list = pepijn So no map system or map hidden. I should also note that neither the share definition nor the contents of the directory have changed. The only thing that happened was that the server, which used to be my router and firewall also, is now only a file server and no longer has a static IP address. Are you using ACL's? I don't think so. How can I tell? What about giving us an ls -l of a directory that isn't showing files. Here's the ouput of ls -al on /mnt/data/multimedia: total 2260 drwxrwxrwx 11 pepijn pepijn 4096 2008-05-17 14:13 . drwxr-xr-x 10 root root 4096 2008-05-16 19:58 .. drwxr-xr-x 6 pepijn pepijn 4096 2008-05-17 14:16 Audio -rw-rw-r-- 1 pepijn pepijn 468919 2004-09-18 08:40 DIRK_GENTLY'S_HOLISTIC_DETECTIVE_AGENCY.TXT lrwxrwxrwx 1 pepijn pepijn 6 2005-01-17 22:13 Fotos - Foto's drwxrwxr-x 41 pepijn pepijn 4096 2008-03-15 23:27 Foto's -rw-rw-r-- 1 pepijn pepijn 292097 2004-09-18 08:40 HITCHHIKER'S_GUIDE_TO_THE_GALAXY.TXT -rw-rw-r-- 1 pepijn pepijn 396618 2004-09-18 08:40 LAST_CHANCE_TO_SEE.TXT drwxrwxr-x 4 pepijn pepijn 4096 2002-07-01 02:32 Martijn -rw-rw-r-- 1 pepijn pepijn 372140 2004-09-18 08:40 MOSTLY_HARMLESS.TXT drwxrwxr-x 2 pepijn pepijn 4096 2002-03-31 04:48 recycled -rw-rw-r-- 1 pepijn pepijn 333862 2004-09-18 08:40 RESTAURANT_END_OF_THE_UNIVERSE.TXT -rw-rw-r-- 1 pepijn pepijn 296645 2004-09-18 08:40 STARSHIP_TITANIC.TXT drwxrwxr-x 2 pepijn pepijn 4096 2004-11-28 17:00 temp -rwxr--r-- 1 pepijn pepijn 5 2008-05-17 14:13 test2.txt -rwxr--r-- 1 pepijn pepijn 6 2008-05-17 14:08 test.txt drwx-- 4 pepijn pepijn 4096 2005-07-02 16:17 .Trash-500 drwx-- 2 pepijn pepijn 4096 2005-04-02 13:54 .Trash-pepijn drwxrwxr-x 10 pepijn pepijn 4096 2008-03-15 23:31 Video -r-xr--r-- 1 pepijn pepijn 80
Re: [Samba] Existing files don't show up in share, new files do (Solved!)
Glad to hear it! Damn SELinux *grumble*. I shoulda thought of that too :) Rubin On Wed, 2008-05-21 at 17:20 +0200, Pepijn Schmitz wrote: I got it. SELinux was causing the problem. Grmbl... I don't know why I didn't think to check before, but I took a look in my syslog and saw entries like these: May 21 16:21:29 roadrunner kernel: audit(1211379689.340:4629): avc: denied { getattr } for pid=13682 comm=smbd path=/mnt/data/multimedia/XXX dev=sdb1 ino=28066343 scontext=system_u:system_r:smbd_t:s0 tcontext=user_u:object_r:file_t:s0 tclass=dir I did a ls -Z on /mnt/data/multimedia with the following result: drwxrwxr-x pepijn pepijn system_u:object_r:file_t:s0 Audio -rw-rw-r-- pepijn pepijn system_u:object_r:file_t:s0 DIRK_GENTLY'S_HOLISTIC_DETECTIVE_AGENCY.TXT lrwxrwxrwx pepijn pepijn user_u:object_r:file_t:s0Fotos - Foto's drwxrwxr-x pepijn pepijn system_u:object_r:file_t:s0 Foto's -rw-rw-r-- pepijn pepijn system_u:object_r:file_t:s0 HITCHHIKER'S_GUIDE_TO_THE_GALAXY.TXT -rw-rw-r-- pepijn pepijn system_u:object_r:file_t:s0 LAST_CHANCE_TO_SEE.TXT drwxrwxr-x pepijn pepijn system_u:object_r:file_t:s0 Martijn -rw-rw-r-- pepijn pepijn system_u:object_r:file_t:s0 MOSTLY_HARMLESS.TXT drwxrwxr-x pepijn pepijn system_u:object_r:file_t:s0 recycled -rw-rw-r-- pepijn pepijn system_u:object_r:file_t:s0 RESTAURANT_END_OF_THE_UNIVERSE.TXT -rw-rw-r-- pepijn pepijn system_u:object_r:file_t:s0 STARSHIP_TITANIC.TXT drwxrwxr-x pepijn pepijn system_u:object_r:file_t:s0 temp -rw-rw-r-- pepijn pepijn system_u:object_r:samba_share_t:s0 test2.txt -rw-rw-r-- pepijn pepijn system_u:object_r:samba_share_t:s0 test.txt drwxrwxr-x pepijn pepijn system_u:object_r:file_t:s0 Video -rw-rw-r-- pepijn pepijn user_u:object_r:file_t:s0volumeid.zbx drwxrwxr-x pepijn pepijn user_u:object_r:file_t:s0XXX -rw-rw-r-- pepijn pepijn system_u:object_r:file_t:s0 YOUNG_ZAPHOD_PLAYS_IT_SAFE.TXT The existing files have a different security context (file_t) than the new ones (samba_share_t). I have no idea how or why this has happened, and frankly I don't feel like spending any more time to find out (although I'm still interested if someone knows more about how this could happen). Since the server is now just an internal file server I decided just to turn off SELinux. Now the share works perfectly again! Thanks everyone for your time and patience! Kind regards, Pepijn Schmitz Pepijn Schmitz wrote: I tried commenting out the write list = pepijn line and adding a guest ok = yes line, but it made no difference, both when logging in as pepijn or when logging in as guest. Kind regards, Pepijn Schmitz Jason Waters wrote: Remove any restrictions on the shares. Like valid user and that sort of thing. Jason Waters -Original Message- From: Pepijn Schmitz [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 21, 2008 10:08 AM To: Rubin Bennett Cc: Jason Waters; samba@lists.samba.org Subject: Re: [Samba] Existing files don't show up in share, new files do I'm slightly closer to finding the cause of this problem. I set the smbd log level to 7 and found the following entries when trying to list the contents of the share: [2008/05/21 15:27:05, 5] smbd/uid.c:change_to_user(273) change_to_user uid=(500,500) gid=(0,500) [2008/05/21 15:27:05, 3] smbd/trans2.c:call_trans2findfirst(1704) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 2 requires_resume_key = 4 level = 0x104, max_data_bytes = 16644 [2008/05/21 15:27:05, 5] smbd/filename.c:unix_convert(147) unix_convert called on file * [2008/05/21 15:27:05, 5] smbd/filename.c:unix_convert(246) unix_convert begin: name = *, dirpath = , start = * [2008/05/21 15:27:05, 5] smbd/trans2.c:call_trans2findfirst(1769) dir=./, mask = * [2008/05/21 15:27:05, 5] smbd/dir.c:dptr_create(392) dptr_create dir=./ [2008/05/21 15:27:05, 3] smbd/dir.c:dptr_create(515) creating new dirptr 256 for path ./, expect_close = 1 [2008/05/21 15:27:05, 4] smbd/trans2.c:call_trans2findfirst(1837) dptr_num is 256, wcard = *, attr = 22 [2008/05/21 15:27:05, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./. fname=. [2008/05/21 15:27:05, 5] smbd/trans2.c:get_lanman2_dir_entry(1255) get_lanman2_dir_entry found ./.. fname=.. [2008/05/21 15:27:05, 5] smbd/trans2.c:get_lanman2_dir_entry(1221) get_lanman2_dir_entry:Couldn't stat [./Audio] (Permission denied) [2008/05/21 15:27:05, 5] smbd/trans2.c:get_lanman2_dir_entry(1221) get_lanman2_dir_entry:Couldn't stat [./DIRK_GENTLY'S_HOLISTIC_DETECTIVE_AGENCY.TXT] (Permission denied) [2008/05/21 15:27:05, 5] smbd/trans2.c:get_lanman2_dir_entry(1221) get_lanman2_dir_entry:Couldn't stat [./Foto's] (Permission denied) [2008/05/21 15:27
Re: [Samba] Yet another Samba How-to
Any why shouldn't it be? If you want it to be more distro neutral, then *you* can foot the bill right? Rubin On Fri, 2008-04-25 at 17:29 +0100, solarflow99 wrote: why just SUSE then? you're right, its all about the money.. On 4/25/08, Rubin Bennett [EMAIL PROTECTED] wrote: Now, why would that matter, and how exactly would it be relevant to the fact that Mike (the OP) is putting the document out there for all to share? The attitude that contributing to Free software has to be an unpaid venture is sophomoric, unrealistic, and drives me absolutely crazy. The fact is that we all have to make a living. Some of us choose to do what we believe is the right thing, and contribute back to the community in the forms of code, or documentation, or whatever. The idea that someone who writes code or documentation and contributes it (or even just shares it, retaining copyright as this person appears to have done) is ridiculous. Don't bite the hand that feeds you; anyone who uses free software has been the beneficiary of some freely available code or documentation that the developer or author was renumerated for on many occasions. Rubin On Fri, 2008-04-25 at 17:13 +0100, solarflow99 wrote: ya right, how much did you get from SUSE/Microsoft for this? On 4/25/08, Jeremy Allison [EMAIL PROTECTED] wrote: On Thu, Apr 24, 2008 at 04:13:13PM -0500, Mike Petersen wrote: Hi all, Just wanted to let you guys know that I put together a High Level Samba How-to that I believe is very informative for Samba Beginners. I wrote it using Novell's Suse Linux Enterprise Server as part of a book I promised a few clients that I contract for - although I did write it in such a way that it can be used for virtually any GNU/Linux Distribution. I wrote this on my own time and I am the sole copyright holder - if the Samba Developers want me to either post it as-is on the Samba Wiki or edit out the SLES parts and post it on the Samba Wiki I would be happy to (when I get the time of course :-) You can access the how-to at: http://www.pcc-services.com/sles/samba.html Anyway, feedback is always welcome. Wow, this is really nicely done ! Thanks a lot ! This is a very nice complement to the Samba docs and makes a great HOWTO. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinXP Pro can't join Domain (Samba PDC) after server migration but current domain machine are OK
On Thu, 2008-03-13 at 20:10 -0400, Mathieu Beaudoin wrote: Hi, I had a Samba PDC running on unstable hardware. I migrate everything on a new machine, I transferred all the configuration files (smb.conf, smbpasswd, .), transferred all the users and groups. Everything was working 100% until I had to join a new machine to Domain, WinXP Pro SP2 can't find de Domin Controler, but all the WinXP Pro SP2 that where already in the Domain before the migration can logon fine, their roaming profiles are updated fine and they access the shares with no problems. I just can't join a new machine. I reinstall Samba completely on the server, reconfigure everything manually (not using the old smb.conf) and no change. I try to disable the firewall, no change. I'm out of idea. I've seen similar behaviour before, always after an upgrade (it seems more common when upgrading a 32bit OS to a 64 bit, IIRC). My fix was to export the tdb to smbpasswd, and reimport. That seems to fix it pretty consistently. Rubin I run samba 3.0.26 on Opensuse 10.3 (same as the old server). [global] workgroup = SOE-DOMAIN server string = PDC - File Server log file = /data/log/samba_log.txt deadtime = 15 printcap name = cups add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ logon path = \\%L\profiles\.msprofile logon drive = P: logon home = \\%L\%U\.9xprofile domain logons = Yes preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes ldap ssl = no usershare allow guests = Yes acl group control = Yes profile acls = Yes map acl inherit = Yes printing = cups cups options = raw print command = lpq command = %p lprm command = store dos attributes = Yes strict locking = Yes include = /etc/samba/dhcp.conf [profiles] comment = Network Profiles Service path = %H read only = No create mask = 0600 directory mask = 0700 browseable = No [users] comment = All users path = /home read only = No inherit acls = Yes veto files = /aquota.user/groups/shares/ browseable = No [groups] comment = All groups path = /home/groups read only = No inherit acls = Yes browseable = No [printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin, root force group = ntadmin create mask = 0664 directory mask = 0775 [data] comment = data path = /data/data read only = No inherit permissions = Yes inherit acls = Yes inherit owner = Yes [programme] comment = Network Profiles Service path = %H read only = No create mask = 0600 directory mask = 0700 use sendfile = Yes browseable = No [email] path = /data/email/ read only = No inherit permissions = Yes inherit acls = Yes inherit owner = Yes case sensitive = No browseable = No blocking locks = No locking = No oplocks = No posix locking = No strict locking = No msdfs proxy = no Thanks for your help and let me know if you need more infos, Mathieu Beaudoin Responsable des T.I. CVT Corp Technologies de vitesse variable Variable Speed Technologies -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange behaviour of Samba3 with wireless clients
On Tue, 2008-03-04 at 14:08 +1100, Carlo Sogono wrote: I have built my own wireless AP with Ubuntu 7.10 and an Atheros-based wireless card. My problem is that I can't access any of the Samba shares with my wireless clients...they can all search for the server, get prompted for a login then it just hangs and eventually times out. The same clients, when using their LAN ports to connect to the same server, are able to do everything--browse and access Samba shares. I have experimented with the smb.conf file to include the wireless AP's device (ath0), subnet and even allowing it to bind on all interfaces. During those times, samba *does* bind on the device/device's IP when doing 'netstat -tln'. I have also checked my firewall settings. The rules I have for my local LAN on eth1 is identical to ath0 so I don't see a problem there. In fact I can do everything on my wireless clients except Samba. Here are some details of my setup: Ubuntu 7.10 server eth0 - ADSL modem; running pppoe eth1 - local LAN ath0 - wireless LAN madwifi drivers for Atheros chips hostapd to handle WPA2+PSK authentication iptables for IP filtering samba3 Am I missing something here? Thanks in advance. What happens if you do an smbclient -L //{IP of WIFI card} from the server? Do you get a list of shares? I'm assuming that you've proofed out the WIFI side of things (i.e. the wireless clients can ping the server etc. etc.)? Also make sure there's no NAT on the WIFI interface screwing things up - iptables -t nat -L Rubin Carlo -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange behaviour of Samba3 with wireless clients
On Tue, 2008-03-04 at 15:08 +1100, Carlo Sogono wrote: Rubin Bennett wrote: On Tue, 2008-03-04 at 14:08 +1100, Carlo Sogono wrote: I have built my own wireless AP with Ubuntu 7.10 and an Atheros-based wireless card. My problem is that I can't access any of the Samba shares with my wireless clients...they can all search for the server, get prompted for a login then it just hangs and eventually times out. The same clients, when using their LAN ports to connect to the same server, are able to do everything--browse and access Samba shares. I have experimented with the smb.conf file to include the wireless AP's device (ath0), subnet and even allowing it to bind on all interfaces. During those times, samba *does* bind on the device/device's IP when doing 'netstat -tln'. I have also checked my firewall settings. The rules I have for my local LAN on eth1 is identical to ath0 so I don't see a problem there. In fact I can do everything on my wireless clients except Samba. Here are some details of my setup: Ubuntu 7.10 server eth0 - ADSL modem; running pppoe eth1 - local LAN ath0 - wireless LAN madwifi drivers for Atheros chips hostapd to handle WPA2+PSK authentication iptables for IP filtering samba3 Am I missing something here? Thanks in advance. What happens if you do an smbclient -L //{IP of WIFI card} from the server? Do you get a list of shares? I'm assuming that you've proofed out the WIFI side of things (i.e. the wireless clients can ping the server etc. etc.)? Also make sure there's no NAT on the WIFI interface screwing things up - iptables -t nat -L Rubin As I am at work at the moment I cannot try it but I'm pretty sure it would fail since my client's shares are disabled. :P When I said everything else works that includes having to access the following services of the server: http, ftp and ssh. My server is also a file server so I have no problems accessing my files via FTP/SFTP. Carlo I meant test the WIFI interface of the server _from_ the server. If you can't connect to the server's interface from that box, then you likely won't be able to connect to it from another client system. I have to admit that the more likely sounding culprit here is the framing... Rubin -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WINS via WAN problem
On Fri, 2008-02-22 at 14:47 -0800, Kevin Haddock wrote: Hi everyone. I have two windows machines logging into my Linux machine via nxclient. One via a LAN and the other coming in through the internet. Both are sharing one printer and one folder. The one that is on the LAN I can smbclient -L host and see, but not the one via WAN. The shared folder works on both machines but the printer only works on the local. The shared printer via the WAN gives a CIFS error. smbstatus -L does not show either of the machines. Shouldn't that show the various machines that WINS knows about? How does WINS know/learn about non-local machines? You tell the non local machines to use the Samba server for WINS lookups. I do it in DHCP, via the netbios-name-servers option in /etc/dhcpd.conf, but you can do it directly on the workstations as well. Once the workstations are pointing at the right NB nameserver, then you should be able to ping the server by it's netbios name. HTH TGIF, Rubin -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT_STATUS_ACCESS_DENIED
Um, either you omitted the chr share definition, or you don't have one. Either way we can't help much without it :) Rubin On Tue, 2008-02-12 at 12:37 +0200, Chris du Preez wrote: Hi I have a small problem I get a message NT_STATUS_ACCESS_DENIED if I want to do a listing after I have logged in a samba server. I do it like this # smbclient //bbb/chr -U chr Password: Domain=[BBB] OS=[Unix] Server=[Samba 3.0.28-0.fc8] smb: \ ls NT_STATUS_ACCESS_DENIED listing \* 51148 blocks of size 4194304. 27065 blocks available Any help will be appreciated Thanks in advance Chris This is what my smb.conf look like [global] workgroup = FLAMENGRO realm = NONE server string = BBB Samba Server password server = username map = /etc/samba/smbusers log file = /var/log/samba/%m.log max log size = 50 printcap name = /etc/printcap preferred master = No local master = No domain master = No dns proxy = No ldap ssl = no cups options = raw [homes] comment = Home Directories valid users = chr read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba/ printable = Yes browseable = No -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making Samba change the Unix Password (/etc/shadow)
Did you restart samba (/etc/init.d/smb restart)? You need to at least do a reload (/etc/init.d/smb reload) for config file changes to be read. Rubin On Tue, 2008-02-05 at 08:09 +0900, Michael Heydon wrote: Parag Kalra wrote: Hi Rubin, I made the changes suggested by you but still its not working. -- Parag Kalra On Feb 5, 2008 3:29 AM, Rubin Bennett [EMAIL PROTECTED] wrote: On Tue, 2008-02-05 at 02:26 +0530, Parag Kalra wrote: Hello all, I am trying to change the linux login password through the smbpasswd command by placing following parameters in smb.conf file: unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *enter old password* %o\\n *Enter NEW password* %n\\n *reenter New passwd* %n\\n *password changed* testparm is your friend :) It should complain about the passwd command, and for good reason; it shouldn't be there. Use: pam password change = yes instead, and get rid of the passwd program and passwd chat lines. PAM is far from universal, there are plenty of OSes and distros that do not include PAM. The man page doesn't say anything about passwd program being depreciated, why would testparm complain about it? Are you getting anything in the logs when trying to reset the password? Have you tried enabling passwd chat debug (you may have to up your log level as well)? If you want to keep using passwd instead of PAM, could you write a wrapper/replacement for passwd that logs everything that happens? HTH, Rubin *Michael Heydon - IT Administrator * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making Samba change the Unix Password (/etc/shadow)
Ok, I assume that your system does have a pam auth subsystem? What distro are you on, and may we see your smb.conf (you can omit the share definitions)? Rubin On Tue, 2008-02-05 at 05:26 +0530, Parag Kalra wrote: Yes I have restarted smb but still no fruits. Also placing passwd chat debug = yes didn't generate any log in /var/log/samba/smd.log Could anyone please explain the following: [If you want to keep using passwd instead of PAM, could you write a wrapper/replacement for passwd that logs everything that happens?] -- Parag Kalra On Feb 5, 2008 5:11 AM, Rubin Bennett [EMAIL PROTECTED] wrote: Did you restart samba (/etc/init.d/smb restart)? You need to at least do a reload (/etc/init.d/smb reload) for config file changes to be read. Rubin On Tue, 2008-02-05 at 08:09 +0900, Michael Heydon wrote: Parag Kalra wrote: Hi Rubin, I made the changes suggested by you but still its not working. -- Parag Kalra On Feb 5, 2008 3:29 AM, Rubin Bennett [EMAIL PROTECTED] wrote: On Tue, 2008-02-05 at 02:26 +0530, Parag Kalra wrote: Hello all, I am trying to change the linux login password through the smbpasswd command by placing following parameters in smb.conf file: unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *enter old password* %o\\n *Enter NEW password* %n\\n *reenter New passwd* %n\\n *password changed* testparm is your friend :) It should complain about the passwd command, and for good reason; it shouldn't be there. Use: pam password change = yes instead, and get rid of the passwd program and passwd chat lines. PAM is far from universal, there are plenty of OSes and distros that do not include PAM. The man page doesn't say anything about passwd program being depreciated, why would testparm complain about it? Are you getting anything in the logs when trying to reset the password? Have you tried enabling passwd chat debug (you may have to up your log level as well)? If you want to keep using passwd instead of PAM, could you write a wrapper/replacement for passwd that logs everything that happens? HTH, Rubin *Michael Heydon - IT Administrator * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- Love, PARAG . A . KALRA Good judgment comes from experience, and experience comes from bad judgment http://discoverlinux.blogspot.com Debian Linux! A Dawn of New Era! -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Vista over VPN loses connection with workgroup
On Mon, 2008-01-14 at 19:41 -0800, Florin Andrei wrote: Rubin Bennett wrote: Can you browse by IP address over the re-established VPN? I can even browse by \\name It's just that the Network window is empty, and when that happens, the system cannot access a printer shared by the WINS server. Have you tried the old ipconfig /flushdns trick either before or after reconnecting the VPN? Doesn't make any difference. To recap: Samba as a WINS server, there's a Vista client that sometimes loses the Network Neighborhood. It's connected over VPN, but the VPN tunnel itself is solid, that's not the problem. The other end of the tunnel is the WINS server which is also an OpenVPN server. Sometimes it works fine though, it sees the Network just fine, it can print, etc. Some other times nothing works. I don't understand what's going on. Using samba-3.0.25b on CentOS 5.1 64bit I assume you can't get to the printer properties or the print server by UNC? I can say that I definitely haven't seen this, but at the same time, I don't know that the majority of my clients who use a Vista/ OpenVPN/ Samba combination would necessarily notice if they couldn't print over the VPN. I'll do some checking on my end to see if I can replicate the behavior anywhere, but I honestly don't know where to go from here... Sporadic Windows issues give me a consistent headache :) -- Florin Andrei http://florin.myip.org/ -- Rubin Bennett rbTechnologies [EMAIL PROTECTED] http://thatitguy.com (802)223-4448 Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. -Ben Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Deny a User from a specific Host
On Fri, 2007-12-14 at 19:55 +, Net Warrior wrote: Good, but, how do I tell, this user can log in in this windows machine and not in this other? I need a way to check both, the user who's loggin agains my pdc in and the IP from the machine he's trying to log to the domain. Isn't deny-host a more global way to tell, this host can access my machine? Yes. To do what you're after, I think you could do it with a carefully subnetted LAN (i.e. each department has a distinct LAN segment, not necessarily an actual subnet but a block of IPs that are predictably assigned via dhcp pools). Then using dynamically generated login scripts, you could cross reference the users' group membership with the IP pool that they're logging in from, and attempt to write in some nastiness that disables users from one group logging into the IP space of another group. This is actually an interesting idea in a way although if your directory ACLs and permissions are set up correctly and you're using the Samba server for storing everything, why worry if user A from accounting logs into user B's pc in marketing? They won't be able to access anything they couldn't from their own computer, right? Rubin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Vista over VPN loses connection with workgroup
On Fri, 2007-11-30 at 13:55 -0800, Florin Andrei wrote: I've a server running CentOS 5, Samba 3.0.23c and OpenVPN-2.1beta4 A laptop running Vista connects to the server over VPN. The CentOS server is local, domain and preferred master, and also WINS server. It looks like every once in a while the Vista laptop drops the VPN connection, which gets re-established soon after that. But the problem is, it appears that after the dropout the Vista laptop doesn't see the Samba workgroup anymore - there's nothing in the Network window, and printing to a printer shared by Samba on CentOS fails. Rebooting Vista fixes the problem. If I specify a computer name like this \\computer I can access it from Vista even when the workgroup is invisible. My question is - how to make the connection to the workgroup more robust? Fixing VPN is another task, but I wonder if something can be done with Samba and/or Vista until then. I'd hazard that the issues are related, and that there are tweaks you can do to the VPN that will make this more stable. Short of sending you to the OpenVPN lists, I'll share a couple tweaks I've found useful in the exact same situation: On the VPN server, add the lines: # Insert your WINS server IP here push dhcp-option WINS 12.34.56.78 # Insert your DNS server IP here push dhcp-option DNS 12.34.56.78 # Insert your second (if you have one) DNS server IP here push dhcp-option DNS 12.34.56.79 # Replace with your search domain push dhcp-option DOMAIN domain.tld This will force the Vista client to re-establish these options on VPN reconnect, which it will only do on a reboot if you put the WINS server in the Windows general network config. I think the issue is that if the Windows machine is unable to connect to the WINS server specified, it simply stops trying, thus making the workgroup inaccessible. I stand ready to be corrected on all of this of course, but my experience is that the options above work very consistently for my own setup and those of my clients as well. Hope that helps! Rubin -- Rubin Bennett rbTechnologies [EMAIL PROTECTED] http://thatitguy.com (802)223-4448 Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. -Ben Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Vista over VPN loses connection with workgroup
On Fri, 2007-11-30 at 14:34 -0800, Florin Andrei wrote: Rubin Bennett wrote: I'd hazard that the issues are related, and that there are tweaks you can do to the VPN that will make this more stable. Short of sending you to the OpenVPN lists, I'll share a couple tweaks I've found useful in the exact same situation: On the VPN server, add the lines: # Insert your WINS server IP here push dhcp-option WINS 12.34.56.78 # Insert your DNS server IP here push dhcp-option DNS 12.34.56.78 # Insert your second (if you have one) DNS server IP here push dhcp-option DNS 12.34.56.79 # Replace with your search domain push dhcp-option DOMAIN domain.tld Yes, actually I already did that. That's how the laptop learns where's the WINS server. DOMAIN, DNS and WINS are being pushed to the Windows client already. The WINS server pushed to the laptop is actually the tun0 interface, created on the server by openvpnd. But that should not be a problem, I see in the logs how Samba actually becomes master on that interface, so it should work - and it does, for a while, and then the workgroup disappears. Can you browse by IP address over the re-established VPN? Have you tried the old ipconfig /flushdns trick either before or after reconnecting the VPN? -- Rubin Bennett rbTechnologies [EMAIL PROTECTED] http://thatitguy.com (802)223-4448 Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. -Ben Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows clients losing connection to Samba 3.0.27 PDC on FC7 i386
I've done that, and we'll wait and see I suppose... I *really* hate waiting for the other shoe to drop though. FWIW, I did some more digging and came up with a couple systems that show the following when I run pdbedit -Lv: Password must change: 0 Any idea as to why those show a 0 value and the rest either say never or have some huge value for seconds since the epoch that the password in theory will need to be changed? Thanks again, Rubin On Thu, 2007-11-29 at 18:22 -0500, simo wrote: First of all update to 3.0.27a, 3.0.27 had a regression in the security fix that prompted that release. Simo. On Tue, 2007-11-27 at 12:46 -0500, Rubin Bennett wrote: Hello all... I have a site of about 50 pcs connected to a Samba domain controller. The domain has been running flawlessly for several years through several upgrades, and the last one (From Fedora Core 4/ Samba 3.0.23a to FC7/ Samba 3.0.27) seems to have caused something to come unglued. The Workstations are periodically booting up in the morning and being unable to contact the domain controller. The Samba server is giving failed authentication errors for the workstation itself (not the username/ password) in log.{workstation}. The upgrade was done nearly a month ago, and roughly 1/2 of the workstations in the network were unable to connect the following morning. It happened again last week and about 10 more workstations were affected. And it happened again today, where 1 workstation and a member server (Win2003r2) lost their credentials. This time it was a really bad deal because the member server runs an application that is mission critical and therefore no one was able to work until it was fixed. In all cases, the users are able to log in by disconnecting their network cable and rebooting, then logging in with the cached credentials on the workstations. Reconnecting the NIC after login allowed the users to connect to network resources on the Samba PDC, and work until a reboot. A 'permanent' fix is to unjoin the PC from the domain and rejoin again. I had assumed that the issue was caused by the upgrade somehow, and that once every system had been re-joined it would go away. However, the workstation from this morning had been unjoined and rejoined once before and now I fear that the issue will keep cropping up all over the place. Ideas, suggestions, flames? I've copied my smb.conf below for your review as well. Thanks very much in advance, Rubin /etc/samba/smb.conf [global] workgroup = WORKGROUP netbios name = Server server string = Network File Server printcap name = cups enable privileges = yes load printers = yes printcap cache time = 60 printing = cups keepalive = 1 log file = /var/log/samba/log.%m max log size = 50 log level = 3 security = user encrypt passwords = Yes map to guest = bad user os level = 65 domain master = yes preferred master = yes passdb backend = tdbsam pam password change = yes socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 add machine script = /usr/sbin/useradd -d /dev/null -g 200 -s /bin/false -M %u oplocks = no level2 oplocks = no domain logons = Yes logon script = login%G.bat logon drive = Z: logon home = \\server\%U logon path = \\server\profiles\%U wins support = Yes name resolve order = wins hosts bcast hide unreadable = Yes # Added in an attempt to fix broken tdbsam backend... idmap uid = 1-2 idmap gid = 1-2 dns proxy = yes # Share Definitions == [homes] comment = Home Directories create mask = 0700 directory mask = 0700 browseable = No writable = yes [netlogon] comment = Netlogon Scripts path = /var/lib/samba/netlogon comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes writable = no [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = yes writable = no printable = yes create mode = 0700 ;print command = lpr-cups -P %p -o raw %s -r use client driver = yes [print$] path = /var/lib/samba/printers read only = yes browseable = yes force group = noyle write list = @noyle root guest ok = yes inherit permissions = yes [profiles] path = /var/lib/samba/profiles browseable = no read only = No guest ok = yes writable = yes create mask = 0600 directory mask = 0700 root preexec = PROFILE='/var/lib/samba/profiles/%u'; if [ ! -e $PROFILE ]; \ then mkdir -pm700 $PROFILE; chown '%u':'%g' $PROFILE;fi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows clients losing connection to Samba 3.0.27 PDC on FC7 i386
Hello all... I have a site of about 50 pcs connected to a Samba domain controller. The domain has been running flawlessly for several years through several upgrades, and the last one (From Fedora Core 4/ Samba 3.0.23a to FC7/ Samba 3.0.27) seems to have caused something to come unglued. The Workstations are periodically booting up in the morning and being unable to contact the domain controller. The Samba server is giving failed authentication errors for the workstation itself (not the username/ password) in log.{workstation}. The upgrade was done nearly a month ago, and roughly 1/2 of the workstations in the network were unable to connect the following morning. It happened again last week and about 10 more workstations were affected. And it happened again today, where 1 workstation and a member server (Win2003r2) lost their credentials. This time it was a really bad deal because the member server runs an application that is mission critical and therefore no one was able to work until it was fixed. In all cases, the users are able to log in by disconnecting their network cable and rebooting, then logging in with the cached credentials on the workstations. Reconnecting the NIC after login allowed the users to connect to network resources on the Samba PDC, and work until a reboot. A 'permanent' fix is to unjoin the PC from the domain and rejoin again. I had assumed that the issue was caused by the upgrade somehow, and that once every system had been re-joined it would go away. However, the workstation from this morning had been unjoined and rejoined once before and now I fear that the issue will keep cropping up all over the place. Ideas, suggestions, flames? I've copied my smb.conf below for your review as well. Thanks very much in advance, Rubin /etc/samba/smb.conf [global] workgroup = WORKGROUP netbios name = Server server string = Network File Server printcap name = cups enable privileges = yes load printers = yes printcap cache time = 60 printing = cups keepalive = 1 log file = /var/log/samba/log.%m max log size = 50 log level = 3 security = user encrypt passwords = Yes map to guest = bad user os level = 65 domain master = yes preferred master = yes passdb backend = tdbsam pam password change = yes socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 add machine script = /usr/sbin/useradd -d /dev/null -g 200 -s /bin/false -M %u oplocks = no level2 oplocks = no domain logons = Yes logon script = login%G.bat logon drive = Z: logon home = \\server\%U logon path = \\server\profiles\%U wins support = Yes name resolve order = wins hosts bcast hide unreadable = Yes # Added in an attempt to fix broken tdbsam backend... idmap uid = 1-2 idmap gid = 1-2 dns proxy = yes # Share Definitions == [homes] comment = Home Directories create mask = 0700 directory mask = 0700 browseable = No writable = yes [netlogon] comment = Netlogon Scripts path = /var/lib/samba/netlogon comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes writable = no [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = yes writable = no printable = yes create mode = 0700 ;print command = lpr-cups -P %p -o raw %s -r use client driver = yes [print$] path = /var/lib/samba/printers read only = yes browseable = yes force group = noyle write list = @noyle root guest ok = yes inherit permissions = yes [profiles] path = /var/lib/samba/profiles browseable = no read only = No guest ok = yes writable = yes create mask = 0600 directory mask = 0700 root preexec = PROFILE='/var/lib/samba/profiles/%u'; if [ ! -e $PROFILE ]; \ then mkdir -pm700 $PROFILE; chown '%u':'%g' $PROFILE;fi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Windows clients losing connection to Samba 3.0.27 PDC on FC7 i386
On Wed, 2007-11-28 at 09:36 +1200, Patrick Rynhart wrote: Hi Rubin, Do you have any trusted domains and (if so) are users logging into a trusted domain ? If this is the case, I would start smbd, nmbd normally (i.e. as daemons) but then run a single winbindd process in interactive mode, debug level 10. i.e. winbind -i -d 10 No domain trusts - this is the only DC in a 3 site WAN connected (routed) domain. Check beforehand that no other winbindd processes are running (i.e. ps aux |grep winbindd). Then I would attempt to logon from a member workstaion. View the debug output to see if you can track any problems. Ctrl-Z (i.e. background) may help here (fg to resume) as there could be a lot of output. If you don't have any trusted domains (and therefore aren't running winbindd) then the approach I take is very similar. Start nmbd normally (i.e. as a background daemon) but then run smbd as an interactive process, again in debug level 10 mode. i.e. smbd -i -d 10 From what you're describing, there may be a problem with the machine account for the affected machines. Look for something like NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE or some other NT STATUS code (these are defined in source/include/nterr.h if you happen to have the Samba source on your domain controller). The problem is that exactly this is happening, but to different machines, and totally sporadically. When it happens, I get lines like the following in my /var/log/messages: Nov 24 19:39:01 server smbd[10339]: _net_auth2: failed to get machine password for account SYSTEM$: NT_STATUS_ACCESS_DENIED Regards, Patrick This, at least, is completely consistent - when a system gets 'locked out' of the domain, it *always* shows lines like above in the logs. I've Googled fairly extensively for errors as above, but turned up nothing that seemed particularly applicable to my setup/ issue. FWIW, I'm not running Winbind at all on the PDC or anywhere else on the network (AFAIK, anyway). Thanks again, Rubin Rubin Bennett wrote: Hello all... I have a site of about 50 pcs connected to a Samba domain controller. The domain has been running flawlessly for several years through several upgrades, and the last one (From Fedora Core 4/ Samba 3.0.23a to FC7/ Samba 3.0.27) seems to have caused something to come unglued. The Workstations are periodically booting up in the morning and being unable to contact the domain controller. The Samba server is giving failed authentication errors for the workstation itself (not the username/ password) in log.{workstation}. The upgrade was done nearly a month ago, and roughly 1/2 of the workstations in the network were unable to connect the following morning. It happened again last week and about 10 more workstations were affected. And it happened again today, where 1 workstation and a member server (Win2003r2) lost their credentials. This time it was a really bad deal because the member server runs an application that is mission critical and therefore no one was able to work until it was fixed. In all cases, the users are able to log in by disconnecting their network cable and rebooting, then logging in with the cached credentials on the workstations. Reconnecting the NIC after login allowed the users to connect to network resources on the Samba PDC, and work until a reboot. A 'permanent' fix is to unjoin the PC from the domain and rejoin again. I had assumed that the issue was caused by the upgrade somehow, and that once every system had been re-joined it would go away. However, the workstation from this morning had been unjoined and rejoined once before and now I fear that the issue will keep cropping up all over the place. Ideas, suggestions, flames? I've copied my smb.conf below for your review as well. Thanks very much in advance, Rubin /etc/samba/smb.conf [global] workgroup = WORKGROUP netbios name = Server server string = Network File Server printcap name = cups enable privileges = yes load printers = yes printcap cache time = 60 printing = cups keepalive = 1 log file = /var/log/samba/log.%m max log size = 50 log level = 3 security = user encrypt passwords = Yes map to guest = bad user os level = 65 domain master = yes preferred master = yes passdb backend = tdbsam pam password change = yes socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 add machine script = /usr/sbin/useradd -d /dev/null -g 200 -s /bin/false -M %u oplocks = no level2 oplocks = no domain logons = Yes logon script = login%G.bat logon drive = Z: logon home = \\server\%U logon path = \\server\profiles\%U wins support = Yes name resolve order = wins hosts bcast hide unreadable = Yes # Added in an attempt to fix broken tdbsam backend
RE: [Samba] Windows member servers have lost their minds...
Ok, I think I've narrowed the issue down now to the following snippet from pdbedit -Lv: pdb_getsampwrid (TDB): error looking up RID 513 by key RID_0201. Error: Record does not exist tdbsam_close: Reference count is now 1. sid_to_gid: S-1-5-21-217398797-1463318779-1850952788-513 - 100 store_gid_sid_cache: gid 100 in cache - S-1-5-21-217398797-1463318779-1850952788-513 pdb_set_group_sid: setting group sid S-1-5-21-217398797-1463318779-1850952788-513 pdb_set_group_sid_from_rid: setting group sid S-1-5-21-217398797-1463318779-1850952788-513 from rid 513 This appears to tell me that the mapping of RID 513 doesn't exist. However, net groupmap list shows: Domain Users (S-1-5-21-217398797-1463318779-1850952788-513) - users I've googled on the error above and found a couple of me too posts, but no answer. If I've done something stupid and it's so obvious that I shoulda caught it immediately, I apologise, but I hope that someone will see their way to enlighten me so that future id10ts who make the same error will have a solution to reward their Googling efforts :) Thank you as always, Rubin Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cached logons
On Wed, 2007-06-13 at 10:57 +0200, Francesc Guasch wrote: Hi. I can't do cached logons in our new samba server. I had a dead crashed W2k server quickly replaced by samba-3. That meant create a new domain, restore backups and add all the PCs to the domain. It was impossible to ressurrect the old MS server. Anyway I'm facing a problem about cached logons. There is no way to make it work. I've been reading all the entries in the mailing list archives and MS information about it unsuccessfully. First of all, some people said in the archives that samba can't do cached logons, that's later refuted by people who log all the summer in a networkless computer. So it looks it should work. Is there something required in the samba server to make it work ? We have no ldap. Remote profiles were allowed the first day but now it is turned off. By remote profiles, you mean roaming? Did you change them to local on the client machines, or disable the profiles share (hint: you should change them to local on the clients). I have several sites with Samba PDCs that have laptop/ mobile users who use their cached credentials regularly to most of the time, and it simply works. I haven't had to change a thing on the samba side for it to work. They even use offline files and such with great regularity, and that works just fine as well. Is there anything in your Samba logs, or in the eventlog on the affected systems that is relevant? Regards, Rubin Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] COMPUTERNAME/Guest in login
On Wed, 2007-06-13 at 21:46 +0700, Joakim Lagerqvist wrote: This is what happens: When I browse the microsoft windows network and find my workgroup my samba server shows up. But when I double click on it I can't fill in my username. Instead it shows my computer name (client) followed by a slash and Guest and the field is not editable. I can however enter a password. If I instead type \\ followed by the servers IP address (\\192.168.0.1), I can fill in both my username and password and log in without problems. That sounds a lot like a DNS issue to me... are you running your own DNS server there, or are all the clients looking at the same DNS info? Rubin Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] COMPUTERNAME/Guest in login
On Wed, 2007-06-13 at 22:23 +0700, Joakim Lagerqvist wrote: On Wed, 2007-06-13 at 11:12 -0400, Rubin Bennett wrote: That sounds a lot like a DNS issue to me... are you running your own DNS server there, or are all the clients looking at the same DNS info? They should be running the same DNS but it is at our ISP. Should I set up a small DNS proxy with information about the samba server? I would; in particular make sure that the reverse records work properly (i.e. the server looking up the hostnames of the clients by IP). Rubin best regards, Joakim Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Windows member servers have lost their minds...
- Original Message - From: Gerald (Jerry) Carter [EMAIL PROTECTED] Sent: Tue, 6/12/2007 8:22am To: Rubin Bennett [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: Re: [Samba] Windows member servers have lost their minds... -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rubin, I'm having a serious problem after a Samba upgrade from 3.0.20 to 3.0.23c. You read the release notes regarding the SID changes in 3.0.23 right ? The next step is to look at a level 10 debug log frmo smbd when you are receiving the ACCESS_DENIED error. Hi, Jerry- Thanks for your reply! I did read the release notes, and the RID/ SID mappings were one of the first things I looked at, along with the output from net groupmap list. What I'm seeing is that the domain authentication is working just fine, but that I don't have administrative rights on the member servers when I log in as DOMAIN\root. If I go to the Event log, I can read everything but hte Security log, which errors out with: Unable to complete the operation on Security. A required privilege is not held by the client If I try to set services to run as the domain adminsitrator, they won't start. I've unjoined and rejoined the machines to the domain several times, I've removed the machine accounts from the Linux and Samba databases, I've double and triple checked profiles and net groupmap listings etc. etc. etc. and get no joy. For a brief moment last night, things appeared to be almost working correctly on one of the servers (i.e. I could shut the server down etc. when logged in as the domain administrator and could get into the Security event log), but this morning, after no changes were made, things weren't happy again. The SQL server was not running and the file shares were unaccessible from the network. There are no errors on the Samba box and log level = 10. On the Windows server, the only error that I can find is a 3210, Failed to authenticate with \\PDC, a Windows NT or 2000 domain controller for domain DOMAIN. *head bloody from banging on wall*... Rubin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows member servers have lost their minds...
charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to register passdb backend NDS_ldapsam_compat Successfully added passdb backend 'NDS_ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to find an passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init Netbios name list:- my_netbios_names[0]=PDC Attempting to find an passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init tdbsam_open: successfully opened /etc/samba/passdb.tdb pdb_set_username: setting username MEMBERSERVER$, was pdb_set_domain: setting domain DOMAIN, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name MEMBERSERVER$, was pdb_set_homedir: setting home dir \\PDC\MEMBERSERVER_, was pdb_set_dir_drive: setting dir drive H:, was NULL pdb_set_logon_script: setting logon script login.bat, was pdb_set_profile_path: setting profile path \\PDC\profiles\MEMBERSERVER_, was pdb_set_workstations: setting workstations , was grant_privilege: S-1-1-0 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-548 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-549 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-550 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-551 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-544 original privilege mask: SE_PRIV 0xff0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0xff0 0x0 0x0 0x0 account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-217398797-1463318779-1850952788-2106 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-217398797-1463318779-1850952788-2106 from rid 2106 lookup_global_sam_rid: looking up RID 513. tdbsam_open: Incrementing open reference count. Ref count is now 2 pdb_getsampwrid (TDB): error looking up RID 513 by key RID_0201. Error: Record does not exist tdbsam_close: Reference count is now 1. sid_to_gid: S-1-5-21-217398797-1463318779-1850952788-513 - 100 store_gid_sid_cache: gid 100 in cache - S-1-5-21-217398797-1463318779-1850952788-513 pdb_set_group_sid: setting group sid S-1-5-21-217398797-1463318779-1850952788-513 pdb_set_group_sid_from_rid: setting group sid S-1-5-21-217398797-1463318779-1850952788-513 from rid 513 tdbsam_close: Reference count is now 0. MEMBERSERVER$:553:memberserver$ Any help would be appreciated... I performed this upgrade on Friday night, and so I haven't been able to back my systems up (with the exception of the PDC...) since Thursday night. I've googled extensively and have thus far come up with very little of relevance. Thank you in advance for any light you may be able to shed, and my apologies for the long post... Rubin Rubin Bennett High Commander and Janitor RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba