Re: [Samba] Upgrade
On Fri, 2013-08-09 at 11:49 +0200, Sandbox wrote: Hi Guys, Well I made a bad decision and installed Samba4 from zentyal repo, I would like to upgrade it, is it enough to backup all files from %installation folder%/private directory and then copy into the newly installed version's private folder? Ensure you also move the sysvol tree, the lock, locks and state dirs and the etc/smb.conf file, and keep the xattrs. Essentially find the new location for all the files, and move them to match. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade
On 9-8-2013 11:49, Sandbox wrote: Hi Guys, Well I made a bad decision and installed Samba4 from zentyal repo, Why was that a bad decision? I have been looking at it and for certain use cases it looks nice. Regards, Joop -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade
Hi Guys, Well I made a bad decision and installed Samba4 from zentyal repo, I would like to upgrade it, is it enough to backup all files from %installation folder%/private directory and then copy into the newly installed version's private folder? Thanks, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade Samba 3.5.6 to 3.6.6
Hi, After ugrade samba (3.5.6) to 3.6.6 (debian wheezy), the command smbclient -L 127.0.0.1 -U user show a message error : session setup failed: NT_STATUS_UNSUCCESSFUL Thanks, Marcos. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade 3.6.15 file server to 4.0.6
Hi Is this possible? I see that the 4.0.6 directory structure is different, so we can't just do a make install over what's already there. Is there a method for using the latest stable release by upgrading, or must we do a fresh install? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade Samba 4 alpha 18 to Samba 4 stable version
Hi, We are still running Samba 4 alpha 18 for our servers, its integrated with postfix/dovecot, sugarcrm and a samba 3 fileserver. All of these systems are virtual running on Proxmox. Now we are trying to upgrade Samba 4 alpha 18 to a stable version. We are also running Ubuntu server. What would be the best way to upgrade it? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Bulk] problems with samba upgrade from 3.5.4 to 3.6.9
I'm experiencing the same/similar problem the difference being it that ldap-backend users are ok, only root fails with NT_STATUS_INTERNAL_DB_CORRUPTION but I also get warnings, not sure if related WARNING: The idmap backend option is deprecated WARNING: The idmap uid option is deprecated WARNING: The idmap gid option is deprecated I'm on rhel 6.3, samba-3.6.9-151.el6.x86_64, openldap-servers-2.4.23-26.el6_3.2.x86_64 regards On 03/08/13 10:09, NOC-Postkorb wrote: Hi @ all, we use samba as a fileserver on CentOS and an OpenLDAP server on Ubuntu 10.04. The samba server shared only files, so we can access with the win7 clients (and OpenLDAP credentials) to the files on the linux environment. So after upgrade we don't can connected us to the samba share. I have tested the connection with the tool smbclient smblcient -L servername -U ldapuser and returned the error session setup failed: NT_STATUS_INTERNAL_DB_CORRUPTION. I had read something about new security features, and in the most articles I had found problems with winbind and ADS connectivity. But we don't use winbind or else, we use only the linux ldap to authenticate. The domainSID and localSID and userSID are matched to the SambaDomainSID in my openLDAP. I have checked this with the commands: - net getdomainsid - net getlocalsid - pdbedit -v hhofmann So I hope you can help me, thanks! Regards, Henry Hofmann -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Upgrade 3.0.33 to 3.6.13.
Hello, I'm attempting to upgrade a server from Samba 3.0.33 to Samba 3.6.13. I'm testing the upgrade on a virtual machine with the same set up and data as the production server. My problem is that the SID to UID mappings and permissions aren't carrying over to the new version. Here's what I'm doing: - Uninstall previous version RPMs (This is a CentOS 5.5 server) - Install new 3.6.13 packages - Run net rpc join to join the machine to our domain (haven't been able to make anything work with ADS security. - Reboot After doing the above, I currently have to set permissions for the shares so I can access them from Windows machines. Please look at my configurations below. A point in the right direction would be most welcome! Current config (3.0.33): [global] workgroup = domain server string = Samba netbios name = fileserver hosts allow = 127. 192.168.115. encrypt passwords = yes security = domain passdb backend = tdbsam password server = * log level = 2 log file = /var/log/samba/samba.log.%m winbind separator = + idmap uid = 1-2 idmap gid = 1-2 --- New config (3.6.13): [global] netbios name = test-samba security = domain realm = domain1.domain.com password server = domain-server idmap config * : backend = tdb idmap config * : range = 10001-2 idmap config domain : backend = rid idmap config domain : range = 1-2 idmap config domain : base_rid = 0 workgroup = domain winbind enum users = yes winbind enum groups = yes winbind refresh tickets = yes template homedir = /shared/HOMEDIRS/%U template shell = /bin/bash client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes winbind use default domain = yes restrict anonymous = 2 passdb backend = tdbsam log level = 2 log file = /var/log/samba/samba.log.%m -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Upgrade 3.0.33 to 3.6.13.
From: Rodney Green rodgr...@gmail.com Date: Wed, 3 Apr 2013 08:27:57 -0400 My problem is that the SID to UID mappings and permissions aren't carrying over to the new version. (snip) Current config (3.0.33): [global] workgroup = domain (snip) winbind separator = + idmap uid = 1-2 idmap gid = 1-2 --- New config (3.6.13): [global] netbios name = test-samba security = domain realm = domain1.domain.com password server = domain-server idmap config * : backend = tdb idmap config * : range = 10001-2 idmap config domain : backend = rid idmap config domain : range = 1-2 idmap config domain : base_rid = 0 workgroup = domain (snip) encrypt passwords = yes winbind use default domain = yes restrict anonymous = 2 passdb backend = tdbsam Because you use default idmap (tdb) in Samba 3.0.33 and use idmap_rid for domain domain in Samba 3.6.13. If you use same mappings, use same winbindd_idmap.tdb file or manually set the mapping with using wbinfo command. --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Upgrade 3.0.33 to 3.6.13.
On Wed, Apr 3, 2013 at 1:34 PM, TAKAHASHI Motonobu mo...@monyo.com wrote: From: Rodney Green rodgr...@gmail.com Date: Wed, 3 Apr 2013 08:27:57 -0400 My problem is that the SID to UID mappings and permissions aren't carrying over to the new version. (snip) Current config (3.0.33): [global] workgroup = domain (snip) winbind separator = + idmap uid = 1-2 idmap gid = 1-2 --- New config (3.6.13): [global] netbios name = test-samba security = domain realm = domain1.domain.com password server = domain-server idmap config * : backend = tdb idmap config * : range = 10001-2 idmap config domain : backend = rid idmap config domain : range = 1-2 idmap config domain : base_rid = 0 workgroup = domain (snip) encrypt passwords = yes winbind use default domain = yes restrict anonymous = 2 passdb backend = tdbsam Because you use default idmap (tdb) in Samba 3.0.33 and use idmap_rid for domain domain in Samba 3.6.13. If you use same mappings, use same winbindd_idmap.tdb file or manually set the mapping with using wbinfo command. --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu Thanks, Takahashi. That's seems to have gotten things working properly. I noticed that the tdb files for 3.0.33 are in the /var/cache/samba directory. I copied winbindd_idmap.tdb from /var/cache/samba to /var/lib/samba and the mappings problem was corrected. Do you think I should copy all of the tdb files from /var/cache/samba to /var/lib/samba? Thanks again, Rodney -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade procedure
On 03/19/2013 05:37 PM, Andrew Bartlett wrote: On Tue, 2013-03-19 at 08:39 -0500, Cristian Saavedra wrote: Hello I'm upgrading to 4.0.4 as far as i remember the samba_upgradeprovision must not be used, so i'm asking for the current upgrade procedure: - configure samba 4.0.4 - make - create current samba backup (just in case) - killall samba process - make install - run samba After that, the new binaries are in place, should i do something else? run an script? delete a file? anything? The WHATSNEW includes a suggestion on how to fix the world-writeable permissions on any additional file shares. Make sure you do that. Other than that, this looks correct. Andrew Bartlett I have a clone of v4.0-stable which was 4.0.3 when I pulled. Do I just need to do a 'git pull'? to get 4.0.4? Or is 4.0.4 on some other tag? -Gerry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade procedure
On 03/20/2013 09:17 PM, Gerry Reno wrote: On 03/19/2013 05:37 PM, Andrew Bartlett wrote: On Tue, 2013-03-19 at 08:39 -0500, Cristian Saavedra wrote: Hello I'm upgrading to 4.0.4 as far as i remember the samba_upgradeprovision must not be used, so i'm asking for the current upgrade procedure: - configure samba 4.0.4 - make - create current samba backup (just in case) - killall samba process - make install - run samba After that, the new binaries are in place, should i do something else? run an script? delete a file? anything? The WHATSNEW includes a suggestion on how to fix the world-writeable permissions on any additional file shares. Make sure you do that. Other than that, this looks correct. Andrew Bartlett I have a clone of v4.0-stable which was 4.0.3 when I pulled. Do I just need to do a 'git pull'? to get 4.0.4? Or is 4.0.4 on some other tag? -Gerry git pull on v4.0-stable looks like it pulled in 4.0.4. Building now. -Gerry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade procedure
On Wed, 2013-03-20 at 21:17 -0400, Gerry Reno wrote: On 03/19/2013 05:37 PM, Andrew Bartlett wrote: On Tue, 2013-03-19 at 08:39 -0500, Cristian Saavedra wrote: Hello I'm upgrading to 4.0.4 as far as i remember the samba_upgradeprovision must not be used, so i'm asking for the current upgrade procedure: - configure samba 4.0.4 - make - create current samba backup (just in case) - killall samba process - make install - run samba After that, the new binaries are in place, should i do something else? run an script? delete a file? anything? The WHATSNEW includes a suggestion on how to fix the world-writeable permissions on any additional file shares. Make sure you do that. Other than that, this looks correct. Andrew Bartlett I have a clone of v4.0-stable which was 4.0.3 when I pulled. Do I just need to do a 'git pull'? to get 4.0.4? Or is 4.0.4 on some other tag? 4.0.4 should be the latest code on the v4-0-stable branch. You can see the version when you build Samba with --version on all the tools, or in the VERSION file. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade procedure
Hello I'm upgrading to 4.0.4 as far as i remember the samba_upgradeprovision must not be used, so i'm asking for the current upgrade procedure: - configure samba 4.0.4 - make - create current samba backup (just in case) - killall samba process - make install - run samba After that, the new binaries are in place, should i do something else? run an script? delete a file? anything? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade procedure
On Tue, 2013-03-19 at 08:39 -0500, Cristian Saavedra wrote: Hello I'm upgrading to 4.0.4 as far as i remember the samba_upgradeprovision must not be used, so i'm asking for the current upgrade procedure: - configure samba 4.0.4 - make - create current samba backup (just in case) - killall samba process - make install - run samba After that, the new binaries are in place, should i do something else? run an script? delete a file? anything? The WHATSNEW includes a suggestion on how to fix the world-writeable permissions on any additional file shares. Make sure you do that. Other than that, this looks correct. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] problems with samba upgrade from 3.5.4 to 3.6.9
Hi @ all, we use samba as a fileserver on CentOS and an OpenLDAP server on Ubuntu 10.04. The samba server shared only files, so we can access with the win7 clients (and OpenLDAP credentials) to the files on the linux environment. So after upgrade we don't can connected us to the samba share. I have tested the connection with the tool smbclient smblcient -L servername -U ldapuser and returned the error session setup failed: NT_STATUS_INTERNAL_DB_CORRUPTION. I had read something about new security features, and in the most articles I had found problems with winbind and ADS connectivity. But we don't use winbind or else, we use only the linux ldap to authenticate. The domainSID and localSID and userSID are matched to the SambaDomainSID in my openLDAP. I have checked this with the commands: - net getdomainsid - net getlocalsid - pdbedit -v hhofmann So I hope you can help me, thanks! Regards, Henry Hofmann -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade from 3.5.6 to 3.6.12 causes errors in password TDB
We're having trouble with our samba PDC since the upgrade to 3.6.12. We've got a standard smbpassword file using TDB and I;ve run tdbtool and tdbbackup over the file and both report no errors. The PDC will run for several hours handling hundreds of users and will then catastrophically fail with each daemon process reporting the following in turn: === [2013/03/05 08:46:09.378281, 0] lib/util.c:1117(smb_panic) PANIC (pid 15900): internal error [2013/03/05 08:46:09.387147, 0] lib/util.c:1221(log_stack_trace) BACKTRACE: 39 stack frames: #0 /usr/local/samba/sbin/smbd(log_stack_trace+0x1a) [0x2af15816e065] #1 /usr/local/samba/sbin/smbd(smb_panic+0x55) [0x2af15816e169] #2 /usr/local/samba/sbin/smbd [0x2af15815f72c] #3 /lib64/libc.so.6 [0x2af15a39f2f0] #4 /usr/local/samba/sbin/smbd(tcopy_passwd+0x27) [0x2af15814dde7] #5 /usr/local/samba/sbin/smbd(pdb_copy_sam_account+0x94) [0x2af15812d607] #6 /usr/local/samba/sbin/smbd(pdb_getsampwsid+0x188) [0x2af158131666] #7 /usr/local/samba/sbin/smbd(_samr_OpenUser+0x10b) [0x2af1580738f3] #8 /usr/local/samba/sbin/smbd [0x2af15808197e] #9 /usr/local/samba/sbin/smbd [0x2af158090ee4] #10 /usr/local/samba/sbin/smbd(dcerpc_binding_handle_raw_call_send+0xba) [0x2af1581d49a1] #11 /usr/local/samba/sbin/smbd(dcerpc_binding_handle_call_send+0x28e) [0x2af1581d4c90] #12 /usr/local/samba/sbin/smbd(dcerpc_binding_handle_call+0x96) [0x2af1581d4d87] #13 /usr/local/samba/sbin/smbd(dcerpc_samr_OpenUser_r+0x20) [0x2af1580fb88a] #14 /usr/local/samba/sbin/smbd(dcerpc_samr_OpenUser+0x1d) [0x2af1580fb8ac] #15 /usr/local/samba/sbin/smbd [0x2af15802b909] #16 /usr/local/samba/sbin/smbd(_netr_ServerAuthenticate3+0x297) [0x2af15802c3a2] #17 /usr/local/samba/sbin/smbd(_netr_ServerAuthenticate2+0x5d) [0x2af15802c90c] #18 /usr/local/samba/sbin/smbd [0x2af1580325de] #19 /usr/local/samba/sbin/smbd [0x2af15808dc42] #20 /usr/local/samba/sbin/smbd(process_complete_pdu+0x264) [0x2af15808e21a] #21 /usr/local/samba/sbin/smbd(process_incoming_data+0x3c4) [0x2af15809014c] #22 /usr/local/samba/sbin/smbd(np_write_send+0x166) [0x2af15809033f] #23 /usr/local/samba/sbin/smbd [0x2af157ea0f87] #24 /usr/local/samba/sbin/smbd [0x2af157ea1518] #25 /usr/local/samba/sbin/smbd(reply_trans+0x6e4) [0x2af157ea2186] #26 /usr/local/samba/sbin/smbd [0x2af157f01097] #27 /usr/local/samba/sbin/smbd [0x2af157f05296] #28 /usr/local/samba/sbin/smbd [0x2af157f05567] #29 /usr/local/samba/sbin/smbd [0x2af157f055d8] #30 /usr/local/samba/sbin/smbd(run_events_poll+0x3c9) [0x2af15817c09a] #31 /usr/local/samba/sbin/smbd(smbd_process+0xa0b) [0x2af157f042be] #32 /usr/local/samba/sbin/smbd [0x2af1583c182f] #33 /usr/local/samba/sbin/smbd(run_events_poll+0x3c9) [0x2af15817c09a] #34 /usr/local/samba/sbin/smbd [0x2af15817c4cf] #35 /usr/local/samba/sbin/smbd(_tevent_loop_once+0x84) [0x2af15817c7e9] #36 /usr/local/samba/sbin/smbd(main+0x13bc) [0x2af1583c2f6c] #37 /lib64/libc.so.6(__libc_start_main+0xf4) [0x2af15a38c994] #38 /usr/local/samba/sbin/smbd [0x2af157e88ee9] Is this a known issue? -- Jonathan Knight IT Services Keele University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade from 4.0.0 to 4.0.3 creates unfixable errors with dbcheck
Hi Nico Tried with make clean and with a fresh build from the 4.0.3 source. Yielded same issue. Regards Chris Nico Kadel-Garcia nka...@gmail.com wrote: On Thu, Feb 21, 2013 at 8:11 AM, Chris Lewis cle...@inview.co.uk wrote: Hello, Today I tried to upgrade from samba 4.0.0 to 4.0.3 on my test environment. I patched the source with the diffs patch-4.0.0-4.0.1.diffs, patch-4.0.1-4.0.2.diffs, patch-4.0.2-4.0.3.diffs , then make, make install. I don't see a make clean in there, and it doesn't seem to be available anymore with the new Python based build system. Rather than compiling on top of your old code, which may not completely detect dependencies on altered include files and force rebuilding of new binaries, why don't you work from a fresh source tree and build from scratch? This is especially important when the build components themselves, such as that Python waf build tools, may be modified by the udpates. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade from 4.0.0 to 4.0.3 creates unfixable errors with dbcheck
On Thu, Feb 21, 2013 at 8:11 AM, Chris Lewis cle...@inview.co.uk wrote: Hello, Today I tried to upgrade from samba 4.0.0 to 4.0.3 on my test environment. I patched the source with the diffs patch-4.0.0-4.0.1.diffs, patch-4.0.1-4.0.2.diffs, patch-4.0.2-4.0.3.diffs , then make, make install. I don't see a make clean in there, and it doesn't seem to be available anymore with the new Python based build system. Rather than compiling on top of your old code, which may not completely detect dependencies on altered include files and force rebuilding of new binaries, why don't you work from a fresh source tree and build from scratch? This is especially important when the build components themselves, such as that Python waf build tools, may be modified by the udpates. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade from 4.0.0 to 4.0.3 creates unfixable errors with dbcheck
On Thu, 2013-02-21 at 13:11 +, Chris Lewis wrote: Hello, Today I tried to upgrade from samba 4.0.0 to 4.0.3 on my test environment. I patched the source with the diffs patch-4.0.0-4.0.1.diffs, patch-4.0.1-4.0.2.diffs, patch-4.0.2-4.0.3.diffs , then make, make install. # samba-tool dbcheck Checking 807 objects Not fixing nTSecurityDescriptor on CN=Performance Monitor Users,CN=Builtin,DC=inview,DC=local --- all errors were same for each object Checked 807 objects (805 errors) Tried # samba-tool dbcheck --fix (fix all.) Checked 807 objects (763 errors) now # samba-tool dbcheck Not fixing nTSecurityDescriptor on CN=Performance Monitor Users,CN=Builtin,DC=inview,DC=local --- all errors were same for each object Checked 807 objects (650 errors) Fixing again has no further effect on the number of errors. It should be noted that before the upgrade dbcheck found no errors So what has changed between the versions to cause this and how can I fix these errors? Please file a bug. Clearly our heuristic to detect when we need to rewrite these is faulty. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade from 4.0.0 to 4.0.3 creates unfixable errors with dbcheck
Hello, Today I tried to upgrade from samba 4.0.0 to 4.0.3 on my test environment. I patched the source with the diffs patch-4.0.0-4.0.1.diffs, patch-4.0.1-4.0.2.diffs, patch-4.0.2-4.0.3.diffs , then make, make install. # samba-tool dbcheck Checking 807 objects Not fixing nTSecurityDescriptor on CN=Performance Monitor Users,CN=Builtin,DC=inview,DC=local --- all errors were same for each object Checked 807 objects (805 errors) Tried # samba-tool dbcheck --fix (fix all.) Checked 807 objects (763 errors) now # samba-tool dbcheck Not fixing nTSecurityDescriptor on CN=Performance Monitor Users,CN=Builtin,DC=inview,DC=local --- all errors were same for each object Checked 807 objects (650 errors) Fixing again has no further effect on the number of errors. It should be noted that before the upgrade dbcheck found no errors So what has changed between the versions to cause this and how can I fix these errors? Cheers Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade samba (3.0.33) to samba-3x (3.6.6) on Centos5
Hi Related to my previous posting on joining win7 to a domain with samba-3.6.6 (which I finally managed to do!) With Centos5 one has the option of installing either Samba which is 3.0.33 or Samba3x which is 3.6.6 with the latest updates to centos5.9 My own server was set up with samba3x and hence was able to attempt connection of win7 PC I have several customers with older installations using samba3.0.33. Last year I tried updating one of them and it appeared the only way was to remove samba (3.0.33) and then install samba3x. This meant recreating all the shares and samba configuration and rejoining everyone to the domain. Is there an easier way of upgrading? Regards Peter Lawrie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade from 3.5 - 3.6, now I have no backend defined for idmap
On 02/05/2013 12:08 AM, Jobst Schmalenbach wrote: Hi Dale that worked, thanks. Just to clarify the * means everything else, right? That's how I understand it. On the sites I visited while gathering this information, no one seemed to know why it is required, only that everything started working after it was added. Cause now I am getting (only once) [2013/02/04 07:50:48.519114, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config BUILTIN I have that line, too and also a lot of other lines regarding BUILTIN. Everything is working, so I haven't put any effort into finding out why. If you run cat against your Samba logs and grep for BUILTIN, you'll see what I mean. One strange side effect ... I have never had to reboot a machine because of a change to the samba daemon(s), a restart always worked. For a couple of days after the change I still was getting the message until I rebooted ... now I do not get the messages, weird. On rare occasions, I've had to do the same thing. It's something I would try when all else failed. Sorry that I don't have any concrete reasons as to the why of any of these things. Dale Jobst On Tue, Jan 29, 2013 at 01:17:52PM -0600, Dale Schroeder (d...@briannassaladdressing.com) wrote: Jobst, The following works for me in 3.6.x. Modify to match your criteria. idmap config * : backend= tdb idmap config * : range = low - high idmap config DOMAIN : default = Yes idmap config DOMAIN : backend = idmap backend idmap config DOMAIN : range = different low - different high Dale On 01/28/2013 10:51 PM, Jobst Schmalenbach wrote: Hi. I am getting loads of errors no backend defined for idmap config MYDOMAIN after I upgraded from 3.5 - 3.6 a couple of days ago. I read http://wiki.samba.org/index.php/Samba_3.6_Features_added/changed and did what man smb.conf suggested: idmap config MYDOMAIN : backend = tdb idmap config MYDOMAIN : range = 500-199 yet I still receive those errors. I used to have idmap uid = 500-1000 idmap gid = 500-1000 and I had no errors while running 3.5.10. I am not sure what I am doing wrong, help please. Jobst -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade from 3.5 - 3.6, now I have no backend defined for idmap
On Tue, Feb 05, 2013 at 01:56:26PM -0600, Dale Schroeder (d...@briannassaladdressing.com) wrote: On 02/05/2013 12:08 AM, Jobst Schmalenbach wrote: Hi Dale [snip snap snip] Sorry that I don't have any concrete reasons as to the why of any of these things. ;-) love that line. Jobst -- A loving atmosphere in your home is the foundation for your life. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade from 3.5 - 3.6, now I have no backend defined for idmap
Hi Dale that worked, thanks. Just to clarify the * means everything else, right? Cause now I am getting (only once) [2013/02/04 07:50:48.519114, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config BUILTIN One strange side effect ... I have never had to reboot a machine because of a change to the samba daemon(s), a restart always worked. For a couple of days after the change I still was getting the message until I rebooted ... now I do not get the messages, weird. Jobst On Tue, Jan 29, 2013 at 01:17:52PM -0600, Dale Schroeder (d...@briannassaladdressing.com) wrote: Jobst, The following works for me in 3.6.x. Modify to match your criteria. idmap config * : backend= tdb idmap config * : range = low - high idmap config DOMAIN : default = Yes idmap config DOMAIN : backend = idmap backend idmap config DOMAIN : range = different low - different high Dale On 01/28/2013 10:51 PM, Jobst Schmalenbach wrote: Hi. I am getting loads of errors no backend defined for idmap config MYDOMAIN after I upgraded from 3.5 - 3.6 a couple of days ago. I read http://wiki.samba.org/index.php/Samba_3.6_Features_added/changed and did what man smb.conf suggested: idmap config MYDOMAIN : backend = tdb idmap config MYDOMAIN : range = 500-199 yet I still receive those errors. I used to have idmap uid = 500-1000 idmap gid = 500-1000 and I had no errors while running 3.5.10. I am not sure what I am doing wrong, help please. Jobst -- The journey of a thousand steps begins with few hundred forgotten necessities. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade samba
Hi, @Nico I fixed smbldap-tools, I have installed the package and correct smb.conf, the new file is [global] workgroup = GIS passdb backend = ldapsam:ldap://192.0.200.2/ map untrusted to domain = Yes log level = 4 log file = /var/log/samba/log.%U time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE add user script = /usr/bin/smbldap-useradd -a -m -P %u delete user script = /usr/bin/smbldap-userdel -r %u add group script = /usr/bin/smbldap-groupadd -p %g delete group script = /usr/bin/smbldap-groupdel %g add user to group script = /usr/bin/smbldap-groupmod -m %u %g delete user from group script = /usr/bin/smbldap-groupmod -x %u %g set primary group script = /usr/bin/smbldap-usermod -g %g %u add machine script = /usr/bin/smbldap-useradd -w %u #add user script = /usr/local/bin/smbldap-useradd -a -m -P %u #delete user script = /usr/local/bin/smbldap-userdel -r %u #add group script = /usr/local/bin/smbldap-groupadd -p %g #delete group script = /usr/local/bin/smbldap-groupdel %g #add user to group script = /usr/local/bin/smbldap-groupmod -m %u %g #delete user from group script = /usr/local/bin/smbldap-groupmod -x %u %g #set primary group script = /usr/local/bin/smbldap-usermod -g %g %u #add machine script = /usr/local/bin/smbldap-useradd -w %u logon path = logon home = domain logons = Yes os level = 33 preferred master = Auto domain master = Yes enable privileges = yes ldap admin dn = cn=Manager,dc=sigesgroup,dc=intra ldap delete dn = Yes ldap group suffix = ou=group ldap machine suffix = ou=machines ldap passwd sync = yes ldap suffix = dc=sigesgroup,dc=intra ldap ssl = no ldap user suffix = ou=People idmap config * : range = idmap config * : ldap_url = ldap://192.0.200.2/ ldapsam:editposix = yes ldapsam:trusted = yes idmap config * : backend = ldapsam:ldap://192.0.200.2/ idmap config * : range = 5000 - 5 idmap config * : default = yes [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = Yes [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 @Harry Jede I fixed sid, now SID for local machine VMPDC is: S-1-5-21-3564791867-1010203101-2143723903 SID for domain GIS is: S-1-5-21-3564791867-1010203101-2143723903 SambaSID for user Manager: S-1-5-21-3564791867-1010203101-2143723903-500 sambaPrimaryGroupSID for user MAnager: S-1-5-21-3564791867-1010203101-2143723903-2025 Now the problem is: [2013/01/30 12:11:20.546770, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-3564791867-1010203101-2143723903-500] [2013/01/30 12:11:20.546816, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-3564791867-1010203101-2143723903-2089] [2013/01/30 12:11:20.546862, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2013/01/30 12:11:20.546901, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2013/01/30 12:11:20.551429, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2013/01/30 12:11:20.552023, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) 2013/1/28 Nico Kadel-Garcia nka...@gmail.com: On Mon, Jan 28, 2013 at 3:38 AM, Fabrizio Monti thefanta...@gmail.com wrote: Hi Nico Kadel-Garcia, thanks for reply. Path for smbldap is correct. Other log file have Then you have a manually built and installed smbldap-tools, and you should probably replace it with the one from Red Hat or your Red Hat rebuild provider. For consistence and compatibility with your RPM supplied Samba, I urge you to use the distribution provided smbldap-tools package and move aside the hand-built versions you have in /usr/local/bin. While this won't necessarily solve your problem, it gives all of us a consistent reference as to what tools and versions of tools you're using. It's also why I spend so much time RPM bundling software, so both people I support and I are using the same package from the same, clean build environment. Nico Kadel-Garcia nka...@gmail.com 2013/01/25 17:20:13.974204, 1] auth/server_info.c:386(samu_to_SamInfo3) The primary group domain sid(S-1-5-21-3564791867-1010203101-2143723903-513) does not match the domain sid(S-1-5-21-2427793829-1009842549-3523806979) for
Re: [Samba] upgrade samba
Sorry for previous mail, I click on send to error. Hi, @Nico I fixed smbldap-tools, I have installed the package and correct smb.conf, the new file is [global] workgroup = GIS passdb backend = ldapsam:ldap://192.0.200.2/ map untrusted to domain = Yes log level = 4 log file = /var/log/samba/log.%U time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE add user script = /usr/bin/smbldap-useradd -a -m -P %u delete user script = /usr/bin/smbldap-userdel -r %u add group script = /usr/bin/smbldap-groupadd -p %g delete group script = /usr/bin/smbldap-groupdel %g add user to group script = /usr/bin/smbldap-groupmod -m %u %g delete user from group script = /usr/bin/smbldap-groupmod -x %u %g set primary group script = /usr/bin/smbldap-usermod -g %g %u add machine script = /usr/bin/smbldap-useradd -w %u #add user script = /usr/local/bin/smbldap-useradd -a -m -P %u #delete user script = /usr/local/bin/smbldap-userdel -r %u #add group script = /usr/local/bin/smbldap-groupadd -p %g #delete group script = /usr/local/bin/smbldap-groupdel %g #add user to group script = /usr/local/bin/smbldap-groupmod -m %u %g #delete user from group script = /usr/local/bin/smbldap-groupmod -x %u %g #set primary group script = /usr/local/bin/smbldap-usermod -g %g %u #add machine script = /usr/local/bin/smbldap-useradd -w %u logon path = logon home = domain logons = Yes os level = 33 preferred master = Auto domain master = Yes enable privileges = yes ldap admin dn = cn=Manager,dc=sigesgroup,dc=intra ldap delete dn = Yes ldap group suffix = ou=group ldap machine suffix = ou=machines ldap passwd sync = yes ldap suffix = dc=sigesgroup,dc=intra ldap ssl = no ldap user suffix = ou=People idmap config * : range = idmap config * : ldap_url = ldap://192.0.200.2/ ldapsam:editposix = yes ldapsam:trusted = yes idmap config * : backend = ldapsam:ldap://192.0.200.2/ idmap config * : range = 5000 - 5 idmap config * : default = yes [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = Yes [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 @Harry Jede I fixed sid, now SID for local machine VMPDC is: S-1-5-21-3564791867-1010203101-2143723903 SID for domain GIS is: S-1-5-21-3564791867-1010203101-2143723903 SambaSID for user Manager: S-1-5-21-3564791867-1010203101-2143723903-500 sambaPrimaryGroupSID for user MAnager: S-1-5-21-3564791867-1010203101-2143723903-2025 Now the problem is (I write only the problem) /var/log/samba/log.manager [2013/01/30 12:11:20.546770, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-3564791867-1010203101-2143723903-500] [2013/01/30 12:11:20.546816, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-3564791867-1010203101-2143723903-2089] [2013/01/30 12:11:20.546862, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2013/01/30 12:11:20.546901, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2013/01/30 12:11:20.551429, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2013/01/30 12:11:20.552023, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2013/01/30 12:11:20.552556, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(sambaSID=S-1-5-11)) [2013/01/30 12:11:21.006618, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2013/01/30 12:11:21.006627, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/01/30 12:11:36.943971, 1] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 192.0.200.149 read error = NT_STATUS_CONNECTION_RESET. 2013/1/28 Nico Kadel-Garcia nka...@gmail.com: On Mon, Jan 28, 2013 at 3:38 AM, Fabrizio Monti thefanta...@gmail.com wrote: Hi Nico Kadel-Garcia, thanks for reply. Path for smbldap is correct. Other log file have Then you have a manually built and installed smbldap-tools, and you should probably replace it with the one from Red Hat or your Red Hat rebuild provider. For consistence and
Re: [Samba] upgrade from 3.5 - 3.6, now I have no backend defined for idmap
Jobst, The following works for me in 3.6.x. Modify to match your criteria. idmap config * : backend= tdb idmap config * : range = low - high idmap config DOMAIN : default = Yes idmap config DOMAIN : backend = idmap backend idmap config DOMAIN : range = different low - different high Dale On 01/28/2013 10:51 PM, Jobst Schmalenbach wrote: Hi. I am getting loads of errors no backend defined for idmap config MYDOMAIN after I upgraded from 3.5 - 3.6 a couple of days ago. I read http://wiki.samba.org/index.php/Samba_3.6_Features_added/changed and did what man smb.conf suggested: idmap config MYDOMAIN : backend = tdb idmap config MYDOMAIN : range = 500-199 yet I still receive those errors. I used to have idmap uid = 500-1000 idmap gid = 500-1000 and I had no errors while running 3.5.10. I am not sure what I am doing wrong, help please. Jobst -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade samba
Hi Nico Kadel-Garcia, thanks for reply. Path for smbldap is correct. Other log file have 2013/01/25 17:20:13.974204, 1] auth/server_info.c:386(samu_to_SamInfo3) The primary group domain sid(S-1-5-21-3564791867-1010203101-2143723903-513) does not match the domain sid(S-1-5-21-2427793829-1009842549-3523806979) for Manager(S-1-5-21-2427793829-1009842549-3523806979-500) [2013/01/25 17:20:13.974250, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/01/25 17:20:13.974286, 0] auth/check_samsec.c:491(check_sam_security) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' [2013/01/25 17:20:13.974506, 3] auth/auth_winbind.c:60(check_winbind_security) check_winbind_security: Not using winbind, requested domain [gis] was for this SAM. [2013/01/25 17:20:13.974542, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [Manager] - [Manager] FAILED with error NT_STATUS_UNSUCCESSFUL [2013/01/25 17:20:13.974610, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) NT_STATUS_UNSUCCESSFUL [2013/01/25 17:20:24.885770, 1] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 192.0.200.149 read error = NT_STATUS_CONNECTION_RESET. [2013/01/25 17:20:24.885923, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/01/25 17:20:24.886102, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) Then the problem is sid, samba-3.3 probabily do not check sid. Ldap is workin so it is possible disable sid check in samba-3.6? Fabrizio. Well, for one thing, if you updated to samba3x your binaries for things like smbldap-usermod are all going to be in /usr/bin, not /usr/local/bin. path is correct, files smbldap are in /usr/local/bin. Did you have an old hand-built Samba lying around? If you did, you need to clear it. Jan 24 17:53:03 VmPDC smbd[15115]: [2013/01/24 17:53:03.371837, 0] auth/check_samsec.c:491(check_sam_security) Jan 24 17:53:03 VmPDC smbd[15115]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' Jan 24 17:53:04 VmPDC smbd[15115]: [2013/01/24 17:53:04.413597, 0] auth/check_samsec.c:491(check_sam_security) Jan 24 17:53:04 VmPDC smbd[15115]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' This configuration of samba [root@VmPDC ~]# testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] Processing section [profiles] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = GIS passdb backend = ldapsam:ldap://192.0.200.2/ log file = /var/log/samba/log.%U time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE add user script = /usr/local/bin/smbldap-useradd -a -m -P %u delete user script = /usr/local/bin/smbldap-userdel -r %u add group script = /usr/local/bin/smbldap-groupadd -p %g delete group script = /usr/local/bin/smbldap-groupdel %g add user to group script = /usr/local/bin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/bin/smbldap-groupmod -x %u %g set primary group script = /usr/local/bin/smbldap-usermod -g %g %u add machine script = /usr/local/bin/smbldap-useradd -w %u logon path = logon home = domain logons = Yes os level = 33 preferred master = Auto domain master = Yes ldap admin dn = cn=Manager,dc=sigesgroup,dc=intra ldap delete dn = Yes ldap group suffix = ou=group ldap machine suffix = ou=machines ldap passwd sync = yes ldap suffix = dc=sigesgroup,dc=intra ldap ssl = no ldap user suffix = ou=People idmap config * :range = 5000 - 5 ldapsam:editposix = yes ldapsam:trusted = yes idmap config * : backend = ldap:ldap://192.0.200.2/ [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = Yes [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 why is not it working? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade samba
On Mon, Jan 28, 2013 at 3:38 AM, Fabrizio Monti thefanta...@gmail.com wrote: Hi Nico Kadel-Garcia, thanks for reply. Path for smbldap is correct. Other log file have Then you have a manually built and installed smbldap-tools, and you should probably replace it with the one from Red Hat or your Red Hat rebuild provider. For consistence and compatibility with your RPM supplied Samba, I urge you to use the distribution provided smbldap-tools package and move aside the hand-built versions you have in /usr/local/bin. While this won't necessarily solve your problem, it gives all of us a consistent reference as to what tools and versions of tools you're using. It's also why I spend so much time RPM bundling software, so both people I support and I are using the same package from the same, clean build environment. Nico Kadel-Garcia nka...@gmail.com 2013/01/25 17:20:13.974204, 1] auth/server_info.c:386(samu_to_SamInfo3) The primary group domain sid(S-1-5-21-3564791867-1010203101-2143723903-513) does not match the domain sid(S-1-5-21-2427793829-1009842549-3523806979) for Manager(S-1-5-21-2427793829-1009842549-3523806979-500) [2013/01/25 17:20:13.974250, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/01/25 17:20:13.974286, 0] auth/check_samsec.c:491(check_sam_security) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' [2013/01/25 17:20:13.974506, 3] auth/auth_winbind.c:60(check_winbind_security) check_winbind_security: Not using winbind, requested domain [gis] was for this SAM. [2013/01/25 17:20:13.974542, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [Manager] - [Manager] FAILED with error NT_STATUS_UNSUCCESSFUL [2013/01/25 17:20:13.974610, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) NT_STATUS_UNSUCCESSFUL [2013/01/25 17:20:24.885770, 1] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 192.0.200.149 read error = NT_STATUS_CONNECTION_RESET. [2013/01/25 17:20:24.885923, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/01/25 17:20:24.886102, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) Then the problem is sid, samba-3.3 probabily do not check sid. Ldap is workin so it is possible disable sid check in samba-3.6? Fabrizio. Well, for one thing, if you updated to samba3x your binaries for things like smbldap-usermod are all going to be in /usr/bin, not /usr/local/bin. path is correct, files smbldap are in /usr/local/bin. Did you have an old hand-built Samba lying around? If you did, you need to clear it. Jan 24 17:53:03 VmPDC smbd[15115]: [2013/01/24 17:53:03.371837, 0] auth/check_samsec.c:491(check_sam_security) Jan 24 17:53:03 VmPDC smbd[15115]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' Jan 24 17:53:04 VmPDC smbd[15115]: [2013/01/24 17:53:04.413597, 0] auth/check_samsec.c:491(check_sam_security) Jan 24 17:53:04 VmPDC smbd[15115]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' This configuration of samba [root@VmPDC ~]# testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] Processing section [profiles] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = GIS passdb backend = ldapsam:ldap://192.0.200.2/ log file = /var/log/samba/log.%U time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE add user script = /usr/local/bin/smbldap-useradd -a -m -P %u delete user script = /usr/local/bin/smbldap-userdel -r %u add group script = /usr/local/bin/smbldap-groupadd -p %g delete group script = /usr/local/bin/smbldap-groupdel %g add user to group script = /usr/local/bin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/bin/smbldap-groupmod -x %u %g set primary group script = /usr/local/bin/smbldap-usermod -g %g %u add machine script = /usr/local/bin/smbldap-useradd -w %u logon path = logon home = domain logons = Yes os level = 33 preferred master = Auto domain master = Yes ldap admin dn = cn=Manager,dc=sigesgroup,dc=intra ldap delete dn = Yes ldap group suffix = ou=group ldap machine suffix = ou=machines ldap passwd sync = yes ldap suffix = dc=sigesgroup,dc=intra ldap ssl = no ldap user suffix = ou=People idmap config * :range = 5000 - 5 ldapsam:editposix = yes
Re: [Samba] upgrade samba
On 16:55:05 wrote Fabrizio Monti: Hi Nico Kadel-Garcia, thanks for reply. Path for smbldap is correct. Other log file have 2013/01/25 17:20:13.974204, 1] auth/server_info.c:386(samu_to_SamInfo3) The primary group domain sid(S-1-5-21-3564791867-1010203101-2143723903-513) does not match the domain sid(S-1-5-21-2427793829-1009842549-3523806979) for Manager(S-1-5-21-2427793829-1009842549-3523806979-500) You have a SID problem: S-1-5-21-3564791867-1010203101-2143723903-513 S-1-5-21-2427793829-1009842549-3523806979 S-1-5-21-2427793829-1009842549-3523806979-500 So it seems to be a config/upgrade problem. Check the output from: net getdomainsid also control the sid settting in smbldaptools.conf ... Then the problem is sid, samba-3.3 probabily do not check sid. Ldap is workin so it is possible disable sid check in samba-3.6? SIDs are Microsofts primary security indentifier. I believe you can not change this. Fabrizio. -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade from 3.5 - 3.6, now I have no backend defined for idmap
Hi. I am getting loads of errors no backend defined for idmap config MYDOMAIN after I upgraded from 3.5 - 3.6 a couple of days ago. I read http://wiki.samba.org/index.php/Samba_3.6_Features_added/changed and did what man smb.conf suggested: idmap config MYDOMAIN : backend = tdb idmap config MYDOMAIN : range = 500-199 yet I still receive those errors. I used to have idmap uid = 500-1000 idmap gid = 500-1000 and I had no errors while running 3.5.10. I am not sure what I am doing wrong, help please. Jobst -- 'I will go to Korea.' - Dwight D Eisenhower. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade samba
Hello to all, is the first time I write to this mailing list, I wanted to ask you a hand about an upgrade of samba I did on a centos 5.5 i386 with kernel 2.6.18-308.24.1.el5, which I updated with yum samba3x-3.3. 8-0.52.el5_5.2 bringing it to samba3x-3.6.6-0.129.el5. Now I can not put the computer to the domain, the error is that I find myself Jan 24 17:53:03 VmPDC smbd[15115]: [2013/01/24 17:53:03.371837, 0] auth/check_samsec.c:491(check_sam_security) Jan 24 17:53:03 VmPDC smbd[15115]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' Jan 24 17:53:04 VmPDC smbd[15115]: [2013/01/24 17:53:04.413597, 0] auth/check_samsec.c:491(check_sam_security) Jan 24 17:53:04 VmPDC smbd[15115]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' This configuration of samba [root@VmPDC ~]# testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] Processing section [profiles] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = GIS passdb backend = ldapsam:ldap://192.0.200.2/ log file = /var/log/samba/log.%U time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE add user script = /usr/local/bin/smbldap-useradd -a -m -P %u delete user script = /usr/local/bin/smbldap-userdel -r %u add group script = /usr/local/bin/smbldap-groupadd -p %g delete group script = /usr/local/bin/smbldap-groupdel %g add user to group script = /usr/local/bin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/bin/smbldap-groupmod -x %u %g set primary group script = /usr/local/bin/smbldap-usermod -g %g %u add machine script = /usr/local/bin/smbldap-useradd -w %u logon path = logon home = domain logons = Yes os level = 33 preferred master = Auto domain master = Yes ldap admin dn = cn=Manager,dc=sigesgroup,dc=intra ldap delete dn = Yes ldap group suffix = ou=group ldap machine suffix = ou=machines ldap passwd sync = yes ldap suffix = dc=sigesgroup,dc=intra ldap ssl = no ldap user suffix = ou=People idmap config * :range = 5000 - 5 ldapsam:editposix = yes ldapsam:trusted = yes idmap config * : backend = ldap:ldap://192.0.200.2/ [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = Yes [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 why is not it working? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade samba
On Fri, Jan 25, 2013 at 3:32 AM, Fabrizio Monti thefanta...@gmail.com wrote: Hello to all, is the first time I write to this mailing list, I wanted to ask you a hand about an upgrade of samba I did on a centos 5.5 i386 with kernel 2.6.18-308.24.1.el5, which I updated with yum samba3x-3.3. 8-0.52.el5_5.2 bringing it to samba3x-3.6.6-0.129.el5. Now I can not put the computer to the domain, the error is that I find myself Well, for one thing, if you updated to samba3x your binaries for things like smbldap-usermod are all going to be in /usr/bin, not /usr/local/bin. Did you have an old hand-built Samba lying around? If you did, you need to clear it. Also, you *really* need to consider updating to CentOS 5.9 simply for the security patches. It's unreasonable to expect a server to be secure enough for secure, reliable file services or account management when the basic OS hasn't been kept up-to-date. Nico Kadel-Garcia Jan 24 17:53:03 VmPDC smbd[15115]: [2013/01/24 17:53:03.371837, 0] auth/check_samsec.c:491(check_sam_security) Jan 24 17:53:03 VmPDC smbd[15115]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' Jan 24 17:53:04 VmPDC smbd[15115]: [2013/01/24 17:53:04.413597, 0] auth/check_samsec.c:491(check_sam_security) Jan 24 17:53:04 VmPDC smbd[15115]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' This configuration of samba [root@VmPDC ~]# testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] Processing section [profiles] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = GIS passdb backend = ldapsam:ldap://192.0.200.2/ log file = /var/log/samba/log.%U time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE add user script = /usr/local/bin/smbldap-useradd -a -m -P %u delete user script = /usr/local/bin/smbldap-userdel -r %u add group script = /usr/local/bin/smbldap-groupadd -p %g delete group script = /usr/local/bin/smbldap-groupdel %g add user to group script = /usr/local/bin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/bin/smbldap-groupmod -x %u %g set primary group script = /usr/local/bin/smbldap-usermod -g %g %u add machine script = /usr/local/bin/smbldap-useradd -w %u logon path = logon home = domain logons = Yes os level = 33 preferred master = Auto domain master = Yes ldap admin dn = cn=Manager,dc=sigesgroup,dc=intra ldap delete dn = Yes ldap group suffix = ou=group ldap machine suffix = ou=machines ldap passwd sync = yes ldap suffix = dc=sigesgroup,dc=intra ldap ssl = no ldap user suffix = ou=People idmap config * :range = 5000 - 5 ldapsam:editposix = yes ldapsam:trusted = yes idmap config * : backend = ldap:ldap://192.0.200.2/ [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = Yes [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 why is not it working? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba upgrade problem with ADS
On Wed, 2012-09-05 at 12:07 +, Nitin Thakur wrote: how about i get rid of secrets file all together? You can delete secrets.tdb and secrets.ldb if either exists. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba upgrade problem with ADS
is it possible to run samba with ad without winbind? Nitin Thakur ---Original Message--- From: Andrew Bartlett abart...@samba.org Sent: 6/9/2012 20:42 To: nitintha...@hotmail.com Cc: samba@lists.samba.org Subject: Re: [Samba] Samba upgrade problem with ADS On Wed, 2012-09-05 at 12:07 +, Nitin Thakur wrote: how about i get rid of secrets file all together? You can delete secrets.tdb and secrets.ldb if either exists. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba upgrade problem with ADS
On Fri, 2012-09-07 at 01:41 +, Nitin Thakur wrote: is it possible to run samba with ad without winbind? It isn't recommended, and won't help the issue you are having. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba upgrade problem with ADS
how about i get rid of secrets file all together? Nitin Thakur ---Original Message--- From: Andrew Bartlett abart...@samba.org Sent: 5/9/2012 0:26 To: nitintha...@hotmail.com Cc: samba@lists.samba.org Subject: Re: [Samba] Samba upgrade problem with ADS On Tue, 2012-09-04 at 22:10 -0400, Nitin Thakur wrote: hi gurus My samba upgrade woes: - I have to run 2 instances of samba one for dev and one for UAT. both the instances are giving me hard time after the upgrade. One instance keeps giving me following error: - connect_to_domain_password_server: unable to open the domain client session to machine x.x.x.xxx.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO. [2012/09/04 16:19:36.993000, 0] auth/auth_domain.c:292(domain_client_validate) that means it could not find the domain password in secrets.tdb. When you upgraded, did you either copy the secrets.tdb to the new prefix, or use the same prefix? This doesn't explain the re-join issues, unless you are mixing up a 'net' binary from one release (and prefix) with smbd/winbindd from the other however. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba upgrade problem with ADS
hi gurus My samba upgrade woes: - I have to run 2 instances of samba one for dev and one for UAT. both the instances are giving me hard time after the upgrade. One instance keeps giving me following error: - connect_to_domain_password_server: unable to open the domain client session to machine x.x.x.xxx.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO. [2012/09/04 16:19:36.993000, 0] auth/auth_domain.c:292(domain_client_validate) It returns this error for all the password servers. I deleted the server from ad and tried to rejoin the domain. it did join the domain but returned the error: - # /opt/local/samba/bin/net -s /opt/local/samba/lib/smb.conf.dev ads join -U admin Enter admin's password: Using short domain name -- Joined '' to realm '...com' DNS Update for x..xx.xxx.com failed: ERROR_DNS_UPDATE_FAILED DNS update failed! since then it keeps giving me error: - [2012/09/04 21:43:10.299657, 0] smbd/server.c:1109(main) standard input is not a socket, assuming -D option [2012/09/04 21:43:10.606915, 0] libads/kerberos_util.c:101(ads_kinit_password) kerberos_kinit_password X$@XXX.XX.XX.COM failed: Preauthentication failed [2012/09/04 21:43:10.608476, 0] printing/nt_printing.c:102(nt_printing_init) nt_printing_init: error checking published printers: WERR_ACCESS_DENIED moving on to other instance: - [2012/09/04 15:51:47.207600, 5] rpc_client/cli_pipe.c:738(rpc_api_pipe_send) rpc_api_pipe: host XX.X.X.XX.COM [2012/09/04 15:51:47.209191, 5] rpc_client/cli_pipe.c:97(rpc_read_send) rpc_read_send: data_to_read: 52 [2012/09/04 15:51:47.209422, 5] rpc_client/cli_pipe.c:1521(check_bind_response) check_bind_response: accepted! [2012/09/04 15:51:47.209687, 5] passdb/passdb.c:2365(get_trust_pw_clear) get_trust_pw_clear: could not fetch clear text trust account password for domain XX [2012/09/04 15:51:47.209844, 5] passdb/machine_account_secrets.c:267(secrets_fetch_trust_account_password_legacy) secrets_fetch failed! [2012/09/04 15:51:47.209998, 5] passdb/passdb.c:2403(get_trust_pw_hash) get_trust_pw_hash: could not fetch trust account password for domain XXX [2012/09/04 15:51:47.210109, 0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common) get_schannel_session_key: could not fetch trust account password for domain 'X' [2012/09/04 15:51:47.211665, 0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel) cli_rpc_pipe_open_schannel: failed to get schannel session key from server XXX.X.XXX.XX.COM for domain XX. [2012/09/04 15:51:47.211845, 0] auth/auth_domain.c:193(connect_to_domain_password_server) connect_to_domain_password_server: unable to open the domain client session to machine ....COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO. [2012/09/04 15:51:47.213484, 0] auth/auth_domain.c:292(domain_client_validate) domain_client_validate: Domain password server not available. [2012/09/04 15:51:47.213654, 5] auth/auth.c:271(check_ntlm_password) check_ntlm_password: winbind authentication for user [] FAILED with error NT_STATUS_CANT_ACCESS_DOMAIN_INFO [2012/09/04 15:51:47.213779, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [X] - [XX] FAILED with error NT_STATUS_CANT_ACCESS_DOMAIN_INFO [2012/09/04 15:51:47.213950, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) NT_STATUS_CANT_ACCESS_DOMAIN_INFO Here is the smbd.conf for 1st instance #=== Global Settings = [global] socket options = TCP_NODELAY IPTOS_LOWDELAY netbios name = X workgroup = X server string = Samba Server ver %v security = ADS log file = /opt/local/samba/dev/logs/log.%m max log size = 50 password server = xx...xxx.com, ...xxx.com encrypt passwords = yes realm = XXX..X.COM local master = no domain master = no domain logons = no dns proxy = no smb passwd file = /opt/local/samba/dev/private private dir = /opt/local/samba/dev/private username map = /opt/local/samba/dev/users.map pid directory = /opt/local/samba/dev bind interfaces only = yes wins support = no domain master = no allow trusted domains = yes locking = yes lock directory = /opt/local/samba/var/dev/locks preserve case = yes short preserve case = yes name resolve order = host bcast load printers = no printcap name = /dev/null deadtime = 15 preferred master = no guest account = nobody guest ok = yes syslog = 0 interfaces = xxx.xxx.xxx.xxx socket address = xxx.xxx.xxx.xxx [share] comment = share path = /share read only = No create mask = 0774 browseable = yes preserve case = yes and smb.conf.uat for second instance [global] socket options = TCP_NODELAY IPTOS_LOWDELAY netbios name = X-UAT workgroup
Re: [Samba] Samba upgrade problem with ADS
On Tue, 2012-09-04 at 22:10 -0400, Nitin Thakur wrote: hi gurus My samba upgrade woes: - I have to run 2 instances of samba one for dev and one for UAT. both the instances are giving me hard time after the upgrade. One instance keeps giving me following error: - connect_to_domain_password_server: unable to open the domain client session to machine x.x.x.xxx.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO. [2012/09/04 16:19:36.993000, 0] auth/auth_domain.c:292(domain_client_validate) that means it could not find the domain password in secrets.tdb. When you upgraded, did you either copy the secrets.tdb to the new prefix, or use the same prefix? This doesn't explain the re-join issues, unless you are mixing up a 'net' binary from one release (and prefix) with smbd/winbindd from the other however. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade 4.0.0alpha14
Hey, I am looking to upgrade my v4 installation to Beta6 (well, master - to overcome the mem leak mentioned on the wiki). The end goal is to be on Beta6 with the Samba4 on a new host in a remote location - but preserve the same domain, accounts, SID's, etc. I see on the wiki it mentions that I should get advice before trying this from this list - so anything you can provide me with would be appreciated! I pencilled out two options (are either feasible?): 1) Create new remote host, install v4 B6, join to existing domain, and shift FSMO roles. Then, remove v4 A14 from the domain - and hey presto. 2) Remove v4 A14 from the machine, but preserve databases. Install v4 B6, and attempt to upgrade the databases somehow (but I wouldn't know how to start with that). The current v4 A14 install was not upgraded from an earlier version - it was installed fresh. Exact version is 4.0.0alpha14-GIT-e8bae4c. Thanks for any advice, Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade
Hi, You are missing some header files on your system (bsd/string.h). Find the package that contains them in your bsd package repository assuming you are using some *BSD unix variant. br, Quinn On Mon, Jul 9, 2012 at 6:36 PM, sandy.napo...@eccmg.cupet.cu wrote: Hello list, I need update my samba, I run firtly ./configure.developer, and when I run make I get this message 123/3913] Compiling lib/replace/replace.c In file included from ../lib/replace/replace.c:26: ../lib/replace/replace.h:112:24: error: bsd/string.h: No such file or directory ../lib/replace/replace.h:116:24: error: bsd/unistd.h: No such file or directory Waf: Leaving directory `/media/samba-master/bin' Build failed: - task failed (err #1): -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Best regards/Med venlig hilsen, Quinn Plattel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade
Hello list, I need update my samba, I run firtly ./configure.developer, and when I run make I get this message 123/3913] Compiling lib/replace/replace.c In file included from ../lib/replace/replace.c:26: ../lib/replace/replace.h:112:24: error: bsd/string.h: No such file or directory ../lib/replace/replace.h:116:24: error: bsd/unistd.h: No such file or directory Waf: Leaving directory `/media/samba-master/bin' Build failed: - task failed (err #1): -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade to 3.6.6 fails - Couldn't migrate printers tdb file
Upgrading from 3.5.15 to 3.6.6 failed. Looks a bit like Bug 8235: [2012/07/04 09:02:38.341747, 0, effective(0, 0), real(0, 0)] lib/charcnv.c:543(convert_string_talloc) Conversion error: Illegal multibyte sequence() [2012/07/04 09:02:38.349010, 0, effective(0, 0), real(0, 0)] printing/nt_printing_migrate_internal.c:237(nt_printing_tdb_migrate) Couldn't migrate printers tdb file: NT_STATUS_NO_MEMORY [2012/07/04 09:02:38.349108, 0, effective(0, 0), real(0, 0)] rpc_server/srv_pipe_register.c:222(rpc_srv_register) rpc_srv_register: Failed to call the spoolss init function! -- Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade to 3.6.6 fails - Couldn't migrate printers tdb file
On Wed, 4 Jul 2012 09:49:49 -0400 Chris Smith smb...@chrissmith.org wrote: Upgrading from 3.5.15 to 3.6.6 failed. Looks a bit like Bug 8235: [2012/07/04 09:02:38.341747, 0, effective(0, 0), real(0, 0)] lib/charcnv.c:543(convert_string_talloc) Conversion error: Illegal multibyte sequence() [2012/07/04 09:02:38.349010, 0, effective(0, 0), real(0, 0)] printing/nt_printing_migrate_internal.c:237(nt_printing_tdb_migrate) Couldn't migrate printers tdb file: NT_STATUS_NO_MEMORY [2012/07/04 09:02:38.349108, 0, effective(0, 0), real(0, 0)] rpc_server/srv_pipe_register.c:222(rpc_srv_register) rpc_srv_register: Failed to call the spoolss init function! Thanks for the report Chris, please raise a new bug with the full set of log level = 10 logs attached. Cheers, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade to 3.6.6 fails - Couldn't migrate printers tdb file
From the smbd.log level 10 log there is this: = [2012/07/04 10:41:28.146531, 5, effective(0, 0), real(0, 0)] printing/nt_printing_migrate_internal.c:54(rename_file_with_suffix) moved '/var/lib/samba/ntdrivers.tdb' to '/var/lib/samba/ntdrivers.tdb.bak' [2012/07/04 10:41:28.146688, 3, effective(0, 0), real(0, 0)] lib/charcnv.c:537(convert_string_talloc) convert_string_talloc: Conversion error: Illegal multibyte sequence(â0) [2012/07/04 10:41:28.146750, 0, effective(0, 0), real(0, 0)] lib/charcnv.c:543(convert_string_talloc) Conversion error: Illegal multibyte sequence(â0) [2012/07/04 10:41:28.146823, 1, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:414(ndr_pull_error) ndr_pull_error(5): Bad character conversion with flags 0x42 [2012/07/04 10:41:28.146882, 2, effective(0, 0), real(0, 0)] printing/nt_printing_migrate.c:207(printing_tdb_migrate_printer) printer pull failed: Character Conversion Error [2012/07/04 10:41:28.146947, 0, effective(0, 0), real(0, 0)] printing/nt_printing_migrate_internal.c:237(nt_printing_tdb_migrate) Couldn't migrate printers tdb file: NT_STATUS_NO_MEMORY = Seems it doesn't like the ntdrivers.tdb file. It verifies fine with tdbbackup and I can backup and restore with tdbbackup or tdbdump/tdbrestore yet the same issue remains. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade to 3.6.6 fails - Couldn't migrate printers tdb file
On Wed, 4 Jul 2012 10:58:12 -0400 Chris Smith smb...@chrissmith.org wrote: From the smbd.log level 10 log there is this: = [2012/07/04 10:41:28.146531, 5, effective(0, 0), real(0, 0)] printing/nt_printing_migrate_internal.c:54(rename_file_with_suffix) moved '/var/lib/samba/ntdrivers.tdb' to '/var/lib/samba/ntdrivers.tdb.bak' [2012/07/04 10:41:28.146688, 3, effective(0, 0), real(0, 0)] lib/charcnv.c:537(convert_string_talloc) convert_string_talloc: Conversion error: Illegal multibyte sequence(â0) [2012/07/04 10:41:28.146750, 0, effective(0, 0), real(0, 0)] lib/charcnv.c:543(convert_string_talloc) Conversion error: Illegal multibyte sequence(â0) [2012/07/04 10:41:28.146823, 1, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:414(ndr_pull_error) ndr_pull_error(5): Bad character conversion with flags 0x42 [2012/07/04 10:41:28.146882, 2, effective(0, 0), real(0, 0)] printing/nt_printing_migrate.c:207(printing_tdb_migrate_printer) printer pull failed: Character Conversion Error [2012/07/04 10:41:28.146947, 0, effective(0, 0), real(0, 0)] printing/nt_printing_migrate_internal.c:237(nt_printing_tdb_migrate) Couldn't migrate printers tdb file: NT_STATUS_NO_MEMORY = Seems it doesn't like the ntdrivers.tdb file. It verifies fine with tdbbackup and I can backup and restore with tdbbackup or tdbdump/tdbrestore yet the same issue remains. ntdrivers.tdb is ok, it appears to be ntprinters.tdb which is processed afterwards. My guess is it's a reoccurrence of: https://bugzilla.samba.org/show_bug.cgi?id=8606 Windows (likely the fault of the printer driver) sometimes adds garbage after the null terminator for printer device mode strings. Unmarshalling of the device mode chokes in some cases when processing these strings. The changes for 8606 fixed spoolss_DeviceMode (spoolss.idl) unmarshalling. However, it looks like we also need to do the same for ntprinting_devicemode (ntprinting.idl) to handle cases where this garbage was stored in the tdb, prior to the 8606 fix. Again, please raise a bug so we can fix this. Attach your printing tdb files in addition to the logs please. Cheers, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade to 3.6.6 fails - Couldn't migrate printers tdb file
Thank you. Done. Bug 9026. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade to 3.6.6 fails - Couldn't migrate printers tdb file
Just to note that ntprinters.tdb does not fail tdbbackup validation and a backup/restore of it does not resolve the issue. On Wed, Jul 4, 2012 at 11:35 AM, David Disseldorp dd...@suse.de wrote: ntdrivers.tdb is ok, it appears to be ntprinters.tdb which is processed afterwards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade samba 3.0.x to 3.5.x crash Authentication: LDAP
Hi guys I have strange case. One network is based on Samba 3.0.x + LDAP PDC. Centos 5.8 i386. This server have the mail: dovecot-ldap+postfix. Everything is working good, my clients are Windows XP Pro, roaming profiles, etc. I have receive my first Win7 machine and I need to update samba to samba3x(3.5.x). What I understand is that samba is not related to ldap-centos auth nss_ldap right? I can have this services without samba and no problem right? Well I decide to make the upgrade, first backup my current settings(/etc/samba, /etc/smbldap-tools/, /var/cache/samba). I test this in laboratory but didn't install nothing else, just samba+ldap and the update from 3.0.x to 3.5.x works. Once I prepare my server, I remove samba 3.0.x, delete everything related to samba. Install samba3x, build smbldap-tools for support to samba3.5.x. Setup my smb.conf. Setup my smbldap-tools etc. Restart ldap ok service smb start ok service nmb start ok service winbind start ok Check my clients and everything was working... Latter I test again, shutdown samba services and restart ldap... Ldap start no issue... smb service refuse to start nmb ok winbind ok Not starting smb services clock my server ldap authentication, I cannot access: I cannot access over ssh using keys my email clients cannot login I cannot send or receive emails.. Dovecot logs say that he cannot authenticated users... samba log(smbd.log) don't show to me iffo about what he refuse to start... I restart my server and the same issue, smb service refuse to start. I'm thinking, why samba is affecting my authtentication...? why he refuse to start...? in the console I can query for users and no problem. Why samba affect auth...? I increase the debug level and don't see nothing wrong... check: smbd.log [2012/06/27 19:44:00.277583, 3] param/loadparm.c:9180(lp_load_ex) lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) [2012/06/27 19:44:00.277731, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2012/06/27 19:44:00.277767, 3] param/loadparm.c:7864(do_section) Processing section [global] doing parameter workgroup = midomain doing parameter server string = PDC Domain doing parameter netbios name = PDC-SRV [2012/06/27 19:44:00.277838, 4] param/loadparm.c:7226(handle_netbios_name) handle_netbios_name: set global_myname to: PDC-SRV doing parameter hosts allow = 192.168.1. 192.168.2. 127. doing parameter interfaces = eth0 lo0 doing parameter smb ports = 139 445 doing parameter security = user doing parameter encrypt passwords = yes doing parameter passdb backend = ldapsam:ldap://127.0.0.1/ doing parameter enable privileges = yes doing parameter pam password change = Yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn * passwd:*all*authentication*tokens*updated*successfully* doing parameter unix password sync = Yes doing parameter log level = 10 [2012/06/27 19:44:00.278084, 5] lib/debug.c:405(debug_dump_status) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 doing parameter log file = /var/log/samba/%m.log doing parameter max log size = 2048 doing parameter syslog = 1 doing parameter name resolve order = wins bcast hosts lmhost doing parameter time server = No doing parameter socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 doing parameter use sendfile = yes doing parameter map hidden = No doing parameter map system = No doing parameter map archive = No doing parameter map read only = No doing parameter store dos attributes = Yes doing parameter Map to Guest = Bad User doing parameter load printers = No doing parameter printcap name = doing parameter cups options = doing parameter show add printer wizard = No doing parameter add user script = /usr/sbin/smbldap-useradd -m %u doing parameter delete user script = /usr/sbin/smbldap-userdel %u doing parameter add group script = /usr/sbin/smbldap-groupadd -p %g doing parameter delete group script = /usr/sbin/smbldap-groupdel %g doing parameter add user to group script = /usr/sbin/smbldap-groupmod -m %u %g doing parameter delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g doing parameter set primary group script = /usr/sbin/smbldap-usermod -g %g %u doing parameter add machine script = /usr/sbin/smbldap-useradd -w %u doing parameter ldap ssl = off doing parameter ldap passwd sync =
Re: [Samba] transfer users after samba upgrade to new server
Thank you Dale. Actually I did this by importing smbpasswd with pdbedit -i smbpasswd:smbpasswd And it works in the sense that my users can map a drive with their same credentials. But I have something else to consider. The old server was a domain master and so I have some win XP machines that login to it and there is a netlogin.bat etc. Given that all of the user password and machine passwords are now imported I wonder if that will continue to work when I switch over. If anyone has any insight on this I would appreciate it. I will be performing a test switch over on Monday at noon Guelph,ON,Canada time. Bill On 05/07/2012 02:35 PM, Dale Schroeder wrote: On 05/06/2012 10:14 AM, Bill Szkotnicki wrote: Hi, I want to transfer all of my users from an older version of samba to a new one here. The old version is 3.0.28 and the file with user passwords is /etc/samba/smbpasswd and the new version is 3.6.5 and there does not seem to be that file anymore. I think the user info is now in /var/lib/samba/private/passdb.tdb /var/lib/samba/private/secrets.tdb My question is how to transport my users to my new system? i.e. How to convert /etc/samba/smbpasswd -- /var/lib/samba/private/passdb.tdb Any suggestions would be greatly appreciated. Bill Bill, The smbpasswd backend is still available; it's just no longer the default. You must explicitly state passdb backend = smbpasswd in smb.conf. To convert, copy the smbpasswd file from the old machine to the new one, then follow the example in the Samba HowTo under Account Import/Export found at http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#pdbeditthing Good luck. Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] transfer users after samba upgrade to new server
On 05/06/2012 10:14 AM, Bill Szkotnicki wrote: Hi, I want to transfer all of my users from an older version of samba to a new one here. The old version is 3.0.28 and the file with user passwords is /etc/samba/smbpasswd and the new version is 3.6.5 and there does not seem to be that file anymore. I think the user info is now in /var/lib/samba/private/passdb.tdb /var/lib/samba/private/secrets.tdb My question is how to transport my users to my new system? i.e. How to convert /etc/samba/smbpasswd -- /var/lib/samba/private/passdb.tdb Any suggestions would be greatly appreciated. Bill Bill, The smbpasswd backend is still available; it's just no longer the default. You must explicitly state passdb backend = smbpasswd in smb.conf. To convert, copy the smbpasswd file from the old machine to the new one, then follow the example in the Samba HowTo under Account Import/Export found at http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#pdbeditthing Good luck. Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] transfer users after samba upgrade to new server
Hi, I want to transfer all of my users from an older version of samba to a new one here. The old version is 3.0.28 and the file with user passwords is /etc/samba/smbpasswd and the new version is 3.6.5 and there does not seem to be that file anymore. I think the user info is now in /var/lib/samba/private/passdb.tdb /var/lib/samba/private/secrets.tdb My question is how to transport my users to my new system? i.e. How to convert /etc/samba/smbpasswd -- /var/lib/samba/private/passdb.tdb Any suggestions would be greatly appreciated. Bill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade
Very intersting, Then I can only upgrade one times on month? Original Message Subject: Re: [Samba] upgrade From:Michael Wood esiot...@gmail.com Date:Tue, May 1, 2012 5:29 am To: sandy.napo...@eccmg.cupet.cu Cc: samba@lists.samba.org -- Hi On 1 May 2012 00:24, sandy.napo...@eccmg.cupet.cu wrote: Hello list, Iam running every day git pull for update my samba-master, after I follow the step upgrading-samba4, and everything is ok, but I will want know how I can see if my samba4 is upgrade succeful. thereis some log. some aplication that say me it, in this moment how I can know if my samba4 is alpha 18 or alpha 19? after upgrade It is not necessary to upgrade every day :) /usr/local/samba/sbin/samba --version (or smbclient --version, etc.) will tell you the version. For a version of samba later than alpha19, it will say something like Version 4.0.0alpha20-GIT-xxx, where xxx is the first few characters of the commit ID that was current when you compiled Samba. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade
On 2 May 2012 15:13, sandy.napo...@eccmg.cupet.cu wrote: Very intersting, Then I can only upgrade one times on month? Yes, if you like. Or every two months, or only when a new alphaN is released. If you really want to you can upgrade every hour :) but that seems silly. Original Message Subject: Re: [Samba] upgrade From: Michael Wood esiot...@gmail.com Date: Tue, May 1, 2012 5:29 am To: sandy.napo...@eccmg.cupet.cu Cc: samba@lists.samba.org -- Hi On 1 May 2012 00:24, sandy.napo...@eccmg.cupet.cu wrote: Hello list, Iam running every day git pull for update my samba-master, after I follow the step upgrading-samba4, and everything is ok, but I will want know how I can see if my samba4 is upgrade succeful. thereis some log. some aplication that say me it, in this moment how I can know if my samba4 is alpha 18 or alpha 19? after upgrade It is not necessary to upgrade every day :) /usr/local/samba/sbin/samba --version (or smbclient --version, etc.) will tell you the version. For a version of samba later than alpha19, it will say something like Version 4.0.0alpha20-GIT-xxx, where xxx is the first few characters of the commit ID that was current when you compiled Samba. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade
Hi On 1 May 2012 00:24, sandy.napo...@eccmg.cupet.cu wrote: Hello list, Iam running every day git pull for update my samba-master, after I follow the step upgrading-samba4, and everything is ok, but I will want know how I can see if my samba4 is upgrade succeful. thereis some log. some aplication that say me it, in this moment how I can know if my samba4 is alpha 18 or alpha 19? after upgrade It is not necessary to upgrade every day :) /usr/local/samba/sbin/samba --version (or smbclient --version, etc.) will tell you the version. For a version of samba later than alpha19, it will say something like Version 4.0.0alpha20-GIT-xxx, where xxx is the first few characters of the commit ID that was current when you compiled Samba. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade
Hello list, Iam running every day git pull for update my samba-master, after I follow the step upgrading-samba4, and everything is ok, but I will want know how I can see if my samba4 is upgrade succeful. thereis some log. some aplication that say me it, in this moment how I can know if my samba4 is alpha 18 or alpha 19? after upgrade -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] After Samba upgrade, trust relationship always fails
Hello, For a long time I've been running Samba 3.5.10 as a domain controller on RH Enterprise 5, with Windows 7 clients. Everything has worked fine. But since I recently upgraded to Samba 3.6.4, I have a persistent problem with users not being able to login to the client machines successfully because they get the Trust relationship has failed message. I can join the client machines to the domain without any problem, but the client logins always fail. The smbd log file shows repeated instances of the netlogon_creds_server_check failed message. I've gone through all of the troubleshooting procedures recommended in the O'Reilly Samba book and they all checked out. I've also tried deleting and recreating the Samba machine accounts, and also rejoining the clients to the domain. I'm at the point where I've run out of ideas. Can anyone suggest anything further that I could try? Thanks very much, Eric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] After Samba upgrade, trust relationship always fails
Hi again folks, I finally got this problem fixed, although why it is fixed I don't know. What I did was to change the name of the domain in the smb.conf file, then delete my client from the old domain and join it to the renamed domain. Then the logins worked! I don't know why just changing the domain name would have this effect though. Eric -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Eric Evans Sent: Monday, April 16, 2012 10:14 AM To: samba@lists.samba.org Subject: [Samba] After Samba upgrade, trust relationship always fails Hello, For a long time I've been running Samba 3.5.10 as a domain controller on RH Enterprise 5, with Windows 7 clients. Everything has worked fine. But since I recently upgraded to Samba 3.6.4, I have a persistent problem with users not being able to login to the client machines successfully because they get the Trust relationship has failed message. I can join the client machines to the domain without any problem, but the client logins always fail. The smbd log file shows repeated instances of the netlogon_creds_server_check failed message. I've gone through all of the troubleshooting procedures recommended in the O'Reilly Samba book and they all checked out. I've also tried deleting and recreating the Samba machine accounts, and also rejoining the clients to the domain. I'm at the point where I've run out of ideas. Can anyone suggest anything further that I could try? Thanks very much, Eric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration
Hi Gregory, I am completely ignorant of interaction with likewise. But I assume (from the logs) that you have samba's winbindd running. I also don't know about the lwicompat_v4 backend that you configured. What you should know thought is that a domain placeholder ALL is not used for the default idmap configuration any more since samba 3.3. This must be the reason why you get logs from the idmap_tdb backend at all. So in order to configure the lwicompat_v4 backend as the default (catch-all) backend, you should set: idmap backend = lwicompat_v4 And this should be it. (remove all the other idmap-options). There is currently no global read only option to id mapping in 3.5. And from your configuration, the range options (idmap uid and idmap gid) are not needed for your case. If you specify them, then you have to specify values (like idmap uid = 10-20). So my guess is that you should try: ~ idmap backend = lwicompat_v4 ~ instead of ~ idmap config ALL:backend = lwicompat_v4 idmap config ALL:default = yes idmap config ALL:readonly = yes idmap backend idmap uid idmap gid ~ Cheers - Michael Gregory Machin wrote: Thanks for the suggestion, but no joy Below is my [global] workgroup = endace realm = ad.DOMAIN.COM server string = %h server wins server = 10.0.32.2 dns proxy = no panic action = /usr/share/samba/panic-action %d security = ADS encrypt passwords = true passdb backend = tdbsam obey pam restrictions = no unix password sync = yes password server = dcn01.ad.DOMAIN.COM passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . machine password timeout = 0 pam password change = yes map to guest = bad user force group = domain^users idmap config ALL:backend = lwicompat_v4 idmap config ALL:default = yes idmap config ALL:readonly = yes idmap backend idmap uid idmap gid hosts allow = ALL usershare allow guests = yes printcap name = /etc/printcap #Logging # log file = /var/log/samba/log.%m max log size = 1000 #syslog = 0 log level = 1 vfs:1 log file = /var/log/samba/%U.%m.log #Network socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 # Any further advice ? Thanks On Sat, Mar 17, 2012 at 2:58 AM, Tom Noonan II thomas.noonan...@hp.com wrote: I saw this on CentOS 6 with winbind, not LikewiseOpen. The problem is that it expects configuration options to be present that are flagged as having (sane) defaults in the smb.conf man page. Once I added the following options for winbind to my smb.conf this problem went away: idmap backend idmap uid idmap gid I believe it was idmap backend, but I didn't verify that. -- Tom Noonan II ESL Technician - Randstad On Fri, 16 Mar 2012 08:37:48 + Gregory Machin g...@linuxpro.co.za wrote: Hi I'm running CentOS 6.2 with samba-3.5.10-114 , and LikewiseOpen 6.1 . How do I fix these errors ? Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.639871, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.654353, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.655811, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.674267, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.675524, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.693888, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.695097, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Thanks
Re: [Samba] Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration
Thanks for the suggestion, but no joy Below is my [global] workgroup = endace realm = ad.DOMAIN.COM server string = %h server wins server = 10.0.32.2 dns proxy = no panic action = /usr/share/samba/panic-action %d security = ADS encrypt passwords = true passdb backend = tdbsam obey pam restrictions = no unix password sync = yes password server = dcn01.ad.DOMAIN.COM passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . machine password timeout = 0 pam password change = yes map to guest = bad user force group = domain^users idmap config ALL:backend = lwicompat_v4 idmap config ALL:default = yes idmap config ALL:readonly = yes idmap backend idmap uid idmap gid hosts allow = ALL usershare allow guests = yes printcap name = /etc/printcap #Logging # log file = /var/log/samba/log.%m max log size = 1000 #syslog = 0 log level = 1 vfs:1 log file = /var/log/samba/%U.%m.log #Network socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 # Any further advice ? Thanks On Sat, Mar 17, 2012 at 2:58 AM, Tom Noonan II thomas.noonan...@hp.com wrote: I saw this on CentOS 6 with winbind, not LikewiseOpen. The problem is that it expects configuration options to be present that are flagged as having (sane) defaults in the smb.conf man page. Once I added the following options for winbind to my smb.conf this problem went away: idmap backend idmap uid idmap gid I believe it was idmap backend, but I didn't verify that. -- Tom Noonan II ESL Technician - Randstad On Fri, 16 Mar 2012 08:37:48 + Gregory Machin g...@linuxpro.co.za wrote: Hi I'm running CentOS 6.2 with samba-3.5.10-114 , and LikewiseOpen 6.1 . How do I fix these errors ? Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.639871, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.654353, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.655811, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.674267, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.675524, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.693888, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.695097, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Thanks Greg -- Tom Noonan II ESL Technician - Randstad -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration
Hi I'm running CentOS 6.2 with samba-3.5.10-114 , and LikewiseOpen 6.1 . How do I fix these errors ? Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.639871, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.654353, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.655811, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.674267, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.675524, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.693888, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.695097, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Thanks Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration
I saw this on CentOS 6 with winbind, not LikewiseOpen. The problem is that it expects configuration options to be present that are flagged as having (sane) defaults in the smb.conf man page. Once I added the following options for winbind to my smb.conf this problem went away: idmap backend idmap uid idmap gid I believe it was idmap backend, but I didn't verify that. -- Tom Noonan II ESL Technician - Randstad On Fri, 16 Mar 2012 08:37:48 + Gregory Machin g...@linuxpro.co.za wrote: Hi I'm running CentOS 6.2 with samba-3.5.10-114 , and LikewiseOpen 6.1 . How do I fix these errors ? Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.639871, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.654353, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.655811, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.674267, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.675524, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.693888, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 20:25:43.695097, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Thanks Greg -- Tom Noonan II ESL Technician - Randstad -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] The trust relationship between this workstation and the primary domain failed. (After SAMBA upgrade)
Hi folks I am writing to this list because Google was unable to provide me with a solution for my problem (neither did the samba list archives ; as far as I can see). I know that the topic The trust relationship between this workstation and the primary domain failed. is not unknown and a lot of people are suffering from it but I have the feeling that my problem is different. I am not using SAMBA as DC and try to join Windows 7 to it; but let me explain. I had a working configuration which looked as follows: - Windows 2008 R2 SP1 Domain Controller (Forest functional Level 2008 R2; so highest possible) (DNS Server, Global Catalog etc. It is only this ONE DC) - Windows 7 Workstation as a domain member of this domain (Works great; no Problems) - SAMBA 3.x running on Fedora 13 (+ updates so not the newest SAMBA3.5/3.6 releases but somwehere in the 3.1 - 3.3 releases) The SAMBA Box was joined to the domain and some directories on the Fedora box were shared. I was able to access them from my Windows 7 Box without any problems. So SAMBA was a perfectc ADS member. Everything was running fine until . I decided to upgrade (reinstall) my box with Fedora 16 The Fedora Box now has the newest SAMBA release (samba-3.6.3-78.fc16.i686) installed. I reconfigured SAMBA by - re-created the same users with the same uid/gid on the box - configuring DNS as it was before - copied back /etc/krb5.conf - copied back /etc/samba/smb.conf and /etc/samba/smbusers (Basically I used the new smb.conf and replaced the necessary information. I have an include file ads.conf for my ADS configuration which I inject into smb.conf. So no typos or mssing something) - Did a: kinit administra...@mydomain.com (successful) - Did a: net ads join -U Administrator (successful) - Did a: net ads testjoin (- Join is OK) - Did a: smbclient mydc\\myshare -U Administrator (could access the share) (OK. smbclient does not use the local Samba-Daemon but directly connects to the DC. So not really a test) So everyting was as it was before with the execption that when I try to access the SAMBA box from my Windows 7 Box I get: - The trust relationship between this workstation and the primary domain failed. - /var/log/samba/log.win7box shows error messages: [2012/03/11 13:33:07.281548, 0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel) cli_rpc_pipe_open_schannel: failed to get schannel session key from server MYDC.MYDOMAIN.COM for domain MYDOMAIN. [2012/03/11 13:33:07.281867, 0] auth/auth_domain.c:193(connect_to_domain_password_server) connect_to_domain_password_server: unable to open the domain client session to machine MYDC.MYDOMAIN.COM. Error was : NT_STATUS_ACCESS_DENIED. [2012/03/11 13:33:07.284289, 0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel) cli_rpc_pipe_open_schannel: failed to get schannel session key from server MYDC.MYDOMAIN.COM for domain MYDOMAIN. [2012/03/11 13:33:07.284665, 0] auth/auth_domain.c:193(connect_to_domain_password_server) connect_to_domain_password_server: unable to open the domain client session to machine MYDC.MYDOMAIN.COM. Error was : NT_STATUS_ACCESS_DENIED. [2012/03/11 13:33:07.285166, 0] auth/auth_domain.c:292(domain_client_validate) domain_client_validate: Domain password server not available. When I do a Wireshark trace on the Linux system I see the SAMBA Daemon communicates with my domain Controller (MYDC) and gets some errors (when accessing the SAMBA Box from Win 7). No. TimeSourceDestination Protocol Info 9245 45.548203 192.168.1.131 192.168.1.3 SMB Negotiate Protocol Request 9247 45.584079 192.168.1.3 192.168.1.131 SMB Negotiate Protocol Response 9248 45.690020 192.168.1.131 192.168.1.3 SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE 9249 45.690874 192.168.1.3 192.168.1.131 SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED 9250 45.691254 192.168.1.131 192.168.1.3 SMB Session Setup AndX Request, NTLMSSP_AUTH, User: MYDOMAIN\Snoopy 9257 45.760270 192.168.1.3 192.168.1.4 SMB Negotiate Protocol Request 9258 45.760989 192.168.1.4 192.168.1.3 SMB Negotiate Protocol Response 9260 45.761266 192.168.1.3 192.168.1.4 SMB Session Setup AndX Request, User: anonymous 9261 45.761586 192.168.1.4 192.168.1.3 SMB Session Setup AndX Response 9262 45.763317 192.168.1.3 192.168.1.4 SMB Tree Connect AndX Request, Path: \\MYDC.MYDOMAIN.COM\IPC$ 9264 45.763683 192.168.1.4 192.168.1.3 SMB Tree Connect AndX Response 9265 45.763883 192.168.1.3 192.168.1.4 SMB NT
Re: [Samba] Upgrade Samba 3.0.28 to 3.6.0 problems
On 10/06/2011 10:36 PM, Louis Kabo wrote: having a problem upgrading a samba installation version 3.0.28 on a FreeBSD 7.x server. I use samba as a PDC with roaming profiles and user shares. I noticed that none of the local profiles loaded, instead creating a new roaming profile username.V2 in the profiles directory. (windows XP workstation continued to complain about using a local profile as the server copy was unavailable) After Windows Vista, the name of profiles directory was changed to username.V2. That's due to Windows design change. See http://support.microsoft.com/kb/947025/ In addition to this on the Windows 7 workstation I could not access the user share that I was logged into. I can not understand what you mean. Probably it's because by default Windows 7 can talk only NTLMv2. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade Samba 3.0.28 to 3.6.0 problems
Louis, There are numerous changes (adds, deletes, and defaults) to smb.conf between the two versions you have listed. The one that may be causing your smbpasswd problem is the default passdb backend has changed. If you wish to continue using smbpasswd instead of the default tdb, you have to explicitly declare passdb backend = smbpasswd Check here for changelogs: http://www.samba.org/samba/history/ Dale On 10/06/2011 10:36 PM, Louis Kabo wrote: Hello, having a problem upgrading a samba installation version 3.0.28 on a FreeBSD 7.x server. I use samba as a PDC with roaming profiles and user shares. I have to upgrade it to allow Windows 7 Pro workstations to join the domain. I was able to build the binaries sucessfully and install them, everything ran OK, but I noticed that my smbpasswd file had I guess been relocated and I had to readd the PC's and users to the smbpasswd file (smbpasswd -a username, smbpassword -ma machinename), etc. I noticed that I had to have the PC's un-join and re-join the domain in order for them to work. I noticed that none of the local profiles loaded, instead creating a new roaming profile username.V2 in the profiles directory. (windows XP workstation continued to complain about using a local profile as the server copy was unavailable) In addition to this on the Windows 7 workstation I could not access the user share that I was logged into. So I undid my changes and went back to Samba 3.0.28 until I can figure these problems out.I have to figure out how not to have to re-add all of my users and PC's into smbpasswd, why roaming profiles wont work and what the access denined problem was about. My smb.conf file did seem to translate OK because all of my shares were available. What am I missing, did the smbpasswd directory change? is the old smbpasswd file from 3.0.28 not compatible with 3.6.0? what can I do? I dont want everyone to have to recreate their roaming profiles... there are about 50 users... permissions problem? build/source/binary location problem? any suggestions welcome. help please, Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade Samba 3.0.28 to 3.6.0 problems
Hello, having a problem upgrading a samba installation version 3.0.28 on a FreeBSD 7.x server. I use samba as a PDC with roaming profiles and user shares. I have to upgrade it to allow Windows 7 Pro workstations to join the domain. I was able to build the binaries sucessfully and install them, everything ran OK, but I noticed that my smbpasswd file had I guess been relocated and I had to readd the PC's and users to the smbpasswd file (smbpasswd -a username, smbpassword -ma machinename), etc. I noticed that I had to have the PC's un-join and re-join the domain in order for them to work. I noticed that none of the local profiles loaded, instead creating a new roaming profile username.V2 in the profiles directory. (windows XP workstation continued to complain about using a local profile as the server copy was unavailable) In addition to this on the Windows 7 workstation I could not access the user share that I was logged into. So I undid my changes and went back to Samba 3.0.28 until I can figure these problems out.I have to figure out how not to have to re-add all of my users and PC's into smbpasswd, why roaming profiles wont work and what the access denined problem was about. My smb.conf file did seem to translate OK because all of my shares were available. What am I missing, did the smbpasswd directory change? is the old smbpasswd file from 3.0.28 not compatible with 3.6.0? what can I do? I dont want everyone to have to recreate their roaming profiles... there are about 50 users... permissions problem? build/source/binary location problem? any suggestions welcome. help please, Thanks -- Louis Kabo lo...@kaboserv.com http://www.kaboserv.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade to 3.6.0 Could not fetch our SID - did we join?
Dear I have upgraded from 3.5.11 to 3.6.0 in old version, Server was connected to an Active Directory and no problems occurs. when restarting winbind : Sep 19 01:17:34 onesys-samba winbindd[4818]: [2011/09/19 01:17:34.326691, 0] winbindd/winbindd_util.c:635(init_domain_list) Sep 19 01:17:34 onesys-samba winbindd[4818]: Could not fetch our SID - did we join? Sep 19 01:17:34 onesys-samba winbindd[4818]: [2011/09/19 01:17:34.326753, 0] winbindd/winbindd.c:1105(winbindd_register_handlers) Sep 19 01:17:34 onesys-samba winbindd[4818]: unable to initialize domain list But when doing root@onesys-samba:~# net ads info LDAP server: 172.25.154.147 LDAP server name: USGFRAD006.USGPeopleFR.int Realm: USGPEOPLEFR.INT Bind Path: dc=USGPEOPLEFR,dc=INT LDAP port: 389 Server time: lun., 19 sept. 2011 01:15:00 CEST KDC server: 172.25.154.147 Server time offset: -118 root@onesys-samba:~# net ads status display Active Directoy information. root@onesys-samba:~# net rpc info Unable to find a suitable server for domain USGPEOPLEFR here it is the smb.conf [global] workgroup = USGPEOPLEFR netbios name = onesys-samba server string = %h server disable netbios =no strict locking = Auto sync always = No getwd cache = Yes max protocol = NT1 name resolve order =host lmhosts wins bcast dns proxy = No wins support = Yes wins hook = /usr/bin/php5 /usr/share/artica-postfix/exec.samba.wins.php min protocol = NT1 remote announce = 10.7.61.255/USGPEOPLEFR syslog = 3 log level = 10 log file = /var/log/samba/log.%m debug timestamp = yes follow symlinks = yes wide links = yes unix extensions = no usershare allow guests = no usershare max shares = 100 usershare owner only = true usershare path=/var/lib/samba/usershares/data guest account = nobody map to guest = Bad Password template homedir = /home/%U template shell = /bin/false enable privileges = yes os level = 40 ldap passwd sync = no #WINBINDD *** security = ADS realm = USGPEOPLEFR.INT idmap config USGPEOPLEFR:backend= rid idmap config USGPEOPLEFR:read only= yes idmap config USGPEOPLEFR:range = 10 - 19 idmap config USGPEOPLEFR:base_rid = 0 idmap gid = 7 - 9 idmap uid = 7 - 9 encrypt passwords = Yes client ntlmv2 auth = Yes client lanman auth = No winbind normalize names = Yes winbind separator = / winbind use default domain = No winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes winbind nss info = rfc2307 winbind reconnect delay = 30 winbind offline logon = true winbind cache time = 1800 winbind refresh tickets = true kerberos method = system keytab allow trusted domains = Yes server signing = auto client signing = auto lm announce = No ntlm auth = No lanman auth = No preferred master = No printing = bsd nt acl support=yes map acl inherit=yes acl check permissions=yes inherit permissions=no inherit acls=yes acl map full control=yes dos filemode=yes force unknown acl user = no ldap delete dn = no passdb backend = ldapsam:ldap://127.0.0.1:389 ldap admin dn = cn=admin,dc=usgpeoplefr,dc=int ldap suffix = dc=usgpeoplefr,dc=int ldap group suffix = dc=organizations ldap user suffix = dc=organizations ldap machine suffix = ou=Computer,dc=samba,dc=organizations ldap delete dn = yes ldap ssl = off ldap idmap suffix = ou=idmap,dc=samba,dc=organizations,dc=usgpeoplefr,dc=int logon path = logon home = logon drive = socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 case sensitive = No default case = lower preserve case = yes short preserve case = yes wins support = Yes time server = yes msdfs root = no host msdfs = no Some piece of winbind logs tdb_validate (validation child): calling tdb_validate_child [2011/09/19 01:17:34.291428, 10] lib/tdb_validate.c:68(tdb_validate_child) tdb_validate_child: tdb /var/lib/samba/winbindd_cache.tdb freelist has 1 entries [2011/09/19 01:17:34.291479, 10] winbindd/winbindd_cache.c:3979(validate_cache_version) validate_cache_version: WINBINDD_CACHE_VERSION ok [2011/09/19 01:17:34.291532, 10] winbindd/winbindd_cache.c:3938(validate_trustdomcache) validate_trustdomcache: TRUSTDOMCACHE/USGPEOPLEFR ok Don't trust me, I am a DUMMY!
[Samba] Upgrade from 3.0 to 3.5 preserve domain trust?
Hello, We recently upgraded domain controllers to 2008 and were forced to update samba-3.0.33 to samba3x-3.5.4. The upgrade path was not just update but rather erase samba and then install samba3x. Then I copied the files under old config /etc/samba/* back to new install including secrets.tdb. Now, When I tried to validate the machine account using net ads testjoin, it prompted for HOSTNAME@REALM password which I didn't know. It should usually return Join is OK. Does anyone know, if we can retain the machine trust with Active Directory and still upgrade samba? I have to upgrade another 20 machines and do not want all machines to be joined and keytabs re-generated. Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade options
Hi I am running Samba version 3.0.10 on a Sun E450, could you tell me if samba upgrade to 3.4.2 or higher is possible. Thanks Regards Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade options
Aplogies I should also mention I am running Solaris 5.6 -Original Message- From: Force, Steven Sent: 01 July 2011 11:42 To: 'samba@lists.samba.org' Subject: upgrade options Hi I am running Samba version 3.0.10 on a Sun E450, could you tell me if samba upgrade to 3.4.2 or higher is possible. Thanks Regards Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group_mapping.tdb error upon Samba upgrade
Hello Timur and Samba friends, I have done what you suggested. However group_mapping.tdb is renamed to group_mapping.tdb.upgraded again. To me it looks like some update mechanism cannot finalise and got stuck at some point. Any help to overcome this problem is still welcome! On Mon, Jun 20, 2011 at 04:35:26AM +0200, Timur I. Bakeyev wrote: I'd try to rename that *.upgraded file to the normal one, possibly preserving a copy somewhere. On Fri, Jun 3, 2011 at 10:21 AM, Willy Offermans wi...@offermans.rompen.nlwrote: Dear Samba friends, I have recently upgraded from Samba 3.0.36 to Samba 3.5.6. After upgrade I encounter the following error in log.smbd: [2011/06/03 10:09:43, 0] smbd/server.c:1119(main) smbd version 3.5.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 [2011/06/03 10:09:43.379106, 1] param/loadparm.c:7605(lp_do_parameter) WARNING: The share modes option is deprecated [2011/06/03 10:09:43.379286, 1] param/loadparm.c:7605(lp_do_parameter) WARNING: The printer admin option is deprecated [2011/06/03 10:09:43.401015, 1] smbd/files.c:193(file_init) file_init: Information only: requested 16384 open files, 7129 are available. [2011/06/03 10:12:20, 0] lib/util_tdb.c:tdb_log(664) tdb(/var/db/samba/group_mapping.tdb): tdb_reopen: open failed (No such file or directory) [2011/06/03 10:12:20, 0] lib/util.c:reinit_after_fork(3319) tdb_reopen_all failed. [2011/06/03 10:12:20, 0] smbd/server.c:open_sockets_smbd(570) reinit_after_fork failed. [2011/06/03 10:12:20, 0] lib/util.c:smb_panic(1633) PANIC (pid 20164): reinit_after_fork failed. [2011/06/03 10:12:20, 0] lib/util.c:log_stack_trace(1737) BACKTRACE: 4 stack frames: #0 0x122b9fd smb_panic+93 at /usr/local/sbin/smbd #1 0x12ef709 main+5945 at /usr/local/sbin/smbd #2 0x104abdb _start+203 at /usr/local/sbin/smbd #3 0x104ab25 _start+21 at /usr/local/sbin/smbd [2011/06/03 10:12:20, 0] lib/fault.c:dump_core(181) dumping core in /var/log/samba/cores/smbd when issuing the following command: smbclient -L localhost Enter password: protocol negotiation failed: NT_STATUS_PIPE_BROKEN I noticed that there is a file called /var/db/samba/group_mapping.tdb.upgraded but no /var/db/samba/group_mapping.tdb Samba 3.5.6 is running on FreeBSD 8.1-RELEASE #1 What is going on? Do you need more information to solve this issue? -- Met vriendelijke groeten, With kind regards, Mit freundlichen Gruessen, Willy * W.K. Offermans Home: +31 45 544 49 44 Mobile: +31 681 15 87 68 e-mail: wi...@offermans.rompen.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Met vriendelijke groeten, With kind regards, Mit freundlichen Gruessen, De jrus wah, Willy * Dr. W.K. Offermans CAT Postdoctoral Fellow CAT Catalytic Center Institut f�r Technische und Makromolekulare Chemie RWTH Aachen Worringerweg 1, Raum 38C-150 D-52074 Aachen, Germany Phone: +49 241 80 28592 Fax:+49 241 80 22593 Home: +31 45 544 49 44 Mobile: +31 681 15 87 68 e-mail: wi...@offermans.rompen.nl e-mail: willy.offerm...@catalyticcenter.rwth-aachen.de Powered by (__) \\\'',) \/ \ ^ .\._/_) www.FreeBSD.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group_mapping.tdb error upon Samba upgrade
I'd try to rename that *.upgraded file to the normal one, possibly preserving a copy somewhere. On Fri, Jun 3, 2011 at 10:21 AM, Willy Offermans wi...@offermans.rompen.nlwrote: Dear Samba friends, I have recently upgraded from Samba 3.0.36 to Samba 3.5.6. After upgrade I encounter the following error in log.smbd: [2011/06/03 10:09:43, 0] smbd/server.c:1119(main) smbd version 3.5.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 [2011/06/03 10:09:43.379106, 1] param/loadparm.c:7605(lp_do_parameter) WARNING: The share modes option is deprecated [2011/06/03 10:09:43.379286, 1] param/loadparm.c:7605(lp_do_parameter) WARNING: The printer admin option is deprecated [2011/06/03 10:09:43.401015, 1] smbd/files.c:193(file_init) file_init: Information only: requested 16384 open files, 7129 are available. [2011/06/03 10:12:20, 0] lib/util_tdb.c:tdb_log(664) tdb(/var/db/samba/group_mapping.tdb): tdb_reopen: open failed (No such file or directory) [2011/06/03 10:12:20, 0] lib/util.c:reinit_after_fork(3319) tdb_reopen_all failed. [2011/06/03 10:12:20, 0] smbd/server.c:open_sockets_smbd(570) reinit_after_fork failed. [2011/06/03 10:12:20, 0] lib/util.c:smb_panic(1633) PANIC (pid 20164): reinit_after_fork failed. [2011/06/03 10:12:20, 0] lib/util.c:log_stack_trace(1737) BACKTRACE: 4 stack frames: #0 0x122b9fd smb_panic+93 at /usr/local/sbin/smbd #1 0x12ef709 main+5945 at /usr/local/sbin/smbd #2 0x104abdb _start+203 at /usr/local/sbin/smbd #3 0x104ab25 _start+21 at /usr/local/sbin/smbd [2011/06/03 10:12:20, 0] lib/fault.c:dump_core(181) dumping core in /var/log/samba/cores/smbd when issuing the following command: smbclient -L localhost Enter password: protocol negotiation failed: NT_STATUS_PIPE_BROKEN I noticed that there is a file called /var/db/samba/group_mapping.tdb.upgraded but no /var/db/samba/group_mapping.tdb Samba 3.5.6 is running on FreeBSD 8.1-RELEASE #1 What is going on? Do you need more information to solve this issue? -- Met vriendelijke groeten, With kind regards, Mit freundlichen Gruessen, Willy * W.K. Offermans Home: +31 45 544 49 44 Mobile: +31 681 15 87 68 e-mail: wi...@offermans.rompen.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade prob; extension conflict-workaround or fix yet? (widelinks unix ext)
I just upgraded my samba to my dist's version: (3.5.7) and got a message: 01234567890123456789012345678901234567890123456789012345678901234567890123456789 Ishtar smbd[8204]: Share 'IPC$' has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share. This used to work, though admittedly, I think it was because I had a 'fixed' version that removed the check in anticipation of the official switch that would allow this. I **WANT** to be able to control my 'widelinks' from my windows workstation My setup is that my 'windows workstation(s)' are divided in 2, with their file system being on the smb server. So me being able to manage links from my windows workstation is an ease of use issue. It's 'sad' there's no way to define / separate user owned links from 'system' links...i.e. if the ownership on 'symlinks' wasn't so hard to change and was able to be used reliably for ones created by users vs. 'trusted' links created by 'root' That would address (I think) security concerns of this feature... But in my local case, security isn't a concern, since the linux-fs/smb-fs IS my windows-fs. It may not be the standard setup, but I know I'm not the only one who uses samba this way (from previous comments when this issue arose the first time). Perhaps a simple: allow client-managed-links (yes/no) could disable this check? Would you accept a patch? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] group_mapping.tdb error upon Samba upgrade
Dear Samba friends, I have recently upgraded from Samba 3.0.36 to Samba 3.5.6. After upgrade I encounter the following error in log.smbd: [2011/06/03 10:09:43, 0] smbd/server.c:1119(main) smbd version 3.5.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 [2011/06/03 10:09:43.379106, 1] param/loadparm.c:7605(lp_do_parameter) WARNING: The share modes option is deprecated [2011/06/03 10:09:43.379286, 1] param/loadparm.c:7605(lp_do_parameter) WARNING: The printer admin option is deprecated [2011/06/03 10:09:43.401015, 1] smbd/files.c:193(file_init) file_init: Information only: requested 16384 open files, 7129 are available. [2011/06/03 10:12:20, 0] lib/util_tdb.c:tdb_log(664) tdb(/var/db/samba/group_mapping.tdb): tdb_reopen: open failed (No such file or directory) [2011/06/03 10:12:20, 0] lib/util.c:reinit_after_fork(3319) tdb_reopen_all failed. [2011/06/03 10:12:20, 0] smbd/server.c:open_sockets_smbd(570) reinit_after_fork failed. [2011/06/03 10:12:20, 0] lib/util.c:smb_panic(1633) PANIC (pid 20164): reinit_after_fork failed. [2011/06/03 10:12:20, 0] lib/util.c:log_stack_trace(1737) BACKTRACE: 4 stack frames: #0 0x122b9fd smb_panic+93 at /usr/local/sbin/smbd #1 0x12ef709 main+5945 at /usr/local/sbin/smbd #2 0x104abdb _start+203 at /usr/local/sbin/smbd #3 0x104ab25 _start+21 at /usr/local/sbin/smbd [2011/06/03 10:12:20, 0] lib/fault.c:dump_core(181) dumping core in /var/log/samba/cores/smbd when issuing the following command: smbclient -L localhost Enter password: protocol negotiation failed: NT_STATUS_PIPE_BROKEN I noticed that there is a file called /var/db/samba/group_mapping.tdb.upgraded but no /var/db/samba/group_mapping.tdb Samba 3.5.6 is running on FreeBSD 8.1-RELEASE #1 What is going on? Do you need more information to solve this issue? -- Met vriendelijke groeten, With kind regards, Mit freundlichen Gruessen, Willy * W.K. Offermans Home: +31 45 544 49 44 Mobile: +31 681 15 87 68 e-mail: wi...@offermans.rompen.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade samba4 install
Thank you for the replies to my question I asked about upgrading samba4 I am having a new problem and will post a new thread on it. On Wed, 11 May 2011 12:02:00 +0400, Matthieu Patou wrote: Hello, On 09/05/2011 19:52, de...@podoll.com wrote: I have a install of samba4 that I have been using on my home network for testing with one PDC and BDC on the local network and a 3rd BDC located on another network with IPSEC tunnel between the two networks. The problem I have is all 3 servers are running different versions on the samba4 code I would like to get all the system on the same code level. Do any of you know an easy way to do this so I do not loose all the account and policy information in the PDC when I update it? either that or is there a backup method anyone would recommend before trying it preform any updates. So depending on your version of samba you'll have to update just the binaries or also to update the structure and the content of the database. Best is to first know the version. Upgrading the binaries is ok there is nothing to do apart from make;make install , to update the structure we have a tool but for the moment it's limited to 1 DC (so you have to demote your other server). In theory we could support multi DC upgrade, but I have a bit of work to do but it shouldn't be too hard. Matthieu. -- Matthieu Patou Samba Teamhttp://samba.org Private repohttp://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade samba4 install
Hello, On 09/05/2011 19:52, de...@podoll.com wrote: I have a install of samba4 that I have been using on my home network for testing with one PDC and BDC on the local network and a 3rd BDC located on another network with IPSEC tunnel between the two networks. The problem I have is all 3 servers are running different versions on the samba4 code I would like to get all the system on the same code level. Do any of you know an easy way to do this so I do not loose all the account and policy information in the PDC when I update it? either that or is there a backup method anyone would recommend before trying it preform any updates. So depending on your version of samba you'll have to update just the binaries or also to update the structure and the content of the database. Best is to first know the version. Upgrading the binaries is ok there is nothing to do apart from make;make install , to update the structure we have a tool but for the moment it's limited to 1 DC (so you have to demote your other server). In theory we could support multi DC upgrade, but I have a bit of work to do but it shouldn't be too hard. Matthieu. -- Matthieu Patou Samba Teamhttp://samba.org Private repohttp://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade samba4 install
I have a install of samba4 that I have been using on my home network for testing with one PDC and BDC on the local network and a 3rd BDC located on another network with IPSEC tunnel between the two networks. The problem I have is all 3 servers are running different versions on the samba4 code I would like to get all the system on the same code level. Do any of you know an easy way to do this so I do not loose all the account and policy information in the PDC when I update it? either that or is there a backup method anyone would recommend before trying it preform any updates. System info below OS Centos 5.5 on all systems with bind installed to support dynamic updates Hardware local PDC and BDC run off of XENSERVER virtual machines from two different xenserver platforms Hardware offsite HP server Network connection between servers IPV6 with IPSEC tunnel running over internet using IPV6 Thank you for any help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade samba4 install
If the install's are not too old just update you git tree with git pull. Then do this from your root tree, you can no longer build from the source4 directory: make clean ./configure.developer --disable-s3build make Then make a backup copy of /usr/local/samba remove the following directiries rm -Rf /usr/local/samba/bin rm -Rf /usr/local/samba/sbin rm -Rf /usr/local/samba/include rm -Rf /usr/local/samba/modules rm -Rf /usr/local/samba/lib rm -Rf /usr/local/samba/share make install start samba If your installation is too old then you will need to use the upgradeprovision script, but I have never got it work. Jonn On 05/09/2011 10:52 AM, de...@podoll.com wrote: I have a install of samba4 that I have been using on my home network for testing with one PDC and BDC on the local network and a 3rd BDC located on another network with IPSEC tunnel between the two networks. The problem I have is all 3 servers are running different versions on the samba4 code I would like to get all the system on the same code level. Do any of you know an easy way to do this so I do not loose all the account and policy information in the PDC when I update it? either that or is there a backup method anyone would recommend before trying it preform any updates. System info below OS Centos 5.5 on all systems with bind installed to support dynamic updates Hardware local PDC and BDC run off of XENSERVER virtual machines from two different xenserver platforms Hardware offsite HP server Network connection between servers IPV6 with IPSEC tunnel running over internet using IPV6 Thank you for any help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade vom 3.0.37 to 3.4.9
Am 08.02.2011 20:24, schrieb Bernd Glueckert: dear list members, i have a 3.0.37 server running fine but hardware goes down so i must change the server. the new server is there, gentoo with samba 3.4.9. last time i have done this sever exchange, i have copied the *conf and *tdb files together with /etc/passwd and /etc/shadow /etc/group and the server was running within few hours, but this was a small version jump from 3.0.29 to 3.0.37. are there any things to do like converting files / tdb-databases or so on to make the jump from 3.0.37 to 3.4.9?? thanks for any good tips in advance - bernd Und, was war? Steht mir auch grade bevor auf einer Kiste ;-) Danke, Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade vom 3.0.37 to 3.4.9
You should follow these steps and you are on and running: http://www.samba.org/samba/docs/man/Samba-Guide/upgrades.html Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Stefan G. Weichinger Gesendet: Mittwoch, 4. Mai 2011 13:08 An: Bernd Glueckert Cc: samba@lists.samba.org Betreff: Re: [Samba] Upgrade vom 3.0.37 to 3.4.9 Am 08.02.2011 20:24, schrieb Bernd Glueckert: dear list members, i have a 3.0.37 server running fine but hardware goes down so i must change the server. the new server is there, gentoo with samba 3.4.9. last time i have done this sever exchange, i have copied the *conf and *tdb files together with /etc/passwd and /etc/shadow /etc/group and the server was running within few hours, but this was a small version jump from 3.0.29 to 3.0.37. are there any things to do like converting files / tdb-databases or so on to make the jump from 3.0.37 to 3.4.9?? thanks for any good tips in advance - bernd Und, was war? Steht mir auch grade bevor auf einer Kiste ;-) Danke, Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade vom 3.0.37 to 3.4.9
Am 04.05.2011 14:07, schrieb Daniel Müller: You should follow these steps and you are on and running: http://www.samba.org/samba/docs/man/Samba-Guide/upgrades.html Thanks, was no problem anyway. Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade from Samba 3.0.33 to 3.5.8 woes
If you have trouble accessing a machine, are you able to access it from a windows command line with net use \\SERVERNAME or net use \\SERVERIP I had upgraded one of my servers from 3.0.x to 3.4.x. I probably missed something in the compile. Normally an XP/Win7 client should be able to resolve a Samba or Windows server via dns lookup, hosts file, netbios broadcast, wins or lmhosts. I found that with this sever, XP/Win7 clients could only access the server if the were using IP address, or resolving name via netbios broadcast, lmhosts or WINS. Since netbios broadcasts are, by default, blocked for VPN clients, I had to enable WINS over VPN. On 03/22/2011 10:46 PM, gu...@lorenzutti.com.ar wrote: Did you update the schema on the ldap? Maybe you should. Im right know doing it. I don't know how many changes are in the schema between 3.0.33 and 3.5.x. Im migrating from 3.0.24 to 3.2.X and if I don't upgrade the schema the password must change time dosen't work. What do you mean about the dc has a new time? I was referring to the domain sid. The new DC has a new time. We do use LDAP. Which SID are you referring to? The local SID is new on the new DC, but the domain sids are the same. On Tue, Mar 22, 2011 at 10:23 PM,gu...@lorenzutti.com.ar wrote: The same happend to me. But I didn't have the time to analize the problem. I solve it by changing the name of the server. Same ip, but new name and everything works now. It would be great to know if there is another workaround. Did you keep the sid of the pdc after the change? Did you use ldap? Bye. Greetings, I just did a major upgrade to our Samba infrastructure. I previously had a domain controller and share running 3.0.33 (on one box, one samba instance) I set up a new domain controller running 3.5.8, made that the PDC for our domain, and changed the (now former) domain controller running 3.0.33 to just be a member. Additionally, we moved the IP from the old DC to the new DC (and subsequently gave the former DC, now just a member and file share a new IP) Now I am having some strange issues. Windows machines in our London office (which is connected via a tunnel between some Cisco ASA's from HQ to London) can no longer see the domain (which is at HQ) UNLESS we disable the Windows firewall on the workstations OR add exceptions to the firewall for the PDC. Machines at HQ see the domain fine. Now, the PDC has the SAME IP as the old domain. So it's not like the rules would need to be any different anyway. Frankly, I don't quite understand how this worked before - but it did! Did something change between 3.0.x and 3.5.x which would cause this behavior and is there a fix? I am hoping to not have to run through and change all of the firewalls on all of our workstations (especially since we can't do so via netlogon scripts etc as they won't see the domain!) Worth noting, our machines all have an lmhosts file which tells them where to go for the domain, hence why we moved the IP from the old dc to the new dc. Second problem.. users can't access our file share (which was formerly the domain controller, now just a member) when connected via our VPN (a juniper ssl vpn). The VPN drops them into the same network as if they are in the office -- and it works fine if you are in the office. Yet, if you come in via VPN you received no logon servers available errors. Mac users connecting to the file share via SMB have no problem. The following error is logged in smbd.log (redacted my specific names): domain_client_validate: unable to validate password for user $username in domain $mydomain to Domain controller $mypdc. Error was NT_STATUS_UNSUCCESSFUL. Happy to provide any additional info.. I'm baffled! All of this worked before without problems. Thanks, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade from Samba 3.0.33 to 3.5.8 woes
Greetings, I just did a major upgrade to our Samba infrastructure. I previously had a domain controller and share running 3.0.33 (on one box, one samba instance) I set up a new domain controller running 3.5.8, made that the PDC for our domain, and changed the (now former) domain controller running 3.0.33 to just be a member. Additionally, we moved the IP from the old DC to the new DC (and subsequently gave the former DC, now just a member and file share a new IP) Now I am having some strange issues. Windows machines in our London office (which is connected via a tunnel between some Cisco ASA's from HQ to London) can no longer see the domain (which is at HQ) UNLESS we disable the Windows firewall on the workstations OR add exceptions to the firewall for the PDC. Machines at HQ see the domain fine. Now, the PDC has the SAME IP as the old domain. So it's not like the rules would need to be any different anyway. Frankly, I don't quite understand how this worked before - but it did! Did something change between 3.0.x and 3.5.x which would cause this behavior and is there a fix? I am hoping to not have to run through and change all of the firewalls on all of our workstations (especially since we can't do so via netlogon scripts etc as they won't see the domain!) Worth noting, our machines all have an lmhosts file which tells them where to go for the domain, hence why we moved the IP from the old dc to the new dc. Second problem.. users can't access our file share (which was formerly the domain controller, now just a member) when connected via our VPN (a juniper ssl vpn). The VPN drops them into the same network as if they are in the office -- and it works fine if you are in the office. Yet, if you come in via VPN you received no logon servers available errors. Mac users connecting to the file share via SMB have no problem. The following error is logged in smbd.log (redacted my specific names): domain_client_validate: unable to validate password for user $username in domain $mydomain to Domain controller $mypdc. Error was NT_STATUS_UNSUCCESSFUL. Happy to provide any additional info.. I'm baffled! All of this worked before without problems. Thanks, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade from Samba 3.0.33 to 3.5.8 woes
The same happend to me. But I didn't have the time to analize the problem. I solve it by changing the name of the server. Same ip, but new name and everything works now. It would be great to know if there is another workaround. Did you keep the sid of the pdc after the change? Did you use ldap? Bye. Greetings, I just did a major upgrade to our Samba infrastructure. I previously had a domain controller and share running 3.0.33 (on one box, one samba instance) I set up a new domain controller running 3.5.8, made that the PDC for our domain, and changed the (now former) domain controller running 3.0.33 to just be a member. Additionally, we moved the IP from the old DC to the new DC (and subsequently gave the former DC, now just a member and file share a new IP) Now I am having some strange issues. Windows machines in our London office (which is connected via a tunnel between some Cisco ASA's from HQ to London) can no longer see the domain (which is at HQ) UNLESS we disable the Windows firewall on the workstations OR add exceptions to the firewall for the PDC. Machines at HQ see the domain fine. Now, the PDC has the SAME IP as the old domain. So it's not like the rules would need to be any different anyway. Frankly, I don't quite understand how this worked before - but it did! Did something change between 3.0.x and 3.5.x which would cause this behavior and is there a fix? I am hoping to not have to run through and change all of the firewalls on all of our workstations (especially since we can't do so via netlogon scripts etc as they won't see the domain!) Worth noting, our machines all have an lmhosts file which tells them where to go for the domain, hence why we moved the IP from the old dc to the new dc. Second problem.. users can't access our file share (which was formerly the domain controller, now just a member) when connected via our VPN (a juniper ssl vpn). The VPN drops them into the same network as if they are in the office -- and it works fine if you are in the office. Yet, if you come in via VPN you received no logon servers available errors. Mac users connecting to the file share via SMB have no problem. The following error is logged in smbd.log (redacted my specific names): domain_client_validate: unable to validate password for user $username in domain $mydomain to Domain controller $mypdc. Error was NT_STATUS_UNSUCCESSFUL. Happy to provide any additional info.. I'm baffled! All of this worked before without problems. Thanks, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade from Samba 3.0.33 to 3.5.8 woes
The new DC has a new time. We do use LDAP. Which SID are you referring to? The local SID is new on the new DC, but the domain sids are the same. On Tue, Mar 22, 2011 at 10:23 PM, gu...@lorenzutti.com.ar wrote: The same happend to me. But I didn't have the time to analize the problem. I solve it by changing the name of the server. Same ip, but new name and everything works now. It would be great to know if there is another workaround. Did you keep the sid of the pdc after the change? Did you use ldap? Bye. Greetings, I just did a major upgrade to our Samba infrastructure. I previously had a domain controller and share running 3.0.33 (on one box, one samba instance) I set up a new domain controller running 3.5.8, made that the PDC for our domain, and changed the (now former) domain controller running 3.0.33 to just be a member. Additionally, we moved the IP from the old DC to the new DC (and subsequently gave the former DC, now just a member and file share a new IP) Now I am having some strange issues. Windows machines in our London office (which is connected via a tunnel between some Cisco ASA's from HQ to London) can no longer see the domain (which is at HQ) UNLESS we disable the Windows firewall on the workstations OR add exceptions to the firewall for the PDC. Machines at HQ see the domain fine. Now, the PDC has the SAME IP as the old domain. So it's not like the rules would need to be any different anyway. Frankly, I don't quite understand how this worked before - but it did! Did something change between 3.0.x and 3.5.x which would cause this behavior and is there a fix? I am hoping to not have to run through and change all of the firewalls on all of our workstations (especially since we can't do so via netlogon scripts etc as they won't see the domain!) Worth noting, our machines all have an lmhosts file which tells them where to go for the domain, hence why we moved the IP from the old dc to the new dc. Second problem.. users can't access our file share (which was formerly the domain controller, now just a member) when connected via our VPN (a juniper ssl vpn). The VPN drops them into the same network as if they are in the office -- and it works fine if you are in the office. Yet, if you come in via VPN you received no logon servers available errors. Mac users connecting to the file share via SMB have no problem. The following error is logged in smbd.log (redacted my specific names): domain_client_validate: unable to validate password for user $username in domain $mydomain to Domain controller $mypdc. Error was NT_STATUS_UNSUCCESSFUL. Happy to provide any additional info.. I'm baffled! All of this worked before without problems. Thanks, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade from Samba 3.0.33 to 3.5.8 woes
Did you update the schema on the ldap? Maybe you should. Im right know doing it. I don't know how many changes are in the schema between 3.0.33 and 3.5.x. Im migrating from 3.0.24 to 3.2.X and if I don't upgrade the schema the password must change time dosen't work. What do you mean about the dc has a new time? I was referring to the domain sid. The new DC has a new time. We do use LDAP. Which SID are you referring to? The local SID is new on the new DC, but the domain sids are the same. On Tue, Mar 22, 2011 at 10:23 PM, gu...@lorenzutti.com.ar wrote: The same happend to me. But I didn't have the time to analize the problem. I solve it by changing the name of the server. Same ip, but new name and everything works now. It would be great to know if there is another workaround. Did you keep the sid of the pdc after the change? Did you use ldap? Bye. Greetings, I just did a major upgrade to our Samba infrastructure. I previously had a domain controller and share running 3.0.33 (on one box, one samba instance) I set up a new domain controller running 3.5.8, made that the PDC for our domain, and changed the (now former) domain controller running 3.0.33 to just be a member. Additionally, we moved the IP from the old DC to the new DC (and subsequently gave the former DC, now just a member and file share a new IP) Now I am having some strange issues. Windows machines in our London office (which is connected via a tunnel between some Cisco ASA's from HQ to London) can no longer see the domain (which is at HQ) UNLESS we disable the Windows firewall on the workstations OR add exceptions to the firewall for the PDC. Machines at HQ see the domain fine. Now, the PDC has the SAME IP as the old domain. So it's not like the rules would need to be any different anyway. Frankly, I don't quite understand how this worked before - but it did! Did something change between 3.0.x and 3.5.x which would cause this behavior and is there a fix? I am hoping to not have to run through and change all of the firewalls on all of our workstations (especially since we can't do so via netlogon scripts etc as they won't see the domain!) Worth noting, our machines all have an lmhosts file which tells them where to go for the domain, hence why we moved the IP from the old dc to the new dc. Second problem.. users can't access our file share (which was formerly the domain controller, now just a member) when connected via our VPN (a juniper ssl vpn). The VPN drops them into the same network as if they are in the office -- and it works fine if you are in the office. Yet, if you come in via VPN you received no logon servers available errors. Mac users connecting to the file share via SMB have no problem. The following error is logged in smbd.log (redacted my specific names): domain_client_validate: unable to validate password for user $username in domain $mydomain to Domain controller $mypdc. Error was NT_STATUS_UNSUCCESSFUL. Happy to provide any additional info.. I'm baffled! All of this worked before without problems. Thanks, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade samba 3.0.24 to 3.2.5 schema question
Hi there. I have a few dozens domain controllers in samba 3.0.24 and Im in the middle of the process of migrating them to 3.2.5. But know I realize that they are a few problems with the password policys. With the 3.0.24 I can force a user to change the password on the next login and I check this with the following command: workingsamba3.0.24:~# pdbedit -Lv testuser | grep must Password must change: Sat, 04 Jun 2011 17:16:15 ART But when I do the same thing on the new samba... newsamba3.2.5:~# pdbedit -Lv testuser | grep must Password must change: never Is this schema related? My passdb backend is one different ldap replica for every domain controller. But they are in sync. I see that there is a new schema in 3.2.5 but I don't see any changes in the sambaPwdMustChange atributte. Is there any procedure to migrate an entire ldap tree to the new schema? Can I use the new schema of the 3.2.5 on the 3.0.24 version? Tnxs in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Error message after samba upgrade
Hi I had to upgrade samba because we upgrade DC windows to 2008. My current samba version is 3.5.4-0.70.el5 . I'm using RHE Server release 5.4 After the upgrade this message started to appear: Feb 27 20:52:26 mailgate winbindd[316]: [2011/02/27 20:52:26.682422, 0] libsmb/cliconnect.c:1051(cli_session_setup_spnego) Feb 27 20:52:26 mailgate winbindd[316]: Kinit failed: Cannot contact any KDC for requested realm Feb 27 21:24:37 mailgate winbindd[316]: [2011/02/27 21:24:37.243211, 0] libsmb/smb_signing.c:96(smb_signing_good) Feb 27 21:24:37 mailgate winbindd[316]: smb_signing_good: BAD SIG: seq 1 Feb 27 21:24:37 mailgate winbindd[316]: [2011/02/27 21:24:37.244111, 0] libsmb/clientgen.c:279(cli_receive_smb) Feb 27 21:24:37 mailgate winbindd[316]: SMB Signature verification failed on incoming packet! Feb 27 21:24:37 mailgate winbindd[316]: [2011/02/27 21:24:37.259390, 0] libsmb/cliconnect.c:1051(cli_session_setup_spnego) Feb 27 21:24:37 mailgate winbindd[316]: Kinit failed: Cannot contact any KDC for requested realm Feb 27 21:35:41 mailgate winbindd[316]: [2011/02/27 21:35:41.870499, 0] libsmb/smb_signing.c:96(smb_signing_good) Feb 27 21:35:41 mailgate winbindd[316]: smb_signing_good: BAD SIG: seq 1 Feb 27 21:35:41 mailgate winbindd[316]: [2011/02/27 21:35:41.871435, 0] libsmb/clientgen.c:279(cli_receive_smb) Feb 27 21:35:41 mailgate winbindd[316]: SMB Signature verification failed on incoming packet! Feb 27 21:35:41 mailgate winbindd[316]: [2011/02/27 21:35:41.887275, 0] libsmb/cliconnect.c:1051(cli_session_setup_spnego) Feb 27 21:35:41 mailgate winbindd[316]: Kinit failed: Cannot contact any KDC for requested realm Point is that samba doesn'at authenticate, then i need to restart it. After a couple of days i need to restart it again Do you have any ideas ? Thanks pet -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade vom 3.0.37 to 3.4.9
dear list members, i have a 3.0.37 server running fine but hardware goes down so i must change the server. the new server is there, gentoo with samba 3.4.9. last time i have done this sever exchange, i have copied the *conf and *tdb files together with /etc/passwd and /etc/shadow /etc/group and the server was running within few hours, but this was a small version jump from 3.0.29 to 3.0.37. are there any things to do like converting files / tdb-databases or so on to make the jump from 3.0.37 to 3.4.9?? thanks for any good tips in advance - bernd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade from 3.0.14 to 3.5 causes slow login
Hi all. Don’t know if this has be asked before, but since I find many results about “processing delayed initial logon reply for client” but none that’s solves my problem I’m asking here. Due to need of adding Windows 7 machines to our domain, I must upgrade our good old samba 3.0.14+openldap setup. That’s causing some issues being the most obvious the fact that all logins from XP workstations started to take much longer, the logon scripts run much slower (increased from seconds to minutes), and that the nmbd file gets flooded with the “processing delayed initial logon reply for client” message. I didn’t change anything in the smb.conf file. Is there any config tweak that I’m missing? Here’s my conf file (this is for a BDC): # Global parameters [global] smb ports = 139 enable privileges = yes dos charset = 860 unix charset = utf-8 netbios name = si-lnx01 netbios aliases = netfiles-inf,netfiles-dsi,inf-lnx01,netprinters-dsi,netprinters-inf workgroup = INE server string = DC Informatica bind interfaces only = yes interfaces = (removed) min passwd length = 5 passdb backend = ldapsam:ldap://127.0.0.1 idmap backend = ldap:ldap://127.0.0.1 username map = /etc/samba/smbusers log level = 3 log file = /var/log/samba/log.%m max log size = 5000 name resolve order = wins lmhosts bcast time server = No socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd -m %u add group script = /usr/local/sbin/smbldap-groupadd -pa %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u add machine script = /usr/local/sbin/smbldap-useradd -w %u logon path = logon home = domain logons = yes os level = 33 preferred master = yes domain master = no local master = yes wins support = no wins server = (removed) ldap suffix = dc=ine,dc=pt ldap machine suffix = ou=Computers ldap user suffix = ou=users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = (removed) ldap ssl = no ldap delete dn = no ldap passwd sync = yes remote announce = (removed) remote browse sync = (removed) idmap uid = 1000-10 idmap gid = 1000-10 admin users = (removed) security = user template shell = /bin/false printer admin = (removed) load printers = Yes nt acl support = Yes printing = cups use client driver = No deadtime = 10 guest account = nobody dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no host msdfs = yes veto files = /lost+found/,aquota.group,aquota.user store dos attributes = yes Best Regards. Bruno Guerreiro Confidencialidade: Esta mensagem (e eventuais ficheiros anexos) � destinada exclusivamente �s pessoas nela indicadas e tem natureza confidencial. Se receber esta mensagem por engano, por favor contacte o remetente e elimine a mensagem e ficheiros, sem tomar conhecimento do respectivo conte�do e sem reproduzi-la ou divulg�-la. Confidentiality Warning: This e-mail message (and any attached files) is confidential and is intended solely for the use of the individual or entity to whom it is addressed. lf you are not the intended recipient of this message please notify the sender and delete and destroy all copies immediately. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade from 3.4.3 to 3.5.4 disables access for Windows CE 3.0 client
On Thu, Jan 13, 2011 at 10:35:15PM +0100, Michael Hanscho wrote: After upgrading samba from 3.4.3 to 3.5.4 (during upgrade opensuse 11.2 to 11.3) wince3.0 client does not see any files/dirs in the user share; The config is the same as worked with 3.4.3. Can you send a wireshark trace of that CE client trying against Samba and running against a Windows box? Information how to create useful traces can be found under http://wiki.samba.org/index.php/Capture_Packets. To take the trace against Windows, you might want to install wireshark on the Windows server box. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade from 3.4.3 to 3.5.4 disables access for Windows CE 3.0 client
Hi! On 01/14/2011 09:13 AM, Volker Lendecke wrote: Can you send a wireshark trace of that CE client trying against Samba and running against a Windows box? Attached: ce-samba.pcap.gz - gzipped wireshark trace ce-samba ce-windows-pcap - gzipped wireshark trace ce - windowsxp Thanks a lot Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade from 3.4.3 to 3.5.4 disables access for Windows CE 3.0 client
On Fri, Jan 14, 2011 at 10:22:53AM +0100, Michael Hanscho wrote: Hi! On 01/14/2011 09:13 AM, Volker Lendecke wrote: Can you send a wireshark trace of that CE client trying against Samba and running against a Windows box? Attached: ce-samba.pcap - wireshark trace ce-samba ce-windows-pcap - wireshark trace ce - windowsxp Thanks! Can you also get us a debug level 10 log of smbd of the failure? Thanks, Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade from 3.4.3 to 3.5.4 disables access for Windows CE 3.0 client
On Fri, Jan 14, 2011 at 10:55:57AM +0100, Michael Hanscho wrote: On 01/14/2011 09:13 AM, Volker Lendecke wrote: Can you send a wireshark trace of that CE client trying against Samba and running against a Windows box? Attached: ce-samba.pcap.gz - gzipped wireshark trace ce-samba ce-windows-pcap - gzipped wireshark trace ce - windowsxp Can you try the attached patch? Thanks, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade from 3.4.3 to 3.5.4 disables access for Windows CE 3.0 client
On Fri, Jan 14, 2011 at 04:44:34PM +0100, Volker Lendecke wrote: On Fri, Jan 14, 2011 at 10:55:57AM +0100, Michael Hanscho wrote: On 01/14/2011 09:13 AM, Volker Lendecke wrote: Can you send a wireshark trace of that CE client trying against Samba and running against a Windows box? Attached: ce-samba.pcap.gz - gzipped wireshark trace ce-samba ce-windows-pcap - gzipped wireshark trace ce - windowsxp Can you try the attached patch? For reference: The mailing list has eaten the patch. See https://bugzilla.samba.org/show_bug.cgi?id=7917 Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade from 3.4.3 to 3.5.4 disables access for Windows CE 3.0 client
Hi all! After upgrading samba from 3.4.3 to 3.5.4 (during upgrade opensuse 11.2 to 11.3) wince3.0 client does not see any files/dirs in the user share; The config is the same as worked with 3.4.3. Connecting with smblclient or windows from different machine still works as expected. Disabling authentication (tested with windows xp) does not change behaviour. Error in logfile (loglevel=10) for this ce machine, when its automatically trying to get to directory audit [...] [2011/01/13 22:17:46.910242, 10] ../lib/util/util.c:278(_dump_data) [] 00 16 00 04 00 00 00 04 01 00 00 00 00 5C 00 61 .\.a [0010] 00 75 00 64 00 69 00 74 00 00 00 .u.d.i.t ... [2011/01/13 22:17:46.910284, 3] smbd/process.c:1294(switch_message) switch message SMBtrans2 (pid 11953) conn 0x0 [2011/01/13 22:17:46.910311, 3] smbd/error.c:99(error_packet_set) error packet at smbd/process.c(1338) cmd=50 (SMBtrans2) eclass=1 ecode=64 [2011/01/13 22:17:46.910324, 5] lib/util.c:617(show_msg) [2011/01/13 22:17:46.910331, 5] lib/util.c:627(show_msg) size=35 smb_com=0x32 smb_rcls=1 smb_reh=0 smb_err=64 smb_flg=136 smb_flg2=32771 smb_tid=65281 smb_pid=0 smb_uid=100 smb_mid=34 smt_wct=0 smb_bcc=0 [2011/01/13 22:17:46.913669, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) [...] Could someone help me to figure out the problem? What additional information do you need to figure out the problem... Gruesse Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba upgrade HowTo requested
Hi, Volker! On Sat, Dec 18, 2010 at 10:10 AM, Volker Lendecke volker.lende...@sernet.de wrote: On Fri, Dec 17, 2010 at 11:26:12AM +0100, Willy Offermans wrote: 20101026: AFFECTS: users of net/samba35 AUTHOR: Timur Bakeyev ti...@freebsd.org This is the latest stable release of the Samba3 distribution. It has been extended with the experimental support of the NFS4-like ACLs on ZFS partitions, thanks to the sysutils/libsunacl library by Edward Tomasz Napierala(trasz). This support haven't been tested thoroughly, so try it on your own risk. This looks interesting. I just did a portsnap fetch update in my FreeBSD 8.1 box, but I don't find that snippet. Where can I find those patches? There are small patches in the port itself to detect and incorporate libsunacl via configure and build vfs_zfsacl module OOTB. As for the lib itself - it is situated in /usr/ports/sysutils/libsunacl. With regards, Timur. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba upgrade question
On Thu, Dec 16, 2010 at 07:56:55AM -0800, Chernoguz, Inessa wrote: Hi All, I have a problem with upgrade samba on Solaris 10 (x86). The current version is 3.0.25b (distributed with Solaris 10). I am trying to upgrade version to 3.4.5. I compiled samba from sources, has not any problem with make and installation. Now I have 2 different versions and when I am running svcadm enable samba I am receiving old version. The old version installed under: /usr/sfw/sbin, new one under /usr/sbin... # /usr/sfw/sbin/smbd -V Version 3.0.25a # /usr/sbin/smbd -V Version 3.4.5 # ps -ef | grep smbd root 7531 7305 0 17:55:32 pts/1 0:00 grep smbd root 6981 6979 0 15:19:58 ? 0:00 /usr/sfw/sbin/smbd -D root 6979 1 0 15:19:58 ? 0:00 /usr/sfw/sbin/smbd -D Can you, please help me here? Thanks a lot, Inessa As someone already replied, you need to disable the vendor provided Samba first: # svcadm disable samba Then set up SysV init scripts for your new, custom installation of Samba or something via SMF. Alternately, Sunfreeware or Blastwave may have pre-packaged Samba installs that include these scripts. I prefer sticking with the vendor-provided packages when possible (hand built packages don't scale administratively). The latest Sun version of Samba is 3.0.37 for Solaris 10 and I believe they have a refresh due out shortly. Thanks, Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba upgrade question
The key advantages of the Solaris provided version is that - someone already did the compilation work - ZFS support is included (this is backported by Sun and not included with 3.0.x source code from samba.) - nsswitch support is also enabled The big problems I had with Sun's version (which is why I also ended up recompiling) - domain trusts don't always work, and the idmap functionality is buggy. So I think 3.0.x is pretty much a dead-end at this point. According to the Oracle forums, Samba 3.4.x is included with the recent Solaris Express release- so I expect it to be included with Solaris 11 (whenever that comes out.) My guess (no evidence to back this up) is that Solaris 10 will stay on samba 3.0.x. You have to make some changes when you change versions and if they pushed that our as an automatic update it could possible break things. With the sunfreeware and blastwave versions of samba- - these might be 32-bit only. - I don't think zfs is included. - nsswitch support may or may not be included.I had problems with this with sunfreeware samba in the past. On 12/20/2010 11:34 AM, Ray Van Dolson wrote: On Thu, Dec 16, 2010 at 07:56:55AM -0800, Chernoguz, Inessa wrote: Hi All, I have a problem with upgrade samba on Solaris 10 (x86). The current version is 3.0.25b (distributed with Solaris 10). I am trying to upgrade version to 3.4.5. I compiled samba from sources, has not any problem with make and installation. Now I have 2 different versions and when I am running svcadm enable samba I am receiving old version. The old version installed under: /usr/sfw/sbin, new one under /usr/sbin... # /usr/sfw/sbin/smbd -V Version 3.0.25a # /usr/sbin/smbd -V Version 3.4.5 # ps -ef | grep smbd root 7531 7305 0 17:55:32 pts/1 0:00 grep smbd root 6981 6979 0 15:19:58 ? 0:00 /usr/sfw/sbin/smbd -D root 6979 1 0 15:19:58 ? 0:00 /usr/sfw/sbin/smbd -D Can you, please help me here? Thanks a lot, Inessa As someone already replied, you need to disable the vendor provided Samba first: # svcadm disable samba Then set up SysV init scripts for your new, custom installation of Samba or something via SMF. Alternately, Sunfreeware or Blastwave may have pre-packaged Samba installs that include these scripts. I prefer sticking with the vendor-provided packages when possible (hand built packages don't scale administratively). The latest Sun version of Samba is 3.0.37 for Solaris 10 and I believe they have a refresh due out shortly. Thanks, Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba