Re: [Samba] unable to join to a Samba4 domain
Am 29.05.2010 20:58, Lukasz Zalewski wrote: On 29/05/2010 19:17, Tomasz Chmielewski wrote: Am 29.05.2010 20:15, Lukasz Zalewski wrote: Unfortunately, Windows XP SP3 fails to join a Samba4 domain as well. How can I troubleshoot it? Are both the samba4 and client machine on the same subnet? If not are there any firewalls, or routers in the way? Same subnet, no firewalls or routers on the way. Is your client dns configuration pointing explicitly at samba4 Yes. Hmm this is mostly odd, are you using FQDN to join the domain? Yes. Can you resolve all of the samba4 generated dns records externally (http://wiki.samba.org/index.php/Samba4/HOWTO Configure DNS section), such as host -t SRV _ldap._tcp.samdom.example.com. Yes, it works correctly (as is /usr/local/samba/sbin/samba_dnsupdate --verbose). You'll find an attached pcap file produced by Wireshark made on the Windows XP machine. It shows DNS and LDAP queries flow both ways. Do you see anything unusual there? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join to a Samba4 domain
Am 31.05.2010 11:58, Tomasz Chmielewski wrote: Can you resolve all of the samba4 generated dns records externally (http://wiki.samba.org/index.php/Samba4/HOWTO Configure DNS section), such as host -t SRV _ldap._tcp.samdom.example.com. Yes, it works correctly (as is /usr/local/samba/sbin/samba_dnsupdate --verbose). You'll find an attached pcap file produced by Wireshark made on the Windows XP machine. It shows DNS and LDAP queries flow both ways. Do you see anything unusual there? I see Samba list strips off the attachments. Here it is, once again: http://virtall.com/files/samba4-join.pcap -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join to a Samba4 domain
Am 31.05.2010 12:33, Michael Wood wrote: Hi On 31 May 2010 11:58, Tomasz Chmielewskiman...@wpkg.org wrote: [...] Yes, it works correctly (as is /usr/local/samba/sbin/samba_dnsupdate --verbose). [...] Just by the way, what did you do to get this to work? And what distribution are you using? I thought I had got mine working, but the Samba4 HOWTO was not sufficient for this. I later found it was actually not working. I used Debian Lenny. I didn't do anything special to make it work, just followed the HOWTO. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join to a Samba4 domain
Am 31.05.2010 12:27, Michael Wood wrote: http://virtall.com/files/samba4-join.pcap The timestamps in your pcap file are very strange. The time for packet 5 jumps almost 5000 seconds backwards and then forward again for packet 13. Do your machines have their time synchronised with each other? Are you running one or both as virtual machines? Both are KVM virtual machines. The time was indeed slightly off (about 10 sec difference), but it made no difference to synchronize it. I'll try to use a different network driver for Windows XP (it uses a paravirt network driver)? Other than that, not sure what to do about it. Otherwise the packet capture looks OK to me, but there should be stuff after that. Is that all there was? Yep, that's the whole capture. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join to a Samba4 domain
Am 31.05.2010 12:40, Tomasz Chmielewski wrote: Am 31.05.2010 12:27, Michael Wood wrote: http://virtall.com/files/samba4-join.pcap The timestamps in your pcap file are very strange. The time for packet 5 jumps almost 5000 seconds backwards and then forward again for packet 13. Do your machines have their time synchronised with each other? Are you running one or both as virtual machines? Both are KVM virtual machines. The time was indeed slightly off (about 10 sec difference), but it made no difference to synchronize it. I'll try to use a different network driver for Windows XP (it uses a paravirt network driver)? Other than that, not sure what to do about it. I changed the network card in virtual Windows XP, timestamps look correctly now, but still, it's not able to join. http://virtall.com/files/samba4-join-rtl8139.pcap Some more hints? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join to a Samba4 domain
Am 31.05.2010 14:18, Michael Wood wrote: http://virtall.com/files/samba4-join-rtl8139.pcap Some more hints? That's weird. It looks like the Windows box is ignoring the DNS responses and just keeps repeating the query. I haven't actually looked at a capture of a working join, but that can't be right. It was similar as I tried to join Windows 2008 (although I only looked briefly with tcpdump) - it also sent DNS queries, then LDAP queries, repeated that, and said it can't join, just like the XP did. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join to a Samba4 domain
Am 29.05.2010 20:15, Lukasz Zalewski wrote: Unfortunately, Windows XP SP3 fails to join a Samba4 domain as well. How can I troubleshoot it? Are both the samba4 and client machine on the same subnet? If not are there any firewalls, or routers in the way? Same subnet, no firewalls or routers on the way. Is your client dns configuration pointing explicitly at samba4 Yes. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join to a Samba4 domain
Am 25.05.2010 21:03, Tomasz Chmielewski wrote: Am 25.05.2010 20:55, Lukasz Zalewski wrote: If I block LDAP on UDP, Windows does not send queries to LDAP on TCP. Is it the same for you? And indeed, the error message is the same whether 389/UDP is blocked or not. I'n my case if one protocol (TCP or UDP) in that port is enabled things seem to work. if both are disabled i get the error message. Have you tried to disable firewall on samba4 host just to rule it out? Presumably you don't have any other firewalls in the way? I will try to join Windows 2008 to the domain tomorrow as a test. There is no firewall between the hosts. I'll try to test it with Windows XP, but it may take 1-2 days before I'm able to do it. Unfortunately, Windows XP SP3 fails to join a Samba4 domain as well. How can I troubleshoot it? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join to a Samba4 domain
Am 24.05.2010 21:47, Mike Leone wrote: Tomasz, How are you performing the join? The normal way: my Computer- Properties - Domain... (is it possible to join a Windows PC differently)? You can join from the command line using the NETDOM utility. Right. Tried that as well, doesn't work for me. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join to a Samba4 domain
Am 25.05.2010 12:14, Tomasz Chmielewski wrote: Am 24.05.2010 21:47, Mike Leone wrote: Tomasz, How are you performing the join? The normal way: my Computer- Properties - Domain... (is it possible to join a Windows PC differently)? You can join from the command line using the NETDOM utility. Right. Tried that as well, doesn't work for me. I'll try to build Samba4 from scratch. The http://wiki.samba.org/index.php/Samba4/HOWTO mentions these steps: $ cd samba-master/source4 $ ./configure.developer $ make idl_full $ make However: $ make idl_full make: *** No rule to make target `idl_full'. Stop. $ grep idl_full * $ HOWTO should be updated, or is it some mistake on my part? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join to a Samba4 domain
Am 25.05.2010 12:24, Tomasz Chmielewski wrote: Am 25.05.2010 12:14, Tomasz Chmielewski wrote: Am 24.05.2010 21:47, Mike Leone wrote: Tomasz, How are you performing the join? The normal way: my Computer- Properties - Domain... (is it possible to join a Windows PC differently)? You can join from the command line using the NETDOM utility. Right. Tried that as well, doesn't work for me. I'll try to build Samba4 from scratch. Didn't help with the newest git fetch and new setup - I'm still unable to join Windows 2008 to Samba4 domain. What more info should I provide? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join to a Samba4 domain
Am 25.05.2010 13:58, Lukasz Zalewski wrote: What more info should I provide? The only way i can replicate your problem and get simmilar message, is by blocking access to port 389 both TCP and UDP on the samba4 host - it seems like enabling either (i.e. TCP or UDP) produces enter credentials dialog. Note that i have used Windows 7 rather than Srv2008 The only packets exchanged, from the moment I press OK button to when the error is shown, are: - DNS queries - LDAP queries (192.168.128.11 - Samba4; 192.168.128.12 - Windows 2008) So, nothing blocked on Samba4 side (and LDAP queries add some data to Samba debug log). 14:46:05.532923 arp who-has 192.168.128.11 tell 192.168.128.12 14:46:05.532961 arp reply 192.168.128.11 is-at d2:7d:af:e2:79:1a 14:46:05.534041 IP (tos 0x0, ttl 128, id 18659, offset 0, flags [none], proto UDP (17), length 88) 192.168.128.12.53283 192.168.128.11.53: 25540+[|domain] 14:46:05.534705 IP (tos 0x0, ttl 64, id 17706, offset 0, flags [none], proto UDP (17), length 174) 192.168.128.11.53 192.168.128.12.53283: 25540*[|domain] 14:46:05.538852 IP (tos 0x0, ttl 128, id 18660, offset 0, flags [none], proto UDP (17), length 162) 192.168.128.12.53284 192.168.128.11.389: UDP, length 134 14:46:05.545754 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 207) 192.168.128.11.389 192.168.128.12.53284: UDP, length 179 14:46:10.534732 arp who-has 192.168.128.12 tell 192.168.128.11 14:46:10.535963 arp reply 192.168.128.12 is-at 6a:7b:36:2f:08:24 14:46:13.029943 IP (tos 0x0, ttl 128, id 18661, offset 0, flags [none], proto UDP (17), length 162) 192.168.128.12.53285 192.168.128.11.389: UDP, length 134 14:46:13.033741 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 207) 192.168.128.11.389 192.168.128.12.53285: UDP, length 179 14:46:13.436515 IP (tos 0x0, ttl 128, id 18662, offset 0, flags [none], proto UDP (17), length 88) 192.168.128.12.61415 192.168.128.11.53: 38601+[|domain] 14:46:13.436904 IP (tos 0x0, ttl 64, id 17707, offset 0, flags [none], proto UDP (17), length 174) 192.168.128.11.53 192.168.128.12.61415: 38601*[|domain] -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join to a Samba4 domain
Am 25.05.2010 14:50, Tomasz Chmielewski wrote: Am 25.05.2010 13:58, Lukasz Zalewski wrote: What more info should I provide? The only way i can replicate your problem and get simmilar message, is by blocking access to port 389 both TCP and UDP on the samba4 host - it seems like enabling either (i.e. TCP or UDP) produces enter credentials dialog. Note that i have used Windows 7 rather than Srv2008 The only packets exchanged, from the moment I press OK button to when the error is shown, are: - DNS queries - LDAP queries (192.168.128.11 - Samba4; 192.168.128.12 - Windows 2008) So, nothing blocked on Samba4 side (and LDAP queries add some data to Samba debug log). If I block LDAP on UDP, Windows does not send queries to LDAP on TCP. Is it the same for you? And indeed, the error message is the same whether 389/UDP is blocked or not. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join to a Samba4 domain
Am 25.05.2010 15:08, Tomasz Chmielewski wrote: And indeed, the error message is the same whether 389/UDP is blocked or not. This is what I see produced by Samba4 when I try to join: # samba -i -M single -d 9 (...) dreplsrv_notify_schedule(5) scheduled for: Tue May 25 15:15:26 2010 CEST dreplsrv_notify_schedule(5) scheduled for: Tue May 25 15:15:31 2010 CEST cldap netlogon query domain=samba4.contact-web.de host=WIN2008 user=(null) version=22 guid=(null) gendb_search_v: CN=Sites,CN=Configuration,DC=samba4,DC=contact-web,DC=de (objectClass=site) - 1 added interface ip=192.168.128.11 nmask=255.255.255.0 dreplsrv_notify_schedule(5) scheduled for: Tue May 25 15:15:36 2010 CEST cldap netlogon query domain=samba4.contact-web.de host=WIN2008 user=(null) version=22 guid=(null) gendb_search_v: CN=Sites,CN=Configuration,DC=samba4,DC=contact-web,DC=de (objectClass=site) - 1 added interface ip=192.168.128.11 nmask=255.255.255.0 dreplsrv_notify_schedule(5) scheduled for: Tue May 25 15:15:41 2010 CEST Should I expect something else? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join to a Samba4 domain
Am 25.05.2010 20:55, Lukasz Zalewski wrote: If I block LDAP on UDP, Windows does not send queries to LDAP on TCP. Is it the same for you? And indeed, the error message is the same whether 389/UDP is blocked or not. I'n my case if one protocol (TCP or UDP) in that port is enabled things seem to work. if both are disabled i get the error message. Have you tried to disable firewall on samba4 host just to rule it out? Presumably you don't have any other firewalls in the way? I will try to join Windows 2008 to the domain tomorrow as a test. There is no firewall between the hosts. I'll try to test it with Windows XP, but it may take 1-2 days before I'm able to do it. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join to a Samba4 domain
Am 23.05.2010 13:51, Lukasz Zalewski wrote: On 21/05/2010 16:56, Tomasz Chmielewski wrote: Am 21.05.2010 06:25, Andrew Bartlett wrote: When you provisioned samba4 it generated sample bind and zone config for that dc, have a look at samba_install_dir/private/dns/samba4.my.domain.zone which includes all of the dns records for that zone and see which ones you are missing Indeed, if you used a zone file other than the one we generated, then you are asking for trouble. Please us the one we generate. I'm using the zone generated by Samba (and did not modify it). Tomasz, How are you performing the join? The normal way: my Computer- Properties - Domain... (is it possible to join a Windows PC differently)? If it makes a difference, I'm trying to join a Windows 2008 computer. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join to a Samba4 domain
Am 21.05.2010 06:25, Andrew Bartlett wrote: When you provisioned samba4 it generated sample bind and zone config for that dc, have a look at samba_install_dir/private/dns/samba4.my.domain.zone which includes all of the dns records for that zone and see which ones you are missing Indeed, if you used a zone file other than the one we generated, then you are asking for trouble. Please us the one we generate. I'm using the zone generated by Samba (and did not modify it). -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] unable to join to a Samba4 domain
I'm trying to join a Windows 2008 to a Samba4 domain. I'm able to ping Samba4 or browse its network shares. Unfortunately, I can't join Windows 2008 to this Samba4 domain - I'm not even asked for Administrator password. Windows 2008 errors with the below message, which roughly translates to: DSN-query for domain samba4.my.domain was successful. The query was for _ldap._tcp.dc._msdcs.samba4.my.domain SRV-entry. The following AD controller was identified: contact-samba4.samba4.my.domain The most frequent errors for this error is: - missing A-entry - AD has no network connection Below, the original text (in German): Die DNS-Abfrage über den Ressourceneintrag der Dienstidentifizierung (SRV), der zur Suche eines Active Directory-Domänencontrollers für die Domäne samba4.my.domain verwendet wird, wurde erfolgreich abgeschlossen: Die Abfrage war für den SRV-Eintrag für _ldap._tcp.dc._msdcs.samba4.my.domain Die folgenden Active Directory-Domänencontroller wurde von der Abfrage identifiziert: contact-samba4.samba4.my.domain Die häufigsten Ursachen dieses Fehlers sind: - Host (A)-Einträge, die den Namen des Active Directory-Domänencontroller dessen IP-Adressen zuordnen, fehlen oder enthalten nicht die richtigen Adressen. - Die in DNS registrierten Active Directory-Domänencontroller verfügen nicht über eine Netzwerkverbindung oder werden nicht ausgeführt. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba3 and samba4 in the same domain?
Am 11.05.2010 06:59, Tomasz Chmielewski wrote: Am 11.05.2010 03:08, Andrew Bartlett wrote: On Mon, 2010-05-10 at 14:40 +0200, Tomasz Chmielewski wrote: I have a Samba3 + OpenLDAP installation. How can I make Samba4 running on a different server be in the same domain, have the same users etc.? I presume you mean mixing both Samba3 and Samba4 domain controllers in one domain? This is not possible. Any upgrade to samba4 would prevent you running a Samba3 DC. We don't support 'mixed mode' like that. Yes, that's more or less what I want to do. Any workarounds? Like Samba4 winbind fetching users from Samba3? There is a page titled Seamless Migration from Samba3 to Samba4: http://www.samba.org/~jelmer/soc.html Not sure how far this project is? Something like wipe out all Samba4 users, retrieve/synchronize them again from Samba3 LDAP once a day would be sufficient for me for a start. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba3 and samba4 in the same domain?
Am 11.05.2010 10:40, Andrew Bartlett wrote: Something like wipe out all Samba4 users, retrieve/synchronize them again from Samba3 LDAP once a day would be sufficient for me for a start. I really would not do that. If a machine or user has changed their password, then the wipe will do bad things. This should not be the case. I need this only to provide access to Sharepoint, provided by a AD environment. In other words, I want AD to trust Samba4. Or, perhaps I don't even have to use Samba4, as Samba3 is sufficient? http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html#id2621046 Can anyone comment? Supposing I have an AD domain (trustee) and a SAMBA3 (trusted) domain, so that SAMBA3 users could use AD resources (namely sharepoint) without a need for a separate account? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 - where is libnss_winbind.so?
I compiled Samba4 with these instructions: http://wiki.samba.org/index.php/Samba4/HOWTO I would like to use Winbind according to this description (so that I can use getent passwd to enumerate users): http://wiki.samba.org/index.php/Samba4/Winbind Unfortunately, I don't find libnss_winbind.so anywhere. In fact, I don't find any \*winbind\*so file anywhere in compiled Samba4 sources. What should I do to use Winbind with Samba4? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba3 and samba4 in the same domain?
Am 11.05.2010 03:08, Andrew Bartlett wrote: On Mon, 2010-05-10 at 14:40 +0200, Tomasz Chmielewski wrote: I have a Samba3 + OpenLDAP installation. How can I make Samba4 running on a different server be in the same domain, have the same users etc.? I presume you mean mixing both Samba3 and Samba4 domain controllers in one domain? This is not possible. Any upgrade to samba4 would prevent you running a Samba3 DC. We don't support 'mixed mode' like that. Yes, that's more or less what I want to do. Any workarounds? Like Samba4 winbind fetching users from Samba3? What I want to achieve, is an AD controller trusting users from my current Samba3 setup; I though Samba4 would help here. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] sync Samba4 with Samba3 users?
I have a running Samba3 domain called SAMBA. I'd like to have an Active Directory domain called AD trust SAMBA domain. In other words, if my Samba3 users want to log in to a Sharepoint server in AD domain, Active Directory should try to find the user in SAMBA domain and let him (or not). As I understand correctly, AD can't fetch users (trust) from Samba3? Therefore, I'd like to set up a Samba4 server which would have users in sync with Samba3; then, AD would connect to Samba4. How can I make Samba4 server enumerate/sync the users available on a Samba3 server? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] reviews of Samba 3.4?
Does anyone know any reviews/articles on Samba 3.4, where it is built together with Samba4? I would like to know how it behaves, what are its good and/or bad sides etc., but generally lack resources to test it myself. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] reviews of Samba 3.4?
Tomasz Chmielewski wrote: Does anyone know any reviews/articles on Samba 3.4, where it is built together with Samba4? I would like to know how it behaves, what are its good and/or bad sides etc., but generally lack resources to test it myself. Any pointer to mailing posts touching the subject (where such setup was actually used) would be also appreciated - so far, I've been finding build problems mostly. -- Tomasz Chmielewski 5 4 3 2 1 0 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] disable logons for all users but Domain Admin?
Is it possible to disable domain logons for all users but Domain Admins? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] disable logons for all users but Domain Admin?
Tomasz Chmielewski schrieb: Is it possible to disable domain logons for all users but Domain Admins? Seems like setting L in sambaAcctFlags does the job. The problem is how to do it globally ;) I exported users from LDAP and added L flag to all User accounts, but Administrator. Then, deleted users and imported the changed ldif. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group shows AD groups; getent passwd only shows local users
Brian Gregorcy schrieb: In log.winbindd I can see errors like: [2009/01/22 10:44:55, 3] libads/ldap.c:ads_do_paged_search_args(696) ads_do_paged_search_args: ldap_search_with_timeout((objectCategory=user)) - Operations error [2009/01/22 10:44:55, 3] libads/ldap_utils.c:ads_do_search_retry_internal(76) Reopening ads connection to realm 'GEORGIANUT.COM' after error Operations error [2009/01/22 10:44:55, 5] libads/dns.c:sitename_fetch(677) sitename_fetch: Returning sitename for georgianut.com: Default-First-Site-Name [2009/01/22 10:44:55, 6] libads/ldap.c:ads_find_dc(294) ads_find_dc: looking for realm 'georgianut.com' [2009/01/22 10:44:55, 8] libsmb/namequery.c:get_sorted_dc_list(1626) get_sorted_dc_list: attempting lookup for name georgianut.com (sitename Default-First-Site-Name) using [ads] check that your clock on the linux box matches the clock on the DC. Just being curios: what time difference is acceptable? I.e. up to 5 seconds, 5 minutes? That being said, the clocks are in sync. When I use tcpdump to see what happens when doing getent passwd, I can see such error message: 5012 DIR_ERROR Google suggest such causes for this error: i.e. LDAP troubleshooting kb.adobe.com/selfservice/viewContent.do?externalId=tn_19576 Cause: The DN specified in the User Search tab is incorrect, wrong, or incorrectly formatted. Cause: User could not be found. Most likely due to DN settings in the User Search tab or the suffix or prefix fields in the Settings tab. Cause: Most likely caused by a bad username or password. Common cause of this error is a user trying to login with DOMAIN\login instead of just login. However, this doesn't explain why getent group works, and getent passwd doesn't. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] getent group shows AD groups; getent passwd only shows local users
I had winbind configured so that it could fetch users from AD. Everything was working properly, but something happened in the past couple of days (no change in the Samba config) I'm not able to diagnose. getent group enumerates groups, getent passwd doesn't. wbinfo -g returns groups, whereas I get this error when trying to get users: # wbinfo -u Error looking up domain users # net rpc join -S GNCNET -U user_linux Password: Joined domain NUT. # net ads join -S GNCNET -U user_linux user_linux's password: [2009/01/22 10:37:06, 0] utils/net_ads.c:ads_startup_int(286) ads_connect: No logon servers Failed to join domain: No logon servers I see the Samba machine sends and receives packets on port 389 when I do getent passwd, but just no users are returned. Ideas? This is my smb.conf: workgroup = NUT password server = GNCNET realm = GNCNET.GEORGIANUT.COM security = ads idmap uid = 1-2 idmap gid = 1-2 winbind separator = + template homedir = /home/%D/cbl template shell = /bin/bash winbind use default domain = true winbind offline logon = false server string = Samba Server %v encrypt passwords = Yes log file = /var/log/samba/log.%m max log size = 100 log level = 8 os level = 18 local master = No dns proxy = No winbind enum users = yes winbind enum groups = yes In log.winbindd I can see errors like: [2009/01/22 10:44:55, 3] libads/ldap.c:ads_do_paged_search_args(696) ads_do_paged_search_args: ldap_search_with_timeout((objectCategory=user)) - Operations error [2009/01/22 10:44:55, 3] libads/ldap_utils.c:ads_do_search_retry_internal(76) Reopening ads connection to realm 'GEORGIANUT.COM' after error Operations error [2009/01/22 10:44:55, 5] libads/dns.c:sitename_fetch(677) sitename_fetch: Returning sitename for georgianut.com: Default-First-Site-Name [2009/01/22 10:44:55, 6] libads/ldap.c:ads_find_dc(294) ads_find_dc: looking for realm 'georgianut.com' [2009/01/22 10:44:55, 8] libsmb/namequery.c:get_sorted_dc_list(1626) get_sorted_dc_list: attempting lookup for name georgianut.com (sitename Default-First-Site-Name) using [ads] -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + slave OpenLdap (read-only)
jakjr schrieb: Hey, When I try to join a new machine on a domain, it's simple fail. I already set the ldap replication sleep to a higher value, but this do not work. I'm using synrepl on ldap (refreshAndPersist) and this is working. Including the referral return if the updateref config on slapd.conf. What do you use to add new accounts? smbldap-tools can be configured to use different LDAP servers (master and slave). -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + slave OpenLdap (read-only)
jakjr schrieb: I'm using a thitd-party software to create the accounts in the ldap. But the problem is when I try to include this machine (the entry of this machine already exist in ldap) in my samab domain using a ldap-replica (read-only). Samba try to modify some atributes in the slave (read-only), the slave return a referral and samba is not following the referral to the master ldap (when the samba has right to modify this atributes). Is it Samba that really creates the accounts? Can you paste your smb.conf? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] parsing smb.conf in a script (adding, removing, changing values)?
What do you use to parse smb.conf files in a somehow automated/scripted manner? Let's say this is a part of smb.conf: [homes] valid users = user1, user2 [data] valid users = user1, user2 And we want to add user3 to valid users in [homes]. How would you do it? Is there a tool which basically does: # smb-conf-parser [action] [section] [key] [value] For example, add user3 to valid users in [homes] would be: # smb-conf-parser add homes valid users user3 Removing user1 from valid users in [data] would be: # smb-conf-parser del data valid users user1 ? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba/Ldap problems with Versions 3.0.24
Mario Gzuk schrieb: Hi, Am Montag, den 17.03.2008, 13:41 -0400 schrieb Adam Tauno Williams: we have similiar problems with samba+ldap after updating to 3.0.27. But in our case, the following ldap-Attributes won't get updated: sambaPwdMustChange sambaPwdCanChange only sambPwdLastSet gets altered. in newly created accounts the two Attributes even won't be created !? I already checked every log-file i can think of, I played with verbose logging, but I really can't find a solution up to now. I also asked about this stuff here in the mailinglist several weeks ago, but no answer til now. So what could we do ? Is there a policy set to affect these attributes? littleboy:~ # pdbedit -P minimum password age account policy value for minimum password age is 86400 littleboy:~ # pdbedit -P maximum password age account policy value for maximum password age is 5184000 We have a policy for the maximum password age (value is: 15552000). But this doesnt matter. The timestamps in the LDAP get updated correctly, but the pdbedit -Lv user shows the wrong dates and the functionality is broken as you may read in my previous mail... A similar problem was reported in Strange NT_STATUS_PASSWORD errors after upgrade to 3.0.26a if you search the lists (actually, I see you mentioned it, too). I guess this bug is worth reporting on http://bugzilla.samba.org? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange NT_STATUS_PASSWORD errors after upgrade to 3.0.26a
I just upgraded one of our samba BDC's (with LDAP back end on solaris 10) from 3.0.23c to 3.0.26a and can no longer mount shares. The error message I'm seeing in the samba logs is [2007/11/15 14:15:26, 1] auth/auth_sam.c:sam_account_ok(172) sam_account_ok: Account for user 'dbb' password must change!. [2007/11/15 14:15:26, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [CLASSROOM] was for this SAM. [2007/11/15 14:15:26, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [dbb] - [dbb] FAILED with error NT_STATUS_PASSWORD_MUST_CHANGE [2007/11/15 14:15:26, 3] smbd/error.c:error_packet_set(106) error packet at smbd/sesssetup.c(1489) cmd=115 (SMBsesssetupX) NT_STATUS_PASSWORD_MUST_CHANGE Hi, Have there been any updates on this? I have the same issue - after upgrading to the newest Samba, new users who have sambaPwdMustChange set (to an older date) can no longer log in. Whenever they want to log in, they are asked to change the password. After changing the password, they are not allowed to log in anyway. A workaround is to add a X flag to sambaAcctFlags - then, after changing the password the user is able to log in, but is prompted to change the password each time after he/she logs out and logs in again. This issue is present in Samba releases newer than 3.0.24 (i.e., everything works fine in 3.0.24, the issue exists with 3.0.25 up to current 3.0.28). -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange NT_STATUS_PASSWORD errors after upgrade to 3.0.26a
Jayabrata Tripathy schrieb: Hi Tomasz, How to set the sambaPwdMustChange? and Where to set this parameter? smb.conf is not able to understand this parameter. This problem bugging me quite a long time. I keep all user data in LDAP, and I use LAM for that - http://lam.sf.net -- Tomasz Chmielewski http://wpkg.org On 3/5/08, *Tomasz Chmielewski* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I just upgraded one of our samba BDC's (with LDAP back end on solaris 10) from 3.0.23c to 3.0.26a and can no longer mount shares. The error message I'm seeing in the samba logs is [2007/11/15 14:15:26, 1] auth/auth_sam.c:sam_account_ok(172) sam_account_ok: Account for user 'dbb' password must change!. [2007/11/15 14:15:26, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [CLASSROOM] was for this SAM. [2007/11/15 14:15:26, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [dbb] - [dbb] FAILED with error NT_STATUS_PASSWORD_MUST_CHANGE [2007/11/15 14:15:26, 3] smbd/error.c:error_packet_set(106) error packet at smbd/sesssetup.c(1489) cmd=115 (SMBsesssetupX) NT_STATUS_PASSWORD_MUST_CHANGE Hi, Have there been any updates on this? I have the same issue - after upgrading to the newest Samba, new users who have sambaPwdMustChange set (to an older date) can no longer log in. Whenever they want to log in, they are asked to change the password. After changing the password, they are not allowed to log in anyway. A workaround is to add a X flag to sambaAcctFlags - then, after changing the password the user is able to log in, but is prompted to change the password each time after he/she logs out and logs in again. This issue is present in Samba releases newer than 3.0.24 (i.e., everything works fine in 3.0.24, the issue exists with 3.0.25 up to current 3.0.28). -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active file transfers
Tero Mäntyvaara schrieb: Hi How could I check the active file transfers? smbstatus? lsof? -- Tomasz Chmielewski http://blog.wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Problem
Darryl Tidd schrieb: I am running Kubunt 7.04. I downloaded the latest Samba release from samba.org. I configured and installed Samba. However, after doing all this, I can't seem to get Samba to run. I have tried starting smbd, winbindd, nmbd, sambaclient, samba, and swat. I either get a message that the program is not installed or the computer just does nothing. Any help will be greatly appreciated. Why don't you just get Kubuntu Samba packages? Apparently, you don't really know what you are doing (I have tried starting smbd, winbindd, nmbd, sambaclient, samba, and swat) -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sync logon scripts between PDC and BDCs
Andreas Moroder schrieb: Hello, we have a PDC and three BDC. Does anyone know a easy way to keep the logon.bat scripts synced between this machines ? rsync + cron? -- Tomasz Chmielewski http://blog.wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] log rotation in samba
Melanie Pfefer schrieb: Could you please share how you used logadm/logrotate to rotate samba logs? Hmm, doesn't Samba rotate the logs by itself? I.e.: log level = 3 syslog = 0 log file = /var/log/samba/log.%m max log size = 5000 -- Tomasz Chmielewski http://blog.wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] log rotation in samba
Felipe Augusto van de Wiel schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tomasz Chmielewski wrote, On 21-09-2007 11:10: Melanie Pfefer schrieb: Could you please share how you used logadm/logrotate to rotate samba logs? Hmm, doesn't Samba rotate the logs by itself? I.e.: log level = 3 syslog = 0 log file = /var/log/samba/log.%m max log size = 5000 AFAIK, no. This only tells samba how much information to keep in each file and how detailed they are. If you want to have history, you need to rotate it using something like logrotate. Yes and no. With the above setting, Samba keeps two logs per machine: /var/log/samba/log.%m and /var/log/samba/log.%m.old. Each of them having 5000 kB. If you want to use just logrotate for that, you'd have to set max log size = 0, so that Samba doesn't rotate the files on its own. However, to keep some reasonable history with log level = 3, one would have to reserve gigabytes for each machine... Also, it wouldn't be that great for performance. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Backup of Samba Server files
Ryan Novosielski schrieb: But, what about Samba? Should I just backup my /var/lib/samba/* files and everything would be fine in the case of a new Samba in a new machine? What about the SID? In a different machine it is going to be different isn't it? Just a net setlocalsid OLDSIDNUMBER would be enough? Realistically, just how big is your server (I mean, the amount of data it stores - /bin, /usr etc., everything)? 1 GB? 2 GB? That's nothing. Perhaps dozens of GBs if you keep some extra data like user profiles for 400 users - but then, you surely make a backup of that, anyway. Just backup everything, it's easiest. He has a valid point though... let's say that he wants to just move Samba from this server to that server -- maybe separating applications on a box, or... who knows what else... He wants to make sure he can just do some sort of cutover and it will work; in that case, one DOES need to make sure they know what files are necessary. The one that contains the domain SID is very important (or at least, knowing what your domain SID is before a move)... but I think this stuff is all covered in detail in the manual. Am I wrong? Like, moving from one Linux distro to another etc.? That also should be easy - most places to look for are (may depend on how Samba was compiled, though - see smbd -b): /etc/samba/ /var/lib/samba/ /var/cache/samba/ user profiles, logon scripts, printer drivers etc. - defined in smb.conf The most important files would be (assuming users are stored in LDAP) these two: smb.conf secrets.tdb All other .tdb or .dat files are not really needed (yes, they may contain printer settings, something cached, but probably, can be skipped in most situations - shouldn't make much harm to copy them, though). -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Backup of Samba Server files
Steve Scanavarro schrieb: Hello everyone. I have a Samba+LDAP server running here in my company. Everything is working fine, but I'm now worried about the backup of my configurations. In the LDAP, I just slapcat my base to an ldif file and that's everything ok! But in Samba, if I need to upgrade to a new machine, how am I gonna be able to create another Samba server, with the SAME configurations? By same configurations, I mean, same domain name, same netbios name and without asking all my 400 users to exit the domain COMPANY (old machine) and joining the COMPANY (yeah, same name) of the new machine again? In the past, when the MS Active Directory was used here, we used to backup the System State in Windows 2000. This was enough to rebuild a new domain controler machine transparently for the users. But, what about Samba? Should I just backup my /var/lib/samba/* files and everything would be fine in the case of a new Samba in a new machine? What about the SID? In a different machine it is going to be different isn't it? Just a net setlocalsid OLDSIDNUMBER would be enough? Realistically, just how big is your server (I mean, the amount of data it stores - /bin, /usr etc., everything)? 1 GB? 2 GB? That's nothing. Perhaps dozens of GBs if you keep some extra data like user profiles for 400 users - but then, you surely make a backup of that, anyway. Just backup everything, it's easiest. -- Tomasz Chmielewski http://blog.wpkg.org , but the -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc ldap vs mysql
Petre Bandac schrieb: hallo I have a task to reorganize the network resources of a medium company (~150 computers, 80% windows) which in the current state is very chaotic I was thinking of a system where the users are stored in a single place, from where applications like mail (postfix), squid and even a domain controller can retrieve information from your past experience, which does a better job - ldap or users stored in a mysql database ? I would appreciate your feedback or some links (I already have googled around and found several sources from where I am reading right now) I would like to have the same user/password for at least mail domain logon I would say MySQL is not an officially recommended way of storing Samba users. -- Tomasz Chmielewski http://blog.wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba / NFS performance
Alexander Gelf schrieb: Attached. You may want to experiment with these options: # Most people will find that this option gives better performance. # See the chapter 'Samba performance issues' in the Samba HOWTO Collection # and the manual pages for details. # You may want to add the following on a Linux system: ; socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 You may also want to set these options explicitly (depending how you start Samba, but it won't hurt): log level = 0 syslog = 0 Otherwise, your Samba may be logging too much, causing unnecessary writes. Note that Samba will be always slower than a lower-level NFS (which, in turn will be slower than iSCSI etc.). -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba / NFS performance
Alexander Gelf schrieb: I have the following network configuration: Server FreeBSD 6.2 P4 3Ghz, 1GB RAM Samba 3.0.24 (options: WITH_ADS, WITH_PAM, WITH_SENDFILE, WITH_UTMP, WITH_WINBIND) Standard FreeBSD NFS Server Adaptec 2410SA controller with 4 drives running RAID5 Broadcom GigE Client Windows XP MCE Microsoft SFU 3.5 running NFS client over UDP The client and the server are connected to the same GigE switch. When I copy one large file (10GB) from the client to the server over an NFS mount I get an average performance of 18MB/s. The same file copied from the same directory on the client to the same directory on the server over a Samba mount averages 4Mb/s. Any ideas on why is there such a huge performance difference and what can I do to improve Samba performance are appreciated. your smb.conf? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] roaming profile not uploaded correctly when logging outfor the first time
Gary Dale schrieb: No. XP is closing your mapped drives, not your profile share. That's something that Windows knows about, just like it knows which server to validate your password against. I doubt that the server speed is an issue either. However, I am concerned about you running the bleeding edge version of Samba. I doubt that it came with your distribution. Do you really need 3.0.24? Was there some feature that wasn't in your distro's version? Yes, Debian Etch comes with 3.0.24. But I'll try an older version, thanks for the hint. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] roaming profile not uploaded correctly when logging outfor the first time
Gary Dale schrieb: No. XP is closing your mapped drives, not your profile share. That's something that Windows knows about, just like it knows which server to validate your password against. I doubt that the server speed is an issue either. However, I am concerned about you running the bleeding edge version of Samba. I doubt that it came with your distribution. Do you really need 3.0.24? Was there some feature that wasn't in your distro's version? As a rule of thumb, I follow if it ain't broke, don't fix it. My server ran quite happily on an antique 3.0.14 version until I wanted to try a newer version of CUPS and ended up upgrading to a more recent version of my distro. Now I'm running some 3.0.23 variant. My CUPS problem is fixed so I'm happy but I can't tell the difference in my server operation other than that. Indeed, when I downgraded to samba 3.0.14a-3sarge4 (ARM architecture), I don't have this issue anymore... So it's a regression. I reported it here: https://bugzilla.samba.org/show_bug.cgi?id=4450 -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: roaming profile not uploaded correctly when logging outfor the first time
Mark Nienberg schrieb: Do all of the files you have problems with have strange characters in them? I had this problem back when I upgraded a samba server and I think it had to do with the new server's i18n character support or something like that. In particular, the character for the 1/2 symbol was a problem. That's what I thought at the very beginning, too - originally, files in SendTo directory were: 3½-Diskette (A).lnk Desktop (Verknüpfung erstellen).DeskLink E-Mail-Empfänger.MAPIMail Eigene Dateien.mydocs But I renamed them: 3½-Diskette (A).lnk- 1.lnk Desktop (Verknüpfung erstellen).DeskLink- 2.DeskLink E-Mail-Empfänger.MAPIMail- 3.MAPIMail Eigene Dateien.mydocs- 4.mydocs And the problem still exists. So it has nothing to do with strange characters. Also, when I move the SendTo directory (with original filenames), for example to the Desktop, the problem doesn't exist anymore. I still see this occasionally on other files (without strange characters in them) and I usually just erase the offending file from the user's local profile and then the next time I log out, the profile uploads to the server correctly. For some reason the problem seems to occur with 0 length files more often than others. Indeed, those files have mostly 0 bytes (3½-Diskette (A).lnk has ~150 bytes or so). Does it happen for you with XP or 2000? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] roaming profile not uploaded correctly when logging out for the first time
I have a strange issue with roaming profiles. It only happens for users which has no roaming profile on a Samba server yet. When a user logs out for the first time, some files can't be copied from: C:\Documents and Settings\username\SendTo\ to a profiles directory on the server. (Files like 31/2Floppy(A).lnk, some *.tmp files etc.). Only very rarely, a first-time logout process happens without any problems. Second and any later logouts are without problems. I found another reference on the list: lists.samba.org/archive/samba/2002-December/057885.html When user logoff it appear Windows cannot copy file C:\Documents and Settingsd\user\SendTo\31/2Floppy(A).lnk to location \\192.168.0.1\domain\profiles\user\SendTo\3 1/2 Floppy(A).lnk. Contact your network administrator Are there someone found like me? Is it a Windows problem, or Samba problem? I'm using Samba 3.0.24. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] roaming profile not uploaded correctly when logging out for the first time
Jason Baker schrieb: I experienced this same issue and it turned out to be a permissions problem in the windows client. I had copied some files from the users old machine profile to their new domain profile and then logged out. It complained that it could not write to the roaming profile. I went back into the account, in your case it would be C:\Documents and Settingsd\user\SendTo\31/2Floppy(A).lnk and right click the file and go to Sharing and Security. You need to make sure the domain user has read write access to that file. After I changed the permissions, logout was successful. Hmm, this must be something else. First of all, it happens for Windows 2000 SP4 clients, German version (I didn't check XP or any other language versions). In my case, permissions on a Windows side are surely not a problem - the error happens for newly created accounts from a freshly installed Windows machine. Second weird thing, is that it only happens for files stored in: C:\Documens and Settings\username\SendTo If I move contents of the SendTo directory somewhere else (i.e., to user's Desktop), I can log out without problems. Also, when I copy some other (random) files into ...\username\SendTo, I can log out without problems. The files in question in that directory are: 3½-Diskette (A).lnk Desktop (Verknüpfung erstellen).DeskLink E-Mail-Empfänger.MAPIMail Eigene Dateien.mydocs When logging out, an error window shows up, and in Samba [profile] dir for the user, in SendTo, are some random temporary files (names like prf7EE.tmp, prf7EF.tmp etc.). This is extremely hard to debug - why this happens only for files in C:\Documens and Settings\username\SendTo? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba - Linux copies fine, Samba - Windows hangs all existing connections
I'm running Samba 3.0.23c on Debian-arm (unstable), kernel 2.6.18. I can copy files from the Samba server just fine, when I do it from a Linux machine. When I want to copy files from the Samba server to a Windows XP SP2 machine (connection made from Windows), it copies a couple of files, and then everything just freezes - Samba doesn't send any more packets, and I have to reconnect all connections. SSH connection is untouched, and this phenomenon concerns only files copied via Samba. Anyone else seen this? -- Tomasz Chmielewski htp://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba - Linux copies fine, Samba - Windows hangs all existing connections
Tomasz Chmielewski wrote: I'm running Samba 3.0.23c on Debian-arm (unstable), kernel 2.6.18. I can copy files from the Samba server just fine, when I do it from a Linux machine. When I want to copy files from the Samba server to a Windows XP SP2 machine (connection made from Windows), it copies a couple of files, and then everything just freezes - Samba doesn't send any more packets, and I have to reconnect all connections. SSH connection is untouched, and this phenomenon concerns only files copied via Samba. Anyone else seen this? I solved it by setting: socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=4096 SO_SNDBUF=4096 in smb.conf. I wonder if it's specific to ARM? When I usen 8192 instead of 4096, I had these mysterious hangs and disconnections. Linux cifs clients had this logged by the kernel when it happened: CIFS VFS: No response to cmd 46 mid 1887 CIFS VFS: Send error in read = -11 CIFS VFS: No response to cmd 46 mid 3313 CIFS VFS: Send error in read = -11 CIFS VFS: No response to cmd 46 mid 4125 CIFS VFS: Send error in read = -11 CIFS VFS: No response to cmd 46 mid 4361 CIFS VFS: Send error in read = -11 CIFS VFS: No response to cmd 46 mid 4752 CIFS VFS: Send error in read = -11 -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba - Linux copies fine, Samba - Windows hangs all existing connections
Denis wrote: Tomasz Chmielewski wrote: I'm running Samba 3.0.23c on Debian-arm (unstable), kernel 2.6.18. I can copy files from the Samba server just fine, when I do it from a Linux machine. When I want to copy files from the Samba server to a Windows XP SP2 machine (connection made from Windows), it copies a couple of files, and then everything just freezes - Samba doesn't send any more packets, and I have to reconnect all connections. SSH connection is untouched, and this phenomenon concerns only files copied via Samba. Anyone else seen this? I have opposite situation, could get files from Windows but Linux fails, server runs FreeBSD. From other side I can get files using xsmbrowser but it still working very slow and I'm unable to download big file. Any ideas what could it be? See my answer I posted earlier - I used these socket options (on Linux on ARM): socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=4096 SO_SNDBUF=4096 Also, this page lead me to set the buffers lower: http://www.dd.iij4u.or.jp/~okuyamak/Documents/tuning.english.html Replying to Aaron's message: Without posting any logs, it's rather difficult to guess. Samba just logged that the client had disconnected, which was only partially true, because the client certainly didn't want to connect. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba - Linux copies fine, Samba - Windows hangs all existing connections
Tomasz Chmielewski wrote: Replying to Aaron's message: Without posting any logs, it's rather difficult to guess. Samba just logged that the client had disconnected, which was only partially true, because the client certainly didn't want to connect. s/connect/disconnect -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] wrong colours when printing from Windows
I have a strange issue with Brother MFC-5440CN printer. When I print from Linux/CUPS, it prints colours fine. When I print from Windows, using Windows drivers (without Samba), it also prints fine. When I print from Windows through Samba/CUPS (drivers added using cupsaddsmb...), it gives me wrong colours: expected | result yellow | blue blue | red red | green green| dark-blue It only happens from certain applications, like OpenOffice, Firefox, or Internet Explorer. When I print from Adobe Acrobat Reader, it gives me correct colours (documents which gave wrong colours in OpenOffice, print correct colours when exported to PDF and printed with Adobe Acrobat Reader). I have Samba 3.0.20 and CUPS 1.2.1, the clients are XP SP2. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: psexec for Linux and svcctl.idl changes
I am not a regular samba developer, but I wanted to have psexec equivalent, so I wrote it, it works but still need some development. I do not know if patches of such sizes (about 30k) are welcome on this list so I've put it on web page, with some description: http://eol.ovh.org/winexe/ Comments welcome. Hi, this is really great, you can get Windows command line (cmd) in your Linux shell: [EMAIL PROTECTED] Desktop]$ uname -r 2.6.16-1mdk [EMAIL PROTECTED] Desktop]$ ./winexe -W LAPTOK -U Administrator //192.168.151.11 cmd.exe Password for [LAPTOK\Administrator]: Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\WINDOWS\system32ver ver Microsoft Windows XP [Version 5.1.2600] C:\WINDOWS\system32 I'm sending this also to samba list, this tool has been very often requested on various Samba groups. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] how to copy files from the Samba server (small/big characters and other problems)?
Perhaps the question sounds trivial, and is only partially related to Samba, but in reality, I'm trying to cope with this problem for several days now. I have an archive of files that are placed on ext3 filesystem. I need to copy all the files from there to a fat-formatted drive. Unfortunately, it's not so easy: ext3 allows filename characters that are not allowed by fat, for example, or |. To make the things even worse, there are plenty of files there which have small/big character set, that are different for ext3 (i.e. FILE.txt and file.txt), but are the same for fat (which doesn't understand character case). I tried several methods to copy the files from ext3 to fat: 1) cp/rsync - after that, I had over ~1000 files less (out of ~10) on the destination drive (fat filesystem) 2) mounting the ext3 drive as a Samba share - files with | or in the name were changed by Samba to some random-looking names, and some of them couldn't be copied (permission denied) 3) making an iso image of the ext3 drive, and then copying the files back. This was close to the solution - converted illegal characters, coped with small/big character case (changed conflicting names to file.txt, file001.txt etc.), but unfortunately, is only able to create 31 character long filenames (if I create the iso image as a Joliet image, the filenames can be longer, but they won't be converted). So I'm still stuck, I don't know how to copy files from ext3 to fat reliably. I even created a small oneliner which converts fat-illegal characters (like | or ) to _, but then, I still have the problem with character case (FILE.txt and file.txt). Anyone had this problem before? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problems mounting Win2003 Server Share - smbclient is working smbmount is not
Andi Voss wrote: Hi, this is my first post to this list. I have to mount an Win2003 SmallBusinessServer share to my linux box. So far so good. The user user exists with the same pass on the linux-box like in the ActiveDirectory at the Win2003-Server. I added the user with smbpasswd -a user . I joined the domain with: net rpc join -S domain -U user mount -t smbfs -o username=user,workgroup=domain,rw //server/dir /linux/dir The first error I got was: [EMAIL PROTECTED]:/etc/rc.d# mount -t smbfs -o username=user,workgroup=domain,rw //server/dir /linux/dir cli_negprot: SMB signing is mandatory and we have disabled it. 1220: protocol negotiation failed SMB connection failed use mount.cifs instead of deprecated smbmount (mount -t smbfs). -- Tomasz Chmielewski Software deployment with Samba http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Little help on PDC and BDC needed
Nanni X wrote: Hi guys, I need some tricks to set up a PDC and a BDC together. I successfully installed PDCs, but now I need redundancy. And your problem is...? -- Tomasz Chmielewski Software deployment with Samba http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File versioning with Samba (on a Linux filesystem)?
Henrik Zagerholm wrote: I'm pretty sure this can be done with a VFS module. I couldn't say exactly which one though. I guess there is no such VFS module :) Another possibility would be to use some FUSE filesystem on a Samba server, and then make a share out of it. Take a look at this page: http://fuse.sourceforge.net/wiki/index.php/FileSystems and there look for: User-level Versioning File System Name: Wayback Homepage: http://wayback.sourceforge.net/ Description When you use a Wayback file system, old versions of files are never lost. No matter how much you change a file or directory, everything is always kept in a versioning file so that you never lose important data. Wayback provides the ability to remount any already mounted file system with versioning support under a different directory. I didn't test it personally, but we'll all curious if you do :) Let us know how it works then of course, it's an interesting topic. -- Tomasz Chmielewski Software deployment with Samba http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Virtual Servers Workaround?
Andrew Galdes wrote: Craig, try this...samba Wiki http://wiki.samba.org/index.php/Multiple_Server_Instances Craig That configuration appears to work at a lower level - rather than a single Samba server providing the (multiple DC's) services, samba is actually running multiple times. The documentation 'doesn't' say it's 'not' possible. I will do some testing. As an alternative, you can run several Samba instances from within Xen. It was easier for me to set it up this way (on Xen), than to configure several Samba + OpenLDAP servers running on the same box. Furthermore, if you have unified directory setup (i.e., software in the same directories etc.) on your Samba servers, this can be an additional pro. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Searching old posts
Zoran Ljubisic wrote: Hi all, Is it possible to search old posts in this list for some keywords? Just type: your key word site:lists.samba.org/archive/samba/ in google. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] any plans on getting psexec / cmdat equivalent to Samba?
Windows admins can make their work easier with a tool like psexec. It allows to execute commands remotely, without the need to install anything on the target machine. All that is needed is username/password of course. Unfortunately, psexec command only runs on Windows. The usage is as follows (we start notepad interactively with -i to show that something happens): psexec \\192.168.1.2 -i -u username -p password notepad It waits for the command to complete, and returns its exit code, so can be used within scripts. A similar tool we can use with Samba is cmdat, which comes together with samba-tng (one just needs to compile samba-tng, and then can use the tool with a regular Samba). To start a command on a remote system, we can use (we start notepad interactively with /interactive to show that something happens): cmdat -I 192.168.1.2 -U 'username%password' -c 'at now /interactive notepdad' Unfortunately, it uses at to start commands (1 minute from the current time when we use now), so we know nothing about the status of the running command, nor get any exit code. In other words, it's close to impossible to use it in scripts to do anything useful (other than starting single commands). Is any work done in Samba to get a tool similar to psexec? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] roaming profiles and quota limits
Toni Casueps wrote: I have a Samba server where I established disk quotas for each user. When I check the free space from Windows its shows correctly the used space, but not the total space: I have set 100 MB soft limit, 200 MB hard limit and one user has used 150 MB, and it shows 150 MB used / 0 bytes free. When the user logs off, Windows complains that it can't store the roaming profile due to lack of disk space, which is untrue and causes some problems like files that the users store and are not there the next day. I guess Samba gets the total space from the soft quota limit and not from the hard quota limit. Is this correct and if so can I change it? Use the policy editor to manage user quotas. If the user is over quota, he/she will not be able to log out, and will be presented a list of the largest files etc. Once the profile size is below the size set up in the policy editor, the user will be able to log out. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Execute script on file write
Peter Fortuin wrote: Hello, I'm working on a quota system here at school. I want to execute a script everytime a user writes on the samba fileserver. This script checks some quota stuff. My question is, is it possible that a script is executed everytime a user writes a file to the samba server and if it's possible, how? I guess it would be rather hard to achieve this, as Samba doesn't offer anything like that. The closest you will find are postexec and preexec directives (a program will be executed when the user connects/disconnects from a share). Anyway, something what you're talking about (executing a script on every file write) could be a major bottleneck for the server. Just imagine, how many files are in the average user profile... Is there some special reason you have to execute a script after every file upload? Why don't you just set up quota on your Samba server? The system will take care of everything. Additionally, if you're using roaming profiles, you could use the Policy Editor to limit user profiles (they will get a pop up warning when they log out if the profile exceeds a value you set, and will be requested to remove some file). -- Tomasz Chmielewski Software deployment with Samba http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] is there a possibility to start a programm from samba on a windows machine?]
Henrik Zagerholm wrote: It sure could be :) I know that Jerry (Carter) of the samba team was looking at this a while ago (psexec) but I guess he's been busy with the Samba4 TP. Samba TNG has a command called cmdat which will let you schedule commands on a win box using the at command. www.samba-tng.org By using the /now parameter you can execute commands directly. This is not the best solutions but it is workable until Jerry has made his magic coding. :) Everything great, but at doesn't have /now parameter. At least on Windows 2000 SP4 and XP SP2. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] is there a possibility to start a programm from samba on a windows machine?]
Henrik Zagerholm wrote: I guess the Imperial Army decided to remove it =) But you can always pipe a time a few seconds away to the command If the workstation clock is out of sync, then you're out of luck. Even if the clock is in sync, you can specify at jobs with minute precision - so if you intended to run a script, it may wait a minute for the task, and if you're unlucky, you'll wait 24 hours for it to complete (if you only give time (HH:MM) to at, and you're late a few secs, it'll be executed the next day. Hopefully the Samba team will put together the long awaited psexec utility soon. =) True. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Backup Restore Samba Configuration
Stéphane Purnelle wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lake-Wind a écrit : The motherboard in our Samba server fried. I have re-installed our operating system (SUSE 10) and was wondering what is the best way to restore our Samba server? Can it be as simple as copying the smb.config and smbpasswd files back into the /etc/samba directory? That's what I am hoping. If I just copy the smb.config and the smbpasswd files back to the samba directory will the machine trusts, users and passwords just work? If not, what is the proper procedure for restoring. If only the mainboard fried, why didn't you just use the disk you had? -- Tomasz Chmielewski Software deployment with Samba http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mount.cifs - everything is owned by root (when mounting 2003 shares)
Michael Gasch wrote: try option uid=youraccount should fix write errors I wanted to make a backup of the data stored on a Windows 2003 server, with the correct users and permissions. So this is not a solution, really. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] many servers and mobile users - always use the most fresh user profile - ideas?
I have a situation like below: Samba servers in many cities; one backup server in the central location that fetches user profiles each night (changes really with rsync). Users work in many locations; sometimes one user can work in city A, and a day later he can work in city B. This means that they have problems with their profiles - user profile for city A will be different from his profile in city B. Using the central server for storing all profiles is not a good solution - it would take too long to fetch/upload user profile over WAN/VPN. Pulling the profile from the central server should only happen if the local profile is older. I tried using preexec, to launch a script which would compare the local and remote profile, and pull the newest version from the central server if necessary. However, Windows logon times outs after 2 minutes, and usually it takes longer to download the profile. Has anyone ever dealt with the situation where users work in multiple locations, but would like to have the profiles the same? I know it can be done easily with Windows 2003 R2, what about Samba? -- Tomasz Chmielewski -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] many servers and mobile users - always use the most fresh user profile - ideas?
Gautier, B (Bob) wrote: (...) Has anyone ever dealt with the situation where users work in multiple locations, but would like to have the profiles the same? I know it can be done easily with Windows 2003 R2, what about Samba? About a year ago I worked out an architecture in which rsync would be used to replicate profiles from location to location (replication being triggered by *logout*, not *login*) but it never got anywhere near implementation as far as I am aware. You just have to make sure you have enough bandwidth so you can move the profiles faster than the people. :-) Of course rsync helps quite a bit. Hmm, no, using your idea (replication triggered by logout) would mean that user profile would be replicated to cities A-Z, where in reality a given user works only in cities A and B. Theoretically, it should be easy to do (I assume we're using LDAP): 1) user begins logon 2) some program or a script compares local (branch) and remote (central) NTUSER.DAT - and picks the newest 3) sambaProfilePath: is set according to the newest NTUSER.DAT location, ie. a) no sambaProfilePath: entry in LDAP, if the local NTUSER.DAT is the newest b) sambaProfilePath: \\remote\profiles if the remote NTUSER.DAT is the newest 4) on logout the profile should be saved locally (and perhaps at night, or at some interval, transferred to the central server) Of course setting sambaProfilePath: value according to some script exit value or output is the tricky part :) -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] many servers and mobile users - always use the most fresh user profile - ideas?
Gautier, B (Bob) wrote: (...) About a year ago I worked out an architecture in which rsync would be used to replicate profiles from location to location (replication being triggered by *logout*, not *login*) but it never got anywhere near implementation as far as I am aware. You just have to make sure you have enough bandwidth so you can move the profiles faster than the people. :-) Of course rsync helps quite a bit. Hmm, no, using your idea (replication triggered by logout) would mean that user profile would be replicated to cities A-Z, where in reality a given user works only in cities A and B. If you are sure the user never actually visits C-Z you can maybe ensure you can configure the replication to avoid doing those copies. The assumption is that it's low overhead anyway. It would be a nightmare to manage if you have more than 5 users and don't really know where they work. Theoretically, it should be easy to do (I assume we're using LDAP): 1) user begins logon 2) some program or a script compares local (branch) and remote (central) NTUSER.DAT - and picks the newest 3) sambaProfilePath: is set according to the newest NTUSER.DAT location, ie. a) no sambaProfilePath: entry in LDAP, if the local NTUSER.DAT is the newest b) sambaProfilePath: \\remote\profiles if the remote NTUSER.DAT is the newest 4) on logout the profile should be saved locally (and perhaps at night, or at some interval, transferred to the central server) Of course setting sambaProfilePath: value according to some script exit value or output is the tricky part :) This all sounds more or less feasible but any work you do at logon time is (as you pointed out) very time-limited. Hey, not really. It's perfectly fine to load a profile for 10 minutes from a remote server - as long as something happens (the files are being transferred), it's OK for a Windows workstation. I'd also worry about LDAP replication time-lag: you probably can't update sambaProfilePath during the logon and expect to see the change within the time available. I wouldn't want to replicate anything. I'd just fake sambaProfilePath: to point to the server containing the newest profile. How about setting sambaProfilePath for a user at logout time, based on the location they are logging off from? And updating it if you get around to replicating the profile to a central site before they logon again? Only half of it is fine. We have two things: 1) user should download the profile from the server with the newest profile (either local or a remote one) 2) user should upload the profile to the local server *only* So, it will work only if we can change the sambaProfilePath: value to the local one after user logs in - which is not a problem, but I'm not sure if the Windows client will respect that (which I'm going to find out now). The less work you do at logon time the better, IMHO. True. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] many servers and mobile users - always use the most fresh user profile - ideas?
Gautier, B (Bob) wrote: (...) How about setting sambaProfilePath for a user at logout time, based on the location they are logging off from? And updating it if you get around to replicating the profile to a central site before they logon again? Only half of it is fine. We have two things: 1) user should download the profile from the server with the newest profile (either local or a remote one) 2) user should upload the profile to the local server *only* So, it will work only if we can change the sambaProfilePath: value to the local one after user logs in - which is not a problem, but I'm not sure if the Windows client will respect that (which I'm going to find out now). Tada, this seems to work, I just need to polish some bits. I tested it on a local server only, without trying to change anything in LDAP. To reproduce fetching a profile from one location on logon, and uploading the profile to another location on logoff, do: 1) logon (that was hard, wasn't it?) :) 2) launch regedit take a look at this key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\USER-SID\CentralProfile It contains the value where the profile is stored, let's say, \\server\profiles\profile1 Now change this value to something else, like \\server\profiles\profile2 This can be scripted of course. 3) quit regedit 4) logoff 5) you will see your profile being saved to \\server\profiles\profile2, while it was read from \\server\profiles\profile1 6) after logoff, write to LDAP and change the sambaProfilePath: to your current (newest) location. That's the theory, perhaps it needs a couple of hours of scripting and testing, but I guess it should work like this. Anyone who would like to test it? :) I got a reply from a Microsoft representative today suggesting that I should replace all the servers to Win2k3 R2 which contain Branch Office Infrastructure Solution © which lets me do that... -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] is there a possibility to start a programm from samba on a windows machine?
Henrik Zagerholm wrote: It sure could be :) I know that Jerry (Carter) of the samba team was looking at this a while ago (psexec) but I guess he's been busy with the Samba4 TP. Samba TNG has a command called cmdat which will let you schedule commands on a win box using the at command. www.samba-tng.org By using the /now parameter you can execute commands directly. wow, that just sounds great. Can this tool (cmdat) be used with a regular Samba (i.e., 3.0.21c)? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] mount.cifs - everything is owned by root (when mounting 2003 shares)
I just tried to mount Windows 2003 share. I used the following command to mount it: mount.cifs //10.1.1.1/G$ /mnt/2003/ -o user=admin,domain=MYDOMAIN The mount is fine, I can read the files. However, each and every file is owned by root, which is not true. Moreover, each and every file and folder has the same permissions, which is also not true. I can change the owners and permissions, but they are not reflected on Windows 2003, only Linux sees it. If I umount the share and mount it again, all ownership/permission changes I made are lost. getent passwd returns all Windows users correctly. I'm using winbind from Samba 3.0.20. Where should I look to solve the issue? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] preexec and client timeout when script long to execute
I wrote a script which downloads user profile from a remote server if the profile doesn't exist on a local server - and executes it via preexec in [profiles] share. It works fine, however, there is a major glitch with it. After 3 minutes or so, the client times out, and says that that the server-side profile cannot be found, contact your administrator etc. The script is still running and downloads the profile from the remote server, which will take few more minutes. Is there a way to tell the client not to time-out during logon, when the script is being executed? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] preexec and client timeout when script long to execute
Robert Schetterer wrote: Tomasz Chmielewski schrieb: I wrote a script which downloads user profile from a remote server if the profile doesn't exist on a local server - and executes it via preexec in [profiles] share. It works fine, however, there is a major glitch with it. After 3 minutes or so, the client times out, and says that that the server-side profile cannot be found, contact your administrator etc. The script is still running and downloads the profile from the remote server, which will take few more minutes. Is there a way to tell the client not to time-out during logon, when the script is being executed? Hi i also tested such stuff, and failed ,it maybe possible if you are increasing the time value with poldedit.exe Ntconfig.pol for profile logon waiting time to this user and/or machine If such a value exists. Anyone knows? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to make a symlink appear as a real file (for a Linux client)?
Kurt Weiss wrote: follow symlinks = yes??? linux realizes a symlink, maybe you want to use a hardlink? By default it's yes, and allows Windows clients to see a symlink as a real file/dir (Linux cifs will see it as a symlink pointing locally). When it's set to no, both Windows client and Linux client (using cifs) will get an error when trying to access symlinked file/dir. -- Tomasz Chmielewski Software deployment with Samba http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to make a symlink appear as a real file (for a Linux client)?
Nick S. Grechukh wrote: В сообщении от 22 февраля 2006 18:53 Tomasz Chmielewski написал(a): maybe you should put unix extensions = no into smb.conf Yeah that was it, thanks! -- Tomasz Chmielewski Software deployment with Samba http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to make a symlink appear as a real file (for a Linux client)?
I have a share with a couple of symlinked files in it. On a Samba server, it looks like this for addon directory: # ls -l (...) acrobatreader7 (...) addon - /home/samba/unattended-write/packages Now, if I mount it on a Linux client using smbmount, symlinks point to non existing directories locally (/home/samba/unattended-write/packages exist only on a Samba server): # smbmount //192.168.111.172/unattended /mnt/1 # ls -l /mnt/1 (...) acrobatreader7/ (...) addon - /home/samba/unattended-write/packages On a Windows client, however, I can browse the files in such directories just fine. I would rather expect that to happen on a Linux client, too (i.e., Linux client should not see it as symlinks, but as real files/directories). Where can I look for a solution? I didn't find anything about it in smbmount nor in smb.conf manuals. -- Tomasz Chmielewski Software deployment with Samba http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba 3 + Exchange 5.5
Lars Boegild Thomsen wrote: Robert Schetterer wrote: Lars Boegild Thomsen schrieb: have one unknown. The company mail run on an Exchange server that is most likely part of the NT4 network. Has anybody tried this setup? I did look in documentation and google and found precious little - which to me indicates that it might not be a problem at all (or nobody is running Exchange). you should have no problem with samba 3 and exchange 5.5 It should be noted that I have absolutely zero experience with Exchange. Would it be possible to configure this setup so Exchange automatically create email accounts to valid and active users in the network - or would they have to be manually created on the Exchange server. If you can replace Exchange with something else, you could try to integrate Samba with Kolab: http://wpkg.org/kolab/ As of Exchange, I've no idea (perhaps it could be done with Active Directory). -- Tomasz Chmielewski -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smbpasswd in a cron job
Dennis Duggen wrote: Hi list For a project we are trying to change the samba password automatically in a cron job. Since smbpasswd doesn't allow the password to be entered otherwise than though the console (user input). We found a solution to the input part though expect. But as thing go expect doesn't work in a cron job since it has no tty. Is there anyone who can point us the right way to a solution. Hi, I also had a similar problem with providing a password to cupsaddsmb. You might try running your expect script through screen (although I solved the cupsaddsmb problem differently). -- Tomasz Chmielewski Software deployment with Samba http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to prevent password changes?
Jeremy Koski wrote: Is there a way to prevent a user from changing their password? I guess it depends on what backend you use. If you use LDAP, it's certainly possible. It's best to manage your users in LDAP with LAM - http://lam.sf.net There you can easily set User can change password date. -- Tomasz Chmielewski Software deployment with Samba http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about policies [OT?]
Koenraad Lelong wrote: Hi, I'm using samba 3 as a domain controller. For some XP-pro laptops I would like to disable the firewall when they are logged in on our network (I don't like it but I have to). Is this possible with Windows policies ? If so, does someone know about good reading material about policies ? I do have Mastering Windows XP professional but that's absolutely no help. Thanks for any thoughts. Regards, Koenraad Lelong. Samba 3 doesn't support group policies. However, you could install for example WPKG - http://wpkg.org - and execute scripts on your machines as administrator/SYSTEM. You can set the scripts/programs to execute only once on each workstation, which would be your case for disabling firewall. You can disable the builtin firewall on XP with this: netsh firewall set opmode disable -- Tomasz Chmielewski -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd fails to start on Fedora Core 4
Gavin Simpson wrote: On Wed, 2006-02-15 at 15:26 -0500, James Kosin wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gavin Simpson wrote: Thanks for the help. I just removed the file and tried a restart. Same problem as before and same messages in smbd.log. No secrets.tdb created. I changed write permissions on this directory temporarily to make it world writable and tried again - with the same results. I'm basically only using samba for the print serving, so I'm not worried about the SID. Any other suggestions I can try? Hi James, Try running testparm, it could just be a mis-configured system. Thanks, but I tried that. There is nothing wrong with the smbd.conf file. I even tried to run things with a blank smbd.conf file to no avail. Check the logs also in /var/log/samba and /var/log/messages to see if you get any light at the end of the tunnel clues. I'll take a look at /var/log/messages, but /var/log/samba/smbd.log is complaining about a missing secrets.tdb file. I have such a file from the previous installation with the same permissions as before but it can't read it for some reason. If I delete the file, samba oesn't seem able to create a new one, even though I made /etc/samba world writeable to test. I have removed all of samba from the system and done a clean re-install but I still can't get this to work. I just can't understand what I did that was so disastrous - all the files were working, as was samba, just fine before I reinstalled the OS and copied back the /etc/samba files... Hi, Maybe your new Samba's configuration dir is somewhere else, i.e. in /usr/lib instead of /etc/samba? -- Tomasz Chmielewski Software deployment with Samba http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] New 3.0.21b-1 Samba does not respect system Groups
Siju George wrote: On 2/13/06, Robert Schetterer [EMAIL PROTECTED] wrote: Hi, at default smb does not honor linux groups, use ldap , map your systemgroup via the net command to a smb group read the smb faqs to this Regards Thankyou so much Robert for your reply But I used to do this till now without ldap. And even now it works with groups that were created earlier It's because you have them in /etc/group (and this is how it's done without LDAP). -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hardware and configuration for school's servers
[EMAIL PROTECTED] schrieb: Hi I am managing samba server in school. Server is on VIA 800MHz processor with 80GB IDE hard drive. there is no domain at the moment, just simple sharing, security share and smbpasswd file. I have 300 computers (each classroom has 20) with winxp sp2 auto logon limited local account, 300 users (6 intake groups). Passworded home directorys on Samba and Pupils have access to it by clicking on icon which fire up small VBS script which ask them for username and password and map My Documents for them. Each classroom has a printer and on each machine in classroom it is installed as local printing to port. I am managing users accounts using my small sh and perl scripts. Deploying or installing software on computers using perl (Win32::OLE) scrips which copy my own version of installer (made using Nullsoft NSIS) and fire it up using local administrator account. I was asked to build the system based on samba which give each pupil at least 10 GB home space and will be save, easy (and secure?) and of course if it goes down pupils will be able to have normal lessons. I have to ask, Is it a good idea to buy 6 cheap VIA servers, each for a year group, configure sambas as a simple home sharing on each of them? Or couple of Dual Opterons, 2GB mem, 3Ware, RID-5, Gbit network, Domain with LDAP password backend? Or maybe 6 of them and 7 as database only? What hardware and samba configuration would be the best for my school? BTW: Is it possible to use tbdedit in sh loop script which pick up usernames and passwords from CSV/txt file? Czesc, Well, 10 GB for each of 300 students is pretty much - you may need 3000 GBs! You may do some folder redirection, and you can also use poledit to create a NTConfig.pol file which will limit their account to some size (i.e., if their roamin profile is bigger that what you set, they will not be able to log out, and will be prompted to remove some files). I would also use ldapsam instead of tdbsam - thera good tools to manage lots of users, like LAM - http://lam.sourceforge.net With 300 users and 300 computers it makes together 600 users, I'm sure one computer can handle this amount of authentication. So, if you have 6 groups, that makes 50 users * 6 year groups = 300. I would make a: * PDC Samba + master OpenLDAP one one server, 2x big disk (RAID1) for backups (I'd use rsync for that run nightly + some scripts that make hardlinked backups to save space); no logons there if possible. Also could be Unattended server (http://unattended.sf.net) for automated Windows installations. * BDC Samba + OpenLDAP slaves for each year group, even if you don't have RAID1 on them (and something fails), everything should be fine if you have some backup strategy. You could also estimate if it's better to have a separate server for a year group, or for names/surnames - like server 1: surnames A-F, server 2: surnames g-L etc. -- Tomasz Chmielewski http://wpkg.org WPKG - deploy software with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba seems to cause complete server crash
Steve Freeman schrieb: Hi all, I have done some extensive searching, and drawn a blank so far... Nothing odd is reported in samba logs, or in the syslog file. However, if I try to play an avi straight off the samba server, on an XP client with MP10, it brings the whole deal to its knees after a few mins at the most. I have to hard reset the server. Other than this, all my other uses are flawless (game server, dhcp, firewall, teamspeak, peerguardian... etc). I don't _think_ its a firewall problem, as all internal traffic is ACCEPTED by default, and I don't have a permissions problem or any browsing errors... it just dies when I play a video?! I'm using FC4, with samba V3.0 If anyone has any suggestions on where to go from here, I would be very grateful. Other than this, everything is rosy. check your hardware. do some heavy computations and large file copying, etc. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-tools equivalent (which doesn't need perl)?
Michael Gasch schrieb: i started using my own bash scripts using ldap-tools. would that be helpful for you? Sure. Although I found some ldap-tools, but they were perl-based and had documentation in Russian :) i think your tiny linux box is starting to drive you crazy, isn´t it :) (NSS, ... ) baah, I can barely sleep :) btw: i also thought that ldapsam:trusted completely bypasses NSS :-? :))) it doesn't, but they work on it :)) -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba on Solaris with LDAP support
Dege, Robert C. schrieb: I'm trying to build samba with ldap/ads support on a solaris10 sparc system. After some googling, I followed some the advise of others, and built krb5, openssl, and openldap and installed into /usr/local. When running configure, I get errors about ldap not being found: ... checking for LDAP support... yes checking ldap.h usability... yes checking ldap.h presence... yes checking for ldap.h... yes checking lber.h usability... yes checking lber.h presence... yes checking for lber.h... yes checking for ber_scanf in -llber... yes checking for ldap_init in -lldap... no checking for ldap_set_rebind_proc... no checking whether ldap_set_rebind_proc takes 3 arguments... 3 configure: error: libldap is needed for LDAP support I had a similar problem when I was cross-compiling Samba for mipsel. It is most likely OpenLDAP issue. see config.log and look for lldap / libldap errors. You may also search for my posts in how does libldap detection work in ./configure script? thread on samba-technical list. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP only authentication without NSS/PAM - possible?
Is it possible to configure Samba so that it could authenticate users from the LDAP server *only* (i.e., operating system doesn't see the users from LDAP). I'm working on an embedded Samba domain controller, it is based on Linux / busybox / uClibc (and Samba with OpenLDAP). The system doesn't use glibc, but it's smaller brother uClibc, and it doesn't have anything like PAM or NSS. Because of this, Samba can fetch the users from LDAP, but can't verify that these users exist as system users - and refuses to logon with NO_SUCH_USER. Is there a way I can use Samba + LDAP without seeing LDAP users as system users? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap-tools equivalent (which doesn't need perl)?
Is there any smbldap-tools equivalent, which doesn't need perl (or python, or similar)? I installed Samba on an embedded system, which doesn't have perl installed, and I wonder how can I add users now? :) -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] help me understand ldapsam:trusted
According to smb.conf manual: the ldapsam:trusted=yes option assumes that the complete user and group database that is relevant to Samba is stored in LDAP and also: ldapsam:trusted=yes can be activated and Samba can completely bypass the NSS system to query user information. If I understand it well, enabling this option would make possible to authenticate Samba users against LDAP on systems without NSS support. However, this is not the case: no matter if this option is enabled or not, Samba won't authenticate the user if he's only in LDAP (and the operating system doesn't see that user in /etc/passwd, and can't verify in LDAP via NSS). So do I understand this option wrongly? I'm using Samba 3.0.21a on a Linux distro that doesn't support NSS. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?
Ilia Chipitsine schrieb: (...) pdbedit it is beatiful thing for converting from anything to anything :-) Almost. I don't see if it can convert ldapsam to /etc/passwd and /etc/group. use it to convert ldapsam --- smbpasswd it will handle users, not groups. and some awk hacking will be required also. As you said, smbpasswd has no group ID entries. So even if I convert the smbpasswd file into /etc/passwd file, it will have no group IDs (or rather some group ID I pick). And still there is a problem with creating /etc/group. Without group info, files will have wrong permissions, which is not really a solution for me. So I'm afraid I'll end up with some complicated ldapsearch/sed/awk script :( -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?
Ilia Chipitsine schrieb: (...) As you said, smbpasswd has no group ID entries. oops, I missed primary GID for /etc/passwd ok, I'll ask our guys about XSL, I think it will do all the job. (...) I think I found it: the tool is called ldap2pass and can be found here in the ldaputils package: http://www.fanying.com/projects/ldaputils.html Be careful, it will overwrite your /etc/group, /etc/passwd and /etc/shadow files! :) -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?
Josh Kelley schrieb: On 1/23/06, Tomasz Chmielewski [EMAIL PROTECTED] wrote: Ilia Chipitsine schrieb: pdbedit it is beatiful thing for converting from anything to anything :-) Almost. I don't see if it can convert ldapsam to /etc/passwd and /etc/group. To get /etc/passwd and /etc/group from LDAP, run getent passwd and getent group on a computer that has LDAP/nsswitch configured. And I began to think how to do it with sed/awk from the ldapsearch query :) Indeed, it is perhaps easier to do getent and then transfer the resulting files. But then it's the push method, not pull (when I want exactly). Perhaps I could use ssh keys to pull the data when I want from a central server, but I'm not sure if it wouldn't be a unnecessary security risk. Good, I have some options, now I need to evaluate them. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?
As some of you may know, I'm trying to set up Samba BDC on a disk- and fan-less tiny mipsel_CPU router running OpenWRT distribution. I already managed to compile Samba 3.0.21a and OpenLDAP 2.3.18 for it, and they seem to work fine. The problem is, this tiny distribution for routers doesn't seem to have anything like Name Service Switch (NSS), and relies solely on /etc/passwd and /etc/group. In other words, Samba will be unable to get users from LDAP. I thought that perhaps a workaround would be to fetch all needed info from the LDAP, and create proper /etc/passwd and smbpasswd files (or tdbsam perhaps). Is it possible to do so? Or perhaps there are some tools for converting ldapsam to tdbsam? -- Tomasz Chmielewski htp://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?
On Mon, 2006-01-23 at 17:08 +0100, Tomasz Chmielewski wrote: As some of you may know, I'm trying to set up Samba BDC on a disk- and fan-less tiny mipsel_CPU router running OpenWRT distribution. I already managed to compile Samba 3.0.21a and OpenLDAP 2.3.18 for it, and they seem to work fine. The problem is, this tiny distribution for routers doesn't seem to have anything like Name Service Switch (NSS), and relies solely on /etc/passwd and /etc/group. In other words, Samba will be unable to get users from LDAP. I thought that perhaps a workaround would be to fetch all needed info from the LDAP, and create proper /etc/passwd and smbpasswd files (or tdbsam perhaps). Is it possible to do so? Or perhaps there are some tools for converting ldapsam to tdbsam? pdbedit -i -e and look also at importing mapped users All right. So these will create a tdbsam file out of the current ldapsam (I think it's better to stick with tdbsam): pdbedit -e tdbsam:/tmp/tdbsam.tdb Now, how can I create a /etc/passwd and /etc/group files in a similar way? however probably, given it is a BDC, the best thing is to sync the passwd and group from ldap. That's more or less what I want to do. you may also try to experiment with ldapsam:trusted parameter I just read the ldapsam:trusted description in smb.conf and it seems that this is what I'm looking for. However, I'm not sure: how will Samba write UIDs/GIDs on shared folders, user profiles? Will it just write the GIDs/UIDs as they are (in the ldapsam db), although getent passwd will not show the relevant users? And ls -l /share/some/user/file will show only numeric UIDs/GIDs? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?
simo schrieb: On Mon, 2006-01-23 at 17:48 +0100, Tomasz Chmielewski wrote: you may also try to experiment with ldapsam:trusted parameter I just read the ldapsam:trusted description in smb.conf and it seems that this is what I'm looking for. However, I'm not sure: how will Samba write UIDs/GIDs on shared folders, user profiles? Will it just write the GIDs/UIDs as they are (in the ldapsam db), although getent passwd will not show the relevant users? And ls -l /share/some/user/file will show only numeric UIDs/GIDs? I think so. You have to experiment, because the trusted parameter is meant only to work as an optimization. You should have the nsswitch data available in the system, so I am not sure a setup without nsswitch will not break for sure. But it may just work for what you need, so it may be worth giving a try. I tried, but it doesn't work. After adding ldapsam:trusted = yes to smb.conf (on a normal BDC PC), I had trouble starting smbd - it complained about nobody not found in LDAP or something like that. After I fixed that, I could start smbd, but I'm not able to log in, and Samba logs NO SUCH USER. So I guess that I somehow have to fetch user/group info and convert it into /etc/passwd and /etc/group files. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?
Ilia Chipitsine schrieb: As some of you may know, I'm trying to set up Samba BDC on a disk- and fan-less tiny mipsel_CPU router running OpenWRT distribution. I already managed to compile Samba 3.0.21a and OpenLDAP 2.3.18 for it, and they seem to work fine. The problem is, this tiny distribution for routers doesn't seem to have anything like Name Service Switch (NSS), and relies solely on /etc/passwd and /etc/group. it doesn't have to be NSS. You can use /etc/passwd for name -- uid mapping and ldap for NT/LM hashes. That's great news! (...) I thought that perhaps a workaround would be to fetch all needed info from the LDAP, and create proper /etc/passwd and smbpasswd files (or tdbsam perhaps). hashed user password are somewhat very different in terms of ldap and passwd. You can use pam, but You don't need it for samba. Is it possible to do so? Or perhaps there are some tools for converting ldapsam to tdbsam? pdbedit it is beatiful thing for converting from anything to anything :-) Almost. I don't see if it can convert ldapsam to /etc/passwd and /etc/group. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
