Re: [Samba] Problem with static WINS entries
I have also noticed this problem, and haven't been able to get around it. (My main subnet is 192.168.100.0/24 and I was trying to add an entry for a member samba server that acts as a fileserver in a different subnet 192.168.99.60 which is in a network directly connected to the PDC/WINS host via another network card) I gave up and started simply using \\192.168.99.60\share in my logon scripts. I'd be happy to troubleshoot this with anyone willing. -Tico On Tue, 2004-11-30 at 08:00, Angel Galindo Muoz wrote: It also doesn't work. I have stoped SAMBA, edited 'wins.dat' and once SAMBA is started, in few seconds the file 'wins.dat' is rebuilded just with the registered clients. Hope there are other solutions... Tomasz Chmielewski wrote: Angel Galindo Muoz wrote: Hi! I need to add static entries to my Samba 3.0.9 WINS server but I can't. Let's explain: What amb I doing wrong? Is there any way to add static entries to my WINS server? Thanks a lot in advance, Try stopping Samba, edit your file, and then start Samba again. Tell if it worked. Tomek -- Angel Galindo Muoz University of Barcelona -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Alguien que hable espaƱol????
Hay varias posibilidades - puedes configurar las clientes linux a autenticarsen directamente a las claves de unix (posix) en la sistema de ldap (usando pam_ldap.so), o a autenticarsen a tu PDC de samba (usando las mismas claves de tipo NTLM que las clientes windows usen) con pam_smb.so Estas usando Samba3 o Samba 2.2? En tu PDC, usas un base de datos de claves de tipo tdbsam, o ldapsam, o SQL, (o otra tipo)? Si usas ldapsam, creo que sera mas facil autenticar los clientes linux directamente a LDAP -- funciona identicamente como una sistema de NIS/yp. -T On Wed, 2004-06-23 at 06:03, Adrian Pablo Ali wrote: Yoselin Castillo Brais wrote: Como estas, tu pregunta es como configuras tus clientes Linux para que se conecten a samba y a los otros windows sin problemas, usando los usuarios de tu server samba o de algun active directory de la red? Hola! :p Tengo una red con clientes particionados con windows(xp) y linux (mandrake),con un servidor samba sobre redhat, tengo windows comunicandose bien con samba, funciona muy bien, pero no s como conectarme desde linux, y si es posible con los mismos username y password. Creo!, no estoy segura, de que necesito configurar ldpa pero Qu tendra que agregar al samba.conf para que trabaje? gracias!! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Fw: Error C000019B
Henrique, I had a similar problem under Samba 2.2 (before I upgraded to 3.0). Basically, I found that I hadn't created my necessary users and groups with the correct user ID's, RIDs, and GRIDs. Do a pdbedit listing of your samba users and groups, and compare the requirements with the requirements in the Samba documentation regarding RIDs 500,501, 512,513,514,515, as well as your normal users etc -T On Tue, 2004-06-22 at 12:39, Henrique wrote: PLEASE!! can somebody help me? I need much these! - Original Message - From: Henrique [EMAIL PROTECTED] To: Samba Samba [EMAIL PROTECTED] Sent: Monday, June 21, 2004 3:35 PM Subject: Error C19B Hi everyone! im having problems with Samba 3.0.4 My PDC is samba+openldap+nss+pam+smbldaptools All work fine (posix account and logins in Win9x workstations) I can join in to my domain with WinNT4 but i can't login! Im get always this message: The system can not log you on (C19B). Please try again or consult your system administrator. I have read the documents about this error around inet but, all docs tell about SID changes and/or netbios names. Im have make no changes in SID, netbios or domain name, i have setedup my FreeBSD 5.2.1, configured all fine and instaled the apps (samba, ldap, etc...) Somebody can help me please? it's that appears in my log when i try to login: [2004/06/21 15:27:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 356 [2004/06/21 15:27:18, 6] smbd/process.c:process_smb(889) got message type 0x0 of len 0x164 [2004/06/21 15:27:18, 3] smbd/process.c:process_smb(890) Transaction 46 of length 360 [2004/06/21 15:27:18, 5] lib/util.c:show_msg(456) [2004/06/21 15:27:18, 5] lib/util.c:show_msg(466) size=356 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=32771 smb_tid=1 smb_pid=14336 smb_uid=100 smb_mid=2816 smt_wct=16 smb_vwv[ 0]=0 (0x0) smb_vwv[ 1]= 272 (0x110) smb_vwv[ 2]=0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]=0 (0x0) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]=0 (0x0) smb_vwv[ 7]=0 (0x0) smb_vwv[ 8]=0 (0x0) smb_vwv[ 9]=0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 272 (0x110) smb_vwv[12]= 84 (0x54) smb_vwv[13]=2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30272 (0x7640) smb_bcc=289 [2004/06/21 15:27:18, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\ [010] 00 05 00 00 03 10 00 00 00 10 01 00 00 07 00 00 [020] 00 F8 00 00 00 00 00 02 00 00 7F 14 00 09 00 00 [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 41 .\.\.M.A [040] 00 4D 00 55 00 54 00 45 00 00 00 C9 11 B4 3C 95 .M.U.T.E ... [050] 75 06 00 00 00 00 00 00 00 06 00 00 00 54 00 52 u... .T.R [060] 00 41 00 53 00 48 00 00 00 F8 F9 F9 00 7A FF 10 .A.S.H.. .z.. [070] 81 DC 91 EC 2B CD B7 D6 40 04 FA F9 00 25 6F F6 +... @%o. [080] 77 00 00 14 00 00 00 00 00 01 00 01 00 E4 FC F9 w... [090] 00 0A 00 0A 00 AE 40 15 00 00 00 00 00 32 23 00 [EMAIL PROTECTED] .2#. [0A0] 00 00 00 00 00 10 00 10 00 9C 40 15 00 0A 00 0C [EMAIL PROTECTED] [0B0] 00 38 3F 14 00 5B C9 83 DF 2D 33 D9 A0 85 66 CA .8?..[.. .-3...f. [0C0] 97 65 5E 50 EB 29 3B F3 8E 0A 0B 86 11 10 F1 53 .e^P.);. ...S [0D0] A2 FB F0 69 AA 05 00 00 00 00 00 00 00 05 00 00 ...i [0E0] 00 4D 00 4F 00 4F 00 56 00 45 00 15 00 08 00 00 .M.O.O.V .E.. [0F0] 00 00 00 00 00 08 00 00 00 68 00 65 00 6E 00 72 .h.e.n.r [100] 00 69 00 71 00 75 00 65 00 06 00 00 00 00 00 00 .i.q.u.e [110] 00 05 00 00 00 54 00 52 00 41 00 53 00 48 00 03 .T.R .A.S.H.. [120] 00. [2004/06/21 15:27:18, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 519) [2004/06/21 15:27:18, 4] smbd/uid.c:change_to_user(186) change_to_user: Skipping user change - already user [2004/06/21 15:27:18, 3] smbd/ipc.c:reply_trans(538) trans \PIPE\ data=272 params=0 setup=2 [2004/06/21 15:27:18, 5] smbd/ipc.c:reply_trans(557) calling named_pipe [2004/06/21 15:27:18, 3] smbd/ipc.c:named_pipe(334) named pipe command on name [2004/06/21 15:27:18, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2004/06/21 15:27:18, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1156) search for pipe pnum=7640 [2004/06/21 15:27:18, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1160) pipe name NETLOGON pnum=7640 (pipes_open=1) [2004/06/21 15:27:18, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe NETLOGON (pnum 7640) [2004/06/21 15:27:18, 10] smbd/ipc.c:api_fd_reply(301) api_fd_reply: p:0x8315c00
Re: [Samba] A samba locking question
Hello, I have a question to tack on to this one -- How would I go about compiling Samba such that it either didn't pass locking requests (for file shares, not TDB's) to fcntl() and just handled these locks internally for the Windows clients, or at least did that for locks requested in the 32-64 bit offset range? If I'm not mistaken, I believe that was the default behavior in the 2.2 series, and looks like it changed in 3.0.0 (at least in my tests on linux 2.4.x with glibc 2.2). Many thanks, Thomas On Fri, 2004-01-30 at 18:24, Andrew Bartlett wrote: On Thu, 2004-01-29 at 23:55, Patrik Gustavsson wrote: Hi, Maybe this is a stupid question, but any way Will samba use fcntl locking if level 1 and 2 oplocks is disabled and samba is not compiled with spin-locks enabled ? I am using Samba on solaris Samba uses fcntl() locking in two places. Firstly, it is used to mirror SMB locks, asked for by the client. Secondly they are used to mediate access to tdbs. Spinlocks are an alternative (if much less reliable) method for tdb mediation. oplocks do not override fcntl locks - but clients that have successfully gained an oplock might not ask for an SMB lock, and therefore Samba might not attempt to gain the matching fcntl() lock. The nasty performance issues in Solaris are due to bad fcntl() lock contention performance in Samba's TDB access. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A samba locking question
The builds themselves are done in an NFS mount ls -l : /usr/local/src/samba-3.0.1 - /var/archive/globauth/samba-3.0.1 mount : triton:/var/archive on /var/archive type nfs (rw,vers=3,wsize=16384,rsize=16384,hard,intr,addr=192.168.1.50) could it possibly be executing the tests in /tmp, or maybe could this actually be a bug in the configure test? I don't know if there are still any bugs in Redhat's build environment, but just in case, the machine that I'm building Samba on is a RH7.3 system with the latest glibc 2.2.5-34 patch that RH issued, gcc 2.96-110 and a slightly older kernel (2.4.18-3). I don't have a Debian or any other *nix server here for that matter to test on. Thanks, Thomas On Mon, 2004-02-02 at 14:08, Jeremy Allison wrote: On Mon, Feb 02, 2004 at 02:12:16PM -0600, Thomas Hannan wrote: This is exactly the case -- I want it to NOT pass down a 64 bit lock to fcntl but it does. I unfortunately have no alternative but to re-export an NFS mount (v3 on linux), and have tried to make it fail the configure test for 64 bit fcntl, but have not succeeded. (in the configure script, I simply made either result of the conftest for 64 bit fcntl locking set samba_cv_HAVE_STRUCT_FLOCK64=no) ... even when I compile after telling it that I don't have 64bit locking, i still get loads of errors in my syslog from smbd locking/posix.c:posix_fcntl_lock(656) an No locks available error. This can happen when using 64 bit offsets I wish I could find a way to not have to re-export an NFS mount, but there's no way around it and I know that when I tested with an old 2.2 binary that it worked beautifully, but I wasn't able to use any of the new features in 3.0, or test out new RC versions... You could try doing the configure in the NFS mounted directory. I think configure runs the tests in the current directory. Then the 64-bit locking tests should fail and Samba should set itself up as only supporting 32-bit signed locks. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] configure incorrectly assumes my linux system is 64 bit capable
Hi all, I've dug into a problem I've been having with Samba-3.0.0 (trying out 3.0.1 right now) on a linux system (2.4.18-3 kernel) with glibc 2.2.5 ... when I run a ./configure (with or without --with-spinlocks) it tests out my fcntl.h, and it fails the first fcntl.h test, the following one (where it tests for a broken glibc 2.1), but then passes the 64 bit fcntl test!? Now when it compiles, and I run it, almost any windows app that opens a file on a share (with or without oplocks enabled) generates errors Jan 27 16:12:32 gw-uk smbd[17710]: [2004/01/27 16:12:32, 0] locking/posix.c:posix_fcntl_lock(656) Jan 27 16:12:32 gw-uk smbd[17710]: posix_fcntl_lock: WARNING: lock request at offset 1010, length 2 returned Jan 27 16:12:32 gw-uk smbd[17710]: [2004/01/27 16:12:32, 0] locking/posix.c:posix_fcntl_lock(658) Jan 27 16:12:32 gw-uk smbd[17710]: an No locks available error. This can happen when using 64 bit lock offsets Jan 27 16:12:32 gw-uk smbd[17710]: [2004/01/27 16:12:32, 0] locking/posix.c:posix_fcntl_lock(659) Jan 27 16:12:32 gw-uk smbd[17710]: on 32 bit NFS mounted file systems. How do I keep samba from trying to pass a 64 bit lock request down to the POSIX subsystem? It seems that this used to be the default behavior in the samba 2.2.x series, because I haven't had this problem on my old samba 2.2.5 systems. Anyone? thanks in advance, Thomas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NFS re-export 64bit / 32bit locking issue?
Hi Carsten and list, I've dug into this a bit more, and found a few nuggets of information under messages (in the samba archives) titled: Re: fcntl lock failed at large offset: pretty urgent , as well as Samba, Linux, and file locking It seems that essentially what has happened, at least in my case, is that Samba's configure script detects that my linux system *does* have fcntl() and that the fcntl() is 64-bit aware. When a Windows/SMB client requests a lock above 31 bits (which is what UNIX can normally handle apparently) Samba handles the lock internally instead of handing the request down to the POSIX fcntl() locking mechanism like it would if the lock request was within the 31 bit range available on UNIX. Now since Samba's configure script has incorrectly determined that it's on a 64-bit capable file system, it hands any received lock requests between 32-64 bits directly to fcntl(), which pukes when it tries to lock on a 31 bit NFS mount. So, I'm assuming that somehow (since I haven't found any information about NFS supporting 64 bit locks any time in the near future), I need to force Samba to not believe that it's on a 64-bit capable system. The only compile-time option that I see regarding locks is --with-spinlocks instead of fcntl. I'm wondering if this would be any better, or if we would end up with the same problem?? Possibly could the configure script be hacked to always fail the 64 bit test?? Anyone? Thomas On Fri, 2004-01-23 at 02:27, Carsten Springenberg wrote: Hi Thomas, I had (and still have) a similar problem. Browse the archive for the thread I started on 11 November 2003 with subject lock problem on 32 bit mounted nfs with 64 bit offsets The reactions where slim but not null and because of lack of time I used the concerning NAS in another way (for backups)...but I would apreciate to hear from your experience. Bye, Carsten Thomas Hannan schrieb: Hi all, I've got kind of strange setup, wherein all of my data is on a big NFS server (RH linux 8.0 running the 2.4.18 kernel and nfs-utils 1.0.1-2.80) and my Samba 3.0.0 PDC server (RH linux 7.3 w/ 2.4.18 kernel, nfs-utils 0.3.3-6.73) mounts the NFS export with the following options: rw,vers=3,wsize=8192,rsize=8192,hard,intr This mounted partition is then re-exported to the windows users with the following smb.conf: [global] workgroup = POI netbios name = POI-US server string = POI-USA file server passdb backend = ldapsam:ldap://192.168.1.215 ldap://192.168.1.60 guest account = smbguest log level = 3 log file = /var/log/samba/%m.log time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=16384 SO_SNDBUF=16384 logon script = poi-basic.bat logon path = \\%L\Profiles\%U logon drive = H: logon home = \\%L\%U\.profiles domain logons = Yes os level = 34 preferred master = Yes domain master = Yes wins support = Yes ldap suffix = ou=accounts,ou=people,dc=pharm-olam,dc=com ldap machine suffix = ou=machines,ou=accounts,ou=people,dc=pharm-olam,dc=com ldap user suffix = ou=users,ou=accounts,ou=people,dc=pharm-olam,dc=com ldap group suffix = ou=groups,ou=accounts,ou=people,dc=pharm-olam,dc=com ldap idmap suffix = ou=accounts,ou=people,dc=pharm-olam,dc=com ldap admin dn = cn=Manager,dc=pharm-olam,dc=com ldap ssl = no [homes] read only = No create mask = 0600 directory mask = 0700 [profiles] path = /var/archive/samba/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No [POIAdmin] comment = POI Administrative files path = /var/archive/export/POI-Administrative write list = poi-admin read only = No create mask = 0660 directory mask = 0770 oplocks = No level2 oplocks = No [netlogon] path = /var/archive/samba/netlogon locking = No Everything works except that when users try to run QuickBooks or open up some Excel documents, it is very very very slow opening them up, and they occasionally get errors saying that a document could possibly be corrupted or that they are low on memory, when only 10% of the windows client's memory is used. On the Samba server, I get a ton of error messages complaining about trying to get a 64 bit lock when only 32 bit locks are available. I've tried enabling and disabling oplocks to no avail. Is there a way to get samba to not advertise that 64bit locks are available, or otherwise resolve this? Thanks much, Thomas (logs are below): [2004/01/22 16:31:13, 3] lib/util.c:fcntl_lock(1632) fcntl_lock: fcntl lock gave errno 37 (No locks available) [2004/01/22 16:31:13, 3] lib/util.c:fcntl_lock(1650) fcntl_lock: lock failed at offset 687 count 1 op 13 type 0 (No locks available ) [2004/01/22 16:31:13, 0
[Samba] NFS re-export 64bit / 32bit locking issue?
Hi all, I've got kind of strange setup, wherein all of my data is on a big NFS server (RH linux 8.0 running the 2.4.18 kernel and nfs-utils 1.0.1-2.80) and my Samba 3.0.0 PDC server (RH linux 7.3 w/ 2.4.18 kernel, nfs-utils 0.3.3-6.73) mounts the NFS export with the following options: rw,vers=3,wsize=8192,rsize=8192,hard,intr This mounted partition is then re-exported to the windows users with the following smb.conf: [global] workgroup = POI netbios name = POI-US server string = POI-USA file server passdb backend = ldapsam:ldap://192.168.1.215 ldap://192.168.1.60 guest account = smbguest log level = 3 log file = /var/log/samba/%m.log time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=16384 SO_SNDBUF=16384 logon script = poi-basic.bat logon path = \\%L\Profiles\%U logon drive = H: logon home = \\%L\%U\.profiles domain logons = Yes os level = 34 preferred master = Yes domain master = Yes wins support = Yes ldap suffix = ou=accounts,ou=people,dc=pharm-olam,dc=com ldap machine suffix = ou=machines,ou=accounts,ou=people,dc=pharm-olam,dc=com ldap user suffix = ou=users,ou=accounts,ou=people,dc=pharm-olam,dc=com ldap group suffix = ou=groups,ou=accounts,ou=people,dc=pharm-olam,dc=com ldap idmap suffix = ou=accounts,ou=people,dc=pharm-olam,dc=com ldap admin dn = cn=Manager,dc=pharm-olam,dc=com ldap ssl = no [homes] read only = No create mask = 0600 directory mask = 0700 [profiles] path = /var/archive/samba/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No [POIAdmin] comment = POI Administrative files path = /var/archive/export/POI-Administrative write list = poi-admin read only = No create mask = 0660 directory mask = 0770 oplocks = No level2 oplocks = No [netlogon] path = /var/archive/samba/netlogon locking = No Everything works except that when users try to run QuickBooks or open up some Excel documents, it is very very very slow opening them up, and they occasionally get errors saying that a document could possibly be corrupted or that they are low on memory, when only 10% of the windows client's memory is used. On the Samba server, I get a ton of error messages complaining about trying to get a 64 bit lock when only 32 bit locks are available. I've tried enabling and disabling oplocks to no avail. Is there a way to get samba to not advertise that 64bit locks are available, or otherwise resolve this? Thanks much, Thomas (logs are below): [2004/01/22 16:31:13, 3] lib/util.c:fcntl_lock(1632) fcntl_lock: fcntl lock gave errno 37 (No locks available) [2004/01/22 16:31:13, 3] lib/util.c:fcntl_lock(1650) fcntl_lock: lock failed at offset 687 count 1 op 13 type 0 (No locks available ) [2004/01/22 16:31:13, 0] locking/posix.c:posix_fcntl_lock(656) posix_fcntl_lock: WARNING: lock request at offset 687, length 1 returned [2004/01/22 16:31:13, 0] locking/posix.c:posix_fcntl_lock(658) an No locks available error. This can happen when using 64 bit lock offsets [2004/01/22 16:31:13, 0] locking/posix.c:posix_fcntl_lock(659) on 32 bit NFS mounted file systems. [2004/01/22 16:31:13, 3] smbd/error.c:error_packet(94) error string = No locks available [2004/01/22 16:31:13, 3] smbd/error.c:error_packet(109) error packet at smbd/reply.c(4208) cmd=36 (SMBlockingX) NT_STATUS_ACCESS_DENIE D [2004/01/22 16:31:13, 3] smbd/process.c:process_smb(890) Transaction 41744 of length 63 [2004/01/22 16:31:13, 3] smbd/process.c:switch_message(685) switch message SMBreadX (pid 4473) [2004/01/22 16:31:13, 3] smbd/reply.c:send_file_readX(1846) send_file_readX fnum=6397 max=1 nread=1 [2004/01/22 16:31:13, 3] smbd/process.c:process_smb(890) Transaction 41745 of length 75 [2004/01/22 16:31:13, 3] smbd/process.c:switch_message(685) switch message SMBlockingX (pid 4473) [2004/01/22 16:31:13, 3] lib/util.c:fcntl_lock(1632) fcntl_lock: fcntl lock gave errno 37 (No locks available) [2004/01/22 16:31:13, 3] lib/util.c:fcntl_lock(1650) fcntl_lock: lock failed at offset 688 count 1 op 13 type 0 (No locks available ) [2004/01/22 16:31:13, 0] locking/posix.c:posix_fcntl_lock(656) posix_fcntl_lock: WARNING: lock request at offset 688, length 1 returned [2004/01/22 16:31:13, 0] locking/posix.c:posix_fcntl_lock(658) an No locks available error. This can happen when using 64 bit lock offsets [2004/01/22 16:31:13, 0] locking/posix.c:posix_fcntl_lock(659) on 32 bit NFS mounted file systems. [2004/01/22 16:31:13, 3] smbd/error.c:error_packet(94) error string = No locks available [2004/01/22 16:31:13, 3] smbd/error.c:error_packet(109) error packet at smbd/reply.c(4208) cmd=36 (SMBlockingX) NT_STATUS_ACCESS_DENIE D -- To
[Samba] multiple ldap servers in bdc/pdc environment
Hi all, I'm setting up a number of samba DC's across several branch offices using the Samba 3.0.0 release's native LDAP support. I'd like to build some redundancy into my setup, such as having slave LDAP servers in case the master is down/unavailable. However, when I have multiple ldapsam entries in my smb.conf I get duplicate or triplicate users listed when performing a /usr/local/samba/bin/pdbedit -L, and all 2 or 3 LDAP servers get queried no matter what. Is there anyway to list multiple backup LDAP servers instead of just having overlapping SAMs? Also, there will be some remote offices connected via relatively high-latency WAN links to the master LDAP server. Will this be a problem in terms of adding machine accounts or changing passwords (and that data being replicated to the local slave LDAP server at the branch offices in a timely manner)? I'd like to only have the remote offices send traffic over the WAN links when absolutely necessary (such as changing passwords or receiving replica updates pushed out from the master LDAP server). Regards, Thomas [global]passdb backend = ldapsam:ldap://192.168.1.60 ldapsam:ldap://192.168.1.215 ldapsam:ldap://192.168.1.98 ldap suffix = ou=accounts,ou=people,dc=pharm-olam,dc=com ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap user suffix = ou=users ldap admin dn = uid=smbldap,ou=accounts,ou=people,dc=pharm-olam,dc=com ldap ssl = off -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Win NT 4.0 clients give error C0000078 when login to Samba PDC
Hi all, I've tried searching all over the net for any information about this error but can't seem to find any. I've compiled Samba 2.2.8a on a RH Linux 7.3 box (kernel 2.4.18-3) with lsapsam support against openldap 2.0.23-4. I'm also using pam_ldap such that all authentication (unix + samba/windows) is done through LDAP, which is working quite nicely. However, none of my NT 4.0 systems can log on to the PDC -- my 2K Pro and XP Pro systems can (assuming the SignOrSeal registry hack is done), but the NT systems will join the domain, but as soon as I enter the root password (or log in under any other account) I get a The system cannot log you on (C078) which apparently means NT_STATUS_INVALID_SID. Nothing shows up in the EventLog on these NT workstations. I've tried flushing the NBT cache (with c:\ nbtstat -RR) and one system is a fresh NT install just for testing. I've also tried joining other domains or setting them to be workgroup only and restarting a few times before re-joining this domain to see if they're somehow caching old SIDs. Any ideas? I'm ready to try just about anything at this point. I've attached my smb.conf, ldapsam/smbpasswd entries, and log. Regards, Tico [EMAIL PROTECTED] root]# /usr/local/samba/bin/testparm -x Load smb config files from /usr/local/samba/lib/smb.conf Processing section [homes] Processing section [netlogon] Processing section [public] Loaded services file OK. Press enter to see a dump of your service definitions # Global parameters [global] workgroup = POI netbios name = POI-US server string = POI-USA file server encrypt passwords = Yes log level = 3 log file = /var/log/samba/%m.log socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain admin group = root, administrator, @smbadmin logon path = logon home = domain logons = Yes os level = 34 preferred master = Yes domain master = Yes wins support = Yes ldap server = 192.168.1.60 ldap port = 389 ldap suffix = ou=accounts, ou=people, dc=pharm-olam, dc=com ldap admin dn = cn=Manager,dc=pharm-olam,dc=com ldap ssl = no guest account = smbguest [homes] read only = No create mask = 0600 directory mask = 0700 [netlogon] path = /var/samba/netlogon locking = No [public] path = /tmp read only = No guest ok = Yes Here are the relevant user entries in the LDAPSAM (if need be I can dump the entries directly out of LDAP): [EMAIL PROTECTED] root]# /usr/local/samba/bin/pdbedit -v -u emach-nt-01$ ldap_connect_system: Binding to ldap server as cn=Manager,dc=pharm-olam,dc=com username: EMACH-NT-01$ user ID/Group: 1311/1300 user RID/GRID: 3622/3601 Full Name: EMACH-NT-01$ Home Directory: HomeDir Drive: Logon Script: Profile Path: [EMAIL PROTECTED] root]# /usr/local/samba/bin/pdbedit -v -u root ldap_connect_system: Binding to ldap server as cn=Manager,dc=pharm-olam,dc=com username: root user ID/Group: 0/0 user RID/GRID: 1000/512 Full Name: root Home Directory: HomeDir Drive: Logon Script: Profile Path: Below is a tail -f /var/log/samba/emach-nt-01.log Transaction 2 of length 131 [2003/10/23 15:40:53, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 19365) [2003/10/23 15:40:53, 3] smbd/sec_ctx.c:set_sec_ctx(328) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/23 15:40:53, 3] smbd/reply.c:reply_sesssetup_and_X(879) Domain=[] NativeOS=[Windows NT 1381] NativeLanMan=[] [2003/10/23 15:40:53, 3] smbd/reply.c:reply_sesssetup_and_X(890) sesssetupX:name=[] [2003/10/23 15:40:53, 3] smbd/sec_ctx.c:push_sec_ctx(296) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/23 15:40:53, 3] smbd/uid.c:push_conn_ctx(285) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/23 15:40:53, 3] smbd/sec_ctx.c:set_sec_ctx(328) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/23 15:40:53, 3] smbd/sec_ctx.c:get_current_groups(172) get_current_groups: user is in 1 groups: 1100 [2003/10/23 15:40:53, 3] smbd/sec_ctx.c:pop_sec_ctx(435) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/23 15:40:53, 3] smbd/sec_ctx.c:get_current_groups(172) get_current_groups: user is in 1 groups: 1100 [2003/10/23 15:40:53, 3] smbd/password.c:register_vuid(336) uid 999 registered to name smbguest [2003/10/23 15:40:53, 3] smbd/password.c:register_vuid(338) Clearing default real name [2003/10/23 15:40:53, 3] smbd/password.c:register_vuid(340) User name: smbguest Real name: smbguest [2003/10/23 15:40:53, 3] smbd/process.c:chain_reply(991) Chained message [2003/10/23 15:40:53, 3] smbd/process.c:switch_message(685) switch message SMBtconX (pid 19365) [2003/10/23 15:40:53, 3] smbd/sec_ctx.c:set_sec_ctx(328) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/23 15:40:53, 3] smbd/password.c:authorise_login(854)
