Re: [Samba] idmapping changes from 3.0.10 to 3.4.2.
Backendwise, it has to be local, we don't have any write permission to AD or LDAP. If I do: wbinfo -n knixon, I get the ssid back. Taking it to the next level with: wbinfo -S `wbinfo -n knixon` gets me: Could not convert sid S-1-5-21-1606980848-1644491937-839522115-152478 to uid So it looks like we are getting what we need from AD and that I just have some kind of issue with the smb.conf configuration. On Sun, Nov 1, 2009 at 7:10 AM, Robert LeBlanc rob...@leblancnet.us wrote: You seem to be missing an idmap backend entry. If you are going to 3.4, you may want to look at hash, there is also RID. If you already have an extended schema, you may want to look at ads. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Fri, Oct 30, 2009 at 4:37 PM, Wayne Rasmussen waynemona...@gmail.com wrote: idmapping changes from 3.0.10 to 3.4.2. Trying to transition from 3.0.10 to 3.4.2 with a minimal change to the system meaning it would be nice to only change the smb.conf file if possible. The new version doesn't seem to properly work. getent passwd only produces entries from /etc/passwd. Sometimes, getent passwd user will get results but usually they don't. Also, when winbindd (ves 3.0.10) started it would have a heavy load for about 15 minutes while it loaded information. This version (3.4.2) seems to have very little load so it seems to act differently or it is having a problem. Any suggestions on how to change the global section below quickly and easily to make this a transparent tranision? Below is the global section of our smb.conf for 3.0.10. Note: I changed the workgroup/realm for posting. I just want it to work like the previous system worked. [global] workgroup = XX realm = XX.YYY.ZZZ security = ADS encrypt passwords = yes log level = 1 idmap uid = 2000-90 idmap gid = 2000-90 winbind enum users = yes winbind enum groups = yes template homedir = /u/%U template shell = /bin/false winbind use default domain = yes winbind cache time = 1800 wins server = 143.231.3.194 143.231.40.66 client schannel = no #starting to add stuff to see how things are working #username map = /usr/local/samba/lib/users.map #guestaccount = NULL #load printers = yes log file = /usr/local/samba/var/log.%m -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba-3.4.2: account_policy_get: tdb_fetch_uint32 failed
Solaris 9 SPARC Samba-3.4.2 cd $SAMBASRCDIR/source3 ./configure --with-ldap --with-ads --with-pam --with-winbind --with-krb5=/usr/local make make install cp ../nsswitch/libnss_winbind.so /usr/local/lib/libnss_winbind.so cd /usr/local/lib ln -s libnss_winbind.so libnss_winbind.so.2 ln -s libnss_winbind.so nss_winbind.so.1 smb.conf global section:[global] workgroup = sanatized realm = sanatized security = ADS encrypt passwords = yes log level = 1 #idmap uid = 2000-10 #idmap gid = 2000-10 idmap uid = 20-20 idmap gid = 20-20 ##idmap uid = 500-4 ##idmap gid = 500-4 winbind enum users = yes winbind enum groups = yes template homedir = /u/%U template shell = /bin/false winbind use default domain = yes winbind cache time = 1800 wins server = 143.231.3.194 143.231.40.66 client schannel = no #starting to add stuff to see how things are working #username map = /usr/local/samba/lib/users.map #guestaccount = NULL #load printers = yes log.smbd [2009/10/29 15:47:41, 0] smbd/server.c:1065(main) smbd version 3.4.2 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2009/10/29 15:47:41, 1] passdb/pdb_tdb.c:503(tdbsam_open) tdbsam_open: Converting version 0.0 database to version 4.0. [2009/10/29 15:47:41, 1] passdb/pdb_tdb.c:282(tdbsam_convert_backup) tdbsam_convert_backup: updated /usr/local/samba/private/passdb.tdb file. [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 1 (min password length), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 2 (password history), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 3 (user must logon to change password), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum password age), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum password age), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 6 (lockout duration), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 7 (reset count minutes), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 8 (bad lockout attempt), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 9 (disconnect time), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 10 (refuse machine password change), returning 0 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba-3.4.2: account_policy_get: tdb_fetch_uint32 failed
samba-3.4.2: account_policy_get: tdb_fetch_uint32 failed Solaris 9 SPARC Samba-3.4.2 cd $SAMBASRCDIR/source3 ./configure --with-ldap --with-ads --with-pam --with-winbind --with-krb5=/usr/local make make install cp ../nsswitch/libnss_winbind.so /usr/local/lib/libnss_winbind.so cd /usr/local/lib ln -s libnss_winbind.so libnss_winbind.so.2 ln -s libnss_winbind.so nss_winbind.so.1 smb.conf global section:[global] workgroup = sanatized realm = sanatized security = ADS encrypt passwords = yes log level = 1 #idmap uid = 2000-10 #idmap gid = 2000-10 idmap uid = 20-20 idmap gid = 20-20 ##idmap uid = 500-4 ##idmap gid = 500-4 winbind enum users = yes winbind enum groups = yes template homedir = /u/%U template shell = /bin/false winbind use default domain = yes winbind cache time = 1800 wins server = 143.231.3.194 143.231.40.66 client schannel = no #starting to add stuff to see how things are working #username map = /usr/local/samba/lib/users.map #guestaccount = NULL #load printers = yes log.smbd [2009/10/29 15:47:41, 0] smbd/server.c:1065(main) smbd version 3.4.2 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2009/10/29 15:47:41, 1] passdb/pdb_tdb.c:503(tdbsam_open) tdbsam_open: Converting version 0.0 database to version 4.0. [2009/10/29 15:47:41, 1] passdb/pdb_tdb.c:282(tdbsam_convert_backup) tdbsam_convert_backup: updated /usr/local/samba/private/passdb.tdb file. [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 1 (min password length), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 2 (password history), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 3 (user must logon to change password), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum password age), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum password age), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 6 (lockout duration), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 7 (reset count minutes), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 8 (bad lockout attempt), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 9 (disconnect time), returning 0 [2009/10/29 15:47:41, 1] lib/account_pol.c:325(account_policy_get) account_policy_get: tdb_fetch_uint32 failed for field 10 (refuse machine password change), returning 0 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] idmapping changes from 3.0.10 to 3.4.2.
idmapping changes from 3.0.10 to 3.4.2. Trying to transition from 3.0.10 to 3.4.2 with a minimal change to the system meaning it would be nice to only change the smb.conf file if possible. The new version doesn't seem to properly work. getent passwd only produces entries from /etc/passwd. Sometimes, getent passwd user will get results but usually they don't. Also, when winbindd (ves 3.0.10) started it would have a heavy load for about 15 minutes while it loaded information. This version (3.4.2) seems to have very little load so it seems to act differently or it is having a problem. Any suggestions on how to change the global section below quickly and easily to make this a transparent tranision? Below is the global section of our smb.conf for 3.0.10. Note: I changed the workgroup/realm for posting. I just want it to work like the previous system worked. [global] workgroup = XX realm = XX.YYY.ZZZ security = ADS encrypt passwords = yes log level = 1 idmap uid = 2000-90 idmap gid = 2000-90 winbind enum users = yes winbind enum groups = yes template homedir = /u/%U template shell = /bin/false winbind use default domain = yes winbind cache time = 1800 wins server = 143.231.3.194 143.231.40.66 client schannel = no #starting to add stuff to see how things are working #username map = /usr/local/samba/lib/users.map #guestaccount = NULL #load printers = yes log file = /usr/local/samba/var/log.%m -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Solaris removing ktkt_warnd from inetd.conf
Have a system admin who would like to stop running inetd on his Solaris 9 system. Currently the only thing left in his /etc/inet/inetd.conf file is: 100134/1 tli rpc/ticotsord wait root /usr/lib/krb5/ktkt_warnd ktkt_warnd Does anyone know if they can remove this without causing any problems? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA-3.2.4 for Solaris SPARC 9: ld.so.1: net: fatal: libtalloc.so: open failed: No such file or directory
Just sharing the information on this a work around for this problem. reported to bugzilla.samba.org: BUG 5907. net ads join get the error: ld.so.1: net: fatal: libtalloc.so: open failed: No such file or directory Killed warning: net ads join failed Top of config.log: This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by Samba configure 3, which was generated by GNU Autoconf 2.61. Invocation command line was $ ./configure --with-ldap --with-ads --with-pam --with-winbind --with-krb5=/us r/local ## - ## ## Platform. ## ## - ## hostname = newsystem uname -m = sun4u uname -r = 5.9 uname -s = SunOS uname -v = Generic_118558-25 /usr/bin/uname -p = sparc /bin/uname -X = System = SunOS Node = newsystem Release = 5.9 KernelID = Generic_118558-25 Machine = sun4u BusType = unknown Serial = unknown Users = unknown OEM# = 0 Origin# = 1 NumCPU = 1 /bin/arch = sun4 /usr/bin/arch -k = sun4u /usr/convex/getsysinfo = unknown /usr/bin/hostinfo = unknown /bin/machine = unknown /usr/bin/oslevel = unknown /bin/universe = unknown PATH: /usr/local/bin PATH: /usr/local/sbin PATH: /usr/ccs/bin PATH: /bin PATH: /usr/bin PATH: /usr/ucb PATH: /etc PATH: /usr/etc PATH: /usr/lib/uucp PATH: /usr/sbin PATH: /usr/sfw/bin PATH: /u/mcs/bin PATH: /u/mcs/utils PATH: /usr/local/samba/bin PATH: /usr/local/samba/sbin PATH: /usr/wp80/wpbin PATH: /usr/wp80/shbin10 PATH: /usr/opt/SUNWesm/sbin Work Around* cd /usr/local/samba/lib ln -s libtalloc.so.1 libtalloc.so ln -s libtdb.so.1 libtdb.so ln -s libwbclient.so.0 libwbclient.so #might as well do these as well. ln -s libnetapi.so.0 libnetapi.so ln -s libsmbclient.so.0 libsmbclient.so ln -s libsmbsharemodes.so.0 libsmbsharemodes.so ** NOTE: to fix: net ads join get the error: ld.so.1: net: fatal: libtalloc.so: open failed: No such file or directory Killed warning: net ads join failed run: ln -s libtalloc.so.1 libtalloc.so NOTE: to fix: ld.so.1: net: fatal: libtdb.so: open failed: No such file or directory Killed warning: net ads join failed run: ln -s libtdb.so.1 libtdb.so NOTE: to fix: ld.so.1: net: fatal: libwbclient.so: open failed: No such file or directory Killed warning: net ads join failed run: ln -s libwbclient.so.0 libwbclient.so -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.2.4 Solaris 9: configure gets error: Active Directory support requires ldap_initialize
Unable to compile samba-3.2.4 on Solaris 9 for sparc. #building openldap CC=gcc #echo $CC #exit CPPFLAGS=-I/usr/local/include -I/usr/local/ssl/include -I/usr/local/BerkeleyDB.4.2/include -I/usr/local/include/sasl LDFLAGS=-L/usr/local/lib -L/usr/local/ssl/lib -L/usr/local/BerkeleyDB.4.2/lib export CC CPPFLAGS LDFLAGS # CFLAGS='-D_AVL_H' export CFLAGS # ./configure --enable-bdb make depend make install #end building openldap #build samba make clean ./configure --with-ldap --with-acl-support --with-ads --with-pam --with-winbind --with-krb5=/usr/local #make #make install #end build samba The samba script, configure, seems to be failing with the following: checking for LDAP support... yes checking ldap.h usability... yes checking ldap.h presence... yes checking for ldap.h... yes checking lber.h usability... yes checking lber.h presence... yes checking for lber.h... yes checking for ber_tag_t... yes checking for ber_scanf in -llber... yes checking for ber_sockbuf_add_io... yes checking for LDAP_OPT_SOCKBUF... yes checking for LBER_OPT_LOG_PRINT_FN... yes checking for ldap_init in -lldap... yes checking for ldap_set_rebind_proc... yes checking whether ldap_set_rebind_proc takes 3 arguments... 3 checking for ldap_initialize... no checking whether LDAP support is used... yes checking for Active Directory and krb5 support... yes checking for ldap_initialize... (cached) no configure: error: Active Directory support requires ldap_initialize -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Report this to [EMAIL PROTECTED], ldap_initialize error
Could this be why I am getting a problem with the initial configure? checking for Active Directory and krb5 support... yes checking for ldap_initialize... (cached) no configure: error: Active Directory support requires ldap_initialize SAMBA VERSION: 3.2.0 LIBREPLACE_LOCATION_CHECKS: START checking build system type... sparc-sun-solaris2.9 checking host system type... sparc-sun-solaris2.9 checking target system type... sparc-sun-solaris2.9 LIBREPLACE_LOCATION_CHECKS: END LIBREPLACE_CC_CHECKS: START checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for version of gcc... 3.4.6 checking how to run the C preprocessor... gcc -E checking for grep that handles long lines and -e... /usr/sfw/bin/ggrep checking for egrep... /usr/sfw/bin/ggrep -E checking for AIX... no checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... no checking for unistd.h... yes checking minix/config.h usability... no checking minix/config.h presence... no checking for minix/config.h... no checking whether it is safe to define __EXTENSIONS__... yes checking whether byte ordering is bigendian... yes checking for inline... inline checking for C99 designated initializers... yes checking for a BSD-compatible install... ./install-sh -c checking for library containing strerror... none required checking for special C compiler options needed for large files... no checking for _FILE_OFFSET_BITS value needed for large files... 64 checking standards.h usability... no checking standards.h presence... no checking for standards.h... no checking for long long... yes checking for int... yes checking size of int... 4 checking for char... yes checking size of char... 1 checking for short... yes checking size of short... 2 checking for long... yes checking size of long... 4 checking for long long... (cached) yes checking size of long long... 8 checking for uint_t... yes checking for int8_t... yes checking for uint8_t... yes checking for int16_t... yes checking for uint16_t... yes checking for int32_t... yes checking for uint32_t... yes checking for int64_t... yes checking for uint64_t... yes checking for size_t... yes checking for ssize_t... yes checking for off_t... yes checking size of off_t... 8 checking for size_t... (cached) yes checking size of size_t... 4 checking for ssize_t... (cached) yes checking size of ssize_t... 4 checking for intptr_t... yes checking for uintptr_t... yes checking for ptrdiff_t... yes checking for immediate structures... yes LIBREPLACE_CC_CHECKS: END checking for size_t... (cached) yes checking size of size_t... (cached) 4 checking for void *... yes checking size of void *... 4 checking that the C compiler understands -Wdeclaration-after-statement... yes checking that the C compiler understands -Werror-implicit-function-declaration... yes checking whether to use profiling... no checking for a BSD-compatible install... ./install-sh -c checking for gawk... no checking for mawk... no checking for nawk... nawk checking for perl... /bin/perl checking for ar... ar checking if the linker (ld) is GNU ld... no checking whether gcc and cc understand -c and -o together... yes checking that the C compiler understands -Werror... yes checking that the C compiler understands volatile... yes checking that the C compiler understands negative enum values... yes checking for C99 designated initializers... yes checking uname -s... SunOS checking uname -r... 5.9 checking uname -m... sun4u checking uname -p... sparc checking uname -i... SUNW,Sun-Blade-100 enabling large file support LIBREPLACE_BROKEN_CHECKS: START checking return type of signal handlers... void checking for uid_t in sys/types.h... yes checking for mode_t... yes checking for off_t... (cached) yes checking for size_t... (cached) yes checking for pid_t... yes checking for struct stat.st_rdev... yes checking for ino_t... yes checking for loff_t... no checking for offset_t... yes checking for working memcmp... yes checking for pipe... yes checking for strftime... yes checking for srandom... yes checking for random... yes checking for srand... yes checking for rand... yes checking for usleep... yes checking for setbuffer... yes checking for lstat... yes checking for getpgrp... yes checking stdbool.h usability... yes checking stdbool.h presence... yes checking for stdbool.h... yes checking for stdint.h... (cached) no checking sys/select.h usability... yes checking sys/select.h presence... yes checking for
[Samba] configure: error: Active Directory support requires ldap_initialize
Tried configure of samba-3.2.0 on Sparc Solaris 9 with the following line: ./configure --with-ldap --with-ads --with-pam --with-winbind --with-krb5=/usr/local $log 21 There is a problem where the following error is produced: configure: error: Active Directory support requires ldap_initialize I can use the same line on samba-3.0.10 and it compiles and works. $ ./configure --with-ldap --with-ads --with-pam --with-winbind --with-krb5=/us r/local configure:53590: checking for LDAP support configure:53635: checking ldap.h usability configure:53676: checking ldap.h presence configure:53744: checking for ldap.h configure:54061: checking for LDAP_OPT_SOCKBUF configure:54193: checking for ldap_init in -lldap configure:54226: gcc -o conftest -O -D_SAMBA_BUILD_=3 -D_LARGEFILE_SOURCE -D_RE ENTRANT -D_FILE_OFFSET_BITS=64 -Iinclude -I./include -I. -I. -I./lib/replace -I ./lib/talloc -I./lib/tdb/include -I./libaddns -I./librpc -I./popt -I/usr/include -lthread -L./bin -L/usr/lib conftest.c -lldap -llber -lresolv -ldl -lnsl - lsocket -liconv 5 configure:54288: checking for ldap_set_rebind_proc configure:54344: gcc -o conftest -O -D_SAMBA_BUILD_=3 -D_LARGEFILE_SOURCE -D_RE ENTRANT -D_FILE_OFFSET_BITS=64 -Iinclude -I./include -I. -I. -I./lib/replace -I ./lib/talloc -I./lib/tdb/include -I./libaddns -I./librpc -I./popt -I/usr/include -lthread -L./bin -L/usr/lib conftest.c -lldap -llber -lresolv -ldl -lnsl -l socket -liconv 5 configure:54379: checking whether ldap_set_rebind_proc takes 3 arguments configure:54445: checking for ldap_initialize configure:54501: gcc -o conftest -O -D_SAMBA_BUILD_=3 -D_LARGEFILE_SOURCE -D_RE ENTRANT -D_FILE_OFFSET_BITS=64 -Iinclude -I./include -I. -I. -I./lib/replace -I ./lib/talloc -I./lib/tdb/include -I./libaddns -I./librpc -I./popt -I/usr/include -lthread -L./bin -L/usr/lib conftest.c -lldap -llber -lresolv -ldl -lnsl -l socket -liconv -lldap -llber 5 ldap_initialize /var/tmp//ccCFZDlx.o | #define HAVE_LDAP_H 1 | #define HAVE_LDAP_SASL_WRAPPING 1 | #define HAVE_LDAP_INIT 1 | #define HAVE_LIBLDAP 1 | #define HAVE_LDAP_SET_REBIND_PROC 1 | #define LDAP_SET_REBIND_PROC_ARGS 3 | /* Define ldap_initialize to an innocuous variant, in case limits.h declares ldap_initialize. | #define ldap_initialize innocuous_ldap_initialize | which can conflict with char ldap_initialize (); below. | #undef ldap_initialize | char ldap_initialize (); | #if defined __stub_ldap_initialize || defined __stub___ldap_initialize | return ldap_initialize (); configure:54547: checking whether LDAP support is used configure:54725: checking for ldap_initialize configure:54817: error: Active Directory support requires ldap_initialize ac_cv_func_ext_ldap_initialize=no ac_cv_func_ext_ldap_set_rebind_proc=yes ac_cv_header_ldap_h=yes ac_cv_lib_ext_ldap=yes ac_cv_lib_ext_ldap_ldap_init=yes samba_cv_HAVE_LDAP_OPT_SOCKBUF=yes smb_ldap_cv_ldap_set_rebind_proc=3 CPPFLAGS=' -D_LARGEFILE_SOURCE -D_REENTRANT -D_FILE_OFFSET_BITS=64 -Iinclude -I. /include -I. -I. -I./lib/replace -I./lib/talloc -I./lib/tdb/include -I./libaddn s -I./librpc -I./popt -I/usr/include -DLDAP_DEPRECATED' LDAP_LIBS='-lldap -llber ' LDBLDAP='' SMBLDAP='lib/smbldap.o' SMBLDAPUTIL='lib/smbldap_util.o' #define HAVE_LDAP_H 1 #define HAVE_LDAP_SASL_WRAPPING 1 #define HAVE_LDAP_INIT 1 #define HAVE_LIBLDAP 1 #define HAVE_LDAP_SET_REBIND_PROC 1 #define LDAP_SET_REBIND_PROC_ARGS 3 #define HAVE_LDAP 1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba file access speed test
Does anyone know of any file access speed testing tools for use in testing samba shares? Have someone in my office who is looking to gather metrics and test performance. Thanks, Wayne -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
FW: [Samba] Followup Restricting to a subset of the domain controllers on a site
-Original Message- From: Wayne Rasmussen Sent: Friday, June 01, 2007 11:01 AM To: 'Gerald (Jerry) Carter' Subject: RE: [Samba] Followup Restricting to a subset of the domain controllers on a site Noticed a couple of changes with Samba-3.0.25 and wondered if I am doing something wrong or if it is a side-effect. attached three files: smb.conf, samba-3.0.10.log, samba-3.0.25.log Compiled the new samba-3.0.25 release to replace our previous samba-3.0.10 on a Solaris 9 server. The AD Domain Controller is a Windows 2000 system and is on my test lab. Testing it before putting it in the production environment. Our samba startup scripts basically run as follows: /usr/local/bin/kinit [EMAIL PROTECTED] /etc/DII.kinitkey #where /etc/DII.kinitkey is the password for [EMAIL PROTECTED] #we can't get a keytab file in the real world situation. /usr/local/samba/bin/net ads join /usr/sfw/sbin/smbd -D /usr/sfw/sbin/nmbd -D /usr/local/samba/sbin/winbindd -B We have been using the above proceedure for 3+ years. Problems/Issues: #1) With Samba-3.0.25, when /usr/local/samba/bin/net ads join runs we are now getting a prompt for a password. This can be seen in the file samba-3.0.25.log as: Password for [EMAIL PROTECTED]: Password: If I type in the password for [EMAIL PROTECTED], we get the following error message: [2007/05/31 14:00:02, 0] libsmb/cliconnect.c:cli_session_setup_spnego(853) Kinit failed: Client not found in Kerberos database Failed to join domain: Improperly formed account name If I just hit return it continues. This is what I did in the samba-3.0.25.log. Any ideas why this happens now? #2) klist shows a difference between samba-3.0.10 and samba-3.0.25. Samba-3.0.10 has the following: Valid starting ExpiresService principal 05/30/07 19:20:14 05/31/07 05:20:14 krbtgt/[EMAIL PROTECTED] renew until 05/31/07 19:20:14 05/30/07 19:20:14 05/31/07 05:20:14 [EMAIL PROTECTED] renew until 05/31/07 19:20:14 05/30/07 19:20:14 05/31/07 05:20:14 kadmin/[EMAIL PROTECTED] renew until 05/31/07 19:20:14 Samba-3.0.25 has the following: Valid starting ExpiresService principal 05/31/07 13:38:31 05/31/07 23:38:31 krbtgt/[EMAIL PROTECTED] renew until 06/01/07 13:38:31 05/31/07 13:38:32 05/31/07 23:38:31 [EMAIL PROTECTED] renew until 06/01/07 13:38:31 Does this matter? is kadmin/[EMAIL PROTECTED] required? Thank you for your time and effort on this! Wayne -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Restricting to a subset of the domain controllers on a site
What version of Samba are you running? We are running samba-3.0.10 on Solaris 9. How are they enforcing this requirement on the Windows clients? Using AD Sites top group DCs? Their Answer: Those other servers, while part of the domain are part of a separate site used for exchange services. They referred to the following links: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technolog ies/directory/activedirectory/stepbystep/adsrv.mspx http://technet.microsoft.com/en-us/library/bb124367.aspx So when the server boots and runs: /usr/local/bin/kinit [EMAIL PROTECTED] /usr/local/samba/bin/net ads join What determines which DCs are granting tickets/authenticating? /etc/krb5.conf doesn't seem to be the limiting factor as in this case we got machines not in krb5.conf. They are basically telling us that samba needs to limit which DCs it is using for lookup. This seems counter intuitive to me. -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 30, 2007 5:36 AM To: Wayne Rasmussen Cc: samba@lists.samba.org Subject: Re: [Samba] Restricting to a subset of the domain controllers on a site -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wayne Rasmussen wrote: They are telling us that we must restrict to only authenticating to the domain controllers: DC1a DC2a DC3a DC4a What version of Samba are you running? Is there a way to do this? Is their request unreasonable? How are they enforcing this requirement on the Windows clients? Using AD Sites top group DCs? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGXW/DIR7qMdg1EfYRAp5SAJ9k0cpWsNRA6Itf3kDkx5CN4by++QCdHnqj Hx0OJr/mJOvgvnHEmoXi0YY= =FUhH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Restricting to a subset of the domain controllers on a site
Is there any settings in smb.conf file which are required for this? Thanks, Wayne -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 30, 2007 11:23 AM To: Wayne Rasmussen Cc: samba@lists.samba.org Subject: Re: [Samba] Restricting to a subset of the domain controllers on a site -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wayne, How are they enforcing this requirement on the Windows clients? Using AD Sites top group DCs? Their Answer: Those other servers, while part of the domain are part of a separate site used for exchange services. Support for AD sites was introduced in the Samba 3.0.25 series. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGXcESIR7qMdg1EfYRAtK0AJ9ET3SlQM4aboN4JY2Yv6NAqX+MpACgy26T NCzGaN2FhHYAmMoDoB0F6p8= =dKty -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Restricting to a subset of the domain controllers on a site
Had a situation where users could not map drives from Windows XP to
Solaris 9 system running Samba-3.0.10 for Active Directory. This
system has been running for a couple of years without problems. Now
recently, the site administrators have added some new servers to the
domain which may have introduced a problem.
This krb5.conf file has been modified to hide the site in question.
[libdefaults]
default_realm = sanatized
default_tgs-enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
default_tkt-enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
default_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
[realms]
sanatized = {
kdc = DC1a.sanatized
kdc = DC2a.sanatized
kdc = DC3a.sanatized
kdc = DC4a.sanatized
admin_server = DC3a.sanatized
}
[domain_realm]
.sanatized = sanatized
sanatized = sanatized
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
admin_server = FILE:/var/log/kadmin.log
kdc_rotate = {
# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.
period = 1d
# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1,
...)
versions = 10
}
[appdefaults]
kinit = {
renewable = true
forwardable= true
}
gkadmin = {
help_url =
http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195
}
So the system is expecting to see the following Domain Controllers:
DC1a DC2a DC3a DC4a
However, when users were experiencing problems, we saw the following
when
klist was run.
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting ExpiresService principal
05/29/07 11:04:53 05/29/07 21:04:53 krbtgt/[EMAIL PROTECTED]
renew until 05/30/07 11:04:53
05/29/07 11:05:09 05/29/07 21:04:53 [EMAIL PROTECTED]
renew until 05/30/07 11:04:53
05/29/07 11:05:09 05/29/07 11:07:09 kadmin/[EMAIL PROTECTED]
renew until 05/29/07 11:07:09
Kerberos 4 ticket cache: /tmp/tkt0
The line that concerns me is:
05/29/07 11:05:09 05/29/07 21:04:53 [EMAIL PROTECTED]
renew until 05/30/07 11:04:53
Anytime a DC other than DC1a DC2a DC3a DC4a gets used, users have
problems
mapping drives.
We had no record of a domain controller named exchgc01a in the
environment.
The admins have recently added a number of servers which they are saying
they are catalog servers as part of their exchange setup and should not
be used for authentication at all. The domain controllers they have
added
are: EXCHGC01A EXCHGC02A EXCHGC03A EXCHGC04A DC1SE DC2SE
They are telling us that we must restrict to only authenticating to the
domain controllers: DC1a DC2a DC3a DC4a
Is there a way to do this? Is their request unreasonable?
There is a password server setting, but is that good enough and can you
give it more than a single machine? What if the machine is down for an
unscheduled problem?
Personally, I don't think the new servers should be issuing tickets if
they are not used for authentication. They just called be and will
checking to see if that is the case...
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba-3.0.25 Solaris 8, smbd
Sorry about that. The issue is that smbd doesn't run. -Original Message- From: Wayne Rasmussen [mailto:[EMAIL PROTECTED] Sent: Sunday, May 20, 2007 11:41 AM To: samba@lists.samba.org Subject: [Samba] Samba-3.0.25 Solaris 8, smbd Built using: ./configure make make install Exit status when running /usr/local/samba/sbin/smbd -d10 -D is 0. # Samba config file created using SWAT # from 10.10.10.5 (10.10.10.5) # Date: 2006/06/28 10:47:07 # Global parameters [global] workgroup = MONARCHW server string = Ultra 60 guest account = none username map = /usr/local/samba/lib/users.map log level = 10 log file = /usr/local/samba/var/log.%m max log size = 50 dns proxy = No ldap ssl = no nt acl support = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-3.0.25 Solaris 8, smbd
Built using: ./configure make make install Exit status when running /usr/local/samba/sbin/smbd -d10 -D is 0. # Samba config file created using SWAT # from 10.10.10.5 (10.10.10.5) # Date: 2006/06/28 10:47:07 # Global parameters [global] workgroup = MONARCHW server string = Ultra 60 guest account = none username map = /usr/local/samba/lib/users.map log level = 10 log file = /usr/local/samba/var/log.%m max log size = 50 dns proxy = No ldap ssl = no nt acl support = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-3.0.24 patched drive mapping prompting for username/password and fails..
This weekend upgraded a Solaris 9 system which has been using samba-3.0.10 for a while without any problems to version 24 with patches applied. When Samba-3.0.10 is running, can browse to share as well as map it without getting any prompts or failures. Under 3.0.24, get prompted for username and password and still not allowed into share. User is on Windows XP professional and AD server is Windows 2000 Server. [global] hide unreadable = Yes workgroup = adtestnetbios realm = adtest.com security = ADS encrypt passwords = yes log level = 4 idmap uid = 1-35000 idmap gid = 1-35000 winbind enum users = yes winbind enum groups = yes template homedir = /u/%U template shell = /bin/csh winbind use default domain = yes winbind cache time = 600 client schannel = no username map = /usr/local/samba/lib/users.map [u] comment = Monarch's u directory path = /u public = no create mask = 0660 read only = No directory mask = 0770 browseable = Yes force group = group valid users = root,monarch,@xyzusers [public] comment = Monarch's public directory public = no path = /u/public read only = No create mask = 0660 directory mask = 0770 browseable = Yes force group = group valid users = root,monarch,@xyzusers [user] comment = User's home directory path = /u/%U writable = yes public = no create mask = 0660 directory mask = 0770 browseable = Yes force group = group valid users = root,monarch,@xyzusers [stock] comment = Monarch's stock directory path = /u/stock read only = no public = no create mask = 0660 directory mask = 0770 browseable = Yes force group = group valid users = root,monarch,@xyzusers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Failed to set servicePrincipalNames error
This weekend upgraded a Solaris 9 system which has been using samba-3.0.10 for a while without any problems to version 24 with patches applied. When joining the domain there is a Failed to set servicePrincipalNames error message. It seems that the /etc/nsswitch.conf is being ignored, but I can't be 100% certain of that. As a workaround had to change /etc/inet/hosts from: 10.10.10.91 mcsjump loghost to: 10.10.10.91 mcsjump.adtest.com mcsjump loghost Will be doing further testing... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba]Daylight Savings time change
In August 2005, the Congress passed and the President signed into law the Energy Policy Act of 2005. Among many other important energy saving measures, this law changes the start and end dates of Daylight Saving Time (DST). Beginning in 2007, DST will begin three weeks earlier (March 11, 2007) and end one week later (November 4, 2007). I know that Solaris and Java need to be patched for this. Does anyone know if any version of Samba or related libraries (ex: openLDAP, gcc, etc) need to be updated for this change? My company is still using Samba-3.0.10 for Active Directory because it just works. BTW, my list of software to build samba for AD is: cyrus-sasl-2.1.19 krb5-1.3.5 openldap-2.2.17 samba-3.0.10 gcc_small-3.4.1 libiconv-1.8 tk-8.4.6 tcl-8.4.6 db-4.2.52.NC openssl-0.9.7d make-3.80 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba]Daylight Savings time change
-Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Monday, February 05, 2007 2:21 PM To: Wayne Rasmussen Cc: samba@lists.samba.org Subject: Re: [Samba]Daylight Savings time change On Mon, Feb 05, 2007 at 01:06:33PM -0800, Wayne Rasmussen wrote: In August 2005, the Congress passed and the President signed into law the Energy Policy Act of 2005. Among many other important energy saving measures, this law changes the start and end dates of Daylight Saving Time (DST). Beginning in 2007, DST will begin three weeks earlier (March 11, 2007) and end one week later (November 4, 2007). I know that Solaris and Java need to be patched for this. Does anyone know if any version of Samba or related libraries (ex: openLDAP, gcc, etc) need to be updated for this change? My company is still using Samba-3.0.10 for Active Directory because it just works. The glibc patch should take care of this. Jeremy. Anyone got a link to this patch for Solaris sparc? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows 2003 Domain Servers going down. What to expect.
Got an odd situation, wondering if there is something abnormal going on or not. There is a site where we run Solaris 9 with Samba-3.0.10 and the Network staff running Active Directory on Windows 2003 Servers - SP1. They have 6 Dc, but, for whatever reason, one of the people has been shutting down DC #5 several times a day this week. When this happens, our servers don't seem very happy with it. If you go to the directory where the homedirs are and do ls -l, some of the users you will get their UID number on their homedirectory rather than their login/username. Should samba be able to handle this situation? Is there any time delay to be expect while we recover? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Solaris9 + samba-3.0.10 UIDs and ProcessIDs
We are running SAMBA-3.0.10 under Solaris9 in an environment which is using windows2000/2003 AD servers. Our lead developer is asking why when he runs ps -ef the UID numbers are given as numbers rather than the descriptive output for accounts which are in the AD? A user who is in the local password file will show the login in the UID field bur will only have a number in the case of and AD user. Is his settings in the nsswitch.conf file wrong? His nsswitch.conf file is set as: passwd: files winbind group: files winbind hosts: files dns winbind -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] User gets access denied after changed AD password
Have a situation that just started. AD Server as PDC: Windows 2003/2000 server User's PC: Windows XP Pro Server: Solaris 9, samba-3.0.10 for AD. This user has been working fine the past 90 days until today when he is forced due to AD password aging rules to enter a new password to logon to his AD Domain. Since this change, he is unable to map drives to the Sun Server. new view //server is getting error 5 (IIRC, invalid password). Is there something caching the password on the sun side? It should be using the AD for this... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Joining a domain with a non-administrator account
In Active Directory, make sure the console is view-Advance Features. In the OU there should be a computer account for this machine. Open it and go to the security tab. Click on the add button, then add the user you are using with kinit. Go to the permissions section for this user, make sure he has the following permissions or checked to allow: Read, Write, Reset Password, Validate Write to DNS Hostname, Validate Write to Service Principal Name. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Sonenberg Sent: Tuesday, February 08, 2005 8:14 AM To: samba@lists.samba.org Subject: [Samba] Joining a domain with a non-administrator account I'm trying to set it up so I can join the domain with a regular user that is part of the domain admin group. I have a user dsonenberg that is in the domain admin group(512), but I can't join the domain with that account. For the record I can login with that account and Administrator can join the domain. The PDC has an LDAP backend. Here's the log. 2005/02/08 10:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/02/08 10:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/02/08 10:26:25, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: dsonenberg [2005/02/08 10:26:25, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011) init_group_from_ldap: Entry found for group: 512 [2005/02/08 10:26:25, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [dsonenberg] - [dsonenberg] - [dsonenberg] succeeded [2005/02/08 10:26:25, 2] smbd/server.c:exit_server(571) Closing connections [2005/02/08 10:26:26, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/02/08 10:26:26, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/02/08 10:26:26, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: dsonenberg [2005/02/08 10:26:26, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011) init_group_from_ldap: Entry found for group: 512 [2005/02/08 10:26:26, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [dsonenberg] - [dsonenberg] - [dsonenberg] succeeded [2005/02/08 10:26:26, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain STROZLLC - S-1-5-21-1001378032-4272845324-1772824492 [2005/02/08 10:26:26, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) [2005/02/08 10:26:26, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain STROZLLC - S-1-5-21-1001378032-4272845324-1772824492 [2005/02/08 10:26:26, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010) [2005/02/08 10:26:26, 2] smbd/server.c:exit_server(571) Closing connections -- David Sonenberg Systems / Network Administrator Stroz Friedberg, LLC 15 Maiden Lane 15th Floor New York, NY 10038 212.981.6527 (o) | 917.495.4918 (c) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Only primary group being used for AD user?
We had 112960-20. Grabbing the new one. Thanks, wayne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Reinhard Sojka Sent: Friday, January 07, 2005 5:57 AM To: Wayne Rasmussen Cc: samba@lists.samba.org Subject: [Samba] Only primary group being used for AD user? Hi Wayne, The user wjr on a Window XP Pro box can browse to the server, access the /u share, but gets \\servername\public not accessible message. Is this a bug? It seems that samba can only use a single group for a given userid... BTW.We are running Samba 3.0.9 on Solaris 9. which revision of Patch-ID 112960 are you running? There have been several Problems with this Patch-ID in combination with Samba and OpenLDAP libraries and Winbind. See http://at.samba.org/samba/docs/man/Samba-HOWTO-Collection/Port ability.html#id2597614 and http://lists.samba.org/archive/samba/2004-December/097625.html Latest revision is 112960-22. hope this helps, Reinhard -- Reinhard Sojka [EMAIL PROTECTED] System- Networkadmin Parlamentsdirektion +43 1 40110 2824 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SAMBA] Only primary group being used for AD user?
In my test AD adtest.com we have a user wjr who is a member of two groups: Domain Users, xyzusers We have two shares defined in the smb.conf file as follows: [global] workgroup = adtestnetbios realm = adtest.com security = ADS encrypt passwords = yes log level = 10 idmap uid = 1-35000 idmap gid = 1-35000 winbind enum users = yes winbind enum groups = yes template homedir = /u/%U template shell = /bin/csh winbind use default domain = yes [public] comment = User's sharing documents here. public = no path = /u/public read only = No create mask = 0660 directory mask = 0770 browseable = Yes [u] comment = main work area path = /u public = no create mask = 0660 read only = No directory mask = 0770 browseable = Yes The permissions on the two directories in the path are as follows: drwxr-xr-x 14 root root 512 Dec 12 15:17 u/ drwxrws--- 2 stockxyzusers 512 Dec 6 14:48 public/ A getent passwd for the user results in the following: getent passwd |grep wjr wjr:x:10023:1:wayne j rasmussen:/u/wjr:/bin/csh A getent group for the appropriate groups results in the following: Domain Users:x:1: xyzusers:x:10021:wjr log.smbd shows that the xyzusers is not being seen/used by samba. [2005/01/06 14:01:22, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 10023 Primary group is 1 and contains 1 supplementary groups Group[ 0]: 1 The user wjr on a Window XP Pro box can browse to the server, access the /u share, but gets \\servername\public not accessible message. Is this a bug? It seems that samba can only use a single group for a given userid... BTW.We are running Samba 3.0.9 on Solaris 9. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba - Joining AD and OU issues
Windows 2000 Server named adtest.com as PDC. Solaris 9 server with SAMBA 3.0.7. I am trying to get a handle on the OU issue I am having. Suppose the PDC adtest.com has 100 OU such as a1, a2, a3, ..., a98, a99, a100. On the Solaris Server I am doing: kinit [EMAIL PROTECTED] type in Administrator password nmbd; smbd; winbindd -B net ads join When I do wbinfo -g or getent passwd I see all the accounts in all the OU. Suppose I only want one or two OUs? Imagine that I want a7 only, do I have to create a special account within OU a7 (such as a7adadmin) and use kinit a7adadmin? If so, then what do I need to have specifically two OUs, a7 and a12? The second question I have is that kinit always prompts for a password is there a better way to do this? Thank you, Wayne -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Host bases protection
In the hosts.allow entry for samba 3+, is there still a limit of localhost + 2 private networks? If so, Are there any plans to extend this? Otherwise, what is the current limit? Currently I have a situation where 10+ ranges are needed so if 2 is the limit we are stuck. Thanks, Wjrasmussen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] hosts.allow
In the smb.conf file, are there any restrictions on how many ranges of IP can be placed in this list? In the hosts.deny, 0.0.0.0/0 is the setting to block all ip addresses? Thanks, Wayne -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] help with charsets
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Bjoern JACKE
Sent: Wednesday, November 19, 2003 3:56 AM
To: Roger D. Vargas; [EMAIL PROTECTED]
Subject: Re: [Samba] help with charsets
On 2003-11-18 at 07:52 -0500 Roger D. Vargas sent off:
I need urgent help with a charset problem. After upgrading
to samba 3 my users
can use files with spanish characters (á ñ). The name is
truncated at the
first strange character and the rest of the name is
replaced by _. Users
cant access the file or rename it.
After digging the docs I found that I must specify the
correct dos charset.
Can somebody tell me the carset name to enable this characters?
more important might be unix charset. Try cp850 if you did not have
character set set in samba 2.x. Better is renaming all files to
utf-8 with convmv and leave the unix charset default which is
utf-8.
Try making the following change to the source code.
In samba-3.0.0/source/lib/module.c
Change:
handle = sys_dlopen(module_name, RTLD_LAZY);
if(!handle) {
int level = is_probe ? 3 : 0;
DEBUG(level, (Error loading module '%s': %s\n, module_name,
sys_dlerror()));
return NT_STATUS_UNSUCCESSFUL;
}
To:
handle = sys_dlopen(module_name, RTLD_LAZY);
if(!handle) {
int level = is_probe ? 3 : 0;
#if 0
DEBUG(level, (Error loading module '%s': %s\n, module_name,
sys_dlerror()));
#else
error = sys_dlerror();
if (error) {
DEBUG(level, (Error loading module '%s':
%s\n,module_name,error));
}
#endif
return NT_STATUS_UNSUCCESSFUL;
}
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Why are the binaries so huge?
After you configure, in the source/Makefile change the line: CFLAGS= -g -O2 to: CFLAGS= -O2 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Erik Tews Sent: Thursday, August 28, 2003 11:52 AM To: Paul Coray Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Why are the binaries so huge? On Thu, Aug 28, 2003 at 05:36:28PM +0200, Paul Coray wrote: Hi list I just compiled 3.0rc1 on Solaris 9 (UltraSparc IIe) with gcc 3.3. Seems to work fine but I am surprised by the enormous size of the binaries: Did you run strip on them? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Why are the binaries so huge?
True. But it still answers the original question. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Paul Eggleton Sent: Thursday, August 28, 2003 1:53 PM To: [EMAIL PROTECTED] Subject: RE: [Samba] Why are the binaries so huge? Wayne Rasmussen wrote on Friday, 29 August 2003 7:46 a.m.: After you configure, in the source/Makefile change the line: CFLAGS= -g -O2 to: CFLAGS= -O2 One would assume that this option is included in the beta/RC releases to allow debugging. If you wish to report any crash-type bugs I suggest you leave this option in. Cheers, Paul - Paul Eggleton Ph:+64-9-4154790 Software Developer Fax: +64-9-4154791 CJN Technologies Ltd. DDI: +64-9-4154795 http://www.cjntech.co.nz Email: [EMAIL PROTECTED] - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Logging request
Someone at work here asked me if it is possible to log, on a per share or just a single share out of a group of shares, any write activity. We have setup a special share for a bean counter and his staff and he wants to document when his people are making changes to their files on that share... wayne -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SWAT on 3.0.0beta2
I can verify this problem. Here is my before and after size on the smb.conf file: 10459 Jul 14 10:42 smb.conf 1666 Jul 14 10:43 smb.conf wayne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Hall, Ken (IDS ECCS) Sent: Monday, July 14, 2003 5:21 AM To: '[EMAIL PROTECTED]' Subject: RE: [Samba] SWAT on 3.0.0beta2 I tried that. It wrote out a partial smb.conf, omitting my wins server parameter. I'll try it some more. -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2003 4:02 PM To: Hall, Ken (IDS ECCS) Cc: '[EMAIL PROTECTED]' Subject: Re: [Samba] SWAT on 3.0.0beta2 On Fri, 11 Jul 2003, Hall, Ken (IDS ECCS) wrote: How do you get to the GLOBALS/Advanced list? The radio buttons don't seem to do anything, and nothing I tried refreshes the page with Advanced instead of Basic. Click on 'Avanced' then 'Commit' - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Solaris 9 compilation with openldap
Solaris 9 Compiler gcc-3.3 Wanting to compile samba-3.0.0beta1 with ldap openldap openldap-2.1.21 The environment that this will in will have a windows 2000 system as the controller. We do not want the solaris box as the controller. Need to have the openldap libraries to compile with samba. There seems to be 4 types of openldap configurations: Base system (libraries and tools), SLAPD, SLURPD, CLIENTS/CONTRIB. It seems that all I would need is the base system to create the libraries to use with samba-3.0.beta1. Does anyone know the appropriate configure settings to get this done? Not sure that I need the SLAPD, SLURPD, or clients at all. There seems to be extra work involved and not sure if the effort is worth it: SLAPD: BDB backend requires Sleepycat Berkeley DB 4.1 LDBM backend requires a compatible database manager [Berkeley DB, GDBM, etc.] SLURPD: LTHREAD compatible thread package [POSIX threads, Mach Cthreads, select others] CLIENTS/CONTRIB ware: Depends on package. See per package README. Have anyone gotten samba-3.0beta1 to run on solaris 9? thanks, wayne -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
