[Samba] samba 3 EOL ?
Hi, The page https://wiki.samba.org/index.php/Samba_Release_Planning doesn't really tell the date until samba 3 will receive security updates. It seems that it could end already in 9 months. I find it unlikely that most users will have switched by that time. The 9 month rule is fine for a switch from 3.x to 3.x+1, but the switch from 3 to 4 is special. Please consider a longer support. Klaus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 EOL ?
On Thu, 2013-10-10 at 17:00 +0200, Klaus Hartnegg wrote: Hi, The page https://wiki.samba.org/index.php/Samba_Release_Planning doesn't really tell the date until samba 3 will receive security updates. It seems that it could end already in 9 months. I find it unlikely that most users will have switched by that time. The 9 month rule is fine for a switch from 3.x to 3.x+1, but the switch from 3 to 4 is special. Please consider a longer support. The switch from 3 to 4 is not special. That is why longer support won't be required. If you are not interested in the new AD features, then Samba 4.0 is just the next generation of the same file server code that you find in Samba 3.6. Think of it like a 3.7 in that respect. Also, Samba 3.6 already has a very, very long support life, because Samba 4.0 took quite some time to finally release. I hope this clarifies things, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 member server connected to Samba 4 DC (using nslcd)
How about post your nslcd-config? This would be a great help for other users. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Chris Alavoine Gesendet: Montag, 8. Juli 2013 19:13 An: Marc Muehlfeld Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba 3 member server connected to Samba 4 DC (using nslcd) Hi Marc, I've had many many problems with Winbind and after a few weeks of dead-ends I decided to switch to nslcd and everything started working very nicely, so I haven't looked back. I've just had a major success on getting getent passwd to work by adding this to my nslcd.conf: # users map passwd uid sAMAccountName map passwd gidNumber primaryGroupID map passwd homeDirectory unixHomeDirectory # groups map group cn sAMAccountName mapgroup uniqueMember member This now lets me see all users and groups via getent. Just doing some more testing now, but I think this may be fixed. Typical, you spend all day on something, finally decided to post on samba lists and then fix it 5 mins later :) Thanks for the swift reply though! Cheers, c:) On 8 July 2013 18:05, Marc Muehlfeld sa...@marc-muehlfeld.de wrote: Hello Chris, Am 08.07.2013 18:54, schrieb Chris Alavoine: My problem is that I have a Samba 3 member server (fileserver) that I'm trying to get to get work in this scenario. I've installed nslcd and am using the following conf file: Why don't you use winbind on your member server? http://wiki.samba.org/index.**php/Samba4/Domain_Memberhttp://wiki.sam ba.org/index.php/Samba4/Domain_Member If I then do a getent group I get success and can see all the groups, however getent passwd fails and I see this in the logs: Jul 8 17:51:46 test-fs-001 nslcd[4587]: [8e1f29] passwd entry CN=ice,CN=Users,DC=test,DC=**internal,DC=com does not contain uid value Does this account have an uid attribute in AD? Regards, Marc -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 member server connected to Samba 4 DC (using nslcd)
Hi Daniel, This is what I have so far: - /etc/nslcd.conf should look like this: # /etc/nslcd.conf # nslcd configuration file. See nslcd.conf(5) # for details. # The user and group nslcd should run as. uid nslcd gid nslcd # The location at which the LDAP server(s) should be reachable. uri ldap://10.30.54.2 # The search base that will be used for all queries. base dc=test,dc=internal,dc=com binddn cn=nslcd-service,cn=Users,dc=essence,dc=internal,dc=com bindpw XX (commented out!) pagesize 1000 referrals off # users map passwd uid sAMAccountName map passwd gidNumber primaryGroupID map passwd homeDirectory unixHomeDirectory # groups map group cn sAMAccountName mapgroup uniqueMember member - Add this to top of /etc/pam.d/common-sessions: session required pam_mkhomedir.so skel=/etc/skel umask=0022 - I also needed to remove nscd otherwise groups were not being updated correctly: apt-get remove nscd This works fine for the *nix side of things, am having further difficulties getting the Samba side to work. So much so, that I'm considering building a new Samba member server from scratch using Samba 4 instead of 3. Thanks, Chris. On 9 July 2013 11:30, Daniel Müller muel...@tropenklinik.de wrote: How about post your nslcd-config? This would be a great help for other users. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Chris Alavoine Gesendet: Montag, 8. Juli 2013 19:13 An: Marc Muehlfeld Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba 3 member server connected to Samba 4 DC (using nslcd) Hi Marc, I've had many many problems with Winbind and after a few weeks of dead-ends I decided to switch to nslcd and everything started working very nicely, so I haven't looked back. I've just had a major success on getting getent passwd to work by adding this to my nslcd.conf: # users map passwd uid sAMAccountName map passwd gidNumber primaryGroupID map passwd homeDirectory unixHomeDirectory # groups map group cn sAMAccountName mapgroup uniqueMember member This now lets me see all users and groups via getent. Just doing some more testing now, but I think this may be fixed. Typical, you spend all day on something, finally decided to post on samba lists and then fix it 5 mins later :) Thanks for the swift reply though! Cheers, c:) On 8 July 2013 18:05, Marc Muehlfeld sa...@marc-muehlfeld.de wrote: Hello Chris, Am 08.07.2013 18:54, schrieb Chris Alavoine: My problem is that I have a Samba 3 member server (fileserver) that I'm trying to get to get work in this scenario. I've installed nslcd and am using the following conf file: Why don't you use winbind on your member server? http://wiki.samba.org/index.**php/Samba4/Domain_Memberhttp://wiki.sam ba.org/index.php/Samba4/Domain_Member If I then do a getent group I get success and can see all the groups, however getent passwd fails and I see this in the logs: Jul 8 17:51:46 test-fs-001 nslcd[4587]: [8e1f29] passwd entry CN=ice,CN=Users,DC=test,DC=**internal,DC=com does not contain uid value Does this account have an uid attribute in AD? Regards, Marc -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 member server connected to Samba 4 DC (using nslcd)
Update. Have tried creating an Ubuntu 12.04 domain member fileserver following these docs here: https://wiki.samba.org/index.php/Samba4/Domain_Member With some minor package name changes all seems to work ok... except when I create a share the permissions appear to be being read from the *nix side. I'm seeing this: Everyone root (Unix User\root) root (Unix Group\root) Which looks very much like the posix perms on the member server. If I try and add my own permissions from the DC I get Access Denied when applying the security changes. Has anyone encountered this before? Thanks, Chris. On 9 July 2013 11:37, Chris Alavoine chr...@acs-info.co.uk wrote: Hi Daniel, This is what I have so far: - /etc/nslcd.conf should look like this: # /etc/nslcd.conf # nslcd configuration file. See nslcd.conf(5) # for details. # The user and group nslcd should run as. uid nslcd gid nslcd # The location at which the LDAP server(s) should be reachable. uri ldap://10.30.54.2 # The search base that will be used for all queries. base dc=test,dc=internal,dc=com binddn cn=nslcd-service,cn=Users,dc=essence,dc=internal,dc=com bindpw XX (commented out!) pagesize 1000 referrals off # users map passwd uid sAMAccountName map passwd gidNumber primaryGroupID map passwd homeDirectory unixHomeDirectory # groups map group cn sAMAccountName mapgroup uniqueMember member - Add this to top of /etc/pam.d/common-sessions: session required pam_mkhomedir.so skel=/etc/skel umask=0022 - I also needed to remove nscd otherwise groups were not being updated correctly: apt-get remove nscd This works fine for the *nix side of things, am having further difficulties getting the Samba side to work. So much so, that I'm considering building a new Samba member server from scratch using Samba 4 instead of 3. Thanks, Chris. On 9 July 2013 11:30, Daniel Müller muel...@tropenklinik.de wrote: How about post your nslcd-config? This would be a great help for other users. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Chris Alavoine Gesendet: Montag, 8. Juli 2013 19:13 An: Marc Muehlfeld Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba 3 member server connected to Samba 4 DC (using nslcd) Hi Marc, I've had many many problems with Winbind and after a few weeks of dead-ends I decided to switch to nslcd and everything started working very nicely, so I haven't looked back. I've just had a major success on getting getent passwd to work by adding this to my nslcd.conf: # users map passwd uid sAMAccountName map passwd gidNumber primaryGroupID map passwd homeDirectory unixHomeDirectory # groups map group cn sAMAccountName mapgroup uniqueMember member This now lets me see all users and groups via getent. Just doing some more testing now, but I think this may be fixed. Typical, you spend all day on something, finally decided to post on samba lists and then fix it 5 mins later :) Thanks for the swift reply though! Cheers, c:) On 8 July 2013 18:05, Marc Muehlfeld sa...@marc-muehlfeld.de wrote: Hello Chris, Am 08.07.2013 18:54, schrieb Chris Alavoine: My problem is that I have a Samba 3 member server (fileserver) that I'm trying to get to get work in this scenario. I've installed nslcd and am using the following conf file: Why don't you use winbind on your member server? http://wiki.samba.org/index.**php/Samba4/Domain_Memberhttp://wiki.sam ba.org/index.php/Samba4/Domain_Member If I then do a getent group I get success and can see all the groups, however getent passwd fails and I see this in the logs: Jul 8 17:51:46 test-fs-001 nslcd[4587]: [8e1f29] passwd entry CN=ice,CN=Users,DC=test,DC=**internal,DC=com does not contain uid value Does this account have an uid attribute in AD? Regards, Marc -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192 -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com
[Samba] Samba 3 member server connected to Samba 4 DC (using nslcd)
Hi all, I am having a problem connecting a Samba 3 member server to my newly created Samba 4 DC. I am using nslcd at the Samba 4 end successfully and this has allowed me to login using domain accounts - I've also got this working with visudo and /etc/security/access.conf to control sudo access with groups created on the DC. All good. My problem is that I have a Samba 3 member server (fileserver) that I'm trying to get to get work in this scenario. I've installed nslcd and am using the following conf file: # /etc/nslcd.conf # nslcd configuration file. See nslcd.conf(5) # for details. # The user and group nslcd should run as. uid nslcd gid nslcd # The location at which the LDAP server(s) should be reachable. uri ldap://10.30.54.2 # The search base that will be used for all queries. base dc=test,dc=internal,dc=com # The LDAP protocol version to use. #ldap_version 3 binddn cn=nslcd-service,cn=Users,dc=essence,dc=internal,dc=com bindpw ** If I then do a getent group I get success and can see all the groups, however getent passwd fails and I see this in the logs: Jul 8 17:51:46 test-fs-001 nslcd[4587]: [8e1f29] passwd entry CN=ice,CN=Users,DC=test,DC=internal,DC=com does not contain uid value I've tried a few different conf attempts, but am confused why groups would work and users wouldn't. Any help much appreciated. Thanks, Chris. -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 member server connected to Samba 4 DC (using nslcd)
Hello Chris, Am 08.07.2013 18:54, schrieb Chris Alavoine: My problem is that I have a Samba 3 member server (fileserver) that I'm trying to get to get work in this scenario. I've installed nslcd and am using the following conf file: Why don't you use winbind on your member server? http://wiki.samba.org/index.php/Samba4/Domain_Member If I then do a getent group I get success and can see all the groups, however getent passwd fails and I see this in the logs: Jul 8 17:51:46 test-fs-001 nslcd[4587]: [8e1f29] passwd entry CN=ice,CN=Users,DC=test,DC=internal,DC=com does not contain uid value Does this account have an uid attribute in AD? Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 member server connected to Samba 4 DC (using nslcd)
Hi Marc, I've had many many problems with Winbind and after a few weeks of dead-ends I decided to switch to nslcd and everything started working very nicely, so I haven't looked back. I've just had a major success on getting getent passwd to work by adding this to my nslcd.conf: # users map passwd uid sAMAccountName map passwd gidNumber primaryGroupID map passwd homeDirectory unixHomeDirectory # groups map group cn sAMAccountName mapgroup uniqueMember member This now lets me see all users and groups via getent. Just doing some more testing now, but I think this may be fixed. Typical, you spend all day on something, finally decided to post on samba lists and then fix it 5 mins later :) Thanks for the swift reply though! Cheers, c:) On 8 July 2013 18:05, Marc Muehlfeld sa...@marc-muehlfeld.de wrote: Hello Chris, Am 08.07.2013 18:54, schrieb Chris Alavoine: My problem is that I have a Samba 3 member server (fileserver) that I'm trying to get to get work in this scenario. I've installed nslcd and am using the following conf file: Why don't you use winbind on your member server? http://wiki.samba.org/index.**php/Samba4/Domain_Memberhttp://wiki.samba.org/index.php/Samba4/Domain_Member If I then do a getent group I get success and can see all the groups, however getent passwd fails and I see this in the logs: Jul 8 17:51:46 test-fs-001 nslcd[4587]: [8e1f29] passwd entry CN=ice,CN=Users,DC=test,DC=**internal,DC=com does not contain uid value Does this account have an uid attribute in AD? Regards, Marc -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 member server connected to Samba 4 DC (using nslcd)
Am 08.07.2013 19:12, schrieb Chris Alavoine: Typical, you spend all day on something, finally decided to post on samba lists and then fix it 5 mins later :) Yes, I know that :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 and Windows 8 Point'n'Print drivers
Hi list, To my best knowledge samba 3 does not support level 4 drivers used by Windows 8 for Point'n'Print (If that is not the case could you let me know the minimal version of samba required?) According to http://msdn.microsoft.com/en-us/library/windows/hardware/hh852373.aspx Windows 8 should be able to use level 3 drivers, but it does not seem to work for me. Are they any workarounds that can be applied (client or server side) to make this happen? I know there was a small patch submitted to the list quite a while ago, but i would rather not do that. Many thanks L -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 and Windows 8 Point'n'Print drivers
On Thu, Jun 6, 2013 at 9:56 AM, Lukasz Zalewski lu...@eecs.qmul.ac.uk wrote: According to http://msdn.microsoft.com/en-us/library/windows/hardware/hh852373.aspx Windows 8 should be able to use level 3 drivers, but it does not seem to work for me. Are they any workarounds that can be applied (client or server side) to make this happen? If you're getting error 0x06d1 see my blog post: http://blog.realcomputerguy.com/2013/06/fix-error-0x06d1-using-level-3.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 and Windows 8 Point'n'Print drivers
On 06/06/13 15:40, Chris Smith wrote: On Thu, Jun 6, 2013 at 9:56 AM, Lukasz Zalewski lu...@eecs.qmul.ac.uk wrote: According to http://msdn.microsoft.com/en-us/library/windows/hardware/hh852373.aspx Windows 8 should be able to use level 3 drivers, but it does not seem to work for me. Are they any workarounds that can be applied (client or server side) to make this happen? If you're getting error 0x06d1 see my blog post: http://blog.realcomputerguy.com/2013/06/fix-error-0x06d1-using-level-3.html Hi Chris, Thank you for this. Unfortunately i do not even get that far. Windows claims that there is no driver found :( Does the driver have to be installed manually? L -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 and Windows 8 Point'n'Print drivers
On Thu, Jun 6, 2013 at 12:24 PM, Lukasz Zalewski lu...@eecs.qmul.ac.uk wrote: Thank you for this. Unfortunately i do not even get that far. Windows claims that there is no driver found :( Does the driver have to be installed manually? I'm using the standard CUPS drivers. They work with all of the printers I need to support (HP, Konica, Kyocera, Toshiba, Xerox, etc.). I have another blog post about using those: http://blog.realcomputerguy.com/2011/10/cups-samba-64bit-driver-installation.html Unfortunately the links to the CUPS drivers are now defunct - a sad day when Apple bought EasySW. Regretting the day when those will become unusable... they make things so easy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.x server with LDAP backend doesn't work
We have a central LDAP server for our enterprise on a Linux box. I have installed Samba 3.4.4 server on an AIX server and trying to get users authenticated via LDAP server. So far my efforts have been unsuccessful. Here is my ldap section of the smb.conf file: passdb backend = ldapsam:ldaps://company_ldap_server/ ldap ssl = start tls ldap suffix = dc=xxx,dc=yyy,dc=zzz ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups Here is the error I am seeing in the Samba errorlog: [2013/05/16 11:08:14, 0] lib/smbldap.c:656(smb_ldap_start_tls) Failed to issue the StartTLS instruction: Can't contact LDAP server [2013/05/16 11:08:14, 1] lib/smbldap.c:1231(another_ldap_try) Connection to LDAP server failed for the 1 try! Is there a documented procedure on how to connect samba users to a backend ldap server? Any help with is greatly appreciated Thanks, Prakash ** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.x server with LDAP backend doesn't work
Is there a documented procedure on how to connect samba users to a backend ldap server? Chapter 5 of Samba 3 by Example http://www.samba.org/samba/docs/man/Samba-Guide/happy.html PDF version: http://www.samba.org/samba/docs/Samba3-ByExample.pdf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.x server with LDAP backend doesn't work
Did you try w/o start TLS support? I realize this can have security implications, so this is only to see if the problem is with TLS or with the configuration in general. It the LDAP server is on the same server as the samba server then I don't think you will need TLS encryption, since there isn't LAN traffic to snoop. don't forget to set set the ldap password with smbpasswd -w Also I think ldaps means ldap over SSL, not ldap+tls. I would also use ldapclient tools (e.g. the command line ldapsearch or the gui Apache Directory Studio ldap browser and editor) to make sure you can connect to the ldap server via LDAP, LDAP+TLS and/or LDAPS-over-SSL. You need to make sure you have all the certificates configured correctly. On 05/16/13 11:27, Gollapalli, Prakash wrote: We have a central LDAP server for our enterprise on a Linux box. I have installed Samba 3.4.4 server on an AIX server and trying to get users authenticated via LDAP server. So far my efforts have been unsuccessful. Here is my ldap section of the smb.conf file: passdb backend = ldapsam:ldaps://company_ldap_server/ ldap ssl = start tls ldap suffix = dc=xxx,dc=yyy,dc=zzz ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups Here is the error I am seeing in the Samba errorlog: [2013/05/16 11:08:14, 0] lib/smbldap.c:656(smb_ldap_start_tls) Failed to issue the StartTLS instruction: Can't contact LDAP server [2013/05/16 11:08:14, 1] lib/smbldap.c:1231(another_ldap_try) Connection to LDAP server failed for the 1 try! Is there a documented procedure on how to connect samba users to a backend ldap server? Any help with is greatly appreciated Thanks, Prakash ** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.x server with LDAP backend doesn't work
Did you try w/o start TLS support? I realize this can have security implications, so this is only to see if the problem is with TLS or with the configuration in general. I have tried without TLS support and without SSL (replaced ldaps with ldap) passdb backend = ldapsam:ldap://company_ldap_server/ ldap ssl = off ldap admin dn = cn=Adminid,dc=xxx,dc=yyy,dc=zzz ldap suffix = dc=xxx,dc=yyy,dc=zzz ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups Now I get the following error: [2013/05/16 16:38:14, 0] lib/smbldap.c:1052(smbldap_connect_system) failed to bind to server ldap://company_ldap_server/ with dn=cn=Adminid,dc=xxx,dc=yyy,dc=zzz Error: Confidentiality required (unknown) It the LDAP server is on the same server as the samba server then I don't think you will need TLS encryption, since there isn't LAN traffic to snoop. Our LDAP server is not on the same server. It is a central enterprise server don't forget to set set the ldap password with smbpasswd -w I did this part for the Adminid Also I think ldaps means ldap over SSL, not ldap+tls. I would also use ldapclient tools (e.g. the command line ldapsearch or the gui Apache Directory Studio ldap browser and editor) to make sure you can connect to the ldap server via LDAP, LDAP+TLS and/or LDAPS-over-SSL. You need to make sure you have all the certificates configured correctly. LDAP authentication works perfectly directly from our AIX server. I can do ldapsearches and can login with my ldap credentials etc.. Only samba authentication doesn't work Thanks, Prakash ** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.x server with LDAP backend doesn't work
And just to clarify you can use ldapsearch with the samba admin credentials as well? What is the ldap server? (Openldap ?) On 05/16/13 16:44, Gollapalli, Prakash wrote: Did you try w/o start TLS support? I realize this can have security implications, so this is only to see if the problem is with TLS or with the configuration in general. I have tried without TLS support and without SSL (replaced ldaps with ldap) passdb backend = ldapsam:ldap://company_ldap_server/ ldap ssl = off ldap admin dn = cn=Adminid,dc=xxx,dc=yyy,dc=zzz ldap suffix = dc=xxx,dc=yyy,dc=zzz ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups Now I get the following error: [2013/05/16 16:38:14, 0] lib/smbldap.c:1052(smbldap_connect_system) failed to bind to server ldap://company_ldap_server/ with dn=cn=Adminid,dc=xxx,dc=yyy,dc=zzz Error: Confidentiality required (unknown) It the LDAP server is on the same server as the samba server then I don't think you will need TLS encryption, since there isn't LAN traffic to snoop. Our LDAP server is not on the same server. It is a central enterprise server don't forget to set set the ldap password with smbpasswd -w I did this part for the Adminid Also I think ldaps means ldap over SSL, not ldap+tls. I would also use ldapclient tools (e.g. the command line ldapsearch or the gui Apache Directory Studio ldap browser and editor) to make sure you can connect to the ldap server via LDAP, LDAP+TLS and/or LDAPS-over-SSL. You need to make sure you have all the certificates configured correctly. LDAP authentication works perfectly directly from our AIX server. I can do ldapsearches and can login with my ldap credentials etc.. Only samba authentication doesn't work Thanks, Prakash ** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3 - smb2 cpu usage
Hi all, At the moment we are running Debian squeeze with stock samba 3.5.6. and are testing some new samba installations from ubuntu 12.04, centos 6.4 and debian wheezy. All running in a VM on a XenServer. The samba servers are member of a 2008R2 domain, using smb1 protocol all are running fine and we get a constant 90MB/s (big file transfer) on our 1GB network. We would like to enable smb2 protocol for performance reasons, but when we do enable SMB2 (max protocol = SMB2) file transfer speed drops to 50-60MB/s (one big file) instead of the 80-90MB/s we used to get before. We noticed when this happens the cpu is at its max instead of 60-70% when using smb1. iostat doesn't show any serious load and our raid 10 setup isn't experience any difficulties. Using the packages (3.6.13) from EnterpriseSamba we get simular results. Is it known enabling smb2 requires a faster cpu and our cpu is simply not powerfull enough or is there another problem which we should look into? (Or should we just stick to smb1, because smb2 isn't worth the trouble?) Some hardware specs: IBM 3650 M3 - Xeon 2.13Ghz 4 cores (2 cores per VM) 4GB RAM (per VM) Smartraid 5015 + bbu (4 sas disks / raid10) 1 GB network. HP Z400 workstation + Windows 7 mount options: /dev/mapper/vg-logical_volume on /data type ext4 (rw,nodiratime,relatime,acl,data=ordered,barrier=0,grpquota,errors=remount-ro) smb.conf: [global] workgroup = OURDOMAIN realm = OURDOMAIN.EU server string = %h server security = ADS log file = /var/log/samba/log.%m max log size = 1000 max protocol = SMB2 client signing = required server signing = required load printers = No winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config OURDOMAIN:range = 2 - 4 idmap config OURDOMAIN:backend = rid idmap config * : range = 2000-2999 idmap config * : backend = tdb hide unreadable = Yes [data1] path = /data/data1 read only = No inherit permissions = Yes inherit acls = Yes Thanks, Danny -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 - smb2 cpu usage
On Mon, May 13, 2013 at 12:52:56PM +0200, Danny wrote: Hi all, At the moment we are running Debian squeeze with stock samba 3.5.6. and are testing some new samba installations from ubuntu 12.04, centos 6.4 and debian wheezy. All running in a VM on a XenServer. The samba servers are member of a 2008R2 domain, using smb1 protocol all are running fine and we get a constant 90MB/s (big file transfer) on our 1GB network. We would like to enable smb2 protocol for performance reasons, but when we do enable SMB2 (max protocol = SMB2) file transfer speed drops to 50-60MB/s (one big file) instead of the 80-90MB/s we used to get before. We noticed when this happens the cpu is at its max instead of 60-70% when using smb1. iostat doesn't show any serious load and our raid 10 setup isn't experience any difficulties. Using the packages (3.6.13) from EnterpriseSamba we get simular results. Is it known enabling smb2 requires a faster cpu and our cpu is simply not powerfull enough or is there another problem which we should look into? (Or should we just stick to smb1, because smb2 isn't worth the trouble?) You should definitely use SMB2. The higher CPU is suprising. You should be able to max out a 1GB network with SMB2 easily. Does Debian support the perf utility to find out what the process does? Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 - smb2 cpu usage
Op 13-5-2013 14:57, Volker Lendecke schreef: On Mon, May 13, 2013 at 12:52:56PM +0200, Danny wrote: Hi all, At the moment we are running Debian squeeze with stock samba 3.5.6. and are testing some new samba installations from ubuntu 12.04, centos 6.4 and debian wheezy. All running in a VM on a XenServer. The samba servers are member of a 2008R2 domain, using smb1 protocol all are running fine and we get a constant 90MB/s (big file transfer) on our 1GB network. We would like to enable smb2 protocol for performance reasons, but when we do enable SMB2 (max protocol = SMB2) file transfer speed drops to 50-60MB/s (one big file) instead of the 80-90MB/s we used to get before. We noticed when this happens the cpu is at its max instead of 60-70% when using smb1. iostat doesn't show any serious load and our raid 10 setup isn't experience any difficulties. Using the packages (3.6.13) from EnterpriseSamba we get simular results. Is it known enabling smb2 requires a faster cpu and our cpu is simply not powerfull enough or is there another problem which we should look into? (Or should we just stick to smb1, because smb2 isn't worth the trouble?) You should definitely use SMB2. The higher CPU is suprising. You should be able to max out a 1GB network with SMB2 easily. Does Debian support the perf utility to find out what the process does? Volker Thanks for replying. 'perf top' smb2 enabled shows: Events: 33K cycles 53.07% [kernel][k] hypercall_page 36.33% smbd[.] SHA256_Update 1.99% [kernel][k] copy_user_generic_string 1.23% libc-2.13.so[.] 0x793e1 1.10% [xen_netfront] [k] xennet_poll /cut 'perf top' smb2 disabled shows: Events: 16K cycles 72.59% [kernel][k] hypercall_page 12.04% smbd[.] 0x40a5ee 1.86% [kernel][k] copy_user_generic_string 1.37% [xen_netfront] [k] xennet_poll 0.56% libc-2.13.so[.] 0x89283 0.35% [kernel][k] xen_restore_fl_direct 0.35% [kernel][k] pvclock_clocksource_read Looking at the above, disabling client and server signing gives me (in a quick test) back my performance. But now I'm prone to man in middle attacks? and if we run into other interoperabilities. (e.g. Windows clients/servers)? Danny -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 member, winbind caching and DC availability
Hello all, I've a box running Samba 3.5.6 (Debian Squeeze) that retrieves its user accounts from AD, using Winbind. The box is receiving incoming mail. Idmap backend is AD, with rfc2307 schema mode. Currently it's only accessing one AD DC, and the MTA on the Samba box is stopped whenever the DC is temporarily offline to prevent rejection of any incoming mail with user unknown status. However, I'd like to add another DC to the mix, but I'm concerned that mail could get rejected if the active DC suddenly goes offline and winbind doesn't switch to another DC promptly enough. Consider the following scenario: 1. There is an AD account foo. The account hasn't been used for some time, and it's thus not in winbind's cache. It's possibly not even in Winbind's idmap cache. 2. There are two AD DCs, A and B. 3. Samba member server C runs Winbind and is currently using the DC A. 4. Hardware fails and the DC A suddenly drops offline. 5. Just few seconds later an e-mail is arriving for foo. The MTA tries to check for the user. 6. As Winbind is not yet aware of the unavailability of the DC A, it tries to contact it. A. Now, in the ideal world this would continue as follows: 7. Winbind can't contact the DC A anymore, so it promptly contacts the DC B. 8. The DC B confirms the existence of foo. 9. The MTA delivers mail for foo. B. However, I'm afraid that in the real world, the following could result: 7. Winbind frantically tries to contact the DC A, but timeouts and can't confirm the existence of foo. It tells the MTA that there's no account. 8. The MTA replies sender with a 550 5.1.1 f...@my.site... User unknown error. 9. After the timeout Winbind finally manages to switch to the DC B, but the sender has already got the delivery failure message and now thinks that the address f...@my.site is no longer valid. I tried to look at the documentation, but didn't find any recommendations regarding winbind cache settings in situations where availability is critical. Is it recommended to just disable all Winbind caching entirely? Or do just the opposite and try to cache as much as ever possible? What are the practical effects of winbind cache time and idmap cache time smb.conf options in this situation? Also, are the caches for all accounts replenished every time the cache of any account expires, or in per-account basis? And do the idmap cache times even work in a predictable way with this old Samba, where bug 8658 still unfixed? Or should I just try to upgrade as soon as possible? I build a test box similar to the actual box receiving mail (Winbind cache time was the default (300 seconds) and idmap cache time was set to 86,400 seconds (one day)) and flooded it with messages while at the same time switching connections to the DCs back and forth. And sure enough, I did get some delivery errors due to Winbind unavailability, if the account receiving the mail hadn't been queried after the last winbind restart and before the DC went offline. So the likelihood of the scenario 'B' feels all too great. Any recommendations for avoiding it? Pekka L.J. Jalkanen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 dynamically enable or disable share
Jonathan, I really don't want to repartition--again! But yes, your idea is intresting. As a point of note that is what LVM is for, the 20th century called and wants partitions back. Point taken! But really, I had already enough issues with this server, I just wanted to keep it as simple as possible. Getting back on topic [...] And then have Samba come up with the shares in available = no configuration [...] This is exactly what I was looking for. I completely missed the available parameter in smb.conf. My bad. Thank you so much, and thanks to everybody else for their ideas. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 dynamically enable or disable share
On Mon, 2013-04-29 at 07:05 -0700, Mauricio Alvarez wrote: Michael, I really don't want to repartition--again! But yes, your idea is intresting. As a point of note that is what LVM is for, the 20th century called and wants partitions back. Getting back on topic why not consider using registry based share definitions and make use of the available parameter. And then have Samba come up with the shares in available = no configuration, and when the script that mounts the disk is successful it updates the share definition so that it becomes available = yes using net conf? JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 dynamically enable or disable share
Hello, I wonder if it is possible to dynamically enable/disable samba 3 shares. Here is my problem. On a remote server I have 4 removable hard drives, large capacity. I am not using any RAID/JBOD, so each drive is mounted individually (like /mnt/DISK1, /mnt/DISK2 etc) and each drive is individually shared, something like: [STORAGE01] path = /mnt/DISK1 Guest OK = false ... [STORAGE02] path = /mnt/DISK2 Guest OK = false ... etc... Then I have a bunch of machines that just wait for the share (each machine points to only one share) to be available and then start blindly dumping data into the share (the hosts don't make checks--if the directory structure isn't there, they just re-create it and start dumping data). Problem is, the samba server is in a remote location and if for any reason one of the drives isn't mounted, samba will share the system drive instead, and this will fill up very fast and lock up my server. So, I can make a script to mount the external drives, and only if all went well then start samba. But since my system is best-effort, in case say Disk3 fails to mount, I would like to still be able to share /mnt/DISK1, /mnt/DISK2 and /mnt/DISK4 but NOT /mnt/DISK3 (sharename is STORAGE03). This would call for either my script to copy to samba.conf one of 2^4 different smb.conf files (covering all possible combinations), then start samba. This is messy, it would be so much better to be able to selectively enable/disable the shares. Any other ideas? Thanks in advance! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 dynamically enable or disable share
Wouldn't it be very simple to just create a VERY small partition (e.g. 10MB) on the main drive (the one that your system disk is on), and mount it on e.g. /mnt. Then, even if one of your disks can't mount for some reason, only this very small partition will fill up = no problem for the rest of the system. You would still have to configure your other machines to handle disk full failures and maybe subsequently try another share... Michael 2013/4/29 Mauricio Alvarez maurialvarez...@rocketmail.com Hello, I wonder if it is possible to dynamically enable/disable samba 3 shares. Here is my problem. On a remote server I have 4 removable hard drives, large capacity. I am not using any RAID/JBOD, so each drive is mounted individually (like /mnt/DISK1, /mnt/DISK2 etc) and each drive is individually shared, something like: [STORAGE01] path = /mnt/DISK1 Guest OK = false ... [STORAGE02] path = /mnt/DISK2 Guest OK = false ... etc... Then I have a bunch of machines that just wait for the share (each machine points to only one share) to be available and then start blindly dumping data into the share (the hosts don't make checks--if the directory structure isn't there, they just re-create it and start dumping data). Problem is, the samba server is in a remote location and if for any reason one of the drives isn't mounted, samba will share the system drive instead, and this will fill up very fast and lock up my server. So, I can make a script to mount the external drives, and only if all went well then start samba. But since my system is best-effort, in case say Disk3 fails to mount, I would like to still be able to share /mnt/DISK1, /mnt/DISK2 and /mnt/DISK4 but NOT /mnt/DISK3 (sharename is STORAGE03). This would call for either my script to copy to samba.conf one of 2^4 different smb.conf files (covering all possible combinations), then start samba. This is messy, it would be so much better to be able to selectively enable/disable the shares. Any other ideas? Thanks in advance! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Michael De Groote ICT-coordinator Sint-Pietersschool Korbeek-Lo ICT-support Sancta Maria Basisschool Leuven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 dynamically enable or disable share
Michael, I really don't want to repartition--again! But yes, your idea is intresting. If there really isn't any other option (really? no-one has ever had this problem in the past?), I was thinking of something like this: * Inside each disk, at the root level, create a single directory, call it ROOTDIR01 for DISK1, ROOTDIR02 for disk2 etc. * Modify the entries in smb.conf like so: [STORAGE01] path = /mnt/DISK1/ROOTDIR01 Guest OK = false ... etc... so, if no disk is mounted, we have only /mnt/DISK1 but no ROOTDIR01. If the disk is mounted, the ROOTDIR01 is then visible and gets shared as [STORAGE01] Also, the clients see [STORAGE01] as their root dir, ignoring the ROOTDIR01 sub-level This is very crude, I wonder if it might work. Wouldn't it be very simple to just create a VERY small partition (e.g. 10MB) on the main drive (the one that your system disk is on), and mount it on e.g. /mnt. Then, even if one of your disks can't mount for some reason, only this very small partition will fill up = no problem for the rest of the system. You would still have to configure your other machines to handle disk full failures and maybe subsequently try another share... Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 dynamically enable or disable share
Instead of repartitioning you could create a filesystem inside of a file... http://freecode.com/articles/virtual-filesystem-building-a-linux-filesystem-from-an-ordinary-file . Just a thought, Ricky On Mon, Apr 29, 2013 at 9:05 AM, Mauricio Alvarez maurialvarez...@rocketmail.com wrote: Michael, I really don't want to repartition--again! But yes, your idea is intresting. If there really isn't any other option (really? no-one has ever had this problem in the past?), I was thinking of something like this: * Inside each disk, at the root level, create a single directory, call it ROOTDIR01 for DISK1, ROOTDIR02 for disk2 etc. * Modify the entries in smb.conf like so: [STORAGE01] path = /mnt/DISK1/ROOTDIR01 Guest OK = false ... etc... so, if no disk is mounted, we have only /mnt/DISK1 but no ROOTDIR01. If the disk is mounted, the ROOTDIR01 is then visible and gets shared as [STORAGE01] Also, the clients see [STORAGE01] as their root dir, ignoring the ROOTDIR01 sub-level This is very crude, I wonder if it might work. Wouldn't it be very simple to just create a VERY small partition (e.g. 10MB) on the main drive (the one that your system disk is on), and mount it on e.g. /mnt. Then, even if one of your disks can't mount for some reason, only this very small partition will fill up = no problem for the rest of the system. You would still have to configure your other machines to handle disk full failures and maybe subsequently try another share... Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 dynamically enable or disable share
On Monday, April 29, 2013 10:05:29 AM Mauricio Alvarez wrote: Michael, I really don't want to repartition--again! But yes, your idea is intresting. Loop-mount a small file (1.44M) on the dir; that should be as effective as a small partition. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 dynamically enable or disable share
On 4/29/2013 09:05, Mauricio Alvarez wrote: Michael, I really don't want to repartition--again! But yes, your idea is intresting. You don't need to repartition; you could mount tmpfs on /mnt and use something like tmpfiles.d or a custom script to create the mountpoints therein at boot. That way you aren't actually wasting disk space for the /mnt directory, but you still get the benefit of having it separate from /. If there really isn't any other option (really? no-one has ever had this problem in the past?), I was thinking of something like this: * Inside each disk, at the root level, create a single directory, call it ROOTDIR01 for DISK1, ROOTDIR02 for disk2 etc. * Modify the entries in smb.conf like so: [STORAGE01] path = /mnt/DISK1/ROOTDIR01 Guest OK = false ... etc... so, if no disk is mounted, we have only /mnt/DISK1 but no ROOTDIR01. If the disk is mounted, the ROOTDIR01 is then visible and gets shared as [STORAGE01] Also, the clients see [STORAGE01] as their root dir, ignoring the ROOTDIR01 sub-level This is very crude, I wonder if it might work. Wouldn't it be very simple to just create a VERY small partition (e.g. 10MB) on the main drive (the one that your system disk is on), and mount it on e.g. /mnt. Then, even if one of your disks can't mount for some reason, only this very small partition will fill up = no problem for the rest of the system. You would still have to configure your other machines to handle disk full failures and maybe subsequently try another share... Michael The first thought that came to my mind was usershares. You could write a udev rule that mounts a drive when it is connected and then calls `net usershare` to share it. It would take a lot of scripting, but it would do exactly what you want. -- ♫Dustin http://dustin.hatch.name/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3 acting as a samba 4 bdc
Hello I have a fileserver with samba 3.6.9 in a remote location, i have a few users there (4) but the network connectivity is not good, so i'm trying to setup some kind of validation cache, i have samba 4 on my main office, can i setup the fileserver to act as a bdc for the samba 4 or is not possible? Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 acting as a samba 4 bdc
On Tue, 2013-04-23 at 10:05 -0500, Cristian Saavedra wrote: Hello I have a fileserver with samba 3.6.9 in a remote location, i have a few users there (4) but the network connectivity is not good, so i'm trying to setup some kind of validation cache, i have samba 4 on my main office, can i setup the fileserver to act as a bdc for the samba 4 or is not possible? Thanks in advance Only if both are 'classic' domain controllers backed by OpenLDAP. If you want to have an AD DC, then both must run Samba 4.0. You can run a Read Only DC at the remote site if you so desire. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 - getting rid of some logfile errors
hi, 2012/8/1 Jürgen Echter j.ech...@echter-kuechen-elektro.de: Hi, i have a lot of entries in my logs which i can't solve, but everything works as expected. my setup: samba pdc - bacula samba bdc - mule Ubuntu 10.04-LTS Server samba 3.4.7 log file entries: Aug 1 08:25:40 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:41 bacula smbd[23854]: [2012/08/01 08:25:41, 0] smbd/service.c:988(make_connection_snum) Aug 1 08:25:41 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:743(write_data) Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] smbd/process.c:62(srv_send_smb) Aug 1 08:25:44 bacula smbd[24003]: Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:539(read_fd_with_timeout) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:26:07 bacula smbd[24002]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:26:07 bacula smbd[24002]: read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. any hints how to resolve this? getpeername() is a normal libc function defined in sys/socket.h so if samba defined an error belongs to getpeername it is a usual DNS resolve error and specified the clients hostname could not resolved by the samba host. Hope this help Greetings, Björn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 classicupgrade to Samba AD
Here is the whole command I am testing: root@telluride:/usr/local/samba# /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir /root/old-samba/ --use-xattrs=yes --realm=ntserv.local /root/old-samba/smb.conf Reading smb.conf Processing section [netlogon] Unknown parameter encountered: share modes Ignoring unknown parameter share modes Provisioning Exporting account policy Exporting groups Exporting users Ignoring group memberships of 'L-LECHUGA$' S-1-5-21-684095783-2094215992-774919444-1995: Unable to enumerate group memberships, (-1073741724,No such user) Ignoring group memberships of 'ahendrickson' S-1-5-21-684095783-2094215992-774919444-1921: Unable to enumerate group memberships, (-1073741724,No such user) .. a whole bunch of similar errors Ignoring group memberships of 'S-GURULE$' S-1-5-21-684095783-2094215992-774919444-1658: Unable to enumerate group memberships, (-1073741724,No such user) Next rid = 6155 Exporting posix attributes Reading WINS database Cannot open wins database, Ignoring: [Errno 2] No such file or directory: '/root/old-samba/wins.dat' lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Processing section [netlogon] Processing section [sysvol] Module 'acl_xattr' loaded Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema partition_metadata: Migrating partition metadata Adding DomainDN: DC=ntserv,DC=local DN: DC=ntserv,DC=local is a NC Adding configuration container DN: CN=Configuration,DC=ntserv,DC=local is a NC Setting up sam.ldb schema DN: CN=Schema,CN=Configuration,DC=ntserv,DC=local is a NC Setting up sam.ldb configuration data Setting up display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Setting acl on sysvol skipped Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=ntserv,DC=local Creating DomainDnsZones and ForestDnsZones partitions DN: DC=DomainDnsZones,DC=ntserv,DC=local is a NC DN: DC=ForestDnsZones,DC=ntserv,DC=local is a NC Populating DomainDnsZones and ForestDnsZones partitions Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Setting up fake yp server settings Once the above files are installed, your Samba4 server will be ready to use Admin password:5]9+V=xFXT9sixJ+o0!4O Server Role: active directory domain controller Hostname: telluride NetBIOS Domain:NTSERV DNS Domain:ntserv.local DOMAIN SID:S-1-5-21-684095783-2094215992-774919444 Importing WINS database Importing Account policy Importing idmap database Processing section [netlogon] Processing section [sysvol] Importing groups Importing users Adding users to groups Processing section [netlogon] Processing section [sysvol] idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER. ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py, line 926, in upgrade_from_samba3 result.names.domaindn, result.lp, use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py, line 1476, in setsysvolacl setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb) File /usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py, line 154, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) Thank you again for your help on this. Thanks, Max Andrew Bartlett abart...@samba.org 1/16/2013 2:24 PM On Wed, 2013-01-16 at 09:23 -0700, Max Olivas wrote: Is the workaround something I do or something that is fixed in the newer version? Thanks, Max Max Olivas moli...@northglenn.org 1/15/2013 6:54 AM Version 4.1.0pre1-GIT-94f11e9 on Ubuntu 12.04 LTS. Thanks, Max Andrew Bartlett abart...@samba.org 1/14/2013 3:01 PM On Mon, 2013-01-14 at 14:14 -0700, Max Olivas wrote: Hey All, Thanks for the feedback. I've
Re: [Samba] samba 3 - getting rid of some logfile errors
Jürgen Echter j.echter at echter-kuechen-elektro.de writes: Hi, i have a lot of entries in my logs which i can't solve, but everything works as expected. my setup: samba pdc - bacula samba bdc - mule Ubuntu 10.04-LTS Server samba 3.4.7 log file entries: Aug 1 08:25:40 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:41 bacula smbd[23854]: [2012/08/01 08:25:41, 0] smbd/service.c:988(make_connection_snum) Aug 1 08:25:41 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:743(write_data) Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] smbd/process.c:62(srv_send_smb) Aug 1 08:25:44 bacula smbd[24003]: Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:539(read_fd_with_timeout) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:26:07 bacula smbd[24002]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:26:07 bacula smbd[24002]: read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. any hints how to resolve this? thanks juergen Hello Juergen, I also have the same exact error messages in SMBD log´s: lib/util_sock.c:1498(get_peer_addr_internal and lib/util_sock.c:539(read_fd_with_timeout) we use Ubuntu Server 10.4 (Samba 3.4.7) Member server everything works ok two...We have an Active Directory 2008 domain Did you get to solve this problems? Vladimiro Sabino -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 classicupgrade to Samba AD
Is the workaround something I do or something that is fixed in the newer version? Thanks, Max Max Olivas moli...@northglenn.org 1/15/2013 6:54 AM Version 4.1.0pre1-GIT-94f11e9 on Ubuntu 12.04 LTS. Thanks, Max Andrew Bartlett abart...@samba.org 1/14/2013 3:01 PM On Mon, 2013-01-14 at 14:14 -0700, Max Olivas wrote: Hey All, Thanks for the feedback. I've cleaned up my .tdb files some and have moved farther with the upgrade command but I'm still getting errors. This is what I'm getting now: idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER. ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py, line 926, in upgrade_from_samba3 result.names.domaindn, result.lp, use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py, line 1476, in setsysvolacl setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb) File /usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py, line 154, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) I see that sid is for the Administrators group but I'm not sure what I need to do to it to complete the upgrade command without errors? Any help is much appreciated. A workaround for this is in the 4.0.0 release. Are you running Samba 4.0.0? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 classicupgrade to Samba AD
On Wed, 2013-01-16 at 09:23 -0700, Max Olivas wrote: Is the workaround something I do or something that is fixed in the newer version? Thanks, Max Max Olivas moli...@northglenn.org 1/15/2013 6:54 AM Version 4.1.0pre1-GIT-94f11e9 on Ubuntu 12.04 LTS. Thanks, Max Andrew Bartlett abart...@samba.org 1/14/2013 3:01 PM On Mon, 2013-01-14 at 14:14 -0700, Max Olivas wrote: Hey All, Thanks for the feedback. I've cleaned up my .tdb files some and have moved farther with the upgrade command but I'm still getting errors. This is what I'm getting now: idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER. ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER') File Looking more closely at the error, this is different. Is there more detail to the error than what you pasted? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 classicupgrade to Samba AD
Version 4.1.0pre1-GIT-94f11e9 on Ubuntu 12.04 LTS. Thanks, Max Andrew Bartlett abart...@samba.org 1/14/2013 3:01 PM On Mon, 2013-01-14 at 14:14 -0700, Max Olivas wrote: Hey All, Thanks for the feedback. I've cleaned up my .tdb files some and have moved farther with the upgrade command but I'm still getting errors. This is what I'm getting now: idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER. ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py, line 926, in upgrade_from_samba3 result.names.domaindn, result.lp, use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py, line 1476, in setsysvolacl setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb) File /usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py, line 154, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) I see that sid is for the Administrators group but I'm not sure what I need to do to it to complete the upgrade command without errors? Any help is much appreciated. A workaround for this is in the 4.0.0 release. Are you running Samba 4.0.0? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 classicupgrade to Samba AD
Hey All, Thanks for the feedback. I've cleaned up my .tdb files some and have moved farther with the upgrade command but I'm still getting errors. This is what I'm getting now: idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER. ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py, line 926, in upgrade_from_samba3 result.names.domaindn, result.lp, use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py, line 1476, in setsysvolacl setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb) File /usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py, line 154, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) I see that sid is for the Administrators group but I'm not sure what I need to do to it to complete the upgrade command without errors? Any help is much appreciated. Thanks, Max Andrew Bartlett abart...@samba.org 1/4/2013 3:37 PM On Fri, 2013-01-04 at 15:24 -0500, Adam Tauno Williams wrote: On Fri, 2013-01-04 at 12:28 -0700, Max Olivas wrote: Hey All, I have a Samba 3 PDC (Debian, Samba version 3.5.6 with NIS groups and no winbind) with about 300 users, 200 client PC's, 15 member servers(mixed Windows Server 2003/2008 and Samba 3), and I'm attempting the classicupgrade to Samba AD. To test I've created a new Ubuntu 12.04 LTS and followed the HOWTO, successfully creating a blank Samba AD and testing adding users/PC's and connecting with Windows AD tools. I then attempted the classicupgrade (rolled VM back and copied .tdb files and smb.conf from current PDC) but I'm getting several errors. Importing groups Importing users Failed to create user record CN=watersan ,CN=Computers,DC=northglenn,DC=org: Entry CN=watersan,CN=Computers,DC=northglenn,DC=org already exists ERROR(class 'passdb.error'): uncaught exception - Unable to add sam account 'watersan $', (-1073741725,User exists) Hopefully someone sees something that Im doing blatently wrong and can point out my mistake. Thanks in advance for any help! I'd wager the error message is exact and meaningful - you have a duplicate sambaSID in your LDAPSAM. Also the machine account watersan $ contains a space. That seems odd. I had several of these inconsistencies in my old LDAPSAM that I needed to correct before the upgrade completed. Adam, I agree. As we have never had an internal passdb consistency checker before, the checks being done as part of the import are often the first time a Samba 3.x site will discover a number of internal inconsistancies. For example, we already check for usernames and group names that overlap, and duplicate SIDs. The detection of duplicate usernames is left to this stage because we can give a clearer error message at this point. The script is just python however, and so it isn't hard to improve if someone wants to provide a patch to improve it. Max, Your issue might be that what we fill in as CN is a duplicate, rather than the username. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 classicupgrade to Samba AD
On Mon, 2013-01-14 at 14:14 -0700, Max Olivas wrote: Hey All, Thanks for the feedback. I've cleaned up my .tdb files some and have moved farther with the upgrade command but I'm still getting errors. This is what I'm getting now: idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER. ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py, line 926, in upgrade_from_samba3 result.names.domaindn, result.lp, use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py, line 1476, in setsysvolacl setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb) File /usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py, line 154, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) I see that sid is for the Administrators group but I'm not sure what I need to do to it to complete the upgrade command without errors? Any help is much appreciated. A workaround for this is in the 4.0.0 release. Are you running Samba 4.0.0? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 classicupgrade to Samba AD
Hey All, I have a Samba 3 PDC (Debian, Samba version 3.5.6 with NIS groups and no winbind) with about 300 users, 200 client PC's, 15 member servers(mixed Windows Server 2003/2008 and Samba 3), and I'm attempting the classicupgrade to Samba AD. To test I've created a new Ubuntu 12.04 LTS and followed the HOWTO, successfully creating a blank Samba AD and testing adding users/PC's and connecting with Windows AD tools. I then attempted the classicupgrade (rolled VM back and copied .tdb files and smb.conf from current PDC) but I'm getting several errors. root@telluride:~# /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir /root/old-samba/ --use-xattrs=yes --realm=northglenn.org /root/old-samba/smb.conf Reading smb.conf Processing section [netlogon] Unknown parameter encountered: share modes Ignoring unknown parameter share modes Provisioning Exporting account policy Exporting groups Exporting users Ignoring group memberships of 'L-LECHUGA$' S-1-5-21-684095783-2094215992-774919444-1995: Unable to enumerate group memberships, (-1073741724,No such user) Ignoring group memberships of 'ahendrickson' S-1-5-21-684095783-2094215992-774919444-1921: Unable to enumerate group memberships, (-1073741724,No such user) Ignoring group memberships of 'tkuenning' S-1-5-21-684095783-2094215992-774919444-1744: Unable to enumerate group memberships, (-1073741724,No such user) .There are a bunch of identical errors here that I'm omitting, one for every user/PC in the domain I'm guessing. Ignoring group memberships of 'S-GURULE$' S-1-5-21-684095783-2094215992-774919444-1658: Unable to enumerate group memberships, (-1073741724,No such user) Next rid = 6155 Exporting posix attributes Reading WINS database Cannot open wins database, Ignoring: [Errno 2] No such file or directory: '/root/old-samba/wins.dat' lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Processing section [netlogon] Processing section [sysvol] Module 'acl_xattr' loaded Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema partition_metadata: Migrating partition metadata Adding DomainDN: DC=mydomain,DC=org DN: DC=northglenn,DC=org is a NC Adding configuration container DN: CN=Configuration,DC=northglenn,DC=org is a NC Setting up sam.ldb schema DN: CN=Schema,CN=Configuration,DC=northglenn,DC=org is a NC Setting up sam.ldb configuration data Setting up display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Setting acl on sysvol skipped Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=northglenn,DC=org Creating DomainDnsZones and ForestDnsZones partitions DN: DC=DomainDnsZones,DC=northglenn,DC=org is a NC DN: DC=ForestDnsZones,DC=northglenn,DC=org is a NC Populating DomainDnsZones and ForestDnsZones partitions Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Setting up fake yp server settings Once the above files are installed, your Samba4 server will be ready to use Admin password:80rK6jk(EeBM-C Server Role: active directory domain controller Hostname: telluride NetBIOS Domain:NTSERV DNS Domain:northglenn.org DOMAIN SID:S-1-5-21-684095783-2094215992-774919444 Importing WINS database Importing Account policy Importing idmap database Processing section [netlogon] Processing section [sysvol] Importing groups Importing users Failed to create user record CN=watersan ,CN=Computers,DC=northglenn,DC=org: Entry CN=watersan,CN=Computers,DC=northglenn,DC=org already exists ERROR(class 'passdb.error'): uncaught exception - Unable to add sam account 'watersan $', (-1073741725,User exists) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py, line 896, in upgrade_from_samba3 s4_passdb.add_sam_account(userdata[username]) Hopefully someone sees something that Im doing blatently wrong and can point out my mistake. Thanks in advance for any help! Thanks, Max -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 classicupgrade to Samba AD
On Fri, 2013-01-04 at 12:28 -0700, Max Olivas wrote: Hey All, I have a Samba 3 PDC (Debian, Samba version 3.5.6 with NIS groups and no winbind) with about 300 users, 200 client PC's, 15 member servers(mixed Windows Server 2003/2008 and Samba 3), and I'm attempting the classicupgrade to Samba AD. To test I've created a new Ubuntu 12.04 LTS and followed the HOWTO, successfully creating a blank Samba AD and testing adding users/PC's and connecting with Windows AD tools. I then attempted the classicupgrade (rolled VM back and copied .tdb files and smb.conf from current PDC) but I'm getting several errors. Importing groups Importing users Failed to create user record CN=watersan ,CN=Computers,DC=northglenn,DC=org: Entry CN=watersan,CN=Computers,DC=northglenn,DC=org already exists ERROR(class 'passdb.error'): uncaught exception - Unable to add sam account 'watersan $', (-1073741725,User exists) Hopefully someone sees something that Im doing blatently wrong and can point out my mistake. Thanks in advance for any help! I'd wager the error message is exact and meaningful - you have a duplicate sambaSID in your LDAPSAM. Also the machine account watersan $ contains a space. That seems odd. I had several of these inconsistencies in my old LDAPSAM that I needed to correct before the upgrade completed. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 classicupgrade to Samba AD
On Fri, 2013-01-04 at 15:24 -0500, Adam Tauno Williams wrote: On Fri, 2013-01-04 at 12:28 -0700, Max Olivas wrote: Hey All, I have a Samba 3 PDC (Debian, Samba version 3.5.6 with NIS groups and no winbind) with about 300 users, 200 client PC's, 15 member servers(mixed Windows Server 2003/2008 and Samba 3), and I'm attempting the classicupgrade to Samba AD. To test I've created a new Ubuntu 12.04 LTS and followed the HOWTO, successfully creating a blank Samba AD and testing adding users/PC's and connecting with Windows AD tools. I then attempted the classicupgrade (rolled VM back and copied .tdb files and smb.conf from current PDC) but I'm getting several errors. Importing groups Importing users Failed to create user record CN=watersan ,CN=Computers,DC=northglenn,DC=org: Entry CN=watersan,CN=Computers,DC=northglenn,DC=org already exists ERROR(class 'passdb.error'): uncaught exception - Unable to add sam account 'watersan $', (-1073741725,User exists) Hopefully someone sees something that Im doing blatently wrong and can point out my mistake. Thanks in advance for any help! I'd wager the error message is exact and meaningful - you have a duplicate sambaSID in your LDAPSAM. Also the machine account watersan $ contains a space. That seems odd. I had several of these inconsistencies in my old LDAPSAM that I needed to correct before the upgrade completed. Adam, I agree. As we have never had an internal passdb consistency checker before, the checks being done as part of the import are often the first time a Samba 3.x site will discover a number of internal inconsistancies. For example, we already check for usernames and group names that overlap, and duplicate SIDs. The detection of duplicate usernames is left to this stage because we can give a clearer error message at this point. The script is just python however, and so it isn't hard to improve if someone wants to provide a patch to improve it. Max, Your issue might be that what we fill in as CN is a duplicate, rather than the username. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 master browser on two networks plus WINS
I'm banging my head against the wall here with a problem that I have. I have one Samba 3 server on a linux box with 2 ethernet interfaces, each given a different subnet. The same box does dhcp leases on both networks, with wins option pointing to this server. Firewall was configured to allow the best unobtrusive communication between the two subnets, I can ping between the subnets and receive response, I can also access some other services, like http, from one subnet to the other. I have setup on this server a common Public share, which works. Now I'm trying to get the Samba PC from subnet 1 to see the Samba PC from subnet 2 and viceversa, but to no avail. On subnet 1 I can see access the server via it's NetBIOS name, but on subnet 2 I can only see the server and access it via it's IP. No other Samba PC's can be seen across the subnets! All pc's have the same workgroup. What to enable in configuration in order to be able to do cross subnet browsing with samba ? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 master browser on two networks plus WINS
Is samba bound to a subnet1 interface only or all interfaces. Can subnet2 clients connect to samba via either IP? Are subnet2 clients supposed to be using samba services via the subnet1 IP or the subnet2 IP on the server?The first would involve going thru the firewall, which seems unnecessary with a dual homed samba server.The 2nd, however, probably rules out using WINS for the subnet2 clients since you would NOT want traffic going thru the firewall. What IP are the clients on subnet2 using for a WINS server? Can you try having the clients on subnet2 use samba server subnet1 IP as the WINS server? I haven't tried running WINS on a dual homed system. I would guess it you cat the wins.dat file (or tdbdump wins.tbd) you will only see registrations for subnet1. Have you specified any ports in the smb.conf file? Samba 3 uses NT4 type smb-over-NBT (ports 137,138,139 and not 445) BUT I have found that explicitly specifying ports in smb.conf breaks more things than it fixes. On 01/03/13 04:01, Gala Dragos wrote: I'm banging my head against the wall here with a problem that I have. I have one Samba 3 server on a linux box with 2 ethernet interfaces, each given a different subnet. The same box does dhcp leases on both networks, with wins option pointing to this server. Firewall was configured to allow the best unobtrusive communication between the two subnets, I can ping between the subnets and receive response, I can also access some other services, like http, from one subnet to the other. I have setup on this server a common Public share, which works. Now I'm trying to get the Samba PC from subnet 1 to see the Samba PC from subnet 2 and viceversa, but to no avail. On subnet 1 I can see access the server via it's NetBIOS name, but on subnet 2 I can only see the server and access it via it's IP. No other Samba PC's can be seen across the subnets! All pc's have the same workgroup. What to enable in configuration in order to be able to do cross subnet browsing with samba ? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 master browser on two networks plus WINS
Try this, samba4wins (http://www.enterprisesamba.org/samba4wins/)! A real wins server can interact with microsoft wins server push and pull partner! Let one samba be your pdc the other the bdc point both to the samba4wins host, point all your windows clients to the samba4wins host and you are up and running. Working here with 3 subnets and two windows 2008 wins servers as replication partners. On Thu, 03 Jan 2013 09:13:06 -0500, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Is samba bound to a subnet1 interface only or all interfaces. Can subnet2 clients connect to samba via either IP? Are subnet2 clients supposed to be using samba services via the subnet1 IP or the subnet2 IP on the server?The first would involve going thru the firewall, which seems unnecessary with a dual homed samba server.The 2nd, however, probably rules out using WINS for the subnet2 clients since you would NOT want traffic going thru the firewall. What IP are the clients on subnet2 using for a WINS server? Can you try having the clients on subnet2 use samba server subnet1 IP as the WINS server? I haven't tried running WINS on a dual homed system. I would guess it you cat the wins.dat file (or tdbdump wins.tbd) you will only see registrations for subnet1. Have you specified any ports in the smb.conf file? Samba 3 uses NT4 type smb-over-NBT (ports 137,138,139 and not 445) BUT I have found that explicitly specifying ports in smb.conf breaks more things than it fixes. On 01/03/13 04:01, Gala Dragos wrote: I'm banging my head against the wall here with a problem that I have. I have one Samba 3 server on a linux box with 2 ethernet interfaces, each given a different subnet. The same box does dhcp leases on both networks, with wins option pointing to this server. Firewall was configured to allow the best unobtrusive communication between the two subnets, I can ping between the subnets and receive response, I can also access some other services, like http, from one subnet to the other. I have setup on this server a common Public share, which works. Now I'm trying to get the Samba PC from subnet 1 to see the Samba PC from subnet 2 and viceversa, but to no avail. On subnet 1 I can see access the server via it's NetBIOS name, but on subnet 2 I can only see the server and access it via it's IP. No other Samba PC's can be seen across the subnets! All pc's have the same workgroup. What to enable in configuration in order to be able to do cross subnet browsing with samba ? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 master browser on two networks plus WINS
Subnet 1 : 192.168.5.1/24, wins 192.168.5.1 subnet 2: 192.168.7.1/24, wins 192.168.7.1 all pc are allocated ip's from their respective subnet via dhcp. a pc on subnet 1 cannot access a share from e pc on subnet 2, not even by ip. Same happens from subnet 2 to subnet 1. The firewall is setup as to allow all traffic between the 2 subnets, effectively considering them as a single zone (I use shorewall as an UI to iptables) I have not specified any ports in smb.conf, but I have binded samba to the required ethernet interface. Here is the wins.dat. I can see references from both subnets. wins.dat follows VERSION 1 0 WORKGROUP#1e 1357503758 0.0.0.0 e4R ARCHROUTEUSB#03 1357503758 192.168.5.1 192.168.7.1 66R WORKGROUP#00 1357503758 0.0.0.0 e4R ROUTERJUNKIE#03 1357503758 192.168.5.1 192.168.7.1 64R LIVINGROOM#20 1357541821 192.168.5.91 64R LINUXJUNKIE#00 1357511721 192.168.5.118 64R ROUTERJUNKIE#00 1357503758 192.168.5.1 192.168.7.1 64R ARCHROUTEUSB RO#03 1357258441 192.168.5.1 192.168.7.1 64R FUJILAPPY#20 1357497461 192.168.7.16 64R ARCHROUTEUSB#00 1357503758 192.168.5.1 192.168.7.1 66R WORKGROUP#1b 1357503758 192.168.5.1 192.168.7.1 64R LIVINGROOM#00 1357541816 192.168.5.91 64R LINUXJUNKIE#20 1357511723 192.168.5.118 64R ARCHROUTEUSB RO#20 1357258441 192.168.5.1 192.168.7.1 64R WORKGROUP#1c 1357503758 192.168.5.1 192.168.7.1 e4R ACERJUNKIE#00 1357381531 192.168.7.15 64R FUJILAPPY#00 1357497461 192.168.7.16 64R ACERJUNKIE#20 1357381531 192.168.7.15 64R ARCHROUTEUSB RO#00 1357258441 192.168.5.1 192.168.7.1 64R ARCHROUTEUSB#20 1357503758 192.168.5.1 192.168.7.1 66R ROUTERJUNKIE#20 1357503758 192.168.5.1 192.168.7.1 64R end wins.dat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 master browser on two networks plus WINS
Anything for samba 3 ? Btw what exactly are the difference between samba 3 and samba 4 ? I was under the impression that samba 4 only implements the new Homegroup feature that post XP windows has. From: Daniel Müller muel...@tropenklinik.de To: gaiseric.van...@gmail.com Cc: samba@lists.samba.org Sent: Friday, January 4, 2013 1:04 AM Subject: Re: [Samba] Samba 3 master browser on two networks plus WINS Try this, samba4wins (http://www.enterprisesamba.org/samba4wins/)! A real wins server can interact with microsoft wins server push and pull partner! Let one samba be your pdc the other the bdc point both to the samba4wins host, point all your windows clients to the samba4wins host and you are up and running. Working here with 3 subnets and two windows 2008 wins servers as replication partners. On Thu, 03 Jan 2013 09:13:06 -0500, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Is samba bound to a subnet1 interface only or all interfaces. Can subnet2 clients connect to samba via either IP? Are subnet2 clients supposed to be using samba services via the subnet1 IP or the subnet2 IP on the server? The first would involve going thru the firewall, which seems unnecessary with a dual homed samba server. The 2nd, however, probably rules out using WINS for the subnet2 clients since you would NOT want traffic going thru the firewall. What IP are the clients on subnet2 using for a WINS server? Can you try having the clients on subnet2 use samba server subnet1 IP as the WINS server? I haven't tried running WINS on a dual homed system. I would guess it you cat the wins.dat file (or tdbdump wins.tbd) you will only see registrations for subnet1. Have you specified any ports in the smb.conf file? Samba 3 uses NT4 type smb-over-NBT (ports 137,138,139 and not 445) BUT I have found that explicitly specifying ports in smb.conf breaks more things than it fixes. On 01/03/13 04:01, Gala Dragos wrote: I'm banging my head against the wall here with a problem that I have. I have one Samba 3 server on a linux box with 2 ethernet interfaces, each given a different subnet. The same box does dhcp leases on both networks, with wins option pointing to this server. Firewall was configured to allow the best unobtrusive communication between the two subnets, I can ping between the subnets and receive response, I can also access some other services, like http, from one subnet to the other. I have setup on this server a common Public share, which works. Now I'm trying to get the Samba PC from subnet 1 to see the Samba PC from subnet 2 and viceversa, but to no avail. On subnet 1 I can see access the server via it's NetBIOS name, but on subnet 2 I can only see the server and access it via it's IP. No other Samba PC's can be seen across the subnets! All pc's have the same workgroup. What to enable in configuration in order to be able to do cross subnet browsing with samba ? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 master browser on two networks plus WINS
Presumably pc on subnet1 does NOT need to access a share from 192.168.7.1 since it can access 192.168.5.1. Presumably pc on subnet2 does NOT need to access a share from 192.168.5.1 since it can access 192.168.7.1. If you have a dual homed server + a router between subnets your routing could get a little tricky when access shares on the other subnet IP of the samba server. Or is the samba server also the router? But to clarify your issue is that a /*single-homed client */ PC on subnet1 (e.g. LIVINGROOM) can not access shares on single-homed client PC on subnet2 (e.g. ACERJUNKI)- even though they can ping each other? It seems that WINS is not the problem. On 01/03/13 15:41, Gala Dragos wrote: Subnet 1 : 192.168.5.1/24, wins 192.168.5.1 subnet 2: 192.168.7.1/24, wins 192.168.7.1 all pc are allocated ip's from their respective subnet via dhcp. a pc on subnet 1 cannot access a share from e pc on subnet 2, not even by ip. Same happens from subnet 2 to subnet 1. The firewall is setup as to allow all traffic between the 2 subnets, effectively considering them as a single zone (I use shorewall as an UI to iptables) I have not specified any ports in smb.conf, but I have binded samba to the required ethernet interface. Here is the wins.dat. I can see references from both subnets. wins.dat follows VERSION 1 0 WORKGROUP#1e 1357503758 0.0.0.0 e4R ARCHROUTEUSB#03 1357503758 192.168.5.1 192.168.7.1 66R WORKGROUP#00 1357503758 0.0.0.0 e4R ROUTERJUNKIE#03 1357503758 192.168.5.1 192.168.7.1 64R LIVINGROOM#20 1357541821 192.168.5.91 64R LINUXJUNKIE#00 1357511721 192.168.5.118 64R ROUTERJUNKIE#00 1357503758 192.168.5.1 192.168.7.1 64R ARCHROUTEUSB RO#03 1357258441 192.168.5.1 192.168.7.1 64R FUJILAPPY#20 1357497461 192.168.7.16 64R ARCHROUTEUSB#00 1357503758 192.168.5.1 192.168.7.1 66R WORKGROUP#1b 1357503758 192.168.5.1 192.168.7.1 64R LIVINGROOM#00 1357541816 192.168.5.91 64R LINUXJUNKIE#20 1357511723 192.168.5.118 64R ARCHROUTEUSB RO#20 1357258441 192.168.5.1 192.168.7.1 64R WORKGROUP#1c 1357503758 192.168.5.1 192.168.7.1 e4R ACERJUNKIE#00 1357381531 192.168.7.15 64R FUJILAPPY#00 1357497461 192.168.7.16 64R ACERJUNKIE#20 1357381531 192.168.7.15 64R ARCHROUTEUSB RO#00 1357258441 192.168.5.1 192.168.7.1 64R ARCHROUTEUSB#20 1357503758 192.168.5.1 192.168.7.1 66R ROUTERJUNKIE#20 1357503758 192.168.5.1 192.168.7.1 64R end wins.dat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 master browser on two networks plus WINS
The samba server also acts as the router. That is correct, a pc on subnet 1 cannot access a pc on subnet 2 through samba, but works fine using other protocols. Both subnet 1 and subnet 2 have pc that run Windows 7 x64, or Windows XP, or Linux (usually Fedora 17). The server itself runs on Archlinux. It seems that WINS is not the problem. Then what is ? From: Gaiseric Vandal gaiseric.van...@gmail.com To: samba@lists.samba.org Sent: Thursday, January 3, 2013 11:02 PM Subject: Re: [Samba] Samba 3 master browser on two networks plus WINS Presumably pc on subnet1 does NOT need to access a share from 192.168.7.1 since it can access 192.168.5.1. Presumably pc on subnet2 does NOT need to access a share from 192.168.5.1 since it can access 192.168.7.1. If you have a dual homed server + a router between subnets your routing could get a little tricky when access shares on the other subnet IP of the samba server. Or is the samba server also the router? But to clarify your issue is that a /*single-homed client */ PC on subnet1 (e.g. LIVINGROOM) can not access shares on single-homed client PC on subnet2 (e.g. ACERJUNKI)- even though they can ping each other? It seems that WINS is not the problem. On 01/03/13 15:41, Gala Dragos wrote: Subnet 1 : 192.168.5.1/24, wins 192.168.5.1 subnet 2: 192.168.7.1/24, wins 192.168.7.1 all pc are allocated ip's from their respective subnet via dhcp. a pc on subnet 1 cannot access a share from e pc on subnet 2, not even by ip. Same happens from subnet 2 to subnet 1. The firewall is setup as to allow all traffic between the 2 subnets, effectively considering them as a single zone (I use shorewall as an UI to iptables) I have not specified any ports in smb.conf, but I have binded samba to the required ethernet interface. Here is the wins.dat. I can see references from both subnets. wins.dat follows VERSION 1 0 WORKGROUP#1e 1357503758 0.0.0.0 e4R ARCHROUTEUSB#03 1357503758 192.168.5.1 192.168.7.1 66R WORKGROUP#00 1357503758 0.0.0.0 e4R ROUTERJUNKIE#03 1357503758 192.168.5.1 192.168.7.1 64R LIVINGROOM#20 1357541821 192.168.5.91 64R LINUXJUNKIE#00 1357511721 192.168.5.118 64R ROUTERJUNKIE#00 1357503758 192.168.5.1 192.168.7.1 64R ARCHROUTEUSB RO#03 1357258441 192.168.5.1 192.168.7.1 64R FUJILAPPY#20 1357497461 192.168.7.16 64R ARCHROUTEUSB#00 1357503758 192.168.5.1 192.168.7.1 66R WORKGROUP#1b 1357503758 192.168.5.1 192.168.7.1 64R LIVINGROOM#00 1357541816 192.168.5.91 64R LINUXJUNKIE#20 1357511723 192.168.5.118 64R ARCHROUTEUSB RO#20 1357258441 192.168.5.1 192.168.7.1 64R WORKGROUP#1c 1357503758 192.168.5.1 192.168.7.1 e4R ACERJUNKIE#00 1357381531 192.168.7.15 64R FUJILAPPY#00 1357497461 192.168.7.16 64R ACERJUNKIE#20 1357381531 192.168.7.15 64R ARCHROUTEUSB RO#00 1357258441 192.168.5.1 192.168.7.1 64R ARCHROUTEUSB#20 1357503758 192.168.5.1 192.168.7.1 66R ROUTERJUNKIE#20 1357503758 192.168.5.1 192.168.7.1 64R end wins.dat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 master browser on two networks plus WINS
WINS is not the issue since you can't connect via IP either. Routing is not the issue since you can connect to other services. Are all clients showing 5.1 or 7.1 as default gw? It could be a firewall configuration issue on your server- although that does not seem likely. Did you have to specifically add rules to allow HTTPS? Can you temporarily disable the firewall on the server? Are their firewalls enabled on the PC's? Presuming clients don't have problems accessing shares from other clients on the same subnet? The default XP firewall behavior may be to block network shares.I think it is possible to configure the XP firewall to allow access from some IP's but not others- but that is something you would have had to explicitly set up. Fedora typically has a firewall enabled as well- on fedora you have the system-config-firewall command to provide a gui front end (I think this is iptables.) It may have specific ports and services enabled or disabled by default but I don't think it would have rules that filter by source ip enabled by default. Can you telnet somehost 139 ? On 01/03/13 16:16, Gala Dragos wrote: The samba server also acts as the router. That is correct, a pc on subnet 1 cannot access a pc on subnet 2 through samba, but works fine using other protocols. Both subnet 1 and subnet 2 have pc that run Windows 7 x64, or Windows XP, or Linux (usually Fedora 17). The server itself runs on Archlinux. It seems that WINS is not the problem. Then what is ? From: Gaiseric Vandal gaiseric.van...@gmail.com To: samba@lists.samba.org Sent: Thursday, January 3, 2013 11:02 PM Subject: Re: [Samba] Samba 3 master browser on two networks plus WINS Presumably pc on subnet1 does NOT need to access a share from 192.168.7.1 since it can access 192.168.5.1. Presumably pc on subnet2 does NOT need to access a share from 192.168.5.1 since it can access 192.168.7.1. If you have a dual homed server + a router between subnets your routing could get a little tricky when access shares on the other subnet IP of the samba server. Or is the samba server also the router? But to clarify your issue is that a /*single-homed client */ PC on subnet1 (e.g. LIVINGROOM) can not access shares on single-homed client PC on subnet2 (e.g. ACERJUNKI)- even though they can ping each other? It seems that WINS is not the problem. On 01/03/13 15:41, Gala Dragos wrote: Subnet 1 : 192.168.5.1/24, wins 192.168.5.1 subnet 2: 192.168.7.1/24, wins 192.168.7.1 all pc are allocated ip's from their respective subnet via dhcp. a pc on subnet 1 cannot access a share from e pc on subnet 2, not even by ip. Same happens from subnet 2 to subnet 1. The firewall is setup as to allow all traffic between the 2 subnets, effectively considering them as a single zone (I use shorewall as an UI to iptables) I have not specified any ports in smb.conf, but I have binded samba to the required ethernet interface. Here is the wins.dat. I can see references from both subnets. wins.dat follows VERSION 1 0 WORKGROUP#1e 1357503758 0.0.0.0 e4R ARCHROUTEUSB#03 1357503758 192.168.5.1 192.168.7.1 66R WORKGROUP#00 1357503758 0.0.0.0 e4R ROUTERJUNKIE#03 1357503758 192.168.5.1 192.168.7.1 64R LIVINGROOM#20 1357541821 192.168.5.91 64R LINUXJUNKIE#00 1357511721 192.168.5.118 64R ROUTERJUNKIE#00 1357503758 192.168.5.1 192.168.7.1 64R ARCHROUTEUSB RO#03 1357258441 192.168.5.1 192.168.7.1 64R FUJILAPPY#20 1357497461 192.168.7.16 64R ARCHROUTEUSB#00 1357503758 192.168.5.1 192.168.7.1 66R WORKGROUP#1b 1357503758 192.168.5.1 192.168.7.1 64R LIVINGROOM#00 1357541816 192.168.5.91 64R LINUXJUNKIE#20 1357511723 192.168.5.118 64R ARCHROUTEUSB RO#20 1357258441 192.168.5.1 192.168.7.1 64R WORKGROUP#1c 1357503758 192.168.5.1 192.168.7.1 e4R ACERJUNKIE#00 1357381531 192.168.7.15 64R FUJILAPPY#00 1357497461 192.168.7.16 64R ACERJUNKIE#20 1357381531 192.168.7.15 64R ARCHROUTEUSB RO#00 1357258441 192.168.5.1 192.168.7.1 64R ARCHROUTEUSB#20 1357503758 192.168.5.1 192.168.7.1 66R ROUTERJUNKIE#20 1357503758 192.168.5.1 192.168.7.1 64R end wins.dat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 master browser on two networks plus WINS
This seems more a routing issue to me than samba. Packets cannot move between different networks without a route. You need to define a static route between your networks and then it will work. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.x Windows 8
Hi guys, I'm really sorry for posting this as I'm sure it's been discussed quite a lot, but after searching(on google) for a definite up to date answer I still can't seem to get confirmation. I'm running my PDC using samba-3.5.4-0.83.el5_7.2 under RHEL 5.7, with openldap-2.3.43-12.el5 with a non roaming profiles fileserver with domain logons. We have mixed clients, Windows XP,7, 2003, 2008 and now 1 Windows 8 Pro Laptop, a total of about 300 users. We've tried the usual Windows 7 registry edits(after reading a few posts) to get the Windows 8 to join the domain without any success. I've a topic which seems to indicate disabling smb2 on the client which has been done(according to the onsite IT guy) with no luck. I saw a mention of setting... max protocol = smb2 min protocol = smb2 in the smb.conf, but not sure if this actually solves the problem. The latest samba release via the RHEL5 repo's is 3.5.10-0.110.el5_8 so not sure if this will even have any affect without upgrading to the latest 3.6 release. I realise that Samba4 will have full Windows 8 support, however we are a long way off to upgrading to Samba 4 yet. Does Samba 3 support Windows 8 Pro machines, or is this still an ongoing issue? Thank you. Regards. Neil Wilson. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.x Windows 8
From: Neil nwilson...@gmail.com Date: Mon, 19 Nov 2012 16:36:10 +0200 We've tried the usual Windows 7 registry edits(after reading a few posts) to get the Windows 8 to join the domain without any success. (snip) I saw a mention of setting... max protocol = smb2 min protocol = smb2 Does Samba 3 support Windows 8 Pro machines, or is this still an ongoing issue? As I mentioned at: https://lists.samba.org/archive/samba/2012-September/169219.html In my environment, Windows 8 Pro can join to Samba3 domain. I tested against Samba 3.6.6/Samba 3.5.4. Though my Windows 8 Pro box can join with max protocol = smb2, try: - max protocol = nt1 min protocol = nt1 - as mentioned at: https://lists.samba.org/archive/samba/2012-September/169213.html --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 and cupsaddsmb
Hello Kristofer, please try it first without the cups6-drivers. Use only the original MS-Drivers. I am using Samba 3.4 since years and it is working beautiful. regards Franz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 and cupsaddsmb
Hello Kristofer, please try it first without the cups6-drivers. Use only the original MS-Drivers. I am using Samba 3.4 since years and it is working beautiful. regards Franz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 printing and CUPS
I am trying to set up Samba 3 with CUPS printers, and installing the drivers to the server. I have been able to add drivers to the server just fine, but when a client connects to a printer and tries to set it up, Windows 7 is seeing a null printer type, so it is not finding the appropriate drivers. Windows 7 says The '' printer driver is not installed on this computer …. So it appears that the type of printer is null when it gets passed back to windows 7, and it doesn't know what kind of printer to search for drivers for. CUPS has the correct printer models listed in it. Am I missing something? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 printing and CUPS
In addition, this is what I am seeing in CUPS: Unpacked printer [PRINTERNAME] name [\\SERVER\PRINTERNAME] running driver [] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 printing and CUPS
Hi Kristofer, Have you tried adding the directive use client drivers = yes in the printers section of smb.conf? On 9/25/2012 3:55 PM, Kristofer wrote: I am trying to set up Samba 3 with CUPS printers, and installing the drivers to the server. I have been able to add drivers to the server just fine, but when a client connects to a printer and tries to set it up, Windows 7 is seeing a null printer type, so it is not finding the appropriate drivers. Windows 7 says The '' printer driver is not installed on this computer …. So it appears that the type of printer is null when it gets passed back to windows 7, and it doesn't know what kind of printer to search for drivers for. CUPS has the correct printer models listed in it. Am I missing something? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 printing and CUPS
Have you tried adding the directive use client drivers = yes in the printers section of smb.conf? Carolos, I have not. The reason is because in the man page I read This parameter MUST not be enabled on a print share which has valid print driver installed on the Samba server. But in fact, I want to install printer drivers to the Samba server, and from best I can tell, it is installing them successfully. The files are going into the correct path, and Windows is not returning an error. Unless I am misunderstanding that option completely? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 and cupsaddsmb
I can't even get cupsaddsmb to work right. I followed the configuration instructions from the documentation, and my smb.conf matches what the cupsaddsmb man page says. I am getting extremely frustrated with this and not being able to allow clients to download drivers from Samba. With cupsaddsmb, this is the error I am receiving when it gets to this point, over and over: Running command: rpcclient localhost -N -A /tmp/cupsDdRS7Y -c 'adddriver Windows NT x86 pw003:pscript5.dll:pw003.ppd:ps5ui.dll:pscript.hlp:NULL:RAW:pscript5.dll,pw003.ppd,ps5ui.dll,pscript.hlp,pscript.ntf,cups6.ini,cupsps6.dll,cupsui6.dll' result was WERR_INVALID_PARAM What in the heck is going on? Why can I not get any of this to work? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 and cupsaddsmb
This is the error with verbose output: pc_api_pipe: got frag len of 28 at offset 0: NT_STATUS_OK rpc_api_pipe: host localhost returned 8 bytes. spoolss_AddPrinterDriver: struct spoolss_AddPrinterDriver out: struct spoolss_AddPrinterDriver result : WERR_INVALID_PARAM result was WERR_INVALID_PARAM On Sep 25, 2012, at 5:59 PM, Kristofer wrote: I can't even get cupsaddsmb to work right. I followed the configuration instructions from the documentation, and my smb.conf matches what the cupsaddsmb man page says. I am getting extremely frustrated with this and not being able to allow clients to download drivers from Samba. With cupsaddsmb, this is the error I am receiving when it gets to this point, over and over: Running command: rpcclient localhost -N -A /tmp/cupsDdRS7Y -c 'adddriver Windows NT x86 pw003:pscript5.dll:pw003.ppd:ps5ui.dll:pscript.hlp:NULL:RAW:pscript5.dll,pw003.ppd,ps5ui.dll,pscript.hlp,pscript.ntf,cups6.ini,cupsps6.dll,cupsui6.dll' result was WERR_INVALID_PARAM What in the heck is going on? Why can I not get any of this to work? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 and cupsaddsmb
On Tue, 2012-09-25 at 17:59 -0500, Kristofer wrote: I can't even get cupsaddsmb to work right. I followed the configuration instructions from the documentation, and my smb.conf matches what the cupsaddsmb man page says. I am getting extremely frustrated with this and not being able to allow clients to download drivers from Samba. With cupsaddsmb, this is the error I am receiving when it gets to this point, over and over: Running command: rpcclient localhost -N -A /tmp/cupsDdRS7Y -c 'adddriver Windows NT x86 pw003:pscript5.dll:pw003.ppd:ps5ui.dll:pscript.hlp:NULL:RAW:pscript5.dll,pw003.ppd,ps5ui.dll,pscript.hlp,pscript.ntf,cups6.ini,cupsps6.dll,cupsui6.dll' result was WERR_INVALID_PARAM What in the heck is going on? Why can I not get any of this to work? Even if you could get it to work, is this really what you want? Printing with native Windows drivers is the more normal pattern these days, rather than printing postscript and getting CUPS to do the conversion. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 and cupsaddsmb
Even if you could get it to work, is this really what you want? Printing with native Windows drivers is the more normal pattern these days, rather than printing postscript and getting CUPS to do the conversion. I want to use the Windows drivers (see earlier thread which I created), but that continuously fails, so I was trying this - and it fails for me as well. I'm batting 0% at Samba + Windows driver auto install. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3 create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
Hi everybody I'm trying to build a fileserver with samba. And I had it ok when users where authenticating via samba, but I changed the authentication method to OpenLDAP, and for some strange reason users can not access the shares anymore... it is giving me this error: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED. I have chacked the permission in the SO and is 777 for the hole share estructure. I have tried to use username = but it enters any user, not only the permited ones. The LDAP server is authenticating right, I know because I use him as a base for my DC's. The server with that problem is not my PDC. It is just a fileserver. I've read that it is because I'm using valid users = is that right? I've tried to use valid users whit write list but it had no effect. I don't know what to do any more. thank's in advance. If anyone can help me, I will be very grateful Here is my smb.conf [global] # Autenticação --- workgroup = DOMAIN IN PDC netbios name = NETBIOS NAME security = DOMAIN password server = IP OF LDAP dos charset = ISO8859-1 unix charset = UTF-8 winbind uid = 1-2 winbind gid = 1-2 winbind use default domain = yes # - Recycle - recycle: keeptree = Yes recycle:maxsize = 0 recycle:touch = True recycle:exclude = *.tmp,*.log,*.obj,~*.*,*.bak,*.iso,*.temp,*.o,~$* recycle:repository = /opt/FNMA/lixeira/%U recycle:noversions = *.doc|*.xls|*.ppt|*.dwg|*.dxf|*.txt recycle:exclude_dir = tmp, cache recycle:versions = Yes # Audit - full_audit:priority = notice full_audit:prefix = %m|%I|%u|%S full_audit:facility = local5 full_audit:success = rename rmdir unlink open write full_audit:failure = none # Log log level = 1 log file = /var/log/samba/%m.log syslog = 0 max log size = 1000 # --- Misc - veto files = /*.mp3/*.ogg/autorun.inf/autorun.vbs/autorun.bat/autorun.wsh/autorun.bin/autorun.reg/autorun.txt/AUTORUN.BMK/copy.exe/host.exe/*.tmp/*.temp/~$*/ dns proxy = no load printers = no hide dot files = yes # Compartilhamentos --- [FNMA] vfs objects = recycle, full_audit path = /opt/FNMA write list = users comment = Todos arquivos do FNMA valid users = users create mode = 0770 directory mode = 775 #vfs object = recycle, full_audit [DIRETORIA] vfs objects = recycle, full_audit browseable = yes writeable = yes path = /opt/FNMA/Diretoria force user = root comment = Arquivos da Diretoria valid users = @dir write list = @dir create mode = 770 public = yes directory mode = 775 [CINF] force user = root comment = Coordenadoria de Informatica browseable = no valid users = @gead-cinf write list = @gead-cinf writeable = yes create mode = 770 path = /opt/FNMA/GEAD/CINF directory mode = 775 #vfs objects = recycle, full_audit [CCON] vfs objects = recycle, full_audit writeable = yes path = /opt/FNMA/GEAD/CCON force user = root comment = Coordenadoria de Contratos e Convenios valid users = @gead-ccon,@gead write list = @gead-ccon,@gead public = yes create mode = 770 directory mode = 775 [CFIN] vfs objects = recycle, full_audit writeable = yes path = /opt/FNMA/GEAD/CFIN force user = root comment = Coordenadoria de Financas valid users = @gead-cfin,@gead write list = @gead-cfin,@gead create mode = 770 directory mode = 775 [COAD] vfs objects = recycle, full_audit writeable = yes path = /opt/FNMA/GEAD/COAD comment = Coordenadoria Administrativa valid users = @gead-coad, @gead, @gead-cdoc write list = @gead-coad, @gead, @gead-cdoc create mode = 770 directory mode = 775 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
On Tue, 2012-08-14 at 23:22 -0300, Mauricio Perez wrote: Hi everybody I'm trying to build a fileserver with samba. And I had it ok when users where authenticating via samba, but I changed the authentication method to OpenLDAP, and for some strange reason users can not access the shares anymore... it is giving me this error: create_connection_server_info failed: NT_STATUS_ACCESS_DENIED. I have chacked the permission in the SO and is 777 for the hole share estructure. I have tried to use username = but it enters any user, not only the permited ones. The LDAP server is authenticating right, I know because I use him as a base for my DC's. The server with that problem is not my PDC. It is just a fileserver. I've read that it is because I'm using valid users = is that right? I've tried to use valid users whit write list but it had no effect. I don't know what to do any more. thank's in advance. If anyone can help me, I will be very grateful Here is my smb.conf [global] # Autenticação --- workgroup = DOMAIN IN PDC netbios name = NETBIOS NAME security = DOMAIN password server = IP OF LDAP dos charset = ISO8859-1 unix charset = UTF-8 winbind uid = 1-2 winbind gid = 1-2 winbind use default domain = yes This is not how you connect Samba to OpenLDAP. This is how you connect Samba to Samba classic (eg 3.x) domain. Perhaps you need to join the domain using 'net rpc join'? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 - getting rid of some logfile errors
Am 07.08.2012 13:16, schrieb Moray Henderson: From: J. Echter [mailto:j.ech...@echter-kuechen-elektro.de] Sent: 05 August 2012 20:30 Am 01.08.2012 09:17, schrieb Jürgen Echter: Hi, i have a lot of entries in my logs which i can't solve, but everything works as expected. my setup: samba pdc - bacula samba bdc - mule Ubuntu 10.04-LTS Server samba 3.4.7 log file entries: Aug 1 08:25:40 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:41 bacula smbd[23854]: [2012/08/01 08:25:41, 0] smbd/service.c:988(make_connection_snum) Aug 1 08:25:41 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:743(write_data) Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] smbd/process.c:62(srv_send_smb) Aug 1 08:25:44 bacula smbd[24003]: Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:539(read_fd_with_timeout) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:26:07 bacula smbd[24002]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:26:07 bacula smbd[24002]: read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. any hints how to resolve this? thanks juergen Hi, i resolved this ones by setting smb ports = 139 in smb.conf but i still have this ones: Aug 5 20:55:18 bacula smbd[20419]: [2012/08/05 20:55:18, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) Aug 5 20:55:18 bacula smbd[20419]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client SERVER machine account SERVER$ these are only from successfully joined windows 7 machines. the ldap entry, exported as ldif, looks like this for this account: uid=server$,ou=computers,dc=workgroup,dc=local dn: uid=server$,ou=computers,dc=workgroup,dc=local cn: server$ description: Computer gecos: Computer gidnumber: 515 homedirectory: /dev/null loginshell: /bin/false objectclass: posixAccount objectclass: account objectclass: sambaSamAccount sambaacctflags: [W ] sambakickofftime: 2147483647 sambalogofftime: 2147483647 sambalogontime: 0 sambantpassword: 951640BFE27F4C16E7670E096C8121FA sambaprimarygroupsid: S-1-5-21-3842863818-2180709222-141296495-515 sambapwdcanchange: 0 sambapwdlastset: 1344165203 sambapwdmustchange: 2147483647 sambasid: S-1-5-21-3842863818-2180709222-141296495-3458 uid: server$ uidnumber: 1229 anyone with some hints? :) thanks juergen We use tdbsam rather than ldapsam, but get similar errors when the machine name is in lower case in the Linux password database and upper case in the Samba password database. In our case changing the machine's Linux account name to upper case cleared several log file errors including netlogon_creds_server_check. Moray. “To err is human; to purr, feline.” Hi Moray, i just checked and there is no upper-/lowercase issues. Only Win 7 boxes produce this message. I have for example server2$ in my ldap and the machine is called SERVER2. Thanks for helping juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 - getting rid of some logfile errors
From: J. Echter [mailto:j.ech...@echter-kuechen-elektro.de] Sent: 05 August 2012 20:30 Am 01.08.2012 09:17, schrieb Jürgen Echter: Hi, i have a lot of entries in my logs which i can't solve, but everything works as expected. my setup: samba pdc - bacula samba bdc - mule Ubuntu 10.04-LTS Server samba 3.4.7 log file entries: Aug 1 08:25:40 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:41 bacula smbd[23854]: [2012/08/01 08:25:41, 0] smbd/service.c:988(make_connection_snum) Aug 1 08:25:41 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:743(write_data) Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] smbd/process.c:62(srv_send_smb) Aug 1 08:25:44 bacula smbd[24003]: Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:539(read_fd_with_timeout) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:26:07 bacula smbd[24002]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:26:07 bacula smbd[24002]: read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. any hints how to resolve this? thanks juergen Hi, i resolved this ones by setting smb ports = 139 in smb.conf but i still have this ones: Aug 5 20:55:18 bacula smbd[20419]: [2012/08/05 20:55:18, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) Aug 5 20:55:18 bacula smbd[20419]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client SERVER machine account SERVER$ these are only from successfully joined windows 7 machines. the ldap entry, exported as ldif, looks like this for this account: uid=server$,ou=computers,dc=workgroup,dc=local dn: uid=server$,ou=computers,dc=workgroup,dc=local cn: server$ description: Computer gecos: Computer gidnumber: 515 homedirectory: /dev/null loginshell: /bin/false objectclass: posixAccount objectclass: account objectclass: sambaSamAccount sambaacctflags: [W ] sambakickofftime: 2147483647 sambalogofftime: 2147483647 sambalogontime: 0 sambantpassword: 951640BFE27F4C16E7670E096C8121FA sambaprimarygroupsid: S-1-5-21-3842863818-2180709222-141296495-515 sambapwdcanchange: 0 sambapwdlastset: 1344165203 sambapwdmustchange: 2147483647 sambasid: S-1-5-21-3842863818-2180709222-141296495-3458 uid: server$ uidnumber: 1229 anyone with some hints? :) thanks juergen We use tdbsam rather than ldapsam, but get similar errors when the machine name is in lower case in the Linux password database and upper case in the Samba password database. In our case changing the machine's Linux account name to upper case cleared several log file errors including netlogon_creds_server_check. Moray. “To err is human; to purr, feline.” -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 - getting rid of some logfile errors
Am 01.08.2012 09:17, schrieb Jürgen Echter: Hi, i have a lot of entries in my logs which i can't solve, but everything works as expected. my setup: samba pdc - bacula samba bdc - mule Ubuntu 10.04-LTS Server samba 3.4.7 log file entries: Aug 1 08:25:40 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:41 bacula smbd[23854]: [2012/08/01 08:25:41, 0] smbd/service.c:988(make_connection_snum) Aug 1 08:25:41 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:743(write_data) Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] smbd/process.c:62(srv_send_smb) Aug 1 08:25:44 bacula smbd[24003]: Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:539(read_fd_with_timeout) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:26:07 bacula smbd[24002]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:26:07 bacula smbd[24002]: read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. any hints how to resolve this? thanks juergen Hi, i resolved this ones by setting smb ports = 139 in smb.conf but i still have this ones: Aug 5 20:55:18 bacula smbd[20419]: [2012/08/05 20:55:18, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) Aug 5 20:55:18 bacula smbd[20419]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client SERVER machine account SERVER$ these are only from successfully joined windows 7 machines. the ldap entry, exported as ldif, looks like this for this account: uid=server$,ou=computers,dc=workgroup,dc=local dn: uid=server$,ou=computers,dc=workgroup,dc=local cn: server$ description: Computer gecos: Computer gidnumber: 515 homedirectory: /dev/null loginshell: /bin/false objectclass: posixAccount objectclass: account objectclass: sambaSamAccount sambaacctflags: [W ] sambakickofftime: 2147483647 sambalogofftime: 2147483647 sambalogontime: 0 sambantpassword: 951640BFE27F4C16E7670E096C8121FA sambaprimarygroupsid: S-1-5-21-3842863818-2180709222-141296495-515 sambapwdcanchange: 0 sambapwdlastset: 1344165203 sambapwdmustchange: 2147483647 sambasid: S-1-5-21-3842863818-2180709222-141296495-3458 uid: server$ uidnumber: 1229 anyone with some hints? :) thanks juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3 - getting rid of some logfile errors
Hi, i have a lot of entries in my logs which i can't solve, but everything works as expected. my setup: samba pdc - bacula samba bdc - mule Ubuntu 10.04-LTS Server samba 3.4.7 log file entries: Aug 1 08:25:40 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:41 bacula smbd[23854]: [2012/08/01 08:25:41, 0] smbd/service.c:988(make_connection_snum) Aug 1 08:25:41 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:743(write_data) Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] smbd/process.c:62(srv_send_smb) Aug 1 08:25:44 bacula smbd[24003]: Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:539(read_fd_with_timeout) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:26:07 bacula smbd[24002]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:26:07 bacula smbd[24002]: read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. any hints how to resolve this? thanks juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 to Samba 4 migration
On Wed, 4 Jul 2012, Andrew Bartlett wrote: Either way, it needs full access to a running LDAP directory (as we perform this migration using the passdb code in the same way that Samba3 used it). Ah, got it. Thanks. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 to Samba 4 migration
I have a production Samba 3 installation with an LDAP backend. CentOS 5.8, OpenLDAP. Works well. I have a new Samba 4 installation with a different domain name on a new CentOS 6.2 system, using Samba4.0.0beta and bind 9.9. This system does not have Samba 3 or OpenLDAP installed. This installation passes all of the initial kerberos, ldap and dns tests. The name was changed because this system is on the same network as the Samba 3 installation (changing the network is not an option). I have a file containing a slapcat output from the Samba 3 domain. I have edited this file to change the domain SID to the new domain's value. I have also removed all machine entries from this file for testing purposes. So: how do I import the slapcat data into Samba 4's LDAP server? The procedure documented in the Samba 4 HOWTO cannot possibly work in my situation (never mind the fact that it refers to /etc/ldap, which I have never heard of). Obviously missing something. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 to Samba 4 migration
On Tue, 2012-07-03 at 16:02 -0400, Steve Thompson wrote: I have a production Samba 3 installation with an LDAP backend. CentOS 5.8, OpenLDAP. Works well. I have a new Samba 4 installation with a different domain name on a new CentOS 6.2 system, using Samba4.0.0beta and bind 9.9. This system does not have Samba 3 or OpenLDAP installed. This installation passes all of the initial kerberos, ldap and dns tests. The name was changed because this system is on the same network as the Samba 3 installation (changing the network is not an option). I have a file containing a slapcat output from the Samba 3 domain. I have edited this file to change the domain SID to the new domain's value. I have also removed all machine entries from this file for testing purposes. So: how do I import the slapcat data into Samba 4's LDAP server? The procedure documented in the Samba 4 HOWTO cannot possibly work in my situation (never mind the fact that it refers to /etc/ldap, which I have never heard of). Obviously missing something. Some of the extra instructions added here are a little distro-specific it seems. You either need to start openldap on the new server, using the copied data, or you need to point Samba at the old openldap server over TCP. I'm sure you can find the location of your OpenLDAP database to slapcat from and to. Either way, it needs full access to a running LDAP directory (as we perform this migration using the passdb code in the same way that Samba3 used it). I hope this helps, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 Windows 7 Temporary Profile on 2nd Login
Hi, I'm bashing my head against a brick wall against a strange Win7 domain login issue. We have a Samba 3 CentOS server which for some months has been a problem free PDC for a network of about 15 Win7Pro64 clients in a school. Recently, for some reason, the following situation has now arisen: * After client PC reboot, domain login is fine. * After logging out of windows, any attempt to log in again immediately leads to a temporary profile being loaded. * If the client PC is left unused for several minutes, or is rebooted, logging in normally is possible again. I've tried quite a number of things, including rolling back a client PC to an image from well before the problem occurred and removing the antivirus from a client PC, and nothing seems to make any difference. If I set Do not log users on with temporary profiles on a client PC via gpedit.msc, I get an error The user profile service failed the login. User profile cannot be loaded if I try to re-log-on too soon, and this seems to reset the timer on when login will be possible again to requiring a further 2 or 3 minute delay. After a couple of days of googling and testing, this is sending me a bit crazy. Has anyone else encountered a similar situation and solved or worked around it? Or does anyone have any insight into possible causes? Many thanks, Ben Clayton Irax Ltd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3, Ubuntu 10, NAT, and firewall rules
I'm setting up a Samba 3 server on Ubuntu 10. The server will have five local shares, which it will provide to the local network (let's call that network 1.2.3.0/24). The samba server is a slave to the local Windows AD domain -- that is, the samba server does not do its own authentication but just passes along such requests to one of several local domain controllers that actually deal with them. I'm not the admin of those domain controllers; I know almost nothing about running Windows systems. The samba server is located on a firewalled and NAT'd network inside the local environment. That is, it has a public address (let's call it 1.2.3.55) that's visible outside, while inside, it really lives at something like 192.168.0.8. NAT is confirmed working at this point via tcpdump on both sides. I'm trying to ascertain the necessary-and-sufficient set of firewall rules for this samba server. So far I've come up with this: Bidirectional: netbios-ns (port 137, UDP) to/from the local network netbios-dgm (port 138, UDP) to/from the local network netbios-ssn (port 139, TCP) to/from the local network microsoft-ds (port 445, TCP) to/from the local network Outbound only: DNS (port 53, TCP and UDP) to DNS servers on local network NTP (port 123, TCP and UDP) to NTP servers on the local network LDAP (port 389, TCP and UDP) to hosts on the local network Kerberos (port 88, TCP and UDP) to hosts on the local network Inbound-only: SSH from the local network, of course. ;-) First, I suppose I should ask if there are any glaring omissions or inclusions. Second, I suspect that these rules are overly permissive in that, for example, I need only permit outbound LDAP to the domain controllers on the local network, and not to other hosts such as samba client systems. I also suspect that my major lack of clue with all things Windows means that some of the things I've listed as bidirectional don't need to be. I'd like to make these rules are tight as possible without breaking anything, so I'd be grateful for any guidance, especially if it involves pointing out my mistakes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3 a 4 with kerberized nfs4
Hi openSUSE 12.1 server and client. I can't get the s4 fileserver nor uid:gid mappings working with s4. I used nfs and idmapd instead. It's working, but I've a couple of qns. 1. Server fqdn hh3.hh3.site Samba 4, DNS and NFS4 I set up the nfs server with GSSAPI as in this screenshot: http://2.bp.blogspot.com/-IspbLnfxizc/Txsp-Z1z1tI/ADk/lsgel498elg/s1600/yastnfs1.png The nfs server would not start until I had made a nfs principal and stuck it in the keytab. Then I could mount the share and users were mapped correctly, home directory permissions OK etc. (I'd previously adder Linux attributes to LDAP). Everything fine so far. klist -k /etc/krb5.keytab 1 nfs/hh3.hh3.s...@hh3.site 1 nfs/hh3.hh3.s...@hh3.site 1 nfs/hh3.hh3.s...@hh3.site 2. Client. fqdn hh6.hh3.site, Samba 3.6 smb.conf: workgroup = CACTUS realm = HH3.SITE security = ADS kerberos method = system keytab Join the domain: net ads join -U Administrator net ads keytab add nfs klist -k /etc/krb5.keytab 1 host/hh6.hh3.s...@hh3.site 1 host/hh6.hh3.s...@hh3.site 1 host/hh6.hh3.s...@hh3.site 1 host/h...@hh3.site 1 host/h...@hh3.site 1 host/h...@hh3.site 1 HH6$@HH3.SITE 1 HH6$@HH3.SITE 1 HH6$@HH3.SITE 1 nfs/hh6.hh3.s...@hh3.site 1 nfs/hh6.hh3.s...@hh3.site 1 nfs/hh6.hh3.s...@hh3.site 1 nfs/h...@hh3.site 1 nfs/h...@hh3.site 1 nfs/h...@hh3.site mount -t nfs4 hh3:/ /home Amazingly still OK. Samba 4 users can login, get correctly mapped files, edit etc. I now mv the keytab and recreate it _without_ nfs. It still mounts! Why does the server(s4) need the nfs principal but the client(s3) not? How can I tell if Kerberos is working? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 with Windows 2008 Enterprise Terminalserver
Dear Samba Member, i've decide to write to the samba lists in the hope of Your help. Specifically i have at the moment really a problem between Samba 3 (version 3.2.3-3) and Windwos 2008 Enterprise Terminalserver, namilly User, that logon on Samba PDC, could be authenticated, but don't get policy from Samba Netlogon. With both other Terminalserver (Windows Server 2003) works policy faultless. Samba PDC (Debian lenny/sid) Windows 2008 Enterprise TS (up to date) TS-User: Roaming Profile May be somebody has the same situation and can give me a piece of good advice. I understand, that you probably need more information about our environment and ready to give it. Thank you in advance Best regards, Alexander Schechtmann *Alexander Schechtmann* Universitätsmedizin der Johannes Gutenberg-Universität Servicecenter IT / SC 6 Langenbeckstraße 1 D-55131 Mainz alexander.schechtm...@unimedizin-mainz.de iese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und löschen Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail und der darin enthaltenen Informationen ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this email in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 with Windows 2008 Enterprise Terminalserver
On Fri, 18 Feb 2011 16:11:31 +0100 Schechtmann alexander.schechtm...@unimedizin-mainz.de wrote: S i've decide to write to the samba lists in the hope of Your help. S Specifically i have at the moment really a problem between Samba 3 S (version 3.2.3-3) and Windwos 2008 Enterprise Terminalserver, namilly S User, that logon on Samba PDC, could be authenticated, but don't get S policy from Samba Netlogon. With both other Terminalserver (Windows S Server 2003) works policy faultless. old style NT4 policies aren't useed by newer OS versions (vista, seven, 2008) you'll need to use a samba4 or a Microsoft AD domain. or you could ,as we do, use start scripts to enforce machine policies and login scripts for users ones. -- Jean-Jacques Moulis Tel: (013) 281684 ISYFax: (013) 139282 Linköping UniversityE-mail: j...@isy.liu.se 581 83 Linköping -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 and active directory computers
On Wed, Dec 15, 2010 at 05:00:52PM -0600, Ben Cone wrote: Installed Samba 3 with Winbind on Ubuntu server 10.04 x64. User accounts authenticate beautifully using the domain. wbinfo -u and wbinfo -g show me all of my domain user accounts and groups respectively. I want to use Active Directory to deploy software to the computers, however, I cannot get the computers in active directory to be able to authenticate to the Samba server. Here is what I have in my error logs. [2010/12/15 16:48:06, 3] libsmb/ntlmssp.c:745(ntlmssp_server_auth) Got user=[] domain=[] workstation=[IT-OFFICE2] len1=1 len2=0 There's https://bugzilla.samba.org/show_bug.cgi?id=7817. You might want to try the attached patch which fixed it. With best regards, Volker Lendecke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 and active directory computers
HmmmSame problem still. I will note that Samba installed from Ubuntu's repositories does not include the file ntlmssp.c on my system. I did grab a copy of the file, put it in the proper place, restarted samba, and I see the same things in my logs. The samba version from the repository is 3.4.7. I am still locked into how to make this work. It reads that this seems not to be a problem at all in Samba 6 and I am debating installing the latest stable version of samba from source instead of aptitude. Of course, that means I don't get patches from Ubuntu for it but once I get this going I am hoping to not have to do any real work on it again for a couple of years. Ben On Thu, Dec 16, 2010 at 4:01 AM, Volker Lendecke volker.lende...@sernet.dewrote: On Wed, Dec 15, 2010 at 05:00:52PM -0600, Ben Cone wrote: Installed Samba 3 with Winbind on Ubuntu server 10.04 x64. User accounts authenticate beautifully using the domain. wbinfo -u and wbinfo -g show me all of my domain user accounts and groups respectively. I want to use Active Directory to deploy software to the computers, however, I cannot get the computers in active directory to be able to authenticate to the Samba server. Here is what I have in my error logs. [2010/12/15 16:48:06, 3] libsmb/ntlmssp.c:745(ntlmssp_server_auth) Got user=[] domain=[] workstation=[IT-OFFICE2] len1=1 len2=0 There's https://bugzilla.samba.org/show_bug.cgi?id=7817. You might want to try the attached patch which fixed it. With best regards, Volker Lendecke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 and active directory computers
On Thu, Dec 16, 2010 at 10:32:15AM -0600, Ben Cone wrote: I will note that Samba installed from Ubuntu's repositories does not include the file ntlmssp.c on my system. I did grab a copy of the file, put it in the proper place, restarted samba, and I see the same things in my logs. The samba version from the repository is 3.4.7. Did you recompile Samba? I'm not sure, but from what you write sounds like you did not. If you want official Ubuntu repos with that patch, you need to contact Canonical support about this. You might also contact one of the companies listed under http://samba.org/samba/support to assist you to compile Samba for you. I am still locked into how to make this work. It reads that this seems not to be a problem at all in Samba 6 and I am debating installing the latest stable version of samba from source instead of aptitude. Of course, that means I don't get patches from Ubuntu for it but once I get this going I am hoping to not have to do any real work on it again for a couple of years. That's a valid request. But apparently you found a but in what Ubuntu ships. One thing to look at might be to remove the force group. If you can live without that, it might help you work around that bug. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 and active directory computers
Ok, I am going to tackle compiling samba from source and go from there. I have compiled a lot of other things including samba4 before from source on Ubuntu so no big deal. I was hoping for a different fix, but I'll go that route and go from there. On Thu, Dec 16, 2010 at 1:18 PM, Volker Lendecke volker.lende...@sernet.dewrote: On Thu, Dec 16, 2010 at 10:32:15AM -0600, Ben Cone wrote: I will note that Samba installed from Ubuntu's repositories does not include the file ntlmssp.c on my system. I did grab a copy of the file, put it in the proper place, restarted samba, and I see the same things in my logs. The samba version from the repository is 3.4.7. Did you recompile Samba? I'm not sure, but from what you write sounds like you did not. If you want official Ubuntu repos with that patch, you need to contact Canonical support about this. You might also contact one of the companies listed under http://samba.org/samba/support to assist you to compile Samba for you. I am still locked into how to make this work. It reads that this seems not to be a problem at all in Samba 6 and I am debating installing the latest stable version of samba from source instead of aptitude. Of course, that means I don't get patches from Ubuntu for it but once I get this going I am hoping to not have to do any real work on it again for a couple of years. That's a valid request. But apparently you found a but in what Ubuntu ships. One thing to look at might be to remove the force group. If you can live without that, it might help you work around that bug. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3 and active directory computers
Installed Samba 3 with Winbind on Ubuntu server 10.04 x64. User accounts authenticate beautifully using the domain. wbinfo -u and wbinfo -g show me all of my domain user accounts and groups respectively. I want to use Active Directory to deploy software to the computers, however, I cannot get the computers in active directory to be able to authenticate to the Samba server. Here is what I have in my error logs. [2010/12/15 16:48:06, 3] libsmb/ntlmssp.c:745(ntlmssp_server_auth) Got user=[] domain=[] workstation=[IT-OFFICE2] len1=1 len2=0 and [2010/12/15 16:48:09, 3] smbd/service.c:807(make_connection_snum) Connect path is '/home/OFFICE2008/apps' for service [apps] [2010/12/15 16:48:09, 0] smbd/service.c:833(make_connection_snum) make_connection: connection to apps denied due to security descriptor. [2010/12/15 16:48:09, 3] smbd/error.c:60(error_packet_set) error packet at smbd/reply.c(689) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED And below is my smb.conf [global] prefered master = no server string = file server security = ADS netbios name = storage realm = OFFICE.DOMAIN.COM password server = swerver2008.office.domain.com encrypt passwords = yes workgroup = OFFICE2008 idmap uid = 500-1000 idmap gid = 500-1000 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind refresh tickets = yes winbind nested groups = yes ;template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes domain master = no #logging log file = /var/log/samba/log.%m log level = 3 max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action [office] comment = Directory for files general office share path= /office Valid Users =...@office.domain.com+officestaff ; public=yes writable=yes browseable=yes create mask = 0770 force create mode = 0770 force directory mode = 0770 force group = @OFFICE.DOMAIN.COM+officeStaff [apps] comment = Directory for applications to be deployed using group policy path = /home/OFFICE2008/apps ; Valid Users =...@office.domain.com+officecomputers public=yes writable=yes browseable=yes force create mode = 0755 force directory mode = 0755 force group = @OFFICE.DOMAIN.COM+officeComputers guest ok = yes guest account = nobody Where am I going wrong? Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 joined to samba 4 - problems with permissions on S3 server
Hi all, I am testing samba3 joined to a samba 4 domain controller. Most things appear to be working okay - just not printer drivers and file permissions. Machines can join the domain and use resources on the Samba 3 server, etc. I can change permissions to my hearts content on the Samba4 shares, just not Samba3. I cannot however set any permissions on shares or add printer drivers to the Samba 3 server. Winbind appears to be working fine and getent group,passwd lists users and groups from the S4 server. Samba 3 config is at the end of this email, the Samba 4 config is what I got in the provisioning step, with a test share added only. The printer issue appears odd to me... I can browse to \\server\print$ and write to the folders there. The typical folders: W32X86, IA64, etc etc. are all there and I can write to those as well. When I look in the 'printers and faxes' share the printers are all listed there. If i right-click in that share and go to server properties - drivers tab the 4 buttons on the bottom are greyed out as well as everything in the advanced tab. If I right-click one of the printers a question is asked the '' print driver is not installed would you like to add it There is a single quote in between 'the' and 'print' as above, which seemed strange. If I answer 'no' I get the properties screen. Answering yes appears to go thru the motions of moving files around once I select the driver. No files are ever moved to the server, but to \windows\system32 someplace on the workstation. I can manipulate settings on the advanced tab without it complaining and it appears to save them EXCEPT the 'new driver' button which is greyed out. Now, the file permissions on shares might be related to this, but I don't know. I don't see anything in the logs that looks fatal when trying to manipulate printer settings or when opening the properties of a printer. Now, setting file/folder permissions on shares does yield some complaints in the log. (Excerpt is at the bottom) It seems to be complaining about acl stuff. I checked the mount options and remounted it as such: /dev/drbd0 on /srv type ext3 (rw,user_xattr,acl) (I don't know if it's supposed to be 'user_xttr' OR 'acl' - I tried one, then the other then both but no change) Using 'getfacl' on the directory returns: # file: files # owner: mark # group: domain\040users # flags: ss- user::rwx group::rwx group:domain\040admins:rwx mask::rwx other::rwx I don't know if this is a good test or not Here is the log excerpt when changing permissions: [2010/10/23 22:57:04, 3] smbd/process.c:1459(process_smb) Transaction 46157 of length 112 (0 toread) [2010/10/23 22:57:04, 3] smbd/process.c:1273(switch_message) switch message SMBntcreateX (pid 2814) conn 0x7f618f683c60 [2010/10/23 22:57:04, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [files/test] [/srv/servroot] [2010/10/23 22:57:04, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: files/test reduced to /srv/servroot/files/test [2010/10/23 22:57:04, 3] smbd/dosmode.c:149(unix_mode) unix_mode(files/test) returning 0766 [2010/10/23 22:57:04, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [files/test] [/srv/servroot] [2010/10/23 22:57:04, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: files/test reduced to /srv/servroot/files/test [2010/10/23 22:57:04, 3] smbd/process.c:1459(process_smb) Transaction 46158 of length 172 (0 toread) [2010/10/23 22:57:04, 3] smbd/process.c:1273(switch_message) switch message SMBnttrans (pid 2814) conn 0x7f618f683c60 [2010/10/23 22:57:04, 3] smbd/nttrans.c:1818(call_nt_transact_set_security_desc) call_nt_transact_set_security_desc: file = files/test, sent 0x4 [2010/10/23 22:57:04, 3] smbd/dosmode.c:149(unix_mode) unix_mode(files/test) returning 0766 [2010/10/23 22:57:04, 2] smbd/posix_acls.c:2796(set_canon_ace_list) set_canon_ace_list: sys_acl_set_file type file failed for file files/test (Operation not permitted). [2010/10/23 22:57:04, 3] smbd/posix_acls.c:3846(set_nt_acl) set_nt_acl: failed to set file acl on file files/test (Operation not permitted). [2010/10/23 22:57:04, 3] smbd/error.c:60(error_packet_set) error packet at smbd/nttrans.c(1828) cmd=160 (SMBnttrans) NT_STATUS_ACCESS_DENIED [2010/10/23 22:57:04, 3] smbd/process.c:1459(process_smb) Transaction 46159 of length 45 (0 toread) [2010/10/23 22:57:04, 3] smbd/process.c:1273(switch_message) switch message SMBclose (pid 2814) conn 0x7f618f683c60 [2010/10/23 22:57:04, 3] smbd/reply.c:4478(reply_close) close directory fnum=10795 Samba3 smb.conf: [global] workgroup = TEST netbios name = test realm = TEST.REALM.COM preferred master = no security = ADS encrypt passwords = yes log level = 3 log file = /var/log/samba/%m winbind separator = + printcap name = cups printing = cups idmap uid = 1-2 idmap gid = 1-2 winbind enum groups = yes winbind enum users = yes winbind use default domain = yes [homes] comment = Home
Re: [Samba] Samba 3 joined to samba 4 - problems with permissions on S3 server
On Sat, Oct 23, 2010 at 11:19:43PM -0400, Mark Rutherford wrote: Here is the log excerpt when changing permissions: [2010/10/23 22:57:04, 2] smbd/posix_acls.c:2796(set_canon_ace_list) set_canon_ace_list: sys_acl_set_file type file failed for file files/test (Operation not permitted). = ||| This is the underlying problem you need to fix... Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 joined to samba 4 - problems with permissions on S3 server
I fiddled around with it some more and managed to correct the acl issue. The printer driver issue turned out to be somewhat different net rpc rights grant test\administrator SePrintOperatorPrivilege -U administrator on the Samba 3 server solved the issue. So I guess my question is.. why did I have to do this? Shouldn't domain admins have this right from the start? On 10/23/2010 11:47 PM, Jeremy Allison wrote: On Sat, Oct 23, 2010 at 11:19:43PM -0400, Mark Rutherford wrote: Here is the log excerpt when changing permissions: [2010/10/23 22:57:04, 2] smbd/posix_acls.c:2796(set_canon_ace_list) set_canon_ace_list: sys_acl_set_file type file failed for file files/test (Operation not permitted). = ||| This is the underlying problem you need to fix... Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 + OpenLDAP very slow transfer speed(when multiple small files, probably LDAP problem)
Dear List, I have CentOS 5.5 64bit (fully updated) , Samba3 3.5.5-43.el5 (SerNET Samba) , openldap-2.3.43-12.el5_5.2 , nss_ldap-253-25.el5 . My Problem is , If I login to the domain and run a program from the Samba3 Server it's slow , if I login from this same machine but this time to the local account, and then I go to the Samba3 server specify domain admin password when asked for it(only once,when accessing the desired share) and run the same program I'm 2-3x times faster. I've googled a bit, and found another guy was having speed problems when runing programs on a Samba3 server with ldap backend. But I must admit I'm no Openldap expert, if you can please take a look at my config and tell me what is wrong with it, it's probably the ldap part... what I did try sofar stoped openldap , and did a slapindex, and started it again but no help. Bellow are my config files : /etc/samba/smb.conf [global] use sendfile = yes read raw = yes write raw = yes #max xmit = 65535 dead time = 30 getwd cache = yes lock spin time = 200 workgroup = CAPRIOLOBIKE netbios name = PDC-SERVER server string = cfile-server log file = /var/log/samba/log.%m max log size = 50 security = user encrypt passwords = yes # Added by moquist obey pam restrictions = No ldap passwd sync = Yes time server = Yes unix password sync = no # Added by moquist log level = 1 syslog = 0 mangling method = hash2 dos charset = 850 unix charset = ISO8859-1 passwd program = /usr/sbin/smbldap-passwd -u %u username map = /etc/samba/smbusers interfaces = bond0 local master = yes os level = 200 domain master = yes preferred master = yes domain logons = yes logon script = scripts\%m.bat # Added by moquist logon drive = X: logon home = \\%L\home\%U passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=Manager,dc=capriolobike,dc=com ldap suffix = dc=capriolobike,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users ldap ssl = off ldap delete dn = Yes # use the smbldap-tools scripts add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u logon path = wins support = yes #dns proxy = yes name resolve order = wins bcast hosts #veto oplock files = /*.doc/*.xls/*.mdb/ # Share Definitions == idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [IPC$] path = /tmp browsable = No [homes] comment = Home Directories valid users = %S browseable = No writable = yes create mask = 0600 directory mask = 0700 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes [profiles] comment = Profile Share path = /var/lib/samba/profiles writeable = yes browseable = No create mode = 0600 directory mode = 0700 [backup1] comment = Private Backup 1 path = /share read only = No create mask = 0777 directory mode = 0777 force create mode = 0777 valid users = denes invalid users = bikeclub oplocks = false level2 oplocks = false [storage3] comment = Public Storage 3 path = /share5 read only = No create mask = 0777 directory mode = 0777 force create mode = 077 invalid users = bikeclub oplocks = false level2 oplocks = false [storage2] comment = Public Storage 2 path = /share2 read only = No create mask = 0777 directory mask = 0777 force create mode = 0777 invalid users = bikeclub oplocks = false level2 oplocks = false [storage] comment = Public Storage path = /share3 read only = No create mask = 0777 directory mode = 0777 force create mode = 0777 invalid users = bikeclub oplocks = false level2 oplocks = false [novosti] comment = Novosti path = /share4 read only = No create mask = 0777 directory mode = 0777 force create mode = 0777 invalid users = bikeclub oplocks = false level2 oplocks = false [drivers1] comment = Drivers 1 path = /drivers1 read only = No create mask = 0777 directory mode = 0777 force create mode = 0777 invalid users = bikeclub oplocks = false level2 oplocks = false [drivers2] comment = Drivers 2 path = /drivers2 read only = No create mask = 0777 directory mode = 0777 force create mode = 0777 invalid users = bikeclub oplocks = false level2 oplocks = false [drivers3] comment = Drivers 3 path = /drivers3 read only = No create mask = 0777 directory mode = 0777 force create mode = 0777 invalid users = bikeclub oplocks = false level2 oplocks = false [K] path = /app_capri read only = No create mask = 0777 directory mode = 0777 force create mode = 0777 invalid users = bikeclub oplocks =
[Samba] Samba-3-server and MS ADS / MSSFU-schema
Hello, my question is: can I use MS ADS with MSSFU-schema extension together with samba3? We have a MS-ADS with all MSSFU attributes filled, so that nix-client using pam/nss-ldap can use the ADS for authentication and in nss. The nix-clients can also mount MS-shares as their home-directories (pam-cifs). Additionaly, we need to have a linux file server using samba3. No the question is: can the samba server use the ADS as ldapsam? Quite sure, that this is impossible, because samba needs its samba... attributes. I experimented with openldap as a proxy to ADS and mapping some attributes. But I am not sure about what ldap attributes are neccessary for the samba-server. Is there any way to accomplish that? (Using PAM on the samba-server requires clear text passwords enabled and that does not work together with our windows clients). -- Wilhelm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 to samba 4
I am in progress of retiring a pair of PDC/BDC with win2000 and changing to a couple with samba, running on a debian/linux/squeeze Such distribution propose me samba 3.4 . Can i make the thing with 3.4 or is better i backport 4 Wat is easier ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 and Samba 4 migration
No one has any answer? :( Thanks anyways :) ++AMARU From: Amaru Netapshaak postfix_am...@yahoo.com To: samba@lists.samba.org Sent: Thu, May 20, 2010 10:11:41 AM Subject: Samba 3 and Samba 4 migration Greetings! I am running a samba 3.0.31 PDC with a flat smbpasswd back-end, and am ready to make the jump over to Samba 4 and ldb. I am planning on running both domains in parallel, while I migrate departments and users to the new Samba 4 domain. The problem is that I have people who will log on to machines on both domains in various locations, and I want to make sure they have access to their data on the Samba 3 domain when logged onto Samba 4. I was thinking I could use NFS to accomplish this. Maybe just have their local samba 4 home directory be mounted via NFS to their actual home directory on the old DC until all workstations are converted to the Samba 4 domain and then I'll sync up the data one last time and shut the old one off. I was hoping there would be a better solution :) Any ideas? Thank you! ++AMARU -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 and Samba 4 migration
Greetings! I am running a samba 3.0.31 PDC with a flat smbpasswd back-end, and am ready to make the jump over to Samba 4 and ldb. I am planning on running both domains in parallel, while I migrate departments and users to the new Samba 4 domain. The problem is that I have people who will log on to machines on both domains in various locations, and I want to make sure they have access to their data on the Samba 3 domain when logged onto Samba 4. I was thinking I could use NFS to accomplish this. Maybe just have their local samba 4 home directory be mounted via NFS to their actual home directory on the old DC until all workstations are converted to the Samba 4 domain and then I'll sync up the data one last time and shut the old one off. I was hoping there would be a better solution :) Any ideas? Thank you! ++AMARU -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 vfs Modul:virtual share in mysql
Thank you for Your reply. Where can I find instructions (Documentation)to build my own vfs-Modul?! Does opensuse platform supports fuse? Daniel -Ursprüngliche Nachricht- Von: Volker Lendecke volker.lende...@sernet.de An: Daniel Müller muel...@tropenklinik.de Cc: samba@lists.samba.org Gesendet: Mittwoch, 24. Februar 2010 13:49 Betreff: Re: [Samba] Samba 3 vfs Modul:virtual share in mysql -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 vfs Modul:virtual share in mysql
On Thu, Feb 25, 2010 at 10:41:03AM +0100, Daniel Müller wrote: Thank you for Your reply. Where can I find instructions (Documentation)to build my own vfs-Modul?! Sorry, there's not much more than reading examples in modules/vfs_*, in particular as the interface has changed quite a bit with Samba 3.5. Does opensuse platform supports fuse? I don't know it positively, but I would be VERY surprised if it did not. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 vfs Modul:virtual share in mysql
Dear All, it seems a few years ago there where a vfs (Dtabasefs!?)modul making it possible to build a virtual share from within a mysql database. In praxis: I thought to have images in my mysqldatabase. The virtual share in samba points to that database. Users could browse this virtual share and so searching the pitures is much more easier. Is there anything out that can do this? Or what are the conditions to build such vfs-module ? Greetings Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 vfs Modul:virtual share in mysql
On Wed, Feb 24, 2010 at 01:39:22PM +0100, Daniel Müller wrote: it seems a few years ago there where a vfs (Dtabasefs!?)modul making it possible to build a virtual share from within a mysql database. In praxis: I thought to have images in my mysqldatabase. The virtual share in samba points to that database. Users could browse this virtual share and so searching the pitures is much more easier. Is there anything out that can do this? Or what are the conditions to build such vfs-module ? Just do it :-) Seriously: This is certainly doable, but it is probably a considerable amount of work. Read-Only might be okay, but once you start doing r/w access, things will become very hairy very quickly. As an alternative route, I would rather search in the fuse filesystem space to see if such a thing exists for fuse. This assumes that you're running on a platform that fuse supports. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3/4 - Franky - AD
Hello I had exactly the same problem. However, I downloaded and installed GIT (apt-get install git-core in Debian / Ubuntu). I then did: git clone git://git.samba.org/samba.git samba cd samba git checkout v3-5-stable cd source3 ./configure --enable-merged-build make make install If you haven't already done so, you need lots of development libraries, for example http://wiki.samba.org/index.php/Samba4/HOWTO/Ubuntu_Server_9.04 is a good source. If you are getting messages saying that libraries are missing after the install, you may need to edit ld.so.conf and then run ldconfig. You may also need to add /usr/local/samba/sbin and /usr/local/samba/bin to your path as well so that you don't have to cd into the directory or type it all out. I am still yet to explore Samba 3.5 properly and haven't got past this stage yet. Regards _ Have more than one Hotmail account? Link them together to easily access both http://clk.atdmt.com/UKM/go/186394591/direct/01/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3/4 - Franky - AD
Richard Lamboj schrieb: What is the Problem: build/smb_build/main.pl: can't open '../lib/tevent/python.mk' at build/smb_build/config_mk.pm line 173.? The errors from 3.4.x are not very clear for me. Okay this file is missing, but why? So Please! Can someone tell me how to use Samba 3.4.x as merged build and as AD? I am receiving the same error on CentOS 5.4 64 bit; I tried different ways and sources to succesfully compile it with source packages from Fedora, the official sources and the last to compile it over makerpms.sh under packaging directory! Something what I didnt checked was if its possible to compile it with a fresh fetched source of the git repository? Is anyone here who could help us with this issue? Thanks in advance! Regards Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3/4 - Franky - AD
On Fri, 2009-11-20 at 20:57 +0100, Richard Lamboj wrote: Hello, is there somewhere a howto? I have compiled Samba 3.4.3 as merged build on Debian, but i could not remember which developer packages Samba needs(i have tried to compile 3.4.0 without problems - some times ago) and the error configure: error: Merged build required but not possible is not very useful. So Samba needs a Unix Account - is there a LDAP Server included in Samba, when yes - does it support pam, or does i need to store the Unix Users in the passwd or could i use a third part LDAP Server like openLDAP? What is the Problem: build/smb_build/main.pl: can't open '../lib/tevent/python.mk' at build/smb_build/config_mk.pm line 173.? The errors from 3.4.x are not very clear for me. Okay this file is missing, but why? So Please! Can someone tell me how to use Samba 3.4.x as merged build and as AD? Samba 3.4 is not and does not contain a Samba4 release. All it contains is a snapshot of Samba4 that was in 'master' at the time 3.4 was branched - many months ago. If you want to try Samba4, I'll release a new alpha soon, or try out the current GIT version. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3/4 - Franky - AD
Hello, is there somewhere a howto? I have compiled Samba 3.4.3 as merged build on Debian, but i could not remember which developer packages Samba needs(i have tried to compile 3.4.0 without problems - some times ago) and the error configure: error: Merged build required but not possible is not very useful. So Samba needs a Unix Account - is there a LDAP Server included in Samba, when yes - does it support pam, or does i need to store the Unix Users in the passwd or could i use a third part LDAP Server like openLDAP? What is the Problem: build/smb_build/main.pl: can't open '../lib/tevent/python.mk' at build/smb_build/config_mk.pm line 173.? The errors from 3.4.x are not very clear for me. Okay this file is missing, but why? So Please! Can someone tell me how to use Samba 3.4.x as merged build and as AD? Kind Regards, Richard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 PDC 3.3.4 broken with Win 7 RTM
Hi, I am looking forward to successfully join and logon a Windows 7 RTM to a Samba 3 domain. After a little googling and experimenting I came to conclusion that only version 3.3.4 of samba can accept such clients : - http://www.1stbyte.com/2009/05/31/join-windows-7-to-samba-pdc/ - http://ubuntuforums.org/showthread.php?t=1225500 Furthermore, Microsoft seems to have broken even compatibility with their own NT4 server: http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/8b4dd460-dd57-41da-b541-6933cd4d2531?prof=requiredwa=wsignin1.0 In the meantime I have tested with 3.4.0, 3.3.6, 3.2.5 and 3.3.4 - only 3.3.4 successfully allowed logons. Something must have regressed right after 3.3.4. Thank you, Costin Gusa -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba