[Samba] Re: samba-3.0.22 - samba-3.0.23 pam_winbind issue(s)
Rex Dieter wrote: Dietrich Streifert wrote: I found a bug in nsswitch/pam_winbind.c which I reported to https://bugzilla.samba.org/show_bug.cgi?id=3916 I submitted shortly a patch which solves the issue. I can confirm that patch works as advertised, and fixes the issue for me. Many thanks Dietrich. I take it back, after further testing, I'm still seeing wierd winbind/pam behavior. On my first test machine, all seemed well. On another box, with *exactly* same smb.conf (that was working previously with samba-3.0.22), things aren't so rosy: Using log level = 1 winbind:8 authentication/login attempts fail with these filling /var/log/messages: # Jul 18 10:47:59 foo pam_winbind[27236]: read from socket failed! Jul 18 10:47:59 foo pam_winbind[27236]: internal module error (retval = 3, user = `bar1') Hmm... and $ net ads ... commands hang too... with periodic log entries saying: Jul 18 10:48:30 foo winbindd[27214]: [2006/07/18 10:48:30, 0] lib/util_sock.c:write_data(564) Jul 18 10:48:30 foo winbindd[27214]: write_data: write failure. Error = Broken pipe Jul 18 10:48:30 foo winbindd[27214]: [2006/07/18 10:48:30, 0] nsswitch/winbindd_dual.c:fork_domain_child(825) Jul 18 10:48:30 foo winbindd[27214]: Could not write result Jul 18 10:49:43 foo winbindd[27228]: [2006/07/18 10:49:43, 0] nsswitch/winbindd_dual.c:child_read_request(49) Jul 18 10:49:43 foo winbindd[27228]: Got invalid request length: 0 Wierd, I'll keep looking... -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba-3.0.22 - samba-3.0.23 pam_winbind issue(s)
Rex Dieter wrote: Rex Dieter wrote: Dietrich Streifert wrote: I found a bug in nsswitch/pam_winbind.c which I reported to https://bugzilla.samba.org/show_bug.cgi?id=3916 I submitted shortly a patch which solves the issue. I can confirm that patch works as advertised, and fixes the issue for me. Many thanks Dietrich. I take it back, after further testing, I'm still seeing wierd winbind/pam behavior. On my first test machine, all seemed well. On another box, with *exactly* same smb.conf (that was working previously with samba-3.0.22), things aren't so rosy: Using log level = 1 winbind:8 authentication/login attempts fail with these filling /var/log/messages: # Jul 18 10:47:59 foo pam_winbind[27236]: read from socket failed! Jul 18 10:47:59 foo pam_winbind[27236]: internal module error (retval = 3, user = `bar1') Hmm... and $ net ads ... commands hang too... with periodic log entries saying: Jul 18 10:48:30 foo winbindd[27214]: [2006/07/18 10:48:30, 0] lib/util_sock.c:write_data(564) Jul 18 10:48:30 foo winbindd[27214]: write_data: write failure. Error = Broken pipe Jul 18 10:48:30 foo winbindd[27214]: [2006/07/18 10:48:30, 0] nsswitch/winbindd_dual.c:fork_domain_child(825) Jul 18 10:48:30 foo winbindd[27214]: Could not write result Jul 18 10:49:43 foo winbindd[27228]: [2006/07/18 10:49:43, 0] nsswitch/winbindd_dual.c:child_read_request(49) Jul 18 10:49:43 foo winbindd[27228]: Got invalid request length: 0 Wierd, I'll keep looking... OK, this one looks like .tdb table upgrade problems. To get my working samba-3.0.22 box working with samba-3.0.23, I needed to: 1) stop winbind 2) delete everything from /var/cache/samba/, which includes: gencache.tdb messages.tdb netsamlogon_cache.tdb winbindd_cache.tdb winbindd_idmap.tdb winbindd_privileged/ 3) (re)join domain via 'net ads join' 4) (re)start winbind Just tried upgrading yet another working samba-3.0.22 box to 3.0.23, and, [EMAIL PROTECTED], that one worked mostly, except, now local accounts aren't working... (this *is* an ancient rh7 box, so that may have something to do with it). -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba-3.0.22 - samba-3.0.23 pam_winbind issue(s)
I found a bug in nsswitch/pam_winbind.c which I reported to https://bugzilla.samba.org/show_bug.cgi?id=3916 I submitted shortly a patch which solves the issue. In _pam_parse (pam_winbind.c) there are two for statements which consume the parameters argc and argv. The first loop decrements argc and increments argv while trying to find out if a config file argument is given to pam_winbind. The second for statement, which does the usual loop through argv, assumes that argc and argv are at initial state so, in best case the loop is never entered and parameters like use_first_pass are not recognized. The patch can be found here: https://bugzilla.samba.org/attachment.cgi?id=2030 Please report if this Gerald (Jerry) Carter wrote: / -BEGIN PGP SIGNED MESSAGE- // Hash: SHA1 // // Rex Dieter wrote: // // After upgrading to 3.0.23 // * I needed to add idmap options (I used idmap // backend = rid), else winbind would only start in netlogon // proxy mode, and basically, didn't work. ): // // What do you mean by wouldn't work? Wouldn't return // users? That is to be expected. / Nothing worked. In particular, authentication no longer functioned as it did before the upgrade. Like I said, no biggie. EASYFIX. Since, as you said, it probably shouldn't have worked in that configuration before. / * login/authentication attempts now (most often) // ask for a password *twice*. ?? // // Known issue. We're workign on it. // https://bugzilla.samba.org/show_bug.cgi?id=3916 / Thanks. -- Mit freundlichen Grüßen Dietrich Streifert Visionet GmbH -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba-3.0.22 - samba-3.0.23 pam_winbind issue(s)
Dietrich Streifert wrote: I found a bug in nsswitch/pam_winbind.c which I reported to https://bugzilla.samba.org/show_bug.cgi?id=3916 I submitted shortly a patch which solves the issue. I can confirm that patch works as advertised, and fixes the issue for me. Many thanks Dietrich. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba-3.0.22 - samba-3.0.23 pam_winbind issue(s)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rex Dieter wrote: Dietrich Streifert wrote: I found a bug in nsswitch/pam_winbind.c which I reported to https://bugzilla.samba.org/show_bug.cgi?id=3916 I submitted shortly a patch which solves the issue. I can confirm that patch works as advertised, and fixes the issue for me. Many thanks Dietrich. Yup. Thanks much to Dietrich. Patch has been checked in for 3.0.23a due next week. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEtnYJIR7qMdg1EfYRAp8sAKCxkvVgRNpEwBEbOTGdjU2rDsqDFwCg4qQP z9oz8jMp/MyFiZ6URT5B+r8= =DBHf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba-3.0.22 - samba-3.0.23 pam_winbind issue(s)
Rex Dieter wrote: After upgrading to 3.0.23 * login/authentication attempts now (most often) ask for a password *twice*. ?? After googling around a bit, I found that adjusting /etc/pam.d/system-auth from auth sufficient /lib/security/$ISA/pam_unix.so ... to auth sufficient /lib/security/$ISA/pam_unix.so ... use_first_pass seemed to do the trick. Why/how did this behavior change wrt pam_winbind between 3.0.22 and 3.0.23? -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba in Samba
Thanks a lot, The problem was in smb.conf location. In Debian package it is /etc/smb.conf, not /usr/local/samba/lib/smb.conf as was more familiar for me. I also rebuilt 2.2.7a from source as I need NIS+ support. Cyril. Chris de Vidal wrote: --- Cyril Y. Nickonorov [EMAIL PROTECTED] wrote: I have a Samba PDC installed to authorize my windows network clients. And it is running on Solaris. I want to install a one another Samba file server and I want it to authorize windows clients by consulting the PDC. This second server must also paricipate in the domain the PDC is responsible for. How can I do this? Use security = domain and password server = hostname of the PDC in smb.conf. Add the Windows users on the *nix box without a password, or set up Winbind. Man smb.conf, get a good book (O'Reilly's Using Samba 2 is out this month!), check out the docs in /usr/share/doc or on Samba.org for details, or search this mailing list on marc.theaimsgroup.com for help. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba in Samba
--- Cyril Y. Nickonorov [EMAIL PROTECTED] wrote: I have a Samba PDC installed to authorize my windows network clients. And it is running on Solaris. I want to install a one another Samba file server and I want it to authorize windows clients by consulting the PDC. This second server must also paricipate in the domain the PDC is responsible for. How can I do this? Use security = domain and password server = hostname of the PDC in smb.conf. Add the Windows users on the *nix box without a password, or set up Winbind. Man smb.conf, get a good book (O'Reilly's Using Samba 2 is out this month!), check out the docs in /usr/share/doc or on Samba.org for details, or search this mailing list on marc.theaimsgroup.com for help. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba in Samba
Hi, I also had to do a; smbpasswd -j DOMAIN -r PDC -UAdmininstrator%password to join my Samba file server to my Samba PDC. I was usingh security = server but found it not very robust. The domain option is better. Caveats; security = domain encrypt passwords = yes Bri- __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba in Samba
--- [EMAIL PROTECTED] wrote: I also had to do a; smbpasswd -j DOMAIN -r PDC -UAdmininstrator%password snip security = domain encrypt passwords = yes Thanks, after I sent that, I remembered the first step and wondered if there was something else in the smb.conf I was forgetting (: By the way, %password isn't necessary; it'll ask you for the password. I don't like typing out passwords on the commandline.. someone just needs my .bash_history. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [Samba] Re: [Samba] After some print jobs, samba server doesn´t accept conections.
There may be a limit on how many jobs a windows client can sent at one time, too. I am not quite sure of what you are seeing on your windows clients. Are all the clients locked out from using the printing service, not just the client sending the large number of jobs? I thought your original post said only the client sending the large number of jobs was locked out. Are only printing connections being refused? If all the clients are having problems if only one client is sending jobs, then this really sounds like an lprng problem or a samba problem. max mux might be of interest. max mux (G) This option controls the maximum number of outstanding simultaneous SMB operations that Samba tells the client it will allow. You should never need to set this parameter. Default: max mux = 50 When faced by this sort of odd problem, there are a number of places to look for info: 1. The samba log. 2. The log for your printer. 3. /var/log/messages 4. smbstatus 5. lpq 6. tcpdump (last, desperate hope.) Joel On Tue, Apr 23, 2002 at 06:09:40PM -0500, Claudio Hernandez wrote: I have been noticed that the printers in all the clients (windows) after some printing jobs show a message saying User intervention is requiered... and then there are not avaible for any other user. It backs to normality when I restart the SMB service. -Mensaje original- De: Joel Hammer [mailto:[EMAIL PROTECTED]] Enviado el: Martes, 23 de Abril de 2002 04:50 p.m. Para: Claudio Hernandez; [EMAIL PROTECTED] Asunto: [Samba] Re: [Samba] After some print jobs, samba server doesn´t accept conections. Are the clients linux/unix clients or windows clients? If they are windows clients, I have no idea. But, if they are linux/unix clients: This sounds like an lprng problem. I forget the cure. Try sending numerous print jobs from the samba server. If the same problem occurs, check out the lprng documentation. Here is man lpd.conf from my redhat 7.1 box. originate_port (default: 721 731) A range of port numbers to originate requests from. When sending service requests, the software will try to open and bind to these ports to originate a request to a server. If no port is given, or all of the requested ports are unavailable or cannot be bound to, then a normal use port is requested. Note that on UNIX systems, if a port in the range 0-1023 is requested the EUID of the process must be root for the request to be granted. Note that RFC1179 specifies that requests must originate from ports in the range 721-731. This says that only root can use the ports outside of 721-731. Joel On Tue, Apr 23, 2002 at 05:27:14PM -0500, Claudio Hernandez wrote: I have RH 7.2, with Samba 2.2.1a, and LPRng printing system. I have two printers, HP DeskJet 1220C and HP LaserJet 5. When a user send many jobs to the printer after a short period of time the server sends a message that the server is not accesible or is not connected to the network, but any other user can do it, again, after some jobs sent to the printer the server doesn´t accept any connection from that client. I read the FAQ of LPRng, and it says that you must change the number of ports in your lpd.conf file, but it has the correct number of ports. ==obtained from www.lprng.org = SOLUTION: It appears that most RFC1179 implementations do not check for the exact port range 721-731, but only that the connection originates from a reserved port, i.e. - in the range 1-1023. You can extend the range of ports used by LPRng by changing the originate_port=721 731 value in the defaults (LPRng/src/common/defaults.c) file or in the lpd.conf file. I recommend the following: originate_port=512 1022 --- I have this numbers. What could be my problem?? regards. Ing. Claudio Hernández. Sistemas OPM Tel. 83-54-72-60 Ext. 259 Skytel Tel. 83190779 Pin: 5996543 e-mail: [EMAIL PROTECTED] La información contenida o adjunta a este mensaje es clasificada como No-Pública, de carácter privado y confidencial, es propiedad de Proeza, sus afiliados y/o subsidiarias que en conjunto denominaremos Proeza y no puede ser reproducida, revelada o transmitida a terceros o ser utilizada para propósitos no definidos dentro de los términos comercialmente aceptables por el receptor del mensaje, sus colaboradores o asociados sin el consentimiento previo y por escrito por parte de Proeza. Estas restricciones son adicionales a cualquier acuerdo paralelo que se hubiese establecido entre las partes en términos de acuerdos, contratos o convenios de Confidencialidad o similares entre Proeza y el receptor de este mensaje. The information contained in or attached to this message, to the extent it is non-public, is the confidential, proprietary