Re: [SCM] Samba Shared Repository - branch master updated
On 1/4/2024 7:46 AM, Stefan Metzmacher wrote: @@ -3905,7 +3937,24 @@ static int moveip(TALLOC_CTX *mem_ctx, struct ctdb_context *ctdb, return ret; } - return 0; + /* +* It isn't strictly necessary to wait until takeover runs are +* re-enabled but doing so can't hurt. +*/ + ret = disable_takeover_runs(mem_ctx, + ctdb, + 0, + connected_pnn, + connected_count); + if (ret != 0) { + fprintf(stderr, "Failed to enable takeover runs\n"); + return ret; + } Message should be "Failed to disable takeover runs\n" like previous change at 3886.
Re: [SCM] Samba Shared Repository - branch master updated
The delete should be "rm -f build/DTD/samba.build.pathconfig" to match other uses. On 6/22/2022 12:44 PM, Andreas Schneider wrote: > diff --git a/docs-xml/Makefile b/docs-xml/Makefile > index c614097f6c0..ae50b14d79a 100644 > --- a/docs-xml/Makefile > +++ b/docs-xml/Makefile > @@ -17,7 +17,7 @@ DBLATEX_OPTIONS = -p xslt/latex.xsl -i xslt/latex > > DATETIME := $(shell date +%Y%m%d%H%M%S) > > -XSLTPROC_DEPS = build/catalog.xml build/DTD/samba.build.version > +XSLTPROC_DEPS = build/catalog.xml build/DTD/samba.build.version > build/DTD/samba.build.pathconfig > > ifeq ($(PROFILE), Y) > XSLTPROC += --profile --load-trace --timing > @@ -57,6 +57,7 @@ clean:: > rm -f xslt/figures/*pdf > rm -f $(SMBDOTCONFDOC)/parameters.*.xml > rm -f build/catalog.xml > + rm -f DTD/samba.build.pathconfig
[Samba] Joining samba4 as a DC to Windows Server 2012 active directory
Hello all, I am attempting to join samba4 to my current domain which is controlled by a Windows 2012 Active Directory Server. When following the instructions on the official WIKI: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC I am able to do a kinit administrator, which then gives me a ticket which I can see via klist. The problem is that once I run the command: # bin/samba-tool domain join samba.example.com DC -Uadministrator --realm=samba.example.com It does not work. I get the following error: DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567, 'WERR_DS_INCOMPATIBLE_VERSION') Could this be because of the version of AD? I can't find much around compatibility of this version of Windows. Any help is greatly appreciated. Here is the full debug: 1. ./samba-tool domain join example.com DC -Uadministrator --realm= example.com 2. Finding a writeable DC for domain 'example.com' 3. Found DC dc01.example.com 4. Password for [WORKGROUP\administrator]: 5. workgroup is EXAMPLE 6. realm is example.com 7. checking sAMAccountName 8. Deleted CN=DC02,CN=Computers,DC=example,DC=com 9. Adding CN=DC02,OU=Domain Controllers,DC=example,DC=com 10. Adding CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com 11. Adding CN=NTDS Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com 12. DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567, 'WERR_DS_INCOMPATIBLE_VERSION') 13. Join failed - cleaning up 14. checking sAMAccountName 15. Deleted CN=DC02,OU=Domain Controllers,DC=example,DC=com 16. Deleted CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com 17. ERROR(runtime): uncaught exception - DsAddEntry failed 18. File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run 19. return self.run(*args, **kwargs) 20. File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 552, in run 21. machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) 22. File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 1104, in join_DC 23. ctx.do_join() 24. File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 1007, in do_join 25. ctx.join_add_objects() 26. File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 525, in join_add_objects 27. ctx.join_add_ntdsdsa() 28. File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 458, in join_add_ntdsdsa 29. ctx.DsAddEntry([rec]) 30. File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 421, in DsAddEntry 31. raise RuntimeError(DsAddEntry failed) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Following symlinks
On 12/14/2012 11:12 PM, James Pifer wrote: I'm struggling with following symlinks with samba on the recent versions. I cannot use mount -bind as I've seen others suggest. This is for my mythtv backend, so I'm using the rename script to create nice names for the recordings. Anyway, I can map the drive from Windows XP and Windows 7, and see symlinked files, but I cannot open or copy them as I used to be able to do. My system is opensuse 12.2. My smb.conf looks like: [global] unix extensions = no workgroup = WORKGROUP printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: usershare allow guests = No wins server = wins support = No [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = Yes inherit acls = Yes follow symlinks = Yes wide links = Yes Thanks, James bump... Can anyone help me here? Thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Following symlinks
I'm struggling with following symlinks with samba on the recent versions. I cannot use mount -bind as I've seen others suggest. This is for my mythtv backend, so I'm using the rename script to create nice names for the recordings. Anyway, I can map the drive from Windows XP and Windows 7, and see symlinked files, but I cannot open or copy them as I used to be able to do. My system is opensuse 12.2. My smb.conf looks like: [global] unix extensions = no workgroup = WORKGROUP printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: usershare allow guests = No wins server = wins support = No [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = Yes inherit acls = Yes follow symlinks = Yes wide links = Yes Thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] IIS authentication
I have setup samba to share a local filesystem with the following config: [global] smb ports = 139 workgroup = WORKGROUP server string = %h server (Samba, Ubuntu) dns proxy = no log level = 255 debug timestamp = yes log file = /var/log/samba/log.%m max log size = 1000 syslog = 1 panic action = /usr/share/samba/panic-action %d encrypt passwords = no security = user obey pam restrictions = yes usershare allow guests = no load printers = no show add printer wizard = no printcap name = /dev/null disable spoolss = yes [web] path = /isp/web/ read only = no guest ok = no browseable = yes create mask = 0600 directory mask = 0700 I also have a windows machine to import it. If I import in windows explorer it works fine and the logs show: [2012/10/08 13:18:34.638730, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [WIN-K7GH3RR6OCJ]\[1641]@[win-k7gh3rr6ocj] with the new password interface [2012/10/08 13:18:34.638739, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [DEV-WEB1]\[1641]@[win-k7gh3rr6ocj] [2012/10/08 13:18:34.638747, 10] auth/auth.c:228(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2012/10/08 13:18:34.638754, 10] auth/auth.c:230(check_ntlm_password) challenge is: [2012/10/08 13:18:34.638760, 5] ../lib/util/util.c:278(_dump_data) [] 62 C8 5D A5 AD CA DD 2Cb.], [2012/10/08 13:18:34.638774, 10] auth/auth.c:256(check_ntlm_password) check_ntlm_password: guest had nothing to say [2012/10/08 13:18:34.638783, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/10/08 13:18:34.638793, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/10/08 13:18:34.638801, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/10/08 13:18:34.638808, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2012/10/08 13:18:34.638815, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/10/08 13:18:34.638828, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user 1641 [2012/10/08 13:18:34.638836, 5] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is 1641 [2012/10/08 13:18:34.859941, 5] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals did find user [1641]! [2012/10/08 13:18:34.859987, 4] auth/pass_check.c:679(pass_check) pass_check: Checking (PAM) password for user 1641 (l=1) [2012/10/08 13:18:34.860010, 4] auth/pampass.c:472(smb_pam_start) smb_pam_start: PAM: Init user: 1641 [2012/10/08 13:18:34.862743, 4] auth/pampass.c:489(smb_pam_start) smb_pam_start: PAM: setting rhost to: 64.251.188.225 [2012/10/08 13:18:34.862764, 4] auth/pampass.c:498(smb_pam_start) smb_pam_start: PAM: setting tty [2012/10/08 13:18:34.862772, 4] auth/pampass.c:506(smb_pam_start) smb_pam_start: PAM: Init passed for user: 1641 [2012/10/08 13:18:34.862779, 4] auth/pampass.c:523(smb_pam_auth) smb_pam_auth: PAM: Authenticate User: 1641 [2012/10/08 13:18:34.862862, 4] auth/pampass.c:545(smb_pam_auth) smb_pam_auth: PAM: User 1641 Authenticated OK [2012/10/08 13:18:34.862874, 4] auth/pampass.c:564(smb_pam_account) But when I try to access a webpage through IIS which is also configured to access this network share it fails and I see this in the logs: [2012/10/08 13:16:09.600154, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [WIN-K7GH3RR6OCJ]\[1641]@[win-k7gh3rr6ocj] with the new password interface [2012/10/08 13:16:09.600163, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [DEV-WEB1]\[1641]@[win-k7gh3rr6ocj] [2012/10/08 13:16:09.600170, 10] auth/auth.c:228(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2012/10/08 13:16:09.600177, 10] auth/auth.c:230(check_ntlm_password) challenge is: [2012/10/08 13:16:09.600184, 5] ../lib/util/util.c:278(_dump_data) [] D9 C9 AA F1 93 54 39 AD.T9. [2012/10/08 13:16:09.600197, 10] auth/auth.c:256(check_ntlm_password) check_ntlm_password: guest had nothing to say [2012/10/08 13:16:09.600211, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/10/08 13:16:09.600219, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/10/08 13:16:09.600227, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/10/08 13:16:09.600234, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2012/10/08 13:16:09.600240, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/10/08 13:16:09.600254, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user
Re: [Samba] IIS authentication
I found the problem, it appears IIS is sending an empty password On Mon, Oct 8, 2012 at 1:36 PM, James Devine fxmul...@gmail.com wrote: I have setup samba to share a local filesystem with the following config: [global] smb ports = 139 workgroup = WORKGROUP server string = %h server (Samba, Ubuntu) dns proxy = no log level = 255 debug timestamp = yes log file = /var/log/samba/log.%m max log size = 1000 syslog = 1 panic action = /usr/share/samba/panic-action %d encrypt passwords = no security = user obey pam restrictions = yes usershare allow guests = no load printers = no show add printer wizard = no printcap name = /dev/null disable spoolss = yes [web] path = /isp/web/ read only = no guest ok = no browseable = yes create mask = 0600 directory mask = 0700 I also have a windows machine to import it. If I import in windows explorer it works fine and the logs show: [2012/10/08 13:18:34.638730, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [WIN-K7GH3RR6OCJ]\[1641]@[win-k7gh3rr6ocj] with the new password interface [2012/10/08 13:18:34.638739, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [DEV-WEB1]\[1641]@[win-k7gh3rr6ocj] [2012/10/08 13:18:34.638747, 10] auth/auth.c:228(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2012/10/08 13:18:34.638754, 10] auth/auth.c:230(check_ntlm_password) challenge is: [2012/10/08 13:18:34.638760, 5] ../lib/util/util.c:278(_dump_data) [] 62 C8 5D A5 AD CA DD 2Cb.], [2012/10/08 13:18:34.638774, 10] auth/auth.c:256(check_ntlm_password) check_ntlm_password: guest had nothing to say [2012/10/08 13:18:34.638783, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/10/08 13:18:34.638793, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/10/08 13:18:34.638801, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/10/08 13:18:34.638808, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2012/10/08 13:18:34.638815, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/10/08 13:18:34.638828, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user 1641 [2012/10/08 13:18:34.638836, 5] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is 1641 [2012/10/08 13:18:34.859941, 5] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals did find user [1641]! [2012/10/08 13:18:34.859987, 4] auth/pass_check.c:679(pass_check) pass_check: Checking (PAM) password for user 1641 (l=1) [2012/10/08 13:18:34.860010, 4] auth/pampass.c:472(smb_pam_start) smb_pam_start: PAM: Init user: 1641 [2012/10/08 13:18:34.862743, 4] auth/pampass.c:489(smb_pam_start) smb_pam_start: PAM: setting rhost to: 64.251.188.225 [2012/10/08 13:18:34.862764, 4] auth/pampass.c:498(smb_pam_start) smb_pam_start: PAM: setting tty [2012/10/08 13:18:34.862772, 4] auth/pampass.c:506(smb_pam_start) smb_pam_start: PAM: Init passed for user: 1641 [2012/10/08 13:18:34.862779, 4] auth/pampass.c:523(smb_pam_auth) smb_pam_auth: PAM: Authenticate User: 1641 [2012/10/08 13:18:34.862862, 4] auth/pampass.c:545(smb_pam_auth) smb_pam_auth: PAM: User 1641 Authenticated OK [2012/10/08 13:18:34.862874, 4] auth/pampass.c:564(smb_pam_account) But when I try to access a webpage through IIS which is also configured to access this network share it fails and I see this in the logs: [2012/10/08 13:16:09.600154, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [WIN-K7GH3RR6OCJ]\[1641]@[win-k7gh3rr6ocj] with the new password interface [2012/10/08 13:16:09.600163, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [DEV-WEB1]\[1641]@[win-k7gh3rr6ocj] [2012/10/08 13:16:09.600170, 10] auth/auth.c:228(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2012/10/08 13:16:09.600177, 10] auth/auth.c:230(check_ntlm_password) challenge is: [2012/10/08 13:16:09.600184, 5] ../lib/util/util.c:278(_dump_data) [] D9 C9 AA F1 93 54 39 AD.T9. [2012/10/08 13:16:09.600197, 10] auth/auth.c:256(check_ntlm_password) check_ntlm_password: guest had nothing to say [2012/10/08 13:16:09.600211, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/10/08 13:16:09.600219, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/10/08 13:16:09.600227, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/10/08 13:16:09.600234, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL
Re: [Samba] IIS authentication
It might be nice to add a debug line somewhere in auth/pass_check.c around the if ((!*password) !lp_null_passwords()) check indicating a reason for the failure, or maybe a config option around DEBUG(100, (checking user=[%s] pass=[%s]\n, user, password)); instead of a precompiler #define On Mon, Oct 8, 2012 at 4:11 PM, James Devine fxmul...@gmail.com wrote: I found the problem, it appears IIS is sending an empty password On Mon, Oct 8, 2012 at 1:36 PM, James Devine fxmul...@gmail.com wrote: I have setup samba to share a local filesystem with the following config: [global] smb ports = 139 workgroup = WORKGROUP server string = %h server (Samba, Ubuntu) dns proxy = no log level = 255 debug timestamp = yes log file = /var/log/samba/log.%m max log size = 1000 syslog = 1 panic action = /usr/share/samba/panic-action %d encrypt passwords = no security = user obey pam restrictions = yes usershare allow guests = no load printers = no show add printer wizard = no printcap name = /dev/null disable spoolss = yes [web] path = /isp/web/ read only = no guest ok = no browseable = yes create mask = 0600 directory mask = 0700 I also have a windows machine to import it. If I import in windows explorer it works fine and the logs show: [2012/10/08 13:18:34.638730, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [WIN-K7GH3RR6OCJ]\[1641]@[win-k7gh3rr6ocj] with the new password interface [2012/10/08 13:18:34.638739, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [DEV-WEB1]\[1641]@[win-k7gh3rr6ocj] [2012/10/08 13:18:34.638747, 10] auth/auth.c:228(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2012/10/08 13:18:34.638754, 10] auth/auth.c:230(check_ntlm_password) challenge is: [2012/10/08 13:18:34.638760, 5] ../lib/util/util.c:278(_dump_data) [] 62 C8 5D A5 AD CA DD 2Cb.], [2012/10/08 13:18:34.638774, 10] auth/auth.c:256(check_ntlm_password) check_ntlm_password: guest had nothing to say [2012/10/08 13:18:34.638783, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/10/08 13:18:34.638793, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/10/08 13:18:34.638801, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/10/08 13:18:34.638808, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2012/10/08 13:18:34.638815, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/10/08 13:18:34.638828, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user 1641 [2012/10/08 13:18:34.638836, 5] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is 1641 [2012/10/08 13:18:34.859941, 5] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals did find user [1641]! [2012/10/08 13:18:34.859987, 4] auth/pass_check.c:679(pass_check) pass_check: Checking (PAM) password for user 1641 (l=1) [2012/10/08 13:18:34.860010, 4] auth/pampass.c:472(smb_pam_start) smb_pam_start: PAM: Init user: 1641 [2012/10/08 13:18:34.862743, 4] auth/pampass.c:489(smb_pam_start) smb_pam_start: PAM: setting rhost to: 64.251.188.225 [2012/10/08 13:18:34.862764, 4] auth/pampass.c:498(smb_pam_start) smb_pam_start: PAM: setting tty [2012/10/08 13:18:34.862772, 4] auth/pampass.c:506(smb_pam_start) smb_pam_start: PAM: Init passed for user: 1641 [2012/10/08 13:18:34.862779, 4] auth/pampass.c:523(smb_pam_auth) smb_pam_auth: PAM: Authenticate User: 1641 [2012/10/08 13:18:34.862862, 4] auth/pampass.c:545(smb_pam_auth) smb_pam_auth: PAM: User 1641 Authenticated OK [2012/10/08 13:18:34.862874, 4] auth/pampass.c:564(smb_pam_account) But when I try to access a webpage through IIS which is also configured to access this network share it fails and I see this in the logs: [2012/10/08 13:16:09.600154, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [WIN-K7GH3RR6OCJ]\[1641]@[win-k7gh3rr6ocj] with the new password interface [2012/10/08 13:16:09.600163, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [DEV-WEB1]\[1641]@[win-k7gh3rr6ocj] [2012/10/08 13:16:09.600170, 10] auth/auth.c:228(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2012/10/08 13:16:09.600177, 10] auth/auth.c:230(check_ntlm_password) challenge is: [2012/10/08 13:16:09.600184, 5] ../lib/util/util.c:278(_dump_data) [] D9 C9 AA F1 93 54 39 AD.T9. [2012/10/08 13:16:09.600197, 10] auth/auth.c:256(check_ntlm_password) check_ntlm_password: guest had nothing to say [2012/10/08 13:16:09.600211, 3] smbd/sec_ctx.c:210(push_sec_ctx
[Samba] Samba 4 rc1 installation attempts
All going fine with new RC1, however one suggestion I would make for the new configure scripts which are much more helpful than the old style ones, would be to put more of a warning about ACL support being needed to successfully provision an domain - or make it a configure failure if this is not found? Maybe with an option to pass to configure to allow overriding the error??? . I was aware of the requirement, but have just managed somehow to build it without ACL installed on an old test machine which has taken a good hour to build samba! Many thanks for all the work, and hopefully going to get samba 4 into a semi production environment this weekend as the admins domain controller. If all goes well I may well role it out to a wider enviroment later on. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows and nfs4 acls
Anyway, it seems that on openSUSE, the default for any nfs command is the highest available number. Meaning that even if you specify nfs3, the mount is still nfs4. You have to specifically tell it in /etc/sysconfig/nfs. Not an easy one to spot. ~~~ Hello, In /etc/fstab I use 'nfsvers=3' to force nfs 3 mounts. For example; hostname:/nfs3/share_name /mnt/share_namenfs nfsvers=3,tcp 0 0 That worked for me. Best regards, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] openldap authentication
I have an existing openldap schema which is handling mail, web and ftp services right now. I am trying to get a windows machine talking to the same filesystem as apache on linux via samba and read/write using the correct uid/gid. I was trying to shy away from using pam_ldap as there is no need to tie the user in ldap directly to the filesystem. The problem is it looks like the samba ldap module requires a specific ldap schema to function, whereas currently I map needed functionality to the ldap schema as depicted below # fxmul...@nsab.us, gwis dn: cn=fxmul...@nsab.us,dc=gwis objectClass: top objectClass: person objectClass: posixAccount accountid: 65534 uidNumber: 65534 gidNumber: 65534 active: 1 cn: fxmul...@nsab.us loginShell: /usr/sbin/nologin sn: nsab.us wenable: 1 wpass: testpass whome: /www/nsab.us/nsab.us/fx/fxmulder I don't suppose there is a similar way to map attributes with samba? Thanks, James Devine -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] wbinfo --ping can't find winbind?
I have compiled 3.5.12 from source on CentOS 5.7. I am using krb5.conf, smb.conf files that have worked with other 3.5.x installs of Samba (at least in terms of wbinfo working) but now I am not able to get any data from winbind. The server is running and the logs don't report any errors. I had done several 'make uninstall' while compiling/recompiling with different options. Could the problem somehow be related? [root@sambatest samba]# bin/wbinfo -u Error looking up domain users [root@sambatest samba]# bin/wbinfo --ping Ping to winbindd failed could not ping winbindd! [root@sambatest samba]# ps -ef | grep winbin root 3743 1 0 10:19 ?00:00:00 sbin/winbindd -D root 3744 3743 0 10:19 ?00:00:00 sbin/winbindd -D root 3838 3709 0 10:42 pts/000:00:00 grep winbin [root@sambatest samba]# tail var/log.winbindd [2011/11/10 10:19:35, 0] winbindd/winbindd.c:1102(main) winbindd version 3.5.12 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 [2011/11/10 10:19:35.733572, 0] winbindd/winbindd_cache.c:3076(initialize_winbindd_cache) initialize_winbindd_cache: clearing cache and re-creating with version number 1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Issue with compile of 3.5.12 -- krb related
= I was missing the KRB5 line so I installed krb5-devel (centos 5.7) and then re-configured. During the make command I now get the following error: cifs.upcall.c:(.text+0x360): undefined reference to `smb_krb5_principal_get_realm' cifs.upcall.c:(.text+0x3d3): undefined reference to `smb_krb5_unparse_name' collect2: ld returned 1 exit status make: *** [bin/cifs.upcall] Error 1 I first installed every krb5 package I could find (didn't fix the compile errors) and then I tried disabling this cifsupcall feature but then got the same errors using testparm. So maybe this feature is required for the 'ads' option and 'realm' parameter. Arg -- does this indicate my krb5 libraries are too old and missing some new function? Did you make clean? Doh! That fixed it =o) Fixed the errors from testparm, though now wbinfo doesn't work... [root@sambatest samba]# bin/wbinfo -u Error looking up domain users Grrr. Will have to mess around with it more later Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent passwd not returning users/groups
Yes, definitely On 11/8/2011 10:55 AM, Eddy Sturg wrote: Does nsswitch.conf have winbind listed? On Mon, Nov 7, 2011 at 11:09 AM, James Chase ja...@chasecomputers.net mailto:ja...@chasecomputers.net wrote: I tried a second install of CentOS with X, thinking perhaps the GUI setup might do something that I was missing in terms of getting samba connected to active directory. However I still can't get this to work (now wbinfo doesn't seem to work either) in CentOS. I also tried Fedora 14. Then I tried a Ubuntu 11 install and followed their instructions from the wiki: https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto And it worked! I tried to apply the same settings to CentOS setup but I still get no output from 'getent passwd'. Ubuntu is running version 3.5.11 while CentoS is 3.5.4. Think my best bet is building from source and trying 3.5.11 or 3.5.12 on CentOS? Are there any critical flags that need to be set during the configuration to make sure samba will work with active directory/winbind? James I'm trying to get my CentOS 5.6 machine setup as a Active Directory Domain Member with Windows 2008 level domain and samba 3.5. I haven't tried this before. I can successfully join the domain and return users using 'wbinfo -u' and groups with 'wbinfo -g' but when I try 'getent passwd' I only get the local users. I'm not sure what element that indicates is failing in the process. I'm not confident in my pam.d/ setup since different guides show different methods of setting this up. The /etc/nsswitch.conf file has been edited to include winbind as a source for passwd/shadow/group. The only insightful error message I see in the samba logs is this (repeated over and over in all the logs) but I haven't found the solution. Is this the cause of my problems? How do I disable spinlocks? I'm using a prebuilt package from sernet [2011/11/01 16:46:19.979981, 1] lib/util_tdb.c:385(tdb_log) tdb(unnamed): tdb_open_ex: spinlocks no longer supported Here is my samba configuration dumped from smbtest: [root@sambatest ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section [test] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = SHAMOFFICE realm = SHAMBHALA-OFFICE.LOCAL interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = ADS printcap name = cups idmap backend = ad idmap uid = 1-2 idmap gid = 3-4 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config SHAMOFFICE : schema_mode = rfc2307 idmap config SHAMOFFICE : range = 4000-5000 idmap config SHAMOFFICE : backend = ad idmap config * : range = 2000-3000 idmap config * : backend = tdb [test] comment = Directory for storing pictures by jims users path = /local/test read only = No guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Issue with compile of 3.5.12 -- krb related
After compiling samba 3.5.12 from source on CentOS 5.7, I test the configuration with 'testparm lib/smb.conf' and I get the following output WARNING: Ignoring invalid value 'ADS' for parameter 'security' Unknown parameter encountered: realm Ignoring unknown parameter realm I figured this might be due to a compile problem and I re-checked the HOWTO pdf and saw that I needed to find the following in include/config.h #define HAVE_KRB5 1 #define HAVE_LDAP 1 I was missing the KRB5 line so I installed krb5-devel (centos 5.7) and then re-configured. During the make command I now get the following error: cifs.upcall.c:(.text+0x360): undefined reference to `smb_krb5_principal_get_realm' cifs.upcall.c:(.text+0x3d3): undefined reference to `smb_krb5_unparse_name' collect2: ld returned 1 exit status make: *** [bin/cifs.upcall] Error 1 I first installed every krb5 package I could find (didn't fix the compile errors) and then I tried disabling this cifsupcall feature but then got the same errors using testparm. So maybe this feature is required for the 'ads' option and 'realm' parameter. Arg -- does this indicate my krb5 libraries are too old and missing some new function? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent passwd not returning users/groups
I tried a second install of CentOS with X, thinking perhaps the GUI setup might do something that I was missing in terms of getting samba connected to active directory. However I still can't get this to work (now wbinfo doesn't seem to work either) in CentOS. I also tried Fedora 14. Then I tried a Ubuntu 11 install and followed their instructions from the wiki: https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto And it worked! I tried to apply the same settings to CentOS setup but I still get no output from 'getent passwd'. Ubuntu is running version 3.5.11 while CentoS is 3.5.4. Think my best bet is building from source and trying 3.5.11 or 3.5.12 on CentOS? Are there any critical flags that need to be set during the configuration to make sure samba will work with active directory/winbind? James I'm trying to get my CentOS 5.6 machine setup as a Active Directory Domain Member with Windows 2008 level domain and samba 3.5. I haven't tried this before. I can successfully join the domain and return users using 'wbinfo -u' and groups with 'wbinfo -g' but when I try 'getent passwd' I only get the local users. I'm not sure what element that indicates is failing in the process. I'm not confident in my pam.d/ setup since different guides show different methods of setting this up. The /etc/nsswitch.conf file has been edited to include winbind as a source for passwd/shadow/group. The only insightful error message I see in the samba logs is this (repeated over and over in all the logs) but I haven't found the solution. Is this the cause of my problems? How do I disable spinlocks? I'm using a prebuilt package from sernet [2011/11/01 16:46:19.979981, 1] lib/util_tdb.c:385(tdb_log) tdb(unnamed): tdb_open_ex: spinlocks no longer supported Here is my samba configuration dumped from smbtest: [root@sambatest ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section [test] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = SHAMOFFICE realm = SHAMBHALA-OFFICE.LOCAL interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = ADS printcap name = cups idmap backend = ad idmap uid = 1-2 idmap gid = 3-4 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config SHAMOFFICE : schema_mode = rfc2307 idmap config SHAMOFFICE : range = 4000-5000 idmap config SHAMOFFICE : backend = ad idmap config * : range = 2000-3000 idmap config * : backend = tdb [test] comment = Directory for storing pictures by jims users path = /local/test read only = No guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] getent passwd not returning users/groups
I'm trying to get my CentOS 5.6 machine setup as a Active Directory Domain Member with Windows 2008 level domain and samba 3.5. I haven't tried this before. I can successfully join the domain and return users using 'wbinfo -u' and groups with 'wbinfo -g' but when I try 'getent passwd' I only get the local users. I'm not sure what element that indicates is failing in the process. I'm not confident in my pam.d/ setup since different guides show different methods of setting this up. The /etc/nsswitch.conf file has been edited to include winbind as a source for passwd/shadow/group. The only insightful error message I see in the samba logs is this (repeated over and over in all the logs) but I haven't found the solution. Is this the cause of my problems? How do I disable spinlocks? I'm using a prebuilt package from sernet [2011/11/01 16:46:19.979981, 1] lib/util_tdb.c:385(tdb_log) tdb(unnamed): tdb_open_ex: spinlocks no longer supported Here is my samba configuration dumped from smbtest: [root@sambatest ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section [test] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = SHAMOFFICE realm = SHAMBHALA-OFFICE.LOCAL interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = ADS printcap name = cups idmap backend = ad idmap uid = 1-2 idmap gid = 3-4 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config SHAMOFFICE : schema_mode = rfc2307 idmap config SHAMOFFICE : range = 4000-5000 idmap config SHAMOFFICE : backend = ad idmap config * : range = 2000-3000 idmap config * : backend = tdb [test] comment = Directory for storing pictures by jims users path = /local/test read only = No guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba on freebsd - permissions issue
I get the same results when mounting the share from Linux using these two different commands; mount -t cifs //bsd-host/test2 /mnt/test2 and, mount -t cifs -o file_mode=0777,dir_mode=0777 //bsd-host/test2 /mnt/test2 try, $ mount -t cifs -o noperm //bsd-host/test2 /mnt/test2 noperm means disabling access control using client side's permission. --- Thank you, Takahashi, for your reply. I remounted the share with the 'noperm' option and the files permission when creating a file remain the same. -rw-r--r-- 1 nobody nobody 0 Sep 8 10:31 ztest.13.txt I wonder why the host server is ignoring the Samba directive for setting the file permission. Best regards, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba on freebsd - permissions issue
Hello, I have Samba set up on FreeBSD with a share for guests. I don't need or want any authentication for this share. [test2] path = /data/test2 read only = No create mask = 0777 guest ok = Yes The file permission on the host directory was set to 2777 and nobody:nobody. When a windows machine writes to the dir the permissions look fine. For example, -rwxrw-rw- 1 nobody nobody 0 Sep 7 13:38 New Text Document.txt However, if a Linux machine mounts the share and any user other than root writes to it the perm's are different and you get a permissions error; $ touch ztest.1.txt touch: cannot touch `ztest.1.txt': Permission denied Interestingly, regardless of the error, the file is created; -rw-r--r-- 1 nobody nobody 0 Sep 7 16:15 ztest.1.txt If the user opens the file to write to it, it is opened in read-only. I get the same results when mounting the share from Linux using these two different commands; mount -t cifs //bsd-host/test2 /mnt/test2 and, mount -t cifs -o file_mode=0777,dir_mode=0777 //bsd-host/test2 /mnt/test2 Any suggestions on how I can fix this? Thank you in advance, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] trusted domain authentication not working
I have a samba member server setup for AD domain X.Y.net, this domain only holds computer objects. Domain Y.net contains all of the user accounts. Domain X.Y.net trusts domain Y.net one way only. The server is working and if I connect as a domain X.Y.net user I can connect ok. If I try as a domain Y.net user I cannot connect. The server does not seem to authenticating users from the trusted domain. If I run wbinfo -m I can see domain Y.net listed, but wbinfo -u does not list users for the Y.net domain. Kinit seems to work. Any help appreciated James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory member server
Hi Steven, Thanks for the feedback. I made some changes based on your config files and was still able to add the client to the domain using a local domain admin account. However, I am still unable to connect to the server from a windows machine and authenticate using an account from either domain. Wbinfo -u does not seem to list users from our authentication domain which may be the cause of the problem. Just to update I am running Debian (Lenny) for the server. Thanks James -Original Message- From: Steven Schlegel [mailto:steven.schlegel1...@googlemail.com] Sent: 14 June 2011 17:37 To: James Osbourn Subject: Re: [Samba] Active Directory member server Hi James, maybe the following configuration (examples) helps you out. I have the following packages installed: rpm -qa | grep -e samba -e krb5* | sort = output: krb5-auth-dialog-0.7-1 krb5-devel-1.6.1-36.el5 krb5-libs-1.6.1-36.el5 krb5-libs-1.6.1-36.el5 krb5-workstation-1.6.1-36.el5 ldb-tools-3.4.9-42.el5 libwbclient0-3.4.9-42.el5 libwbclient-devel-3.4.9-42.el5 libsmbclient0-3.4.9-42.el5 libsmbclient-devel-3.4.9-42.el5 pam_krb5-2.2.14-10 pam_krb5-2.2.14-10 samba3-3.4.9-42.el5 samba-cifsmount-3.4.9-42.el5 samba3-client-3.4.9-42.el5 samba3-doc-3.4.9-42.el5 samba3-utils-3.4.9-42.el5 samba3-winbind-3.4.9-42.el5 My krb5.conf looks like this: [logging] default = FILE:/var/log/kerberos/krb5libs.log kdc = FILE:/var/log/kerberos/krb5kdc.log admin_server = FILE:/var/log/kerberos/kadmind.log [libdefaults] default_realm = WIREDBRAIN.LCL dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 600 forwardable = true proxiable = true default_keytab_name = FILE:/etc/krb5.keytab [realms] WIREDBRAIN.LCL = { kdc = dchh01.wiredbrain.lcl master_kdc = dchh01.wiredbrain.lcl admin_server = dchh01.wiredbrain.lcl #default_domain = WIREDBRAIN.LCL } TRIPEDBRAIN.LCL = { kdc = rootdc01.tripedbrain.lcl } [domain_realm] .wiredbrain.lcl = WIREDBRAIN.LCL wiredbrain.lcl = WIREDBRAIN.LCL .tripedbrain.lcl = TRIPEDBRAIN.LCL tripedbrain.lcl = TRIPEDBRAIN.LCL [login] krb4_convert = true krb4_get_tickets = true [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = true } And my smb.conf looks like this: [global] workgroup = WIREDBRAIN realm = WIREDBRAIN.LCL password server = * preferred master = no server string = Linux AD Member-Server security = ads encrypt passwords = yes local master = no log level = 1 log file = /var/log/samba/%m max log size = 50 #printcap name = cups #printcap = cups winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nested groups = Yes winbind separator = \\ winbind refresh tickets = yes winbind offline logon = true winbind trusted domains only = no map untrusted to domain = Yes allow trusted domains = yes obey pam restrictions = no idmap backend = tdb idmap uid = 1-60 idmap gid = 1-60 passdb backend = tdbsam ;template primary group = domain users template shell = /bin/bash winbind nss info = rfc2307 client use spnego = yes client ntlmv2 auth = yes restrict anonymous = 2 As you can see I have two domains in my environment, named as WIREDBRAIN.LCL and TRIPEDBRAIN.LCL. Between those domains, an interdomain-trust has been created. After your configurations you need to initiate the net ads join command: net ads join -U Administrator and if this was successfull you need to create a kerberos keytab: net ads keytab create Now you can test your setup with the following commands: wbinfo -u - should give you a list of all users in your domains wbinfo -g - same like wbinfo -u (for groups) For my environment, I also need to edit the nsswitch.conf: passwd: files winbind shadow: files winbind group: files winbind Try kinit and smbclient to see if kerberos works and of course with samba. Best regards, Steven 2011/6/14 James Osbourn james.osbo...@citrix.com: I am trying to setup samba as a Windows front end to a CUPS print server. We seem to be having some problems getting the server registered in the domain and for users to be able to connect to the server. Our problems seems to stem from the fact that we add our machines to one domain which has a one way trust to a different domain which is where all of the user account reside and authentication is handled. I was able to get the net adc join command to work by using the primary domain administrator credentials. Any help on getting the correct runes into my smb.conf and krb5.conf files greatly appreciated. My krb5.conf file is as follows [libdefaults] default_realm = X.NET dns_lookup_realm = false dns_lookup_kdc = false
[Samba] Active Directory member server
I am trying to setup samba as a Windows front end to a CUPS print server. We seem to be having some problems getting the server registered in the domain and for users to be able to connect to the server. Our problems seems to stem from the fact that we add our machines to one domain which has a one way trust to a different domain which is where all of the user account reside and authentication is handled. I was able to get the net adc join command to work by using the primary domain administrator credentials. Any help on getting the correct runes into my smb.conf and krb5.conf files greatly appreciated. My krb5.conf file is as follows [libdefaults] default_realm = X.NET dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] A.X.NET = { kdc = dc01.a.x.net kdc = dc02.a.x.net admin_server = dc02.a.x.net } [domain_realm] .a.x.net = A.X.NET My smb.conf file is as follows [global] workgroup = A realm = a.x.net security = ADS encrypt passwords = yes Many Thanks James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions confusion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/11/2011 01:13 PM, James Moe wrote: Hello, samba Version 3.5.4-5.3.1-2489-SUSE-SL11.3 I do not understand why the file permissions of mounted shares are different when the share is viewed locally and when viewed remotely. [...] Is there a way to have the actual, real, local permissions shown to remote hosts? And to have the ability to change the permissions remotely? No one?!? - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2vB/AACgkQzTcr8Prq0ZN7wwCfcTq0AYxjzHmuyethR+sThwPA yx8AoI6f5XhalQRnMtR8ZkOZpvJ7iss8 =LZng -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tarmode exclude not working?
On 4/20/2011 7:48 PM, Jeremy Allison wrote: On Sun, Apr 17, 2011 at 11:44:25AM -0400, James Morris wrote: I am trying to backup a windows7 machine with smbclient. I would like to exclude the medSchool directory. However, using the command: /usr/bin/smbclient server1\\D -U user -E -d 1 -c tarmode\ full -TcrX - /medSchool/\* medSchool \medSchool \\medSchool\\ /dev/null no exclusion occurs (w//dev/null there for testing purposes). As you can see I've tried every which way I could think of to exclude this directory. Any help would be greatly appreciated. What Samba version ? Thank you for the reply jeremy: samba: Installed: 2:3.5.8~dfsg-1ubuntu2 Candidate: 2:3.5.8~dfsg-1ubuntu2 Version table: *** 2:3.5.8~dfsg-1ubuntu2 0 500http://us.archive.ubuntu.com/ubuntu/ natty/main amd64 Packages 100 /var/lib/dpkg/status -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions confusion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/20/2011 09:42 AM, TAKAHASHI Motonobu wrote: Is there a way to have the actual, real, local permissions shown to remote hosts? No, CIFS essentially do not have the semantics of permission. Because it is natively used to share Windows file system, which does not have the semantics. The permissions of mounted shares are created by client CIFS module internally and vanished when umounted. This is not the limitation of Samba or CIFS module but of CIFS protocol. Use NFS instead. Thank you. - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2vr6EACgkQzTcr8Prq0ZOs7wCdHMqTwZcX5JhNrkhe+q0IIlAs 99IAnAxChWslO3rFLUb+0W5xsbocQpjX =fJub -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba/backuppc error: NT_STATUS_CONNECTION_RESET
I am getting the following error from backuppc when trying to backup a windows7 machine from my ubuntu machine(though I believe this error comes directly from samba): [CODE][ skipped 44618 lines ] Error reading file \medSchool\body\dissectionimages\practice.pptx : NT_STATUS_CONNECTION_RESET Didn't get entire file. size=272456645, nread=126584640[/CODE] The backup occurs fine for *hours* but eventually I get this NT_STATUS_CONNECTION_RESET error. I have purged and reinstalled samba/backuppc, I have removed my wins setup (not sure if that's relevant), and I have checked permissions. As I said it seems to work fine for a while, but then stops. This seems to be a problem with the windows machine, but I'm not completely sure. What would cause the connection to reset after working so long. Thanks TSC -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba/backuppc error: NT_STATUS_CONNECTION_RESET
I am getting the following error from backuppc when trying to backup a windows7 machine from my ubuntu machine(though I believe this error comes directly from samba): [CODE][ skipped 44618 lines ] Error reading file \medSchool\body\dissectionimages\practice.pptx : NT_STATUS_CONNECTION_RESET Didn't get entire file. size=272456645, nread=126584640[/CODE] The backup occurs fine for *hours* but eventually I get this NT_STATUS_CONNECTION_RESET error. I have purged and reinstalled samba/backuppc, I have removed my wins setup (not sure if that's relevant), and I have checked permissions. As I said it seems to work fine for a while, but then stops. This seems to be a problem with the windows machine, but I'm not completely sure. What would cause the connection to reset after working so long. Thanks jack -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] tarmode exclude not working?
I am trying to backup a windows7 machine with smbclient. I would like to exclude the medSchool directory. However, using the command: /usr/bin/smbclient server1\\D -U user -E -d 1 -c tarmode\ full -TcrX - /medSchool/\* medSchool \medSchool \\medSchool\\ /dev/null no exclusion occurs (w/ /dev/null there for testing purposes). As you can see I've tried every which way I could think of to exclude this directory. Any help would be greatly appreciated. thanks, jack -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba/backuppc error: NT_STATUS_CONNECTION_RESET
I am getting the following error from backuppc when trying to backup a windows7 machine from my ubuntu machine(though I believe this error comes directly from samba): [CODE][ skipped 44618 lines ] Error reading file \medSchool\body\dissectionimages\practice.pptx : NT_STATUS_CONNECTION_RESET Didn't get entire file. size=272456645, nread=126584640[/CODE] The backup occurs fine for *hours* but eventually I get this NT_STATUS_CONNECTION_RESET error. I have purged and reinstalled samba/backuppc, I have removed my wins setup (not sure if that's relevant), and I have checked permissions. As I said it seems to work fine for a while, but then stops. This I this is a problem with the windows machine, but I'm not completely sure. What would cause the connection to reset after working so long. Thanks jack -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions confusion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/11/2011 01:13 PM, James Moe wrote: samba Version 3.5.4-5.3.1-2489-SUSE-SL11.3 I do not understand why the file permissions of mounted shares are different when the share is viewed locally and when viewed remotely. [...] Is there a way to have the actual, real, local permissions shown to remote hosts? And to have the ability to change the permissions remotely? Either this is profoundly obvious or very obscure. :-( Can anyone recommend resources that discuss this issue? - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2l4OcACgkQzTcr8Prq0ZPawgCgsJqhPWnEJeq2u5b6zGLIgXEH M4YAoIpRx1pC9N0Eagxoy1vInUhR3Amj =4Vzf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] File permissions confusion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, samba Version 3.5.4-5.3.1-2489-SUSE-SL11.3 I do not understand why the file permissions of mounted shares are different when the share is viewed locally and when viewed remotely. When I initially created a share, for instance with //sma-nas-01/photos/v cifs credentials=/home/sma-user4/.smb/.smbpw,uid=jmoe,gid=users in /etc/fstab, a long directory listing (ls -l) show ALL permissions as 775, regardless of the actual permissions as displayed locally. This was not good, showing everything as executable. I then added file_mode=0664,dir_mode=0775 to the mount options and got reasonable settings for the permissions. They, however, are not the true settings. Again samba has masked over reality. Using chmod to alter the file permissions does not work. The action is simply ignored. Is there a way to have the actual, real, local permissions shown to remote hosts? And to have the ability to change the permissions remotely? - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2jYNYACgkQzTcr8Prq0ZMDbACfRIOQTy0Gt3erz+ZeGiHpjbag XeIAnA3yvV4RFVx01ZSIkXLKDOiSUV+t =J5BS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] What are these samba errors about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/10/2011 04:27 PM, James Moe wrote: These message have started appearing the system logs /var/log/messages and /var/log/warn since Mar 2, 2011. They seem to occur about every 13 minutes (780 seconds). What could it mean? Is it serious? [ sample log entries ] Mar 9 20:15:50 sma-station14l smbd[3711]: [2011/03/09 20:15:50.196387, 0] smbd/server.c:281(remove_child_pid) Mar 9 20:15:50 sma-station14l smbd[3711]: Could not find child 10046 - ignoring Mar 9 20:28:50 sma-station14l smbd[3711]: [2011/03/09 20:28:50.885876, 0] smbd/server.c:281(remove_child_pid) Mar 9 20:28:50 sma-station14l smbd[3711]: Could not find child 10326 - ignoring [ end ] Huh! No one knows. - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1+X60ACgkQzTcr8Prq0ZMCKwCgtTbzKqv44gRmMFKHe9+LRyDw Vt0AnRLajhAiZQawH3moISw1pcxFZ5M+ =kCx1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba file share slowdown
The thought was that the dos workstations would be unhappy with ntfs. I may well have been wrong there. I found the key bit. For a share with multiple stations sharing dbf files using CA clipper 5.2 as the program language, optlocks need to be off. The part about clipper and dbf files may not be a specific part of my problem, multiple stations attempting to share read/write acess certainly is. We have half a dozen or so dbf files that are heavily shared between perhaps 30 workstations. Setting oplocks off made a huge difference. The online help seems to suggest the opposite-- that oplocks would be a positive influence on multiple access useage, the chapter in the docs that I finally found that explains it wasn't easy to find. I didn't find it till someone else suggested this fix. When I searched with that question in mind I found it. Thanks for your help, overall samba is a very good thing. Jim Hurlburt Yakima, WA On 3/11/11, Jeremy Allison j...@samba.org wrote: On Tue, Mar 08, 2011 at 10:41:19AM -0800, James Hurlburt wrote: Jeremy: Looks like I may have made a mistake attaching the file. Here is my smb.conf in the email. If both trys actually worked, please ignore one. The only strange thing I can see is: fstype = FAT in your share definitions. Why are you setting that ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] What are these samba errors about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 opensuse v11.3 linux 2.6.34.7-0.7-desktop x86_64 samba Version 3.5.4-5.3.1-2489-SUSE-SL11.3 These message have started appearing the system logs /var/log/messages and /var/log/warn since Mar 2, 2011. They seem to occur about every 13 minutes (780 seconds). What could it mean? Is it serious? - [ sample log entries ] Mar 9 20:15:50 sma-station14l smbd[3711]: [2011/03/09 20:15:50.196387, 0] smbd/server.c:281(remove_child_pid) Mar 9 20:15:50 sma-station14l smbd[3711]: Could not find child 10046 - ignoring Mar 9 20:28:50 sma-station14l smbd[3711]: [2011/03/09 20:28:50.885876, 0] smbd/server.c:281(remove_child_pid) Mar 9 20:28:50 sma-station14l smbd[3711]: Could not find child 10326 - ignoring - [ end ] - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk15XmAACgkQzTcr8Prq0ZNZZwCeK6WZVoDHv/28y15ZuLgPFAYI R1cAniIVut9y85gKW8Klq5wipN06kVF7 =7Xyf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba] file share slowdown
Jeremy: Attached is the working smb.conf, created with swat. Thanks for your attention, Jim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba file share slowdown
Jeremy: Looks like I may have made a mistake attaching the file. Here is my smb.conf in the email. If both trys actually worked, please ignore one. Jim # Samba config file created using SWAT # from UNKNOWN (10.23.0.118) # Date: 2011/03/07 12:24:08 [global] workgroup = ATRIUM-DW server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes lanman auth = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 deadtime = 15 dns proxy = No default service = global usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No browsable = No [print$] comment = All Printers path = /var/spool/samba valid users = @users admin users = @admin read only = No create mask = 0700 guest ok = Yes browseable = No browsable = No [bestbilt] path = /atrium/bestbilt valid users = @users admin users = @admin force group = users read only = No create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 strict locking = No fstype = FAT [vol1] path = /atrium/vol1 valid users = @users admin users = @admin force group = users read only = No create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 fstype = FAT [programs] path = /atrium/programs valid users = @users admin users = @admin force group = users read only = No create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 fstype = FAT [testjim] path = /atrium/testjim valid users = @computer admin users = @admin force group = computer read only = No create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 [accounting] path = /atrium/accounting valid users = @accounting admin users = @admin force group = accounting read only = No create mask = 0660 force create mode = 0660 directory mask = 0770 force directory mode = 0770 [homes] comment = home directories valid users = %S admin users = @admin read only = No browseable = No browsable = No fstype = FAT [computer] path = /atrium/secure/COMPUTER valid users = @computer admin users = @admin force group = computer read only = No create mask = 0660 force create mode = 0660 directory mask = 0770 force directory mode = 0770 [testprinter2] printable = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] file share slowdown
Sirs: We are a Vinyl window manufacturing plant in central Washington State, USA. We have been running linux with samba for file and print services for eight or ten years now. Much of our production software is in house, and built on CA clipper 5.2, using dbf files as the primary data store. The clipper dbf file format supports both record locking and file locking along with shared file access. This worked very well on Novell netware and was working ok on samba 3.0.23. We had a samba server running for several years. I believe it was 6.06 with samba 3.0.23 although I'm no longer certain of either of those two versions. We have about six stations running dos 6.22 and four running windows 98. They are part of production machines, and changing the operating system is not an option. I had managed to tweak the samba config file so that file sharing wasn't a big problem, the system was responsive and running fairly smoothly. We have numerous clients running winXP with no obvious problems. We are, and have been running the Samba server with User validation. We are part of a windows domain, but haven't figured out a way to have the dos machines login as domain members. The xp stations use the domain for authentication, then we maintain a parallel set of logins on the linux box and samba file server. Again, this was working OK, pre crash. A month or so ago, we lost two hard drives on the file server and had to do a rebuild. I had tried to update the samba version a time or two in the interem and failed. I couldn't get the dos machines to connect to samba and access the necessary data files. One gentleman on the samba list said that this was a problem with lanman protocol, and aparently fixed it. Samba 3.4.7 allows logins file access without any problems. The current problem is that shared clipper files are very slow. It appears as if record locking instead of file locking isn't being recognized by Samba. When production is going, 20 second delays for file access are common. This was not true six weeks ago before the server crash. I have studied on the smb.conf file at great length, trying several variations without sucess. Any advice or hints of what to study now would be most welcome, Jim Hurlburt Atrium Windows and Doors Northwest. Yakima, WA USA The global portion plus the mains share of the smb.conf file in verbose mode. *** # Samba config file created using SWAT # from UNKNOWN (10.23.0.118) # Date: 2011/03/07 15:23:58 [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = ATRIUM-DW realm = netbios name = BBI-SAM-1-SRV netbios aliases = netbios scope = server string = %h server (Samba, Ubuntu) interfaces = bind interfaces only = No security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes map to guest = Bad User null passwords = No obey pam restrictions = Yes password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = tdbsam algorithmic rid base = 1000 root directory = guest account = nobody enable privileges = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . passwd chat debug = No passwd chat timeout = 2 check password script = username map = password level = 0 username level = 0 unix password sync = Yes restrict anonymous = 0 lanman auth = Yes ntlm auth = Yes client NTLMv2 auth = No client lanman auth = No client plaintext auth = No preload modules = dedicated keytab file = kerberos method = default map untrusted to domain = No log level = 0 syslog = 0 syslog only = No log file = /var/log/samba/log.%m max log size = 1000 debug timestamp = Yes debug prefix timestamp = No debug hires timestamp = No debug pid = No debug uid = No debug class = No enable core files = Yes smb ports = 445 139 large readwrite = Yes max protocol = NT1 min protocol = CORE min receivefile size = 0 read raw = Yes write raw = Yes disable netbios = No reset on zero vc = No acl compatibility = auto defer sharing violations = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name
[Samba] Default file permissions for Mac OSX
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, samba Version 3.5.4-5.1.2-2426-SUSE-SL11.3 We have recently transferred our file services from one host to another. The old host was an OS/2 server. OS/2 is basically a single user OS; the file (and directory) permissions were mostly irrelevant. The new server is linux OS, opensuse 11.3 distribution. It, of course, has more to say about file permissions. The problem I am seeing is that Windows XP clients that have mounted a share on the new server save files with permissions 0755. This is rather odd; I would have thought 0644. (A PDF with an executable mode is not very useful.) Nevertheless, because the group permission is read-only, other users cannot access the files. 0755 looks like a typical directory permission. I would prefer to have the default file permission be 0664. Is there a setting in the server's samba configuration to define the default file permissions? We have a iMac running OSX 10.6. - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1CbHwACgkQzTcr8Prq0ZOhsgCfZSZ9vfMpIDleYQw6akrF1J/C raAAni/fVK3HsYUtZ7PTqt+yQL3ZiVd+ =Uc1v -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Question on how to get Samba to use larger pread/write calls.
On 17 January 2011 08:14, Chris Duffy c...@small-tree.com wrote: We are testing Samba 3 (and 4) on Fedora Core 13, 10Gbit connection with a Mac OS 10.6.4 system as the client. We will be adding some Windows machines sooner or later with 10Gbit interfaces. We are seeing 100-150MBytes/sec read or write performance between the Mac and the FC13 system over 10Gbit interface but it should be capable of 400-500MBytes/sec. We have a local raid on the FC13 system that runs 1GByte/sec locally using an Areca 1880-ix-16 raid card (6Gbit version). It has 16 fast Hitachi disks in a Raid5 format using xfs filesystem. The problem here is that samba is poking the Areca at 128KByte I/O's on preads and writes, i.e. shown to us using strace on the smbd daemons that are running. Using vmstat/iostat/sar utilities, we see 100% utilization of the Areca card because the average wait time is real high and the average queue length to it is also high..too many small I/O's. This is not the case if I run fio or dd locally to/from the Areca's raid using 1-4MByte I/O's. I see fast I/O... I do not see any way to increase the size of Samba's pread/write's in the smb.conf documentation. I am sure it may be just a matter of getting the source code and making some changes to allow larger sized IO's butand of course I suppose Windows clients may complain but I remember that back in the old Irix days with the group of engineers in Australia I worked with, we had Samba screaming fast but not sure if they tweaked the version of Samba on Irix to do this. Hi Chris :) IIRC, we used a carefully tweaked read ahead module to make sure that I/Os were hitting the disks properly aligned and of reasonable size. http://www.samba.org/samba/docs/man/manpages-3/vfs_readahead.8.html Can you guys come up with a way for us to allow the reads/writes to/from the disks to be tunable up to say 4MB in size? Thx chris duffy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot list shares on a host
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, linux 2.6.34.7-0.7-desktop x86_64 smbclient 3.5.4-5.1.2-2426-SUSE-SL11.3 I issue this command: smbclient -L SMA-STN14L -U jmoe I get: Connection to SMA-STN14L failed (Error NT_STATUS_BAD_NETWORK_NAME) In smb.conf [globals] section: workgroup = SOHNEN-MOE netbios name = SMA-STN14L Adding the -I option made no difference. The firewall port is open. There is nothing in /var/log/messages. There is nothing in /var/log/samba/log.*. So, what's the message about a bad name? - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0vavcACgkQzTcr8Prq0ZNSYACeP94q7ydYsQkYHB8wwvIx5gdT 8u8An13z19s3MgUeOjpwhyhPWtZS6mAi =2a+T -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Connecting an iMac to os/2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I have an iMac v10.6. I'd like to get it to connect to an old os/2 server, v4.5 fp3. Using smbutils on the iMac: $ smbutil -v view //sma-server1.sma.com smbutil: server connection failed: RPC struct is bad Can anyone suggest what changes may be made that will correct this error? Is it even possible? - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0suJ4ACgkQzTcr8Prq0ZPJ7wCeMTU56gbcigWb1gsjR57AxkGm ycEAoLKKbbvi1plOlr/7EEHJV7KYg+79 =ls/L -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Connecting an iMac to os/2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/11/2011 01:07 PM, James Moe wrote: Hello, I have an iMac v10.6. I'd like to get it to connect to an old os/2 server, v4.5 fp3. I should note that linux, Windows and (of course) os/2 can mount and access the server shares without a problem. Only the Mac is being difficult. - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0s2xYACgkQzTcr8Prq0ZM/mgCfTyk4fm/AB38/NCqgXyW3rdbZ XhkAnAojbbBifvhqumcd3zj6TcKFNk4a =5Ywr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Connecting an iMac to os/2
On 11 January 2011 12:07, James Moe ji...@sohnen-moe.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I have an iMac v10.6. I'd like to get it to connect to an old os/2 server, v4.5 fp3. Using smbutils on the iMac: $ smbutil -v view //sma-server1.sma.com smbutil: server connection failed: RPC struct is bad Can anyone suggest what changes may be made that will correct this error? Is it even possible? I don't think that the Mac OS X client will support a server that old. You could file a bug at bugreporter.apple.com, but I'm pretty confident that's what they'll tell you. Sorry. - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0suJ4ACgkQzTcr8Prq0ZPJ7wCeMTU56gbcigWb1gsjR57AxkGm ycEAoLKKbbvi1plOlr/7EEHJV7KYg+79 =ls/L -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] NT_STATUS_PASSWORD_MUST_CHANGE looping
Hi, We have an Ubuntu 10.10 server running Samba 3.5.4 with OpenLDAP 2.4.23 and we have a small problem where every time a user logs onto a workstation they are asked to change their password. Once they enter a new password and confirm it, it asks them again and again and again. The only way to fix this (which isn't a fix) is to use the smbldap-passwd tool to reset their password. But then it happens again the next day. Here is a sample LDAP entry for my user: 32 uid=JMills,ou=Users,dc=neubau,dc=com,dc=au objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: James Mills sn: Mills givenName: James uid: JMills uidNumber: 1066 gidNumber: 513 homeDirectory: /export/data/home/JMills loginShell: /bin/bash gecos: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 displayName: James Mills sambaSID: S-1-5-21-3626674478-1586681162-2521339854-3132 sambaPrimaryGroupSID: S-1-5-21-3626674478-1586681162-2521339854-513 sambaHomeDrive: H: sambaNTPassword: x sambaPwdMustChange: 1290993110 shadowLastChange: 14942 shadowMax: 0 sambaHomePath: \\ALPHA\JMills sambaLogonScript: \\ALPHA\netlogon\netlogon.bat sambaProfilePath: \\ALPHA\profiles\JMills sambaPwdCanChange: 1 sambaPasswordHistory: sambaPwdLastSet: 129590 sambaAcctFlags: [U ] I'm not quite sure what's going on or how we've misconfigured this but any help solving this would be very appreciated. Here is out smb.conf pasted as well: http://paste.pocoo.org/show/298311/ Thank you, cheers James -- -- James Mills -- -- Problems are solved by method -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getting error with setfacl
- Original Message - From: Bruce Richardson itsbr...@workshy.org To: samba@lists.samba.org Sent: Wednesday, November 3, 2010 6:31:44 PM GMT -08:00 US/Canada Pacific Subject: Re: [Samba] getting error with setfacl On Wed, Nov 03, 2010 at 05:05:28PM -0700, James D. Parra wrote: Well it does if you're using winbindd to map DOMAIN\\groupname to a group on the box :-). ~ Thank you Jeremy. What is the best way to do that? The key tool is nsswitch. Winbind may or may not be necessary, depending on your precise set up. It's the nsswitch libraries and configuration file which tell Linux where to fetch user and group information. If your domain stores its user list in the tdb files on your PDC, then your only option is to use winbind (and the nss_winbind library) to provide user and group information to nsswitch. However, if you are using an LDAP directory as the data backend for your domain, you could use nss_ldap instead, and pull the information straight from LDAP. That's what I do, for several reasons, of which the best two are: 1. It allows me to have a consistent nsswitch configuration across all servers, whether or not they are running Samba, and have domain users able to access services consistently. 2. It simplifies the Samba configuration on servers which are domain members. You have this choice both if your domain controllers are LDAP-backed Samba ones (as mine are), or Windows Active Directory servers - all you have to do is make sure your AD servers have the extension to their schema to support POSIX user/group information. Given the choice, I would always go for the direct LDAP route, with users and groups that have intrinsic, permanent UIDs and GIDs; it's less fragile. I'll happily create those users and groups via Samba/Winbind on the PDC (love the whole idmap alloc and ldmapsam:editposix combination), but once they're in the LDAP directory, they're permanent, and available to anything that speaks LDAP. ~ Thank you Bruce. I am using ldap on the Samba server joined to an AD domain. Could you point me to a URL for instructions on setup nss_ldap to use the groups on the AD. Many thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getting error with setfacl
The key tool is nsswitch. Winbind may or may not be necessary, depending on your precise set up. It's the nsswitch libraries and configuration file which tell Linux where to fetch user and group information. ~ Hello Bruce, Still can't get setfacl to get group or user info from the AD (Windows 2003) I have the following in nsswitch.conf; passwd: compat ldap group: files ldap hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files dns services: files ldap protocols: files rpc:files ethers: files netmasks: files netgroup: files ldap publickey: files bootparams: files automount: files nis aliases:files ldap passwd_compat: ldap snip And the linux box is joined to the domain; # net ads testjoin Join is OK snip I can get details from 'wbinfo' fmt-mwr:~ # wbinfo -g DOMAIN+pg_out_test snip Somewhere is the magic to get setfacl to see the AD groups and users. Many thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getting error with setfacl
Still can't get setfacl to get group or user info from the AD (Windows 2003) snip Somewhere is the magic to get setfacl to see the AD groups and users. Found the problem and the solution. On the Windows AD the Unix attributes for the groups were not enabled and once enabled setfacl worked. Many thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] getting error with setfacl
Hello, I have joined the Linux server (Suse 11.2) to the Windows domain (win2003) and users can login to the server using their window's domain credentials. Also can view all of the domain groups using 'wbinfo -g', however when I try to set the acls on a local dir' I get the follow error; #setfacl -m g:DOMAIN\\groupname:r /tmp/testacl setfacl: Option -m: Invalid argument near character 3 The same error occurs if I use a domain user, although I can add a local Linux user or group. What am I overlooking? Many thanks on advance. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getting error with setfacl
On Wed, Nov 03, 2010 at 11:25:44PM +, Miguel Medalha wrote: I have joined the Linux server (Suse 11.2) to the Windows domain (win2003) and users can login to the server using their window's domain credentials. Also can view all of the domain groups using 'wbinfo -g', however when I try to set the acls on a local dir' I get the follow error; #setfacl -m g:DOMAIN\\groupname:r /tmp/testacl setfacl: Option -m: Invalid argument near character 3 The setfacl tool knows nothing about Windos domains, hence the error you see. Well it does if you're using winbindd to map DOMAIN\\groupname to a group on the box :-). ~ Thank you Jeremy. What is the best way to do that? Many thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c8000c9 smbtorture: Fix typo in status message. from 7a194c6 s3: Make unpack_pjob static http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c8000c94a59267326b13df3c631b9ac2921d0615 Author: James Peach jpe...@samba.org Date: Wed Oct 20 10:07:33 2010 -0700 smbtorture: Fix typo in status message. --- Summary of changes: source4/torture/raw/notify.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/raw/notify.c b/source4/torture/raw/notify.c index 7ccdbd7..d96ec93 100644 --- a/source4/torture/raw/notify.c +++ b/source4/torture/raw/notify.c @@ -74,7 +74,7 @@ static bool test_notify_dir(struct smbcli_state *cli, struct smbcli_state *cli2, struct smbcli_request *req, *req2; extern int torture_numops; - printf(TESTING CHANGE NOTIFY ON DIRECTRIES\n); + printf(TESTING CHANGE NOTIFY ON DIRECTORIES\n); /* get a handle on the directory -- Samba Shared Repository
Re: [Samba] macmini samba
On 24 August 2010 15:09, larry lar...@artonagroup.com wrote: Hi, Did anyone know the samba daemon,config file and the installation path on MAC OS 10.6? $ smbd -b Built by:r...@ghosttown.apple.com Built on:Thu May 6 17:48:29 PDT 2010 Built using: /usr/bin/cc Build host: Darwin ghosttown.apple.com 10.0 Darwin Kernel Version 10.0.0: Fri Jul 31 22:46:25 PDT 2009; root:xnu-1456.1.25~1/RELEASE_X86_64 x86_64 SRCDIR: /SourceCache/samba/samba-235.4/samba/source BUILDDIR:/var/tmp/samba/samba-235.4~1/x86_64 Paths: SBINDIR: /usr/sbin BINDIR: /usr/bin SWATDIR: /usr/swat CONFIGFILE: /private/etc/smb.conf LOGFILEBASE: /private/var/log/samba LMHOSTSFILE: /private/etc/lmhosts LIBDIR: /usr/lib/samba SHLIBEXT: dylib LOCKDIR: /private/var/samba PIDDIR: /private/var/run SMB_PASSWD_FILE: /private/var/db/samba/smbpasswd PRIVATE_DIR: /private/var/db/samba I have a problem that the windows users can only access shares on MAC by computer name. But need input user name and password by IP address. Thanks Larry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via effc61c... smbtorture: Make SAMBA3CASEINSENSITIVE report failures properly. via b7ad0c6... smbtorture: Emit correct test results if setup fails. via 21fe753... smbtorture: Ensure that the RPC setup returns correct status. from f37793e... s4:ldap_server use talloc_unlink() to avoid talloc_free() with references http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit effc61cb782a470a0a3dee317ad271e521f6c3be Author: James Peach jpe...@samba.org Date: Thu Aug 12 14:31:52 2010 -0700 smbtorture: Make SAMBA3CASEINSENSITIVE report failures properly. commit b7ad0c6e394b09a8933080e966ba1c77575d9f31 Author: James Peach jpe...@samba.org Date: Thu Aug 12 12:36:24 2010 -0700 smbtorture: Emit correct test results if setup fails. If the test setup fails, we still need to format the test result for the UI. At leas in the subunit case, the format doesn't specify what to do here, so we fail every test manually with the setup failure message. commit 21fe7533032168222a32bc12e2ade1169d41b763 Author: James Peach jpe...@samba.org Date: Thu Aug 12 12:35:53 2010 -0700 smbtorture: Ensure that the RPC setup returns correct status. --- Summary of changes: lib/torture/torture.c| 46 + source4/torture/raw/samba3misc.c | 10 +--- source4/torture/rpc/rpc.c|8 +++--- 3 files changed, 41 insertions(+), 23 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/torture/torture.c b/lib/torture/torture.c index 71bd53b..27b2bdc 100644 --- a/lib/torture/torture.c +++ b/lib/torture/torture.c @@ -343,6 +343,7 @@ static bool internal_torture_run_test(struct torture_context *context, context-active_testname = talloc_asprintf(context, %s-%s, old_testname, test-name); } + context-active_tcase = tcase; context-active_test = test; @@ -401,43 +402,58 @@ bool torture_run_tcase(struct torture_context *context, bool ret = true; char *old_testname; struct torture_test *test; + bool setup_succeeded = true; + const char * setup_reason = Setup failed; context-active_tcase = tcase; if (context-results-ui_ops-tcase_start) context-results-ui_ops-tcase_start(context, tcase); - if (tcase-fixture_persistent tcase-setup -!tcase-setup(context, tcase-data)) { - /* FIXME: Use torture ui ops for reporting this error */ - fprintf(stderr, Setup failed: ); - if (context-last_reason != NULL) - fprintf(stderr, %s, context-last_reason); - fprintf(stderr, \n); - ret = false; - goto done; + if (tcase-fixture_persistent tcase-setup) { + setup_succeeded = tcase-setup(context, tcase-data); + } + + if (!setup_succeeded) { + /* Uh-oh. The setup failed, so we can't run any of the tests +* in this testcase. The subunit format doesn't specify what +* to do here, so we keep the failure reason, and manually +* use it to fail every test. +*/ + if (context-last_reason != NULL) { + setup_reason = talloc_asprintf(context, + Setup failed: %s, context-last_reason); + } } old_testname = context-active_testname; context-active_testname = talloc_asprintf(context, %s-%s, old_testname, tcase-name); for (test = tcase-tests; test; test = test-next) { - ret = internal_torture_run_test(context, tcase, test, - tcase-fixture_persistent); + if (setup_succeeded) { + ret = internal_torture_run_test(context, tcase, test, + tcase-fixture_persistent); + } else { + context-active_tcase = tcase; + context-active_test = test; + torture_ui_test_start(context, tcase, test); + torture_ui_test_result(context, TORTURE_FAIL, setup_reason); + } } talloc_free(context-active_testname); context-active_testname = old_testname; - if (tcase-fixture_persistent tcase-teardown - !tcase-teardown(context, tcase-data)) + if (setup_succeeded tcase-fixture_persistent tcase-teardown + !tcase-teardown(context, tcase-data)) { ret = false; + } -done: context-active_tcase = NULL; + context-active_test = NULL; if (context-results-ui_ops
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 44de839... smbtorture: Don't crash RAW-QFILEINFO if there's no alternate name. via 88d48a7... smbtorture: Make BASE-OPENATTR report a failure if it fails. from c43e832... s3-waf: fix the waf build with more recent MIT krb5 libs. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 44de839dabb6062d524ddc0001ca23fb8505e643 Author: James Peach jpe...@samba.org Date: Fri Aug 6 15:21:31 2010 -0700 smbtorture: Don't crash RAW-QFILEINFO if there's no alternate name. commit 88d48a7d92ca7dedc5357a1e7caab544e586bafb Author: James Peach jpe...@samba.org Date: Fri Aug 6 15:25:12 2010 -0700 smbtorture: Make BASE-OPENATTR report a failure if it fails. --- Summary of changes: source4/torture/basic/attr.c|6 -- source4/torture/raw/qfileinfo.c |5 + 2 files changed, 9 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/basic/attr.c b/source4/torture/basic/attr.c index 49e8a59..66d17b4 100644 --- a/source4/torture/basic/attr.c +++ b/source4/torture/basic/attr.c @@ -121,7 +121,8 @@ bool torture_openattrtest(struct torture_context *tctx, if (fnum1 == -1) { for (l = 0; l ARRAY_SIZE(attr_results); l++) { if (attr_results[l].num == k) { - torture_comment(tctx, [%d] trunc open 0x%x - 0x%x of %s failed - should have succeeded !(%s)\n, + torture_result(tctx, TORTURE_FAIL, + [%d] trunc open 0x%x - 0x%x of %s failed - should have succeeded !(%s), k, open_attrs_table[i], open_attrs_table[j], fname, smbcli_errstr(cli1-tree)); @@ -160,7 +161,8 @@ bool torture_openattrtest(struct torture_context *tctx, if (attr != attr_results[l].result_attr || open_attrs_table[i] != attr_results[l].init_attr || open_attrs_table[j] != attr_results[l].trunc_attr) { - torture_comment(tctx, [%d] getatr check failed. [0x%x] trunc [0x%x] got attr 0x%x, should be 0x%x\n, + torture_result(tctx, TORTURE_FAIL, + [%d] getatr check failed. [0x%x] trunc [0x%x] got attr 0x%x, should be 0x%x, k, open_attrs_table[i], open_attrs_table[j], (unsigned int)attr, diff --git a/source4/torture/raw/qfileinfo.c b/source4/torture/raw/qfileinfo.c index 54f1d12..2a5a2e7 100644 --- a/source4/torture/raw/qfileinfo.c +++ b/source4/torture/raw/qfileinfo.c @@ -667,6 +667,11 @@ static bool torture_raw_qfileinfo_internals(struct torture_context *torture, s1 = fnum_find(ALT_NAME_INFO); if (s1) { correct_name = s1-alt_name_info.out.fname.s; + } + + if (!correct_name) { + torture_comment(torture, no alternate name information\n); + } else { torture_comment(torture, alt_name: %s\n, correct_name); NAME_CHECK(ALT_NAME_INFO,alt_name_info, fname, STR_UNICODE); -- Samba Shared Repository
[Samba] smb mount as root, access as non-root. Changed behaviour between samba 3.0.x and 3.4.x?
Hi List, I have an appliance (the client) which mounts a CIFS share from a Samba server - the Samba server usually runs on an Ubuntu system. Within the client, the root user executes a mount command like this: mount.cifs \\UBUNTUSERVER\archive /tmp/Default \ -o noserverino,user='someuser',pass='somepassword',uid='50',gid='7' That uid/gid pair belongs to the lp user on the client. Once the share is mounted, a process belonging to another user (lp in this case) writes data into the share. When I use Ubuntu 8.04 for the samba server, which ships with Samba 3.0.28, this works. On Ubuntu 10.04 which contains Samba 3.4.7, I am unable to write to the share as the lp user (though root - the original share-mounter - is able to). I'm struggling to find what might have changed (a security improvement?, an alteration of a default option?), and whether I can work around this change? Can anyone offer any suggestions? regards, Seb James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb mount as root, access as non-root. Changed behaviour between samba 3.0.x and 3.4.x?
On Fri, 2010-07-16 at 17:02 +0100, Seb James wrote: Hi List, I have an appliance (the client) which mounts a CIFS share from a Samba server - the Samba server usually runs on an Ubuntu system. Within the client, the root user executes a mount command like this: mount.cifs \\UBUNTUSERVER\archive /tmp/Default \ -o noserverino,user='someuser',pass='somepassword',uid='50',gid='7' That uid/gid pair belongs to the lp user on the client. Once the share is mounted, a process belonging to another user (lp in this case) writes data into the share. When I use Ubuntu 8.04 for the samba server, which ships with Samba 3.0.28, this works. On Ubuntu 10.04 which contains Samba 3.4.7, I am unable to write to the share as the lp user (though root - the original share-mounter - is able to). I'm struggling to find what might have changed (a security improvement?, an alteration of a default option?), and whether I can work around this change? As a follow up to my first message, here is the samba log (level 3) output from the Ubuntu 10.04 server when the lp owned process tries to write data to the share: [2010/07/16 17:07:45, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 4037) conn 0x7ffed1cb3730 [2010/07/16 17:07:45, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 [2010/07/16 17:07:45, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 263 [2010/07/16 17:07:45, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [statusprintout_Jul1610_170745.prn] [/var/spool/ShareArchive] [2010/07/16 17:07:45, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: statusprintout_Jul1610_170745.prn reduced to /var/spool/ShareArchive/statusprintout_Jul1610_170745.prn [2010/07/16 17:07:45, 3] smbd/trans2.c:4050(call_trans2qfilepathinfo) call_trans2qfilepathinfo: SMB_VFS_STAT of statusprintout_Jul1610_170745.prn failed (No such file or directory) [2010/07/16 17:07:45, 3] smbd/error.c:153(reply_unix_error) unix_error_packet: error string = No such file or directory [2010/07/16 17:07:45, 3] smbd/error.c:60(error_packet_set) error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND [2010/07/16 17:07:45, 3] smbd/process.c:1459(process_smb) Transaction 328 of length 78 (0 toread) [2010/07/16 17:07:45, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 4037) conn 0x7ffed1cb25f0 [2010/07/16 17:07:45, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 [2010/07/16 17:07:45, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 263 [2010/07/16 17:07:45, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [.] [/var/spool/ShareInput2] [2010/07/16 17:07:45, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: . reduced to /var/spool/ShareInput2 [2010/07/16 17:07:45, 3] smbd/trans2.c:4070(call_trans2qfilepathinfo) call_trans2qfilepathinfo . (fnum = -1) level=263 call=5 total_data=0 [2010/07/16 17:07:45, 3] smbd/process.c:1459(process_smb) regards, Seb James -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb mount as root, access as non-root. Changed behaviour between samba 3.0.x and 3.4.x?
On Fri, 2010-07-16 at 20:21 +0100, Seb James wrote: On Fri, 2010-07-16 at 17:02 +0100, Seb James wrote: Hi List, I have an appliance (the client) which mounts a CIFS share from a Samba server - the Samba server usually runs on an Ubuntu system. Within the client, the root user executes a mount command like this: mount.cifs \\UBUNTUSERVER\archive /tmp/Default \ -o noserverino,user='someuser',pass='somepassword',uid='50',gid='7' That uid/gid pair belongs to the lp user on the client. Once the share is mounted, a process belonging to another user (lp in this case) writes data into the share. When I use Ubuntu 8.04 for the samba server, which ships with Samba 3.0.28, this works. On Ubuntu 10.04 which contains Samba 3.4.7, I am unable to write to the share as the lp user (though root - the original share-mounter - is able to). I'm struggling to find what might have changed (a security improvement?, an alteration of a default option?), and whether I can work around this change? As a follow up to my first message, here is the samba log (level 3) output from the Ubuntu 10.04 server when the lp owned process tries to write data to the share: [2010/07/16 17:07:45, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 4037) conn 0x7ffed1cb3730 [2010/07/16 17:07:45, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 [2010/07/16 17:07:45, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 263 [2010/07/16 17:07:45, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [statusprintout_Jul1610_170745.prn] [/var/spool/ShareArchive] [2010/07/16 17:07:45, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: statusprintout_Jul1610_170745.prn reduced to /var/spool/ShareArchive/statusprintout_Jul1610_170745.prn [2010/07/16 17:07:45, 3] smbd/trans2.c:4050(call_trans2qfilepathinfo) call_trans2qfilepathinfo: SMB_VFS_STAT of statusprintout_Jul1610_170745.prn failed (No such file or directory) [2010/07/16 17:07:45, 3] smbd/error.c:153(reply_unix_error) unix_error_packet: error string = No such file or directory [2010/07/16 17:07:45, 3] smbd/error.c:60(error_packet_set) error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND [2010/07/16 17:07:45, 3] smbd/process.c:1459(process_smb) Transaction 328 of length 78 (0 toread) [2010/07/16 17:07:45, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 4037) conn 0x7ffed1cb25f0 [2010/07/16 17:07:45, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 [2010/07/16 17:07:45, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 263 [2010/07/16 17:07:45, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [.] [/var/spool/ShareInput2] [2010/07/16 17:07:45, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: . reduced to /var/spool/ShareInput2 [2010/07/16 17:07:45, 3] smbd/trans2.c:4070(call_trans2qfilepathinfo) call_trans2qfilepathinfo . (fnum = -1) level=263 call=5 total_data=0 [2010/07/16 17:07:45, 3] smbd/process.c:1459(process_smb) A further update. I just created a new Ubuntu8.04 virtual machine install, set it up, and found that in fact, it too fails to allow the lp user to write to the share which was created by the root user. I am therefore now considering how my original Ubuntu 8.04 install/samba setup is different from a default install. Sorry if I wasted anyone's time. Seb James -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ec25a00... smbtorture shell: Allow any config option to be set. from e058de3... Make the map to guest parameter work correctly with NTLMSSP (spnego and raw) under SMB2. Still need to investigate fixing this with krb5 auth (does this make sense ?). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ec25a000317f863df7af0d97f1fd8948b2f8959d Author: James Peach jpe...@samba.org Date: Fri Jul 16 11:07:31 2010 -0700 smbtorture shell: Allow any config option to be set. Not sure what I was thinking by restricting the shell to torture: parametric options. It's really extemely useful to be able to set arbitrary options. --- Summary of changes: source4/torture/shell.c | 11 ++- 1 files changed, 6 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/shell.c b/source4/torture/shell.c index 7c313af..03c670a 100644 --- a/source4/torture/shell.c +++ b/source4/torture/shell.c @@ -175,8 +175,6 @@ static void shell_help(const struct shell_command * command, static void shell_set(const struct shell_command *command, struct torture_context *tctx, int argc, const char **argv) { - char * name; - switch (argc) { case 0: lpcfg_dump(tctx-lp_ctx, stdout, @@ -185,9 +183,12 @@ static void shell_set(const struct shell_command *command, break; case 2: - name = talloc_asprintf(NULL, torture:%s, argv[0]); - lpcfg_set_cmdline(tctx-lp_ctx, name, argv[1]); - talloc_free(name); + /* We want to allow users to set any config option. Top level +* options will get checked against their static definition, but +* parametric options can't be checked and will just get stashed +* as they are provided. +*/ + lpcfg_set_cmdline(tctx-lp_ctx, argv[0], argv[1]); break; default: -- Samba Shared Repository
Re: [Samba] Can Map shares but cannot write
Original Message From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Michael Lyon Sent: Wednesday, June 30, 2010 6:37 AM To: t...@tms3.com Cc: samba@lists.samba.org Subject: Re: [Samba] Can Map shares but cannot write Heh, I made myself the owner, and still can't create a file. [r...@vm-stusrv test]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: mlyon # group: students user::rwx group::rwx group:students:rwx mask::rwx other::rwx Mike Try using the default flag for setfacl. I always have this problem with setfacl: $ setfacl -m g:students:rwx foo doesn't work, but I have better luck with $ setfacl -d -m g:students:rwx foo I don't know why, it seems like it should work with the first setup but it rarely does for me. And if THAT doesn't work, I connect to the share as an admin Windows user (administrator in your case) and set the ACLs using Windows Explorer. James Zuelow Network Specialist City and Borough of Juneau MIS (907) 586-0236 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6227eac... smbtorture: Fixx off-by-one command line parsing. via 0fc18ea... smbtorture: Add target command to interactive shell. via 7a25e2e... smbtorture: Enhance shell help command. via bf35aa8... smbtorture: Add auth command to the shell. via 3f398ec... smbtorture: Refactor interactive shell into independent commands. via 9f69790... smbtorture: Move interactive shell into a separate file. via a5e14bd... smbtorture: Print global options for interactive list command. via 12e15b0... smbtorture: Add history support to shell mode. via 6f96293... smbtorture: Add list command to smbtorture shell. from acf54c3... s3-winbind: Make KRB5_EVENT_REFRESH_TIME a function http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6227eac607131ed1042af1de83af7f70d0b05375 Author: James Peach jpe...@samba.org Date: Mon Jun 21 11:09:45 2010 -0700 smbtorture: Fixx off-by-one command line parsing. If we are not in shell mode we require both the target and test name arguments. Make sure we process these from the correct index. commit 0fc18ead76a79286365646eeb7607b39b01a1c9f Author: James Peach jpe...@samba.org Date: Mon Mar 22 21:55:49 2010 -0700 smbtorture: Add target command to interactive shell. Add a target command to set the target server to test. Refactor the command line argument processing a little so that you can run --shell without any additional arguments. commit 7a25e2efe9360b333fedc3fb938774437703700e Author: James Peach jpe...@samba.org Date: Sun Mar 21 22:04:37 2010 -0700 smbtorture: Enhance shell help command. Sort the command list alphabetically. Let the help command print usage info for other commands. commit bf35aa86038aa5bbf06bf73eb58cfa6fa1eae904 Author: James Peach jpe...@samba.org Date: Sun Mar 21 21:56:05 2010 -0700 smbtorture: Add auth command to the shell. Add a new auth command to set the cmdline credentials from withing the smbtorture shell. commit 3f398ec36d6b733c92682f5eb03eeacb047e582f Author: James Peach jpe...@samba.org Date: Fri Mar 19 22:04:08 2010 -0700 smbtorture: Refactor interactive shell into independent commands. Refactor the smbtorture interactive shell into a set of independent command callbacks to make it easier to add more independent commands. commit 9f697903556529bb4fedd73d027c317e56f6bf21 Author: James Peach jpe...@samba.org Date: Fri Mar 19 21:24:15 2010 -0700 smbtorture: Move interactive shell into a separate file. commit a5e14bded48ac53e21307eda1c9767be64b39a17 Author: James Peach jpe...@samba.org Date: Thu Mar 18 21:59:35 2010 -0700 smbtorture: Print global options for interactive list command. commit 12e15b0ac800a84d553ff82c4c61ccc8da9fd5fd Author: James Peach jpe...@samba.org Date: Thu Mar 18 21:25:17 2010 -0700 smbtorture: Add history support to shell mode. commit 6f96293406bfaff35e7588d0624842de145ff249 Author: James Peach jpe...@samba.org Date: Thu Mar 18 21:14:47 2010 -0700 smbtorture: Add list command to smbtorture shell. --- Summary of changes: lib/torture/torture.c |2 +- lib/torture/torture.h |2 +- source4/lib/smbreadline/readline.m4 |5 + source4/torture/config.mk |5 +- source4/torture/shell.c | 318 +++ source4/torture/smbtorture.c| 141 ++-- source4/torture/smbtorture.h|5 + source4/torture/wscript_build |2 +- 8 files changed, 422 insertions(+), 58 deletions(-) create mode 100644 source4/torture/shell.c Changeset truncated at 500 lines: diff --git a/lib/torture/torture.c b/lib/torture/torture.c index dcb28ee..4333f98 100644 --- a/lib/torture/torture.c +++ b/lib/torture/torture.c @@ -305,7 +305,7 @@ bool torture_run_suite(struct torture_context *context, } bool torture_run_suite_restricted(struct torture_context *context, - struct torture_suite *suite, char **restricted) + struct torture_suite *suite, const char **restricted) { /* FIXME */ return false; diff --git a/lib/torture/torture.h b/lib/torture/torture.h index 931937c..6482e89 100644 --- a/lib/torture/torture.h +++ b/lib/torture/torture.h @@ -221,7 +221,7 @@ bool torture_run_suite(struct torture_context *context, /* Run the specified testsuite recursively, but only the specified * tests */ bool torture_run_suite_restricted(struct torture_context *context, - struct torture_suite *suite, char **restricted); + struct torture_suite *suite, const char **restricted); /* Run the specified testcase */ bool torture_run_tcase(struct torture_context
Re: [SCM] Samba Shared Repository - branch master updated
On Jun 21, 2010, at 2:09 PM, Matthieu Patou wrote: James, It seems that something is wrong with your patch set, I get: m...@ares:/usr/local/src/samba4/source4$ make WAF_MAKE=1 ../buildtools/bin/waf build Waf: Entering directory `/usr/local/src/samba4/source4/bin' [1775/1973] Compiling torture/shell.c ../torture/shell.c: In function ‘shell_set’: ../torture/shell.c:181: error: implicit declaration of function ‘lp_dump’ ../torture/shell.c:188: error: implicit declaration of function ‘lp_set_cmdline’ Waf: Leaving directory `/usr/local/src/samba4/source4/bin' Build failed: - task failed (err #1): {task: cc shell.c - shell_28.o} make: *** [all] Erreur 1 Sorry, fixed with f5709975c1671dc23471a81b2a6523138d98a74b reseting to acf54c3... s3-winbind: Make KRB5_EVENT_REFRESH_TIME a function, allow me to build ! Can you have a look ? On 21/06/2010 22:31, James Peach wrote: The branch, master has been updated via 6227eac... smbtorture: Fixx off-by-one command line parsing. via 0fc18ea... smbtorture: Add target command to interactive shell. via 7a25e2e... smbtorture: Enhance shell help command. via bf35aa8... smbtorture: Add auth command to the shell. via 3f398ec... smbtorture: Refactor interactive shell into independent commands. via 9f69790... smbtorture: Move interactive shell into a separate file. via a5e14bd... smbtorture: Print global options for interactive list command. via 12e15b0... smbtorture: Add history support to shell mode. via 6f96293... smbtorture: Add list command to smbtorture shell. from acf54c3... s3-winbind: Make KRB5_EVENT_REFRESH_TIME a function http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6227eac607131ed1042af1de83af7f70d0b05375 Author: James Peachjpe...@samba.org Date: Mon Jun 21 11:09:45 2010 -0700 smbtorture: Fixx off-by-one command line parsing. If we are not in shell mode we require both the target and test name arguments. Make sure we process these from the correct index. commit 0fc18ead76a79286365646eeb7607b39b01a1c9f Author: James Peachjpe...@samba.org Date: Mon Mar 22 21:55:49 2010 -0700 smbtorture: Add target command to interactive shell. Add a target command to set the target server to test. Refactor the command line argument processing a little so that you can run --shell without any additional arguments. commit 7a25e2efe9360b333fedc3fb938774437703700e Author: James Peachjpe...@samba.org Date: Sun Mar 21 22:04:37 2010 -0700 smbtorture: Enhance shell help command. Sort the command list alphabetically. Let the help command print usage info for other commands. commit bf35aa86038aa5bbf06bf73eb58cfa6fa1eae904 Author: James Peachjpe...@samba.org Date: Sun Mar 21 21:56:05 2010 -0700 smbtorture: Add auth command to the shell. Add a new auth command to set the cmdline credentials from withing the smbtorture shell. commit 3f398ec36d6b733c92682f5eb03eeacb047e582f Author: James Peachjpe...@samba.org Date: Fri Mar 19 22:04:08 2010 -0700 smbtorture: Refactor interactive shell into independent commands. Refactor the smbtorture interactive shell into a set of independent command callbacks to make it easier to add more independent commands. commit 9f697903556529bb4fedd73d027c317e56f6bf21 Author: James Peachjpe...@samba.org Date: Fri Mar 19 21:24:15 2010 -0700 smbtorture: Move interactive shell into a separate file. commit a5e14bded48ac53e21307eda1c9767be64b39a17 Author: James Peachjpe...@samba.org Date: Thu Mar 18 21:59:35 2010 -0700 smbtorture: Print global options for interactive list command. commit 12e15b0ac800a84d553ff82c4c61ccc8da9fd5fd Author: James Peachjpe...@samba.org Date: Thu Mar 18 21:25:17 2010 -0700 smbtorture: Add history support to shell mode. commit 6f96293406bfaff35e7588d0624842de145ff249 Author: James Peachjpe...@samba.org Date: Thu Mar 18 21:14:47 2010 -0700 smbtorture: Add list command to smbtorture shell. --- Summary of changes: lib/torture/torture.c |2 +- lib/torture/torture.h |2 +- source4/lib/smbreadline/readline.m4 |5 + source4/torture/config.mk |5 +- source4/torture/shell.c | 318 +++ source4/torture/smbtorture.c| 141 ++-- source4/torture/smbtorture.h|5 + source4/torture/wscript_build |2 +- 8 files changed, 422 insertions(+), 58 deletions(-) create mode 100644 source4/torture/shell.c Changeset truncated at 500 lines: diff --git a/lib/torture/torture.c b/lib/torture/torture.c index dcb28ee..4333f98 100644 --- a/lib/torture
[Samba] Fwd: smbd will not start
On 9 April 2010 16:21, James Cort james.c...@gosnetworks.com wrote: On 9 April 2010 16:14, Volker Lendecke volker.lende...@sernet.de wrote: On Fri, Apr 09, 2010 at 10:11:26AM -0500, Bill Purcell wrote: == [10:05:44] ~$ dpkg -l | egrep samba|libwb ii libwbclient0 2:3.4.7~dfsg-1 Samba winbind client library ii samba 2:3.2.5-4lenny9 a LanManager-like file and printer server for Unix ii samba-common 2:3.2.5-4lenny9 Samba common files used by both the server and the client == Should these two version be the same? Is there any easy way with dpkg or apt to make this happen? If not, I assume I will have to build from source? Is there a decent tutorial on this, including a list of dependencies? Ok, you do have a problem. The libwbclient version must match the rest of Samba. Not sure how to solve this, I'm not an aptitude wizard. I think you may have installed 3.4.7~dfsg-1 from backports - either install every Samba package from backports or none of them. apt-get remove libwbclient0 ; apt-get install libwbclient0 should do the job, assuming your /etc/apt/sources.list is appropriate for Debian Stable. Sending again because I forgot to ensure the list was copied in. GOS Networks Limited, 1 Friary, Temple Quay, Bristol, BS1 6EA, UK. Registered company number: 6917663 The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing GOS Networks agreement. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Performance issues: have eliminated disk and network as cause
Just been told the config file didn't appear in the email as it went out (even though it certainly appears in the copy I've got), so I'm attaching inline this time. Oh, BTW: it's version 3.4.7 on Debian Lenny, installed from backports. [global] workgroup = U4EATECH netbios name = tiamat enable privileges = yes server string = Primary Domain Controller %v security = user local master = no os level = 33 domain master = no preferred master = no encrypt passwords = true null passwords = no hide unreadable = yes hide dot files = yes obey pam restrictions = Yes unix password sync = Yes remote browse sync = 172.30.20.109 172.30.20.130 172.27.0.6 enhanced browsing = yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = Changing UNIX and samba passwords for*\nNew password* %n\n *Retype new password* %n\n ldap passwd sync = Yes log level = 0 syslog = 1 log file = /var/log/samba/log.%m max log size = 1000 read raw = yes write raw = yes kernel oplocks = yes max xmit = 65535 dead time = 15 use sendfile = yes socket options = TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY getwd cache = yes mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon path = logon home = \\atlas\%U logon drive = H: domain logons = Yes wins server = 172.30.20.109 #name resolve order = hosts bcast name resolve order = wins lmhosts hosts bcast dns proxy = yes time server = yes passdb backend = ldapsam:ldap://ldap.u4eatech.com/ ldap:// ldap-slave.u4eatech.com ldap admin dn = cn=smbadmin,dc=u4eatech,dc=com ldap suffix = dc=u4eatech,dc=com ldap group suffix = ou=Group ldap user suffix = ou=People ldap machine suffix = ou=Hosts ldap idmap suffix = ou=People ldap ssl = no add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u load printers = no create mask = 0640 directory mask = 0750 nt acl support = Yes guest account = nobody dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd #show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no [netlogon] path = /home/samba/netlogon guest ok = yes browseable = No read only = no [wpkg] path = /home/samba/wpkg read only = yes guest ok = yes browseable = no [homes] comment = Home Directories browseable = yes writable = yes oplocks = yes GOS Networks Limited, 1 Friary, Temple Quay, Bristol, BS1 6EA, UK. Registered company number: 6917663 The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing GOS Networks agreement. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Performance issues: have eliminated disk and network as cause
Hi, I'm not entirely happy with the performance I'm seeing using Samba, and I wonder if anyone can shine any light. The server is a Dell PowerEdge 2950 with hardware RAID10, 4GB RAM and a quad-core Intel Xeon processor. It's not live yet, so there's no load from other tasks. I've already eliminated the RAID (able to sustain 130-140MB/s for reads/writes) and the network (GigE, tar | nc to this server and untar'd at the other end sustains 8-900Mbps) as bottlenecks, which leaves me dealing with Samba. Samba is peaking at around 280Mbps (reading and writing a single 500MB file) and normal performance (which I have benchmarked with a 350MB directory containing about 1,000 files of various sizes up to 2MB) is closer to 90-100Mbps (write), 117Mbps (read). This is with a Windows XP client, using smbmount from a Linux client is not appreciably faster. Obviously there's going to be a much larger overhead associated with SMB versus netcat, but 3.5-8 times slower? I have attached my smb.conf (though I have removed most of the shares for brevity's sake), in the hope that someone can help. James. GOS Networks Limited, 1 Friary, Temple Quay, Bristol, BS1 6EA, UK. Registered company number: 6917663 The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing GOS Networks agreement. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Provision script fails with Samba4 (latest git version)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, I'm trying to get samba4 to provision with the latest git version. My provision command looks like so: # ./setup/provision --realm=TEST.DOMAIN --domain=DOMAIN --adminpass=pass - --server-role='domain controller' --ldap-backend-type=openldap - --slapd-path=/usr/sbin/slapd I get the following output from the command: hdb_db_open: database cn=Schema,cn=Configuration,dc=test,dc=domain: db_open(/usr/local/samba4/private/ldap/db/schema/id2entry.bdb) failed: No such file or directory (2). backend_startup_one (type=hdb, suffix=cn=Schema,cn=Configuration,dc=test,dc=domain): bi_db_open failed! (2) slap_startup failed (test would succeed using the -u switch) Failed to bind - LDAP client internal error: NT_STATUS_UNEXPECTED_NETWORK_ERROR Failed to connect to 'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi' Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=test,DC=domain pdc_fsmo_init: no domain object present: (skip loading of domain details) Traceback (most recent call last): File ./setup/provision, line 244, in module nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode,useeadb=eadb) File bin/python/samba/provision.py, line 1301, in provision dom_for_fun_level=dom_for_fun_level) File bin/python/samba/provision.py, line 945, in setup_samdb SAMBA_VERSION_STRING: version File bin/python/samba/provision.py, line 260, in setup_modify_ldif ldb.modify_ldif(data) File bin/python/samba/__init__.py, line 261, in modify_ldif self.modify(msg, controls) _ldb.LdbError: (1, 'LDAP client internal error: NT_STATUS_INTERNAL_ERROR') A transaction is still active in ldb context [0x42f1450] on /usr/local/samba4/private/secrets.ldb Any one with any ideas on where I progress from here with this? I seem to have come to a road block. Thanks for any help you can provide. - -- James Ray. j@qmul.ac.uk Computing Services (http://pub.tsn.dk/how-to-quote.php) Queen Mary, University of London -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktxLvgACgkQcGHKt+AwrtjkZgCgjmqOJ5GH/Myi/siTlx+1hbNE m3IAniZmq2vxv98P8OxMcunlWj6jTnFS =GNAH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] IPv6 name resolution problem
On 2/5/2010 1:50 PM, Ernesto Silva wrote: Hi, I'm trying to set up a small network over IPv6. It will have IPv4 too but the dhcp server may not work and Ubuntu (9.04) automatically configure a .local domain IPv6 addresses, so I must run the samba server and clients over IPv6. --snip-- ping6 -Ieth0 ipv6_server_address works fine smbclient -L ::1 works fine smbclient -L ipv6_client_address works fine smbclient -L client_name.local fails with NT_STATUS_BAD_NETWORK_NAME smbclient -L ipv6_server_address fails with NT_STATUS_INVALID_HANDLE smbclient -L server_name.local fails with NT_STATUS_BAD_NETWORK_NAME As I mentioned both client and server IPv6 addresses are in local scope: fe80:0:0:0:x:x:x:x/64 I'm also using avahi-daemon with IPv6 enabled and my nsswitch.conf host's line is: hosts: files mdns_minimal [NOTFOUND=return] mdns dns An strace reveals this: RESOLVE-HOSTNAME-IPV4, but not IPV6 apparently. Any ideas? Best regards, Ernesto. Check your /etc/hosts file. You may have an old IPv4 dotted address there. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Sirs: I have a Ubuntu 6.06 samba 3.0.22 file server running on linux. I am attempting to update the file server to ubuntu 8.10, samba 3.2.3. I have been attempting this, intermittently, for some time which is why 8.10. I have 10 MSDOS (mostly 6.22) workstations as a part of the network. The ones that have to run, control production machinery on the plant floor. Updating the operating system on those machines is effectivly impossible. There are some of them that run software that I control, most of them use vendor supplied software to control the older machines. They are using lanman 2.2 as the client software. (I have many xp workstations, they work fine with both systems. I can map drives, read and save and run the same dos exe files that the dos stations are failing on. Print stuff...) On the old server, the dos stations can log in and use network resources. Thus far, I have failed to make them work on the new server. The relevant parts of the smb.conf files for the servers are -- The 3.0.22 server. This one is the production server and the dos stations work. # Samba config file created using SWAT # from 10.23.0.118 (10.23.0.118) # Date: 2010/01/29 09:46:06 [global] workgroup = ATRIUM-DW server string = Samba passwd program = /usr/bin/passwd %u unix password sync = Yes change notify timeout = 30 deadtime = 30 printcap name = CUPS disable spoolss = Yes show add printer wizard = No ldap ssl = no case sensitive = No [bestbilt] comment = Mapped as U: path = /atrium/bestbilt valid users = @users force group = users read only = No create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 oplocks = No level2 oplocks = No strict locking = No *** The 3.2.3 server # Samba config file created using SWAT # from UNKNOWN () # Date: 2010/02/02 13:20:51 [global] workgroup = ATRIUM-DW guest account = bbijimhur lanman auth = Yes ldap ssl = no [bestbilt] comment = working production data path = /atrium/bestbilt username = bbijimhur valid users = @users force group = users read only = No guest ok = Yes [dosbbilt] comment = win94 for dos workstations path = /atrium/bestbilt read only = No guest ok = Yes This smb.conf file is the best one I have been able to create for the dos stations. With it, I can log in and map the drive. net use u: \\bbi-sam-2-srv\bestbilt I can do directory listings and change directory to u:\win94 When I attempt to run a dos program (tracking.exe) I get the following u:\win94\ Tracking NET805: NETWORK DEVICE NO LONGER EXISTS READING DRIVE U Abort, Retry, Fail? f Access denied. I have much the same error if I put the executable on the local drive and attempt to use shared .dbf data files from the server. I can connect to the old server with the same box. It takes a few minutes to change all the config files for lanman, but it works. On the old server, I can login, map the drives and run executables and use the dbf data files. It seems to me as if there is some configuration flag where the default has from 3.0 to 3.2 that I can't find. I did a detailed view of both config files from swat and ran a dif on them. I was unable to identify a place that could be changed that would allow the dos machines to utilize the samba file server. I am willing to use either different client software on the dos stations, or update the samba setup to a different version. I like ubuntu, but am not wedded to it. However, the dos stations must stay, even if I must maintain a server with 3.0 on it to keep them running. Any ideas? I am more that willing to RTFM, but have exausted my ideas of which FM and which part of it to read. Hints in this matter would be welcome. Hints on which config option in smb.conf would be even more welcome. Thanks in advance, Jim Hurlburt Atrium Windows and Doors Northwest. Yakima, WA USA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] file attributes (ACL's) lost
Hello, I have an iSCSI mount that I disconnected from during a reboot and after remounting it all the ACL's are missing. Using 'll' shows no extended file attributes and 'getfacl' on the dir' shows that the previous attributes are now missing. Restarting smb, nmb, winbind didn't restore them either. Is there a way to restore the attributes? Not sure how they were lost in the fist place. Many thanks in advance. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file attributes (ACL's) lost
I have an iSCSI mount that I disconnected from during a reboot and after remounting it all the ACL's are missing. Using 'll' shows no extended file attributes and 'getfacl' on the dir' shows that the previous attributes are now missing. Restarting smb, nmb, winbind didn't restore them either. I don't think there is any backup of the posix acls anywhere in samba. Is there a way to restore the attributes? Not sure how they were lost in the fist place. Did you mount your filesystem with the appropriate acl options. Do you have acls enabled in your kernel? ~ Thank you, John. That was the problem; I mounted it with ext3 default instead of ext3 acl,user_xattr. All is well. Best, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Recycle VFS + Gnome Trash
Hi, We have hard mounted samba shares (via pam_mount) at login including the user home dir. We have tried setting up the recycle VFS module which works fine when we delete a file from the share on the command line. But when we delete a file in gnome via the gui, it puts it in the users ~/.local/share/Trash folder and samba does not see this happening on the share maybe as its a move file technically from one share to another? So our problem is that we have two trash locations happening dependant on what the user does and what app they are using. Is there anyway to work around and at least say have a common point for the trash... or at the very least get samba to save a copy via recycle vfs? Thanks for any help. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC directory permission fail (Bino Oetomo)
Bino, The permissions should be 770 for directories. They need execute privileges for directories to be able to get access to the directories. You should be able to set the files for 660 though I don't believe it will keep windows from executing a file. With 'force' before 'create mask' or 'directory mask' allows you to set bits. You should have 'create mask 660' to force files (other than directories) to not allow setting of the execute bit. And directories should usually be 'force directory mask 770' with maybe a 'directory mask 770' before this to prevent anyone allowing a directory to be read/writeable by everyone. James -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of samba-requ...@lists.samba.org Sent: Wednesday, January 06, 2010 2:00 PM To: samba@lists.samba.org Subject: samba Digest, Vol 85, Issue 6 -- Message: 1 Date: Wed, 06 Jan 2010 08:51:33 +0700 From: Bino Oetomo b...@indoakses-online.com To: ?? mail_of_ser...@mail.ru Cc: samba@lists.samba.org Subject: Re: [Samba] PDC directory permission fail Message-ID: 4b43eca5.1010...@indoakses-online.com Content-Type: text/plain; charset=KOI8-R; format=flowed Dear Serg and All ?? wrote: Hello, Bino! I use webmin to do the samba PDC configuration IMHO, insuffisient Agree ... I did some direct edit to conf file [warehouse] comment = Files of warehouse writeable = yes path = /hdd2/samba/groupfiles/warehouse when I create that share via webmin i use option : a. mode : 775 b. Create user : Root c. Create Group : warehouse. 4. From my XP station , I login to that domain with user name wh01, the results is : a. Successfull login b. wh01 can create a file in the home directory (/home/wh01) But, wh01 can not write file to share warehouse Which permission to the new file? May be 644? :) IMHO, user have right to write directory, but have not right to write file. Look man smb.conf for force create mode, force directory mode or http://wiki.samba.org/index.php/Frequently_Asked_Questions#inherit_permi ssions Thankyou for your enlightment I read that documentation, but I don't want uuser to be able to execute things in directory So I chage the share to : [warehouse] create mode = 660 path = /hdd2/samba/groupfiles/warehouse directory mode = 660 force group = warehouse (and the dircory is auto created with user:group as root:warehouse) Still the user with group warehouse can not access (event just open) the directory so I try to delete the share ... manualy remove the dir , and re create the share (and dir) with : [warehouse] create mode = 760 path = /hdd2/samba/groupfiles/warehouse directory mode = 760 force group = warehouse Still the user with group warehouse can not access (event just open) the directory Again, I try to delete the share ... manualy remove the dir , and re create the share (and dir) with : [warehouse] create mode = 770 path = /hdd2/samba/groupfiles/warehouse directory mode = 770 force group = warehouse And ... voila ... the user can access (read-write) into the shares ... But it'll means that the user can also execute somethings inside directory ... right ? Why we need the execute bit in directory permission just to let the user to read and write only ? Just fyi, my system is based on : ++ Ubuntu Jaunty ++ Samba 3.32 Sincerely -bino- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
2009/12/16 Jeremy Allison j...@samba.org: On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote: And although it creates directory, it doesn't copy contents, because it stops process of copying directory after this error. If I repeat filesync, the contents of directory will be copid (cause directory is already here). So, it looks exactly the same. If so, then problem in chflags(). I expect that samba on linux is compiled without support for chflags, obviously. I presume that settings unix extensions = no would probably fix this, but it has a drawback, because then you loose native unix things like symlinks etc. Which is, at least in our case is not possible, cause shares accessed by both, mac and linux clients over NFS (the same clients on different hosts) and symlinks are heavily used. I think, OSX client, when it sees that server supports unix extensions, expects that on other side is OSX server with samba which supports chflags. So, if we don't discuss rewrite of OSX cifs FS, then only solution is to emulate chflags support on samba side (or convert flags to XFS/ETX3 attrs somehow) Hmmm. Looks like a client bug then, in that they don't cope with an error on chflags set. What error is the Samba server returning here ? George, what errors can the MacOSX client cope with and continue ? FileSync wants to create accurate copies of files, including all their metadata. We just pass the error up the stack. The current code does not look too closely at the unix capabilities, we should be looking at the flags mask in the UNIX_INFO2 response and handling the case where the server doesn't understand any flags. Please file a bug at http://bugreporter.apple.com and attach the packet trace. This will help us to make a case to fix this in an update. -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
2009/12/16 Anton Starikov ant.stari...@gmail.com: On Dec 16, 2009, at 7:08 PM, Jeremy Allison wrote: On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote: And although it creates directory, it doesn't copy contents, because it stops process of copying directory after this error. If I repeat filesync, the contents of directory will be copid (cause directory is already here). So, it looks exactly the same. If so, then problem in chflags(). I expect that samba on linux is compiled without support for chflags, obviously. I presume that settings unix extensions = no would probably fix this, but it has a drawback, because then you loose native unix things like symlinks etc. Which is, at least in our case is not possible, cause shares accessed by both, mac and linux clients over NFS (the same clients on different hosts) and symlinks are heavily used. I think, OSX client, when it sees that server supports unix extensions, expects that on other side is OSX server with samba which supports chflags. So, if we don't discuss rewrite of OSX cifs FS, then only solution is to emulate chflags support on samba side (or convert flags to XFS/ETX3 attrs somehow) Hmmm. Looks like a client bug then, in that they don't cope with an error on chflags set. What error is the Samba server returning here ? Of course it is client error. But it is much easy to add dirty hack to samba on server that fooling around bunch of clients. Does Apple opensource their implementation of smbfs? http://www.opensource.apple.com/source/smb/smb-348.7/ -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
2009/12/16 Anton Starikov ant.stari...@gmail.com: One question. The fact that client ignore ACL capabilities of server, it is also normal for current smbfs implementation? Even in 10.5, the smbfs client does not ignore the filesystem ACL support attribute. On Dec 16, 2009, at 9:28 PM, James Peach wrote: 2009/12/16 Jeremy Allison j...@samba.org: On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote: And although it creates directory, it doesn't copy contents, because it stops process of copying directory after this error. If I repeat filesync, the contents of directory will be copid (cause directory is already here). So, it looks exactly the same. If so, then problem in chflags(). I expect that samba on linux is compiled without support for chflags, obviously. I presume that settings unix extensions = no would probably fix this, but it has a drawback, because then you loose native unix things like symlinks etc. Which is, at least in our case is not possible, cause shares accessed by both, mac and linux clients over NFS (the same clients on different hosts) and symlinks are heavily used. I think, OSX client, when it sees that server supports unix extensions, expects that on other side is OSX server with samba which supports chflags. So, if we don't discuss rewrite of OSX cifs FS, then only solution is to emulate chflags support on samba side (or convert flags to XFS/ETX3 attrs somehow) Hmmm. Looks like a client bug then, in that they don't cope with an error on chflags set. What error is the Samba server returning here ? George, what errors can the MacOSX client cope with and continue ? FileSync wants to create accurate copies of files, including all their metadata. We just pass the error up the stack. The current code does not look too closely at the unix capabilities, we should be looking at the flags mask in the UNIX_INFO2 response and handling the case where the server doesn't understand any flags. Please file a bug at http://bugreporter.apple.com and attach the packet trace. This will help us to make a case to fix this in an update. -- James Peach | jor...@gmail.com -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
2009/12/16 Anton Starikov ant.stari...@gmail.com: On Dec 16, 2009, at 9:45 PM, James Peach wrote: 2009/12/16 Anton Starikov ant.stari...@gmail.com: One question. The fact that client ignore ACL capabilities of server, it is also normal for current smbfs implementation? Even in 10.5, the smbfs client does not ignore the filesystem ACL support attribute. With unix extensions enabled? Then I don't understand. Where is the problem. On server side I see smbd_audit: antst|xxx|antst|sys_acl_get_file|ok|. smbd_audit: antst|xxx|antst|sys_acl_get_file|ok|. smbd_audit: antst|xxx|antst|sys_acl_get_entry|ok| smbd_audit: antst|xxx|antst|sys_acl_free_acl|ok| smbd_audit: antst|xxx|antst|sys_acl_free_acl|ok| smbd_audit: antst|xxx|antst|get_nt_acl|ok|. a file: # getfacl /home/antst/tt1 getfacl: Removing leading '/' from absolute path names # file: home/antst/tt1 # owner: antst # group: cmsusers user::rw- user:mohand:rwx group::r-- mask::rwx other::--- And on client side: ls -le /tmp/qq1/tt1 -rw-r- 1 antst cmsusers 0 Dec 16 20:19 /tmp/qq1/tt1 And if I try to set ACL from OSX I get $ chmod +a mohand allow write /tmp/qq1/tt1 chmod: Failed to set ACL on file '/tmp/qq1/tt1': Operation not supported Looking into the source code of client (thanks for link) I see that CIFS_UNIX_POSIX_ACLS_CAP is not referenced in the sources (except header file, where it is defined). Although it can mean nothing and you can use somewhere in the code just numerical value. It doesn't use unix ACLs, it uses SMB ACLs. -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UID - high need to lower it for a test user - active directory auth
- Original Message - From: Michael Wood esiot...@gmail.com To: James Kosin james_ko...@cox.net Cc: KJS li...@netzensolutions.com; samba@lists.samba.org Sent: Friday, October 23, 2009 3:38 AM Subject: Re: [Samba] UID - high need to lower it for a test user - active directory auth -- snip -- What sort of problem are you having? The higher UID for non-local users is normal and shouldn't be touched in most cases. This is to keep the local UIDs different significantly from the ones that are not local. The only problem you may be having would be if you have a huge number of local users. In which case you would have to determine if it would be better to create all local account for everyone on the domain to keep from having problems. But, I seriously doubt this is the problem. If it's a wild goose chase it's my fault. He is having trouble with some commercial software when run by domain users instead of local users. The differences between them as far as I could tell are: The local users all have UIDs and primary group IDs 65536. The domain users all have UIDs and primary group IDs 65536. Also, the primary group name of the domain users is Domain Users. i.e. it has a space in it. Since traditionally UIDs and GIDs were 16 bit numbers, I thought it was possible that this commercial software somehow did not like the large UIDs/GIDs. Perhaps it would be easier to test a local user with a high UID and primary group ID to see if that also does not work. Which applications? I do know Microsoft Office products usually have some fine tuning when run with or without domain logins. Other than that; we would need more specifics to answer your problem... 1) You said the application being run was having problems, what error messages or problems? Try to be as complete as possible. 2) Name the application if possible? Microsoft Excel, etc. 3) If a custom application, what type of access is giving the problem? Database, text file, binary file, permissions, etc. 4) Is the problem random or only with users on the domain as oppose to the local machine accounts? The local machine accounts may have special permissions to access more features of the system. If the special application is taking advantage of these features it may not like the domain users. 5) Calm down... James Kosin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UID - high need to lower it for a test user - active directory auth
- Original Message - From: KJS li...@netzensolutions.com Newsgroups: linux.samba Sent: Thursday, October 22, 2009 9:00 AM Subject: Re: [Samba] UID - high need to lower it for a test user - active directory auth Hi Guys, I am having some problems with Active Directory users using a bit of software on our server, my AD users are authing via Winbind this works fine and the only difference I can see between a local user and an AD user is the fact the AD user has a MUCH higher UID, how can I create a user with a low UID to test this? I don't want to change them all yet as it might not be this that is causing the problem. Many Thanks, KJS What sort of problem are you having? The higher UID for non-local users is normal and shouldn't be touched in most cases. This is to keep the local UIDs different significantly from the ones that are not local. The only problem you may be having would be if you have a huge number of local users. In which case you would have to determine if it would be better to create all local account for everyone on the domain to keep from having problems. But, I seriously doubt this is the problem. James K. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nss_winbind / offline logon
James Zuelow Network Specialist City and Borough of Juneau MIS (907)586-0236 -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Petteri Heinonen Sent: Friday, 16 October, 2009 03:37 To: samba@lists.samba.org Subject: [Samba] nss_winbind / offline logon Hello list users, I have been struggling to make my AD integrated Debian Lenny box to work fluently also when network connectivity is down. What I would like to achieve: 1) When no network available, local user should still work normally 2) If possible, AD located users should still be able to login if they have previously logged in successfully (cached login) Number 2 is more like optional, but number 1 would be very much needed. However, it seems that winbind somehow blocks login process for local accounts too if it is not able to get network connection to AD during system boot. These are the relevant lines in my nsswitch.conf: passwd: files winbind group: files winbind shadow: files Now, I would think that with this configuration, that no matter what is the status of winbindd daemon, local users like root should be able to login. But that is not the case here. The login hangs for about 5 minutes, and after that it succeeds. If I remove winbind from nsswitch.conf or configure init system so that winbindd is not started up during boot, then logins for local accounts go through normally. a) make nsswitch understand that I do not want it to query anything from winbind if user is found from local files b) make winbind even somehow responsive also upon the situation where it has to start up without network connection Any help or pointers would be greatly appreciated. So for goal number 1, local user logins (hopefully without a 5 minute pause) I would check your PAM configuration. The first thing to look at is make sure that pam_winbind.so is set up as sufficient, and not required. If it is sufficient and your pam is set up like this: auth sufficient pam_winbind.so auth sufficient pam_unix.so use_first_pass What happens if you swap places, so that pam_unix comes before pam_winbind? I no longer have a system set up for AD account logins, so I can't test. This is from memory when I had a laptop (Debian Lenny even) that would do AD account logins, but it would always allow local account logins when the network was disconnected without a long pause. HTH! James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Adding a AD Group to a Unix user account
Hi Guys, First of all I can do the following: usermod -g GID bobby and it adds the group to the user account fine (GID being the actual number value not the name). but if i don't use -g it fails to work, I want to ADD the group Domain Users to bobbys account, so I tried: usermod -a -G GID bobby but it doesnt not appear to do anything... Anyone got any ideas? Many Thanks! James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind idmap question
-Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Christian Sent: Thursday, 17 September, 2009 10:01 To: samba Subject: [Samba] winbind idmap question Hi, how do I tell winbind to use UserId from AD, and not doing own mapping of ID's ? AD is win2003 R2 Std with sfu. What I did/tried: current (this did not work): # winbind separator = \ winbind use default domain = Yes winbind nested groups = Yes # winbind cache time = 600 template shell = /bin/bash # template homedir = /home/%D/%U template homedir = /home/%U idmap uid = 1-2 idmap gid = 1-2 winbind enum groups = Yes winbind enum users = Yes security = domain # security = ads # Where do we get our user information from? password server = srv-001.domain.local tried (did not work, too, and is very slow finding users): winbind use default domain = Yes winbind nested groups = Yes winbind nss info = rfc2307 idmap domains = DOMAIN idmap config DOMAIN:backend = ad idmap config DOMAIN:default = Yes idmap config DOMAIN:range = 1 - 1 idmap config DOMAIN:schema_mode = rfc2307 security = domain # security = ads # Where do we get our user information from? password server = srv-001.domain.local samba version is 3.2.7 Thanks for your ideas Kind Regards Chris From Samba version 3.2.5 (Debian Lenny) and 3.3.6 (Lenny backports). This config works for me in both versions, so I'm confident it will work in 3.2.7: idmap domains = YOUR_DOMAIN idmap config YOUR_DOMAIN:backend = rid idmap config YOUR_DOMAIN:base_rid = 0 idmap config YOUR_DOMAIN:range = 1 - 4 We have a Server 2003 native forest/domain not 2003 R2, and we do not have sfu deployed. So the environment is a little different. James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.4.0 upgrade on Suse 11.1
Hello, I want to upgrade samba 3.3.4 on SuSE 11.1 to 3.4. Has anyone encountered and problems with the new release, for example, authenticating against a windows AD? Thanks in advance, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permission problem with mac os x client
2009/7/16 Udo Mueller deb...@cs-ol.de: Hi all, Server: Debian 5.0 with samba 3.2.5 Client: Current Mac OS X Wanted: files with 0760, directories with 2770 Config: create mask = 760 directory mask = 770 force create mode = 760 force directory mode = 2770 Problem: files created with 644 or 764 or 600 directories created with 2700 or 0770 or 0700 My setup works just perfect with Windows Clients. Anyone knows why this doesnt work with mac os x? try unix extensions = no -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4-alpha 6 on Ubuntu Jaunty
First let me say thanks to the Samba team for all time and effort you have put forward. Now I do not have a problem per se but am going to be testing some of the Alpha versions with respect to Ubuntu. I am interested in testing policies in particular but before I go through and do that I am curious about the dynamic dns and dhcp. I have always found DHCP to be a pain to set up in Linux and as I work in a predominantly Windows environment (did sneek in a Linux boxen for virtual machines), I can tell you that MSoft's version of DHCP is quite easy to work with. Are there any plans to tie the DNS and DHCP as part of the provisioning process? That in and of itself would be fairly important to win administrators. Thanks again. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE: Samba with ADS
-Original Message- From: samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba.org [mailto:samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba .org] On Behalf Of McGranahan, Jamen Sent: Monday, 15 June, 2009 07:50 To: samba@lists.samba.org Subject: [Samba] Samba with ADS Environment: Sun Solaris 9 sparc Software: Samba-3.3.3, KRB5-1.6.3, OpenLDAP-2.4.11 Problem: Am trying to create shares with Samba so that users can map to folders on this server using Active Directory. I am successful in creating a Kerberos ticket; I can join the domain; and wbinfo -u and -g give me users in the AD. However, getent passwd only gives me a list of users on the server and not in the AD. The winbindd.log file has a lot of these lines: --8-- snip --8-- If you have any advice and/or guidance, I would greatly appreciate it. Thank you! The getent passwd trouble may be a red herring. If you do not have these lines in smb.conf Winbind enum users = Yes Winbind enum groups = Yes Then wbinfo -u will work, but getent passwd will not. Generally you want to leave enumumerating users and groups turned off (the default) on larger domains. In my experience having them turned on can delay share access, restart times, etc. However enumerating users and groups so that getent passwd works is not necessary for shares to work correctly or users to map drives in AD. (At least this is true for Debian, I don't know about Solaris.) James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrading from NT to AD
On Jun 10, 2009, at 9:24 PM, Edward Ned Harvey wrote: Could someone point me toward documentation on the impact to Samba of upgrading from an NT domain to Active Directory? I've found docs on Samba with NT domains and docs on Samba with AD, but not so much on the upgrade process. I'd like to know exactly what I'm doing before I do anything that could cut my Windows users off from the file servers. Whether it's as easy as do the upgrade and your Samba servers will automatically make the transition, or I have to set up Kerberos and make changes to smb.conf, I want to be sure I know all the steps involved. I don't know any such documentation (and good luck to you finding it) - I would think maybe you'll find something going from 2003 to 2008 ... but from NT to AD ... phew doggy... It's something that I'm sure enough people have done at this point that documentation must exist somewhere. Even if it's old, it's not like NT has changed in years. Anyway - I do have some advice for you. Find some way to attach a new hard drive to the windows server. Boot from something like centos cd1 in rescue mode. Use dd to backup the OS hard drive to a file on the new HD. If the OS hard drive is software mirrored, make separate dd's for each of the 2 hard drives. That way, you're free to do what you need to do, and you always have a safetynet. Thanks for the advice. I'm going to be retiring the old NT server during this process and replacing it with a new system. I'm planning to use a third system as a swing server to help me get the upgrade done. I'll shut down the PDC, promote the BDC and upgrade it, then bring up the new PDC as a BDC (essentially), promote it and shut down the swing box. There shouldn't be any cruft left over from NT on my new PDC, and if something goes wrong in the process, I can bring up the old PDC and be back up and running quickly. I'll be doing a dd backup anyway, because it's always better to be safe than sorry. Assuming you're using Kerberos, my expectation is that you don't need to do anything at all on the samba server. But don't hold me to it. How about if I'm not currently using Kerberos? Thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrading from NT to AD
Hi Samba users, Could someone point me toward documentation on the impact to Samba of upgrading from an NT domain to Active Directory? I've found docs on Samba with NT domains and docs on Samba with AD, but not so much on the upgrade process. I'd like to know exactly what I'm doing before I do anything that could cut my Windows users off from the file servers. Whether it's as easy as do the upgrade and your Samba servers will automatically make the transition, or I have to set up Kerberos and make changes to smb.conf, I want to be sure I know all the steps involved. Thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] authenticate Linux users to AD on Windows 2003R2
Hello, I have enough details on how to have Linux users authenticate to a 2003r2 AD, but I need help getting their home dir's to automatically mount to a windows share. Any details would be greatly appreciated. Many thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] NTFS Attributes
-Original Message- From: samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba.org [mailto:samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba .org] On Behalf Of Wikked one Sent: Friday, 08 May, 2009 01:52 To: m...@campbell-lange.net; volker.lende...@sernet.de Cc: samba@lists.samba.org Subject: RE: [Samba] NTFS Attributes Hi Mark, I think this is what you're looking for? http://www.debianhelp.co.uk/acl.htm http://aisalen.wordpress.com/2007/08/10/acls-on-samba/ This will allow you to emulate most NTFS attributes with your back up. Not really Samba related, but possibly an important point for Samba admins on Debian who like to backup ACL information. Note that the debianhelp article refers to the star package. For some reason star isn't available in Lenny. But both the Etch and Sid package install just fine. (Sid is a newer version, and hopefully filters down into backports at some point.) James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Using kerberos authentication without AD
Here's the scenario we often run into; we have machines with multiple user accounts, which all authenticate to our kerberos servers. Depending on the group, these accounts could be local, nis, ldap, etc. They often want to provide samba services, but binding the machine to AD isn't always feasible, so they have to manually create the samba users and password database. Is there any way for samba to use our kerberos servers directly for authentication, without having an AD domain controller as the middleman, and without using plaintext authentication? Thanks -jim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Time capsule and bad smb
2009/4/21 Pietro Battiston too...@email.it: Il giorno lun, 16/02/2009 alle 23.03 -0800, Jeremy Allison ha scritto: On Mon, Feb 16, 2009 at 09:42:48PM -0800, James Peach wrote: Volker's suggestion is the best. Pietro should to http://developer.apple.com/bugreporter/ and log a bug against the TIme Capsule. It would be best to attach a packet trace to the bug. Follow the instructions here: http://wiki.samba.org/index.php/Capture_Packets Boo, hiss, cop-out :-). I'll try and dig up a time capsule to bring to Connectathon next week if any of the Linux smbfs folks would like to test against it ... Sure, I'll be there and I'd love to take a look at it. Will there be any Time Capsule engineers there though if we do find bugs ? Did someone debug the problem? yes The bug I filed (# 6598363) in the Apple bugtracker is just there, alone, with apparently no care given to, since more than 2 months... Not everything that happens to a bug report is visible to the originator. When they ship a release that includes the fix, the bug should be sent back to you to verify. Sorry the process is so opaque. -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: samba Digest, Vol 76, Issue 10
2009/4/10 Alex Thurley alex.thur...@bonn-is.de: Dear List, I wonder if somebody has a correctly working SMB service in Mac OS X Server 10.5.x. I've got here lots of This process has forked.. This is because a call to the Security framework touches a part of CoreFoundation that is unhappy that Samba forks without a subsequent exec. It's annoying but harmless. and Broken Pipe errors as described in this post: http://www.afp548.com/forum/viewtopic.php?showtopic=22295 Not really enough info to say what is happening here. the broken pipe means that the client disconnected unexpectedly, but it's not clear why. As some of the posters in that thread note, there is a bug in the streams module where we return an error for reads after the end-of-file (we ought to succeed but return no data). Would be nice if a Samba-guru could point us to the right direction. Volker's suggestion to file a Radar with Apple is spot on. -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] failed to join domain error
-Original Message- From: samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba.org [mailto:samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba .org] On Behalf Of Benedict simon Sent: Friday, 27 March, 2009 05:06 To: samba@lists.samba.org Subject: [Samba] failed to join domain error Dear All, I have succesfully managed to have my kerberos configured n working without error when i say kinit Administrator and after entering password i get the # prompt so its works fine now i configured /etc/samba/smb.conf but when i try to join my Win2003 ADS domain server net ads join -U Administrator Administrator's password: [2009/03/26 21:58:05, 0] utils/net_ads.c:ads_startup_int(286) ads_connect: No logon servers Failed to join domain: No logon servers thnks and Regards Simon -- Network ADMIN - KUWAIT MUNICIPALITY: I just had a host do this recently, using Samba 3.2.5-4 Debian. DNS was working fine, kerberos was working fine, but for some reason net ads join didn't want to work. I resolved it by putting an entry for a domain controller into /etc/hosts. After that net ads join worked fine. James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Is the net rpc vampire at all destructive to a NT4 PDC?
Is it safe to run the net rpc vampire command on a PDC as many times as you want in effort to test the NT4 - samba PDC? While keeping the NT4 PDC in production mode? With the goal of test the full operation of the migrated PDC on a separate network. ` I've done this several times against my PDC without any problems. Best, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help - smbiod
Hello all, I need help about smbiod, i have mounted samba server from linux client with command mount -t smbfs -o username=root //10.10.x.x/folder /dest and then the client ask about password, and it works, but when i copy files in the middle of the process suddenly it stoped, then i run command top i see smbiod use verry high cpu usage(more than 90%). Is there anyone can help me, please.. Thx. here is my log : Mar 20 11:15:32 showa16 smbd[3013]: [2009/03/20 11:15:32, 0] lib/util_sock.c:get_peer_addr(1000) Mar 20 11:15:32 showa16 smbd[3013]: getpeername failed. Error was Transport endpoint is not connected Mar 20 11:15:32 showa16 smbd[3013]: [2009/03/20 11:15:32, 0] lib/util_sock.c:write_socket_data(430) Mar 20 11:15:32 showa16 smbd[3013]: write_socket_data: write failure. Error = Connection reset by peer Mar 20 11:15:32 showa16 smbd[3013]: [2009/03/20 11:15:32, 0] lib/util_sock.c:write_socket(455) Mar 20 11:15:32 showa16 smbd[3013]: write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer Mar 20 11:15:32 showa16 smbd[3013]: [2009/03/20 11:15:32, 0] lib/util_sock.c:send_smb(647) Mar 20 11:15:32 showa16 smbd[3013]: Error writing 4 bytes to client. -1. (Connection reset by peer) Mar 20 11:15:42 showa16 kernel: smb_add_request: request [e9361ee0, mid=32451] timed out! Mar 20 11:16:16 showa16 kernel: smb_add_request: request [e9361ee0, mid=44881] timed out! Mar 20 11:16:50 showa16 kernel: smbiod_handle_request: smbiod got a request ... and we don't implement oplocks! Mar 20 11:17:20 showa16 kernel: smb_add_request: request [e9361ee0, mid=1915] timed out! Mar 20 11:17:20 showa16 kernel: smbiod_handle_request: smbiod got a request ... and we don't implement oplocks! Mar 20 11:17:20 showa16 kernel: smb_get_length: Invalid NBT packet, code=31 Mar 20 11:17:20 showa16 kernel: smb_add_request: request [e9361dc0, mid=1916] timed out! Mar 20 11:17:50 showa16 kernel: smb_add_request: request [e9361ee0, mid=1917] timed out! Mar 20 11:17:50 showa16 kernel: smb_lookup: find 060711/Brother's.JPG failed, error=-5 Mar 20 11:18:07 showa16 kernel: smb_proc_readdir_long: error=-2, breaking Mar 20 11:18:36 showa16 kernel: smb_get_length: Invalid NBT packet, code=33 Mar 20 11:19:06 showa16 kernel: smb_add_request: request [e9361ee0, mid=28823] timed out! Mar 20 11:19:39 showa16 kernel: smb_add_request: request [e9361ee0, mid=29609] timed out! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE: To winbind or not to winbind.
-Original Message- From: samba-technical-bounces+james.chavez=sanmina-sci@lists.samba.org [mailto:samba-technical-bounces+james.chavez=sanmina-sci@lists.samba .org] On Behalf Of William Jojo Sent: Wednesday, March 11, 2009 3:51 PM To: samba-techni...@samba.org Subject: To winbind or not to winbind. The subject pretty much says it all. I know that I need winbindd when running Samba in ADS mode as a DMS to AD, otherwise nothing works right. I was playing in Ubuntu 8.04.2 which has 3.0.28a (trying to stay pure on this box) default winbindd on. Well, when I try to set ACLs on a file (ext3, ea support on, acls and extended_xattr) with winbind on I get no error when I apply the change, but the Windows XP side shows no change but the Samba log shows: [2009/03/11 18:39:22, 0] smbd/posix_acls.c:create_canon_ace_lists(1438) create_canon_ace_lists: unable to map SID S-1-5-21--XXX--1412 to uid or gid. Then I turn winbindd off and everything is perfect - no problems, acl is applied and the refresh on the Windows side concurs with the Ubuntu side. Is this by design? I always thought that winbindd running was not a hindrance, util now. In fact I thought I recalled a few threads where is was recommended that winbindd run no matter what your setup. Can someone elaborate or point to a place where I missed the elaboration? :-) :-) Cheers, Bill _ Don't mean to jump on this but... is it necessary or recommended to have Winbind running when your box is acting as an ADS member server? You say nothing works right? Maybe this is the cause of some of the inermittent issues I have.. Can anyone elaborate. I thought I did not need Winbind..I do not use it and everything seems to work great but from time to time I get no password server available to validate. Might not be related.. Thanks James CONFIDENTIALITY This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof. ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE: winbind
Hello Van, I suggest you checkout PAM_MOUNT ( http://pam-mount.sourceforge.net/ ) Thanks, James Mitchell From: samba-bounces+james.p.mitchell=det.nsw.edu...@lists.samba.org [samba-bounces+james.p.mitchell=det.nsw.edu...@lists.samba.org] On Behalf Of Van Camp Jan [jan.vanc...@health.fgov.be] Sent: Tuesday, 10 March 2009 12:39 AM To: samba@lists.samba.org Subject: [Samba] FW: winbind From: Van Camp Jan Sent: Monday, March 09, 2009 2:24 PM To: 'samba-techni...@lists.samba.org' Subject: winbind Hello , I am trying to install samba (I'm a novice to samba). I think I followed all installation steps but the problem Is when I want to map a share on my windows client it always prompts me for a password. For as much as I know it is the winbind that isn't working correctly or the share that isn't configured correctly. Does somebody know of this general issue and can they help me with this please ? Thank you in advance, Greetings, Jan Belgium Disclaimer : https://portal.health.fgov.be/portal/page?_pageid=56,8674425_dad=portal_schema=PORTAL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba ** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] VMmware Converter Split into 2GB files - Samba Share
I have an Ubuntu 8.04.2 Linux Server setup with Samba installed with Ubuntu Version 3.0.28a-1ubuntu4.4 I have setup a samba share for a Windows 2000 Server to perform a P2V (Physical to Virtual) conversion of it to the Samba Share. When going through the conversion process using Vmware converter on the Windows 2000 machine I point the destination to the samba share but it does not allow me to unselect the option to split into 2GB files. I want to use a single large file for the VM. The file system on the Linux server where the samba share is located is XFS. Is this something to do with Samba perhaps appearing as a file system with a file size limit of 2GB? If so how do I resolve it? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] pam_winbind get attributes?
Hello, I am attempting to map the home directory of users as they login using pam_winbind by getting the attribute from Active Directory. It appears that in pam_winbind.c _pam_set_data_string(pamh, ctrl, PAM_WINBIND_HOMEDIR, response-data.auth.info3.home_dir); Does not actually contain the homedir, it contains nothing. Is this because I'm using it on a MS AD domain rather then LDAP? If I do (using ldap-utils): ldapsearch -h server -D CN=My User,OU=something,DC=domain,DC=com -b DC=domain,DC=com -x -W homeDirectory I retrieve the active directory home drives. However I'm wishing to implement mounting either in pam_winbind or pam_mount. This ldapsearch part requires me to use -D bindDN and -W I did read about anonymous logins, but is there a way to query this information within pam_winbind or other suggestions? Thanks, James Mitchell ** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] PDB files and Delayed Write Failed
Hello Samba Community, I have what is probably a very unique problem. Allow me to explain: Background: We build software for Windows, among other things. Most of our developers are not on Windows, but they need to do Windows builds. To facilitate this, we've set up a complex build system where calling make automatically connects (rsh/ssh) to a cmd shell on the Windows build server, translates our Makefile into something more suitable for Windows, and executes the build. The source code is not on the build server's local disks, but is instead sitting on a file server which the build server accesses through Samba. This leads to the problem. The Problem(s): We're seeing mysterious and unpredictable problems in this environment. Looking through the Event Viewer, we've seen 2658 Delayed Write Failed messages since October. Only 19 of them did not relate to .pdb files. The Samba logs don't indicate a problem. We're getting messages from the compiler that it can't find header files which definitely exist and are definitely in the include path. We're also getting the occasional gmake: *** Makefile: Permission denied. Stop. message. Simply starting the make again without changing any permissions allows the build to continue. Build Server: * Windows Server 2003 SP2 * 4x 3 GHz Xeon (5160) * 4 GB RAM * 2x 10k RPM SAS drives, hardware RAID 1 File Server: * CentOS 5.2 * 8x 3 GHz Xeon (5450) * 4 GB RAM * 14x 15k RPM SAS drives, hardware RAID 6 * Samba 3.0.25b-1.el5_1.4 * Authenticates against Windows domain controller(s) What I've tried already (not necessarily in this order): * Rebooted the Build Server. * Swapped OSs on the Build Server. We started with NT, then moved to XP and are now on Server 2003. * Swapped Ethernet cable on the Build Server. * Swapped Ethernet switch port for the Build Server. * Swapped Ethernet switch for the Build Server. * Swapped Ethernet NIC on the Build Server. * Swapped the Build Server hardware itself. * Switched from explicitly mapping drives at the start of each remote cmd session to using UNC paths. * Swapped OSs on the File Server. We started with Red Hat Linux 8 for i386 and have moved up through several iterations to Centos 5.2 for x86_64. * Swapped Ethernet cable on the File Server. * Swapped Ethernet switch port for the File Server. * Swapped Ethernet switch for the File Server. * Swapped Ethernet NIC on the File Server. * Swapped the File Server hardware itself. * Upgraded to the latest version of Samba available from the CentOS team. This broke domain authentication for us, so we rolled back to 3.0.25. * Added a backup domain controller. (NT4 domain environment still. Yes, I know, I'm working on it) * Changed the Samba socket options from TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 to TCP_NODELAY IPTOS_LOWDELAY. * Set large readwrite = no * Set write raw = no * Explicitly turned on oplocks and level2 oplocks, though I believe they are on by default. * dos filetimes = yes * fake directory create times = yes * dos filetime resolution = yes * allocation roundup size = 0 Thusfar, any time we've managed to improve performance back to the expected level, it has been unclear what did the trick... and it didn't last. If anyone has any thoughts on other things I can try, I would certainly appreciate it. If there's any further information that would help in making an assessment, I'd be happy to post what I can. Thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] when will samba4 become stable
I'm betting the answer will be something like: The rate at which samba4 approaches stability is tied to the number of people using it and filing bugs so get out there and use it ;-) On Wed, Feb 25, 2009 at 08:20:37AM -0500, Ying Hu wrote: I checked most samba 4 related posts and couldn't fine the answer. Is there any targeted date for samba4 to become stable? thanks, Ying -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- James R. Leu j...@mindspring.com pgpbbq9XkwP9m.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can't log in as same user on different domain
Hello, Moved user accounts from one domain to another and now can't log in to workstations with the same user name that was used in the previous domain. If we log in as a user who has never logged in to the workstation, that user can log in under the new domain. Is there some user info cached in winbind that prevents the identical user name from logging in under a different domain? Any way to fix this? Many thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba