Re: [Samba] RE Samba (winbind) troubles
hijacked the winbind threat.. but.. Really,. If you want my opinion and you probably don't, people need to stop thinking NT server if they connect to a samba4 AD server and start thinking AD server, they are totally different. . Novell NDS is much better the MS its (nds kopied) AD but thats not the issue. Als big point is, not thinking in AD, its making better manuals/howtos based on realworld examples. Im working with Novell/Windows/ over 20 years now. Linux about 15. and really, the manuals and howtos arent easy to read, sorry.. that is for me since im dutch. There are to many senarios, and combined with the wiki, its a mess in my head... Some howto's simplified would be nice. like for example. ( choose ) - Single server setup, with samba4 AD, choose internal dns or bind. etc.. - 2 Samba4 DC servers, using bind, etc. etc. - 1 samba4 server, added to windows AD. - 1 windows server, added to samba4 ad. - 2 samba4 DC servers and remote 1 samba DC server. These 5 are are the start of all other senarios. ( some extra's ) - samba4 setup with DRDB or GLUSTER ( sinds its default in most distros ) ( management ) GUI - Windows tools CLI - some needed commands as example. etc .. Put the pro/cons in a matrix what works what not. and i preferred something like this with for example the sernet packages. This way is always the same, no compiling needed, so less questions here, and bugs are faster found. looks a win win for me. and if a setup if make for example with ubuntu, is usable for all debian bases install. same for centos/redhet. Im using this stratigy for al my servers i install and manage. bugs are very fast found and fixed with upstream packages. I dont compile on any production server, as should everyone else. Any suggestions samba team? please do so, lets make the best software even better. My now running setup, is done by howto ( make my own at the time ), and is running sinds 2004, with 0 errors, ok, some failing hardware, but samba never let me down. I still use the manual to install new servers in my environment now. I've been testing samba4 since alpha 8, and for now, im still not running it. Why, setting up samba4 is to complex in my situation, yes, documentation is good, but for me its to much. but if its for me, how about other people,... what would you like to see to simpilfy the samba4 install. A simple thing as installing samba4 and adding it as DC to a windows domain. really try it with only the wiki info. Such a simple thing like this, is very complex explaind in the wiki. but ok this is my point of view. I do like samba, but wiki/howtos are lots to improve. I promise to the samba communitie, when i start my install, ill document it and make a nice howto of it. A howto everyone can read and understand. ( will be debian/ubuntu base, with sernet packages ) Still samba team/sernet team, thanks for providing this software, lets make it better with all of us. there al lots of very good people here on the mailing which have the knowlidge to make such howtos. ow... and sorry for my bad english.. ;-) i dont write much in english these days. Best regards, Louis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE Samba (winbind) troubles
On Wed, 2013-07-24 at 09:09 +0200, L.P.H. van Belle wrote: hijacked the winbind threat.. but.. Don't feel threatened. There _are_ alternatives. I do like samba, but wiki/howtos are lots to improve. To be fair, it's not just Samba. It's most open source stuff. There are too many hobbyists and armchair users. As joe public, what we should be doing is not criticising the devs for their poor documentation. We should be writing it ourselves at our own level. Let the devs enjoy their C and let's thank them for the code. It's not down to them to document it for end users. I doubt that Microsoft would allow their coders anywhere near the end user documentation department. Anyway, hopefully complex DC's and windows domains will soon be a thing of the past. You don't need winbind for Cloud. You won't need sysadmins either. Just someone who can read the quickstart guide. Just my €0.02 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE Samba (winbind) troubles
From: steve On Wed, 2013-07-24 at 09:09 +0200, L.P.H. van Belle wrote: I do like samba, but wiki/howtos are lots to improve. To be fair, it's not just Samba. It's most open source stuff. There are too many hobbyists and armchair users. As joe public, what we should be doing is not criticising the devs for their poor documentation. We should be writing it ourselves at our own level. Let the devs enjoy their C and let's thank them for the code. It's not down to them to document it for end users. It's a little hard to write documentation when all you've got is a million questions and no answers. The only people who actually have the answers are the developers. I wish developers would routinely budget, oh, 10% of their time to writing docs. I spend at least twice that much on documenting my own software, because I find it helps me write better organized code if I first have to explain what it's going to do, or how to use it. Write the manual first, then implement it, modifying the manual as you discover logical flaws during the process of writing and debugging. I doubt that Microsoft would allow their coders anywhere near the end user documentation department. I don't know what they do at Microsoft, but there must be some organized way of getting the software writers to convey the information to the people who actually write the documentation. In my opinion (as someone who's been spending a big chunk of his life reading documentation lately), the MSDN content ranges from marginal to excellent, while Linux-land documentation ranges from practically non-existent (e.g., ALSA) to very good (the kernel man pages). So far, I think Samba's docs get about a C-, but that's because I know next to nothing about networking; they may look much better to someone who already knows all about SMB from the Windows world. -- Ciao, Paul D. DeRocco Paulmailto:pdero...@ix.netcom.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE Samba (winbind) troubles
On Wed, 2013-07-24 at 01:26 -0700, Paul D. DeRocco wrote: From: steve On Wed, 2013-07-24 at 09:09 +0200, L.P.H. van Belle wrote: I do like samba, but wiki/howtos are lots to improve. To be fair, it's not just Samba. It's most open source stuff. There are too many hobbyists and armchair users. As joe public, what we should be doing is not criticising the devs for their poor documentation. We should be writing it ourselves at our own level. Let the devs enjoy their C and let's thank them for the code. It's not down to them to document it for end users. It's a little hard to write documentation when all you've got is a million questions and no answers. The only people who actually have the answers are the developers. Hi That's not the case. They are too far removed from being an end user let alone a beginner. You're just about to solve an issue that you have raised in this thread. As soon as you have it solved then document it in your own words: your own notes in case you get the issue again. It's a small step from there to tidy it up a bit and blog or wiki it. You have the opportunity of using the non jargon, non technical language end users hate. Other end users will hit the blog like it's going out of fashion. There's a demand for this level of documentation. Salu2 Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE Samba (winbind) troubles
Look, your still not getting the point steve. Yes, you made some good howtos, i've read them. But because there are so many options, so many roads to rome... It hard to decide what to use. Yes, developers needs to be developers, but if the developers dont document. Who can make then the documentation, so yes, the devs need to do some documentation. And what er is, is good, thats not the point. My point is, there are lots of people installing samba4, on different ways. I would be nice if there are some guideline howto setup such a thing. Ans yes, even microsoft of novell have such guidelines. But thats not the point. Im asking here, if the people how really understand samba4, and this can be dev of communitie people. can make some simple howtos. As i already sad, im going to make one, like the one before. For example look at my old setup. http://lists.samba.org/archive/samba/2005-December/114817.html Its still usable, ok, the layout is bit messed up, but it still works. ( dont be to hard on it, it was my first howto. ) and, is stated in 2005... quote I try to give a complete solution for this how-to, this is because lots of people where asking the same things on the samba list and lots of people make the same mistakes. and all these same questions are taking precious time of the dev's. Samba4 can be much much better in use, when there are beter howto's. Which dont need compiling to make it more accessable for others, and most important, no compiling software on production servers, its not safe and not needed! Keep things as standard as it can be, you live gets so much easier if you do. For example, my backups, are just /etc /home/MYDATA. and my ldap export. If i have a crash, happend 1 time, i just reinstall my server, put back my configs. and reset rights if needed, im always up and running within 1-2 hours. ( with about 40-60GB data ) Even if my building burns out. ( ok ,tape restore takes 1,5 hours, so, total restore time 3-4 hours ) I can replicate every installation very easy because of no compiling, and keep it as standard as i can. Debian is a star of keeping the install files original, and use include.d dirs for extra settings. This is power in upgradeing and reinstalls. Thats my point. So lets help one and other, im looking for sernet based howtos, please e-mail them to me if you have one. I'll try to make a new big howto for samba. Louis -Oorspronkelijk bericht- Van: st...@steve-ss.com [mailto:samba-boun...@lists.samba.org] Namens steve Verzonden: woensdag 24 juli 2013 11:08 Aan: samba@lists.samba.org Onderwerp: Re: [Samba] RE Samba (winbind) troubles On Wed, 2013-07-24 at 01:26 -0700, Paul D. DeRocco wrote: From: steve On Wed, 2013-07-24 at 09:09 +0200, L.P.H. van Belle wrote: I do like samba, but wiki/howtos are lots to improve. To be fair, it's not just Samba. It's most open source stuff. There are too many hobbyists and armchair users. As joe public, what we should be doing is not criticising the devs for their poor documentation. We should be writing it ourselves at our own level. Let the devs enjoy their C and let's thank them for the code. It's not down to them to document it for end users. It's a little hard to write documentation when all you've got is a million questions and no answers. The only people who actually have the answers are the developers. Hi That's not the case. They are too far removed from being an end user let alone a beginner. You're just about to solve an issue that you have raised in this thread. As soon as you have it solved then document it in your own words: your own notes in case you get the issue again. It's a small step from there to tidy it up a bit and blog or wiki it. You have the opportunity of using the non jargon, non technical language end users hate. Other end users will hit the blog like it's going out of fashion. There's a demand for this level of documentation. Salu2 Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Does Samba Re-read Changes To smb.conf
Hi, I was told that samba will re-read the smb.conf if you make changes without restarting the smb service. Is that true, if yes how long do I need to wait before I see the new share I added to the smb.conf. Thanks Bob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Does Samba Re-read Changes To smb.conf
Hallo, bhogue, Du meintest am 17.07.13: I was told that samba will re-read the smb.conf if you make changes without restarting the smb service. That's not true for the [global] section. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] re list
Hi I am new here and am wondering if I have the correct list to subscibe to. I am looking for a user forum; technical mutual help/tutorial type list; would this be that type of thing? So far the messages I am seeing are mainly intercommunications between what appear to be developers working on assigned sub-projects of various flavors of samba. I don't want to spam a list with inappropriate queries repeatedly when they don't get answered. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] re list
C I am new here and am wondering if I have the correct list to subscibe to. C I am looking for a user forum; technical mutual help/tutorial type C list; would this be that type of thing? You're on the right list. However the varying level of technical complexity is very high. Some of us are doing pretty simple stuff, and others are probably doing rocket-science, literally. :) So, ask here, do a bunch of Google-foo, and tinker yourself. Between one of the three or combinations thereof, you'll probably find an answer. -Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re : samba Digest, Vol 119, Issue 11
Chers correspondants, Bonjour ! Merci pour votre correspondance que vous envoyez à mon compte depuis une très longue période. Néanmoins je dois vous dire que je comprends la langue anglaise que trés partiellement, aussi je ne retiens de vos écrits que très peu de choses. Par conséquent, je vous demanderais de voir la possibilité de me transmettre vos numéros en langue française et je remercie infiniment ham...@yahoo.fr --- En date de : Dim 11.11.12, samba-requ...@lists.samba.org samba-requ...@lists.samba.org a écrit : De: samba-requ...@lists.samba.org samba-requ...@lists.samba.org Objet: samba Digest, Vol 119, Issue 11 À: samba@lists.samba.org Date: Dimanche 11 novembre 2012, 20h00 Send samba mailing list submissions to samba@lists.samba.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.samba.org/mailman/listinfo/samba or, via email, send a message with subject or body 'help' to samba-requ...@lists.samba.org You can reach the person managing the list at samba-ow...@lists.samba.org When replying, please edit your Subject line so it is more specific than Re: Contents of samba digest... Today's Topics: 1. Re: Problem with Remote Announce (Nick Howitt) 2. Question about filtering (Enrico Scantamburlo) 3. [SAMBA4 RC1] Strange internal DNS behaviour (Szymon Zycinski) 4. Problem with filtering (Enrico Scantamburlo) 5. Re: samba4 documentation (Andrew Bartlett) 6. Re: Question about filtering (Andrew Bartlett) 7. Re: samba4 documentation (Jos? Neto) 8. Re: SYSVOL ACLs and GPOs (Andrew Bartlett) 9. ANNOUNCE: cifs-utils release 5.8 is ready for download (Jeff Layton) ___ samba mailing list samba@lists.samba.org https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re-replicate LDAP
I am still having this issue. Does anyone have any ideas?? - Original Message - From: Kristofer kristo...@cybernetik.net To: samba@lists.samba.org Sent: Monday, October 15, 2012 10:08:05 AM Subject: Re: [Samba] Re-replicate LDAP samba4 service needs to be running to demote. When samba is started what does samba-tool drs showrepl say ? Samba IS running. I also receive this error when trying it against a specific server: Using BRSAD as partner server for the demotion ERROR(class 'samba.drs_utils.drsException'): uncaught exception - drsException: DRS connection to BRSAD failed: (-1073741772, 'NT_STATUS_OBJECT_NAME_NOT_FOUND') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 168, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 631, in run (drsuapiBind, drsuapi_handle, supportedExtensions) = drsuapi_connect(server, lp, creds) File /usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py, line 54, in drsuapi_connect raise drsException(DRS connection to %s failed: %s % (server, e)) ALl servers are showing success from showrepl and 0 consecutive failures. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re-replicate LDAP
On Oct 15, 2012, at 12:56 AM, Andreas Oster aos...@novanetwork.de wrote: I guess you can achieve the same with: samba-tool domain demote -Uadministrator afterwards you can join the DC again. That has been unsuccessful to me also. I receiver errors: Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:BLADS1.ad.domain.com[1024,seal] NT_STATUS_IO_TIMEOUT ERROR(class 'samba.drs_utils.drsException'): uncaught exception - drsException: DRS connection to BLADS1.ad.domain.com failed: (-1073741643, 'NT_STATUS_IO_TIMEOUT') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 168, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 631, in run (drsuapiBind, drsuapi_handle, supportedExtensions) = drsuapi_connect(server, lp, creds) File /usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py, line 54, in drsuapi_connect raise drsException(DRS connection to %s failed: %s % (server, e)) root@rcads1:/usr/local/samba/bin# -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re-replicate LDAP
Am 15.10.2012 08:41, schrieb Kristofer: On Oct 15, 2012, at 12:56 AM, Andreas Oster aos...@novanetwork.de wrote: I guess you can achieve the same with: samba-tool domain demote -Uadministrator afterwards you can join the DC again. That has been unsuccessful to me also. I receiver errors: Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:BLADS1.ad.domain.com[1024,seal] NT_STATUS_IO_TIMEOUT ERROR(class 'samba.drs_utils.drsException'): uncaught exception - drsException: DRS connection to BLADS1.ad.domain.com failed: (-1073741643, 'NT_STATUS_IO_TIMEOUT') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 168, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 631, in run (drsuapiBind, drsuapi_handle, supportedExtensions) = drsuapi_connect(server, lp, creds) File /usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py, line 54, in drsuapi_connect raise drsException(DRS connection to %s failed: %s % (server, e)) root@rcads1:/usr/local/samba/bin# Hello Kristofer, samba4 service needs to be running to demote. When samba is started what does samba-tool drs showrepl say ? best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re-replicate LDAP
samba4 service needs to be running to demote. When samba is started what does samba-tool drs showrepl say ? Samba IS running. I also receive this error when trying it against a specific server: Using BRSAD as partner server for the demotion ERROR(class 'samba.drs_utils.drsException'): uncaught exception - drsException: DRS connection to BRSAD failed: (-1073741772, 'NT_STATUS_OBJECT_NAME_NOT_FOUND') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 168, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 631, in run (drsuapiBind, drsuapi_handle, supportedExtensions) = drsuapi_connect(server, lp, creds) File /usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py, line 54, in drsuapi_connect raise drsException(DRS connection to %s failed: %s % (server, e)) ALl servers are showing success from showrepl and 0 consecutive failures. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re-replicate LDAP
I currently have 10 domain controllers (all Samba 4rc1), and I would like to reset one of them. I would like to completely clear out their LDAP database, and force it to get a fresh copy replicated from one of the other 9 DC's out there. What would be the proper way of doing this with Samba 4? I know in Windows, you can demote a DC, and then promote it, and it will recover any data, but am unsure of how to replicate that procedure with S4. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re-replicate LDAP
Am 15.10.2012 01:50, schrieb Kristofer: I currently have 10 domain controllers (all Samba 4rc1), and I would like to reset one of them. I would like to completely clear out their LDAP database, and force it to get a fresh copy replicated from one of the other 9 DC's out there. What would be the proper way of doing this with Samba 4? I know in Windows, you can demote a DC, and then promote it, and it will recover any data, but am unsure of how to replicate that procedure with S4. Hello Kristofer, I guess you can achieve the same with: samba-tool domain demote -Uadministrator afterwards you can join the DC again. best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re : username map not working to 3.6.3 (security =ADS)
Somebody has this issue ? I add something, in the smb.conf i'm used usermap for my unix user and my domain user regards De : aikin...@yahoo.fr aikin...@yahoo.fr À : samba@lists.samba.org samba@lists.samba.org Envoyé le : Jeudi 3 mai 2012 9h32 Objet : username map not working to 3.6.3 (security =ADS) Hi all, i'm working on solaris 10 with compiling samba version 3.6.3. My box is client of LDAP on solaris server Server Samba is domain member of AD Windows 2008R2 Kerberos is configured to link to AD Windows 2008R2. I'm not use windbind in my configuration. I've got this messages [2012/04/27 13:39:10.550408, 3] auth/user_krb5.c:50(get_user_from_kerberos_info) Kerberos ticket principal name is [minh.hu...@example.com] [2012/04/27 13:39:10.550519, 3] auth/user_util.c:402(map_username) Mapped user ALFRGIS\user-metal to metal [2012/04/27 13:39:10.571135, 3] auth/auth_util.c:1028(check_account) Failed to find authenticated user ALFRGIS\user-metal via getpwnam(), denying access. [2012/04/27 13:39:10.571221, 1] auth/user_krb5.c:211(make_server_info_krb5) make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER! [2012/04/27 13:39:10.571284, 1] smbd/sesssetup.c:379(reply_spnego_kerberos) make_server_info_krb5 failed! [2012/04/27 13:39:10.571359, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(383) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/04/27 13:39:12.804376, 3] smbd/server_exit.c:180(exit_server_common) Server exit (failed to receive smb request) ~ It is a bug or config error ? regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re : ADS Problem : segmentation fault
Hi
I would like to compare the values of my configuration so If you have
the following platform :
Windows server 2008 R2 with AD LDAP is : 187.0.17.104 (CINVW067)
Linux server with Samba/Winbind version 3.5.12 + kerberos 1.4 : 187.0.22.177
(CILVS04)
Could you please to confirm which are the good values to set into the following
conf file ?
The entries for the hosts file /etc/hosts on the 2 servers linux and W2008R2 ?
The values for the file /etc/samba/smb.conf :
[global]
security = ads
realm = ?
server string =
workgroup =
password server =
netbios name =
wins server =
The values for the kerberos file /etc/krb5.conf :
[libdefaults]
default_realm =
[realms]
= {
kdc =
default_domain =
admin_server =
}
[[domain_realm]
=
=
The values for the file cat /etc/resolv.conf :
nameserver
search
The values for the file /etc/nsswitch.conf :
passwd:
group:
shadow:
hosts:???
Regards
--- En date de : Lun 21.11.11, djamel boussebha dbousse...@yahoo.fr a écrit :
De: djamel boussebha dbousse...@yahoo.fr
Objet: [Samba] ADS Problem : segmentation fault
À: samba@lists.samba.org, Robert Freeman-Day pres...@gmail.com
Date: Lundi 21 novembre 2011, 10h12
Hi;
Please I would like to know which are the corrects values to set into the
samba/kerberos configuration to ads protocol works fine.
My platform is :
Windows server 2008 R2 with AD LDAP is : 187.0.17.104 (CINVW067)
Linux server with Samba/Winbind version 3.5.12 + kerberos 1.4 : 187.0.22.177
(CILVS049)
When I try to join the AD via ADS protocol I have a error : segmentation fault :
# net ads join -S CINVW067 -U administrateur%laposte+1
Segmentation fault
The kinit works fine :
# kinit administrateur
Password for administrat...@p9bis.neoplus.laposte.poc:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrat...@p9bis.neoplus.laposte.poc
Valid starting Expires Service principal
11/21/11 09:56:18 11/21/11 16:36:18
krbtgt/p9bis.neoplus.laposte@p9bis.neoplus.laposte.poc
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
wbinfo -u et wbinfo -g work fine :
# wbinfo -u
administrateur
invité
admin_local
krbtgt
sp-farm
sp-serviceapp
sp-apppool
sql-service
sp-usersync
My configuration is as follows :
hosts file on the linux server :
# cat /etc/hosts
127.0.0.1 local.localdomain localhost CILVS049
187.0.22.177 CILVS049.p9bis.neoplus.laposte.poc CILVS049
187.0.17.104 CINVW067.p9bis.neoplus.laposte.poc CINVW067
#cat /etc/samba/smb.conf :
[global]
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
security = ads
client use spnego = yes
realm = P9BIS.NEOPLUS.LAPOSTE.POC
server string = CILVS049
workgroup = P9BIS
password server = 187.0.17.104.p9bis.neoplus.laposte.poc
interfaces = 127.0.0.1 eth0
bind interfaces only = true
printing = cups
printcap name = cups
load printers = yes
idmap uid = 1-2
idmap gid = 1-2
#idmap backend = ad
winbind enum users = yes
winbind enum groups = yes
client use spnego = yes
encrypt passwords = yes
winbind nested groups = yes
winbind separator = /
winbind nss info = sfu
winbind cache time = 3600
winbind use default domain = yes
preferred master = no
domain master = no
restrict anonymous = 2
log file = /var/log/samba/log.smbd
max log size = 50
usershare allow guests = no
netbios name = CILVS049
#wins server = 187.0.17.104
#wins proxy = no
dns proxy = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#cat /etc/krb5.conf :
[libdefaults]
default_realm = P9BIS.NEOPLUS.LAPOSTE.POC
default_keytab_name = FILE:/etc/krb5.keytab
kdc_timesync = 1
ticket_lifetime = 24000
dns_lookup_kdc = true
dns_lookup_realm = true
forwardable = true
fcc-mit-ticketflags = true
clockskew = 300
[realms]
P9BIS.NEOPLUS.LAPOSTE.POC = {
kdc = 187.0.17.104:88
default_domain = p9bis.neoplus.laposte.poc
admin_server = 187.0.17.104:749
}
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[domain_realm]
MONWORKGROUP = P9BIS.NEOPLUS.LAPOSTE.POC
.p9bis.neoplus.laposte.poc = P9BIS.NEOPLUS.LAPOSTE.POC
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 1
try_first_pass =
[Samba] Re : ADS Problem : segmentation fault
Oups the dns domain for AD is : p9bis.neoplus.laposte.poc
--- En date de : Lun 21.11.11, djamel boussebha dbousse...@yahoo.fr a écrit :
De: djamel boussebha dbousse...@yahoo.fr
Objet: Re : [Samba] ADS Problem : segmentation fault
À: samba@lists.samba.org, Robert Freeman-Day pres...@gmail.com
Date: Lundi 21 novembre 2011, 13h49
Hi
I would like to compare the values of my configuration so If you have
the following platform :
Windows server 2008 R2 with AD LDAP is : 187.0.17.104 (CINVW067)
Linux server with Samba/Winbind version 3.5.12 + kerberos 1.4 : 187.0.22.177
(CILVS04)
Could you please to confirm which are the good values to set into the following
conf file ?
The entries for the hosts file /etc/hosts on the 2 servers linux and W2008R2 ?
The values for the file /etc/samba/smb.conf :
[global]
security = ads
realm = ?
server string =
workgroup =
password server =
netbios name =
wins server =
The values for the kerberos file /etc/krb5.conf :
[libdefaults]
default_realm =
[realms]
= {
kdc =
default_domain =
admin_server =
}
[[domain_realm]
=
=
The values for the file cat /etc/resolv.conf :
nameserver
search
The values for the file /etc/nsswitch.conf :
passwd:
group:
shadow:
hosts:???
Regards
--- En date de : Lun 21.11.11, djamel boussebha dbousse...@yahoo.fr a écrit :
De: djamel boussebha dbousse...@yahoo.fr
Objet: [Samba] ADS Problem : segmentation fault
À: samba@lists.samba.org, Robert Freeman-Day pres...@gmail.com
Date: Lundi 21 novembre 2011, 10h12
Hi;
Please I would like to know which are the corrects values to set into the
samba/kerberos configuration to ads protocol works fine.
My platform is :
Windows server 2008 R2 with AD LDAP is : 187.0.17.104 (CINVW067)
Linux server with Samba/Winbind version 3.5.12 + kerberos 1.4 : 187.0.22.177
(CILVS049)
When I try to join the AD via ADS protocol I have a error : segmentation fault :
# net ads join -S CINVW067 -U administrateur%laposte+1
Segmentation fault
The kinit works fine :
# kinit administrateur
Password for administrat...@p9bis.neoplus.laposte.poc:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrat...@p9bis.neoplus.laposte.poc
Valid starting Expires Service principal
11/21/11 09:56:18 11/21/11 16:36:18
krbtgt/p9bis.neoplus.laposte@p9bis.neoplus.laposte.poc
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
wbinfo -u et wbinfo -g work fine :
# wbinfo -u
administrateur
invité
admin_local
krbtgt
sp-farm
sp-serviceapp
sp-apppool
sql-service
sp-usersync
My configuration is as follows :
hosts file on the linux server :
# cat /etc/hosts
127.0.0.1 local.localdomain localhost CILVS049
187.0.22.177 CILVS049.p9bis.neoplus.laposte.poc CILVS049
187.0.17.104 CINVW067.p9bis.neoplus.laposte.poc CINVW067
#cat /etc/samba/smb.conf :
[global]
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
security = ads
client use spnego = yes
realm = P9BIS.NEOPLUS.LAPOSTE.POC
server string = CILVS049
workgroup = P9BIS
password server = 187.0.17.104.p9bis.neoplus.laposte.poc
interfaces = 127.0.0.1 eth0
bind interfaces only = true
printing = cups
printcap name = cups
load printers = yes
idmap uid = 1-2
idmap gid = 1-2
#idmap backend = ad
winbind enum users = yes
winbind enum groups = yes
client use spnego = yes
encrypt passwords = yes
winbind nested groups = yes
winbind separator = /
winbind nss info = sfu
winbind cache time = 3600
winbind use default domain = yes
preferred master = no
domain master = no
restrict anonymous = 2
log file = /var/log/samba/log.smbd
max log size = 50
usershare allow guests = no
netbios name = CILVS049
#wins server = 187.0.17.104
#wins proxy = no
dns proxy = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#cat /etc/krb5.conf :
[libdefaults]
default_realm = P9BIS.NEOPLUS.LAPOSTE.POC
default_keytab_name = FILE:/etc/krb5.keytab
kdc_timesync = 1
ticket_lifetime = 24000
dns_lookup_kdc = true
dns_lookup_realm = true
forwardable = true
fcc-mit-ticketflags = true
clockskew = 300
[realms]
P9BIS.NEOPLUS.LAPOSTE.POC = {
kdc = 187.0.17.104:88
default_domain = p9bis.neoplus.laposte.poc
admin_server = 187.0.17.104:749
}
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[Samba] Re : ADS Problem : segmentation fault
Please somebody can send me its configuration files which work so that I can
compare with my values.
Thank's
--- En date de : Lun 21.11.11, djamel boussebha dbousse...@yahoo.fr a écrit :
De: djamel boussebha dbousse...@yahoo.fr
Objet: Re : [Samba] ADS Problem : segmentation fault
À: samba@lists.samba.org, Robert Freeman-Day pres...@gmail.com
Date: Lundi 21 novembre 2011, 13h51
Oups the dns domain for AD is : p9bis.neoplus.laposte.poc
--- En date de : Lun 21.11.11, djamel boussebha dbousse...@yahoo.fr a écrit :
De: djamel boussebha dbousse...@yahoo.fr
Objet: Re : [Samba] ADS Problem : segmentation fault
À: samba@lists.samba.org, Robert Freeman-Day pres...@gmail.com
Date: Lundi 21 novembre 2011, 13h49
Hi
I would like to compare the values of my configuration so If you have
the following platform :
Windows server 2008 R2 with AD LDAP is : 187.0.17.104 (CINVW067)
Linux server with Samba/Winbind version 3.5.12 + kerberos 1.4 : 187.0.22.177
(CILVS04)
Could you please to confirm which are the good values to set into the following
conf file ?
The entries for the hosts file /etc/hosts on the 2 servers linux and W2008R2 ?
The values for the file /etc/samba/smb.conf :
[global]
security = ads
realm = ?
server string =
workgroup =
password server =
netbios name =
wins server =
The values for the kerberos file /etc/krb5.conf :
[libdefaults]
default_realm =
[realms]
= {
kdc =
default_domain =
admin_server =
}
[[domain_realm]
=
=
The values for the file cat /etc/resolv.conf :
nameserver
search
The values for the file /etc/nsswitch.conf :
passwd:
group:
shadow:
hosts:???
Regards
--- En date de : Lun 21.11.11, djamel boussebha dbousse...@yahoo.fr a écrit :
De: djamel boussebha dbousse...@yahoo.fr
Objet: [Samba] ADS Problem : segmentation fault
À: samba@lists.samba.org, Robert Freeman-Day pres...@gmail.com
Date: Lundi 21 novembre 2011, 10h12
Hi;
Please I would like to know which are the corrects values to set into the
samba/kerberos configuration to ads protocol works fine.
My platform is :
Windows server 2008 R2 with AD LDAP is : 187.0.17.104 (CINVW067)
Linux server with Samba/Winbind version 3.5.12 + kerberos 1.4 : 187.0.22.177
(CILVS049)
When I try to join the AD via ADS protocol I have a error : segmentation fault :
# net ads join -S CINVW067 -U administrateur%laposte+1
Segmentation fault
The kinit works fine :
# kinit administrateur
Password for administrat...@p9bis.neoplus.laposte.poc:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrat...@p9bis.neoplus.laposte.poc
Valid starting Expires Service principal
11/21/11 09:56:18 11/21/11 16:36:18
krbtgt/p9bis.neoplus.laposte@p9bis.neoplus.laposte.poc
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
wbinfo -u et wbinfo -g work fine :
# wbinfo -u
administrateur
invité
admin_local
krbtgt
sp-farm
sp-serviceapp
sp-apppool
sql-service
sp-usersync
My configuration is as follows :
hosts file on the linux server :
# cat /etc/hosts
127.0.0.1 local.localdomain localhost CILVS049
187.0.22.177 CILVS049.p9bis.neoplus.laposte.poc CILVS049
187.0.17.104 CINVW067.p9bis.neoplus.laposte.poc CINVW067
#cat /etc/samba/smb.conf :
[global]
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
security = ads
client use spnego = yes
realm = P9BIS.NEOPLUS.LAPOSTE.POC
server string = CILVS049
workgroup = P9BIS
password server = 187.0.17.104.p9bis.neoplus.laposte.poc
interfaces = 127.0.0.1 eth0
bind interfaces only = true
printing = cups
printcap name = cups
load printers = yes
idmap uid = 1-2
idmap gid = 1-2
#idmap backend = ad
winbind enum users = yes
winbind enum groups = yes
client use spnego = yes
encrypt passwords = yes
winbind nested groups = yes
winbind separator = /
winbind nss info = sfu
winbind cache time = 3600
winbind use default domain = yes
preferred master = no
domain master = no
restrict anonymous = 2
log file = /var/log/samba/log.smbd
max log size = 50
usershare allow guests = no
netbios name = CILVS049
#wins server = 187.0.17.104
#wins proxy = no
dns proxy = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#cat /etc/krb5.conf :
[libdefaults]
default_realm = P9BIS.NEOPLUS.LAPOSTE.POC
default_keytab_name = FILE:/etc/krb5.keytab
kdc_timesync = 1
ticket_lifetime = 24000
dns_lookup_kdc = true
dns_lookup_realm = true
Re: [Samba] Re : Problem with Winbind
Hi Robert; Exactly my Suse Linux server it sync with a time server (221.128.17.234) : # /etc/init.d/ntp restart Shutting down network time protocol daemon (NTPD) done Try to get initial date and time via NTP from 221.128.17.234 done Starting network time protocol daemon (NTPD) When I execute the date/time are correct : # date Fri Nov 18 09:59:07 CET 2011 My Windows 2008 R2 server its also sync with the same time server (221.128.17.234) : #w32tm /query /configuration EventLogFlags: 1 (Locale) LargeSampleSkew: 3 (Locale) SpecialPollInterval: 3600 (Locale) Type: NTP (Locale) NtpServer: 221.128.17.234 (Locale) The time showing with net is the time on the windows server ? # net ads info - U administrateur .. Server time: Thu, 01 Jan 1970 01:00:00 CET How resolve this time problem ? Regards --- En date de : Jeu 17.11.11, Robert Freeman-Day pres...@gmail.com a écrit : De: Robert Freeman-Day pres...@gmail.com Objet: Re: [Samba] Re : Problem with Winbind À: samba@lists.samba.org Date: Jeudi 17 novembre 2011, 17h46 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/17/2011 06:09 AM, djamel boussebha wrote: Hi; I would like to set the file /etc/krb5.keytab for apache : # net ads keytab add HTTP -U compte_admin_dom1 Processing principals to add... Enter administrateur's password: # ktutil ktutil: l slot KVNO Principal - ktutil: The file is empty ? May be that this problem is linked to the command net ads ? because when I try to join the AD : # net ads join -U administrat...@p9bis.neoplus.laposte.poc Enter administrat...@p9bis.neoplus.laposte.poc's password: Failed to join domain: failed to find DC for domain P9BIS.NEOPLUS.LAPOSTE.POC But with rpc it works : # net rpc join -U administrat...@p9bis.neoplus.laposte.poc Enter administrat...@p9bis.neoplus.laposte.poc's password: Joined domain P9BIS. When I execute : # net ads info - U administrateur Failed to get server's current time! LDAP server: 187.0.17.104 LDAP server name: CINVW067.p9bis.neoplus.laposte.poc Realm: P9BIS.NEOPLUS.LAPOSTE.POC Bind Path: dc=P9BIS,dc=NEOPLUS,dc=LAPOSTE,dc=POC LDAP port: 389 Server time: Thu, 01 Jan 1970 01:00:00 CET KDC server: 187.0.17.104 And # net rpc info -U administrateur Enter administrateur's password: Domain Name: P9BIS Domain SID: S-1-5-21-254703050-2859693384-3493432365 Sequence number: 1 Num users: 50 Num domain groups: 0 Num local groups: 12 The 2 commands # wbinfo -u and wbinfo -g no returns any values for users/groups ? The kinit works fine : # kinit administrat...@p9bis.neoplus.laposte.poc Password for administrat...@p9bis.neoplus.laposte.poc: # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrat...@p9bis.neoplus.laposte.poc Valid starting Expires Service principal 11/17/11 12:05:00 11/17/11 22:05:03 krbtgt/p9bis.neoplus.laposte@p9bis.neoplus.laposte.poc renew until 11/18/11 12:05:00 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached Impossible to join the AD serveur with ads : # net ads testjoin Join to domain is not valid: Operations error # net rpc testjoin Join to 'P9BIS' is OK How make work correctly the ads and how get the list of users of the AD domain ? Any help would be very appreciated. Regards --- En date de : Mer 16.11.11, djamel boussebha dbousse...@yahoo.fr a écrit : De: djamel boussebha dbousse...@yahoo.fr Objet: Problem with Winbind À: samba@lists.samba.org samba@lists.samba.org, foedi...@eva.mpg.de foedi...@eva.mpg.de, AndrewPhilipoff aphilip...@medicine.ucsf.edu Date: Mercredi 16 novembre 2011, 17h24 Hi; wbinfo can not get the user names and group names of my AD domain (Windows 2008 SP2) The result for wbinfo -t is ok : checking the trust secret for domain P9BIS via RPC calls succeeded But when i try to get wbinfo -n USER1 or wbinfo -r USER1 it shows this error message: Could not lookup name USER1 I use Samba version : 3.5.12. Any help would be very appreciated... thanks to anyone! I noticed the server time has the year 1970. The ads methods use kerberos and that is time sensitive. Get the accurate date/time and things should start working for you. Perhaps have it sync with a time server. Robert - -- Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7FOnEACgkQup357T5MfTZ5IgCg0kqoEoWaDT2ayt2XjKW5RJs0 +LEAnAgyCHQw5JtlXHxrX6EuZ2VHaBbC =tSUp -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman
Re: [Samba] Re : Problem with Winbind
Hi; I have modify my /etc/hosts in adding a entry and ads works fine but when I try to join AD, I have the following error message : # net ads join -S 221.221.17.104 -U administrateur Enter administrateur's password: [2011/11/18 11:06:09.010144, 0] libads/sasl.c:823(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in Kerberos database Failed to join domain: failed to connect to AD: Server not found in Kerberos database May be I use a old Kerberos version ? Any idea ? Regards; --- En date de : Ven 18.11.11, djamel boussebha dbousse...@yahoo.fr a écrit : De: djamel boussebha dbousse...@yahoo.fr Objet: Re: [Samba] Re : Problem with Winbind À: samba@lists.samba.org, Robert Freeman-Day pres...@gmail.com Date: Vendredi 18 novembre 2011, 10h02 Hi Robert; Exactly my Suse Linux server it sync with a time server (221.128.17.234) : # /etc/init.d/ntp restart Shutting down network time protocol daemon (NTPD) done Try to get initial date and time via NTP from 221.128.17.234 done Starting network time protocol daemon (NTPD) When I execute the date/time are correct : # date Fri Nov 18 09:59:07 CET 2011 My Windows 2008 R2 server its also sync with the same time server (221.128.17.234) : #w32tm /query /configuration EventLogFlags: 1 (Locale) LargeSampleSkew: 3 (Locale) SpecialPollInterval: 3600 (Locale) Type: NTP (Locale) NtpServer: 221.128.17.234 (Locale) The time showing with net is the time on the windows server ? # net ads info - U administrateur .. Server time: Thu, 01 Jan 1970 01:00:00 CET How resolve this time problem ? Regards --- En date de : Jeu 17.11.11, Robert Freeman-Day pres...@gmail.com a écrit : De: Robert Freeman-Day pres...@gmail.com Objet: Re: [Samba] Re : Problem with Winbind À: samba@lists.samba.org Date: Jeudi 17 novembre 2011, 17h46 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/17/2011 06:09 AM, djamel boussebha wrote: Hi; I would like to set the file /etc/krb5.keytab for apache : # net ads keytab add HTTP -U compte_admin_dom1 Processing principals to add... Enter administrateur's password: # ktutil ktutil: l slot KVNO Principal - ktutil: The file is empty ? May be that this problem is linked to the command net ads ? because when I try to join the AD : # net ads join -U administrat...@p9bis.neoplus.laposte.poc Enter administrat...@p9bis.neoplus.laposte.poc's password: Failed to join domain: failed to find DC for domain P9BIS.NEOPLUS.LAPOSTE.POC But with rpc it works : # net rpc join -U administrat...@p9bis.neoplus.laposte.poc Enter administrat...@p9bis.neoplus.laposte.poc's password: Joined domain P9BIS. When I execute : # net ads info - U administrateur Failed to get server's current time! LDAP server: 187.0.17.104 LDAP server name: CINVW067.p9bis.neoplus.laposte.poc Realm: P9BIS.NEOPLUS.LAPOSTE.POC Bind Path: dc=P9BIS,dc=NEOPLUS,dc=LAPOSTE,dc=POC LDAP port: 389 Server time: Thu, 01 Jan 1970 01:00:00 CET KDC server: 187.0.17.104 And # net rpc info -U administrateur Enter administrateur's password: Domain Name: P9BIS Domain SID: S-1-5-21-254703050-2859693384-3493432365 Sequence number: 1 Num users: 50 Num domain groups: 0 Num local groups: 12 The 2 commands # wbinfo -u and wbinfo -g no returns any values for users/groups ? The kinit works fine : # kinit administrat...@p9bis.neoplus.laposte.poc Password for administrat...@p9bis.neoplus.laposte.poc: # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrat...@p9bis.neoplus.laposte.poc Valid starting Expires Service principal 11/17/11 12:05:00 11/17/11 22:05:03 krbtgt/p9bis.neoplus.laposte@p9bis.neoplus.laposte.poc renew until 11/18/11 12:05:00 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached Impossible to join the AD serveur with ads : # net ads testjoin Join to domain is not valid: Operations error # net rpc testjoin Join to 'P9BIS' is OK How make work correctly the ads and how get the list of users of the AD domain ? Any help would be very appreciated. Regards --- En date de : Mer 16.11.11, djamel boussebha dbousse...@yahoo.fr a écrit : De: djamel boussebha dbousse...@yahoo.fr Objet: Problem with Winbind À: samba@lists.samba.org samba@lists.samba.org, foedi...@eva.mpg.de foedi...@eva.mpg.de, AndrewPhilipoff aphilip...@medicine.ucsf.edu Date: Mercredi 16 novembre 2011, 17h24 Hi; wbinfo can not get the user names and group names of my AD domain (Windows 2008 SP2) The result for wbinfo -t is ok : checking the trust secret for domain P9BIS via RPC calls succeeded But when i try to get wbinfo -n USER1 or wbinfo -r USER1 it shows this error message: Could not lookup name USER1 I use Samba version : 3.5.12. Any help
Re: [Samba] Re : Problem with Winbind
) ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 [2011/11/18 16:38:45.708475, 3] libads/sasl.c:784(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 [2011/11/18 16:38:45.708488, 3] libads/sasl.c:784(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 [2011/11/18 16:38:45.708501, 3] libads/sasl.c:784(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 [2011/11/18 16:38:45.708514, 3] libads/sasl.c:793(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore [2011/11/18 16:38:45.709568, 3] libsmb/clikrb5.c:777(ads_krb5_mk_req) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2011/11/18 16:38:45.741849, 3] libsmb/clikrb5.c:622(ads_cleanup_expired_creds) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Fri, 18 Nov 2011 23:18:45 CET [2011/11/18 16:38:45.741987, 3] libsmb/clikrb5.c:830(ads_krb5_mk_req) ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT [2011/11/18 16:38:45.748606, 3] libads/ldap.c:2910(ads_domain_func_level) ads_domain_func_level: 4 [2011/11/18 16:38:45.748700, 3] libads/kerberos.c:445(kerberos_secrets_store_des_salt) kerberos_secrets_store_des_salt: Storing salt host/cilvs049.p9bis.neoplus.laposte@p9bis.neoplus.laposte.poc [2011/11/18 16:38:45.751892, 3] libads/kerberos_keytab.c:64(smb_krb5_kt_add_entry_ext) smb_krb5_kt_add_entry_ext: Will try to delete old keytab entries Segmentation fault With RPC protocol it works but I have the error : NT_STATUS_ACCESS_DENIED ? # net rpc join -S CINVW067 -U administrateur%XXX -d3 [2011/11/18 16:36:08, 3] param/loadparm.c:9180(lp_load_ex) lp_load_ex: refreshing parameters [2011/11/18 16:36:08, 3] param/loadparm.c:4948(init_globals) Initialising global parameters [2011/11/18 16:36:08, 2] param/loadparm.c:4807(max_open_files) rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) [2011/11/18 16:36:08.913273, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2011/11/18 16:36:08.913340, 3] param/loadparm.c:7864(do_section) Processing section [global] [2011/11/18 16:36:08.915286, 2] lib/interface.c:340(add_interface) added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 [2011/11/18 16:36:08.915361, 2] lib/interface.c:340(add_interface) added interface eth0 ip=fe80::250:56ff:fea4:39b6%eth0 bcast=fe80:::::%eth0 netmask=::::: [2011/11/18 16:36:08.915421, 2] lib/interface.c:340(add_interface) added interface eth0 ip=187.0.22.177 bcast=187.0.23.255 netmask=255.255.248.0 lp_load_ex: refreshing parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 added interface eth0 ip=fe80::250:56ff:fea4:39b6%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth0 ip=187.0.22.177 bcast=187.0.23.255 netmask=255.255.248.0 Connecting to host=CINVW067 Connecting to 187.0.17.104 at port 445 rpccli_netlogon_set_trust_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)! rpc command function failed! (NT_STATUS_ACCESS_DENIED) Connecting to host=CINVW067 Connecting to 187.0.17.104 at port 445 Doing spnego session setup (blob length=136) got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178@please_ignore Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 Connecting to host=CINVW067 Connecting to 187.0.17.104 at port 445 Doing spnego session setup (blob length=136) got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178@please_ignore Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 Joined domain P9BIS. return code = 0 I don't know its OK or not ? Regards --- En date de : Ven 18.11.11, djamel boussebha dbousse...@yahoo.fr a écrit : De: djamel boussebha dbousse...@yahoo.fr Objet: Re: [Samba] Re : Problem with Winbind À: samba@lists.samba.org, Robert Freeman-Day pres...@gmail.com Date: Vendredi 18 novembre 2011, 11h20 Hi; I have modify my /etc/hosts in adding a entry and ads works fine but when I try to join AD, I have the following error message : # net ads join -S 221.221.17.104 -U administrateur Enter administrateur's password: [2011/11/18 11:06:09.010144, 0] libads/sasl.c:823
Re: [Samba] Re : Problem with Winbind
My hosts file is as follows on the linux server : # cat /etc/hosts 127.0.0.1 local.localdomain localhost CILVS049 187.0.22.177 CILVS049.p9bis.neoplus.laposte.poc CILVS049 187.0.17.104 CINVW067.p9bis.neoplus.laposte.poc CINVW067 Windows server with AD LDAP is : 187.0.17.104 (CINVW067) Linux server with Samba/Winbind : 187.0.22.177 (CILVS049) --- En date de : Ven 18.11.11, djamel boussebha dbousse...@yahoo.fr a écrit : De: djamel boussebha dbousse...@yahoo.fr Objet: Re: [Samba] Re : Problem with Winbind À: samba@lists.samba.org, Robert Freeman-Day pres...@gmail.com Date: Vendredi 18 novembre 2011, 16h53 Hi Robert; Its OK i have resolved the time problem between linux and Windows servers. But I have strange behavior when I join the AD server with ADS protocol : a Segmentation fault : # net ads join -S CINVW067 -U administrateur%XXX -d3 [2011/11/18 16:38:45, 3] param/loadparm.c:9180(lp_load_ex) lp_load_ex: refreshing parameters [2011/11/18 16:38:45, 3] param/loadparm.c:4948(init_globals) Initialising global parameters [2011/11/18 16:38:45, 2] param/loadparm.c:4807(max_open_files) rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) [2011/11/18 16:38:45.611969, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2011/11/18 16:38:45.612040, 3] param/loadparm.c:7864(do_section) Processing section [global] [2011/11/18 16:38:45.613778, 2] lib/interface.c:340(add_interface) added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 [2011/11/18 16:38:45.613832, 2] lib/interface.c:340(add_interface) added interface eth0 ip=fe80::250:56ff:fea4:39b6%eth0 bcast=fe80:::::%eth0 netmask=::::: [2011/11/18 16:38:45.613891, 2] lib/interface.c:340(add_interface) added interface eth0 ip=187.0.22.177 bcast=187.0.23.255 netmask=255.255.248.0 [2011/11/18 16:38:45.614224, 1] libnet/libnet_join.c:1924(libnet_Join) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : 'CINVW067' machine_name : 'CILVS049' domain_name : * domain_name : 'P9BIS.NEOPLUS.LAPOSTE.POC' account_ou : NULL admin_account : 'administrateur' admin_password : * machine_password : NULL join_flags : 0x0023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) [2011/11/18 16:38:45.614849, 3] libsmb/cliconnect.c:2212(cli_start_connection) Connecting to host=CINVW067 [2011/11/18 16:38:45.615392, 3] lib/util_sock.c:979(open_socket_out_send) Connecting to 187.0.17.104 at port 445 [2011/11/18 16:38:45.619155, 3] lib/util_sock.c:979(open_socket_out_send) Connecting to 187.0.17.104 at port 139 [2011/11/18 16:38:45.620528, 3] libsmb/cliconnect.c:991(cli_session_setup_spnego) Doing spnego session setup (blob length=136) [2011/11/18 16:38:45.620675, 3] libsmb/cliconnect.c:1020(cli_session_setup_spnego) got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 [2011/11/18 16:38:45.620725, 3] libsmb/cliconnect.c:1030(cli_session_setup_spnego) got principal=not_defined_in_RFC4178@please_ignore [2011/11/18 16:38:45.621464, 3] libsmb/ntlmssp.c:1101(ntlmssp_client_challenge) Got challenge flags: [2011/11/18 16:38:45.621508, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x62898215 [2011/11/18 16:38:45.621526, 3] libsmb/ntlmssp.c:1123(ntlmssp_client_challenge) NTLMSSP: Set final flags: [2011/11/18 16:38:45.621537, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088215 [2011/11/18 16:38:45.621668, 3] libsmb/ntlmssp_sign.c
[Samba] Re : Problem with Winbind
Hi; I would like to set the file /etc/krb5.keytab for apache : # net ads keytab add HTTP -U compte_admin_dom1 Processing principals to add... Enter administrateur's password: # ktutil ktutil: l slot KVNO Principal - ktutil: The file is empty ? May be that this problem is linked to the command net ads ? because when I try to join the AD : # net ads join -U administrat...@p9bis.neoplus.laposte.poc Enter administrat...@p9bis.neoplus.laposte.poc's password: Failed to join domain: failed to find DC for domain P9BIS.NEOPLUS.LAPOSTE.POC But with rpc it works : # net rpc join -U administrat...@p9bis.neoplus.laposte.poc Enter administrat...@p9bis.neoplus.laposte.poc's password: Joined domain P9BIS. When I execute : # net ads info - U administrateur Failed to get server's current time! LDAP server: 187.0.17.104 LDAP server name: CINVW067.p9bis.neoplus.laposte.poc Realm: P9BIS.NEOPLUS.LAPOSTE.POC Bind Path: dc=P9BIS,dc=NEOPLUS,dc=LAPOSTE,dc=POC LDAP port: 389 Server time: Thu, 01 Jan 1970 01:00:00 CET KDC server: 187.0.17.104 And # net rpc info -U administrateur Enter administrateur's password: Domain Name: P9BIS Domain SID: S-1-5-21-254703050-2859693384-3493432365 Sequence number: 1 Num users: 50 Num domain groups: 0 Num local groups: 12 The 2 commands # wbinfo -u and wbinfo -g no returns any values for users/groups ? The kinit works fine : # kinit administrat...@p9bis.neoplus.laposte.poc Password for administrat...@p9bis.neoplus.laposte.poc: # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrat...@p9bis.neoplus.laposte.poc Valid starting Expires Service principal 11/17/11 12:05:00 11/17/11 22:05:03 krbtgt/p9bis.neoplus.laposte@p9bis.neoplus.laposte.poc renew until 11/18/11 12:05:00 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached Impossible to join the AD serveur with ads : # net ads testjoin Join to domain is not valid: Operations error # net rpc testjoin Join to 'P9BIS' is OK How make work correctly the ads and how get the list of users of the AD domain ? Any help would be very appreciated. Regards --- En date de : Mer 16.11.11, djamel boussebha dbousse...@yahoo.fr a écrit : De: djamel boussebha dbousse...@yahoo.fr Objet: Problem with Winbind À: samba@lists.samba.org samba@lists.samba.org, foedi...@eva.mpg.de foedi...@eva.mpg.de, AndrewPhilipoff aphilip...@medicine.ucsf.edu Date: Mercredi 16 novembre 2011, 17h24 Hi; wbinfo can not get the user names and group names of my AD domain (Windows 2008 SP2) The result for wbinfo -t is ok : checking the trust secret for domain P9BIS via RPC calls succeeded But when i try to get wbinfo -n USER1 or wbinfo -r USER1 it shows this error message: Could not lookup name USER1 I use Samba version : 3.5.12. Any help would be very appreciated... thanks to anyone! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re : Problem with Winbind
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/17/2011 06:09 AM, djamel boussebha wrote: Hi; I would like to set the file /etc/krb5.keytab for apache : # net ads keytab add HTTP -U compte_admin_dom1 Processing principals to add... Enter administrateur's password: # ktutil ktutil: l slot KVNO Principal - ktutil: The file is empty ? May be that this problem is linked to the command net ads ? because when I try to join the AD : # net ads join -U administrat...@p9bis.neoplus.laposte.poc Enter administrat...@p9bis.neoplus.laposte.poc's password: Failed to join domain: failed to find DC for domain P9BIS.NEOPLUS.LAPOSTE.POC But with rpc it works : # net rpc join -U administrat...@p9bis.neoplus.laposte.poc Enter administrat...@p9bis.neoplus.laposte.poc's password: Joined domain P9BIS. When I execute : # net ads info - U administrateur Failed to get server's current time! LDAP server: 187.0.17.104 LDAP server name: CINVW067.p9bis.neoplus.laposte.poc Realm: P9BIS.NEOPLUS.LAPOSTE.POC Bind Path: dc=P9BIS,dc=NEOPLUS,dc=LAPOSTE,dc=POC LDAP port: 389 Server time: Thu, 01 Jan 1970 01:00:00 CET KDC server: 187.0.17.104 And # net rpc info -U administrateur Enter administrateur's password: Domain Name: P9BIS Domain SID: S-1-5-21-254703050-2859693384-3493432365 Sequence number: 1 Num users: 50 Num domain groups: 0 Num local groups: 12 The 2 commands # wbinfo -u and wbinfo -g no returns any values for users/groups ? The kinit works fine : # kinit administrat...@p9bis.neoplus.laposte.poc Password for administrat...@p9bis.neoplus.laposte.poc: # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrat...@p9bis.neoplus.laposte.poc Valid starting ExpiresService principal 11/17/11 12:05:00 11/17/11 22:05:03 krbtgt/p9bis.neoplus.laposte@p9bis.neoplus.laposte.poc renew until 11/18/11 12:05:00 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached Impossible to join the AD serveur with ads : # net ads testjoin Join to domain is not valid: Operations error # net rpc testjoin Join to 'P9BIS' is OK How make work correctly the ads and how get the list of users of the AD domain ? Any help would be very appreciated. Regards --- En date de : Mer 16.11.11, djamel boussebha dbousse...@yahoo.fr a écrit : De: djamel boussebha dbousse...@yahoo.fr Objet: Problem with Winbind À: samba@lists.samba.org samba@lists.samba.org, foedi...@eva.mpg.de foedi...@eva.mpg.de, AndrewPhilipoff aphilip...@medicine.ucsf.edu Date: Mercredi 16 novembre 2011, 17h24 Hi; wbinfo can not get the user names and group names of my AD domain (Windows 2008 SP2) The result for wbinfo -t is ok : checking the trust secret for domain P9BIS via RPC calls succeeded But when i try to get wbinfo -n USER1 or wbinfo -r USER1 it shows this error message: Could not lookup name USER1 I use Samba version : 3.5.12. Any help would be very appreciated... thanks to anyone! I noticed the server time has the year 1970. The ads methods use kerberos and that is time sensitive. Get the accurate date/time and things should start working for you. Perhaps have it sync with a time server. Robert - -- Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7FOnEACgkQup357T5MfTZ5IgCg0kqoEoWaDT2ayt2XjKW5RJs0 +LEAnAgyCHQw5JtlXHxrX6EuZ2VHaBbC =tSUp -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Re: Samba4 and sysvol share]
To see the content of sysvol from a Windows client I had to authenticate using a user of my new domain, but again when I checked the Security Tab in sysvol I saw that Everyone has special permissions, meaning Full Access. Does it have something to do with the filesystem support mentioned in the HowTo??? I found a temporary solution. Once I have defined the Policies for my domain I edit smb.conf and change read only to Yes in sysvol section, then restart samba. This way I ensure nobody can modify sysvol content. The main disadvantage is that if we need to make any modification to policies, etc. we have to set back read only to No in sysvol section, restart samba, and do the previous steps again after modifications. Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: NT4 to Samba Migration and Trusted Domains
ㅇ 나의 iPhone에서 ㅊ보냄 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] re-share cifs mount over samba
Hi All, I have two networks, both /24's. I have a fileserver on one, sharing files over SMB, and clients on the other. I have a Linux box with two NICs sitting on both networks. The linux box has the shares mounted with samba, and I want to re-share those files out to the other network. I've marked the re-share as browsable, and its visible to clients, but nothing can mount it. The fileserver's share is mounted on the Linux box at /mnt/srv and my smb.conf has: [SRV] path = /mnt/srv browsable = yes guest ok = yes read only = yes Is re-sharing samba possible and I'm just doing something wrong? Thanks! -- Alex Schoof -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] re. 3.4.9 printing addprinter command reparse doesn't see new printer
The behavior is different from the 3.2.5 version I used to use. I have server that handles some 504 printers for the hospital serving some 2k users. The ratio really isn't that bad, about 150 of those printers are specialty label printers. I moved to the newer Samba because of Windows 7 clients. Our main IT admin said 'No' to Vista so I didn't have to worry about this back then... Anyway, no i'm upgrading because the samba release notes, and a lot of the email I read on this list said I should be using 3.4.8 or better or 3.5.4 or better. Well, now I'm on 3.4.9. That's the history. Now, the way i was used to the APW working was that on the windows XP client, I'd right click, Add Printer, choose my selections, hit finish, and then the printer would show up. There were no error messages with 3.2.5, it just worked. So, I'm building a testing box, attempting to mimic what I've got in the 3.2.5/linux box with 3.4.9 on freebsd 8 (it's go zfs is why). Taking this in steps, I'm still using security = user until I get all or most of the problems worked out. I've managed (via google) to remove around 90% of my questions / concerns, and am now down to the Why doesn't this work as expected? one. What currently happens: Right clicking in the windows Printers Faxes folder to engage the APW works as expected, I'm prompted through several fields to the point of clicking finish. After I click Finish, it does appear to work correctly. If it needs to load a new driver, it does that, if not things go a bit quicker. The progress bar goes all the way to the end where it pops up a window saying Unable to add printer. Access Denied or something similar. Now, I KNOW the printer is added, that this is just a superfluous error message. I can look at cups, refresh the printers page, and bang, it'll be there. And if I click the 'oK' button on the windows error, and then again click 'Finish' the Wizard at this point will go away, and my printer will be there. The correct driver will be loaded, and it's all generally okay. As an aside, on the things to note: I put in a request to restart cups in the smbaddprinter.pl script - after adding the printer. This with a sleep of about 3 seconds seems to be the best balance and allows me to use the double-tap on the Finish button with success - without waiting forever. I think that Samba is not re-parsing the printers from CUPS correctly or CUPS (1.4.4) is not returning an up-to-date list for whatever reason. On log level 10 I cannot find what is causing this behavior, however it's completely repeatable. This problem is an irritant, but one I can live with. it's just that this behavior is different than in 3.2.5. This is all from memory, I'm not at my desk, and I'm about to get in the car. So sorry there are no files included. I've tried doing that before, but people have just ignore the messages, so that seems a bad idea too. Sorry about hijacking a thread, I didn't know what I did would do so. When asking a question, I'll begin a new one from this point on. Thanks for taking the time to consider my question. Gary Dale wrote: OK. Perhaps you can be more specific about what you are trying to accomplish. I don't recall adding printers to a server as being something that happens frequently. yet I get the impression that your concern is that you have to wait before the added printer becomes available. That doesn't seem like much of a problem. How long do you have to wait? Basically, all the smbaddprinter.pl script does is call lpadmin. At least on my system, that seems to be a CUPS specific version. I think that's probably usual for any system running CUPS. Perhaps you should be asking the maintainer(s) for lpadmin? On 04/10/10 06:30 PM, Jack Downes wrote: ? I didn't hijack a thread... this is a mailing list. All I did was hit reply list to a random email, cleaned out the messages subject and started a new thread. How is that wrong..? I did try your suggestion, and it doesn't do anything but interrupt the operation... and I get an Operation could not be completed error. Which makes sense... On 10/ 4/10 04:21 PM, Gary Dale wrote: Please don't hijack threads. You could try something like /etc/init.d/samba restart (or your local equivalent) to the end of perl script. -- hello I have cups printing with cups 1.4.4. I'm using the included smbaddprinter.pl command to add printers to my server. Now, my error is that when I add the printer, I get ACCESS DENIED in the windows client, but if I check cups, there the printer is. And if I wait a bit with the windows client or reload samba, there the printer is within the share as well. Now, from the man page on smb.conf Once the /|addprinter command|/ has been executed, |smbd| will reparse the | smb.conf| to determine if the share defined by the APW exists. If the sharename is still invalid, then |smbd | will return an
Re: [Samba] re. 3.4.9 printing addprinter command reparse doesn't see new printer
On 05/10/10 11:51 AM, Jack Downes wrote: The behavior is different from the 3.2.5 version I used to use. I have server that handles some 504 printers for the hospital serving some 2k users. The ratio really isn't that bad, about 150 of those printers are specialty label printers. I moved to the newer Samba because of Windows 7 clients. Our main IT admin said 'No' to Vista so I didn't have to worry about this back then... Anyway, no i'm upgrading because the samba release notes, and a lot of the email I read on this list said I should be using 3.4.8 or better or 3.5.4 or better. Well, now I'm on 3.4.9. That's the history. Now, the way i was used to the APW working was that on the windows XP client, I'd right click, Add Printer, choose my selections, hit finish, and then the printer would show up. There were no error messages with 3.2.5, it just worked. So, I'm building a testing box, attempting to mimic what I've got in the 3.2.5/linux box with 3.4.9 on freebsd 8 (it's go zfs is why). Taking this in steps, I'm still using security = user until I get all or most of the problems worked out. I've managed (via google) to remove around 90% of my questions / concerns, and am now down to the Why doesn't this work as expected? one. What currently happens: Right clicking in the windows Printers Faxes folder to engage the APW works as expected, I'm prompted through several fields to the point of clicking finish. After I click Finish, it does appear to work correctly. If it needs to load a new driver, it does that, if not things go a bit quicker. The progress bar goes all the way to the end where it pops up a window saying Unable to add printer. Access Denied or something similar. Now, I KNOW the printer is added, that this is just a superfluous error message. I can look at cups, refresh the printers page, and bang, it'll be there. And if I click the 'oK' button on the windows error, and then again click 'Finish' the Wizard at this point will go away, and my printer will be there. The correct driver will be loaded, and it's all generally okay. As an aside, on the things to note: I put in a request to restart cups in the smbaddprinter.pl script - after adding the printer. This with a sleep of about 3 seconds seems to be the best balance and allows me to use the double-tap on the Finish button with success - without waiting forever. I think that Samba is not re-parsing the printers from CUPS correctly or CUPS (1.4.4) is not returning an up-to-date list for whatever reason. On log level 10 I cannot find what is causing this behavior, however it's completely repeatable. This problem is an irritant, but one I can live with. it's just that this behavior is different than in 3.2.5. This is all from memory, I'm not at my desk, and I'm about to get in the car. So sorry there are no files included. I've tried doing that before, but people have just ignore the messages, so that seems a bad idea too. Sorry about hijacking a thread, I didn't know what I did would do so. When asking a question, I'll begin a new one from this point on. Thanks for taking the time to consider my question. I'm wondering about the two things that may have changed besides the version of Samba. One is that you are using security=user in a system without a domain. I don't think that should change anything except that you probably don't have a machine account on the server. The other thing is that you may be testing using a Windows 7 client. Do you get the same result using a Windows XP client? Possibly the client interactions have changed with Windows 7, such as a lowering of the retry or timeout settings before reporting the error you are getting? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] re. 3.4.9 printing addprinter command reparse doesn't see new printer
I'm wondering about the two things that may have changed besides the version of Samba. One is that you are using security=user in a system without a domain. I don't think that should change anything except that you probably don't have a machine account on the server. The other thing is that you may be testing using a Windows 7 client. Do you get the same result using a Windows XP client? Possibly the client interactions have changed with Windows 7, such as a lowering of the retry or timeout settings before reporting the error you are getting? My goal with this is to make everything work before I join it to the domain. And then go on through and fix those problems. I've already had this machine successfully joined to the domain, and doing it's thing with cups-pdf - printing documents into home dirs, having people connect without passwords, etc, all that works. I ran into considerable trouble with the printing system, asked in irc and this list, but since I didn't get much reply, I chose to destroy the system and start over with a much simpler method - just security=user. It seems that Samba really has it sorted for getting joined up as a member server - that part was exceptionally easy and worked very well. It's the printing that's always caused me issues. Now, I have a WindowsXP 32 bit pro machine, a Windows 2003 32 bit server, and a Windows 7 x64 pro machine for testing against the samba install. They do not behave the same way. Looking at the logs with level 10, I'd say it's near impossible to actually add a printer with Windows 7. the information that's sent from the Windows 7 machine is severely mangled, and as such, it's not a machine I can consider for use as a printer admin machine. As clients, however, these machines all behave the same way, and as expected which is just fine. Who knows, it might be that this all goes away once winbindd is engaged with the domain user mapping and such again. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] re. 3.4.9 printing addprinter command reparse doesn't see new printer
Please don't hijack threads. You could try something like /etc/init.d/samba restart (or your local equivalent) to the end of perl script. -- hello I have cups printing with cups 1.4.4. I'm using the included smbaddprinter.pl command to add printers to my server. Now, my error is that when I add the printer, I get ACCESS DENIED in the windows client, but if I check cups, there the printer is. And if I wait a bit with the windows client or reload samba, there the printer is within the share as well. Now, from the man page on smb.conf Once the /|addprinter command|/ has been executed, |smbd| will reparse the | smb.conf| to determine if the share defined by the APW exists. If the sharename is still invalid, then |smbd | will return an ACCESS_DENIED error to the client. So... is there a way for me to ask Samba to wait a few seconds before reparsing the smb.conf to check for the new printer? I tried adding a sleep() to the perl script, but that seems to make the issue worse, so that's not the choice it seems. thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] re. 3.4.9 printing addprinter command reparse doesn't see new printer
? I didn't hijack a thread... this is a mailing list. All I did was hit reply list to a random email, cleaned out the messages subject and started a new thread. How is that wrong..? I did try your suggestion, and it doesn't do anything but interrupt the operation... and I get an Operation could not be completed error. Which makes sense... On 10/ 4/10 04:21 PM, Gary Dale wrote: Please don't hijack threads. You could try something like /etc/init.d/samba restart (or your local equivalent) to the end of perl script. -- hello I have cups printing with cups 1.4.4. I'm using the included smbaddprinter.pl command to add printers to my server. Now, my error is that when I add the printer, I get ACCESS DENIED in the windows client, but if I check cups, there the printer is. And if I wait a bit with the windows client or reload samba, there the printer is within the share as well. Now, from the man page on smb.conf Once the /|addprinter command|/ has been executed, |smbd| will reparse the | smb.conf| to determine if the share defined by the APW exists. If the sharename is still invalid, then |smbd | will return an ACCESS_DENIED error to the client. So... is there a way for me to ask Samba to wait a few seconds before reparsing the smb.conf to check for the new printer? I tried adding a sleep() to the perl script, but that seems to make the issue worse, so that's not the choice it seems. thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] re. 3.4.9 printing addprinter command reparse doesn't see new printer
On 10/4/2010 6:30 PM, Jack Downes wrote: ? I didn't hijack a thread... this is a mailing list. All I did was hit reply list to a random email, cleaned out the messages subject and started a new thread. How is that wrong..? That is exactly hijacking a thread. Because you clicked reply list, your email program returns an identifier in a message header that connects your email with all others stemming from the original email with the original subject. The fact that you changed the subject is irrelevant. To start a new topic, do *not* click reply list, but instead just start a new email; for example, if you are using Thunderbird, you would click the Write icon in the top icon bar instead of the reply list button in the message bar. We all understand the convenience of clicking reply list, as it automatically fills in the proper destination email address. But now you understand the undesirable side effect. -- Guy Rouillier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] re. 3.4.9 printing addprinter command reparse doesn't see new printer
OK. Perhaps you can be more specific about what you are trying to accomplish. I don't recall adding printers to a server as being something that happens frequently. yet I get the impression that your concern is that you have to wait before the added printer becomes available. That doesn't seem like much of a problem. How long do you have to wait? Basically, all the smbaddprinter.pl script does is call lpadmin. At least on my system, that seems to be a CUPS specific version. I think that's probably usual for any system running CUPS. Perhaps you should be asking the maintainer(s) for lpadmin? On 04/10/10 06:30 PM, Jack Downes wrote: ? I didn't hijack a thread... this is a mailing list. All I did was hit reply list to a random email, cleaned out the messages subject and started a new thread. How is that wrong..? I did try your suggestion, and it doesn't do anything but interrupt the operation... and I get an Operation could not be completed error. Which makes sense... On 10/ 4/10 04:21 PM, Gary Dale wrote: Please don't hijack threads. You could try something like /etc/init.d/samba restart (or your local equivalent) to the end of perl script. -- hello I have cups printing with cups 1.4.4. I'm using the included smbaddprinter.pl command to add printers to my server. Now, my error is that when I add the printer, I get ACCESS DENIED in the windows client, but if I check cups, there the printer is. And if I wait a bit with the windows client or reload samba, there the printer is within the share as well. Now, from the man page on smb.conf Once the /|addprinter command|/ has been executed, |smbd| will reparse the | smb.conf| to determine if the share defined by the APW exists. If the sharename is still invalid, then |smbd | will return an ACCESS_DENIED error to the client. So... is there a way for me to ask Samba to wait a few seconds before reparsing the smb.conf to check for the new printer? I tried adding a sleep() to the perl script, but that seems to make the issue worse, so that's not the choice it seems. thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE Samba, ldap and machine accounts - SOLVED
Yiha! Finally I got all peaces together. Not that easy, sometime a pain in the ass, but informative. May be I'll put all together in a doc ... we will see :) The last peace I missed was, that in the ldap tree the profile and home directory paths where wrong; I hadn't changed the default setting in the smbldap-tool config file. Cheers . Götz Am 19.07.10 16:05, schrieb Götz Reinicke - IT-Koordinator: Hi, thanks for pointing me into the right direction! I corrected the missing DHCP/WINS settings and now I can log in to the XP client. But now I do get a message, that the server profile can't be found and the users home share is not connected to. As fas as I can see, the paths are there and the permissions are right. Any hints on that? More kotaus and best regards, Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE Samba, ldap and machine accounts
Hi, thanks for pointing me into the right direction! I corrected the missing DHCP/WINS settings and now I can log in to the XP client. But now I do get a message, that the server profile can't be found and the users home share is not connected to. As fas as I can see, the paths are there and the permissions are right. Any hints on that? More kotaus and best regards, Götz Am 15.07.10 17:30, schrieb Stéphane PURNELLE: With theses parameters, your PDC act as a wins server. If you make ps ax | gre ppnmbd you will sees 2 nmbd process. And for client you must configure client for connect to wins server. If you have a dhcp, add wins address to the configuration or if you work with static ip and wins reccord to the ip configuration on your client. Other tips : be sure that in your ldap tree, you have a account for your workstation like workstation-nameC$ --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 15/07/2010 17:22:39: Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de Envoyé par : samba-boun...@lists.samba.org 15/07/2010 17:23 A samba@lists.samba.org cc Objet Re: [Samba] RE Samba, ldap and machine accounts Hi, I never got into that wins topic. In the config of the samba server there is: grep wins /etc/samba/smb.conf name resolve order = wins bcast hosts wins proxy = yes wins support = yes What may I check/setup? THX . Götz Am 15.07.10 16:32, schrieb Stéphane PURNELLE: Have you a wins server ? --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 15/07/2010 15:27:25: Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de Envoyé par : samba-boun...@lists.samba.org 15/07/2010 15:27 A samba@lists.samba.org cc Objet [Samba] Samba, ldap and machine accounts Hi, some time a go I started to try a migration form our old samba PDC with smbpasswd user backend to a new ldap based. I got to the point, that users can login to shares and now I'd liked to set up the server as an PDC with ldap and machine accounts too. The smbldap-toosl are installed and configured and I can add a machine to ldap to a certain point. The ldap entry is created, but when I restart the XP client there is a pop-up at the login window with the message, that the domain is not available. (The domain I joined a few minutes ago.) I restarted the samba server, I restarted the xp client, waited some time over night for the browser announcement to finish. Deleted the cached files on the sambe server in /var/cache/samba/ ... May be I missed something or deleted something I shouln't ... The server is centos 5.5, openldap-2.3.43, samba-3.0.33. The Client is windows xp SP3 with all latest patches and no modifications to the registry or anything else. In the logfiles is not clue to me. Any suggestion or help is appreciate! Thanks a lot and best regards, -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE Samba, ldap and machine accounts
Have you a wins server ? --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 15/07/2010 15:27:25: Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de Envoyé par : samba-boun...@lists.samba.org 15/07/2010 15:27 A samba@lists.samba.org cc Objet [Samba] Samba, ldap and machine accounts Hi, some time a go I started to try a migration form our old samba PDC with smbpasswd user backend to a new ldap based. I got to the point, that users can login to shares and now I'd liked to set up the server as an PDC with ldap and machine accounts too. The smbldap-toosl are installed and configured and I can add a machine to ldap to a certain point. The ldap entry is created, but when I restart the XP client there is a pop-up at the login window with the message, that the domain is not available. (The domain I joined a few minutes ago.) I restarted the samba server, I restarted the xp client, waited some time over night for the browser announcement to finish. Deleted the cached files on the sambe server in /var/cache/samba/ ... May be I missed something or deleted something I shouln't ... The server is centos 5.5, openldap-2.3.43, samba-3.0.33. The Client is windows xp SP3 with all latest patches and no modifications to the registry or anything else. In the logfiles is not clue to me. Any suggestion or help is appreciate! Thanks a lot and best regards, Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE Samba, ldap and machine accounts
Hi, I never got into that wins topic. In the config of the samba server there is: grep wins /etc/samba/smb.conf name resolve order = wins bcast hosts wins proxy = yes wins support = yes What may I check/setup? THX . Götz Am 15.07.10 16:32, schrieb Stéphane PURNELLE: Have you a wins server ? --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 15/07/2010 15:27:25: Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de Envoyé par : samba-boun...@lists.samba.org 15/07/2010 15:27 A samba@lists.samba.org cc Objet [Samba] Samba, ldap and machine accounts Hi, some time a go I started to try a migration form our old samba PDC with smbpasswd user backend to a new ldap based. I got to the point, that users can login to shares and now I'd liked to set up the server as an PDC with ldap and machine accounts too. The smbldap-toosl are installed and configured and I can add a machine to ldap to a certain point. The ldap entry is created, but when I restart the XP client there is a pop-up at the login window with the message, that the domain is not available. (The domain I joined a few minutes ago.) I restarted the samba server, I restarted the xp client, waited some time over night for the browser announcement to finish. Deleted the cached files on the sambe server in /var/cache/samba/ ... May be I missed something or deleted something I shouln't ... The server is centos 5.5, openldap-2.3.43, samba-3.0.33. The Client is windows xp SP3 with all latest patches and no modifications to the registry or anything else. In the logfiles is not clue to me. Any suggestion or help is appreciate! Thanks a lot and best regards, Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE Samba, ldap and machine accounts
With theses parameters, your PDC act as a wins server. If you make ps ax | gre ppnmbd you will sees 2 nmbd process. And for client you must configure client for connect to wins server. If you have a dhcp, add wins address to the configuration or if you work with static ip and wins reccord to the ip configuration on your client. Other tips : be sure that in your ldap tree, you have a account for your workstation like workstation-nameC$ --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 15/07/2010 17:22:39: Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de Envoyé par : samba-boun...@lists.samba.org 15/07/2010 17:23 A samba@lists.samba.org cc Objet Re: [Samba] RE Samba, ldap and machine accounts Hi, I never got into that wins topic. In the config of the samba server there is: grep wins /etc/samba/smb.conf name resolve order = wins bcast hosts wins proxy = yes wins support = yes What may I check/setup? THX . Götz Am 15.07.10 16:32, schrieb Stéphane PURNELLE: Have you a wins server ? --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 15/07/2010 15:27:25: Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de Envoyé par : samba-boun...@lists.samba.org 15/07/2010 15:27 A samba@lists.samba.org cc Objet [Samba] Samba, ldap and machine accounts Hi, some time a go I started to try a migration form our old samba PDC with smbpasswd user backend to a new ldap based. I got to the point, that users can login to shares and now I'd liked to set up the server as an PDC with ldap and machine accounts too. The smbldap-toosl are installed and configured and I can add a machine to ldap to a certain point. The ldap entry is created, but when I restart the XP client there is a pop-up at the login window with the message, that the domain is not available. (The domain I joined a few minutes ago.) I restarted the samba server, I restarted the xp client, waited some time over night for the browser announcement to finish. Deleted the cached files on the sambe server in /var/cache/samba/ ... May be I missed something or deleted something I shouln't ... The server is centos 5.5, openldap-2.3.43, samba-3.0.33. The Client is windows xp SP3 with all latest patches and no modifications to the registry or anything else. In the logfiles is not clue to me. Any suggestion or help is appreciate! Thanks a lot and best regards, Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: fixed delay logging onto Samba3.3 from Vista Business
Abey Thomas wrote on Mon Jun 22 16:23:34 GMT 2009 After enabling netlogon debugging i was able to see the 30seconds time gap in the log Did you ever resolve this? I am seeing the same 30 second delay with Samba 3.4.7 and Windows 7 Professional (Workstation), except it is followed by an equally mysterious 15 second gap. Here are those records from the log file: 05/26 11:22:11 [MISC] DsGetDcName function called: Dom:SAF Acct:(null) Flags: DSP 05/26 11:22:11 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c011 05/26 11:22:11 [MISC] NetpDcGetName: SAF: Avoid finding NT 5.0 DC in NT 4.0 domain (Use previously cached entry.) 05/26 11:22:11 [MISC] DsGetDcName function returns 0: Dom:SAF Acct:(null) Flags: DSP 05/26 11:22:41 [MISC] DsGetDcName function called: Dom:SAF Acct:(null) Flags: DSP 05/26 11:22:41 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c011 05/26 11:22:41 [MISC] NetpDcGetName: SAF: Avoid finding NT 5.0 DC in NT 4.0 domain (Use previously cached entry.) 05/26 11:22:41 [MISC] DsGetDcName function returns 0: Dom:SAF Acct:(null) Flags: DSP 05/26 11:22:56 [MISC] DsGetDcName function called: Dom:SAF Acct:(null) Flags: IP KDC 05/26 11:22:56 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c011 05/26 11:22:56 [MISC] NetpDcGetName: SAF: Avoid finding NT 5.0 DC in NT 4.0 domain The domain user does login eventually. Mostly. Roaming Profiles are very broken on W7: the top level Vista.V2 directory is created, but nothing is stored back into it on the server, and the logged in domain user ends up with a C:\Users\Temp profile. Files created by the domain user and stored locally or on a share are set with the correct ownership. Roaming profiles still work normally for XP, and the XP and W7 profiles are separate. Thanks, David Mathog mat...@caltech.edu Manager, Sequence Analysis Facility, Biology Division, Caltech -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : Example of command . / Setup / provision
2010/5/19 Viatte Frédéric frederic.via...@rpn.ch:
I can not test now, I'll try tomorrow. you're sure if we put --
domain=DOMAINE (without .CH) his walk? because I try and it seems to
The --domain option refers to a Windows NT-style domain name and not a
DNS domain. So it must not have a . in it.
me that I could not join a domain.
There must have been some other reason that you could not join the
domain with --domain=DOMAINE.
for # include, I put in the
option just below include / forwarders! for the area in domaine.ch
. / private I confirm you tomorrow! thank you
The #include of the .../private/named.conf must not be inside option
{...}. That is why it was complaining about zone.
But if you have both the zone domain.ch ... and #include
.../private/named.conf in the /etc/named.conf then they will probably
conflict with each other.
--
Michael Wood esiot...@gmail.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : Example of command . / Setup / provision
Hi 2010/5/20 Viatte Frédéric frederic.via...@rpn.ch: Hello For my zone DOMAINE.CH, yes I have one in /usr/local/samba/private/dns ! It is called domaine.ch.zone And for # include /usr/local/samba /private/named.conf I put in /usr/named.conf in the options below notify no As mentioned in my previous e-mail, it won't work if you put the #include into options. Put it at the bottom of the file where it says: # You can insert further zone records for your own domains below or create # single files in /etc/named.d/ and add the file names to # NAMED_CONF_INCLUDE_FILES. # See /usr/share/doc/packages/bind/README.SUSE for more details. Or you could follow the instructions in the above comment, but just including the #include here should work (as long as the contents of the file do not conflict with the other zones already defined in /etc/named.conf.) -Message d'origine- De : Michael Wood [mailto:esiot...@gmail.com] Envoyé : mercredi, 19. mai 2010 17:49 À : Viatte Frédéric Cc : samba@lists.samba.org Objet : Re: RE : RE : [Samba] Example of command . / Setup / provision 2010/5/19 Viatte Frédéric frederic.via...@rpn.ch: Because the realm of the HOWTO shows that it is necessary to use the complete name of the server it is false? No, the HOWTO does not have the server name in the realm. samdom is not the server name. I have put: - Realm=serveur-tpi.domaine.ch And - Domain=domaine.ch (I am to oblige to put it otherwise I cannot join any more the domain with a client) No. --domain must not have a . in it. Use --realm=domaine.ch --domain=DOMAINE. And afterward, I changed the name of NetBIOS in the file smb.conf and I put Samba. I did not have to do that when I tested Samba4. I just used --realm=something.org.za --domain=SOMETHING and the server's name was kudu.something.org.za. Here is the named.conf which comes from the directory / etc. / Do you have a DOMAIN.CH zone in addition to the one created by provision in /usr/local/samba/private? Where did you put the #include statement? -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : Example of command . / Setup / provision
2010/5/20 Viatte Frédéric frederic.via...@rpn.ch: Ok, I solved the problem by changing my DNS zone because there was a conflict! Now I tried to do the tests, but without success! I read the file message.log and here is what I found when I restart my DNS: the working directory is not writable ( what folder ? ) zone domaine.ch/IN: loading from master file /usr/local/samba/private/dns/domaine.ch.zone failed: file not found But my file exists and is in the right place! Try this: * Move /usr/local/samba/private/named.conf to /etc/named.conf.samba4. * Move /usr/local/samba/private/dns/domaine.ch.zone to /var/lib/named/master (I think.) * Edit named.conf.samba4 and change the path to domaine.ch.zone to where you moved it. * Make sure /etc/named.conf points to the new location of named.conf.samba4. See if that works. -Message d'origine- De : Michael Wood [mailto:esiot...@gmail.com] Envoyé : jeudi, 20. mai 2010 09:15 À : Viatte Frédéric Cc : Samba Objet : Re: RE : RE : [Samba] Example of command . / Setup / provision Hi 2010/5/20 Viatte Frédéric frederic.via...@rpn.ch: Hello For my zone DOMAINE.CH, yes I have one in /usr/local/samba/private/dns ! It is called domaine.ch.zone And for # include /usr/local/samba /private/named.conf I put in /usr/named.conf in the options below notify no As mentioned in my previous e-mail, it won't work if you put the #include into options. Put it at the bottom of the file where it says: # You can insert further zone records for your own domains below or create # single files in /etc/named.d/ and add the file names to # NAMED_CONF_INCLUDE_FILES. # See /usr/share/doc/packages/bind/README.SUSE for more details. Or you could follow the instructions in the above comment, but just including the #include here should work (as long as the contents of the file do not conflict with the other zones already defined in /etc/named.conf.) -Message d'origine- De : Michael Wood [mailto:esiot...@gmail.com] Envoyé : mercredi, 19. mai 2010 17:49 À : Viatte Frédéric Cc : samba@lists.samba.org Objet : Re: RE : RE : [Samba] Example of command . / Setup / provision 2010/5/19 Viatte Frédéric frederic.via...@rpn.ch: Because the realm of the HOWTO shows that it is necessary to use the complete name of the server it is false? No, the HOWTO does not have the server name in the realm. samdom is not the server name. I have put: - Realm=serveur-tpi.domaine.ch And - Domain=domaine.ch (I am to oblige to put it otherwise I cannot join any more the domain with a client) No. --domain must not have a . in it. Use --realm=domaine.ch --domain=DOMAINE. And afterward, I changed the name of NetBIOS in the file smb.conf and I put Samba. I did not have to do that when I tested Samba4. I just used --realm=something.org.za --domain=SOMETHING and the server's name was kudu.something.org.za. Here is the named.conf which comes from the directory / etc. / Do you have a DOMAIN.CH zone in addition to the one created by provision in /usr/local/samba/private? Where did you put the #include statement? -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : Example of command . / Setup / provision
2010/5/20 Viatte Frédéric frederic.via...@rpn.ch: I forgot, when I execute: $ host -t SRV _ldap._tcp.DOMAINE.CH This is the error: Host _ldap._tcp.DOMAINE.CH.DOMAINE.CH not found: 2(SERVFAIL) In my resolv.conf I like this line: search DOMAINE.CH That probably means it can't find DOMAINE.CH and so it looks for DOMAINE.CH.DOMAINE.CH. Make bind9 happy first and then try this again. Also try putting a . at the end, like this: host _ldap._tcp.domaine.ch. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : RE : Example of command . / Setup / provision
2010/5/18 Viatte Frédéric frederic.via...@rpn.ch: Sorry, I was wrong! As I understood, I do this command: --realm = SERVEUR-TPI.DOMAINE.CH --domain = SAMBA Just the name of my server and the name of my NETBIOS has to have to be different ? It is good it? I think the realm should NOT include the server name. Maybe tms3 or someone else can comment. If you want your Samba4+bind9 machine to host the domaine.ch zone (or you can do dynamic updates to the domaine.ch zone from Samba4) then you should probably do something like this: setup/provision --realm=DOMAINE.CH --domain=DOMAINE --adminpass= --server-role='domain controller' De : Michael Wood [esiot...@gmail.com] Date d'envoi : mardi 18 mai 2010 17:03 À : Viatte Frédéric Cc : t...@tms3.com; samba@lists.samba.org Objet : Re: [Samba] RE : RE : Example of command . / Setup / provision 2010/5/18 Viatte Frédéric frederic.via...@rpn.ch: I do not understand, I will have a hostname and NetBIOS name different? So -- Domain = SAMBA it'll be my name NETBIOS, and -- Realm = TPI.DOMAINE.CH-SERVER will my machine name + my domain? Let's say you have a web server called www.domaine.ch and a mail server called mail.domaine.ch etc. and then you have a server called serveur.tpi.domaine.ch and some workstations called ws1.tpi.domaine.ch, wp2.tpi.domaine.ch etc., then I would do this: setup/provision --realm=TPI.DOMAINE.CH --domain=TPI --adminpass= --server-role='domain controller' so your server name is not specified when you run provision. Then you will have a DNS zone file for tpi.domaine.ch and it will contain A records for: serveur IN A 192.168.1.100 ws1 IN A 192.168.1.200 ws2 IN A 192.168.1.201 etc. The zone for domaine.ch would have A records for www and mail and MX records etc. You might also have NS records pointing at serveur.tpi.domaine.ch for the tpi subdomain: @ IN MX 10 mail www IN A aaa.bbb.ccc.ddd mail IN A aaa.bbb.ccc.eee tpi IN NS serveur.tpi.domaine.ch. but this zone might be hosted by a completely different name server. Then the workstations should use 192.168.1.100 as their primary DNS server. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : RE : Example of command . / Setup / provision
I think that sends the image I walked, this is the first error: Naming Information Can not Be Located Because: The specified domain does not exist or could not be contacted. Contact your system administrator Error 2 The following domain controller could not be contacted:SERVEUR-TPI.DOMAINE.CH. Access denied Thanks -Message d'origine- De : Michael Wood [mailto:esiot...@gmail.com] Envoyé : mercredi, 19. mai 2010 08:34 À : Viatte Frédéric Cc : t...@tms3.com; samba@lists.samba.org Objet : Re: RE : [Samba] RE : RE : Example of command . / Setup / provision 2010/5/18 Viatte Frédéric frederic.via...@rpn.ch: Sorry, I was wrong! As I understood, I do this command: --realm = SERVEUR-TPI.DOMAINE.CH --domain = SAMBA Just the name of my server and the name of my NETBIOS has to have to be different ? It is good it? I think the realm should NOT include the server name. Maybe tms3 or someone else can comment. If you want your Samba4+bind9 machine to host the domaine.ch zone (or you can do dynamic updates to the domaine.ch zone from Samba4) then you should probably do something like this: setup/provision --realm=DOMAINE.CH --domain=DOMAINE --adminpass= --server-role='domain controller' De : Michael Wood [esiot...@gmail.com] Date d'envoi : mardi 18 mai 2010 17:03 À : Viatte Frédéric Cc : t...@tms3.com; samba@lists.samba.org Objet : Re: [Samba] RE : RE : Example of command . / Setup / provision 2010/5/18 Viatte Frédéric frederic.via...@rpn.ch: I do not understand, I will have a hostname and NetBIOS name different? So -- Domain = SAMBA it'll be my name NETBIOS, and -- Realm = TPI.DOMAINE.CH-SERVER will my machine name + my domain? Let's say you have a web server called www.domaine.ch and a mail server called mail.domaine.ch etc. and then you have a server called serveur.tpi.domaine.ch and some workstations called ws1.tpi.domaine.ch, wp2.tpi.domaine.ch etc., then I would do this: setup/provision --realm=TPI.DOMAINE.CH --domain=TPI --adminpass= --server-role='domain controller' so your server name is not specified when you run provision. Then you will have a DNS zone file for tpi.domaine.ch and it will contain A records for: serveur IN A 192.168.1.100 ws1 IN A 192.168.1.200 ws2 IN A 192.168.1.201 etc. The zone for domaine.ch would have A records for www and mail and MX records etc. You might also have NS records pointing at serveur.tpi.domaine.ch for the tpi subdomain: @ IN MX 10 mail www IN A aaa.bbb.ccc.ddd mail IN A aaa.bbb.ccc.eee tpi IN NS serveur.tpi.domaine.ch. but this zone might be hosted by a completely different name server. Then the workstations should use 192.168.1.100 as their primary DNS server. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : RE : Example of command . / Setup / provision
2010/5/19 Viatte Frédéric frederic.via...@rpn.ch: I think that sends the image I walked, this is the first error: Naming Information Can not Be Located Because: The specified domain does not exist or could not be contacted. Contact your system administrator Error 2 The following domain controller could not be contacted:SERVEUR-TPI.DOMAINE.CH. Access denied Thanks Do the DNS tests in step 8 of the howto (http://wiki.samba.org/index.php/Samba4/HOWTO#Step_8_Configure_DNS) work from both the Samba4 server and also from the Windows machine? For the Windows machine you will need to use nslookup instead of host. e.g.: C:\nslookup Default Server: serveur-tpi.domaine.ch Address: 192.168.1.100 set type=srv _ldap._tcp.domaine.ch. [...] Do the Kerberos tests in step 9 of the HOWTO work? Is the Windows machine joined to the domain? -Message d'origine- De : Michael Wood [mailto:esiot...@gmail.com] Envoyé : mercredi, 19. mai 2010 08:34 À : Viatte Frédéric Cc : t...@tms3.com; samba@lists.samba.org Objet : Re: RE : [Samba] RE : RE : Example of command . / Setup / provision 2010/5/18 Viatte Frédéric frederic.via...@rpn.ch: Sorry, I was wrong! As I understood, I do this command: --realm = SERVEUR-TPI.DOMAINE.CH --domain = SAMBA Just the name of my server and the name of my NETBIOS has to have to be different ? It is good it? I think the realm should NOT include the server name. Maybe tms3 or someone else can comment. If you want your Samba4+bind9 machine to host the domaine.ch zone (or you can do dynamic updates to the domaine.ch zone from Samba4) then you should probably do something like this: setup/provision --realm=DOMAINE.CH --domain=DOMAINE --adminpass= --server-role='domain controller' -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : RE : Example of command . / Setup / provision
That I think I found, I thought my DNS was set up well since the nslookup walked and I could connect to the Domain. For her that I skipped step 8! I tried to add the file /etc/named.conf line include /usr/local/samba/private/named.conf; but when I restart my DNS server, I get this error : Error occurred while starting named service. Error: / usr / local / samba / private / named.conf: 14: open: / usr / local / samba / private / named.conf.update: file not found At home in the private you have a file named named.conf.update? Thank you for your help! -Message d'origine- De : Michael Wood [mailto:esiot...@gmail.com] Envoyé : mercredi, 19. mai 2010 11:10 À : Viatte Frédéric Cc : t...@tms3.com; samba@lists.samba.org Objet : Re: RE : [Samba] RE : RE : Example of command . / Setup / provision 2010/5/19 Viatte Frédéric frederic.via...@rpn.ch: I think that sends the image I walked, this is the first error: Naming Information Can not Be Located Because: The specified domain does not exist or could not be contacted. Contact your system administrator Error 2 The following domain controller could not be contacted:SERVEUR-TPI.DOMAINE.CH. Access denied Thanks Do the DNS tests in step 8 of the howto (http://wiki.samba.org/index.php/Samba4/HOWTO#Step_8_Configure_DNS) work from both the Samba4 server and also from the Windows machine? For the Windows machine you will need to use nslookup instead of host. e.g.: C:\nslookup Default Server: serveur-tpi.domaine.ch Address: 192.168.1.100 set type=srv _ldap._tcp.domaine.ch. [...] Do the Kerberos tests in step 9 of the HOWTO work? Is the Windows machine joined to the domain? -Message d'origine- De : Michael Wood [mailto:esiot...@gmail.com] Envoyé : mercredi, 19. mai 2010 08:34 À : Viatte Frédéric Cc : t...@tms3.com; samba@lists.samba.org Objet : Re: RE : [Samba] RE : RE : Example of command . / Setup / provision 2010/5/18 Viatte Frédéric frederic.via...@rpn.ch: Sorry, I was wrong! As I understood, I do this command: --realm = SERVEUR-TPI.DOMAINE.CH --domain = SAMBA Just the name of my server and the name of my NETBIOS has to have to be different ? It is good it? I think the realm should NOT include the server name. Maybe tms3 or someone else can comment. If you want your Samba4+bind9 machine to host the domaine.ch zone (or you can do dynamic updates to the domaine.ch zone from Samba4) then you should probably do something like this: setup/provision --realm=DOMAINE.CH --domain=DOMAINE --adminpass= --server-role='domain controller' -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : RE : Example of command . / Setup / provision
I solved this error, but I have another one now, here it is: Error occurred while starting named service. Error: / usr / local / samba / private / named.conf: 6: unknown option 'zone' I tried to send you my file named.conf file private I do not know if you've received? Thank you -Message d'origine- De : Michael Wood [mailto:esiot...@gmail.com] Envoyé : mercredi, 19. mai 2010 11:10 À : Viatte Frédéric Cc : t...@tms3.com; samba@lists.samba.org Objet : Re: RE : [Samba] RE : RE : Example of command . / Setup / provision 2010/5/19 Viatte Frédéric frederic.via...@rpn.ch: I think that sends the image I walked, this is the first error: Naming Information Can not Be Located Because: The specified domain does not exist or could not be contacted. Contact your system administrator Error 2 The following domain controller could not be contacted:SERVEUR-TPI.DOMAINE.CH. Access denied Thanks Do the DNS tests in step 8 of the howto (http://wiki.samba.org/index.php/Samba4/HOWTO#Step_8_Configure_DNS) work from both the Samba4 server and also from the Windows machine? For the Windows machine you will need to use nslookup instead of host. e.g.: C:\nslookup Default Server: serveur-tpi.domaine.ch Address: 192.168.1.100 set type=srv _ldap._tcp.domaine.ch. [...] Do the Kerberos tests in step 9 of the HOWTO work? Is the Windows machine joined to the domain? -Message d'origine- De : Michael Wood [mailto:esiot...@gmail.com] Envoyé : mercredi, 19. mai 2010 08:34 À : Viatte Frédéric Cc : t...@tms3.com; samba@lists.samba.org Objet : Re: RE : [Samba] RE : RE : Example of command . / Setup / provision 2010/5/18 Viatte Frédéric frederic.via...@rpn.ch: Sorry, I was wrong! As I understood, I do this command: --realm = SERVEUR-TPI.DOMAINE.CH --domain = SAMBA Just the name of my server and the name of my NETBIOS has to have to be different ? It is good it? I think the realm should NOT include the server name. Maybe tms3 or someone else can comment. If you want your Samba4+bind9 machine to host the domaine.ch zone (or you can do dynamic updates to the domaine.ch zone from Samba4) then you should probably do something like this: setup/provision --realm=DOMAINE.CH --domain=DOMAINE --adminpass= --server-role='domain controller' -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : RE : Example of command . / Setup / provision
Hi 2010/5/19 Viatte Frédéric frederic.via...@rpn.ch: -Message d'origine- De : Viatte Frédéric Envoyé : mercredi, 19. mai 2010 11:58 À : 'Michael Wood' Cc : t...@tms3.com; samba@lists.samba.org Objet : RE: RE : [Samba] RE : RE : Example of command . / Setup / provision I solved this error, but I have another one now, here it is: Error occurred while starting named service. Error: / usr / local / samba / private / named.conf: 6: unknown option 'zone' I tried to send you my file named.conf file private I do not know if you've received? It seems you are still using SERVEUR-TPI.DOMAINE.CH as your realm and DNS domain. Why not just DOMAIN.CH? Otherwise there seems to be nothing wrong with the named.conf you attached. What does your /etc/named.conf file look like? (On Ubuntu it's /etc/bind/named.conf instead of /etc/named.conf.) -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE : RE : Example of command . / Setup / provision
Because the realm of the HOWTO shows that it is necessary to use the complete name of the server it is false? I have put: - Realm=serveur-tpi.domaine.ch And - Domain=domaine.ch (I am to oblige to put it otherwise I cannot join any more the domain with a client) And afterward, I changed the name of NetBIOS in the file smb.conf and I put Samba. Here is the named.conf which comes from the directory / etc. / Thank you De : Michael Wood [esiot...@gmail.com] Date d'envoi : mercredi 19 mai 2010 14:07 À : Viatte Frédéric Cc : samba@lists.samba.org Objet : Re: RE : [Samba] RE : RE : Example of command . / Setup / provision Hi 2010/5/19 Viatte Frédéric frederic.via...@rpn.ch: -Message d'origine- De : Viatte Frédéric Envoyé : mercredi, 19. mai 2010 11:58 À : 'Michael Wood' Cc : t...@tms3.com; samba@lists.samba.org Objet : RE: RE : [Samba] RE : RE : Example of command . / Setup / provision I solved this error, but I have another one now, here it is: Error occurred while starting named service. Error: / usr / local / samba / private / named.conf: 6: unknown option 'zone' I tried to send you my file named.conf file private I do not know if you've received? It seems you are still using SERVEUR-TPI.DOMAINE.CH as your realm and DNS domain. Why not just DOMAIN.CH? Otherwise there seems to be nothing wrong with the named.conf you attached. What does your /etc/named.conf file look like? (On Ubuntu it's /etc/bind/named.conf instead of /etc/named.conf.) -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : RE : Example of command . / Setup /provision
I think that sends the image I walked, this is the first error: Naming Information Can not Be Located Because: The specified domain does not exist or could not be contacted. Contact your system administrator Error 2 The following domain controller could not be contacted:SERVEUR-TPI.DOMAINE.CH. Access denied Well, you do need to actually setup DNS after running the provisioning script. See the wiki http://wiki.samba.org/index.php/Samba4/HOWTO#Step_8_Configure_DNS and the manual for whatever flavor of DNS you are using. Thanks -Message d'origine- De : Michael Wood [mailto:esiot...@gmail.com] Envoyé : mercredi, 19. mai 2010 08:34 À : Viatte Frédéric Cc : t...@tms3.com; samba@lists.samba.org Objet : Re: RE : [Samba] RE : RE : Example of command . / Setup / provision 2010/5/18 Viatte Frédéric frederic.via...@rpn.ch: Sorry, I was wrong! As I understood, I do this command: --realm = SERVEUR-TPI.DOMAINE.CH --domain = SAMBA Just the name of my server and the name of my NETBIOS has to have to be different ? It is good it? I think the realm should NOT include the server name. Maybe tms3 or someone else can comment. If you want your Samba4+bind9 machine to host the domaine.ch zone (or you can do dynamic updates to the domaine.ch zone from Samba4) then you should probably do something like this: setup/provision --realm=DOMAINE.CH --domain=DOMAINE --adminpass= --server-role='domain controller' De : Michael Wood [esiot...@gmail.com] Date d'envoi : mardi 18 mai 2010 17:03 À : Viatte Frédéric Cc : t...@tms3.com; samba@lists.samba.org Objet : Re: [Samba] RE : RE : Example of command . / Setup / provision 2010/5/18 Viatte Frédéric frederic.via...@rpn.ch: I do not understand, I will have a hostname and NetBIOS name different? So -- Domain = SAMBA it'll be my name NETBIOS, and -- Realm = TPI.DOMAINE.CH-SERVER will my machine name + my domain? Let's say you have a web server called http://www.domaine.ch and a mail server called mail.domaine.ch etc. and then you have a server called serveur.tpi.domaine.ch and some workstations called ws1.tpi.domaine.ch, wp2.tpi.domaine.ch etc., then I would do this: setup/provision --realm=TPI.DOMAINE.CH --domain=TPI --adminpass= --server-role='domain controller' so your server name is not specified when you run provision. Then you will have a DNS zone file for tpi.domaine.ch and it will contain A records for: serveur IN A 192.168.1.100 ws1 IN A 192.168.1.200 ws2 IN A 192.168.1.201 etc. The zone for domaine.ch would have A records for www and mail and MX records etc. You might also have NS records pointing at serveur.tpi.domaine.ch for the tpi subdomain: @ IN MX 10 mail www IN A aaa.bbb.ccc.ddd mail IN A aaa.bbb.ccc.eee tpi IN NS serveur.tpi.domaine.ch. but this zone might be hosted by a completely different name server. Then the workstations should use 192.168.1.100 as their primary DNS server. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : Example of command . / Setup / provision
2010/5/19 Viatte Frédéric frederic.via...@rpn.ch: Because the realm of the HOWTO shows that it is necessary to use the complete name of the server it is false? No, the HOWTO does not have the server name in the realm. samdom is not the server name. I have put: - Realm=serveur-tpi.domaine.ch And - Domain=domaine.ch (I am to oblige to put it otherwise I cannot join any more the domain with a client) No. --domain must not have a . in it. Use --realm=domaine.ch --domain=DOMAINE. And afterward, I changed the name of NetBIOS in the file smb.conf and I put Samba. I did not have to do that when I tested Samba4. I just used --realm=something.org.za --domain=SOMETHING and the server's name was kudu.something.org.za. Here is the named.conf which comes from the directory / etc. / Do you have a DOMAIN.CH zone in addition to the one created by provision in /usr/local/samba/private? Where did you put the #include statement? Thank you De : Michael Wood [esiot...@gmail.com] Date d'envoi : mercredi 19 mai 2010 14:07 À : Viatte Frédéric Cc : samba@lists.samba.org Objet : Re: RE : [Samba] RE : RE : Example of command . / Setup / provision Hi 2010/5/19 Viatte Frédéric frederic.via...@rpn.ch: -Message d'origine- De : Viatte Frédéric Envoyé : mercredi, 19. mai 2010 11:58 À : 'Michael Wood' Cc : t...@tms3.com; samba@lists.samba.org Objet : RE: RE : [Samba] RE : RE : Example of command . / Setup / provision I solved this error, but I have another one now, here it is: Error occurred while starting named service. Error: / usr / local / samba / private / named.conf: 6: unknown option 'zone' I tried to send you my file named.conf file private I do not know if you've received? It seems you are still using SERVEUR-TPI.DOMAINE.CH as your realm and DNS domain. Why not just DOMAIN.CH? Otherwise there seems to be nothing wrong with the named.conf you attached. What does your /etc/named.conf file look like? (On Ubuntu it's /etc/bind/named.conf instead of /etc/named.conf.) -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE : Example of command . / Setup / provision
Hello Thank you for your quick response! Right?. The full name of my server is: server-tpi.domaine.ch I put as a command:. / Setup / provision - realm = DOMAINE.CH - domain = DOMAIN - adminpass = Pass2010 - server-role = 'domain controller' The information I entered is correct? And here is my host file after installing my DNS and samba: 127.0.0.1 localhost # Special IPv6 addresses :: 1 localhost ipv6-localhost ipv6-loopback fe00:: 0 ipv6-localnet ff00:: 0 ipv6-mcastprefix ff02:: 1 ipv6-allnodes ff02:: 2 ipv6-allrouters ff02:: 3 ipv6-allhosts 127.0.0.2 SERVER-SERVER TPI.DOMAINE.CH-TPI 192.168.1.100 SERVER-SERVER-TPI TPI 192.168.1.100 SERVER-SERVER-TPI TPI Something seems strange to me .. what is your opinion? Thank you in advance! De : samba-boun...@lists.samba.org [samba-boun...@lists.samba.org] de la part de Laurent BARRAILLE [laurent.barrai...@iut-nimes.fr] Date d'envoi : mardi 18 mai 2010 12:06 À : samba@lists.samba.org Objet : Re: [Samba] Example of command . / Setup / provision Hi, provision --realm=domgc.iut-nimes.fr --domain=domgc --adminpass=topsecret --server-role='domain controller' My test server configuration : ip : 192.168.2.32 short name : srvsmb4 full name : srvsmb4.domgc.iut-nimes.fr my /etc/hosts file : 127.0.0.1localhost 192.168.2.32srvsmb4.domgc.iut-nimes.frsrvsmb4 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters my /etc/resolv.conf file : search domgc.iut-nimes.fr nameserver 192.168.2.32 nameserver 192.168.2.4 Barraillé Laurent Le 18/05/2010 11:08, Viatte Frédéric a écrit : Hello Are that someone has an example of the command provision that he made himself ? Because in the HOWTO is set - realm = samdom.example.com - domain = SAMDOM but what corresponds SAMDOM Because the domain is example.com no ? SAMDOM is the Windows domain. This is a sub domain of the example.com domain Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : Example of command . / Setup / provision
Hi 2010/5/18 Viatte Frédéric frederic.via...@rpn.ch: Hello Thank you for your quick response! Right?. The full name of my server is: server-tpi.domaine.ch I put as a command:. / Setup / provision - realm = DOMAINE.CH - domain = DOMAIN - adminpass = Pass2010 - server-role = 'domain controller' The information I entered is correct? It is normal for the Windows domain name to be the same as the first part of the realm name. So you are missing the E from --domain=DOMAIN. But as tms3 says it can work even if they do not match. When I tried running provision, I had the Windows DOMAIN the same as the first part of the REALM and the DNS domain was the same as the realm (except lowercase). I also had to use --target-dir=/usr/local/samba4 (where I installed Samba4) when I ran provision. And here is my host file after installing my DNS and samba: [...] 127.0.0.2 SERVER-SERVER TPI.DOMAINE.CH-TPI 192.168.1.100 SERVER-SERVER-TPI TPI 192.168.1.100 SERVER-SERVER-TPI TPI Something seems strange to me .. what is your opinion? Installing DNS (bind9) or Samba should not affect your hosts file, so your hosts file will have looked like that before installing DNS and Samba too. If your DNS is working correctly then you can remove the entries for 192.168.1.100 from your hosts file. Even if you wanted to keep it there, you would only need one of them. Not two. Also, if you keep it in /etc/hosts, it should probably match the DNS entry. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE : Example of command . / Setup / provision
Thank you for your reply How to know the NetBIOS name in Linux? The name of my domain is: DOMAINE.CH The name of my server: SERVEUR-TPI If I put -- realm = SERVEUR-TPI.DOMAINE.CH -- domain = DOMAINE.CH His able to walk? Thank you De : samba-boun...@lists.samba.org [samba-boun...@lists.samba.org] de la part de t...@tms3.com [t...@tms3.com] Date d'envoi : mardi 18 mai 2010 15:11 À : Laurent BARRAILLE Cc : samba@lists.samba.org Objet : Re: [Samba] Example of command . / Setup / provision SNIP Because in the HOWTO is set - realm = samdom.example.com - domain = SAMDOM but what corresponds SAMDOM Because the domain is example.com no ? SAMDOM is the Windows domain. This is a sub domain of the example.com domain Well, not really. SAMDOM is the NETBIOS name of the domain, which we have to use the way back machine to Winblows NT4 to come to grips with it. So, yes the domain IS example.com, and, if you want, you can do this: realm = EXAMPLE.COM and have domain = EXAMPLE. It is also possible to have the domain = EX or TEST and the realm be EXAMPLE.COM, though I'd not recommend it. For the most part it is a design issue. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : Example of command . / Setup / provision
SNIP How to know the NetBIOS name in Linux? Linux does not care. Only Windows cares. The name of my domain is: DOMAINE.CH The name of my server: SERVEUR-TPI The posix name of the server does not matter. Nor does the DNS name as it can have more than one DNS name. You need to work with Samba as a somewhat separate entity. It is simply easier to match names up for us humans. So If I put -- realm = SERVEUR-TPI.DOMAINE.CH -- domain = DOMAINE.CH Nope. See, the important thing is the domain name should be a single simple short word. So the easiest bit would be: realm = SERVEUR-TPI.DOMAINE.CH -- domain =SERVEUR-TPI BUT!! your kerberos realm does NOT have to match the machine name either! So we could forget the *nix name completely and just for simplicity: --realm=SAMBA.DOMAINE.CH --domain=SAMBA His able to walk? Thank you De : samba-boun...@lists.samba.org [samba-boun...@lists.samba.org] de la part de t...@tms3.com [t...@tms3.com] Date d'envoi : mardi 18 mai 2010 15:11 À : Laurent BARRAILLE Cc : samba@lists.samba.org Objet : Re: [Samba] Example of command . / Setup / provision SNIP Because in the HOWTO is set - realm = samdom.example.com - domain = SAMDOM but what corresponds SAMDOM Because the domain is example.com no ? SAMDOM is the Windows domain. This is a sub domain of the example.com domain Well, not really. SAMDOM is the NETBIOS name of the domain, which we have to use the way back machine to Winblows NT4 to come to grips with it. So, yes the domain IS example.com, and, if you want, you can do this: realm = EXAMPLE.COM and have domain = EXAMPLE. It is also possible to have the domain = EX or TEST and the realm be EXAMPLE.COM, though I'd not recommend it. For the most part it is a design issue. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE : RE : Example of command . / Setup / provision
I do not understand, I will have a hostname and NetBIOS name different? So -- Domain = SAMBA it'll be my name NETBIOS, and -- Realm = TPI.DOMAINE.CH-SERVER will my machine name + my domain? Thank you De : t...@tms3.com [t...@tms3.com] Date d'envoi : mardi 18 mai 2010 15:50 À : Viatte Frédéric Cc : Laurent BARRAILLE; samba@lists.samba.org Objet : Re: RE : [Samba] Example of command . / Setup / provision SNIP How to know the NetBIOS name in Linux? Linux does not care. Only Windows cares. The name of my domain is: DOMAINE.CH The name of my server: SERVEUR-TPI The posix name of the server does not matter. Nor does the DNS name as it can have more than one DNS name. You need to work with Samba as a somewhat separate entity. It is simply easier to match names up for us humans. So If I put -- realm = SERVEUR-TPI.DOMAINE.CH -- domain = DOMAINE.CH Nope. See, the important thing is the domain name should be a single simple short word. So the easiest bit would be: realm = SERVEUR-TPI.DOMAINE.CH -- domain =SERVEUR-TPI BUT!! your kerberos realm does NOT have to match the machine name either! So we could forget the *nix name completely and just for simplicity: --realm=SAMBA.DOMAINE.CH --domain=SAMBA His able to walk? Thank you De : samba-boun...@lists.samba.org [samba-boun...@lists.samba.org] de la part de t...@tms3.com [t...@tms3.com] Date d'envoi : mardi 18 mai 2010 15:11 À : Laurent BARRAILLE Cc : samba@lists.samba.org Objet : Re: [Samba] Example of command . / Setup / provision SNIP Because in the HOWTO is set - realm = samdom.example.com - domain = SAMDOM but what corresponds SAMDOM Because the domain is example.com no ? SAMDOM is the Windows domain. This is a sub domain of the example.com domain Well, not really. SAMDOM is the NETBIOS name of the domain, which we have to use the way back machine to Winblows NT4 to come to grips with it. So, yes the domain IS example.com, and, if you want, you can do this: realm = EXAMPLE.COM and have domain = EXAMPLE. It is also possible to have the domain = EX or TEST and the realm be EXAMPLE.COM, though I'd not recommend it. For the most part it is a design issue. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : Example of command . / Setup / provision
I do not understand, I will have a hostname and NetBIOS name different? Yes. So -- Domain = SAMBA it'll be my name NETBIOS, and -- Realm = TPI.DOMAINE.CH-SERVER will my machine name + my domain? Thank you De : t...@tms3.com [t...@tms3.com] Date d'envoi : mardi 18 mai 2010 15:50 À : Viatte Frédéric Cc : Laurent BARRAILLE; samba@lists.samba.org Objet : Re: RE : [Samba] Example of command . / Setup / provision SNIP How to know the NetBIOS name in Linux? Linux does not care. Only Windows cares. The name of my domain is: DOMAINE.CH The name of my server: SERVEUR-TPI The posix name of the server does not matter. Nor does the DNS name as it can have more than one DNS name. You need to work with Samba as a somewhat separate entity. It is simply easier to match names up for us humans. So If I put -- realm = SERVEUR-TPI.DOMAINE.CH -- domain = DOMAINE.CH Nope. See, the important thing is the domain name should be a single simple short word. So the easiest bit would be: realm = SERVEUR-TPI.DOMAINE.CH -- domain =SERVEUR-TPI BUT!! your kerberos realm does NOT have to match the machine name either! So we could forget the *nix name completely and just for simplicity: --realm=SAMBA.DOMAINE.CH --domain=SAMBA His able to walk? Thank you De : samba-boun...@lists.samba.org [samba-boun...@lists.samba.org] de la part de t...@tms3.com [t...@tms3.com] Date d'envoi : mardi 18 mai 2010 15:11 À : Laurent BARRAILLE Cc : samba@lists.samba.org Objet : Re: [Samba] Example of command . / Setup / provision SNIP Because in the HOWTO is set - realm = samdom.example.com - domain = SAMDOM but what corresponds SAMDOM Because the domain is example.com no ? SAMDOM is the Windows domain. This is a sub domain of the example.com domain Well, not really. SAMDOM is the NETBIOS name of the domain, which we have to use the way back machine to Winblows NT4 to come to grips with it. So, yes the domain IS example.com, and, if you want, you can do this: realm = EXAMPLE.COM and have domain = EXAMPLE. It is also possible to have the domain = EX or TEST and the realm be EXAMPLE.COM, though I'd not recommend it. For the most part it is a design issue. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : Example of command . / Setup / provision
2010/5/18 Viatte Frédéric frederic.via...@rpn.ch: I do not understand, I will have a hostname and NetBIOS name different? So -- Domain = SAMBA it'll be my name NETBIOS, and -- Realm = TPI.DOMAINE.CH-SERVER will my machine name + my domain? Let's say you have a web server called www.domaine.ch and a mail server called mail.domaine.ch etc. and then you have a server called serveur.tpi.domaine.ch and some workstations called ws1.tpi.domaine.ch, wp2.tpi.domaine.ch etc., then I would do this: setup/provision --realm=TPI.DOMAINE.CH --domain=TPI --adminpass= --server-role='domain controller' so your server name is not specified when you run provision. Then you will have a DNS zone file for tpi.domaine.ch and it will contain A records for: serveur IN A 192.168.1.100 ws1 IN A 192.168.1.200 ws2 IN A 192.168.1.201 etc. The zone for domaine.ch would have A records for www and mail and MX records etc. You might also have NS records pointing at serveur.tpi.domaine.ch for the tpi subdomain: @ IN MX 10 mail www IN A aaa.bbb.ccc.ddd mail IN A aaa.bbb.ccc.eee tpi IN NS serveur.tpi.domaine.ch. but this zone might be hosted by a completely different name server. Then the workstations should use 192.168.1.100 as their primary DNS server. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE : RE : RE : Example of command . / Setup / provision
Sorry, I was wrong! As I understood, I do this command: --realm = SERVEUR-TPI.DOMAINE.CH --domain = SAMBA Just the name of my server and the name of my NETBIOS has to have to be different ? It is good it? Thank you De : Michael Wood [esiot...@gmail.com] Date d'envoi : mardi 18 mai 2010 17:03 À : Viatte Frédéric Cc : t...@tms3.com; samba@lists.samba.org Objet : Re: [Samba] RE : RE : Example of command . / Setup / provision 2010/5/18 Viatte Frédéric frederic.via...@rpn.ch: I do not understand, I will have a hostname and NetBIOS name different? So -- Domain = SAMBA it'll be my name NETBIOS, and -- Realm = TPI.DOMAINE.CH-SERVER will my machine name + my domain? Let's say you have a web server called www.domaine.ch and a mail server called mail.domaine.ch etc. and then you have a server called serveur.tpi.domaine.ch and some workstations called ws1.tpi.domaine.ch, wp2.tpi.domaine.ch etc., then I would do this: setup/provision --realm=TPI.DOMAINE.CH --domain=TPI --adminpass= --server-role='domain controller' so your server name is not specified when you run provision. Then you will have a DNS zone file for tpi.domaine.ch and it will contain A records for: serveur IN A 192.168.1.100 ws1 IN A 192.168.1.200 ws2 IN A 192.168.1.201 etc. The zone for domaine.ch would have A records for www and mail and MX records etc. You might also have NS records pointing at serveur.tpi.domaine.ch for the tpi subdomain: @ IN MX 10 mail www IN A aaa.bbb.ccc.ddd mail IN A aaa.bbb.ccc.eee tpi IN NS serveur.tpi.domaine.ch. but this zone might be hosted by a completely different name server. Then the workstations should use 192.168.1.100 as their primary DNS server. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE : RE : Domain not found in Samba 4 AD
Hello I'm testing this morning! I have reinstalled my server as a domain name but I put domaine.ch I thought it was going to walk, but the problem is not the domain name ... I do not really know what it can come ... Have you another suggestion? Thank you De : Michael Wood [esiot...@gmail.com] Date d'envoi : mercredi 12 mai 2010 17:32 À : Viatte Frédéric Cc : Andrew Bartlett; samba@lists.samba.org Objet : Re: RE : Domain not found in Samba 4 AD 2010/5/12 Viatte Frédéric frederic.via...@rpn.ch: I tried your solution, reinstalling my server and my DNS, and I put as name : domaine.ch I have not reinstalled all Samba 4, but when it's doing, I'll gives new! OK, I hope it works. This may be the name: Samba can cause confusion I don't think there's anything special about the name samba. I think the problem was a confusion between the machine name and the realm/DNS domain name. Anyway, I hope using domain.ch as the realm fixes your problem. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : RE : RE : RE : Domain not found in Samba 4 AD
2010/5/12 Viatte Frédéric frederic.via...@rpn.ch: The name of my machine is Server.Samba, why put Server.server.Samba? When I do a ping-a 192.168.1.220 from my Windows machine, I get: Response Client.server.Samba, as if my domain was called Server.Samba. Your windows machine is trying to query for serveur.serveur.samba. I don't know why. What did you specify for the --realm when you ran the provision script? In my file host which I also have two n'on nothing to make me think: 192.168.1.100 Server Server 192.168.1.100 server server If your DNS is correctly configured you should not need that in your hosts file. Also hostnames are not case sensitive, so it is not necessary to have Server and server. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE : RE : RE : RE : RE : RE : Domain not found in Samba 4 AD
Here is the command that I realized: . / Setup / provision - realm = Server.Samba - domain = Samba - adminpass = password - server-role = 'domain controller' Thank you for your help! De : Michael Wood [esiot...@gmail.com] Date d'envoi : mercredi 12 mai 2010 12:14 À : Viatte Frédéric Cc : Andrew Bartlett; samba@lists.samba.org Objet : Re: RE : RE : [Samba] RE : RE : RE : Domain not found in Samba 4 AD 2010/5/12 Viatte Frédéric frederic.via...@rpn.ch: The name of my machine is Server.Samba, why put Server.server.Samba? When I do a ping-a 192.168.1.220 from my Windows machine, I get: Response Client.server.Samba, as if my domain was called Server.Samba. Your windows machine is trying to query for serveur.serveur.samba. I don't know why. What did you specify for the --realm when you ran the provision script? In my file host which I also have two n'on nothing to make me think: 192.168.1.100 Server Server 192.168.1.100 server server If your DNS is correctly configured you should not need that in your hosts file. Also hostnames are not case sensitive, so it is not necessary to have Server and server. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re-Installing samba on new hard drive
I'm currently running samba as a primary domain controller on Ubuntu 8.04. I am going to do a fresh install of Ubuntu 10.04 onto a new hard drive and install that distribution's samba package. This will replace my current installation. I don't plan on changing the configuration file (smb.conf). The configuration file from my current samba installation will be copied to the new installation. How will my Window clients that are joined to the current domain handle this? Will they have to re-join the new domain, even though its not a new domain since its the same configuration file? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : RE : RE : RE : RE : Domain not found in Samba 4 AD
2010/5/12 Viatte Frédéric frederic.via...@rpn.ch: Here is the command that I realized: . / Setup / provision - realm = Server.Samba - domain = Samba - adminpass = password - server-role = 'domain controller' OK, then it seems that your realm, and therefore your DNS domain, is server.samba, so that is why the Windows machine is trying to find server.server.samba. I think you should try something like this rather: setup/provision --realm=SAMBA.LOCAL --domain=SAMBA --adminpass= --server-role=domain controller Then make sure that your DNS works for all of these: server.samba.local (A record) _ldap._tcp.samba.local. (SRV record) _kerberos._udp.samba.local. (SRV record) I hope that works. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE : RE : RE : RE : Domain not found in Samba 4 AD
So I reinstalled my server, starting with the alpha 12, but its changes nothing! I did an analysis that the analyzer, here the information I have chosen: (I send you a picture) Thanks. De : Michael Wood [esiot...@gmail.com] Date d'envoi : mardi 11 mai 2010 08:49 À : Viatte Frédéric Cc : Andrew Bartlett; samba@lists.samba.org Objet : Re: [Samba] RE : RE : RE : Domain not found in Samba 4 AD Hi 2010/5/11 Viatte Frédéric frederic.via...@rpn.ch I do not think my error comes from my version of Alpha, in the other person, it worked! I did not try alpha11. I got it to work with the version from git about a week ago. But I think it should also work with Alpha 11. So I think my problem is elsewhere! Probably. Person to another idea? Do you have any more information from wireshark about what is happening when you try to add the user? -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE : Domain not found in Samba 4 AD
I tried your solution, reinstalling my server and my DNS, and I put as name : domaine.ch I have not reinstalled all Samba 4, but when it's doing, I'll gives new! This may be the name: Samba can cause confusion Thank you De : Michael Wood [esiot...@gmail.com] Date d'envoi : mercredi 12 mai 2010 15:42 À : Viatte Frédéric Cc : Andrew Bartlett; samba@lists.samba.org Objet : Re: RE : RE : RE : [Samba] RE : RE : RE : Domain not found in Samba 4 AD 2010/5/12 Viatte Frédéric frederic.via...@rpn.ch: Here is the command that I realized: . / Setup / provision - realm = Server.Samba - domain = Samba - adminpass = password - server-role = 'domain controller' OK, then it seems that your realm, and therefore your DNS domain, is server.samba, so that is why the Windows machine is trying to find server.server.samba. I think you should try something like this rather: setup/provision --realm=SAMBA.LOCAL --domain=SAMBA --adminpass= --server-role=domain controller Then make sure that your DNS works for all of these: server.samba.local (A record) _ldap._tcp.samba.local. (SRV record) _kerberos._udp.samba.local. (SRV record) I hope that works. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : Domain not found in Samba 4 AD
2010/5/12 Viatte Frédéric frederic.via...@rpn.ch: I tried your solution, reinstalling my server and my DNS, and I put as name : domaine.ch I have not reinstalled all Samba 4, but when it's doing, I'll gives new! OK, I hope it works. This may be the name: Samba can cause confusion I don't think there's anything special about the name samba. I think the problem was a confusion between the machine name and the realm/DNS domain name. Anyway, I hope using domain.ch as the realm fixes your problem. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re-Installing samba on new hard drive
On 05/12/2010 8:13 AM, Leandro Tracchia wrote: I'm currently running samba as a primary domain controller on Ubuntu 8.04. I am going to do a fresh install of Ubuntu 10.04 onto a new hard drive and install that distribution's samba package. This will replace my current installation. I don't plan on changing the configuration file (smb.conf). The configuration file from my current samba installation will be copied to the new installation. Familiarize yourself with the changes between your old version of Samba and the new: http://www.samba.org/samba/history/ How will my Window clients that are joined to the current domain handle this? Will they have to re-join the new domain, even though its not a new domain since its the same configuration file? Start here: http://www.samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2600749 Retain the same SID. Perhaps, copy /var/lib/samba. There are other variables, depending upon your particular configuration. Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : RE : Domain not found in Samba 4 AD
Hi 2010/5/11 Viatte Frédéric frederic.via...@rpn.ch I do not think my error comes from my version of Alpha, in the other person, it worked! I did not try alpha11. I got it to work with the version from git about a week ago. But I think it should also work with Alpha 11. So I think my problem is elsewhere! Probably. Person to another idea? Do you have any more information from wireshark about what is happening when you try to add the user? -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : Domain not found in Samba 4 AD
Hello I tested the network analyzer, I found three lines: Sat SMB_NETL Active Directory Response - user unknown Standard query response, No such name Standard query SOA Client.serveur.samba You would like more information? Thanks -Message d'origine- De : samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] De la part de Viatte Frédéric Envoyé : mardi, 11. mai 2010 07:06 À : Andrew Bartlett Cc : samba@lists.samba.org Objet : [Samba] RE : RE : RE : Domain not found in Samba 4 AD I do not think my error comes from my version of Alpha, in the other person, it worked! So I think my problem is elsewhere! Person to another idea? Thanks ! De : Andrew Bartlett [abart...@samba.org] Date d'envoi : mardi 11 mai 2010 03:04 À : Viatte Frédéric Cc : Laurent BARRAILLE; samba@lists.samba.org Objet : Re: [Samba] RE : RE : Domain not found in Samba 4 AD On Mon, 2010-05-10 at 16:10 +0200, Viatte Frédéric wrote: I have version alpha 11. Version 12 is available? I do not find it! The git revisions leading up to the next alpha hold the next number, and are then marked as being a git snapshot. I'll get the alpha out, but I've failed to get it out as quickly as I should have. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : RE : RE : Domain not found in Samba 4 AD
2010/5/11 Viatte Frédéric frederic.via...@rpn.ch: So I reinstalled my server, starting with the alpha 12, but its changes nothing! I did an analysis that the analyzer, here the information I have chosen: (I send you a picture) I meant that you should run wireshark on the Windows machine in case some of the traffic is not getting to the Linux machine at all, but no such name DNS responses also indicate that there might be a problem with DNS. Is the realm/domain serveur.samba? And is the server called serveur.serveur.samba? If so, try fixing the DNS so that nslookup serveur.serveur.samba work on the Windows machine and returns 192.168.1.100. I see there are also some user unknown messages before the DNS messages, but I'm not sure what would have caused those. De : Michael Wood [esiot...@gmail.com] [...] 2010/5/11 Viatte Frédéric frederic.via...@rpn.ch I do not think my error comes from my version of Alpha, in the other person, it worked! I did not try alpha11. I got it to work with the version from git about a week ago. But I think it should also work with Alpha 11. So I think my problem is elsewhere! Probably. Person to another idea? Do you have any more information from wireshark about what is happening when you try to add the user? -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE : RE : RE : RE : RE : Domain not found in Samba 4 AD
The name of my machine is Server.Samba, why put Server.server.Samba? When I do a ping-a 192.168.1.220 from my Windows machine, I get: Response Client.server.Samba, as if my domain was called Server.Samba. In my file host which I also have two n'on nothing to make me think: 192.168.1.100 Server Server 192.168.1.100 server server Thank you De : Michael Wood [esiot...@gmail.com] Date d'envoi : mardi 11 mai 2010 21:18 À : Viatte Frédéric Cc : Andrew Bartlett; samba@lists.samba.org Objet : Re: RE : [Samba] RE : RE : RE : Domain not found in Samba 4 AD 2010/5/11 Viatte Frédéric frederic.via...@rpn.ch: So I reinstalled my server, starting with the alpha 12, but its changes nothing! I did an analysis that the analyzer, here the information I have chosen: (I send you a picture) I meant that you should run wireshark on the Windows machine in case some of the traffic is not getting to the Linux machine at all, but no such name DNS responses also indicate that there might be a problem with DNS. Is the realm/domain serveur.samba? And is the server called serveur.serveur.samba? If so, try fixing the DNS so that nslookup serveur.serveur.samba work on the Windows machine and returns 192.168.1.100. I see there are also some user unknown messages before the DNS messages, but I'm not sure what would have caused those. De : Michael Wood [esiot...@gmail.com] [...] 2010/5/11 Viatte Frédéric frederic.via...@rpn.ch I do not think my error comes from my version of Alpha, in the other person, it worked! I did not try alpha11. I got it to work with the version from git about a week ago. But I think it should also work with Alpha 11. So I think my problem is elsewhere! Probably. Person to another idea? Do you have any more information from wireshark about what is happening when you try to add the user? -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE : Domain not found in Samba 4 AD
It OpenSUSE 11.2 Here's my setup: Server IP Address: 192.168.1.100 Client IP Address: 192.168.1.220 On the client, I can ping the server without problem, and DNS is working perfectly, I test this by a NSLOOKUP and it works! I reach into my AD and I see the users, but when I create a new user it tells me my error. (I can still create and enter the session but with errors of course .. and I can not apply Group Policy ..!) Thank you for your help! De : samba-boun...@lists.samba.org [samba-boun...@lists.samba.org] de la part de Laurent BARRAILLE [laurent.barrai...@iut-nimes.fr] Date d'envoi : lundi 10 mai 2010 14:04 À : samba@lists.samba.org Objet : Re: [Samba] Domain not found in Samba 4 AD Hi, Which distribution ? Have you a static ip configuration ? In your Windows client, ping your server to check dns configuration my /etc/hosts file /etc/hosts : 127.0.0.1 localhost 192.168.2.32 srvsmb4.domgc.iut-nimes.fr srvsmb4 Regards Barraillé Laurent Le 10/05/2010 11:39, Viatte Frédéric a écrit : Hello I followed the official HOWTO. All goes well until the moment when I try to add a user in AD, it tells me the following error: The specified domain does not exist or could not be contacted Thank you in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : Domain not found in Samba 4 AD
You have the last samba 4 (alpha 12), i suppose. Can you create a user with the net command on your server ? net newuser USERNAME You logged with Administrator account on your Windows client (XP sp3 ) ? The firewall is shutdown ? Barraillé Laurent Le 10/05/2010 15:33, Viatte Frédéric a écrit : It OpenSUSE 11.2 Here's my setup: Server IP Address: 192.168.1.100 Client IP Address: 192.168.1.220 On the client, I can ping the server without problem, and DNS is working perfectly, I test this by a NSLOOKUP and it works! I reach into my AD and I see the users, but when I create a new user it tells me my error. (I can still create and enter the session but with errors of course .. and I can not apply Group Policy ..!) Thank you for your help! De : samba-boun...@lists.samba.org [samba-boun...@lists.samba.org] de la part de Laurent BARRAILLE [laurent.barrai...@iut-nimes.fr] Date d'envoi : lundi 10 mai 2010 14:04 À : samba@lists.samba.org Objet : Re: [Samba] Domain not found in Samba 4 AD Hi, Which distribution ? Have you a static ip configuration ? In your Windows client, ping your server to check dns configuration my /etc/hosts file /etc/hosts : 127.0.0.1 localhost 192.168.2.32 srvsmb4.domgc.iut-nimes.fr srvsmb4 Regards Barraillé Laurent Le 10/05/2010 11:39, Viatte Frédéric a écrit : Hello I followed the official HOWTO. All goes well until the moment when I try to add a user in AD, it tells me the following error: The specified domain does not exist or could not be contacted Thank you in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE : RE : Domain not found in Samba 4 AD
I have version alpha 11. Version 12 is available? I do not find it! In command line I can not create a user, it makes me an error. (I can describe you tomorrow because I'm not at computer) Yes I am logged on as the administrator of the server, and I have service pack 2, this can be a problem? Yes my firewall is disabled on all computers. Again thank you for your help De : samba-boun...@lists.samba.org [samba-boun...@lists.samba.org] de la part de Laurent BARRAILLE [laurent.barrai...@iut-nimes.fr] Date d'envoi : lundi 10 mai 2010 16:00 À : samba@lists.samba.org Objet : Re: [Samba] RE : Domain not found in Samba 4 AD You have the last samba 4 (alpha 12), i suppose. Can you create a user with the net command on your server ? net newuser USERNAME You logged with Administrator account on your Windows client (XP sp3 ) ? The firewall is shutdown ? Barraillé Laurent Le 10/05/2010 15:33, Viatte Frédéric a écrit : It OpenSUSE 11.2 Here's my setup: Server IP Address: 192.168.1.100 Client IP Address: 192.168.1.220 On the client, I can ping the server without problem, and DNS is working perfectly, I test this by a NSLOOKUP and it works! I reach into my AD and I see the users, but when I create a new user it tells me my error. (I can still create and enter the session but with errors of course .. and I can not apply Group Policy ..!) Thank you for your help! De : samba-boun...@lists.samba.org [samba-boun...@lists.samba.org] de la part de Laurent BARRAILLE [laurent.barrai...@iut-nimes.fr] Date d'envoi : lundi 10 mai 2010 14:04 À : samba@lists.samba.org Objet : Re: [Samba] Domain not found in Samba 4 AD Hi, Which distribution ? Have you a static ip configuration ? In your Windows client, ping your server to check dns configuration my /etc/hosts file /etc/hosts : 127.0.0.1 localhost 192.168.2.32 srvsmb4.domgc.iut-nimes.fr srvsmb4 Regards Barraillé Laurent Le 10/05/2010 11:39, Viatte Frédéric a écrit : Hello I followed the official HOWTO. All goes well until the moment when I try to add a user in AD, it tells me the following error: The specified domain does not exist or could not be contacted Thank you in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : Domain not found in Samba 4 AD
2010/5/10 Viatte Frédéric frederic.via...@rpn.ch: I have version alpha 11. Version 12 is available? I do not find it! According to http://wiki.samba.org/index.php/Samba4/HOWTO Samba4 alpha 12 was released, but I don't see it here: http://samba.org/samba/ftp/samba4/ and there's not release-4-0-0alpha12 in the GIT repository either. Anyway, I suggest you just use the latest version from GIT. I've tried it out briefly and it seems to work, although it did crash once for me (a version from just over a week ago.) See the Samba4 HOWTO page for details on how to check out the source from GIT and compile it etc. Note that you will also need gdb installed, or else the build will fail. In command line I can not create a user, it makes me an error. (I can describe you tomorrow because I'm not at computer) Yes I am logged on as the administrator of the server, and I have service pack 2, this can be a problem? Yes my firewall is disabled on all computers. Maybe you can run wireshark on the Windows machine while you are trying to create the user to see what DNS queries it does and what the results are, and what other network traffic. That might explain what's going wrong. Does this work for you from the Windows box? (Using your own realm/domain, of course): C:\ nslookup set type=srv _ldap._tcp.samdom.example.com. and also _kerberos._udp.samdom.example.com. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE : RE : RE : Domain not found in Samba 4 AD
I can not make the command git with OpenSUSE. How to do well works? You had the same error as me? I do not think it tastes because of my version .. but I'll still try! Thanks. De : Michael Wood [esiot...@gmail.com] Date d'envoi : lundi 10 mai 2010 16:53 À : Viatte Frédéric Cc : Laurent BARRAILLE; samba@lists.samba.org Objet : Re: [Samba] RE : RE : Domain not found in Samba 4 AD 2010/5/10 Viatte Frédéric frederic.via...@rpn.ch: I have version alpha 11. Version 12 is available? I do not find it! According to http://wiki.samba.org/index.php/Samba4/HOWTO Samba4 alpha 12 was released, but I don't see it here: http://samba.org/samba/ftp/samba4/ and there's not release-4-0-0alpha12 in the GIT repository either. Anyway, I suggest you just use the latest version from GIT. I've tried it out briefly and it seems to work, although it did crash once for me (a version from just over a week ago.) See the Samba4 HOWTO page for details on how to check out the source from GIT and compile it etc. Note that you will also need gdb installed, or else the build will fail. In command line I can not create a user, it makes me an error. (I can describe you tomorrow because I'm not at computer) Yes I am logged on as the administrator of the server, and I have service pack 2, this can be a problem? Yes my firewall is disabled on all computers. Maybe you can run wireshark on the Windows machine while you are trying to create the user to see what DNS queries it does and what the results are, and what other network traffic. That might explain what's going wrong. Does this work for you from the Windows box? (Using your own realm/domain, of course): C:\ nslookup set type=srv _ldap._tcp.samdom.example.com. and also _kerberos._udp.samdom.example.com. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : RE : RE : Domain not found in Samba 4 AD
2010/5/10 Viatte Frédéric frederic.via...@rpn.ch: I have not looked in YAST, I'll try to do tomorrow. Yes the nslookup works on the Windows XP machine is for his that I find it strange that its not working, I even tried with Windows 7, but the error is the same! Just to confirm, nslookup works on the XP machine when looking up the SRV records? Maybe if you copy and paste the commands and results there will be less confusion :) wireshark is a network analyzer, if yes I already tried but without success ..: S Yes, wireshark is a network analyzer. If you run it on the Windows box when you try to add the user, wireshark should be able to tell you that the Windows machine did a DNS query (for example) and that the DNS query worked (or failed) and then maybe the Windows machine will try to talk to the samba machine on port 445, and you will be able to see if that worked or failed etc. I don't know exactly what network traffic there should be because I have not tried running wireshark while adding a user, but I think if you do it, wireshark might be able to tell you what is going wrong. De : Michael Wood [esiot...@gmail.com] Date d'envoi : lundi 10 mai 2010 17:53 À : Viatte Frédéric Objet : Re: RE : [Samba] RE : RE : Domain not found in Samba 4 AD 2010/5/10 Viatte Frédéric frederic.via...@rpn.ch: I can not make the command git with OpenSUSE. How to do well works? The git command should be available for OpenSUSE, but I don't use OpenSUSE. If you can't find them in your package manager (YaST?) then maybe try these ones: http://kernel.org/pub/software/scm/git/RPMS/ You had the same error as me? I do not think it tastes because of my version .. but I'll still try! No, it worked for me, but I used a version from git without trying the alpha11 release. Did you try looking up the SRV records using nslookup on Windows? Did it work? Unfortunately the error message The specified domain does not exist or could not be contacted is not very useful for finding out what the problem is. If your DNS is working properly, maybe wireshark will tell you what the Windows machine is trying to do. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RE : RE : Domain not found in Samba 4 AD
On Mon, 2010-05-10 at 16:10 +0200, Viatte Frédéric wrote: I have version alpha 11. Version 12 is available? I do not find it! The git revisions leading up to the next alpha hold the next number, and are then marked as being a git snapshot. I'll get the alpha out, but I've failed to get it out as quickly as I should have. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE : RE : RE : Domain not found in Samba 4 AD
I do not think my error comes from my version of Alpha, in the other person, it worked! So I think my problem is elsewhere! Person to another idea? Thanks ! De : Andrew Bartlett [abart...@samba.org] Date d'envoi : mardi 11 mai 2010 03:04 À : Viatte Frédéric Cc : Laurent BARRAILLE; samba@lists.samba.org Objet : Re: [Samba] RE : RE : Domain not found in Samba 4 AD On Mon, 2010-05-10 at 16:10 +0200, Viatte Frédéric wrote: I have version alpha 11. Version 12 is available? I do not find it! The git revisions leading up to the next alpha hold the next number, and are then marked as being a git snapshot. I'll get the alpha out, but I've failed to get it out as quickly as I should have. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE Undocumented TDB files
Hi, /var/lib/samba/locking.tdb status of locked and open file /var/lib/samba/wins.tdb DB of wins entry, this tdb exist only if samba act as a wins server /var/lib/samba/mutex.tdb I don't know --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 23/04/2010 11:52:36: Moray Henderson moray.hender...@ict-software.org Envoyé par : samba-boun...@lists.samba.org 23/04/2010 11:53 A samba samba@lists.samba.org cc Objet [Samba] Undocumented TDB files In samba3-3.3.9-40.el4 and samba3-3.4.7-42.el5 there are 3 .tdb files /var/lib/samba/locking.tdb /var/lib/samba/wins.tdb /var/lib/samba/mutex.tdb which are not documented in http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/install.html# tdbdocs. Are they persistent or temporary? Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RE Windows 7 and samba 3.0.28
Sorry but all version before 3.3.10 not work with windows 7. Please read http://wiki.samba.org/index.php/Windows7 for more information. You must download samba source and compile them or build RPM from samba source. Have a nice day. Stephane --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 16/04/2010 13:02:21: vishesh kumar linuxtovish...@gmail.com Envoyé par : samba-boun...@lists.samba.org 16/04/2010 13:02 A samba@lists.samba.org cc Objet [Samba] Windows 7 and samba 3.0.28 Dear all May be this question asked earlier in list but i didn't able to search exact . I have samba+ldap domain setup on RHEL 5.1 and samba version is 3.0.28. Today i got a windows 7 system , but i am not able to join that system in our samba+ldap domain. Do i need to do any registry tweaking. I can't upgrade own samba version beyond 3.0.33 because this maximum version i get if i update my system to RHEL 5.5. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re :Re: dns lookups for SRV kerberos
I forgot to mention the ultimate goal is to have wbinfo respond as quickly as possible when dcserver1 (==dns1+ads1) has gone down. for the moment, times are (with 1s DNS timeout) : first wbinfo after dcserver failure : between 13 and 42 seconds subsequent wbinfo's : 3 seconds Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re :Re: dns lookups for SRV kerberos
On Thu, Dec 10, 2009 at 9:21 AM, apl...@netcourrier.com wrote:
Hi,
I have raised this question on the kerberos mailing list, but have been
told that Samba has it's own behavior regarding SRV lookups.
My configuration uses the following :
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
EXAMPLE.DOM = {
kdc = 10.0.0.1:88
kdc = 10.0.0.2:88
admin_server = 10.0.0.1:749
default_domain = example.dom
}
but I still see the DNS lookups for SRV _kerberos-master_udp
( same with kdc = adserver1.example.dom.:88 )
To be precise, the following happens (We don't have these records in the
DNS
system) :
ASREQ -
- KRBERR PREAUTH
DNS SRV _kerberos-master -
- no such name
ASREQ -
- AS REP OK
DNS SRV _kerberos-master -
- no such name
TGSREQ -
- TGSREP
DNS SRV _kerberos-master -
- no such name
that makes 3 DNS lookups per TGS.
As I have excplicitly configured :
A) dns_lookups to false
B) numerical IP addresses for the KDC's
I would expect dns lookups to be completely *non-existant*.
Are my expectations correct, or is there something in the protocol that I
missed
, that would need to enforce dns lookups even if configured not to ? Or
maybe I
have misconfigured krb5.conf ? It seems that Samba would not look into
this file.
Can it be configured elsewhere ?
Same behaviour with numerical ipp addresses for password server
Timeouts summing up, the result in a default RHEL5 configuration is to
have
wbinto -t take 21 seconds to accomplish.
(3*5s DNS timeouts + 3*2s KDC timeouts)
For the moment, DNS Timeout can be lowered to 1s but not less.
using
krb5-libs-1.6.1-36.el5
samba-3.0.33-3.15.el5_4
on RHEL 5.4
Regards,
Andrew
Interesting. Does the samba generated cached version of krb5.conf
have dns records? This is an altogether different file than
/etc/krb5.conf.
On my CentOS 5.4 box, samba caches its krb5 config here:
/var/cache/samba/smb_krb5/krb5.conf.NETBIOSDOMAINNAME
In my experience, some of these samba generated cached entries can be
altogether different than /etc/krb5.conf !
I didn't know about the cached version. here it is :
[libdefaults]
default_realm = EXAMPLE.DOM
default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
[realms]
EXAMPLE.DOM = {
kdc = 10.0.0.2
kdc = 10.0.0.1
kdc = 10.0.0.1
}
I couldn't understand the logic in it. So I played with krb5.conf and smb.conf
a little.
It seems that this cached file, even when deleted, can be partly reconstructed
from the /var/cache/samba/gencache.tdb file :
all references to 10.0.0.2 erased in all config files , this address was still
coming up in krb5.conf.EXAMPLE
With gencache and krb5.conf.EXAMPLE deleted , it seems that samba doesn't care
about the /et/krb5.conf file at all :
- kdc are taken from smb.conf only.
- dns_lookup options not taken into account.
Finally , with theis line in smb.conf
password server = 10.0.0.2
the cached file krb5.conf.EXAMPLE realms paragraph became :
...
[realms]
EXAMPLE.DOM = {
kdc = 10.0.0.2
}
But, puttting back the a short name dcserver1 ( which is 10.0.0.1 ) in smbconf,
it then becomes :
[realms]
EXAMPLE.DOM = {
kdc = 10.0.0.2
kdc = 10.0.0.1
kdc = 10.0.0.1
}
Back to start !
SO it kept the 10.0.0.2 from the former smb.conf,
then added two entries for the DNS translation of dcserver1 (in smb.conf)
Does anyone know where to find precise information on :
- how the cached krb5.conf file is constructed ?
- how to prevent these SRV lookups ?
Andrew
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] ****Re: net rpc rights grant: NT_STATUS_ACCESS_DENIED****
Can someone please help me troubleshoot this? Ryan Suarez wrote: my smb.conf: http://pastebin.ca/1554626 Ryan Suarez wrote: RE: net rpc rights grant testpc1 SePrintOperatorPrivilege -U testpc1 Failed to grant privileges for testpc1 (NT_STATUS_ACCESS_DENIED) samba_source_3.3.7 on redhat 5 64bit. I have root on the samba server but I don't have admin access to active directory (hence the auth using testpc1). Does the user granting access need some sort of admin privilege in Active Directory? How do I grant this privilege on this samba host (for which I have root) since I don't have admin access in Active Directory? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] re reading config
Hallo, Miguel, Du meintest am 08.08.09: You can force it without restarting with the following commands: For smbd smbcontrol smbd reload-config For nmbd: smbcontrol nmbd reload-config What about killall -HUP nmbd killall -HUP smbd on Linux machines? I use these commands since some years, without trouble. (Don't try killall on *ix machines which don't run Linux!) Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] re reading config
Miguel Medalha wrote: You can force it without restarting with the following commands: For smbd smbcontrol smbd reload-config For nmbd: smbcontrol nmbd reload-config For winbind: smbcontrol winbindd reload-config The process number can also be used instead of the daemon's name. For samba version 3.3 you can force all 3 daemon's to reload configuration with the following command: smbcontrol all reload-config that's great never new about them cmd's. So does it periodically monitor the config then :) The reason I ask is I made some changes but didn't restart samba as I wasn't ready. But the next day just when I finished work there a problem with a client pc that I could have put down to the changes. Basically a hosts allow option. I didn't have time to look into it as we were shutting for the day but that would have explained it. I will check it out on Monday. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] re reading config
Hallo, Terry, Du meintest am 08.08.09: smbcontrol all reload-config that's great never new about them cmd's. So does it periodically monitor the config then :) The reason I ask is I made some changes but didn't restart samba as I wasn't ready. Simple rule: all entries in [global] have to be re-read per .../samba stop ... /samba start or .../samba restart or killall -HUP smbd killall -HUP nmbd or smbcontrol all reload-config All other entries (in the shares) are automatically read from the system within about 1 minute. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] re reading config
Hi I am using freebsd 6.2-RELEASE with Samba version 3.0.24 out of interest does it read the config periodically on its own with out restarting it ? Cheers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] re reading config
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terry wrote: Hi I am using freebsd 6.2-RELEASE with Samba version 3.0.24 out of interest does it read the config periodically on its own with out restarting it ? Pretty sure it does, but I never wait. - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/CST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkp8mwEACgkQmb+gadEcsb4xoACgqjOaG55DJDqdN6mu+pLoK54U 2PQAnRPAyaaNSYb0W4NrFMWRGj6I/oI2 =Vp5O -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] re reading config
Ryan Novosielski wrote: Terry wrote: Hi I am using freebsd 6.2-RELEASE with Samba version 3.0.24 out of interest does it read the config periodically on its own with out restarting it ? Pretty sure it does, but I never wait. I was troubleshooting some issues today and reading the HowTo book. In one location it warned about editing the .conf file on a running system, since it DOES re-read it on each new connection or at approx 60 second intervals. Then in another chapter made an apparently conflicting statement about remember to restart after the changes. From what I saw today on 3.3.x it did reconfig itself on the fly. -RW -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] re reading config
On 08/07/2009 07:05 PM, smb2...@gmail.com wrote: Ryan Novosielski wrote: Terry wrote: Hi I am using freebsd 6.2-RELEASE with Samba version 3.0.24 out of interest does it read the config periodically on its own with out restarting it ? Pretty sure it does, but I never wait. I was troubleshooting some issues today and reading the HowTo book. In one location it warned about editing the .conf file on a running system, since it DOES re-read it on each new connection or at approx 60 second intervals. Then in another chapter made an apparently conflicting statement about remember to restart after the changes. From what I saw today on 3.3.x it did reconfig itself on the fly. -RW Ryan, It may seem conflicting on the surface. Really, if you make changes to the smb.conf file that affects the way Samba works then smbd, nmbd, and/or winbind must be restarted. Consider for example, a change of: security = user to security = ads In the above case, the operating mode must be reset, and that happens only on restarting the Samba daemons. On the other hand, consider what happens when changing share stanza from: path = /somewhere/deep to path = /somewhereelse/notsodeep Any connections that existed prior to a connection being set up will remain in effect with the previous setting while any new connection will use the new setting. I hope that helps to clarify. Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] re reading config
You can force it without restarting with the following commands: For smbd smbcontrol smbd reload-config For nmbd: smbcontrol nmbd reload-config For winbind: smbcontrol winbindd reload-config The process number can also be used instead of the daemon's name. For samba version 3.3 you can force all 3 daemon's to reload configuration with the following command: smbcontrol all reload-config -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] re reading config
On 08/07/2009 07:48 PM, Miguel Medalha wrote: You can force it without restarting with the following commands: For smbd smbcontrol smbd reload-config For nmbd: smbcontrol nmbd reload-config For winbind: smbcontrol winbindd reload-config The process number can also be used instead of the daemon's name. For samba version 3.3 you can force all 3 daemon's to reload configuration with the following command: smbcontrol all reload-config Miguel, Thanks for pointing that out. Now its in the archive we can hope that people will find it. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] re Trouble with idmap_ldap in 3.3.6
We also have been using samba 2 and 3 for years with ldap idmap. This occurs whether I use sernet 3.3.7 rpms or build my own from samba.org3.3.7 tgz. I increased logging and here is what I get in log.winbindd-idmap. [r...@niairphome2 ~]# tail -f /var/log/samba/log.winbindd-idmap [2009/08/03 10:46:24, 3] lib/module.c:do_smb_load_module(48) Error loading module '/usr/lib64/samba/idmap/ldap.so': /usr/lib64/samba/idmap/ldap.so: cannot open shared object file: No such file or directory [2009/08/03 10:46:24, 3] winbindd/idmap.c:idmap_init_domain(307) Could not probe idmap module ldap [2009/08/03 10:46:24, 3] winbindd/idmap.c:idmap_new_mapping(670) no default domain, no place to write This is using CentOS 5.3 and the old style ldap settings that work fine in samba 3.03x and samba 3.2.x. ldap admin dn = cn=Manager,dc=xxx,dc=xxx ldap idmap suffix = ou=xxx ldap suffix = dc=xxx,dc=xxx ldap ssl = no idmap backend = ldap:ldap://x.x.x; ldap:ldap://y.x.x; idmap uid = 15000-11 idmap gid = 15000-11 I tried the new idmap alloc syntax and it made no difference. ldap.so does exist in /usr/lib64/samba/idmap/, but of course ldap.so does not. Chuck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] re Trouble with idmap_ldap in 3.3.6
Charles Weber wrote: We also have been using samba 2 and 3 for years with ldap idmap. This occurs whether I use sernet 3.3.7 rpms or build my own from samba.org3.3.7 tgz. I increased logging and here is what I get in log.winbindd-idmap. [r...@niairphome2 ~]# tail -f /var/log/samba/log.winbindd-idmap [2009/08/03 10:46:24, 3] lib/module.c:do_smb_load_module(48) Error loading module '/usr/lib64/samba/idmap/ldap.so': /usr/lib64/samba/idmap/ldap.so: cannot open shared object file: No such file or directory [2009/08/03 10:46:24, 3] winbindd/idmap.c:idmap_init_domain(307) Could not probe idmap module ldap [2009/08/03 10:46:24, 3] winbindd/idmap.c:idmap_new_mapping(670) no default domain, no place to write This is using CentOS 5.3 and the old style ldap settings that work fine in samba 3.03x and samba 3.2.x. ldap admin dn = cn=Manager,dc=xxx,dc=xxx ldap idmap suffix = ou=xxx ldap suffix = dc=xxx,dc=xxx ldap ssl = no idmap backend = ldap:ldap://x.x.x; ldap:ldap://y.x.x; One set of quotes in the above. That should fix the problem. Cheers, Bill idmap uid = 15000-11 idmap gid = 15000-11 I tried the new idmap alloc syntax and it made no difference. ldap.so does exist in /usr/lib64/samba/idmap/, but of course ldap.so does not. Chuck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
