[Samba] Problem with squid+ntlm+samba
Hello, I'm having a little problem after logging into domain via samba, after a few minutes the squid no longer authenticates the users through single sign on and keeps asking for authentication in the browser without stopping. below is my settings and error logs. smb.conf [global]workgroup = SALEnetbios name = utmadmserver string = PROXY SERVERload printers = nolog file = /var/log/samba34/log.%mpid directory = /var/run/samba34max log size = 500realm = sale.brsecurity = adsauth methods = winbindwinbind separator = |encrypt passwords = yeswinbind cache time = 300winbind enum users = yeswinbind enum groups = yeswinbind use default domain = yesidmap uid = 1-5idmap gid = 1-5local master = noos level = 233domain master = nopreferred master = nodomain logons = nowins server = 192.168.8.202dns proxy = noldap ssl = noclient use spnego = noserver signing = autoclient signing = autolog level = 3 auth:10 winbind:10 krb5.conf [libdefaults]default_realm = SALE.BRclockskew = 300[realms]SALE.BR = { kdc = 192.168.0.1default_domain = domain.localadmin_server = 192.168.0.1}[logging]kdc = FILE:/var/log/krb5/krb5kdc.logadmin_server = FILE:/var/log/krb5/kadmind.logdefault = SYSLOG:NOTICE:DAEMON [domain_realm].domain.local = DOMAIN.LOCAL [appdefaults]pam = {ticket_lifetime = 1drenew_lifetime = 1d forwardable = trueproxiable = falseretain_after_close = falseminimum_uid = 1 squid.conf # Do not edit manually !http_port 192.168.0.1:8080icp_port 0 pid_filename /var/run/squid.pidcache_effective_user proxycache_effective_group proxyerror_directory /usr/local/etc/squid/errors/Englishicon_directory /usr/local/etc/squid/iconsvisible_hostname localhostcache_mgr admin@localhostaccess_log /var/squid/logs/access.logcache_log /var/squid/logs/cache.logreferer_log /var/squid/logs/referer.loglogfile_rotate 0cache_store_log noneshutdown_lifetime 3 seconds# Allow local network(s) on interface(s)acl localnet src 192.168.0.0/255.255.255.0uri_whitespace stripdns_nameservers 208.67.222.222cache_mem 8 MBmaximum_object_size_in_memory 32 KBmemory_replacement_policy heap GDSFcache_replacement_policy heap LFUDAcache_dir ufs /var/squid/cache 100 16 256minimum_object_size 0 KBmaximum_object_size 4 KBoffline_mode offcache_swap_low 90cache_swap_high 95 url_rewrite_program /usr/local/bin/redirectorurl_rewrite_children 50 # Setup some default aclsacl all src 0.0.0.0/0.0.0.0acl localhost src 127.0.0.1/255.255.255.255acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 5080 3128 1025-65535 5080 81 80 443 21 20acl sslports port 443 563 5080 5080 81 80 443 21 20acl manager proto cache_objectacl purge method PURGEacl connect method CONNECTacl dynamic urlpath_regex cgi-bin \?acl unrestricted_hosts src /var/squid/acl/unrestricted_hosts.aclacl whitelist dstdom_regex -i /var/squid/acl/whitelist.aclcache deny dynamichttp_access allow manager localhosthttp_access deny managerhttp_access allow purge localhosthttp_access deny purgehttp_access deny !safeportshttp_access deny CONNECT !sslports # Always allow localhost connectionshttp_access allow localhost request_body_max_size 0 KBreply_body_max_size 0 deny alldelay_pools 1delay_class 1 2delay_parameters 1 -1/-1 -1/-1delay_initial_bucket_level 100delay_access 1 allow all # Custom optionstcp_outgoing_address 192.168.0.1auth_param ntlm keep_alive on # These hosts do not have any restrictionshttp_access allow unrestricted_hosts# Always allow access to whitelist domainshttp_access allow whitelistauth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmsspauth_param ntlm children 45auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basicauth_param basic casesensitive offauthenticate_cache_garbage_interval 10 secondsauth_param basic children 45auth_param basic realm Please enter your credentials to access the proxyauth_param basic credentialsttl 600 minutesacl password proxy_auth REQUIREDhttp_access allow unrestricted_hostshttp_access allow password localnet# Default block all to be surehttp_access deny all My winbind_privileged drwxr-x--- 2 root proxy 512B Oct 2 10:00 winbindd_privileged Error logs: [2013/10/01 19:39:44, 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED2013/10/01 19:39:44| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' Login for user [SALE]\[wellington.gomes]@[TI-06] failed due to [Access denied]2013/10/01 19:37:35| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'[2013/10/01 19:37:35, 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED [2013/10/01 19:36:52, 10] utils/ntlm_auth.c:2190(manage_squid_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED [2013/10/01 10:30:12, 3] utils/ntlm_auth.c:329(check_plaintext_auth)
[Samba] Problem with Classic-Migration and Sernet Samba4 Packages
Hi, I'm testing an classic migration from samba3/openldap to samba4 on debian wheezy. Last time i did this i used an self compiled samba4 installation. I followed the howto and used openldap with an cloned db on my new server. Now I try the same with sernet's samba4 packages. But sernet-samba-ad does already provide ldap and slapd services and also has ldap-server and slapd in Breaks so installing slapd is not possible. As an quick workaround I edited /var/lib/dpkg/status and removed ldap-server and slap from the sernet-samba-ad Breaks definitions and remove ldap and slapd from the line Provides: in /etc/init.d/serner-samba-ad. Aftewards slapd installed without errors. Thought i post this here, since slapd can also be used as an ldap proxy in conjunction with samba4. achim~ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with Classic-Migration and Sernet Samba4 Packages
On Thu, 2013-10-10 at 13:18 +0200, Achim Gottinger wrote: Hi, I'm testing an classic migration from samba3/openldap to samba4 on debian wheezy. Last time i did this i used an self compiled samba4 installation. I followed the howto and used openldap with an cloned db on my new server. Now I try the same with sernet's samba4 packages. But sernet-samba-ad does already provide ldap and slapd services and also has ldap-server and slapd in Breaks so installing slapd is not possible. As an quick workaround I edited /var/lib/dpkg/status and removed ldap-server and slap from the sernet-samba-ad Breaks definitions and remove ldap and slapd from the line Provides: in /etc/init.d/serner-samba-ad. Aftewards slapd installed without errors. Thought i post this here, since slapd can also be used as an ldap proxy in conjunction with samba4. Please provide that feedback back to SerNET. I also don't think the packages should be described as breaking each other. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with ntlm autentication in squid
On 10/04/2013 08:26 AM, Silvio Aparecido wrote: Hi I'm having a little problem after logging into domain via samba, after a few minutes the squid no longer authenticates the users through single sign on and keeps asking for authentication in the browser without stopping. below is my settings and error logs.* ** smb.conf* [global] workgroup = SALE netbios name = utmadm server string = PROXY SERVER load printers = no log file = /var/log/samba34/log.%m pid directory = /var/run/samba34 max log size = 500 realm = sale.br security = ads auth methods = winbind winbind separator = | encrypt passwords = yes winbind cache time = 300 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes idmap uid = 1-5 idmap gid = 1-5 local master = no os level = 233 domain master = no preferred master = no domain logons = no wins server = 192.168.8.202 dns proxy = no ldap ssl = no client use spnego = no server signing = auto client signing = auto log level = 3 auth:10 winbind:10 * krb5.conf* [libdefaults] default_realm = SALE.BR clockskew = 300 [realms] SALE.BR = { kdc = 192.168.0.1 default_domain = domain.local admin_server = 192.168.0.1 } [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON [domain_realm] .domain.local = DOMAIN.LOCAL [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 1 *squid.conf* # Do not edit manually ! http_port 192.168.0.1:8080 icp_port 0 pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_directory /usr/local/etc/squid/errors/English icon_directory /usr/local/etc/squid/icons visible_hostname localhost cache_mgr admin@localhost access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log referer_log /var/squid/logs/referer.log logfile_rotate 0 cache_store_log none shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 192.168.0.0/255.255.255.0 uri_whitespace strip dns_nameservers 208.67.222.222 cache_mem 8 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir ufs /var/squid/cache 100 16 256 minimum_object_size 0 KB maximum_object_size 4 KB offline_mode off cache_swap_low 90 cache_swap_high 95 url_rewrite_program /usr/local/bin/redirector url_rewrite_children 50 # Setup some default acls acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 5080 3128 1025-65535 5080 81 80 443 21 20 acl sslports port 443 563 5080 5080 81 80 443 21 20 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT acl dynamic urlpath_regex cgi-bin \? acl unrestricted_hosts src /var/squid/acl/unrestricted_hosts.acl acl whitelist dstdom_regex -i /var/squid/acl/whitelist.acl cache deny dynamic http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost request_body_max_size 0 KB reply_body_max_size 0 deny all delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow all # Custom options tcp_outgoing_address 192.168.0.1 auth_param ntlm keep_alive on # These hosts do not have any restrictions http_access allow unrestricted_hosts # Always allow access to whitelist domains http_access allow whitelist auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 45 auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic casesensitive off authenticate_cache_garbage_interval 10 seconds auth_param basic children 45 auth_param basic realm Please enter your credentials to access the proxy auth_param basic credentialsttl 600 minutes acl password proxy_auth REQUIRED http_access allow unrestricted_hosts http_access allow password localnet # Default block all to be sure http_access deny all My winbind_privileged drwxr-x--- 2 root proxy 512B Oct 2 10:00 winbindd_privileged Error logs: [2013/10/01 19:39:44, 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED 2013/10/01 19:39:44| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' Login for user [SALE]\[wellington.gomes]@[TI-06] failed due to [Access denied] 2013/10/01 19:37:35| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' [2013/10/01 19:37:35, 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED
Re: [Samba] Problem with squid+ntlm+samba
On Wed, 2013-10-02 at 10:47 -0300, Silvio Aparecido wrote: Hello, first, sorry by duplicated email, my last have write errors I'm having a little problem after logging into domain via samba, after a few minutes the squid no longer authenticates the users through single sign on and keeps asking for authentication in the browser without stopping. Error logs: [2013/10/01 19:39:44, 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED 2013/10/01 19:39:44| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' Login for user [SALE]\[wellington.gomes]@[TI-06] failed due to [Access denied] 2013/10/01 19:37:35| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' [2013/10/01 19:37:35, 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED [2013/10/01 19:36:52, 10] utils/ntlm_auth.c:2190(manage_squid_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED [2013/10/01 10:30:12, 3] utils/ntlm_auth.c:329(check_plaintext_auth) NT_STATUS_ACCESS_DENIED: Access denied (0xc022) What does wbinfo -P show? Are you correctly joined to the domain. Can you authenticate using wbinfo as root, and then as squid? What do the winbind logs show? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with ntlm autentication in squid
Hi I'm having a little problem after logging into domain via samba, after a few minutes the squid no longer authenticates the users through single sign on and keeps asking for authentication in the browser without stopping. below is my settings and error logs.* ** smb.conf* [global] workgroup = SALE netbios name = utmadm server string = PROXY SERVER load printers = no log file = /var/log/samba34/log.%m pid directory = /var/run/samba34 max log size = 500 realm = sale.br security = ads auth methods = winbind winbind separator = | encrypt passwords = yes winbind cache time = 300 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes idmap uid = 1-5 idmap gid = 1-5 local master = no os level = 233 domain master = no preferred master = no domain logons = no wins server = 192.168.8.202 dns proxy = no ldap ssl = no client use spnego = no server signing = auto client signing = auto log level = 3 auth:10 winbind:10 * krb5.conf* [libdefaults] default_realm = SALE.BR clockskew = 300 [realms] SALE.BR = { kdc = 192.168.0.1 default_domain = domain.local admin_server = 192.168.0.1 } [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON [domain_realm] .domain.local = DOMAIN.LOCAL [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 1 *squid.conf* # Do not edit manually ! http_port 192.168.0.1:8080 icp_port 0 pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_directory /usr/local/etc/squid/errors/English icon_directory /usr/local/etc/squid/icons visible_hostname localhost cache_mgr admin@localhost access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log referer_log /var/squid/logs/referer.log logfile_rotate 0 cache_store_log none shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 192.168.0.0/255.255.255.0 uri_whitespace strip dns_nameservers 208.67.222.222 cache_mem 8 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir ufs /var/squid/cache 100 16 256 minimum_object_size 0 KB maximum_object_size 4 KB offline_mode off cache_swap_low 90 cache_swap_high 95 url_rewrite_program /usr/local/bin/redirector url_rewrite_children 50 # Setup some default acls acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 5080 3128 1025-65535 5080 81 80 443 21 20 acl sslports port 443 563 5080 5080 81 80 443 21 20 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT acl dynamic urlpath_regex cgi-bin \? acl unrestricted_hosts src /var/squid/acl/unrestricted_hosts.acl acl whitelist dstdom_regex -i /var/squid/acl/whitelist.acl cache deny dynamic http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost request_body_max_size 0 KB reply_body_max_size 0 deny all delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow all # Custom options tcp_outgoing_address 192.168.0.1 auth_param ntlm keep_alive on # These hosts do not have any restrictions http_access allow unrestricted_hosts # Always allow access to whitelist domains http_access allow whitelist auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 45 auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic casesensitive off authenticate_cache_garbage_interval 10 seconds auth_param basic children 45 auth_param basic realm Please enter your credentials to access the proxy auth_param basic credentialsttl 600 minutes acl password proxy_auth REQUIRED http_access allow unrestricted_hosts http_access allow password localnet # Default block all to be sure http_access deny all My winbind_privileged drwxr-x--- 2 root proxy 512B Oct 2 10:00 winbindd_privileged Error logs: [2013/10/01 19:39:44, 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED 2013/10/01 19:39:44| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' Login for user [SALE]\[wellington.gomes]@[TI-06] failed due to [Access denied] 2013/10/01 19:37:35| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' [2013/10/01 19:37:35, 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED [2013/10/01 19:36:52, 10] utils/ntlm_auth.c:2190(manage_squid_request)
Re: [Samba] problem server WIN 2003 R2 - samba HP-UX
On Wed, 2013-09-25 at 14:25 +0200, Stefania Rampini wrote: Hello all, I am running Samba 2.2.8a Stop right here. This version is so long un-supported and out of date it just isn't even funny. Please upgrade to a supported release, preferably Samba 4.0. Your issue almost certainly relates to the lack of 'smb signing' support in that release, but so many other things have changed in the past dozen years that it could really be anything. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with squid+ntlm+samba
Hello, I'm having a little problem after logging into domain via samba, after a few minutes the squid no longer authenticates the users through single sign on and keeps asking for authentication in the browser without stopping. below is my settings and error logs. smb.conf [global]workgroup = SALEnetbios name = utmadmserver string = PROXY SERVERload printers = nolog file = /var/log/samba34/log.%mpid directory = /var/run/samba34max log size = 500realm = sale.brsecurity = adsauth methods = winbindwinbind separator = |encrypt passwords = yeswinbind cache time = 300winbind enum users = yeswinbind enum groups = yeswinbind use default domain = yesidmap uid = 1-5idmap gid = 1-5local master = noos level = 233domain master = nopreferred master = nodomain logons = nowins server = 192.168.8.202dns proxy = noldap ssl = noclient use spnego = noserver signing = autoclient signing = autolog level = 3 auth:10 winbind:10 krb5.conf [libdefaults]default_realm = SALE.BRclockskew = 300[realms]SALE.BR = { kdc = 192.168.0.1default_domain = domain.localadmin_server = 192.168.0.1}[logging]kdc = FILE:/var/log/krb5/krb5kdc.logadmin_server = FILE:/var/log/krb5/kadmind.logdefault = SYSLOG:NOTICE:DAEMON [domain_realm].domain.local = DOMAIN.LOCAL [appdefaults]pam = {ticket_lifetime = 1drenew_lifetime = 1d forwardable = trueproxiable = falseretain_after_close = falseminimum_uid = 1 squid.conf # Do not edit manually !http_port 192.168.0.1:8080icp_port 0 pid_filename /var/run/squid.pidcache_effective_user proxycache_effective_group proxyerror_directory /usr/local/etc/squid/errors/Englishicon_directory /usr/local/etc/squid/iconsvisible_hostname localhostcache_mgr admin@localhostaccess_log /var/squid/logs/access.logcache_log /var/squid/logs/cache.logreferer_log /var/squid/logs/referer.loglogfile_rotate 0cache_store_log noneshutdown_lifetime 3 seconds# Allow local network(s) on interface(s)acl localnet src 192.168.0.0/255.255.255.0uri_whitespace stripdns_nameservers 208.67.222.222cache_mem 8 MBmaximum_object_size_in_memory 32 KBmemory_replacement_policy heap GDSFcache_replacement_policy heap LFUDAcache_dir ufs /var/squid/cache 100 16 256minimum_object_size 0 KBmaximum_object_size 4 KBoffline_mode offcache_swap_low 90cache_swap_high 95 url_rewrite_program /usr/local/bin/redirectorurl_rewrite_children 50 # Setup some default aclsacl all src 0.0.0.0/0.0.0.0acl localhost src 127.0.0.1/255.255.255.255acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 5080 3128 1025-65535 5080 81 80 443 21 20acl sslports port 443 563 5080 5080 81 80 443 21 20acl manager proto cache_objectacl purge method PURGEacl connect method CONNECTacl dynamic urlpath_regex cgi-bin \?acl unrestricted_hosts src /var/squid/acl/unrestricted_hosts.aclacl whitelist dstdom_regex -i /var/squid/acl/whitelist.aclcache deny dynamichttp_access allow manager localhosthttp_access deny managerhttp_access allow purge localhosthttp_access deny purgehttp_access deny !safeportshttp_access deny CONNECT !sslports # Always allow localhost connectionshttp_access allow localhost request_body_max_size 0 KBreply_body_max_size 0 deny alldelay_pools 1delay_class 1 2delay_parameters 1 -1/-1 -1/-1delay_initial_bucket_level 100delay_access 1 allow all # Custom optionstcp_outgoing_address 192.168.0.1auth_param ntlm keep_alive on # These hosts do not have any restrictionshttp_access allow unrestricted_hosts# Always allow access to whitelist domainshttp_access allow whitelistauth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmsspauth_param ntlm children 45auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basicauth_param basic casesensitive offauthenticate_cache_garbage_interval 10 secondsauth_param basic children 45auth_param basic realm Please enter your credentials to access the proxyauth_param basic credentialsttl 600 minutesacl password proxy_auth REQUIREDhttp_access allow unrestricted_hostshttp_access allow password localnet# Default block all to be surehttp_access deny all My winbind_privileged drwxr-x--- 2 root proxy 512B Oct 2 10:00 winbindd_privileged Error logs: [2013/10/01 19:39:44, 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED2013/10/01 19:39:44| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' Login for user [SALE]\[wellington.gomes]@[TI-06] failed due to [Access denied]2013/10/01 19:37:35| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'[2013/10/01 19:37:35, 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED [2013/10/01 19:36:52, 10] utils/ntlm_auth.c:2190(manage_squid_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED [2013/10/01 10:30:12, 3] utils/ntlm_auth.c:329(check_plaintext_auth)
[Samba] Problem with squid+ntlm+samba
Hello, first, sorry by duplicated email, my last have write errors I'm having a little problem after logging into domain via samba, after a few minutes the squid no longer authenticates the users through single sign on and keeps asking for authentication in the browser without stopping. below is my settings and error logs. smb.conf [global] workgroup = SALE netbios name = utmadm server string = PROXY SERVER load printers = no log file = /var/log/samba34/log.%m pid directory = /var/run/samba34 max log size = 500 realm = sale.br security = ads auth methods = winbind winbind separator = | encrypt passwords = yes winbind cache time = 300 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes idmap uid = 1-5 idmap gid = 1-5 local master = no os level = 233 domain master = no preferred master = no domain logons = no wins server = 192.168.8.202 dns proxy = no ldap ssl = no client use spnego = no server signing = auto client signing = auto log level = 3 auth:10 winbind:10 krb5.conf [libdefaults] default_realm = SALE.BR clockskew = 300 [realms] SALE.BR = { kdc = 192.168.0.1 default_domain = domain.local admin_server = 192.168.0.1 } [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON [domain_realm] .domain.local = DOMAIN.LOCAL [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 1 squid.conf # Do not edit manually ! http_port 192.168.0.1:8080 icp_port 0 pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_directory /usr/local/etc/squid/errors/English icon_directory /usr/local/etc/squid/icons visible_hostname localhost cache_mgr admin@localhost access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log referer_log /var/squid/logs/referer.log logfile_rotate 0 cache_store_log none shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 192.168.0.0/255.255.255.0 uri_whitespace strip dns_nameservers 208.67.222.222 cache_mem 8 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir ufs /var/squid/cache 100 16 256 minimum_object_size 0 KB maximum_object_size 4 KB offline_mode off cache_swap_low 90 cache_swap_high 95 url_rewrite_program /usr/local/bin/redirector url_rewrite_children 50 # Setup some default acls acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 5080 3128 1025-65535 5080 81 80 443 21 20 acl sslports port 443 563 5080 5080 81 80 443 21 20 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT acl dynamic urlpath_regex cgi-bin \? acl unrestricted_hosts src /var/squid/acl/unrestricted_hosts.acl acl whitelist dstdom_regex -i /var/squid/acl/whitelist.acl cache deny dynamic http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost request_body_max_size 0 KB reply_body_max_size 0 deny all delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow all # Custom options tcp_outgoing_address 192.168.0.1 auth_param ntlm keep_alive on # These hosts do not have any restrictions http_access allow unrestricted_hosts # Always allow access to whitelist domains http_access allow whitelist auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 45 auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic casesensitive off authenticate_cache_garbage_interval 10 seconds auth_param basic children 45 auth_param basic realm Please enter your credentials to access the proxy auth_param basic credentialsttl 600 minutes acl password proxy_auth REQUIRED http_access allow unrestricted_hosts http_access allow password localnet # Default block all to be sure http_access deny all My winbind_privileged drwxr-x--- 2 root proxy 512B Oct 2 10:00 winbindd_privileged Error logs: [2013/10/01 19:39:44, 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED 2013/10/01 19:39:44| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' Login for user [SALE]\[wellington.gomes]@[TI-06] failed due to [Access denied] 2013/10/01 19:37:35| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' [2013/10/01 19:37:35, 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED
[Samba] problem server WIN 2003 R2 - samba HP-UX
Hello all, I am running Samba 2.2.8a and am trying to connect to a Windows 2003 domain controller server1 (BDC – back up). I keep getting the error Tree connect failed - NT_Status_Access_Denied I have another domain controller server2 (PDC - primary)in the same domain with the same share etc and I can connect successfully. The only difference is the version of WIN2003 R2 for server1 WIN2003 R1 for server2 server1 failed # /opt/samba/bin/smbclient server1\\pdf -d 3 -U sstef Initialising global parameters params.c:pm_process() - Processing configuration file /etc/opt/samba/smb.conf Processing section [global] Client started (version 2.2.8a based HP CIFS Server A.01.10). resolve_lmhosts: Attempting lmhosts lookup for name server10x20 resolve_hosts: Attempting host lookup for name mailserver0x20 Connecting to 192.. at port 139 Password: Domain=[PROVA] OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Wi ndows Server 2003 R2 5.2] tree connect failed: NT_STATUS_ACCESS_DENIED server2 OK # /opt/samba/bin/smbclient server2\\pdf -d 3 -U sstef Initialising global parameters params.c:pm_process() - Processing configuration file /etc/opt/samba/smb.conf Processing section [global] Client started (version 2.2.8a based HP CIFS Server A.01.10). resolve_lmhosts: Attempting lmhosts lookup for name server20030x20 resolve_hosts: Attempting host lookup for name server20030x20 Connecting to 192.. at port 139 Password: Domain=[PROVA] OS=[Windows Server 2003 3790 Service Pack 2] Server=[Windo ws Server 2003 5.2] smb: \ pwd Current directory is \\server2\pdf\ smb: \ exit # my smb.conf [global] netbios aliases = hpxxx (is server HP-UX) workgroup = PROVA load printers = No printing = guest ok = yes guest account = root read only = no null passwords = Yes read prediction = yes socket options = TCP_NODELAY share modes = yes locking = yes strict locking = yes server string = %h (Samba %v) security = share preserve case = yes os level = 1 oplocks = false hosts allow = 192. wins server = 192.(is server2) Can you help me??? Stefania -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem to demote Samba4 DC
Hello, I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. DNS is provided by the internal dns server of Samba 4. I promoted a Windows 2k8 box as a new DC of this domain and I transfer all the 5 FSMO roles to this windows box. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via samba-tool fsmo show on linux or with ntdsutil on windows it confirms that the Samba 4 DC doesn't own anything. Then, I tried to just stop samba4 and follow the microsoft procedure to remove a failed DC. But when I do that the domain fails, i've got an error message when i try to open any AD tool (ADUC for example) saying that the domain cannot be found. It seems that something is handled by Samba only but I can't figure out what. Is this a DNS problem ? Should I use Bind ? Well, it's not urgent... wait a minute, my boss has a chainsaw, maybe I should hurry :D . Best regards, -- Davy HUBERT DSI/SMI - Unité Systèmes Université Paul-Valéry, Montpellier 3 davy.hub...@univ-montp3.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem to demote Samba4 DC
Hi Greg, Thank you for your answer. Yes, I installed the dns service in the same time I promoted the windows server. When I checked the windows dns, it seemed to be well populated but there maybe some deep record that I missed. So, when I tried to stop samba windows used it's own dns server. Is there any known issues with the dns replication between Samba4 and Windows ? Best regards, Davy HUBERT DSI/SMI - Unité Systèmes Université Paul-Valéry, Montpellier 3 davy.hub...@univ-montp3.fr Le 24/09/2013 16:25, Gregory Sloop a écrit : If you haven't moved DNS to the Windows box, then you turn off the Samba box, you're going to have serious problems. So, yes, I'd guess it's a DNS problem. [Here's hoping you still have all your limbs :) ] -Greg DH I recently migrated our samba 3 domain to an AD domain using Samba 4 DH classic upgrade tool. DH DNS is provided by the internal dns server of Samba 4. DH I promoted a Windows 2k8 box as a new DC of this domain and I transfer DH all the 5 FSMO roles to this windows box. DH Now I would like to demote the Samba4 DC but when I tried I got this DH message : DH # samba-tool domain demote DH ERROR: Current DC is still the owner of 2 role(s), use the role command DH to transfer roles to another DC DH When check the fsmo roles status via samba-tool fsmo show on linux or DH with ntdsutil on windows it confirms that the Samba 4 DC doesn't own DH anything. DH Then, I tried to just stop samba4 and follow the microsoft procedure to DH remove a failed DC. But when I do that the domain fails, i've got an DH error message when i try to open any AD tool (ADUC for example) saying DH that the domain cannot be found. DH It seems that something is handled by Samba only but I can't figure out DH what. DH Is this a DNS problem ? Should I use Bind ? DH Well, it's not urgent... wait a minute, my boss has a chainsaw, maybe I DH should hurry :D . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with GPO and kerberos
Hi, I have problem with GPO and dns/kerberos resolution I do a samba -i -d3 to a log file and started on client: gpupdate /force: lpcfg_load: refreshing parameters from /srv/samba/etc/smb.conf params.c:pm_process() - Processing configuration file /srv/samba/etc/smb.conf samba version 4.1.0rc2 started. Copyright Andrew Tridgell and the Samba Team 1992-2013 ... ldb_wrap open of privilege.ldb samba: using 'standard' process model ... ldb_wrap open of secrets.ldb ldb_wrap open of idmap.ldb dreplsrv_partition[CN=Configuration,DC=cormandom,DC=int-corman,DC=be] loaded dreplsrv_partition[CN=Schema,CN=Configuration,DC=cormandom,DC=int-corman,DC=be] loaded dreplsrv_partition[DC=cormandom,DC=int-corman,DC=be] loaded dreplsrv_partition[DC=DomainDnsZones,DC=cormandom,DC=int-corman,DC=be] loaded dreplsrv_partition[DC=ForestDnsZones,DC=cormandom,DC=int-corman,DC=be] loaded /usr/local/samba/sbin/smbd: smbd version 4.1.0rc2 started. /usr/local/samba/sbin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2013 /usr/local/samba/sbin/smbd: INFO: Current debug levels: ... kccsrv_partition[CN=Configuration,DC=cormandom,DC=int-corman,DC=be] loaded /usr/local/samba/sbin/smbd: scavenger: 5 kccsrv_partition[CN=Schema,CN=Configuration,DC=cormandom,DC=int-corman,DC=be] loaded kccsrv_partition[DC=DomainDnsZones,DC=cormandom,DC=int-corman,DC=be] loaded /usr/local/samba/sbin/smbd: dns: 5 kccsrv_partition[DC=ForestDnsZones,DC=cormandom,DC=int-corman,DC=be] loaded /usr/local/samba/sbin/smbd: ldb: 5 /usr/local/samba/sbin/smbd: doing parameter log file = /var/log/samba/%U.%m.log /usr/local/samba/sbin/smbd: doing parameter unix charset = ISO-8859-15 /usr/local/samba/sbin/smbd: doing parameter dos charset = ISO-8859-15 /usr/local/samba/sbin/smbd: pm_process() returned Yes /usr/local/samba/sbin/smbd: get_current_groups: user is in 1 groups: 0 /usr/local/samba/sbin/smbd: Registering messaging pointer for type 2 - private_data=(nil) /usr/local/samba/sbin/smbd: Registering messaging pointer for type 9 - private_data=(nil) /usr/local/samba/sbin/smbd: Registered MSG_REQ_POOL_USAGE /usr/local/samba/sbin/smbd: Registering messaging pointer for type 11 - private_data=(nil) /usr/local/samba/sbin/smbd: Registering messaging pointer for type 12 - private_data=(nil) /usr/local/samba/sbin/smbd: Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED /usr/local/samba/sbin/smbd: Registering messaging pointer for type 1 - private_data=(nil) /usr/local/samba/sbin/smbd: Registering messaging pointer for type 5 - private_data=(nil) /usr/local/samba/sbin/smbd: lp_load_ex: refreshing parameters /usr/local/samba/sbin/smbd: Freeing parametrics: /usr/local/samba/sbin/smbd: Initialising global parameters /usr/local/samba/sbin/smbd: rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) /usr/local/samba/sbin/smbd: params.c:pm_process() - Processing configuration file /srv/samba/etc/smb.conf /usr/local/samba/sbin/smbd: Processing section [global] /usr/local/samba/sbin/smbd: doing parameter workgroup = CORMAN /usr/local/samba/sbin/smbd: doing parameter realm = cormandom.int-corman.be /usr/local/samba/sbin/smbd: doing parameter netbios name = ADMIN01 /usr/local/samba/sbin/smbd: doing parameter server role = active directory domain controller /usr/local/samba/sbin/smbd: doing parameter server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc /usr/local/samba/sbin/smbd: doing parameter idmap_ldb:use rfc2307 = yes /usr/local/samba/sbin/smbd: doing parameter acl:search = no /usr/local/samba/sbin/smbd: doing parameter ntp signd socket directory = /srv/samba/ntp_signd/ /usr/local/samba/sbin/smbd: doing parameter pid directory = /var/run/samba /usr/local/samba/sbin/smbd: doing parameter max log size = 5 /usr/local/samba/sbin/smbd: doing parameter log level = 5 /usr/local/samba/sbin/smbd: INFO: Current debug levels: /usr/local/samba/sbin/smbd: all: 5 /usr/local/samba/sbin/smbd: tdb: 5 /usr/local/samba/sbin/smbd: printdrivers: 5 /usr/local/samba/sbin/smbd: lanman: 5 /usr/local/samba/sbin/smbd: smb: 5 /usr/local/samba/sbin/smbd: rpc_parse: 5 /usr/local/samba/sbin/smbd: rpc_srv: 5 /usr/local/samba/sbin/smbd: rpc_cli: 5 /usr/local/samba/sbin/smbd: passdb: 5 /usr/local/samba/sbin/smbd: sam: 5 /usr/local/samba/sbin/smbd: auth: 5 /usr/local/samba/sbin/smbd: winbind: 5 /usr/local/samba/sbin/smbd: vfs: 5 /usr/local/samba/sbin/smbd: idmap: 5 /usr/local/samba/sbin/smbd: quota: 5 /usr/local/samba/sbin/smbd: acls: 5 /usr/local/samba/sbin/smbd: locking: 5 /usr/local/samba/sbin/smbd: msdfs: 5 /usr/local/samba/sbin/smbd: dmapi: 5 /usr/local/samba/sbin/smbd: registry: 5 /usr/local/samba/sbin/smbd: scavenger: 5 /usr/local/samba/sbin/smbd: dns: 5 /usr/local/samba/sbin/smbd: ldb: 5 /usr/local/samba/sbin/smbd: doing parameter log file = /var/log/samba/%U.%m.log /usr/local/samba/sbin/smbd: doing parameter unix charset = ISO-8859-15 /usr/local/samba/sbin/smbd: doing
Re: [Samba] Problem with kerberos and GPO
Hi, anyone can help me ? ty Stéphane --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 06/09/2013 10:22:04: De : Stéphane PURNELLE stephane.purne...@corman.be A : samba@lists.samba.org, Date : 06/09/2013 10:22 Objet : [Samba] Problem with kerberos and GPO Envoyé par : samba-boun...@lists.samba.org Hi, I have problem with GPO and dns/kerberos resolution I do a samba -i -d3 to a log file and started on client: gpupdate /force: lpcfg_load: refreshing parameters from /srv/samba/etc/smb.conf params.c:pm_process() - Processing configuration file /srv/samba/etc/smb.conf samba version 4.1.0rc2 started. Copyright Andrew Tridgell and the Samba Team 1992-2013 ... ldb_wrap open of privilege.ldb samba: using 'standard' process model ... ldb_wrap open of secrets.ldb ldb_wrap open of idmap.ldb dreplsrv_partition[CN=Configuration,DC=cormandom,DC=int-corman,DC=be] loaded dreplsrv_partition[CN=Schema,CN=Configuration,DC=cormandom,DC=int- corman,DC=be] loaded dreplsrv_partition[DC=cormandom,DC=int-corman,DC=be] loaded dreplsrv_partition[DC=DomainDnsZones,DC=cormandom,DC=int-corman,DC=be] loaded dreplsrv_partition[DC=ForestDnsZones,DC=cormandom,DC=int-corman,DC=be] loaded /usr/local/samba/sbin/smbd: smbd version 4.1.0rc2 started. /usr/local/samba/sbin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2013 /usr/local/samba/sbin/smbd: INFO: Current debug levels: ... kccsrv_partition[CN=Configuration,DC=cormandom,DC=int-corman,DC=be] loaded /usr/local/samba/sbin/smbd: scavenger: 5 kccsrv_partition[CN=Schema,CN=Configuration,DC=cormandom,DC=int-corman,DC=be] loaded kccsrv_partition[DC=DomainDnsZones,DC=cormandom,DC=int-corman,DC=be] loaded /usr/local/samba/sbin/smbd: dns: 5 kccsrv_partition[DC=ForestDnsZones,DC=cormandom,DC=int-corman,DC=be] loaded /usr/local/samba/sbin/smbd: ldb: 5 /usr/local/samba/sbin/smbd: doing parameter log file = /var/log/samba/%U.%m.log /usr/local/samba/sbin/smbd: doing parameter unix charset = ISO-8859-15 /usr/local/samba/sbin/smbd: doing parameter dos charset = ISO-8859-15 /usr/local/samba/sbin/smbd: pm_process() returned Yes /usr/local/samba/sbin/smbd: get_current_groups: user is in 1 groups: 0 /usr/local/samba/sbin/smbd: Registering messaging pointer for type 2 - private_data=(nil) /usr/local/samba/sbin/smbd: Registering messaging pointer for type 9 - private_data=(nil) /usr/local/samba/sbin/smbd: Registered MSG_REQ_POOL_USAGE /usr/local/samba/sbin/smbd: Registering messaging pointer for type 11 - private_data=(nil) /usr/local/samba/sbin/smbd: Registering messaging pointer for type 12 - private_data=(nil) /usr/local/samba/sbin/smbd: Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED /usr/local/samba/sbin/smbd: Registering messaging pointer for type 1 - private_data=(nil) /usr/local/samba/sbin/smbd: Registering messaging pointer for type 5 - private_data=(nil) /usr/local/samba/sbin/smbd: lp_load_ex: refreshing parameters /usr/local/samba/sbin/smbd: Freeing parametrics: /usr/local/samba/sbin/smbd: Initialising global parameters /usr/local/samba/sbin/smbd: rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) /usr/local/samba/sbin/smbd: params.c:pm_process() - Processing configuration file /srv/samba/etc/smb.conf /usr/local/samba/sbin/smbd: Processing section [global] /usr/local/samba/sbin/smbd: doing parameter workgroup = CORMAN /usr/local/samba/sbin/smbd: doing parameter realm = cormandom.int-corman.be /usr/local/samba/sbin/smbd: doing parameter netbios name = ADMIN01 /usr/local/samba/sbin/smbd: doing parameter server role = active directory domain controller /usr/local/samba/sbin/smbd: doing parameter server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc /usr/local/samba/sbin/smbd: doing parameter idmap_ldb:use rfc2307 = yes /usr/local/samba/sbin/smbd: doing parameter acl:search = no /usr/local/samba/sbin/smbd: doing parameter ntp signd socket directory = /srv/samba/ntp_signd/ /usr/local/samba/sbin/smbd: doing parameter pid directory = /var/run/samba /usr/local/samba/sbin/smbd: doing parameter max log size = 5 /usr/local/samba/sbin/smbd: doing parameter log level = 5 /usr/local/samba/sbin/smbd: INFO: Current debug levels: /usr/local/samba/sbin/smbd: all: 5 ... /usr/local/samba/sbin/smbd: doing parameter log file = /var/log/samba/%U.%m.log /usr/local/samba/sbin/smbd: doing parameter unix charset = ISO-8859-15 /usr/local/samba/sbin/smbd: doing parameter dos charset = ISO-8859-15 /usr/local/samba/sbin/smbd: Processing section [netlogon] /usr/local/samba/sbin/smbd: doing parameter path = /srv/samba/sysvol/int-corman.be/scripts /usr/local/samba/sbin/smbd: doing parameter read only = No /usr/local/samba/sbin/smbd
[Samba] Problem with kerberos and GPO
Hi, I have problem with GPO and dns/kerberos resolution I do a samba -i -d3 to a log file and started on client: gpupdate /force: lpcfg_load: refreshing parameters from /srv/samba/etc/smb.conf params.c:pm_process() - Processing configuration file /srv/samba/etc/smb.conf samba version 4.1.0rc2 started. Copyright Andrew Tridgell and the Samba Team 1992-2013 ... ldb_wrap open of privilege.ldb samba: using 'standard' process model ... ldb_wrap open of secrets.ldb ldb_wrap open of idmap.ldb dreplsrv_partition[CN=Configuration,DC=cormandom,DC=int-corman,DC=be] loaded dreplsrv_partition[CN=Schema,CN=Configuration,DC=cormandom,DC=int-corman,DC=be] loaded dreplsrv_partition[DC=cormandom,DC=int-corman,DC=be] loaded dreplsrv_partition[DC=DomainDnsZones,DC=cormandom,DC=int-corman,DC=be] loaded dreplsrv_partition[DC=ForestDnsZones,DC=cormandom,DC=int-corman,DC=be] loaded /usr/local/samba/sbin/smbd: smbd version 4.1.0rc2 started. /usr/local/samba/sbin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2013 /usr/local/samba/sbin/smbd: INFO: Current debug levels: ... kccsrv_partition[CN=Configuration,DC=cormandom,DC=int-corman,DC=be] loaded /usr/local/samba/sbin/smbd: scavenger: 5 kccsrv_partition[CN=Schema,CN=Configuration,DC=cormandom,DC=int-corman,DC=be] loaded kccsrv_partition[DC=DomainDnsZones,DC=cormandom,DC=int-corman,DC=be] loaded /usr/local/samba/sbin/smbd: dns: 5 kccsrv_partition[DC=ForestDnsZones,DC=cormandom,DC=int-corman,DC=be] loaded /usr/local/samba/sbin/smbd: ldb: 5 /usr/local/samba/sbin/smbd: doing parameter log file = /var/log/samba/%U.%m.log /usr/local/samba/sbin/smbd: doing parameter unix charset = ISO-8859-15 /usr/local/samba/sbin/smbd: doing parameter dos charset = ISO-8859-15 /usr/local/samba/sbin/smbd: pm_process() returned Yes /usr/local/samba/sbin/smbd: get_current_groups: user is in 1 groups: 0 /usr/local/samba/sbin/smbd: Registering messaging pointer for type 2 - private_data=(nil) /usr/local/samba/sbin/smbd: Registering messaging pointer for type 9 - private_data=(nil) /usr/local/samba/sbin/smbd: Registered MSG_REQ_POOL_USAGE /usr/local/samba/sbin/smbd: Registering messaging pointer for type 11 - private_data=(nil) /usr/local/samba/sbin/smbd: Registering messaging pointer for type 12 - private_data=(nil) /usr/local/samba/sbin/smbd: Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED /usr/local/samba/sbin/smbd: Registering messaging pointer for type 1 - private_data=(nil) /usr/local/samba/sbin/smbd: Registering messaging pointer for type 5 - private_data=(nil) /usr/local/samba/sbin/smbd: lp_load_ex: refreshing parameters /usr/local/samba/sbin/smbd: Freeing parametrics: /usr/local/samba/sbin/smbd: Initialising global parameters /usr/local/samba/sbin/smbd: rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) /usr/local/samba/sbin/smbd: params.c:pm_process() - Processing configuration file /srv/samba/etc/smb.conf /usr/local/samba/sbin/smbd: Processing section [global] /usr/local/samba/sbin/smbd: doing parameter workgroup = CORMAN /usr/local/samba/sbin/smbd: doing parameter realm = cormandom.int-corman.be /usr/local/samba/sbin/smbd: doing parameter netbios name = ADMIN01 /usr/local/samba/sbin/smbd: doing parameter server role = active directory domain controller /usr/local/samba/sbin/smbd: doing parameter server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc /usr/local/samba/sbin/smbd: doing parameter idmap_ldb:use rfc2307 = yes /usr/local/samba/sbin/smbd: doing parameter acl:search = no /usr/local/samba/sbin/smbd: doing parameter ntp signd socket directory = /srv/samba/ntp_signd/ /usr/local/samba/sbin/smbd: doing parameter pid directory = /var/run/samba /usr/local/samba/sbin/smbd: doing parameter max log size = 5 /usr/local/samba/sbin/smbd: doing parameter log level = 5 /usr/local/samba/sbin/smbd: INFO: Current debug levels: /usr/local/samba/sbin/smbd: all: 5 ... /usr/local/samba/sbin/smbd: doing parameter log file = /var/log/samba/%U.%m.log /usr/local/samba/sbin/smbd: doing parameter unix charset = ISO-8859-15 /usr/local/samba/sbin/smbd: doing parameter dos charset = ISO-8859-15 /usr/local/samba/sbin/smbd: Processing section [netlogon] /usr/local/samba/sbin/smbd: doing parameter path = /srv/samba/sysvol/int-corman.be/scripts /usr/local/samba/sbin/smbd: doing parameter read only = No /usr/local/samba/sbin/smbd: Processing section [sysvol] /usr/local/samba/sbin/smbd: doing parameter path = /srv/samba/sysvol /usr/local/samba/sbin/smbd: doing parameter read only = No /usr/local/samba/sbin/smbd: Processing section [homes] /usr/local/samba/sbin/smbd: doing parameter comment = Repertoire Home /usr/local/samba/sbin/smbd: doing parameter path = /rsrv/vol1/home/%U /usr/local/samba/sbin/smbd: doing parameter force user = %U /usr/local/samba/sbin/smbd: doing parameter read only = No /usr/local/samba/sbin/smbd: doing parameter directory mask = 0700 /usr/local/samba/sbin/smbd: doing parameter browseable = No
[Samba] Problem in Windows Dc replication due to Samba4
Hi all, Ours is a setup of 30 Windows multi master DCs currently running with different servers (windows 2003 , Windows 2008 , Windows 2008 R2) . Till now it is running there is no issues with replication among the Winodws servers. Now recently i joined a Samba4 DC in the network as a replicating multi master DC. Everything goes fine for few hours but suddenly i got errors in Windows DC. The Windows 2008 R2 servers can replicate only among themselves and it cannot replicate to Windows 2003 and Windows 2008 servers and Samba server. The error code and solution is given as http://support.microsoft.com/kb/837932 But none of the solutions proposed in this page works. Has anybody comes across this issue before?I dont know whether this issue has arised really due to Samba4 Dc or how it would have arised. Infact i dont want a solution for Windows DC, but want to know whether Samba can be the root cause for this. Because till the moment i start the samba server , this error was not there. This has really became big headache and somebody kindly throw some lights on this issue. -- Regards., Prema S CDAC Chennai -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with nslcd and samba
Hi, I try to use nslcd with samba 4 for get suers and group for AD. if I do a ldapsearch, I have a message : Server not in kerberos database if I do a getent passwd, nslcd display same error message. log of samba4: [2013/08/28 10:15:47, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: TGS-REQ administra...@cormandom.int-corman.be from ipv4:10.217.7.3:40947 for ldap/admin01.cormandom.int-corman...@cormandom.int-corman.be [canonicalize, renewable] [2013/08/28 10:15:47, 4] ../source4/dsdb/samdb/cracknames.c:169(LDB_lookup_spn_alias) LDB_lookup_spn_alias: no alias for service ldap applicable [2013/08/28 10:15:47, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Searching referral for admin01.cormandom.int-corman.be [2013/08/28 10:15:47, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Server not found in database: ldap/admin01.cormandom.int-corman...@cormandom.int-corman.be: no such entry found in hdb [2013/08/28 10:15:47, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Failed building TGS-REP to ipv4:10.217.7.3:40947 [2013/08/28 10:15:47, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: TGS-REQ administra...@cormandom.int-corman.be from ipv4:10.217.7.3:38379 for ldap/admin01.cormandom.int-corman...@cormandom.int-corman.be [renewable] [2013/08/28 10:15:47, 4] ../source4/dsdb/samdb/cracknames.c:169(LDB_lookup_spn_alias) LDB_lookup_spn_alias: no alias for service ldap applicable [2013/08/28 10:15:47, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Server not found in database: ldap/admin01.cormandom.int-corman...@cormandom.int-corman.be: no such entry found in hdb [2013/08/28 10:15:47, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Failed building TGS-REP to ipv4:10.217.7.3:38379 [2013/08/28 10:15:47, 3] ../source4/smbd/service_stream.c:63(stream_terminate_connection) Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' [2013/08/28 10:15:47, 5] ../source4/lib/messaging/messaging.c:554(imessaging_cleanup) imessaging: cleaning up /srv/samba/private/smbd.tmp/msg/msg.17615.25 [2013/08/28 10:15:47, 3] ../source4/smbd/process_single.c:114(single_terminate) single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] output of ldapsearch SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) DNS config: BIND_DLZ Version of samba: samba 4.1rc1 anyone have idea ? best regards, Stéphane --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with nslcd and samba
On Wed, 2013-08-28 at 10:34 +0200, Stéphane PURNELLE wrote: Hi, I try to use nslcd with samba 4 for get suers and group for AD. if I do a ldapsearch, I have a message : Server not in kerberos database Hi You get those errors when you are not joined to the domain. Is this the DC or a client? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with nslcd and samba
Hi, On the DC File-server and DC are on the same server. --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 28/08/2013 10:58:19: De : steve st...@steve-ss.com A : samba@lists.samba.org, Date : 28/08/2013 10:59 Objet : Re: [Samba] Problem with nslcd and samba Envoyé par : samba-boun...@lists.samba.org On Wed, 2013-08-28 at 10:34 +0200, Stéphane PURNELLE wrote: Hi, I try to use nslcd with samba 4 for get suers and group for AD. if I do a ldapsearch, I have a message : Server not in kerberos database Hi You get those errors when you are not joined to the domain. Is this the DC or a client? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with nslcd and samba
On Wed, 2013-08-28 at 11:03 +0200, Stéphane PURNELLE wrote: Hi, On the DC File-server and DC are on the same server. Hi Is it really there? nslookup admin01 ldbsearch --url=/usr/local/samba/private/sam.ldb cn=admin01 samba-tool domain exportkeytab /tmp/test.keytab --principal=ADMIN01$ klist -k Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with nslcd and samba
Hi Steve nslookup : OK ldbsearch --url=/usr/local/samba/private/sam.ldb cn=admin01: see output file steve2.log samba-tool domain exportkeytab /tmp/test.keytab --principal=ADMIN01$: see output file steve3.log klist -k: see output file steve4.log This last command has a bad result for me. But I don't know why. regards Stéphane --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 De :steve st...@steve-ss.com A : samba@lists.samba.org, Date : 28/08/2013 11:52 Objet : Re: [Samba] Problem with nslcd and samba Envoyé par :samba-boun...@lists.samba.org On Wed, 2013-08-28 at 11:03 +0200, Stéphane PURNELLE wrote: Hi, On the DC File-server and DC are on the same server. Hi Is it really there? nslookup admin01 ldbsearch --url=/usr/local/samba/private/sam.ldb cn=admin01 samba-tool domain exportkeytab /tmp/test.keytab --principal=ADMIN01$ klist -k Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem authenticating from standalone servers via Samba 3.0.34 domain member servers to Samba 3.2.5 domain controller
I think I've come across this same problem, although I'm migrating from 3.0.33 (CentOS5) to 3.6 (CentOS6). I've migrated the domain controller from 3.0.33 to 3.6 first. I dumped and restored the passwd, secrets and schannel_store tdb files from 3.0 to 3.6, and also migrated the linux accounts and groups. Windows XP clients are able to log into the domain. However, the 3.0.33 file server is unable to find the domain controller. I can see the shares on the DC from the file server: # net rpc -S tacs-dc.stor -U shubes SHARE Password: homes admin ops r3i IPC$ shubes # However, the file server cannot find the DC: # net rpc trustdom list Unable to find a suitable server [2013/08/25 08:26:15, 0] utils/net_rpc.c:rpc_trustdom_list(6083) Couldn't connect to domain controller # I'm also seeing this in the file server's log: [2013/08/25 07:45:43, 3] libsmb/namequery.c:get_dc_list(1495) get_dc_list: preferred server list: , tacs-dc.stor [2013/08/25 07:45:43, 3] libsmb/namequery.c:resolve_lmhosts(966) resolve_lmhosts: Attempting lmhosts lookup for name tacs-dc.stor0x20 [2013/08/25 07:45:43, 3] libsmb/namequery.c:resolve_wins(863) resolve_wins: Attempting wins lookup for name tacs-dc.stor0x20 [2013/08/25 07:45:43, 3] libsmb/namequery.c:resolve_wins(866) resolve_wins: WINS server resolution selected and no WINS servers listed. [2013/08/25 07:45:43, 3] libsmb/namequery.c:resolve_hosts(1029) resolve_hosts: Attempting host lookup for name tacs-dc.stor0x20 [2013/08/25 07:45:48, 3] libsmb/trusts_util.c:enumerate_domain_trusts(167) enumerate_domain_trusts: can't locate a DC for domain R3I The domain SID in the secrets.tdb files on both hosts match the SID of the the DC host. I figure there's something I've missed in migrating the DC that has broken the trust, but haven't been able to find the problem yet. Any ideas will be appreciated. Thanks. -- -Eric 'shubes' On 01/24/2010 02:33 PM, Michael Lenaghan wrote: We recently upgraded our PDC from Debian 4 to Debian 5. That entailed an upgrade of Samba from 3.0.24 to 3.2.5. Since the upgrade we've had a very specific problem connecting to shares on a commercial NAS running Samba 3.0.34. The problem happens when users try to connect to shares from standalone servers--e.g., Windows XP Pro boxes that we use for testing. From those boxes users should be able to expand the domain in My Network Places\Entire Network\Microsoft Windows Network, navigate to the NAS, click on it and then get a login dialog where they can supply domain credentials. What instead happens is that they're told There are currently no logon servers available…. I have run across problems connecting one version of Samba to another in the past. In those cases I've been able to track down a bug report. In this case I haven't been able to find a report that matches my test case so I'm looking for a possible mis-configuration that may have lain dormant until the PDC was upgraded. (Of course, it's possible that I just missed a bug report; I'm still looking.) In order to investigate this problem I configured two Debian boxes as domain member servers--one with Debian 4 (Samba 3.0.24) and one with Debian 5 (Samba 3.2.5). On each box I installed nothing but samba and winbind. I copied the smb.conf [global] section from the NAS and just did the essential configuration: smbpsswd -a root, net rpc join, winbind in nsswitch.conf. (Actually, I'm not sure winbind has anything to do with this--but I was trying to replicate the NAS setup.) After those steps I selected both boxes in Explorer from a standalone server. The Debian 4 box showed the same problem as the NAS while the Debian 5 box worked as expected. (In both cases the PDC was the newly upgraded box running Samba 3.2.5.) Everything I've tried seems to indicate that things are properly configured--with the exception of wbinfo --getdcname HQ which returns Could not get dc name for HQ and wbinfo -a ... which also fails. Those two things are probably related--but as you can see below all other wbinfo commands work correctly. Is this a known issue that I missed? Any thoughts on where to look further? Thanks. === smb.conf from Debian 5 domain controller (partial): [global] security = user workgroup = HQ domain logons = yes domain master = yes local master = yes preferred master = yes os level = 65 wins support = yes dns proxy = no name resolve order = lmhosts wins host bcast smb ports = 139 time server = yes panic action = /usr/share/samba/panic-action %d log file = /var/log/samba/log.%m log level = 2 passdb backend = ldapsam:ldap://srv ldapsam:trusted = yes ldap ssl = start_tls ldap suffix = ... ... username map = /etc/samba/smbusers ...scripts... logon path = logon drive = H: logon home = \\nas\%U logon script = logon.bat encrypt passwords = yes admin users = root guest account = Guest map to guest = bad user ...printing... idmap alloc backend = ldap ... idmap config HQ:default = yes idmap config HQ:backend = ldap ... winbind enum
[Samba] Problem with klist -k and smbclient
I am having two problems when testing the samba4 installation this problem is when running smbclient //localhost/netlogon -Uadministrator% -c 'ls' sienicdc1:/home/eduardo # smbclient //localhost/netlogon -Uadministrator% -c 'ls' Anonymous login successful Domain=[SIENIC] OS=[Unix] Server=[Samba 4.0.8] tree connect failed: NT_STATUS_ACCESS_DENIED and this one is when running klist -k sienicdc1:/home/eduardo # klist -k Keytab name: FILE:/etc/krb5.keytab klist: no such file or directory while starting keytab scan all the test commands in the samba4 how to has been sucessful, just this two outputs these errors thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with klist -k and smbclient
On Fri, 2013-08-23 at 17:15 +, Eduardo Sotomayor wrote: I am having two problems when testing the samba4 installation and this one is when running klist -k sienicdc1:/home/eduardo # klist -k Keytab name: FILE:/etc/krb5.keytab klist: no such file or directory while starting keytab scan all the test commands in the samba4 how to has been sucessful, just this two outputs these errors Hi An off the shelf samba4 install doesn't need nor produce a keytab. hth -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem to demote samba4 dc
Hello Andrew, Sorry for waiting so long to answer you but I would like to be sure to try every thing before. So, I tried to shut down samba and follow the procedure to remove a failed DC, but I when shut down samba my windows DC failed saying me that the domain could not be found when i launched any AD tool (ADUC or Sites and services...). Then, I tried to do it with samba online (thinking there was maybe a dns trick), but it seems that my Windows DC miss something and again i have got this message the domain could not be found. So well, I decided to keep going on and clean any reference of the samba server every where : in directory first using a metadata cleanup through ntdsutil and then in dns manually, but my domain still failed. It seems that windows can't sync something that samba holds but i can't figure out what. I'm stuck at this point now. Best regards, Davy HUBERT DSI/SMI - Unité Systèmes Université Paul-Valéry, Montpellier 3 davy.hub...@univ-montp3.fr Le 05/08/2013 07:17, Andrew Bartlett a écrit : On Fri, 2013-08-02 at 08:34 -0300, Jonis Maurin Ceará wrote: But what roles Andrew? All 5 roles are already on windows DC. What's those 2 left roles and how can we transfer? What I'm saying is just follow whatever advise Microsoft gives for using their GUI tools to remove a dead DC from the AD domain. It shouldn't matter that it's a Samba DC. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem to demote samba4 dc
On Fri, 2013-08-02 at 08:34 -0300, Jonis Maurin Ceará wrote: But what roles Andrew? All 5 roles are already on windows DC. What's those 2 left roles and how can we transfer? What I'm saying is just follow whatever advise Microsoft gives for using their GUI tools to remove a dead DC from the AD domain. It shouldn't matter that it's a Samba DC. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem to demote samba4 dc
But what roles Andrew? All 5 roles are already on windows DC. What's those 2 left roles and how can we transfer? Em 01/08/2013 23:11, Andrew Bartlett escreveu: On Wed, 2013-07-31 at 15:10 +0200, Davy HUBERT wrote: Hi all, I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. Well, every seems to work fine since i'm still alive ;) . I promoted a Windows 2k8 box as a new DC of this domain and I transfer the 5 FSMO roles to it. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via samba-tool fsmo show it confirms that the Samba 4 DC doesn't own anything. How can I manage to demote the Samba 4 box ? The best option would be to turn off the Samba DC, and then use ADUC on Windows and tell it that the Samba DC is permanently off-line. The roles can be seized from there. Andrew Bartlett -- = *Jonis Maurin Ceará* Analista de Sistemas FEA-RP/USP - Ramal: 42-4485 / 42-3927 DDR: (16) 3602-4485 / 3602-3927 Atendimento Web: http://sistemas.fearp.usp.br/suporte = -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem to demote samba4 dc
On Wed, 2013-07-31 at 15:10 +0200, Davy HUBERT wrote: Hi all, I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. Well, every seems to work fine since i'm still alive ;) . I promoted a Windows 2k8 box as a new DC of this domain and I transfer the 5 FSMO roles to it. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via samba-tool fsmo show it confirms that the Samba 4 DC doesn't own anything. How can I manage to demote the Samba 4 box ? The best option would be to turn off the Samba DC, and then use ADUC on Windows and tell it that the Samba DC is permanently off-line. The roles can be seized from there. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem to demote samba4 dc
Hi all, I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. Well, everything seems to work fine since i'm still alive ;) . I promoted a Windows 2k8 box as a new DC of this domain and I transfer the 5 FSMO roles to it. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via samba-tool fsmo show it confirms that the Samba 4 DC doesn't own anything. How can I manage to demote the Samba 4 box ? Best regards, Davy. -- Davy HUBERT DSI/SMI - Unité Systèmes Université Paul-Valéry, Montpellier 3 davy.hub...@univ-montp3.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem to demote samba4 dc
I had the same problem some days ago.no reply from list and still with same problem :( Em 31/07/2013 10:35, Davy HUBERT escreveu: Hi all, I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. Well, everything seems to work fine since i'm still alive ;) . I promoted a Windows 2k8 box as a new DC of this domain and I transfer the 5 FSMO roles to it. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via samba-tool fsmo show it confirms that the Samba 4 DC doesn't own anything. How can I manage to demote the Samba 4 box ? Best regards, Davy. -- = *Jonis Maurin Ceará* Analista de Sistemas FEA-RP/USP - Ramal: 42-4485 / 42-3927 DDR: (16) 3602-4485 / 3602-3927 Atendimento Web: http://sistemas.fearp.usp.br/suporte = -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem to demote samba4 dc
Hello Davy, Am 31.07.2013 15:35, schrieb Davy HUBERT: I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. Well, everything seems to work fine since i'm still alive ;) . I promoted a Windows 2k8 box as a new DC of this domain and I transfer the 5 FSMO roles to it. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via samba-tool fsmo show it confirms that the Samba 4 DC doesn't own anything. How can I manage to demote the Samba 4 box ? * How did you transfered the roles to to your Samba DC? (through windows, samba-tool, ...?) * What Samba version are you running? fsmo seize wasn't working for a while: https://bugzilla.samba.org/show_bug.cgi?id=9461 * Any errors/messages in the log when you transfer the roles? Please give some more information, to make it easier to help. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem to demote samba4 dc
I had this happen the other day and ran it down to the DomainDNS and ForestDNS not transferring fully. I haven't yet had time to file a bug on this. Ricky On Wed, Jul 31, 2013 at 8:35 AM, Davy HUBERT davy.hub...@univ-montp3.frwrote: Hi all, I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. Well, everything seems to work fine since i'm still alive ;) . I promoted a Windows 2k8 box as a new DC of this domain and I transfer the 5 FSMO roles to it. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via samba-tool fsmo show it confirms that the Samba 4 DC doesn't own anything. How can I manage to demote the Samba 4 box ? Best regards, Davy. -- Davy HUBERT DSI/SMI - Unité Systèmes Université Paul-Valéry, Montpellier 3 davy.hub...@univ-montp3.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem to demote samba4 dc
In my case, all transfer was made using windows GUI and no errors, everything fine.except those 2 'extra' roles, which i don't know (and fsmo show doesn't show). Em 31/07/2013 11:00, Ricky Nance escreveu: I had this happen the other day and ran it down to the DomainDNS and ForestDNS not transferring fully. I haven't yet had time to file a bug on this. Ricky On Wed, Jul 31, 2013 at 8:35 AM, Davy HUBERT davy.hub...@univ-montp3.frwrote: Hi all, I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. Well, everything seems to work fine since i'm still alive ;) . I promoted a Windows 2k8 box as a new DC of this domain and I transfer the 5 FSMO roles to it. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via samba-tool fsmo show it confirms that the Samba 4 DC doesn't own anything. How can I manage to demote the Samba 4 box ? Best regards, Davy. -- Davy HUBERT DSI/SMI - Unité Systèmes Université Paul-Valéry, Montpellier 3 davy.hub...@univ-montp3.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- = *Jonis Maurin Ceará* Analista de Sistemas FEA-RP/USP - Ramal: 42-4485 / 42-3927 DDR: (16) 3602-4485 / 3602-3927 Atendimento Web: http://sistemas.fearp.usp.br/suporte = -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem to demote samba4 dc
Hello Marc, Le 31/07/2013 15:50, Marc Muehlfeld a écrit : Hello Davy, Am 31.07.2013 15:35, schrieb Davy HUBERT: I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. Well, everything seems to work fine since i'm still alive ;) . I promoted a Windows 2k8 box as a new DC of this domain and I transfer the 5 FSMO roles to it. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via samba-tool fsmo show it confirms that the Samba 4 DC doesn't own anything. How can I manage to demote the Samba 4 box ? * How did you transfered the roles to to your Samba DC? (through windows, samba-tool, ...?) I transfered the roles through windows from Samba to Windows ;) so now window has all fsmo roles and i can't demote the samba dc. * What Samba version are you running? fsmo seize wasn't working for a while: https://bugzilla.samba.org/show_bug.cgi?id=9461 # samba -V Version 4.0.6 * Any errors/messages in the log when you transfer the roles? Nop :( Please give some more information, to make it easier to help. Regards, Marc Thank you for your help :) Regards, Davy HUBERT DSI/SMI - Unité Systèmes Université Paul-Valéry, Montpellier 3 davy.hub...@univ-montp3.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem to demote samba4 dc
Hi all, I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. Well, every seems to work fine since i'm still alive ;) . I promoted a Windows 2k8 box as a new DC of this domain and I transfer the 5 FSMO roles to it. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via samba-tool fsmo show it confirms that the Samba 4 DC doesn't own anything. How can I manage to demote the Samba 4 box ? Best regards, Davy. -- Davy HUBERT DSI/SMI - Unité Systèmes Université Paul-Valéry, Montpellier 3 davy.hub...@univ-montp3.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with Microsoft.com domain address translation in Samba 4 AD.
Hi, First of all I’d like to thank Samba 4 Dev Team. New Samba is a great product. I want to replace old Windows 2000 SBS in my school network. I’mtesting Samba in Virtualbox with 2 network cards. 1st network card (eth0) is connected to the Internet. Next card is connected to the Internal network (eth1) All of interfaces have assigned static IP I use Internal DNS, I also added iptables rules to redirect traffic to the router (of course I configured DNS server). I have Ubuntu Server 12.04 LTS. When I’ve tried visit Microsoft.com I get DNS error. I haven’t any problems with other websites such as Google or Youtube. I don’t know what I should do in that case. Best regards. Adrian Kastrau -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem in Samba server Replication
Dear all, I have a setup of MultiDCs currently running in Windows 2008 R2 . Now I have successfully joined a Samba4 DC (gt version) with my Windows DC. Replication works perfectly from Windows Dc to Samba DC., but the other way is not working. When i add a user in samba dc it is not getting replicated to Windows DC. samba-tool drs showrepl shows 0 consecutive failures and when i force for a replication from samba Dc to any of my Windows DC from Sites and Services the system just hangs. Also the NTDS replication settings lists all the 20 Windows DC. Even if i delete them and keep only 2 servers for replication, within few mins it refreshes and shows all the 20 servers again. How can i restrict the replication servers list in samba and how to achieve a two way replication in samba. More info available if needed. -- Regards., Prema S -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem logon on WinXP : returning logon svr \\EASYBOURSE domain EB code 13 token=ffff
HI ! I have a problem with nmbd, i can't logon on a WinXP machine (wfassi-PC ,everything was alright until at a moment user coudnt connect anymore) , here is log.nmbd : [2013/07/15 16:39:26, 5] libsmb/nmblib.c:797(read_packet) Received a packet of len 50 from (192.168.0.89) port 137 [2013/07/15 16:39:26, 4] libsmb/nmblib.c:106(debug_nmb_packet) nmb packet from 192.168.0.89(137) header: id=32801 opcode=Query(0) response=No header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=EB1c q_type=32 q_class=1 [2013/07/15 16:39:26, 3] nmbd/nmbd_incomingrequests.c:453(process_name_query_request) process_name_query_request: Name query from 192.168.0.89 on subnet 192.168.0.251 for name EB1c [2013/07/15 16:39:26, 3] nmbd/nmbd_incomingrequests.c:568(process_name_query_request) OK [2013/07/15 16:39:26, 4] nmbd/nmbd_packets.c:945(reply_netbios_packet) reply_netbios_packet: sending a reply of packet type: nmb_query EB1c to ip 192.168.0.89 for id 32801 [2013/07/15 16:39:26, 4] libsmb/nmblib.c:106(debug_nmb_packet) nmb packet from 192.168.0.89(137) header: id=32801 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=EB1c rr_type=32 rr_class=1 ttl=259200 answers 0 char .. hex E000C0A800FB [2013/07/15 16:39:26, 5] libsmb/nmblib.c:819(send_udp) Sending a packet of len 62 to (192.168.0.89) on port 137 [2013/07/15 16:39:26, 4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for EB on subnet 192.168.0.251: found. [2013/07/15 16:39:26, 4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for EB on subnet UNICAST_SUBNET: found. [2013/07/15 16:39:26, 4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for EB on subnet UNICAST_SUBNET: found. [2013/07/15 16:39:26, 5] libsmb/nmblib.c:797(read_packet) Received a packet of len 266 from (192.168.0.89) port 138 *[2013/07/15 16:39:26, 4] nmbd/nmbd_packets.c:1281(process_dgram)** ** process_dgram: datagram from WFASSI-PC00 to EB1c IP 192.168.0.89 for \MAILSLOT\NET\NETLOGON of type 18 len=92* [2013/07/15 16:39:26, 4] nmbd/nmbd_processlogon.c:116(process_logon_packet) process_logon_packet: Logon from 192.168.0.89: code = 0x12 [2013/07/15 16:39:26, 5] nmbd/nmbd_processlogon.c:354(process_logon_packet) process_logon_packet: LOGON_SAM_LOGON_REQUEST sidsize 24, len = 92 [2013/07/15 16:39:26, 5] nmbd/nmbd_processlogon.c:361(process_logon_packet) process_logon_packet: len = 92 PTR_DIFF(q, buf) = 84 [2013/07/15 16:39:26, 3] nmbd/nmbd_processlogon.c:386(process_logon_packet) process_logon_packet: LOGON_SAM_LOGON_REQUEST sidsize 24 ntv 11 [2013/07/15 16:39:26, 5] nmbd/nmbd_processlogon.c:395(process_logon_packet) process_logon_packet: LOGON_SAM_LOGON_REQUEST user *[2013/07/15 16:39:26, 5] nmbd/nmbd_processlogon.c:402(process_logon_packet)** ** process_logon_packet: LOGON_SAM_LOGON_REQUEST request from WFASSI-PC(192.168.0.89) for , returning logon svr \\EASYBOURSE domain EB code 13 token=* [2013/07/15 16:39:26, 4] ../lib/util/util.c:304(_dump_data) [] 15 00 5C 00 5C 00 45 00 41 00 53 00 59 00 42 00 ..\.\.E. A.S.Y.B. [0010] 4F 00 55 00 52 00 53 00 45 00 00 00 00 00 45 00 O.U.R.S. E.E. [0020] 42 00 00 00 01 00 00 00 FF FF FF FF B... [2013/07/15 16:39:26, 3] nmbd/nmbd_processlogon.c:667(process_logon_packet) process_logon_packet: processing delayed initial logon reply for client WFASSI-PC(192.168.0.89) *[2013/07/15 16:39:26, 4] nmbd/nmbd_packets.c:1972(send_mailslot)** ** send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC042 from EASYBOURSE00 IP 192.168.0.251 to WFASSI-PC00 IP 192.168.0.89* [2013/07/15 16:39:26, 4] nmbd/nmbd_packets.c:95(debug_browse_data) debug_browse_data(): 0 char ..\.\.E.A.S.Y.B. hex 15 00 5c 00 5c 00 45 00 41 00 53 00 59 00 42 00 10 char O.U.R.S.E.E. hex 4f 00 55 00 52 00 53 00 45 00 00 00 00 00 45 00 20 char B... hex 42 00 00 00 01 00 00 00 ff ff ff ff [2013/07/15 16:39:26, 5] libsmb/nmblib.c:819(send_udp) Sending a packet of len 218 to (192.168.0.89) on port 138 [2013/07/15 16:39:26, 4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for EB on subnet 192.168.0.251: found. [2013/07/15 16:39:26, 4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for EB on subnet UNICAST_SUBNET: found. [2013/07/15 16:39:26, 4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for EB on subnet UNICAST_SUBNET: found. [2013/07/15 16:39:26, 5] libsmb/nmblib.c:797(read_packet)
Re: [Samba] problem over vpn
Using openvpn in bridge mode and you are up and running! No cisco would serve the same job. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von David González Herrera - [DGHVoIP] Gesendet: Dienstag, 25. Juni 2013 17:23 An: Roberto Scattini Cc: samba@lists.samba.org Betreff: Re: [Samba] problem over vpn On 6/25/2013 10:12 AM, Roberto Scattini wrote: hi david, On Tue, Jun 25, 2013 at 12:06 PM, David González Herrera - [DGHVoIP] i...@dghvoip.com wrote: On 6/25/2013 9:58 AM, Roberto Scattini wrote: hi all, i have a Samba version 3.2.5 server running in a debian 5.0.8 (a little old, i know...). the network setup is: -one local office using samba -one remote office (we call it cberg) using samba remotely over a vpn (linksys-cisco) Here's you problem don't use cisco. -another remote office (we call it colon) using samba remotely over a vpn (linksys-cisco) Another problem ok, that's beyond my possibilities... :-( No problem that was just a practical joke, just make sure that the interfaces samba listens on do include your VPN interface if you're using routing on the VPN and that port forward is properly configured and the router advertises the VPN routes to client computers. I would recommend using wireshark to capture the packets and verify proper routing, also make sure that samba is starting after the VPN link is up so it's listening on the proper interface. i do have the traffic capture on both ends, where i can upload them? Well, I wouldn't know what to do with the capture because I'm no expert reading that but there's lots of gurus here so they might guide you further. Cheers. thanks -- David Gonzalez DGHVoIP USA: MOBILE: +1.646.559.6200 COL: +57.1.382.6718 COL: +57.4.247.0985 URL: www.dghvoip.com Skype: davidgonzalezh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] problem over vpn
hi all, i have a Samba version 3.2.5 server running in a debian 5.0.8 (a little old, i know...). the network setup is: -one local office using samba -one remote office (we call it cberg) using samba remotely over a vpn (linksys-cisco) -another remote office (we call it colon) using samba remotely over a vpn (linksys-cisco) the local office and colon office are working fine the remote office cberg WAS working fine, until they changed internet supplier... now, the problem is that i can browse the shares, but when i want to open a file, i get an error (after some time) saying something like: The specified network name is no longer available. since then, i have been talking with the network admin about the problem. i suppose that the problem was caused by the change of the internet supplier (i was pointing to some MTU problem, since it is a wireless connection). so i changed the mtu size of the linksys (in the remote office), but the problem is still there. i checked connectivity of the two hosts and it is working ok. i have captured traffic in both ends, but my knowledge is a little limited here, so if you want i can provide them in some place in the internets. smbstatus shows the PC connected (home machine), among others: Samba version 3.2.5 PID Username Group Machine --- 29130 user1 users1 quiriconi(:::192.168.62.183) 25144 user2users2ventas4 (:::100.100.100.21) 26319 user2users2home (:::192.168.1.101) here i have some samba logs of that PC: [2013/06/25 09:46:22, 1] smbd/service.c:close_cnum(1409) home (:::192.168.1.101) closed connection to service compras [2013/06/25 09:48:18, 1] smbd/service.c:make_connection_snum(1198) home (:::192.168.1.101) connect to service administracion initially as user forvis (uid=1024, gid=1024) (pid 26463) [2013/06/25 09:49:27, 1] smbd/service.c:make_connection_snum(1198) home (:::192.168.1.101) connect to service administracion initially as user forvis (uid=1024, gid=1024) (pid 26495) [2013/06/25 09:50:02, 1] smbd/service.c:make_connection_snum(1198) home (:::192.168.1.101) connect to service bases initially as user forvis (uid=1024, gid=1018) (pid 26495) [2013/06/25 09:51:09, 1] smbd/service.c:close_cnum(1409) home (:::192.168.1.101) closed connection to service bases [2013/06/25 09:51:09, 1] smbd/service.c:close_cnum(1409) home (:::192.168.1.101) closed connection to service administracion [2013/06/25 09:51:09, 1] smbd/service.c:make_connection_snum(1198) home (:::192.168.1.101) connect to service bases initially as user forvis (uid=1024, gid=1018) (pid 26608) [2013/06/25 09:51:09, 1] smbd/service.c:make_connection_snum(1198) home (:::192.168.1.101) connect to service administracion initially as user forvis (uid=1024, gid=1024) (pid 26608) [2013/06/25 09:52:17, 1] smbd/service.c:close_cnum(1409) home (:::192.168.1.101) closed connection to service administracion [2013/06/25 09:52:17, 1] smbd/service.c:close_cnum(1409) home (:::192.168.1.101) closed connection to service bases [2013/06/25 09:52:17, 1] smbd/service.c:make_connection_snum(1198) home (:::192.168.1.101) connect to service bases initially as user forvis (uid=1024, gid=1018) (pid 26638) [2013/06/25 09:52:17, 1] smbd/service.c:make_connection_snum(1198) home (:::192.168.1.101) connect to service administracion initially as user forvis (uid=1024, gid=1024) (pid 26638) [2013/06/25 10:03:17, 0] lib/util_sock.c:write_data(1141) [2013/06/25 10:03:17, 0] lib/util_sock.c:get_peer_addr_internal(1683) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Broken pipe [2013/06/25 10:03:17, 0] smbd/process.c:srv_send_smb(74) Error writing 51775 bytes to client. -1. (Transport endpoint is not connected) [2013/06/25 10:03:17, 0] lib/util_sock.c:write_data(1141) [2013/06/25 10:03:17, 0] lib/util_sock.c:get_peer_addr_internal(1683) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Broken pipe [2013/06/25 10:03:17, 0] smbd/process.c:srv_send_smb(74) Error writing 75 bytes to client. -1. (Transport endpoint is not connected) [2013/06/25 10:04:26, 0] lib/util_sock.c:write_data(1141) [2013/06/25 10:04:26, 0] lib/util_sock.c:get_peer_addr_internal(1683) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Broken pipe [2013/06/25 10:04:26, 0] smbd/process.c:srv_send_smb(74) Error writing 51775 bytes to client. -1. (Transport endpoint is not connected) [2013/06/25 10:04:26, 1] smbd/service.c:close_cnum(1409) home (:::192.168.1.101) closed connection to service administracion which could be the problem? can anybody
Re: [Samba] problem over vpn
On 6/25/2013 9:58 AM, Roberto Scattini wrote: hi all, i have a Samba version 3.2.5 server running in a debian 5.0.8 (a little old, i know...). the network setup is: -one local office using samba -one remote office (we call it cberg) using samba remotely over a vpn (linksys-cisco) Here's you problem don't use cisco. -another remote office (we call it colon) using samba remotely over a vpn (linksys-cisco) Another problem the local office and colon office are working fine the remote office cberg WAS working fine, until they changed internet supplier... now, the problem is that i can browse the shares, but when i want to open a file, i get an error (after some time) saying something like: The specified network name is no longer available. since then, i have been talking with the network admin about the problem. i suppose that the problem was caused by the change of the internet supplier (i was pointing to some MTU problem, since it is a wireless connection). so i changed the mtu size of the linksys (in the remote office), but the problem is still there. i checked connectivity of the two hosts and it is working ok. i have captured traffic in both ends, but my knowledge is a little limited here, so if you want i can provide them in some place in the internets. smbstatus shows the PC connected (home machine), among others: Samba version 3.2.5 PID Username Group Machine --- 29130 user1 users1 quiriconi(:::192.168.62.183) 25144 user2users2ventas4 (:::100.100.100.21) 26319 user2users2home (:::192.168.1.101) here i have some samba logs of that PC: [2013/06/25 09:46:22, 1] smbd/service.c:close_cnum(1409) home (:::192.168.1.101) closed connection to service compras [2013/06/25 09:48:18, 1] smbd/service.c:make_connection_snum(1198) home (:::192.168.1.101) connect to service administracion initially as user forvis (uid=1024, gid=1024) (pid 26463) [2013/06/25 09:49:27, 1] smbd/service.c:make_connection_snum(1198) home (:::192.168.1.101) connect to service administracion initially as user forvis (uid=1024, gid=1024) (pid 26495) [2013/06/25 09:50:02, 1] smbd/service.c:make_connection_snum(1198) home (:::192.168.1.101) connect to service bases initially as user forvis (uid=1024, gid=1018) (pid 26495) [2013/06/25 09:51:09, 1] smbd/service.c:close_cnum(1409) home (:::192.168.1.101) closed connection to service bases [2013/06/25 09:51:09, 1] smbd/service.c:close_cnum(1409) home (:::192.168.1.101) closed connection to service administracion [2013/06/25 09:51:09, 1] smbd/service.c:make_connection_snum(1198) home (:::192.168.1.101) connect to service bases initially as user forvis (uid=1024, gid=1018) (pid 26608) [2013/06/25 09:51:09, 1] smbd/service.c:make_connection_snum(1198) home (:::192.168.1.101) connect to service administracion initially as user forvis (uid=1024, gid=1024) (pid 26608) [2013/06/25 09:52:17, 1] smbd/service.c:close_cnum(1409) home (:::192.168.1.101) closed connection to service administracion [2013/06/25 09:52:17, 1] smbd/service.c:close_cnum(1409) home (:::192.168.1.101) closed connection to service bases [2013/06/25 09:52:17, 1] smbd/service.c:make_connection_snum(1198) home (:::192.168.1.101) connect to service bases initially as user forvis (uid=1024, gid=1018) (pid 26638) [2013/06/25 09:52:17, 1] smbd/service.c:make_connection_snum(1198) home (:::192.168.1.101) connect to service administracion initially as user forvis (uid=1024, gid=1024) (pid 26638) [2013/06/25 10:03:17, 0] lib/util_sock.c:write_data(1141) [2013/06/25 10:03:17, 0] lib/util_sock.c:get_peer_addr_internal(1683) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Broken pipe [2013/06/25 10:03:17, 0] smbd/process.c:srv_send_smb(74) Error writing 51775 bytes to client. -1. (Transport endpoint is not connected) [2013/06/25 10:03:17, 0] lib/util_sock.c:write_data(1141) [2013/06/25 10:03:17, 0] lib/util_sock.c:get_peer_addr_internal(1683) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Broken pipe [2013/06/25 10:03:17, 0] smbd/process.c:srv_send_smb(74) Error writing 75 bytes to client. -1. (Transport endpoint is not connected) [2013/06/25 10:04:26, 0] lib/util_sock.c:write_data(1141) [2013/06/25 10:04:26, 0] lib/util_sock.c:get_peer_addr_internal(1683) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Broken pipe [2013/06/25 10:04:26, 0] smbd/process.c:srv_send_smb(74) Error writing 51775 bytes to client. -1. (Transport endpoint is not connected) [2013/06/25 10:04:26, 1]
Re: [Samba] problem over vpn
hi david, On Tue, Jun 25, 2013 at 12:06 PM, David González Herrera - [DGHVoIP] i...@dghvoip.com wrote: On 6/25/2013 9:58 AM, Roberto Scattini wrote: hi all, i have a Samba version 3.2.5 server running in a debian 5.0.8 (a little old, i know...). the network setup is: -one local office using samba -one remote office (we call it cberg) using samba remotely over a vpn (linksys-cisco) Here's you problem don't use cisco. -another remote office (we call it colon) using samba remotely over a vpn (linksys-cisco) Another problem ok, that's beyond my possibilities... :-( I would recommend using wireshark to capture the packets and verify proper routing, also make sure that samba is starting after the VPN link is up so it's listening on the proper interface. i do have the traffic capture on both ends, where i can upload them? thanks -- Roberto Scattini -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem over vpn
On 6/25/2013 10:12 AM, Roberto Scattini wrote: hi david, On Tue, Jun 25, 2013 at 12:06 PM, David González Herrera - [DGHVoIP] i...@dghvoip.com wrote: On 6/25/2013 9:58 AM, Roberto Scattini wrote: hi all, i have a Samba version 3.2.5 server running in a debian 5.0.8 (a little old, i know...). the network setup is: -one local office using samba -one remote office (we call it cberg) using samba remotely over a vpn (linksys-cisco) Here's you problem don't use cisco. -another remote office (we call it colon) using samba remotely over a vpn (linksys-cisco) Another problem ok, that's beyond my possibilities... :-( No problem that was just a practical joke, just make sure that the interfaces samba listens on do include your VPN interface if you're using routing on the VPN and that port forward is properly configured and the router advertises the VPN routes to client computers. I would recommend using wireshark to capture the packets and verify proper routing, also make sure that samba is starting after the VPN link is up so it's listening on the proper interface. i do have the traffic capture on both ends, where i can upload them? Well, I wouldn't know what to do with the capture because I'm no expert reading that but there's lots of gurus here so they might guide you further. Cheers. thanks -- David Gonzalez DGHVoIP USA: MOBILE: +1.646.559.6200 COL: +57.1.382.6718 COL: +57.4.247.0985 URL: www.dghvoip.com Skype: davidgonzalezh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem over vpn
On Tue, Jun 25, 2013 at 12:23 PM, David González Herrera - [DGHVoIP] i...@dghvoip.com wrote: i do have the traffic capture on both ends, where i can upload them? Well, I wouldn't know what to do with the capture because I'm no expert reading that but there's lots of gurus here so they might guide you further. ok, i uploaded them here. client-server: https://docs.google.com/file/d/0B6ehlYonjuFXSTR2emt0VUR6MGc/edit?usp=sharing server-client: https://docs.google.com/file/d/0B6ehlYonjuFXV3A5VUtfTFlZWkE/edit?usp=sharing they should be accesible to anyone -- Roberto Scattini -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem over vpn SOLVED
On Tue, Jun 25, 2013 at 12:44 PM, Roberto Scattini roberto.scatt...@gmail.com wrote: On Tue, Jun 25, 2013 at 12:23 PM, David González Herrera - [DGHVoIP] i...@dghvoip.com wrote: i do have the traffic capture on both ends, where i can upload them? Well, I wouldn't know what to do with the capture because I'm no expert reading that but there's lots of gurus here so they might guide you further. double checking the router settings... it was in fact an MTU size problem. i had configured MTU in 1460, but then i realized that the vpn was IPSec, so that added 32 bits header, plus the PPPoE header (8 bits), gave the exact same number. dropped the value to 1400 and the problem is gone. thanks anyway! -- Roberto Scattini -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem compil samba 4.0.6
Hi all, I have a problem when I try to compil samba 4.0.6 on my test machine (suse linux enterprise server 11 SP2 32-bits). output of compilation : [3353/3781] Linking default/lib/param/libsamba-hostconfig.so [3354/3781] Linking default/lib/tdb_wrap/libtdb-wrap.so [3355/3781] Linking default/libcli/security/libsamba-security.so [3356/3781] Linking default/lib/util/libutil_tdb.so [3357/3781] Linking default/auth/libauth_sam_reply.so [3358/3781] Linking default/lib/util/libsamba-modules.so [3359/3781] Linking default/source4/lib/socket/libnetif.so [3360/3781] Linking default/source4/lib/samba3/libsmbpasswdparser.so [3361/3781] Linking default/lib/torture/libtorture.so [3362/3781] Linking default/source3/libsmbd_conn.so [3363/3781] Linking default/libcli/security/pysecurity.so [3364/3781] Linking default/source3/libCHARSET3.so [3365/3781] Linking default/libcli/registry/libutil_reg.so [3366/3781] Linking default/lib/util/libtevent-util.so [3367/3781] Linking default/source4/heimdal_build/libkrb5-samba4.so [3368/3781] Linking default/source4/heimdal_build/libgssapi-samba4.so [3369/3781] Linking default/libcli/ldap/libcli-ldap-common.so [3370/3781] Linking default/lib/dbwrap/libdbwrap.so default/lib/dbwrap/dbwrap_tdb_1.o: In function `db_tdb_transaction_start_nonblock': dbwrap_tdb.c:(.text+0xd70): undefined reference to `tdb_transaction_start_nonblock' collect2: ld a retourné 1 code d'état d'exécution Waf: Leaving directory `/root/cd_coradm01/samba-4.0.6/bin' Build failed: - task failed (err #1): {task: cc_link dbwrap_1.o,dbwrap_util_1.o,dbwrap_rbt_1.o,dbwrap_cache_1.o,dbwrap_tdb_1.o,dbwrap_local_open_1.o - libdbwrap.so} make: *** [all] Erreur 1 what's happen ? best regards, Stéphane Purnelle --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem compil samba 4.0.6
Just a guess: Do you have a libtdb-devel (or something like that) package installed? If so, maybe try uninstalling it before compiling Samba. Then Samba will use its own built-in version. On 24 June 2013 09:34, Stéphane PURNELLE stephane.purne...@corman.bewrote: Hi all, I have a problem when I try to compil samba 4.0.6 on my test machine (suse linux enterprise server 11 SP2 32-bits). output of compilation : [3353/3781] Linking default/lib/param/libsamba-hostconfig.so [3354/3781] Linking default/lib/tdb_wrap/libtdb-wrap.so [3355/3781] Linking default/libcli/security/libsamba-security.so [3356/3781] Linking default/lib/util/libutil_tdb.so [3357/3781] Linking default/auth/libauth_sam_reply.so [3358/3781] Linking default/lib/util/libsamba-modules.so [3359/3781] Linking default/source4/lib/socket/libnetif.so [3360/3781] Linking default/source4/lib/samba3/libsmbpasswdparser.so [3361/3781] Linking default/lib/torture/libtorture.so [3362/3781] Linking default/source3/libsmbd_conn.so [3363/3781] Linking default/libcli/security/pysecurity.so [3364/3781] Linking default/source3/libCHARSET3.so [3365/3781] Linking default/libcli/registry/libutil_reg.so [3366/3781] Linking default/lib/util/libtevent-util.so [3367/3781] Linking default/source4/heimdal_build/libkrb5-samba4.so [3368/3781] Linking default/source4/heimdal_build/libgssapi-samba4.so [3369/3781] Linking default/libcli/ldap/libcli-ldap-common.so [3370/3781] Linking default/lib/dbwrap/libdbwrap.so default/lib/dbwrap/dbwrap_tdb_1.o: In function `db_tdb_transaction_start_nonblock': dbwrap_tdb.c:(.text+0xd70): undefined reference to `tdb_transaction_start_nonblock' collect2: ld a retourné 1 code d'état d'exécution Waf: Leaving directory `/root/cd_coradm01/samba-4.0.6/bin' Build failed: - task failed (err #1): {task: cc_link dbwrap_1.o,dbwrap_util_1.o,dbwrap_rbt_1.o,dbwrap_cache_1.o,dbwrap_tdb_1.o,dbwrap_local_open_1.o - libdbwrap.so} make: *** [all] Erreur 1 what's happen ? best regards, Stéphane Purnelle --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with AD users and groups (SOLVED)
To list (and everyone who helped me) I tracked down the problem to the init.d script. (The one you download from samba) Something is just not quite configured right. Once I moved that out of my /etc/init.d directory and restarted manually. As they say: It's all good! I will have to take a look at that script later. For now. . . Thank you to everyone, Samba 4 is a great program!! Marcelo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with AD users and groups
I'd double check on the samba server it self if you can connect to it using smbclient... `smbclient //localhost/sysvol -Uadministrator` if that fails try `smbclient //localhost/sysvol -d5 -Uadministrator` and paste the output in your reply. If it succeeds then you can pretty much bet on a connectivity issue... by the way, why isn't samba listening on port 88 in your last mail? It might be worth it to try a `killall samba sleep 5 samba -i -M single -d3` and look for any error messages ... anyway those are just a couple of my suggestions. Ricky On Thu, Jun 6, 2013 at 8:30 PM, Marcelo Ruriani systemad...@helpinghandsofgreenup.org wrote: On 6/6/13 5:15 PM, Marc Muehlfeld wrote: Hello Marcelo, Am 06.06.2013 22:47, schrieb Marcelo Ruriani: It seems I locked myself out. I have tried these steps: turn off the firewall, ntacl sysvol reset, and dis-join from domain. The ntacl sysvol reset returns errors (which I'll post if necessary) the dis-join worked fine but I cannot re-join to the domain because it doesn't detect our domain and throws up an error domain could not be contacted and DNS name doesn't exist. * IP connection between the hosts is fine? (ping each other) * Do you use the internal DNS or Bind DLZ? * Is Samba/Bind listening on port 53? Use 'netstat -taunp', to make sure, that nothing else is listening on this port and prevent the correct DNS to start up. * Can you check: https://wiki.samba.org/index.** php/Samba_AD_DC_HOWTO#Testing_**DNShttps://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS Regards, Marc Dear List Mark, Thank you for the reply. To answer your questions. I am using the internal DNS. The DNS testing reveals that host -t SRV _ldap (and so on) plus host -t SRV _kerberos (and so on) return with a not found error. The A record test works fine. Samba is listening on TCP port 53, 636, 1024, 3268, 3269, 389, 135 (and UDP 53) smbd is listening on TCP port 139, 445 The clients ping the server (ip and domain name) fine and the server pings the clients fine. My followup question will appear after this reply. Marcelo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with AD users and groups
On 6/7/13 10:51 AM, Ricky Nance wrote: I'd double check on the samba server it self if you can connect to it using smbclient... `smbclient //localhost/sysvol -Uadministrator` if that fails try `smbclient //localhost/sysvol -d5 -Uadministrator` and paste the output in your reply. If it succeeds then you can pretty much bet on a connectivity issue... by the way, why isn't samba listening on port 88 in your last mail? It might be worth it to try a `killall samba sleep 5 samba -i -M single -d3` and look for any error messages ... anyway those are just a couple of my suggestions. Ricky On Thu, Jun 6, 2013 at 8:30 PM, Marcelo Ruriani systemad...@helpinghandsofgreenup.org mailto:systemad...@helpinghandsofgreenup.org wrote: On 6/6/13 5:15 PM, Marc Muehlfeld wrote: Hello Marcelo, Am 06.06.2013 22:47, schrieb Marcelo Ruriani: It seems I locked myself out. I have tried these steps: turn off the firewall, ntacl sysvol reset, and dis-join from domain. The ntacl sysvol reset returns errors (which I'll post if necessary) the dis-join worked fine but I cannot re-join to the domain because it doesn't detect our domain and throws up an error domain could not be contacted and DNS name doesn't exist. * IP connection between the hosts is fine? (ping each other) * Do you use the internal DNS or Bind DLZ? * Is Samba/Bind listening on port 53? Use 'netstat -taunp', to make sure, that nothing else is listening on this port and prevent the correct DNS to start up. * Can you check: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS Regards, Marc Dear List Mark, Thank you for the reply. To answer your questions. I am using the internal DNS. The DNS testing reveals that host -t SRV _ldap (and so on) plus host -t SRV _kerberos (and so on) return with a not found error. The A record test works fine. Samba is listening on TCP port 53, 636, 1024, 3268, 3269, 389, 135 (and UDP 53) smbd is listening on TCP port 139, 445 The clients ping the server (ip and domain name) fine and the server pings the clients fine. My followup question will appear after this reply. Marcelo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba To list, Mark, Ricky, I must admit I am unsure why it isn't listening on port 88! I will do that kill all samba thing later and reply if that does the trick. On the tests you asked me to do, this is my output of terminal: (I apologize for formatting) root@ad:/# /usr/local/samba/bin/smbclient //localhost/sysvol -U%administrator Domain=[AD.HHG.COM] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-94f11e9] tree connect failed: NT_STATUS_ACCESS_DENIED root@ad:/# /usr/local/samba/bin/smbclient //localhost/sysvol -d5 -U%administrator INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 params.c:pm_process() - Processing configuration file /usr/local/samba/etc/smb.conf Processing section [global] doing parameter workgroup = AD.HHG.COM doing parameter realm = HHG.COM doing parameter netbios name = AD doing parameter server role = active directory domain controller doing parameter dns forwarder = 192.168.1.1 pm_process() returned Yes added interface eth0 ip=fe80::222:19ff:fe95:7f31%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth0 ip=192.168.1.10 bcast=192.168.1.255 netmask=255.255.255.0 Netbios name list:- my_netbios_names[0]=AD Client started (version 4.1.0pre1-GIT-94f11e9). Opening cache file at /usr/local/samba/var/lock/gencache.tdb Opening cache file at /usr/local/samba/var/lock/gencache_notrans.tdb sitename_fetch: No stored sitename for HHG.COM name localhost#20 found. Connecting to ::1 at port 445 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 173200 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 session request ok Domain=[AD.HHG.COM] OS=[Unix] Server=[Samba
Re: [Samba] Problem with AD users and groups
Re provisioning will wipe out your entire samba DB, so I would try to avoid that if at all possible, figure out if something else is listening on port 88, stop it, and restart samba (its the kerberos stuff). The smbclient command isn't all that helpful (sometimes it is, sometimes not), so you may try it with a higher debug level (-d10) but don't paste that here as it will get quite lengthy, use a pastebin and give us the link if you don't mind (if you think its more helpful that is). Good luck, Ricky On Fri, Jun 7, 2013 at 12:56 PM, Marcelo Ruriani systemad...@helpinghandsofgreenup.org wrote: On 6/7/13 10:51 AM, Ricky Nance wrote: I'd double check on the samba server it self if you can connect to it using smbclient... `smbclient //localhost/sysvol -Uadministrator` if that fails try `smbclient //localhost/sysvol -d5 -Uadministrator` and paste the output in your reply. If it succeeds then you can pretty much bet on a connectivity issue... by the way, why isn't samba listening on port 88 in your last mail? It might be worth it to try a `killall samba sleep 5 samba -i -M single -d3` and look for any error messages ... anyway those are just a couple of my suggestions. Ricky On Thu, Jun 6, 2013 at 8:30 PM, Marcelo Ruriani systemad...@helpinghandsofgreenup.org wrote: On 6/6/13 5:15 PM, Marc Muehlfeld wrote: Hello Marcelo, Am 06.06.2013 22:47, schrieb Marcelo Ruriani: It seems I locked myself out. I have tried these steps: turn off the firewall, ntacl sysvol reset, and dis-join from domain. The ntacl sysvol reset returns errors (which I'll post if necessary) the dis-join worked fine but I cannot re-join to the domain because it doesn't detect our domain and throws up an error domain could not be contacted and DNS name doesn't exist. * IP connection between the hosts is fine? (ping each other) * Do you use the internal DNS or Bind DLZ? * Is Samba/Bind listening on port 53? Use 'netstat -taunp', to make sure, that nothing else is listening on this port and prevent the correct DNS to start up. * Can you check: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS Regards, Marc Dear List Mark, Thank you for the reply. To answer your questions. I am using the internal DNS. The DNS testing reveals that host -t SRV _ldap (and so on) plus host -t SRV _kerberos (and so on) return with a not found error. The A record test works fine. Samba is listening on TCP port 53, 636, 1024, 3268, 3269, 389, 135 (and UDP 53) smbd is listening on TCP port 139, 445 The clients ping the server (ip and domain name) fine and the server pings the clients fine. My followup question will appear after this reply. Marcelo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba To list, Mark, Ricky, I must admit I am unsure why it isn't listening on port 88! I will do that kill all samba thing later and reply if that does the trick. On the tests you asked me to do, this is my output of terminal: (I apologize for formatting) root@ad:/# /usr/local/samba/bin/smbclient //localhost/sysvol -U%administrator Domain=[AD.HHG.COM] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-94f11e9] tree connect failed: NT_STATUS_ACCESS_DENIED root@ad:/# /usr/local/samba/bin/smbclient //localhost/sysvol -d5 -U%administrator INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 params.c:pm_process() - Processing configuration file /usr/local/samba/etc/smb.conf Processing section [global] doing parameter workgroup = AD.HHG.COM doing parameter realm = HHG.COM doing parameter netbios name = AD doing parameter server role = active directory domain controller doing parameter dns forwarder = 192.168.1.1 pm_process() returned Yes added interface eth0 ip=fe80::222:19ff:fe95:7f31%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth0 ip=192.168.1.10 bcast=192.168.1.255 netmask=255.255.255.0 Netbios name list:- my_netbios_names[0]=AD Client started (version 4.1.0pre1-GIT-94f11e9). Opening cache file at /usr/local/samba/var/lock/gencache.tdb Opening cache file at /usr/local/samba/var/lock/gencache_notrans.tdb sitename_fetch: No stored sitename for HHG.COM name localhost#20 found. Connecting to ::1 at port 445 Socket
Re: [Samba] Problem with AD users and groups
Hello Marcelo, Am 07.06.2013 16:51, schrieb Ricky Nance: by the way, why isn't samba listening on port 88 in your last mail? * Can you check, if something else is listening on the kerberos port 88: # netstat -taunp | grep :88 * Please also show us the [global] part of your smb.conf. Expecially the server services = line. Maybe kdc is disabled. * Does the log say anything, why kdc doesn't listen on :88? My questions are if the worst were if I had to re-provision, would the re-provision be enough? OR Woul d I have to do the entire compile, make, install procedure? Thanks. How big is your installation? If it's not very small or a test environment, I think I would continue searching for the problem, instead of setup everything again. As it sounds like your Samba AD was working before, did anything changed on your DC since the last restart of Samba? Maybe required packages have been removed, a new compiled Samba version was installed, etc. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with AD users and groups
Hello Marcelo, Am 07.06.2013 03:30, schrieb Marcelo Ruriani: Thank you for the reply. To answer your questions. I am using the internal DNS. The DNS testing reveals that host -t SRV _ldap (and so on) plus host -t SRV _kerberos (and so on) return with a not found error. The A record test works fine. Can you run # samba_dnsupdate --verbose|grep Failed nsupdate Entries that aren't found, can't be updated by that command, but let you know which are missing, like the SRV for _ldap._tcp.samdom.example.com: # samba_dnsupdate --verbose|grep Failed nsupdate Failed nsupdate: SRV _ldap._tcp.samdom.example.com dc1.samdom.example.com 389 : [Errno 2] No such file or directory Then add the missing entries manually again: # samba-tool dns add localhost samdom.example.com _ldap._tcp.samdom.example.com SRV dc1.samdom.example.com 389 0 100 Here's my test environment zone. There you can see the values for the SRV records you have to re-add. http://cpaste.org/1914/ ! Create a backup of your samba directory before you do that ! After you have added the records, they should be resolvable again, of course. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with AD users and groups
To all, I have run into a problem. I am running Samba 4.1.0 pre1-git-94f11e9 and I shut down our server to do regular maintenance. Unknown to me at the time, a machine was connected. I know, ugh!! Anyway, when I rebooted and tried to use the AD users and groups tool, I get an error stating that naming convention cannot be located because the system detected a possible attempt to compromise security. It seems I locked myself out. I have tried these steps: turn off the firewall, ntacl sysvol reset, and dis-join from domain. The ntacl sysvol reset returns errors (which I'll post if necessary) the dis-join worked fine but I cannot re-join to the domain because it doesn't detect our domain and throws up an error domain could not be contacted and DNS name doesn't exist. I will say before this event everything worked very well. Any suggestions? I will supply more info if requested. I have a followup question after I see the replies. Marcelo System Administrator Helping Hands of Greenup -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with AD users and groups
Hello Marcelo, Am 06.06.2013 22:47, schrieb Marcelo Ruriani: It seems I locked myself out. I have tried these steps: turn off the firewall, ntacl sysvol reset, and dis-join from domain. The ntacl sysvol reset returns errors (which I'll post if necessary) the dis-join worked fine but I cannot re-join to the domain because it doesn't detect our domain and throws up an error domain could not be contacted and DNS name doesn't exist. * IP connection between the hosts is fine? (ping each other) * Do you use the internal DNS or Bind DLZ? * Is Samba/Bind listening on port 53? Use 'netstat -taunp', to make sure, that nothing else is listening on this port and prevent the correct DNS to start up. * Can you check: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with AD users and groups
On 6/6/13 5:15 PM, Marc Muehlfeld wrote: Hello Marcelo, Am 06.06.2013 22:47, schrieb Marcelo Ruriani: It seems I locked myself out. I have tried these steps: turn off the firewall, ntacl sysvol reset, and dis-join from domain. The ntacl sysvol reset returns errors (which I'll post if necessary) the dis-join worked fine but I cannot re-join to the domain because it doesn't detect our domain and throws up an error domain could not be contacted and DNS name doesn't exist. * IP connection between the hosts is fine? (ping each other) * Do you use the internal DNS or Bind DLZ? * Is Samba/Bind listening on port 53? Use 'netstat -taunp', to make sure, that nothing else is listening on this port and prevent the correct DNS to start up. * Can you check: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS Regards, Marc Dear List Mark, Thank you for the reply. To answer your questions. I am using the internal DNS. The DNS testing reveals that host -t SRV _ldap (and so on) plus host -t SRV _kerberos (and so on) return with a not found error. The A record test works fine. Samba is listening on TCP port 53, 636, 1024, 3268, 3269, 389, 135 (and UDP 53) smbd is listening on TCP port 139, 445 The clients ping the server (ip and domain name) fine and the server pings the clients fine. My followup question will appear after this reply. Marcelo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem after change OpenLDAP Server
Hi everybody. I´ve installed a new OpenLdap Server and performed the migration of the database. All information was imported sucessfull because all my other authentication services are working perfectly. I have a domain in my ldap server and a FreeBSD machine that work as domain PDC for a domain called POS. After the migration, I cannot perform any password change/add in the LDAP database. The error is this: [root@micah etc]# smbpasswd -a andre-teste2 add_new_domain_info: failed to add domain dn= sambaDomainName=POS,dc=iqm,dc=unicamp,dc=br with: Already exists unknown smbldap_search_domain_info: Adding domain info for POS failed with NT_STATUS_UNSUCCESSFUL [root@micah etc]# net getlocalsid [2013/05/22 10:49:41, 0] lib/smbldap_util.c:310(smbldap_search_domain_info) smbldap_search_domain_info: Adding domain info for POS failed with NT_STATUS_UNSUCCESSFUL SID for domain MICAH is: S-1-5-21-1198179666-38845731-2884414512 [root@micah etc]# net getdomainsid [2013/05/22 10:49:47, 0] lib/smbldap_util.c:310(smbldap_search_domain_info) smbldap_search_domain_info: Adding domain info for POS failed with NT_STATUS_UNSUCCESSFUL SID for local machine MICAH is: S-1-5-21-1198179666-38845731-2884414512 SID for domain POS is: S-1-5-21-1198179666-38845731-2884414512 Why Samba is trying to add a new domain? How can I fix that? All my configurations are correct, because I have not changed anything in the Samba Server. Is there some command to re-register this PDC as a Domain Controller for that domain? The Sids are the same nothing has changed. I have tried everything and I really don´t know where to go from here Atenciosamente André Luiz Paiz Analista de Redes Instituto de Química Unicamp mailto:andre.p...@iqm.unicamp.br andre.p...@iqm.unicamp.br Telefone: (19)3521-0197 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with SID after upgrade for samba 3.6.6
Hi, After upgrading debian 6 to version 7 samba stopped working properly. Log: [2013/05/23 08:29:55.811240, 1] auth/server_info.c:386(samu_to_SamInfo3) The primary group domain sid(S-1-5-21-3651478259-4121578499-3132057975-513) does not match the domain sid(S-1-5-21-3182595135-1874831366-4239877494) for user(S-1-5-21-3182595135-1874831366-4239877494-60012) [2013/05/23 08:29:55.811383, 0] auth/check_samsec.c:491(check_sam_security) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' # net getlocalsid SID for domain ROCKY is: S-1-5-21-2260219023-4180104146-1160048873 # net getdomainsid SID for local machine ROCKY is: S-1-5-21-2260219023-4180104146-1160048873 SID for domain PRINTERRESERVA is: S-1-5-21-3651478259-4121578499-3132057975 #pdbedit -v user User SID: S-1-5-21-3182595135-1874831366-4239877494-60012 Primary Group SID:S-1-5-21-3651478259-4121578499-3132057975-513 Thanks, Marcos. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem joining Member Server to domain
I am following this guide https://wiki.samba.org/index.php/Samba4/Domain_Member to add my Samba 4.0.3 file server as a Member Server, but I am stuck with an error message after trying to run this command: # net ads join -U administrator Using short domain name -- SAM Joined 'HOSTNAME' to dns domain 'sam.ba' No DNS domain configured for hostname. Unable to perform DNS Update. DNS update failed: NT_STATUS_INVALID_PARAMETER # The error is the same whether trying to connect Windows 2008 R2 or Samba 4 AD DC. Kerberos and Samba configuration files are the same as in the guide. After changing the entry in hosts file to 127.0.0.1 hostname.sam.ba hostname the error message becomes: # net ads join -U administrator Enter administrator's password: Using short domain name -- SAM Joined 'HOSTNAME' to dns domain 'sam.ba' DNS Update for hostname.sam.ba failed: ERROR_DNS_UPDATE_FAILED DNS update failed: NT_STATUS_UNSUCCESSFUL # I am able to set this server up and running as an additional DC, but not as a Member Server. How to troubleshoot this error? Or maybe there is a better option to authenticate users against AD for Samba 4 file share access? -- View this message in context: http://samba.2283325.n4.nabble.com/Problem-joining-Member-Server-to-domain-tp4647512.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem with adding printers to samba4 [solved]
On 02/28/2013 03:47 PM, Andrew Martin wrote: - Original Message - From: Chantal Rosmuller chan...@antenna.nl To: samba@lists.samba.org Sent: Thursday, February 28, 2013 7:53:44 AM Subject: Re: [Samba] problem with adding printers to samba4 [solved] I solved it myself, the rpm I installed was not compiled with cups support On 02/27/2013 02:56 PM, Chantal Rosmuller wrote: Hi, I have a problem setting up shared printers in samba4, I used the manual in https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Step_13:_Setup_a_Printer_share - I added a printer using cups - I added the printer en printer driver share as written in the wiki - I logged on as samba 4 administrator on a windows 7 client - I tried to add the printer On windows I get acces denied on the samba4 server in /var/log/samab4/log/smbd I get: Add printer for printer Ricoh Aficio MP 4000 PCL6 called and no smb.conf parameter addprinter command is defined. This parameter must exist for this call to succeed I thought the addprinter command was not available anymore for samba4? The server is a CentOS release 6.3 sama version: samba4-4.0.1 smb.conf: # Global parameters [global] workgroup =DOMAIN realm = domain.nl netbios name = PUPPETDEV01 server role = active directory domain controller dns forwarder = 172.19.1.12 [netlogon] path = /var/lib/samba4/sysvol//domain.nl/scripts read only = No [sysvol] path = /var/lib/samba4/sysvol/ read only = No [printers] comment = All Printers path = /var/lib/samba4/spool browseable = Yes read only = No printable = Yes [print$] comment = Point and Print Printer Drivers path = /var/lib/samba4/print read only = No Chantal, Can you elaborate a bit on how you have integrated CUPS into your samba4 environment? I have configured a samba4 DC and set up a separate CUPS server with samba3 to export the printer share. In samba4, where/how do you set up the printers? Is there a way to push them out to domain computers using Group Policy? Thanks, Andrew Sure, I compiled samba 4 with cups support enabled and configured it as a DC. Then I installed cups with yum. Added a printer in the cups webinterface. I added this to smb.conf: [printers] comment = All Printers path = /var/lib/samba4/spool browseable = Yes read only = No printable = Yes [print$] comment = Point and Print Printer Drivers path = /var/lib/samba4/print read only = No created the spool and chmodded it to 1777 created the printer driver directory Now I am not quite sure whether I added the following as I do not have acces to the server right now. But I might have added to the global section in smb.conf: load printers = yes printing = cups then I joined a windows 7 pc to the domain, went to \\servername\ and there is was, the new printer So it was actually exactly like the wiki said As for your group policy question, I don't know. If I find out I'll post it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem setting rights on Samba share.
The problem here was the [share] definition was located above the [global] section. Testparm showed the additional things that got added that made the share rights fail. 2013/3/10 Daniel Hedblom daniel.hedb...@solleftea.se I have some difficulties setting rights from Windows on a Samba share. Tried changing posix rights to no avail. The Admin rights has disappeared and i need to reset them at the share level. How do i do that when it is not working from Windows. I do not understand samba-tool ntacl and how it is supposed to be used. So, how do one set rights in samba 4 when you lost your ability to manage them from a Windows computer? Cheers //danielh -- With best regards, Daniel Hedblom Sysadmin Department Barn och Skolförvaltningen Municipality of Sollefteå Phone: +46 (0) 620-68 22 02 Mobile: + 46 (0) 70 383 72 44 -- With best regards, Daniel Hedblom Sysadmin Department Barn och Skolförvaltningen Municipality of Sollefteå Phone: +46 (0) 620-68 22 02 Mobile: + 46 (0) 70 383 72 44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem setting rights on Samba share.
I have some difficulties setting rights from Windows on a Samba share. Tried changing posix rights to no avail. The Admin rights has disappeared and i need to reset them at the share level. How do i do that when it is not working from Windows. I do not understand samba-tool ntacl and how it is supposed to be used. So, how do one set rights in samba 4 when you lost your ability to manage them from a Windows computer? Cheers //danielh -- With best regards, Daniel Hedblom Sysadmin Department Barn och Skolförvaltningen Municipality of Sollefteå Phone: +46 (0) 620-68 22 02 Mobile: + 46 (0) 70 383 72 44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem with adding printers to samba4 [solved]
- Original Message - From: chantal rosmuller crosmul...@gmail.com To: Andrew Martin amar...@xes-inc.com Cc: samba@lists.samba.org Sent: Friday, March 1, 2013 1:46:02 AM Subject: Re: [Samba] problem with adding printers to samba4 [solved] On 02/28/2013 03:47 PM, Andrew Martin wrote: - Original Message - From: Chantal Rosmuller chan...@antenna.nl To: samba@lists.samba.org Sent: Thursday, February 28, 2013 7:53:44 AM Subject: Re: [Samba] problem with adding printers to samba4 [solved] I solved it myself, the rpm I installed was not compiled with cups support On 02/27/2013 02:56 PM, Chantal Rosmuller wrote: Hi, I have a problem setting up shared printers in samba4, I used the manual in https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Step_13:_Setup_a_Printer_share - I added a printer using cups - I added the printer en printer driver share as written in the wiki - I logged on as samba 4 administrator on a windows 7 client - I tried to add the printer On windows I get acces denied on the samba4 server in /var/log/samab4/log/smbd I get: Add printer for printer Ricoh Aficio MP 4000 PCL6 called and no smb.conf parameter addprinter command is defined. This parameter must exist for this call to succeed I thought the addprinter command was not available anymore for samba4? The server is a CentOS release 6.3 sama version: samba4-4.0.1 smb.conf: # Global parameters [global] workgroup =DOMAIN realm = domain.nl netbios name = PUPPETDEV01 server role = active directory domain controller dns forwarder = 172.19.1.12 [netlogon] path = /var/lib/samba4/sysvol//domain.nl/scripts read only = No [sysvol] path = /var/lib/samba4/sysvol/ read only = No [printers] comment = All Printers path = /var/lib/samba4/spool browseable = Yes read only = No printable = Yes [print$] comment = Point and Print Printer Drivers path = /var/lib/samba4/print read only = No Chantal, Can you elaborate a bit on how you have integrated CUPS into your samba4 environment? I have configured a samba4 DC and set up a separate CUPS server with samba3 to export the printer share. In samba4, where/how do you set up the printers? Is there a way to push them out to domain computers using Group Policy? Thanks, Andrew Sure, I compiled samba 4 with cups support enabled and configured it as a DC. Then I installed cups with yum. Added a printer in the cups webinterface. I added this to smb.conf: [printers] comment = All Printers path = /var/lib/samba4/spool browseable = Yes read only = No printable = Yes [print$] comment = Point and Print Printer Drivers path = /var/lib/samba4/print read only = No created the spool and chmodded it to 1777 created the printer driver directory Now I am not quite sure whether I added the following as I do not have acces to the server right now. But I might have added to the global section in smb.conf: load printers = yes printing = cups then I joined a windows 7 pc to the domain, went to \\servername\ and there is was, the new printer So it was actually exactly like the wiki said As for your group policy question, I don't know. If I find out I'll post it. Chantal, Thanks for the clarification. So in your setup, you are manually adding printers to end-user workstations? I was hoping there would be a way to automatically add printers to workstations, and then even take it a step farther and add different printers to different workstations based on OU or group memberships. Thanks, Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem with adding printers to samba4 [solved]
I solved it myself, the rpm I installed was not compiled with cups support On 02/27/2013 02:56 PM, Chantal Rosmuller wrote: Hi, I have a problem setting up shared printers in samba4, I used the manual in https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Step_13:_Setup_a_Printer_share - I added a printer using cups - I added the printer en printer driver share as written in the wiki - I logged on as samba 4 administrator on a windows 7 client - I tried to add the printer On windows I get acces denied on the samba4 server in /var/log/samab4/log/smbd I get: Add printer for printer Ricoh Aficio MP 4000 PCL6 called and no smb.conf parameter addprinter command is defined. This parameter must exist for this call to succeed I thought the addprinter command was not available anymore for samba4? The server is a CentOS release 6.3 sama version: samba4-4.0.1 smb.conf: # Global parameters [global] workgroup =DOMAIN realm = domain.nl netbios name = PUPPETDEV01 server role = active directory domain controller dns forwarder = 172.19.1.12 [netlogon] path = /var/lib/samba4/sysvol//domain.nl/scripts read only = No [sysvol] path = /var/lib/samba4/sysvol/ read only = No [printers] comment = All Printers path = /var/lib/samba4/spool browseable = Yes read only = No printable = Yes [print$] comment = Point and Print Printer Drivers path = /var/lib/samba4/print read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem with adding printers to samba4 [solved]
- Original Message - From: Chantal Rosmuller chan...@antenna.nl To: samba@lists.samba.org Sent: Thursday, February 28, 2013 7:53:44 AM Subject: Re: [Samba] problem with adding printers to samba4 [solved] I solved it myself, the rpm I installed was not compiled with cups support On 02/27/2013 02:56 PM, Chantal Rosmuller wrote: Hi, I have a problem setting up shared printers in samba4, I used the manual in https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Step_13:_Setup_a_Printer_share - I added a printer using cups - I added the printer en printer driver share as written in the wiki - I logged on as samba 4 administrator on a windows 7 client - I tried to add the printer On windows I get acces denied on the samba4 server in /var/log/samab4/log/smbd I get: Add printer for printer Ricoh Aficio MP 4000 PCL6 called and no smb.conf parameter addprinter command is defined. This parameter must exist for this call to succeed I thought the addprinter command was not available anymore for samba4? The server is a CentOS release 6.3 sama version: samba4-4.0.1 smb.conf: # Global parameters [global] workgroup =DOMAIN realm = domain.nl netbios name = PUPPETDEV01 server role = active directory domain controller dns forwarder = 172.19.1.12 [netlogon] path = /var/lib/samba4/sysvol//domain.nl/scripts read only = No [sysvol] path = /var/lib/samba4/sysvol/ read only = No [printers] comment = All Printers path = /var/lib/samba4/spool browseable = Yes read only = No printable = Yes [print$] comment = Point and Print Printer Drivers path = /var/lib/samba4/print read only = No Chantal, Can you elaborate a bit on how you have integrated CUPS into your samba4 environment? I have configured a samba4 DC and set up a separate CUPS server with samba3 to export the printer share. In samba4, where/how do you set up the printers? Is there a way to push them out to domain computers using Group Policy? Thanks, Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] problem with adding printers to samba4
Hi, I have a problem setting up shared printers in samba4, I used the manual in https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Step_13:_Setup_a_Printer_share - I added a printer using cups - I added the printer en printer driver share as written in the wiki - I logged on as samba 4 administrator on a windows 7 client - I tried to add the printer On windows I get acces denied on the samba4 server in /var/log/samab4/log/smbd I get: Add printer for printer Ricoh Aficio MP 4000 PCL6 called and no smb.conf parameter addprinter command is defined. This parameter must exist for this call to succeed I thought the addprinter command was not available anymore for samba4? The server is a CentOS release 6.3 sama version: samba4-4.0.1 smb.conf: # Global parameters [global] workgroup =DOMAIN realm = domain.nl netbios name = PUPPETDEV01 server role = active directory domain controller dns forwarder = 172.19.1.12 [netlogon] path = /var/lib/samba4/sysvol//domain.nl/scripts read only = No [sysvol] path = /var/lib/samba4/sysvol/ read only = No [printers] comment = All Printers path = /var/lib/samba4/spool browseable = Yes read only = No printable = Yes [print$] comment = Point and Print Printer Drivers path = /var/lib/samba4/print read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with User and Group Ownership listing
I am installing smb 3.5 on a CentOS 6.2 host using smbldap-tools. I've previously installed a similar configuration on RHEL4 using smb 3.0 but CentOS now uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations cannot be moved straight across. When I do a listing of a share directory that should have user and group ownership determined by LDAP, I get the uidNumbers and gidNumbers rather than the UIDs and GIDs. [root@edgar2 openldap]# ls -l /data/home | tail drwx--. 2 30634 30080 4096 Mar 18 2009 userdir1 drwx--. 33 30548 30075 4096 Jan 29 15:20 userdir2 drwx--. 3 30554 30075 4096 Jan 26 2009 userdir3 drwx--. 12 30467 30075 4096 Jun 21 2012 userdir4 drwx--. 4 30543 30075 4096 Oct 21 2008 userdir5 drwx--. 8 30555 30075 4096 Oct 31 10:36 userdir5 Other details: centos 6.2, samba 3.5, smbldap-tools 0.9.6, openldap 2.4.23 I've fussed with /etc/nsswitch.conf, /etc/pam_ldap.conf, /etc/nslcd.conf, /etc/pam.d/system-auth, and /etc/sysconfig/authconfig. And selinux is off. I know the machine is successfully connecting to LDAP. An ldapsearch works from this machine, and I can even connect to a samba share with an ldap login through smbclient. Relevant parts of /etc/nsswitch: passwd: files ldap shadow: files ldap group: files ldap #hosts: db files nisplus nis dns hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files ldap rpc:files services: files ldap netgroup: nisplus ldap #netgroup: ldap publickey: nisplus automount: files nisplus ldap #automount: files ldap aliases:files nisplus Relevant parts of /etc/pam_ldap.conf (everything else is commented out): host dir1.ourdomain.com base dc=.ourdomain,dc=com #uri ldaps://dir1.ourdomain.com uri ldap://dir1.ourdomain.com # basic auth config binddn cn=admin,dc=ourdomain,dc=com rootbinddn cn=admin,dc=ourdomain,dc=com # random stuff #timelimit 120 #bind_timelimit 120 #bind_policy hard # brought these times down wmodes Aug 11, 2008 timelimit 30 bind_timelimit 30 bind_policy soft idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap # pam config #pam_password md5 pam_password md5 # config for nss nss_base_passwd ou=people,dc=ourdomain,dc=com?one nss_base_shadow ou=people,dc=ourdomain,dc=com?one nss_base_group ou=group,dc=ourdomain,dc=com?one # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl no # OpenLDAP SSL options # Require and verify server certificate (yes/no) #tls_checkpeer yes # CA certificates for server certificate verification tls_cacertfile /etc/openldap/cacerts/cacert.pem tls_cacertdir /etc/openldap/cacerts # Client certificate and key tls_cert /etc/openldap/cacerts/servercert.pem tls_key /etc/openldap/cacerts/serverkey.pem Relevant parts of /etc/pam.d/system-auth: authrequired pam_env.so authsufficientpam_fprintd.so authsufficientpam_unix.so nullok try_first_pass authrequisite pam_succeed_if.so uid = 500 quiet authsufficientpam_ldap.so use_first_pass authrequired pam_deny.so account required pam_unix.so account sufficientpam_localuser.so account sufficientpam_succeed_if.so uid 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so passwordrequisite pam_cracklib.so try_first_pass retry=3 type= passwordsufficientpam_unix.so sha512 shadow nullok try_first_pass use_authtok passwordsufficientpam_ldap.so use_authtok passwordrequired pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so session optional pam_mkhomedir.so skel=/etc/skel umask=077 And the only line in /etc/sysconfig/authconfig I changed was: USELDAP=yes Any thoughts? For those who are experienced with nis and pam, I'm sure this is a no brainer, but I could sure use the little bit of your brain that knows how to fix this. Wes -- Wes Modes Systems Designer, Developer, and Administrator University Library ITS University of California, Santa Cruz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with User and Group Ownership listing
I am installing smb 3.5 on a CentOS 6.2 host using smbldap-tools. I've previously installed a similar configuration on RHEL4 using smb 3.0 but CentOS now uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations cannot be moved straight across. When I do a listing of a share directory that should have user and group ownership determined by LDAP, I get the uidNumbers and gidNumbers rather than the UIDs and GIDs. [root@edgar2 openldap]# ls -l /data/home | tail drwx--. 2 30634 30080 4096 Mar 18 2009 userdir1 drwx--. 33 30548 30075 4096 Jan 29 15:20 userdir2 drwx--. 3 30554 30075 4096 Jan 26 2009 userdir3 drwx--. 12 30467 30075 4096 Jun 21 2012 userdir4 drwx--. 4 30543 30075 4096 Oct 21 2008 userdir5 drwx--. 8 30555 30075 4096 Oct 31 10:36 userdir5 Other details: centos 6.2, samba 3.5, smbldap-tools 0.9.6, openldap 2.4.23 I've fussed with /etc/nsswitch.conf, /etc/pam_ldap.conf, /etc/nslcd.conf, /etc/pam.d/system-auth, and /etc/sysconfig/authconfig. And selinux is off. I know the machine is successfully connecting to LDAP. An ldapsearch works from this machine, and I can even connect to a samba share with an ldap login through smbclient. Relevant parts of /etc/nsswitch: passwd: files ldap shadow: files ldap group: files ldap #hosts: db files nisplus nis dns hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files ldap rpc:files services: files ldap netgroup: nisplus ldap #netgroup: ldap publickey: nisplus automount: files nisplus ldap #automount: files ldap aliases:files nisplus Relevant parts of /etc/pam_ldap.conf (everything else is commented out): host dir1.ourdomain.com base dc=.ourdomain,dc=com #uri ldaps://dir1.ourdomain.com uri ldap://dir1.ourdomain.com # basic auth config binddn cn=admin,dc=ourdomain,dc=com rootbinddn cn=admin,dc=ourdomain,dc=com # random stuff #timelimit 120 #bind_timelimit 120 #bind_policy hard # brought these times down wmodes Aug 11, 2008 timelimit 30 bind_timelimit 30 bind_policy soft idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap # pam config #pam_password md5 pam_password md5 # config for nss nss_base_passwd ou=people,dc=ourdomain,dc=com?one nss_base_shadow ou=people,dc=ourdomain,dc=com?one nss_base_group ou=group,dc=ourdomain,dc=com?one # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl no # OpenLDAP SSL options # Require and verify server certificate (yes/no) #tls_checkpeer yes # CA certificates for server certificate verification tls_cacertfile /etc/openldap/cacerts/cacert.pem tls_cacertdir /etc/openldap/cacerts # Client certificate and key tls_cert /etc/openldap/cacerts/servercert.pem tls_key /etc/openldap/cacerts/serverkey.pem Relevant parts of /etc/pam.d/system-auth: authrequired pam_env.so authsufficientpam_fprintd.so authsufficientpam_unix.so nullok try_first_pass authrequisite pam_succeed_if.so uid = 500 quiet authsufficientpam_ldap.so use_first_pass authrequired pam_deny.so account required pam_unix.so account sufficientpam_localuser.so account sufficientpam_succeed_if.so uid 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so passwordrequisite pam_cracklib.so try_first_pass retry=3 type= passwordsufficientpam_unix.so sha512 shadow nullok try_first_pass use_authtok passwordsufficientpam_ldap.so use_authtok passwordrequired pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so session optional pam_mkhomedir.so skel=/etc/skel umask=077 And the only line in /etc/sysconfig/authconfig I changed was: USELDAP=yes Any thoughts? For those who are experienced with nis and pam, I'm sure this is a no brainer, but I could sure use the little bit of your brain that knows how to fix this. Wes -- Wes Modes Systems Designer, Developer, and Administrator University Library ITS University of California, Santa Cruz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with /usr/bin/profiles Could not get rootkey
Hi. Current host OS: CentOS5.9 Current client OS: Windows XP (all the latest stuff) Current Samba: 3.6.6-0.129.el5 Ever since 3.4 I am having problems with the /usr/bin/profiles binary, it does NOT allow me to change a SID within a registry file. However, using an older version of the binary (3.0.33-3.29.el5_5.1) it does. If I execute the following command (note the last 4 digits on the SID) /usr/bin/profiles -c S-1-5-21-HIDDEN-HIDDEN-581009308-5424 -n S-1-5-21-HIDDEN-HIDDEN-581009308-5452 NTUSER.DAT I get the following error messages: ndr_pull_security_descriptor failed: Buffer Size Error prs_grow: Buffer overflow - unable to expand buffer by 36 bytes. ndr_pull_security_descriptor failed: Buffer Size Error prs_grow: Buffer overflow - unable to expand buffer by 36 bytes. ndr_pull_security_descriptor failed: Buffer Size Error prs_grow: Buffer overflow - unable to expand buffer by 36 bytes. ... ... ... ndr_pull_security_descriptor failed: Buffer Size Error prs_grow: Buffer overflow - unable to expand buffer by 36 bytes. regfio_rootkey: corrupt registry file ? No root key record located Could not get rootkey Any ideas anyone? Has the format of the NTUSER.DAT changed, and if so which one do I need to use? Jobst -- It took the power of 3 Commodore 64's to go to the moon, but it takes a 2GHz Pentium 4 to run XP... Something is desperately wrong here! | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem joining AD domain
Hi Nico It's not up to me to decide (and implement) the OS updates :-( and thus cannot do anything about the status of security of the systems. Though I completely agree with you :-) Now to the Samba ADS integraztion problem. I only need to execute the net ads command, I need the windows domain membership for a service running on this system not for local logins. TIA Paolo On Wed, Jan 23, 2013 at 1:12 AM, Nico Kadel-Garcia nka...@gmail.com wrote: On Tue, Jan 22, 2013 at 6:44 AM, Paolo Supino paolo.sup...@gmail.com wrote: Hi I'm trying to make a Linux server (RHEL 5.3) join my company's ADS domain. The company's domain is built from serveral kerberos realms Stop *right* there. If you have RHEL, and you've been regularly applying updates, you've automatically updated to RHEL 5.9 since its release a few weeks ago. RHEL 5.3 is now 4 yours old and you should *not* use it for any security sensitive functions like the critical Kerberos authentication in an ADS domain, without the Red Hat published system updates. So do the system updates first. and Windows domain. the Linux FQDN resolves to the name of one of the kerberos realms we have, but I was asked to to have the linux server join a different kerberos realm and windows Domain. When I attempt to run the command: 'net ads join -U [account] -w [domain]. I get the following error: Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. I know it's possible because it was done in the company in the past (unfortunately) the sysadmin that did it no longer works here and no one else knows how to reproduce how he did it. Are you using the built-in Samba 3.0.33, the available samba3x tool that is Samba 3.6.6, or a hand-built up-to-date Samba toolsuite? If you're using the built-in Samba 3.0.33 or the samba3x package, you should be able to use authconfig to set all of this in PAM,a nd only need net ads to register the particular host with AD credentials. And are you making sure to use net ads join -U 'admin@remotedomain' -w 'remotedomain', if the DNS domain does not match the AD domain? You might also install, and try working with, the X-based version of the system-config-authentication command which provides reasonable GUI options for most of this. I know this email is scarce on helpfull information. I simply don't know what information to supply (I have the output of join with -d 4 and -d 10 debug levels). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem joining AD domain
On Wed, Jan 23, 2013 at 7:13 AM, Paolo Supino paolo.sup...@gmail.com wrote: Hi Nico It's not up to me to decide (and implement) the OS updates :-( and thus cannot do anything about the status of security of the systems. Though I completely agree with you :-) Now to the Samba ADS integraztion problem. I only need to execute the net ads command, I need the windows domain membership for a service running on this system not for local logins. TIA Paolo Can you run on a test host using CentOS or Scientific Linux 5.8? It really is a security and software features issue to be stuck at RHEL 5.3? And either way, what does authconfig --test say about your configured Kerberos and LDAP settings? On Wed, Jan 23, 2013 at 1:12 AM, Nico Kadel-Garcia nka...@gmail.com wrote: On Tue, Jan 22, 2013 at 6:44 AM, Paolo Supino paolo.sup...@gmail.com wrote: Hi I'm trying to make a Linux server (RHEL 5.3) join my company's ADS domain. The company's domain is built from serveral kerberos realms Stop *right* there. If you have RHEL, and you've been regularly applying updates, you've automatically updated to RHEL 5.9 since its release a few weeks ago. RHEL 5.3 is now 4 yours old and you should *not* use it for any security sensitive functions like the critical Kerberos authentication in an ADS domain, without the Red Hat published system updates. So do the system updates first. and Windows domain. the Linux FQDN resolves to the name of one of the kerberos realms we have, but I was asked to to have the linux server join a different kerberos realm and windows Domain. When I attempt to run the command: 'net ads join -U [account] -w [domain]. I get the following error: Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. I know it's possible because it was done in the company in the past (unfortunately) the sysadmin that did it no longer works here and no one else knows how to reproduce how he did it. Are you using the built-in Samba 3.0.33, the available samba3x tool that is Samba 3.6.6, or a hand-built up-to-date Samba toolsuite? If you're using the built-in Samba 3.0.33 or the samba3x package, you should be able to use authconfig to set all of this in PAM,a nd only need net ads to register the particular host with AD credentials. And are you making sure to use net ads join -U 'admin@remotedomain' -w 'remotedomain', if the DNS domain does not match the AD domain? You might also install, and try working with, the X-based version of the system-config-authentication command which provides reasonable GUI options for most of this. I know this email is scarce on helpfull information. I simply don't know what information to supply (I have the output of join with -d 4 and -d 10 debug levels). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] problem joining AD domain
Hi I'm trying to make a Linux server (RHEL 5.3) join my company's ADS domain. The company's domain is built from serveral kerberos realms and Windows domain. the Linux FQDN resolves to the name of one of the kerberos realms we have, but I was asked to to have the linux server join a different kerberos realm and windows Domain. When I attempt to run the command: 'net ads join -U [account] -w [domain]. I get the following error: Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. I know it's possible because it was done in the company in the past (unfortunately) the sysadmin that did it no longer works here and no one else knows how to reproduce how he did it. I know this email is scarce on helpfull information. I simply don't know what information to supply (I have the output of join with -d 4 and -d 10 debug levels). TIA Paolo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem joining AD domain
On Tue, Jan 22, 2013 at 6:44 AM, Paolo Supino paolo.sup...@gmail.com wrote: Hi I'm trying to make a Linux server (RHEL 5.3) join my company's ADS domain. The company's domain is built from serveral kerberos realms Stop *right* there. If you have RHEL, and you've been regularly applying updates, you've automatically updated to RHEL 5.9 since its release a few weeks ago. RHEL 5.3 is now 4 yours old and you should *not* use it for any security sensitive functions like the critical Kerberos authentication in an ADS domain, without the Red Hat published system updates. So do the system updates first. and Windows domain. the Linux FQDN resolves to the name of one of the kerberos realms we have, but I was asked to to have the linux server join a different kerberos realm and windows Domain. When I attempt to run the command: 'net ads join -U [account] -w [domain]. I get the following error: Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. I know it's possible because it was done in the company in the past (unfortunately) the sysadmin that did it no longer works here and no one else knows how to reproduce how he did it. Are you using the built-in Samba 3.0.33, the available samba3x tool that is Samba 3.6.6, or a hand-built up-to-date Samba toolsuite? If you're using the built-in Samba 3.0.33 or the samba3x package, you should be able to use authconfig to set all of this in PAM,a nd only need net ads to register the particular host with AD credentials. And are you making sure to use net ads join -U 'admin@remotedomain' -w 'remotedomain', if the DNS domain does not match the AD domain? You might also install, and try working with, the X-based version of the system-config-authentication command which provides reasonable GUI options for most of this. I know this email is scarce on helpfull information. I simply don't know what information to supply (I have the output of join with -d 4 and -d 10 debug levels). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem joining Samba 4 to an older Samba 4 alpha 17
On Fri, 2013-01-18 at 13:48 +0100, Daniel Hedblom wrote: 2013/1/18 Andrew Bartlett abart...@samba.org On Fri, 2013-01-18 at 10:11 +0100, Daniel Hedblom wrote: Hi there, Im trying to join a samba 4.0.1 server to an older samba 4 alpha 17 server. Whatever i do the join is interrupted but i dont know what goes wrong. Dns is double checked and correct as is most other stuff. How can i get a better view of what is happening than this? Can it be the source domain that contains erroneous objects? My goal is to move the old server to a new one, maybe there are a better way of doing this? Suggestions? Honestly, upgrading in place is the best way to do this. Backup the old DC, upgrade in place, and start the 4.0.1 release. The role transfer stuff isn't as reliable as we would like, whereas in-place is. Thanks for answering so fast. Im trying to move to a new hardware at the same time, and the server is not easily upgraded as its an Resara Server with their own packages of Samba4. Not so sure i would be successfull if i upgrade. I would very much prefer if i could move the machine and user accounts somehow without doing nasty stuff to the original server. OK, so what I would suggest is setting up a new server, with the data from Resara. The way I would do it is provision a new Samba4 install, but use the same hostname, SID, domain and realm as your old server. Use the --host-ip parameter to point at your old server's IP. Then copy all the samba files to the matching locations on the new server (the main purpose of the provision is to help you find all those locations). Files to look for include the private dir (all of it), the sysvol folder and your DNS zone. The run the commands suggested in the upgrade code: samba-tool dbcheck --fix samba-tool ntacl sysvolreset source4/scripting/bin/samba_upgradedns Finally give it the same IP (at the end of the process), and then start it up. It should work - if it doesn't, then power down the new machine, go back to your old Resara server while you work out what is wrong. This will configure Samba to use the internal DNS server (the new default) and hopefully will migrate your file-based DNS zone into the AD database. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem joining Samba 4 to an older Samba 4 alpha 17
Hi there, Im trying to join a samba 4.0.1 server to an older samba 4 alpha 17 server. Whatever i do the join is interrupted but i dont know what goes wrong. Dns is double checked and correct as is most other stuff. How can i get a better view of what is happening than this? Can it be the source domain that contains erroneous objects? My goal is to move the old server to a new one, maybe there are a better way of doing this? Suggestions? Error joining to domain: Schema-DN[CN=Schema,CN=Configuration,DC=sesam,DC=lan] objects[402/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=sesam,DC=lan] objects[804/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=sesam,DC=lan] objects[1206/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=sesam,DC=lan] objects[1550/1550] linked_values[0/0] Analyze and apply schema objects Partition[CN=Configuration,DC=sesam,DC=lan] objects[402/1674] linked_values[0/0] Partition[CN=Configuration,DC=sesam,DC=lan] objects[804/1674] linked_values[0/0] Partition[CN=Configuration,DC=sesam,DC=lan] objects[1206/1674] linked_values[0/0] Partition[CN=Configuration,DC=sesam,DC=lan] objects[1608/1674] linked_values[0/0] Partition[CN=Configuration,DC=sesam,DC=lan] objects[1674/1674] linked_values[94/0] Partition[DC=sesam,DC=lan] objects[100/100] linked_values[79/0] Partition[DC=sesam,DC=lan] objects[502/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[904/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[1306/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[1708/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[2110/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[2512/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[2914/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[3316/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[3718/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[4120/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[4522/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[4924/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[5326/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[5728/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[6130/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[6532/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1338/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[811/0] ERROR(runtime): uncaught exception - (-1073741807, 'NT_STATUS_END_OF_FILE') File /usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/lib/python2.7/dist-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/lib/python2.7/dist-packages/samba/join.py, line 1104, in join_DC ctx.do_join() File /usr/lib/python2.7/dist-packages/samba/join.py, line 1014, in do_join ctx.join_finalise() File /usr/lib/python2.7/dist-packages/samba/join.py, line 812, in join_finalise ctx.send_DsReplicaUpdateRefs(nc) File /usr/lib/python2.7/dist-packages/samba/join.py, line 797, in send_DsReplicaUpdateRefs ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r) //danileh -- With best regards, Daniel Hedblom Sysadmin Phone: +46 (0) 620-68 22 02 Mobile: + 46 (0) 70 383 72 44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem joining Samba 4 to an older Samba 4 alpha 17
On Fri, 2013-01-18 at 10:11 +0100, Daniel Hedblom wrote: Hi there, Im trying to join a samba 4.0.1 server to an older samba 4 alpha 17 server. Whatever i do the join is interrupted but i dont know what goes wrong. Dns is double checked and correct as is most other stuff. How can i get a better view of what is happening than this? Can it be the source domain that contains erroneous objects? My goal is to move the old server to a new one, maybe there are a better way of doing this? Suggestions? Honestly, upgrading in place is the best way to do this. Backup the old DC, upgrade in place, and start the 4.0.1 release. The role transfer stuff isn't as reliable as we would like, whereas in-place is. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem joining Samba 4 to an older Samba 4 alpha 17
2013/1/18 Andrew Bartlett abart...@samba.org On Fri, 2013-01-18 at 10:11 +0100, Daniel Hedblom wrote: Hi there, Im trying to join a samba 4.0.1 server to an older samba 4 alpha 17 server. Whatever i do the join is interrupted but i dont know what goes wrong. Dns is double checked and correct as is most other stuff. How can i get a better view of what is happening than this? Can it be the source domain that contains erroneous objects? My goal is to move the old server to a new one, maybe there are a better way of doing this? Suggestions? Honestly, upgrading in place is the best way to do this. Backup the old DC, upgrade in place, and start the 4.0.1 release. The role transfer stuff isn't as reliable as we would like, whereas in-place is. Thanks for answering so fast. Im trying to move to a new hardware at the same time, and the server is not easily upgraded as its an Resara Server with their own packages of Samba4. Not so sure i would be successfull if i upgrade. I would very much prefer if i could move the machine and user accounts somehow without doing nasty stuff to the original server. If i upgrade in place will a subsequent join of another DC be easier then? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org //danielh -- With best regards, Daniel Hedblom Sysadmin Phone: +46 (0) 620-68 22 02 Mobile: + 46 (0) 70 383 72 44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with local profiles and samba
Hello, I'm new to the list. I subscribed because there is a problem that most do not get to look around: Before I'm using roaming profiles with samba and had no problems. But when activating local profiles (I did it puting the directives logon path, logon home and logon drive blank) passwords and part of the configuration is not saved in some programs (Chrome, Explorer ...) and sometimes a window opens saying an application is requesting access to a protected item. I think it may be a permissions problem. Any idea? Thanks. My smb.cnf: #=== Global Settings === [global] workgroup = verdnatura server string = dns proxy = yes ; wins support = yes ; wins server = w.x.y.z ; name resolve order = lmhosts host wins bcast interfaces = eth0 lo bind interfaces only = yes log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d log level = 0 ; syslog only = no # Authentication security = user encrypt passwords = true obey pam restrictions = yes unix password sync = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *Changing\sUNIX\sand\ssamba\spasswords\sfor\s*\nNew \sPassword:\s%n*\nRetype\snew\spassword:\s%n*. ; guest account = nobody ; invalid users = root pam password change = yes # Domain domain logons = yes enable privileges = yes logon path = logon home = logon drive = logon script = startup.bat root preexec = /sbin/mkhomedir_helper %U add user script = /usr/sbin/smbldap-useradd -a -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' rename user script = /usr/sbin/smbldap-usermod -r '%unew' '% uold' # Printing load printers = yes printing = cups printcap name = cups # Misc socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 ; socket options = TCP_NODELAY domain master = yes preferred master = yes local master = yes time server = yes dos filetimes = yes fake directory create times = yes dos filetime resolution = yes delete readonly = yes os level = 64 template shell = /bin/bash ; message command = /bin/sh -c '/usr/bin/linpopup %f %m %s; rm %s' idmap backend = ldapsam idmap uid = 1-2 idmap gid = 1-2 hide files = /desktop.ini/outlook*.lnk/*Briefcase*/ # LDAP passdb backend = ldapsam ldap suffix = dc=verdnatura,dc=es ldap machine suffix = ou=machines ldap user suffix = ou=people ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=verdnatura,dc=es ldap passwd sync = yes ldap delete dn = no ldap ssl = no create mask = 0744 directory mask = 0744 #=== Sharing Settings === [homes] comment = Home Directories read only = no browseable = no [printers] comment = All Printers path = /var/spool/samba guest ok = yes printable = yes writable = no printer admin = root browseable = no [print$] comment = Printer Drivers path = /var/lib/samba/printers write list = root create mask = 0664 directory mask = 0775 [netlogon] comment = Network Logon Service path = /root/netlogon read only = no force create mode = 775 force directory mode = 775 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with Samba4 installation - trouble at kinit
Lee, I've experienced a similar problem - no active kdc. By adding to my smb.conf: interfaces = YOUR_S4_IP bind interfaces only = yes And restarting the samba suite resulted in the kdc starting and listening (on port 88) I then needed to install heimdal 1.5.1 on my FreeBSD 9.1 system (from their ports system) and used this command: kinit --windows administrator@LAN To acquire a TGT. The base heimdal (1.1) on FreeBSD 9.1R fails to acquire a TGT. Regards, Dewayne -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with Samba4 installation - trouble at kinit
Hi. I am following the steps in the Samba4 HOWTO: http://wiki.samba.org/index.php/Samba4/HOWTO and I run into trouble at this step: [root@samba-ad ~]# kinit administra...@allenlan.net kinit: Cannot contact any KDC for realm 'ALLENLAN.NET' while getting initial credentials I performed all of the previous testing steps in the document successfully. This is CentOS 6.3. I started with Ubuntu 12.10 and ran into the same problem there, so clearly it's something I am doing wrong. When Samba is running, there is no listening socket on port 88. Does Samba implement the kerberos functionality internally? If so, does it specifically look for /etc/krb.conf? If Samba does not implement Kerberos, should I have a Kerberos server running? I am very unfamiliar with Kerberos. Which package should I have installed? Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with Samba4 installation - trouble at kinit
At the beginning of the HOWTO there is a link to the OS Requirements page that lists all of the packages that need to be installed before compiling Samba 4, did you follow that part of the how to and install the prerequired software? Lee Allen l...@leecallen.com 12/24/2012 7:23 AM Hi. I am following the steps in the Samba4 HOWTO: http://wiki.samba.org/index.php/Samba4/HOWTO and I run into trouble at this step: [root@samba-ad ~]# kinit administra...@allenlan.net kinit: Cannot contact any KDC for realm 'ALLENLAN.NET' while getting initial credentials I performed all of the previous testing steps in the document successfully. This is CentOS 6.3. I started with Ubuntu 12.10 and ran into the same problem there, so clearly it's something I am doing wrong. When Samba is running, there is no listening socket on port 88. Does Samba implement the kerberos functionality internally? If so, does it specifically look for /etc/krb.conf? If Samba does not implement Kerberos, should I have a Kerberos server running? I am very unfamiliar with Kerberos. Which package should I have installed? Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with Samba4 installation - trouble at kinit
On Mon, 2012-12-24 at 09:23 -0500, Lee Allen wrote: Hi. I am following the steps in the Samba4 HOWTO: http://wiki.samba.org/index.php/Samba4/HOWTO and I run into trouble at this step: [root@samba-ad ~]# kinit administra...@allenlan.net kinit: Cannot contact any KDC for realm 'ALLENLAN.NET' while getting initial credentials I performed all of the previous testing steps in the document successfully. This is CentOS 6.3. I started with Ubuntu 12.10 and ran into the same problem there, so clearly it's something I am doing wrong. When Samba is running, there is no listening socket on port 88. Does Samba implement the kerberos functionality internally? If so, does it specifically look for /etc/krb.conf? Yes, it implements a Kerberos KDC internally. If Samba does not implement Kerberos, should I have a Kerberos server running? I am very unfamiliar with Kerberos. Which package should I have installed? No additional package is required. Have you installed from the Samba 4.0 tarball, git or is this a Samba package you obtained from somewhere? (Most Samba packages at this stage are incomplete in one way or another, as distributions catch up with the full and official Samba 4.0 release). Are there any errors in the logs? Is it bound to the other ports? Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem compiling Samba4, Python installed in nonstandard location
Hi,I am working with a custom built (LFS-based) Linux distro and am attempting to compile Samba4. Samba3 has always compiled without issue. The system has its Python installed in /opt/python2. There are symlinks to put python in /usr/local/bin and the python2.7 lib folder in /usr/include. The configure command used was simply ./configure --enable-fhs --with-quotas The compile runs fine until it gets to steps involving Python. I'm guessing this has to do with Python headers not being properly included, but I can't figure out what approach to take to make it work right: [3286/3752] Linking default/lib/talloc/libpytalloc-util.so/opt/python2/lib/libpython2.7.a(longobject.o): In function `PyLong_FromString':/usr/src/Python-2.7.3/Objects/longobject.c:1851: undefined reference to `log'/opt/python2/lib/libpython2.7.a(dynload_shlib.o): In function `_PyImport_GetDynLoadFunc':/usr/src/Python-2.7.3/Python/dynload_shlib.c:94: undefined reference to `dlsym'/usr/src/Python-2.7.3/Python/dynload_shlib.c:130: undefined reference to `dlopen'/usr/src/Python-2.7.3/Python/dynload_shlib.c:141: undefined reference to `dlsym'/usr/src/Python-2.7.3/Python/dynload_shlib.c:133: undefined reference to `dlerror'/opt/python2/lib/libpython2.7.a(signalmodule.o): In function `timeval_from_double':/usr/src/Python-2.7.3/./Modules/signalmodule.c:112: undefined reference to `floor'/usr/src/Python-2.7.3/./Modules/signalmodule.c:112: undefined reference to `floor'/usr/src/Python-2.7.3/./Modules/signalmodule.c:113: undefined reference to `fmod'/usr/src/Python-2.7.3/./Modules/signa lmodule.c:113: undefined reference to `fmod'/opt/python2/lib/libpython2.7.a(posixmodule.o): In function `posix_openpty':/usr/src/Python-2.7.3/./Modules/posixmodule.c:3756: undefined reference to `openpty'/opt/python2/lib/libpython2.7.a(posixmodule.o): In function `posix_forkpty':/usr/src/Python-2.7.3/./Modules/posixmodule.c:3816: undefined reference to `forkpty'/opt/python2/lib/libpython2.7.a(complexobject.o): In function `_Py_c_pow':/usr/src/Python-2.7.3/Objects/complexobject.c:139: undefined reference to `hypot'/usr/src/Python-2.7.3/Objects/complexobject.c:140: undefined reference to `pow'/usr/src/Python-2.7.3/Objects/complexobject.c:141: undefined reference to `atan2'/usr/src/Python-2.7.3/Objects/complexobject.c:143: undefined reference to `sincos'/usr/src/Python-2.7.3/Objects/complexobject.c:144: undefined reference to `exp'/usr/src/Python-2.7.3/Objects/complexobject.c:145: undefined reference to `log'/opt/python2/lib/libpython2.7.a(complexobject.o): In function `_Py_c_a bs':/usr/src/Python-2.7.3/Objects/complexobject.c:210: undefined reference to `hypot'/opt/python2/lib/libpython2.7.a(floatobject.o): In function `float_divmod':/usr/src/Python-2.7.3/Objects/floatobject.c:750: undefined reference to `fmod'/opt/python2/lib/libpython2.7.a(floatobject.o): In function `float_rem':/usr/src/Python-2.7.3/Objects/floatobject.c:718: undefined reference to `fmod'/opt/python2/lib/libpython2.7.a(floatobject.o): In function `float_pow':/usr/src/Python-2.7.3/Objects/floatobject.c:912: undefined reference to `pow'/usr/src/Python-2.7.3/Objects/floatobject.c:888: undefined reference to `fmod'/usr/src/Python-2.7.3/Objects/floatobject.c:863: undefined reference to `fmod'/usr/src/Python-2.7.3/Objects/floatobject.c:853: undefined reference to `fmod'/opt/python2/lib/libpython2.7.a(floatobject.o): In function `_Py_double_round':/usr/src/Python-2.7.3/Objects/floatobject.c:1137: undefined reference to `fmod'collect2: error: ld returned 1 exit statusWaf: Leaving direc tory `/home/src/samba-4.0.0/bin'Build failed: - task failed (err #1): {task: cc_link pytalloc_util_5.o - libpytalloc-util.so}make: *** [all] Error 1 I'm not at all familiar with the waf build system, so I'm not sure how I can do things like apply additional LD or C flags (was thinking of forcing it to use /opt/python2/include as an include dir) or if this is something completely unrelated. I do know there's something that's always happened with this system where the LDFLAGS doesn't include -ldl so those dl errors might be related to that, but executing LDFLAGS=-ldl make didn't change the behavior at all. Any advice? F -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem compiling Samba4, Python installed in nonstandard location
On Fri, 2012-12-21 at 15:55 -0600, Flint Million wrote: Hi,I am working with a custom built (LFS-based) Linux distro and am attempting to compile Samba4. Samba3 has always compiled without issue. The system has its Python installed in /opt/python2. There are symlinks to put python in /usr/local/bin and the python2.7 lib folder in /usr/include. The configure command used was simply ./configure --enable-fhs --with-quotas The compile runs fine until it gets to steps involving Python. I'm guessing this has to do with Python headers not being properly included, but I can't figure out what approach to take to make it work right: [3286/3752] Linking default/lib/talloc/libpytalloc-util.so/opt/python2/lib/libpython2.7.a(longobject.o): In function `PyLong_FromString':/usr/src/Python-2.7.3/Objects/longobject.c:1851: undefined reference to `log'/opt/python2/lib/libpython2.7.a(dynload_shlib.o): In function `_PyImport_GetDynLoadFunc':/usr/src/Python-2.7.3/Python/dynload_shlib.c:94: undefined reference to `dlsym'/usr/src/Python-2.7.3/Python/dynload_shlib.c:130: undefined reference to `dlopen'/usr/src/Python-2.7.3/Python/dynload_shlib.c:141: undefined reference to `dlsym'/usr/src/Python-2.7.3/Python/dynload_shlib.c:133: undefined reference to `dlerror'/opt/python2/lib/libpython2.7.a(signalmodule.o): In function `timeval_from_double':/usr/src/Python-2.7.3/./Modules/signalmodule.c:112: undefined reference to `floor'/usr/src/Python-2.7.3/./Modules/signalmodule.c:112: undefined reference to `floor'/usr/src/Python-2.7.3/./Modules/signalmodule.c:113: undefined reference to `fmod'/usr/src/Python-2.7.3/./Modules/sig nalmodule.c:113: undefined reference to `fmod'/opt/python2/lib/libpython2.7.a(posixmodule.o): In function `posix_openpty':/usr/src/Python-2.7.3/./Modules/posixmodule.c:3756: undefined reference to `openpty'/opt/python2/lib/libpython2.7.a(posixmodule.o): In function `posix_forkpty':/usr/src/Python-2.7.3/./Modules/posixmodule.c:3816: undefined reference to `forkpty'/opt/python2/lib/libpython2.7.a(complexobject.o): In function `_Py_c_pow':/usr/src/Python-2.7.3/Objects/complexobject.c:139: undefined reference to `hypot'/usr/src/Python-2.7.3/Objects/complexobject.c:140: undefined reference to `pow'/usr/src/Python-2.7.3/Objects/complexobject.c:141: undefined reference to `atan2'/usr/src/Python-2.7.3/Objects/complexobject.c:143: undefined reference to `sincos'/usr/src/Python-2.7.3/Objects/complexobject.c:144: undefined reference to `exp'/usr/src/Python-2.7.3/Objects/complexobject.c:145: undefined reference to `log'/opt/python2/lib/libpython2.7.a(complexobject.o): In function `_Py_c _abs':/usr/src/Python-2.7.3/Objects/complexobject.c:210: undefined ref erence to `hypot'/opt/python2/lib/libpython2.7.a(floatobject.o): In function `float_divmod':/usr/src/Python-2.7.3/Objects/floatobject.c:750: undefined reference to `fmod'/opt/python2/lib/libpython2.7.a(floatobject.o): In function `float_rem':/usr/src/Python-2.7.3/Objects/floatobject.c:718: undefined reference to `fmod'/opt/python2/lib/libpython2.7.a(floatobject.o): In function `float_pow':/usr/src/Python-2.7.3/Objects/floatobject.c:912: undefined reference to `pow'/usr/src/Python-2.7.3/Objects/floatobject.c:888: undefined reference to `fmod'/usr/src/Python-2.7.3/Objects/floatobject.c:863: undefined reference to `fmod'/usr/src/Python-2.7.3/Objects/floatobject.c:853: undefined reference to `fmod'/opt/python2/lib/libpython2.7.a(floatobject.o): In function `_Py_double_round':/usr/src/Python-2.7.3/Objects/floatobject.c:1137: undefined reference to `fmod'collect2: error: ld returned 1 exit statusWaf: Leaving directory `/home/src/samba-4.0.0/bin'Build failed: - task failed (err #1): {task: cc_link pytalloc_util_5.o - libpytalloc-util.so}make: *** [all] Error 1 I'm not at all familiar with the waf build system, so I'm not sure how I can do things like apply additional LD or C flags (was thinking of forcing it to use /opt/python2/include as an include dir) or if this is something completely unrelated. I do know there's something that's always happened with this system where the LDFLAGS doesn't include -ldl so those dl errors might be related to that, but executing LDFLAGS=-ldl make didn't change the behavior at all. Any advice? F These errors seem to indicate the python isn't sufficiently linked on your platform. Do other things compile correctly against python? Is your /etc/ld.so.conf correct? On the broader question, you can pass additional LDFLAGS to Samba's build process like so: LDFLAGS=-lm ./configure Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem compiling Samba4, Python installed in nonstandard location
I recompiled my Python installation, looks like I didn't use the --enable-shared switch. Now I have a .so file and linking seems to be working correctly. So far the Samba compile is running fine. Thanks! F Subject: Re: [Samba] Problem compiling Samba4, Python installed in nonstandard location From: abart...@samba.org To: fdmill...@msn.com CC: samba@lists.samba.org Date: Sat, 22 Dec 2012 09:11:52 +1100 On Fri, 2012-12-21 at 15:55 -0600, Flint Million wrote: Hi,I am working with a custom built (LFS-based) Linux distro and am attempting to compile Samba4. Samba3 has always compiled without issue. The system has its Python installed in /opt/python2. There are symlinks to put python in /usr/local/bin and the python2.7 lib folder in /usr/include. The configure command used was simply ./configure --enable-fhs --with-quotas The compile runs fine until it gets to steps involving Python. I'm guessing this has to do with Python headers not being properly included, but I can't figure out what approach to take to make it work right: [3286/3752] Linking default/lib/talloc/libpytalloc-util.so/opt/python2/lib/libpython2.7.a(longobject.o): In function `PyLong_FromString':/usr/src/Python-2.7.3/Objects/longobject.c:1851: undefined reference to `log'/opt/python2/lib/libpython2.7.a(dynload_shlib.o): In function `_PyImport_GetDynLoadFunc':/usr/src/Python-2.7.3/Python/dynload_shlib.c:94: undefined reference to `dlsym'/usr/src/Python-2.7.3/Python/dynload_shlib.c:130: undefined reference to `dlopen'/usr/src/Python-2.7.3/Python/dynload_shlib.c:141: undefined reference to `dlsym'/usr/src/Python-2.7.3/Python/dynload_shlib.c:133: undefined reference to `dlerror'/opt/python2/lib/libpython2.7.a(signalmodule.o): In function `timeval_from_double':/usr/src/Python-2.7.3/./Modules/signalmodule.c:112: undefined reference to `floor'/usr/src/Python-2.7.3/./Modules/signalmodule.c:112: undefined reference to `floor'/usr/src/Python-2.7.3/./Modules/signalmodule.c:113: undefined reference to `fmod'/usr/src/Python-2.7.3/./Modules/s ignalmodule.c:113: undefined reference to `fmod'/opt/python2/lib/libpython2.7.a(posixmodule.o): In function `posix_openpty':/usr/src/Python-2.7.3/./Modules/posixmodule.c:3756: undefined reference to `openpty'/opt/python2/lib/libpython2.7.a(posixmodule.o): In function `posix_forkpty':/usr/src/Python-2.7.3/./Modules/posixmodule.c:3816: undefined reference to `forkpty'/opt/python2/lib/libpython2.7.a(complexobject.o): In function `_Py_c_pow':/usr/src/Python-2.7.3/Objects/complexobject.c:139: undefined reference to `hypot'/usr/src/Python-2.7.3/Objects/complexobject.c:140: undefined reference to `pow'/usr/src/Python-2.7.3/Objects/complexobject.c:141: undefined reference to `atan2'/usr/src/Python-2.7.3/Objects/complexobject.c:143: undefined reference to `sincos'/usr/src/Python-2.7.3/Objects/complexobject.c:144: undefined reference to `exp'/usr/src/Python-2.7.3/Objects/complexobject.c:145: undefined reference to `log'/opt/python2/lib/libpython2.7.a(complexobject.o): In function `_Py _c_abs':/usr/src/Python-2.7.3/Objects/complexobject.c:210: undefined ref erence to `hypot'/opt/python2/lib/libpython2.7.a(floatobject.o): In function `float_divmod':/usr/src/Python-2.7.3/Objects/floatobject.c:750: undefined reference to `fmod'/opt/python2/lib/libpython2.7.a(floatobject.o): In function `float_rem':/usr/src/Python-2.7.3/Objects/floatobject.c:718: undefined reference to `fmod'/opt/python2/lib/libpython2.7.a(floatobject.o): In function `float_pow':/usr/src/Python-2.7.3/Objects/floatobject.c:912: undefined reference to `pow'/usr/src/Python-2.7.3/Objects/floatobject.c:888: undefined reference to `fmod'/usr/src/Python-2.7.3/Objects/floatobject.c:863: undefined reference to `fmod'/usr/src/Python-2.7.3/Objects/floatobject.c:853: undefined reference to `fmod'/opt/python2/lib/libpython2.7.a(floatobject.o): In function `_Py_double_round':/usr/src/Python-2.7.3/Objects/floatobject.c:1137: undefined reference to `fmod'collect2: error: ld returned 1 exit statusWaf: Leaving directory `/home/src/samba-4.0.0/bin'Build failed: - task failed (er r #1): {task: cc_link pytalloc_util_5.o - libpytalloc-util.so}make: *** [all] Error 1 I'm not at all familiar with the waf build system, so I'm not sure how I can do things like apply additional LD or C flags (was thinking of forcing it to use /opt/python2/include as an include dir) or if this is something completely unrelated. I do know there's something that's always happened with this system where the LDFLAGS doesn't include -ldl so those dl errors might be related to that, but executing LDFLAGS=-ldl make didn't change the behavior at all. Any advice? F These errors seem to indicate the python isn't sufficiently linked on your platform. Do other things compile correctly against python? Is your /etc
Re: [Samba] Problem samba3 to samba4
On Thu, 2012-12-06 at 12:59 +0100, Hervé Hénoch wrote: Hello I've migrated a samba 3 server to a samba 4 (.all the tests mentioned in this howto are succesfull) .But i can't open a session with a workstation on samba4 domain : approbation problem. The workstation name which can't connect is admin-pc Any idea ? The password for admin-pc has not been correctly migrated for some reason. You will need to re-join it to the domain, because clearly what the DC thinks the password on admin-pc$ is doesn't match what admin-pc thinks it is. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with Kerberos in Samba4
Am Sat, 08 Dec 2012 18:03:31 +0100 schrieb Börje Johnsson: Hi I have a problem when setting up samba4. The server is Ubuntu 12.04 and the version of samba is 4.0.0rc6. I use a clean install of samba. built from git or installed with ubuntu packages? I think that samba is configured correctly according to the HOWTO. Samba is provisioned like this: $ samba-tool domain provision --realm=hrm.local --domain=HRM --adminpass='' --server-role=dc resolv.conf: domain hrm.local nameserver 172.20.10.19 Every test in the HOWTO works until Kerberos is tested: $ kinit administrator@HRM.LOCAL kinit: Cannot contact any KDC for realm 'HRM.LOCAL' while getting initial credentials did you actually start samba after the provision? (check: ps -C samba -f) any messages in the samba.log file? $ klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administra...@samba.example.com Valid starting Expires Service principal 2012-12-08 16:38:15 2012-12-09 02:38:15 krbtgt/ samba.example@samba.example.com renew until 2012-12-15 16:38:15 2012-12-08 16:38:15 2012-12-09 02:38:15 LOCALADMEMBER$@SAMBA.EXAMPLE.COM maybe a leftover from old tests? run kdestroy to clean up kerberos credentials cache. - Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with Kerberos in Samba4
Hi I have a problem when setting up samba4. The server is Ubuntu 12.04 and the version of samba is 4.0.0rc6. I use a clean install of samba. I think that samba is configured correctly according to the HOWTO. Samba is provisioned like this: $ samba-tool domain provision --realm=hrm.local --domain=HRM --adminpass='' --server-role=dc resolv.conf: domain hrm.local nameserver 172.20.10.19 Every test in the HOWTO works until Kerberos is tested: $ kinit administrator@HRM.LOCAL kinit: Cannot contact any KDC for realm 'HRM.LOCAL' while getting initial credentials $ klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administra...@samba.example.com Valid starting Expires Service principal 2012-12-08 16:38:15 2012-12-09 02:38:15 krbtgt/ samba.example@samba.example.com renew until 2012-12-15 16:38:15 2012-12-08 16:38:15 2012-12-09 02:38:15 LOCALADMEMBER$@SAMBA.EXAMPLE.COM That i weird because i have not used the samba.example.com domain in any configuration. $ cat krb5.conf: [libdefaults] default_realm = HRM.LOCAL dns_lookup_realm = false dns_lookup_kdc = true Any ideas? cheers Börje Johnsson HRM Software AB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem browsing server root
I have a problem looking at a server's shares from either a linux or windows computer. Both OS's give NT_STATUS_ACCESS_DENIED errors when trying to browse the server (//192.168.1.11). However, both can view the file share (//192,168.1.11/public) when entered directly into the address bar. As far as I can tell from the docs, my configuration should allow the server's share list to be browsed. Other servers I've set-up with an identical smb.conf file have acted as I expected (browsing), I don't know where else I should be looking for what's blocking it. Iptables is empty except for the fail2ban chain, but stopping fail2ban doesn't help and I have the same issue from multiple ip addresses. My smb.conf is as follows: [global] workgroup = EDSRDUSNC server string = %h server map to guest = Bad Password guest account = data syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 os level = 1 local master = No domain master = No dns proxy = No [public] path = /home/data force user = data read only = No guest only = Yes guest ok = Yes Here's the output from `smbclient -L 192.168.1.11` from 192.168.1.2: mattkorz@zeus:~$ smbclient -L 192.168.1.11 Enter mattkorz's password: Domain=[EDSRDUSNC] OS=[Unix] Server=[Samba 3.6.6] Sharename Type Comment - --- Error returning browse list: NT_STATUS_ACCESS_DENIED Domain=[EDSRDUSNC] OS=[Unix] Server=[Samba 3.6.6] Server Comment ---- WorkgroupMaster ---- mattkorz@zeus:~$ Here's the server's output for `uname -a`: Linux kore2 3.2.0-4-686-pae #1 SMP Debian 3.2.32-1 i686 GNU/Linux -- Matthew Korzeniowski -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem samba3 to samba4
Hello I've migrated a samba 3 server to a samba 4 (.all the tests mentioned in this howto are succesfull) .But i can't open a session with a workstation on samba4 domain : approbation problem. The workstation name which can't connect is admin-pc Any idea ? *Here are the logs of log.samba * Kerberos: Looking for ENC-TS pa-data -- *admin-pc$@SC* [2012/12/06 12:50:59, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Failed to decrypt PA-DATA -- admin-pc$@SC (enctype arcfour-hmac-md5) error Decrypt integrity check failed [2012/12/06 12:50:59, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Failed to decrypt PA-DATA -- admin-pc$@SC [2012/12/06 12:50:59, 3] ../source4/smbd/service_stream.c:63(stream_terminate_connection) Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' [2012/12/06 12:50:59, 3] ../source4/smbd/process_single.c:104(single_terminate) single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] [2012/12/06 12:50:59, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ admin-pc$@SC from ipv4:192.168.77.33:49599 for krbtgt/SC@SC [2012/12/06 12:50:59, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Client sent patypes: encrypted-timestamp, 128 [2012/12/06 12:50:59, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Looking for PKINIT pa-data -- admin-pc$@SC [2012/12/06 12:50:59, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Looking for ENC-TS pa-data -- admin-pc$@SC [2012/12/06 12:50:59, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Failed to decrypt PA-DATA -- admin-pc$@SC (enctype arcfour-hmac-md5) error Decrypt integrity check failed [2012/12/06 12:50:59, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Failed to decrypt PA-DATA -- admin-pc$@SC [2012/12/06 12:50:59, 3] ../source4/smbd/service_stream.c:63(stream_terminate_connection) Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' [2012/12/06 12:50:59, 3] ../source4/smbd/process_single.c:104(single_terminate) single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] [2012/12/06 12:50:59, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ admin-pc$@SC from ipv4:192.168.77.33:49600 for krbtgt/SC@SC [2012/12/06 12:50:59, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Client sent patypes: encrypted-timestamp, 128 [2012/12/06 12:50:59, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Looking for PKINIT pa-data -- admin-pc$@SC [2012/12/06 12:50:59, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Looking for ENC-TS pa-data -- admin-pc$@SC [2012/12/06 12:50:59, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Failed to decrypt PA-DATA -- admin-pc$@SC (enctype arcfour-hmac-md5) error Decrypt integrity check failed [2012/12/06 12:50:59, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Failed to decrypt PA-DATA -- admin-pc$@SC [2012/12/06 12:50:59, 3] ../source4/smbd/service_stream.c:63(stream_terminate_connection) Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' [2012/12/06 12:50:59, 3] ../source4/smbd/process_single.c:104(single_terminate) single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] *Here are the logs of log.smbd* , 3] ../source4/auth/ntlm/auth.c:270(auth_check_password_send) auth_check_password_send: Checking password for unmapped user [SC]\[ADMIN-PC$]@[ADMIN-PC] auth_check_password_send: mapped user is: [SC]\[ADMIN-PC$]@[ADMIN-PC] [2012/12/06 12:50:59.430091, 3] ../libcli/auth/ntlm_check.c:398(ntlm_password_check) ntlm_password_check: NTLMv2 password check failed [2012/12/06 12:50:59.430217, 3] ../libcli/auth/ntlm_check.c:443(ntlm_password_check) ntlm_password_check: Lanman passwords NOT PERMITTED for user *ADMIN-PC$* [2012/12/06 12:50:59.430564, 3] ../libcli/auth/ntlm_check.c:587(ntlm_password_check) ntlm_password_check: LM password, NT MD4 password in LM field and LMv2 failed for user ADMIN-PC$ [2012/12/06 12:50:59.430664, 2] ../source4/auth/ntlm/auth.c:420(auth_check_password_recv) auth_check_password_recv: sam_ignoredomain authentication for user [SC\ADMIN-PC$] FAILED with error NT_STATUS_WRONG_PASSWORD [2012/12/06 12:50:59.430783, 2]
[Samba] Problem loading login.bat on a windows 7 machine
On 1 windows 7 workstation in my work samba 3 domain roaming profiles are not loading. The problem seems to be a failure in loading the login.bat Samba version 3.5.19 PID Username Group Machine --- 8078 jdrescher Domain Users radimgws70 (192.168.2.157) Service pid machine Connected at --- IPC$ 8199 datastore2Tue Nov 27 12:29:05 2012 IPC$ 8180 datastore1Tue Nov 27 12:28:07 2012 IPC$ 8229 radimgws68Tue Nov 27 12:31:10 2012 netlogon 8078 radimgws70Tue Nov 27 12:22:26 2012 Locked files: Pid UidDenyMode Access R/WOplock SharePath Name Time -- 8078 1000 DENY_WRITE 0xa1RDONLY NONE /home/netlogon login.bat Tue Nov 27 12:22:26 2012 [2012/11/27 12:24:02.704884, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (1000, 513) - sec_ctx_stack_ndx = 0 [2012/11/27 12:24:02.705305, 3] smbd/vfs.c:881(check_reduced_name) check_reduced_name [login.bat.34308300201211260203NT7TT.{10E39A49-4531-4496-A08E-842D4C440D20}] [/home/netlogon] [2012/11/27 12:24:02.705338, 3] smbd/vfs.c:1038(check_reduced_name) check_reduced_name: login.bat.34308300201211260203NT7TT.{10E39A49-4531-4496-A08E-842D4C440D20} reduced to /home/netlogon/login.bat.34308300201211260203NT7TT.{10E39A49-4531-4496-A08E-842D4C440D20} [2012/11/27 12:24:02.705362, 3] smbd/dosmode.c:166(unix_mode) unix_mode(login.bat.34308300201211260203NT7TT.{10E39A49-4531-4496-A08E-842D4C440D20}) returning 0744 [2012/11/27 12:24:02.705381, 3] smbd/error.c:80(error_packet_set) error packet at smbd/error.c(160) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND [2012/11/27 12:24:14.064825, 3] smbd/process.c:1489(process_smb) For me an interesting thing from the above output is login.bat.34308300201211260203NT7TT.{10E39A49-4531-4496-A08E-842D4C440D20} why is it trying to append .34308300201211260203NT7TT.{10E39A49-4531-4496-A08E-842D4C440D20} to the filename? Or am I reading this wrong? -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with Remote Announce
Hi, I've been running Samba 3.5.18 on ClearOS 5.2 for a while now. I have a server on its own LAN's (192.168.2.0/24 and 192.168.3.0/24) and an IPSec VPN through to 192.168.10.0/24. The remote LAN is just one machine on the other side of a router. I've been successfully seeing its netbios name and I've been able to ping the remote PC by name and browse it and vice versa. A few weeks ago I upgraded to ClearOS 6.3 with Samba 3.6.7 and with the same config I can no longer use the remote PC's name or browse it. Both ends of the VPN are on the same Workgroup. I believe these are the relevant bits of smb.conf: [global] # General netbios name = Server workgroup = HOME server string = Server # Network bind interfaces only = yes interfaces = lo eth2 eth1 smb ports = 139 445 # WINS wins support = Yes wins server = # Other preferred master = Yes domain master = Yes remote announce = 192.168.10.255 192.168.10.120 hosts allow = 127.0.0.0/24 192.168.2.0/24 192.168.3.0/24 192.168.10.0/24 10.8.0.0/24 With 3.6.7 I also use: max protocol = SMB2 The remote PC is running WinXP. In my log files in /var/log/samba I see logs for mum-blue - the remote PC - as it connects to a shared drive. On the XP machine I am forcing it yo use NetBIOS over TCP/IP and its WINS server entry is pointing to my server. Its firewall is open to UDP/TCP 137-139 and 445. The PC is on 192.168.10.120. Have I got something wrong or is there a problem with Samba? Regards, Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with Remote Announce
Never mind. User error. I'd forgotten to set the DHCP server to hand out the WINS IP. :( On 10/11/2012 08:44, Nick Howitt wrote: Hi, I've been running Samba 3.5.18 on ClearOS 5.2 for a while now. I have a server on its own LAN's (192.168.2.0/24 and 192.168.3.0/24) and an IPSec VPN through to 192.168.10.0/24. The remote LAN is just one machine on the other side of a router. I've been successfully seeing its netbios name and I've been able to ping the remote PC by name and browse it and vice versa. A few weeks ago I upgraded to ClearOS 6.3 with Samba 3.6.7 and with the same config I can no longer use the remote PC's name or browse it. Both ends of the VPN are on the same Workgroup. I believe these are the relevant bits of smb.conf: [global] # General netbios name = Server workgroup = HOME server string = Server # Network bind interfaces only = yes interfaces = lo eth2 eth1 smb ports = 139 445 # WINS wins support = Yes wins server = # Other preferred master = Yes domain master = Yes remote announce = 192.168.10.255 192.168.10.120 hosts allow = 127.0.0.0/24 192.168.2.0/24 192.168.3.0/24 192.168.10.0/24 10.8.0.0/24 With 3.6.7 I also use: max protocol = SMB2 The remote PC is running WinXP. In my log files in /var/log/samba I see logs for mum-blue - the remote PC - as it connects to a shared drive. On the XP machine I am forcing it yo use NetBIOS over TCP/IP and its WINS server entry is pointing to my server. Its firewall is open to UDP/TCP 137-139 and 445. The PC is on 192.168.10.120. Have I got something wrong or is there a problem with Samba? Regards, Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with filtering
Hi, We are having some performances problems with users that have folders shared over their internal networks. We were wondering, when the user list files using dir *.dat or calls FindFirstFile/FirstNextFile , is the filtering done on the local machine or on the remote one? Thanks in advance! -- Enrico Scantamburlo Software Development Consultant Web: Streamsim Technologies, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem shutting down Win7 Clients with net rpc
Hi everybody, I used to shutdown our workstation pools with the net rpc command. Something like this: net rpc SHUTDOWN -t 300 -f -C Nice closing message -W MYDOMAIN -U WORKSTATION_NAME\\administrator%localadminpasswd -S 192.168.7.49 Could not connect to server 192.168.7.49 Connection failed: NT_STATUS_BAD_NETWORK_NAME This worked perfectly with Windows XP, but now all workstations were freshly installed with Windows 7. After a long google session I tried all different kind of solutions (no firewall, regedit LocalAccountTokenFilterPolicy, etc) But I still don´t get it to work. When the Windows 7 Clients is running, some user is logged in and working I get the following result to the net rpc command above: Could not connect to server 192.168.7.49 Connection failed: NT_STATUS_BAD_NETWORK_NAME If the Client is in the sleep mode (seems to be standard in Win7) after some minutes doing nothing the message changes to: Could not connect to server 192.168.7.49 Connection failed: NT_STATUS_BAD_NETWORK_NAME Has anyone got a solution for this? I would turn of the sleep mode, that is no problem, but even if the client is awakeI have no solution yet to shutdown the client. Best regards Florian Götz -- Mit freundlichen Grüßen Florian Götz - Dipl.-Inf. (FH) Florian Götz Rechenzentrum Hochschule Mannheim Paul-Wittsack-Straße 10 68163 Mannheim Tel: 0621/292-6232 EMail: f.go...@hs-mannheim.de Internet: http://www.rz.hs-mannheim.de - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with POSIX ACL when using SMB2 protocol
Hello, I'm using Windows Server 2008 R2 and Debian Linux with Samba 3.6.7 and I have problem with ACL permissions. When I set max protocol = SMB2 in smb.conf I am able to traverse through folder test as user1 even if I set only read permission for Others. If I set max protocol = NT1, I cannot traverse through the same folder as user1 with the same permissions - read only for Others. Why there are differences in ACL behavior when I use NT1 or SMB2 protocol ? My Samba share is located on XFS filesystem with mount options (rw,noatime,nodiratime,attr2,usrquota,grpquota). In that share I have folder with following permissions: # file: test # owner: root # group: root user::rwx group::rwx mask::rwx other::r-- My smb.conf: [global] dos charset = CP852 display charset = UTF8 netbios name = host1 server string = description1 bind interfaces only = Yes map to guest = Bad Password obey pam restrictions = Yes passdb backend = ldapsam:ldap://127.0.0.1:389 guest account = guest passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . lanman auth = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 6000 max protocol = SMB2 enable asu support = Yes keepalive = 10 socket options = TCP_NODELAY IPTOS_LOWDELAY printcap cache time = 0 max stat cache size = 1024 domain logons = Yes os level = 0
[Samba] Problem building samba-4.0.0rc1 on Solaris 10
Hello, Building samba-4.0.0rc1 on Solaris 10 update 9 with gcc 4.4.0 fails at: [3516/3766] Linking default/lib/ntdb/ntdbtorture Undefined first referenced symbol in file err default/lib/ntdb/tools/ntdbtorture_4.o ld: fatal: Symbol referencing errors. No output written to /usr/local/src/samba-4.0.0rc1/bin/default/lib/ntdb/ntdbtorture collect2: ld returned 1 exit status Waf: Leaving directory `/usr/local/src/samba-4.0.0rc1/bin' Build failed: - task failed (err #1): {task: cc_link ntdbtorture_4.o - ntdbtorture} *** Error code 1 make: Fatal error: Command failed for target `all' configure was: ./configure --prefix=/opt/samba This has been an issue from beta4 and is reported as a bug in #9064 I'd be very happy to see a resolution to this. If there's any further information needed, please ask. -- Tom. -- Tom Crummey, Infrastructure Manager, EMAIL: t...@ee.ucl.ac.uk Dept. of Electronic and Electrical Engineering, University College London, Roberts Building, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9325 London, UK, WC1E 7JE. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem to mount CIFS share
Hi, We are using centos 6.2 and trying to mount cifs share on this server, but, we getting a error *CIFS VFS: cifs_mount failed w/return code = -22. * * * Kindly help us to get rid of it. Thanks in advance. regards, J.Vijayan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Strange Windows 7 Samba problem with unrelated CIFS mount by Samba server down
Hi, This problem is solved in our instance, but want to report it here because I'm curious about the root cause, and also for others who may see it. We have a Samba server (3.4.7) which is mounted by various Windows workstations. It also, unrelated to that, has CIFS mounts of a half-dozen other Windows servers. Today we turned off one of those half-dozen, without removing the autofs mount of it on the Samba server. At that point we discovered that user workstations using Windows 7 (but not Windows XP or Linux) were having serious trouble copying files from the Samba shares on the server. Turning the CIFS mounted Windows server back on resolved the problem, as of course did removing it from the list of autofs mounts and then turning it off again. But what is this dependency about? What is a Windows 7 client doing in negotiations with a Samba server that would allow it to list files just fine, and begin to transfer files, but have that transfer stall and fail more often than not, just if an unrelated CIFS mount by the server of another Windows system happens to be down? I know there were lots of security additions in Windows 7. But I can't figure out how We'll copy files, but undependably, in this circumstance qualifies as real protection from anything. Just seems weird. Anyone know why the one thing should depend on the other here? Thanks, Whit -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem building samba 4.0.0beta7 on Solaris 10
Hello, I've been trying to build samba 4.0.0 beta7 on Solaris 10 without success. I'm using gcc 4.4.0. The problems I'm encountering are compilation errors where include files are not being found: [1177/3379] Compiling source4/ntvfs/posix/python/pyposix_eadb.c ../source4/ntvfs/posix/python/pyposix_eadb.c:24:24: error: tdb_compat.h: No such file or directory Waf: Leaving directory `/usr/local/src/samba-4.0.0beta7/bin' Build failed: - task failed (err #1): {task: cc pyposix_eadb.c - pyposix_eadb_10.o} gmake: *** [all] Error 1 and an undefined symbol: [3203/3379] Linking default/lib/ntdb/ntdbtorture Undefined first referenced symbol in file err default/lib/ntdb/tools/ntdbtorture_3.o ld: fatal: Symbol referencing errors. No output written to /usr/local/src/samba-4.0.0beta7/bin/default/lib/ntdb/ntdbtorture collect2: ld returned 1 exit status Waf: Leaving directory `/usr/local/src/samba-4.0.0beta7/bin' Build failed: - task failed (err #1): {task: cc_link ntdbtorture_3.o,ilog_2.o,hash_1.o,replace_2.o,timegm_2.o,snprintf_2.o,strptime_2.o,getpass_2.o,getifaddrs_2.o,xattr_2.o,debug_4.o,str_4.o,tally_5.o,likely_10.o,check_1.o,free_1.o,hash_1.o,io_1.o,lock_1.o,open_1.o,summary_1.o,ntdb_1.o,transaction_1.o,traverse_1.o - ntdbtorture} I had submitted a bug report (Bug ID 9064) which was against beta4, but I've updated it with the above information. I'd be grateful either for a full fix or pointers to what to change to make it work. Thanks, -- Tom. -- Tom Crummey, Infrastructure Manager, EMAIL: t...@ee.ucl.ac.uk Dept. of Electronic and Electrical Engineering, University College London, Roberts Building, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9325 London, UK, WC1E 7JE. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba