Re: Comparing SAMBA_3_0 to HEAD
Hi, here're the latest diffs between HEAD and 3_0 (docu is excluded here, I think it should be completely in sync, sam/gums stuff shouldn't be in 3_0...) I think all small fixes should synced...and maybe all big patches two:-) jelmer:Recognize FreeBSD5 correctly (not as being sysv...) Files HEAD/source/include/includes.h and 3_0/source/include/includes.h differ abartlet: Patch from Steve Langasek [EMAIL PROTECTED] to use nice big integers when attempting to calculate the bytes/second being transferred. (Avoid overflow etc) jelmer: Don't encourage people to use -P - it's obsolete Files HEAD/source/client/client.c and 3_0/source/client/client.c differ jelmer: Remove useless spaces - this broke make proto Files HEAD/source/lib/getsmbpass.c and 3_0/source/lib/getsmbpass.c differ jmcd: Format objectGUIDs on ads dumps. Files HEAD/source/lib/util_uuid.c and 3_0/source/lib/util_uuid.c differ tridge: support all permitted encoding types in tickets. This allows us to decode a type 23 ticket when the machine account is setup for non-DES tickets Files HEAD/source/libads/kerberos_verify.c and 3_0/source/libads/kerberos_verify.c differ tridge: .NET likes both forms of servicePrincipalName in the machine account record tridge: only set UF_USE_DES_KEY_ONLY if we are using krb5 libraries that can't do type 23 jmcd: Format objectGUIDs on ads dumps. Files HEAD/source/libads/ldap.c and 3_0/source/libads/ldap.c differ jelmer: Don't use usage function, but use popt for usage and help info Files HEAD/source/nsswitch/wbinfo.c and 3_0/source/nsswitch/wbinfo.c differ tridge: - we need to rescan the trusted domain list regularly to cope with transitive trusts, and trusts that are added while winbindd is running - removed an unnecessary call to time() Files HEAD/source/nsswitch/winbindd.c and 3_0/source/nsswitch/winbindd.c differ tridge: much simpler code to choose a DC to contact in winbindd. We now always choose the server that has the most bits in common in its IP with one of our interfaces. Files HEAD/source/nsswitch/winbindd_cm.c and 3_0/source/nsswitch/winbindd_cm.c differ herb: must add one to the extra_data size to transfer the 0 string terminator. This was causing wbinfo --sequence to access past the end of malloced memory. Files HEAD/source/nsswitch/winbindd_misc.c and 3_0/source/nsswitch/winbindd_misc.c differ tridge: - we need to rescan the trusted domain list regularly to cope with transitive trusts, and trusts that are added while winbindd is running - removed an unnecessary call to time() tridge: if trusted domains are disabled then we should not try to connect to them in winbindd Files HEAD/source/nsswitch/winbindd_util.c and 3_0/source/nsswitch/winbindd_util.c differ vlendec: This fixes some bugs for NT4 usrmgr.exe abartlet(metze): PDB_SET patch Files HEAD/source/rpc_parse/parse_samr.c and 3_0/source/rpc_parse/parse_samr.c differ vlendec: Fix full_name for info23 as well. Thanks, Andrew. vlendec: This fixes some bugs for NT4 usrmgr.exe abartlet(metze): PDB_SET patch Files HEAD/source/rpc_server/srv_util.c and 3_0/source/rpc_server/srv_util.c differ vlendec: ... Files HEAD/source/script/creategroup and 3_0/source/script/creategroup differ jerry:... Files HEAD/source/script/cvslog.pl and 3_0/source/script/cvslog.pl differ vlendec: group_map patch sharpe: Push Steve Langasek's fix ... Files HEAD/source/smbd/lanman.c and 3_0/source/smbd/lanman.c differ sharpe: Fix John's little typo ... jht: Fix ability to locate if we are a WINS client. Files HEAD/source/web/swat.c and 3_0/source/web/swat.c differ jerry: more doc structure updates. SWAT now on links to the TOC for the HOWTO collection instead of linking each article. Files HEAD/swat/help/welcome.html and 3_0/swat/help/welcome.html differ vlendec: Implement 'net maxrid'. Needed to find the maximum current rid to set 'algorithmic rid base' correctly after a 'net rpc vampire'. Files HEAD/source/utils/net.c and 3_0/source/utils/net.c differ vlendec: In my test, sync_context simply has to be incremented. Can somebody with a large domain do a net rpc samdump to verify this? Without this change, I don't get everything from a NT4 SP1 and SP6 PDC. vlendec: group_map patch abartlet(metze): PDB_SET patch Files HEAD/source/utils/net_rpc_samsync.c and 3_0/source/utils/net_rpc_samsync.c differ idra: try to put every security descriptors related definitions in the same file. also try to uniform names to a clean scheme. Files HEAD/source/include/rpc_samr.h and 3_0/source/include/rpc_samr.h differ Files HEAD/source/include/rpc_secdes.h and 3_0/source/include/rpc_secdes.h differ Files HEAD/source/lib/util_seaccess.c and 3_0/source/lib/util_seaccess.c differ Files HEAD/source/rpc_server/srv_reg_nt.c and 3_0/source/rpc_server/srv_reg_nt.c differ Files HEAD/source/rpc_server/srv_samr.c and
Format of NTUSER.DAT ...
Hi, By inspection with od -ha etc, I can see much of the format of NTUSER.DAT. The early part has, in UNICODE, CRLF (sic) delimited lines, it seems. Anyway, a little way through has the line $$$PROTO.HIV and then a little further on are the SIDS, in the format: LEN of this desc 2 bytes Permissions4 bytes SID in binary format - remaining bytes So, I figure I can write a small utility to print this out. Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], http://www.richardsharpe.com
ÖÐСÐÍÍøÕ¾Ê×Ñ¡¿Õ¼ä£¡
×ð¾´µÄÐÂÀÏ¿Í»§£º ÄúºÃ£¬ÎÒ¹«Ë¾ÓŻݲúÆ·ÒѽøÈë×îºóµ¹Êý30Ì죬30Ììºó¼Û¸ñ½«Éϵ÷£¬Óû¹º´ÓËÙ£º ΪºÎÎÒÃÇ»áÔÙÉϵ÷¼Û¸ñÄØ£¬ÕâÖ÷ÒªÊÇÎÒÃÇ·þÎñÆ÷ÅäÖÃÔ½À´Ô½ºÃ£¬Ëٶȼ«¿ì£¡ 1¡¢200M£¨´¿HTML¿Õ¼ä£©+ ËÍÒ»¹ú¼ÊÓòÃû£¬½öÊÛ150Ôª/Äê 2¡¢60M¿Õ¼ä+60MÆóÒµÓÊ¾Ö + Ö§³ÖASP£¬CGI + ËÍÒ»¹ú¼ÊÓòÃû£¬½öÊÛ236Ôª/Äê 3¡¢200MP¿Õ¼ä+200MÆóÒµÓÊ¾Ö + Ö§³ÖASP£¬CGI£¬ACCESS + ËÍÒ»¹ú¼ÊÓòÃû£¬½öÊÛ336Ôª/Äê ¸ü¶à¿Õ¼ä×éºÏ£¬¸ü¶àÑ¡Ôñ--Çëµã»÷ÎÒÃǹ«Ë¾Ö÷Õ¾ ¡¡http://www.88dns.com/¡¡Á˽âÏêÇé. ÎÒ¹«Ë¾ÊÇÒ»¼ÒרÃÅÖÂÁ¦ÓÚ¸ßÐÂÍøÂç¼¼ÊõµÄ¹«Ë¾£¬ÓÐ×ŶàÄêµÄ¾Ñ飬ÔÚ×öÐéÄâÖ÷»ú·½ÃæÎÒÃÇ ÓÐמø¶ÔµÄÓÅÊÆ£º ¢ÙÖ÷»ú100MµÄ¿í´ø½ÓÈë(Íøͨ¿í´øÔÚÏÃÃŵÄÖն˽ÓÈëÊÇÓÉÎÒ˾´úÀíµÄ)£» ¢ÚÓµÓÐÒ»Åú¸ß¼¶µÄÍøÂç¹ÜÀíÈËÔ±£¬Ö÷»úÓÉÎÒÃÇ×Ô¼ºÑϸñ¹ÜÀí£¬È·Èϵ¥×Óºó24СʱÄÚ¿ªÍ¨£» ¢Û¶ÔËùÓеÄÍøÕ¾ÄÚÈÝÎÒÃǶ¼½øÐб¸·Ý£¬²¢½øÐÐʵʱ¼à¿Ø±£Ö¤ÁËÆäÎȶ¨ÐÔ£» ÁíÄúÈçÐèÎÒÃÇ°ïÄú×öÍøÒ³»òÓÐÒâ×öÎÒÃǵĴúÀí»¶Ó¸úÎÒÃÇÁªÏµ£¡ ÁªÏµE-mail:¡¡[EMAIL PROTECTED] ¡¡QQ£º40327558¡¡µç»°£º0592-8667174¡¡Ö£ÏÈÉúÁªÏµ лл! ×£ÄúÂíÄ꼪Ïé¡¢ºÃÔËÌìÌìÓС¢ÐÒÔ˳£°éËæ!!! ¡¡ ӯͨԶº½¿Æ¼¼¡¡ --- ·ÐµãȺ·¢Óʼþ,À´×ÔÈí¼þ¹¤³Ìר¼ÒÍø(http://www.21cmm.com) ½øCMMÍøУ(http://www.21cmm.com)£¬³ÉÏîÄ¿¹ÜÀíר¼Ò
Thank You
I have to be glad when received mailling list about samba-technical, but i worry about my inbox capacity, I have small size of mailbox so can't receive more e-mail. Please remove my e-mail address from your mailling list. I will access to your site and look for documents when i need. Thank you. __ ´èǹ Promotion ÃѺÅÁ˹ÒǡѺ http://HOSTdozy.com ÊÑ觨ͧà¹×éÍ·ÕèÊÓËÃѺàÇçºä«µì¢Í§¤Ø³Çѹ¹Õé ÃѺ¿ÃÕ !! à¹×éÍ·Õèà¾ÔèÁà»ç¹ 4 à·èҷѹ·Õ ! __ àÁÅì´Ù«Õè! ºÃÔ¡ÒÿÃÕÍÕàÁÅì 50 MB !!! ¢Í§¤¹ä·Â ÊÁѤÃÊÁÒªÔ¡ä´é·Õè http://MAILdozy.com ¿ÃÕ __
RE: Fixed: OpLocks caused the corruptions/slowness (Was: How Samba let us down)
Jay Ts [mailto:jay;jayts.cx] said: [excerpt] I know this is a tough issue, and I'm not sure what I'd do if I were in the driver's seat. Perhaps as a minimum, adding some documentation to the /docs directory, as Chris suggests, and also putting lines in the example smb.conf files showing how to turn off oplocks, and why. Or maybe the example smb.conf files should turn them off, with a comment explaining that the lines can be removed if the Samba server isn't serving database files, and has good network hardware, etc. Jay, your thoughts on how to fix the oplock-related corruption problem has reminded me of a long-held belief that I hold regarding the process of maintaining open-source software. The following (semi) rant is not directed at you personally, but at the Samba community. This is my personal view, not necessarily shared by anyone else on the team. (Well, I hope others share it, but I'll leave it to them to say so). My opinion is that the right fix is for anyone who is experiencing data corruption of any sort, whether with oplocks on, off, or sideways, to work with the Samba team to come up with a reproducible test case so that we can root cause the true source of the problem. Then, we can design and test some sort of fix, and no one else will ever have to worry about it. Anything less than this is guesswork. We *might* be able to think of an effective fix with the slim information we have now. We *absolutely* should be able to get a great fix with full cooperation. I'll go further and say that if you are using open-source/free software and not willing to perform this task, then you should not bother to report problems at all, but should simply stop using the software. Yes, this is an extreme position. But the ONLY way we can make Samba or any other open-source package better is with the full cooperation of the user community. Yes, I know we are asking you to spend precious time and resources on a task that benefits others more than it benefits you. But isn't this the nature of the entire open-source movement? Aren't you getting something of extremely high value for a rock-bottom price when it all works? Isn't that worth something to you? Go read Eric Raymond's essay on The Cathedral and The Bazaar; it may help give you some perspective on this movement. (http://www.tuxedo.org/~esr/). Thanks PG -- Paul Green, Senior Technical Consultant, Stratus Computer, Inc. Voice: +1 978-461-7557; FAX: +1 978-461-3610; Video on request. Speaking from Stratus not for Stratus
Patches for RedHat 8.0 rpms in SAMBA_2_2 (was: 2.2.6-1 src rpm)
Hello, attached are small patches for makerpms.sh.tmpl and samba2.spec.tmpl which allow compiling installing samba rpms on RedHat 8 (hope this is the right place to submit them). o tarfile: allow samba-${VERSION} to be a symlink to another directory (e.g. plain samba) o Use rpmbuild instead of rpm, as rpm under RedHat 8.0 does no more support building etc. o Remove permission bits from examples and doc directories to fool the automatic dependency generator. Regards, Axel. On Sun, Oct 27, 2002 at 11:37:27AM +1100, Andrew Bartlett wrote: Gerald (Jerry) Carter wrote: On Sat, 26 Oct 2002, Justin Georgeson wrote: Trying to install the built RPM (no errors in the build process) results in these unmet dependencies: # rpm -Uvh samba-2.2.6-1.i686.rpm error: Failed dependencies: perl(fix_print_html.lib) is needed by samba-2.2.6-1 perl(Net::LDAP) is needed by samba-2.2.6-1 Same thing I hit. Haven't figured out a way around it yet. The Net::LDAP modules if from the examples/LDAP scripts and the fix_print_html.lib must be from the docbook stuff. Neither which matter for a normal installation. You can just install with the - --nodeps option to rpm. RedHat used an ugly hack to get around this: They override their depenedncy generator with one that does a negitive grep on the Net::LDAP module. These weren't listed in the spec file as dependencies, and I'm not sure how to meet them. Is there any ETA for RH 8 RPMs, source or binary? Any idea how to get past this? Once I figure out how to get rpmbuild not to pickup these wrong dependencies, i'll be releasing offical samba.org RedHat 8 RPMS. -- [EMAIL PROTECTED] Index: makerpms.sh.tmpl === RCS file: /cvsroot/samba/packaging/RedHat/makerpms.sh.tmpl,v retrieving revision 1.2.6.4 diff -u -d -r1.2.6.4 makerpms.sh.tmpl --- makerpms.sh.tmpl6 Jan 2002 06:58:17 - 1.2.6.4 +++ makerpms.sh.tmpl29 Oct 2002 13:56:12 - @@ -62,7 +62,7 @@ (cd ../../.. ; mv samba samba-${VERSION} ) fi -( cd ../../.. ; tar --exclude=CVS -czvf ${SRCDIR}/samba-${VERSION}.tar.gz samba-${VERSION} ) +( cd ../../.. ; tar --exclude=CVS -czvf ${SRCDIR}/samba-${VERSION}.tar.gz +samba-${VERSION}/. ) cp -av samba.spec ${SPECDIR} cp -av samba-devel.spec ${SPECDIR} @@ -72,11 +72,11 @@ ( cd ../../.. ; mv samba-${VERSION} samba ) echo Getting Ready to build Developmental Build cd ${SPECDIR} - rpm -ba -v samba-devel.spec + rpmbuild -ba -v samba-devel.spec else echo Getting Ready to build release package cd ${SPECDIR} - rpm -ba -v --clean --rmsource samba.spec + rpmbuild -ba -v --clean --rmsource samba.spec fi echo Done. Index: samba2.spec.tmpl === RCS file: /cvsroot/samba/packaging/RedHat/samba2.spec.tmpl,v retrieving revision 1.18.6.54 diff -u -d -r1.18.6.54 samba2.spec.tmpl --- samba2.spec.tmpl17 Oct 2002 02:22:00 - 1.18.6.54 +++ samba2.spec.tmpl29 Oct 2002 13:56:14 - @@ -196,8 +196,10 @@ --prefix=%{prefix} \ --localstatedir=/var make +cd ../.. - +# Remove some permission bits to avoid to many dependencies +find examples docs -type f | xargs -r chmod -x %install rm -rf $RPM_BUILD_ROOT
Re: Fixes for netlogon unigroup.
On Sun, Oct 27, 2002 at 02:14:54PM +1100, Andrew Bartlett wrote: I was wondering, would you have time to look at the netlogon unigroup issue again? I'll add this to TODO list. I finally have an arragement to dedicate up to 8-16 hrs of work time per week to Samba development during next several months. Since that code was commited, we have found that we need to use the 'extra sids' in the info3 as well. I was thinking the cache should be redesigned to be indexed by SID only (not domain-sid/rid) and to store full sids for each group. Also, we never addressed the timeout issue (we should not cache that info forever). Should we also move to Mimir's new cache code as well? -- / Alexander Bokovoy --- The next person to mention spaghetti stacks to me is going to have his head knocked off. -- Bill Conrad
Re: Fixed: OpLocks caused the corruptions/slowness (Was: How Samba let us down)
You hit it _on_the_nose_ here. We wish someone had commented in the smb.conf, the manpages, the documents, ANYWHERE, about potential corruption/slowness with large database files and OpLocks. There is a chance we would have been spared grief. /dev/idal --- Jay Ts [EMAIL PROTECTED] wrote: Jeremy Allison ([EMAIL PROTECTED]) wrote: Chris de Vidal wrote: Still, wouldn't you welcome documentation advising people of potential corruption? I think we both agree that there is no guarantee that everyone's network is 100% on and the danger of corruption appears to be greater when there are large files read and written to a record at a time (namely, flat databases). Well we ship by default with the same options as Windows. But, is that a good idea? Sometimes, matching the behavior of Windows is not for the best! ;-) Certainly the extra 30% (?) performance is a nice thing, and helps Samba get good reviews when compared to Windows. But I think we can agree that a policy of matching the reliability of Windows is questionable. I think what Chris is getting at (and I wince while writing this, but I agree) is that it's better to give priority to data integrity (as you've said), and since many Samba users are now trusting Samba servers with their database files, the default either needs to be oplocks = no, or to have very obvious documentation somewhere where new Samba admins will surely see it -- and this is not easy, considering that Samba now comes bundled with all the popular Linux systems, and other Unices as well. And also considering that the issue is not easy for Samba newbies (or even oldbies) to understand. I know this is a tough issue, and I'm not sure what I'd do if I were in the driver's seat. Perhaps as a minimum, adding some documentation to the /docs directory, as Chris suggests, and also putting lines in the example smb.conf files showing how to turn off oplocks, and why. Or maybe the example smb.conf files should turn them off, with a comment explaining that the lines can be removed if the Samba server isn't serving database files, and has good network hardware, etc. I should have said this much earlier: I think if everyone is told straight out about this, then it will make life much easier for Samba administrators, help magazine testing labs _fairly_ compare Samba performance with that of Windows (they can make sure to turn oplocks on before running the test), and also make Microsoft look bad, as they should, IMO, since they created this stuff. Maybe it will pressure Microsoft into disabling oplocks by default, and level the playing field in favor of data integrity! Jay Ts author, Using Samba, 2nd ed. __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/
RE: Fixed: OpLocks caused the corruptions/slowness (Was: How Samb a let us down)
-Original Message- From: Green, Paul [mailto:Paul.Green;stratus.com] My opinion is that the right fix is for anyone who is experiencing data corruption of any sort, whether with oplocks on, off, or sideways, to work with the Samba team to come up with a reproducible test case so that we can root cause the true source of the problem. Then, we can design and test some sort of fix, and no one else will ever have to worry about it. What I'm seeing from the Samba team is this is a Windows client bug or this is an MS Access bug. I'm not saying they're wrong, but if that's the conclusion that's been reached wouldn't the rest of us just be wasting our time by trying to test this? The consensus seems to be that oplocks with Windows clients are simply broken by design. FWIW, I've never seen any corruption I could blame on Samba, with oplocks on, but my site only has 30 users, tops, and the most we ever had using the Access database simultaneously was five or six. (I did turn kernel oplocks off a couple months ago, but only because we don't need them -- nothing gets accessed from the UNIX side except during backups.) We actually saw more corruption in the Access database under Windows NT, but I blame this on a user who had a bad network connection that we discovered about the time we switched to Samba. This would tend to back up the theory that dropped packets aggravate this problem. It's rather shocking to me that SMB reacts to poorly to network problems, but I realize there's not much Samba can do about the crummy protocol design. ;)
RE: Fixed: OpLocks caused the corruptions/slowness (Was: How Samb a let us down)
--- Green, Paul [EMAIL PROTECTED] wrote: My opinion is that the right fix is for anyone who is experiencing data corruption of any sort, whether with oplocks on, off, or sideways, to work with the Samba team to come up with a reproducible test case so that we can root cause the true source of the problem. My #1 priority as a sysadmin is, make it work. But you are right; There is implied responsibility, when using free software, to help with problems. As you said, I am getting top-quality software at a rock-bottom price. It is worth our time and effort. I just hope I can convince the powers-that-be to let me test some configurations/clients. The challenge is it doesn't appear to be a problem with Samba but the clients. Regardless, I feel the Samba documentation ought to be noted when/if we can reproduceably show it to be the client's fault, so others don't fall into the same trap. If I'd have been warned, there is a chance we wouldn't have had the grief we did. /dev/idal P.S. The Cathedral is a great book. __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/
RE: Fixed: OpLocks caused the corruptions/slowness (Was: How Samb a let us down)
--- David Brodbeck [EMAIL PROTECTED] wrote: It's rather shocking to me that SMB reacts to poorly to network problems, but I realize there's not much Samba can do about the crummy protocol design. ;) There is one thing: (Now I'm beating a dead horse on this, so I'll shut up and see what I can do to help) Make the user aware. /dev/idal __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/
RE: Fixed: OpLocks caused the corruptions/slowness (Was: How Samb a let us down)
-Original Message- From: Chris de Vidal [mailto:cdevidal;yahoo.com] --- David Brodbeck [EMAIL PROTECTED] wrote: It's rather shocking to me that SMB reacts to poorly to network problems, but I realize there's not much Samba can do about the crummy protocol design. ;) There is one thing: (Now I'm beating a dead horse on this, so I'll shut up and see what I can do to help) Make the user aware. True. I agree this problem should be mentioned in the documentation, and perhaps the fact that turning off oplocks can help. I think it should be pointed out that this is often a band-aid fix to mask network performance problems, though. Obviously going into detail about specific network problems and solutions is out of the scope of the Samba documentation, but it would be a good idea to at least point people in that direction.
Help for connectivity between Unix and Windows NT Server 4.0
I have a server Unix with Samba version 2.0.6 and a server NT version 4.0, they are connected on a unique domain. The share directories are in the Unix server and the users - the groups (global and local) are in the NT Server. I don't kwnow how is it possible to give access to the shared folders on the Unix server with the groups defined on the NT server ? Please help me.
Solaris/Samba logon slowness
Hello: I've been following the thread about oplocks recently, and have been waiting for more info on the (now dormant) thread about Solaris fcntl() issues. My server is a Sun E-250, 2x400MHz, 1-Gig RAM, lots of storage, samba 2.2.5 1. WinXP logon/logoff is unbearably, excruciatingly, painfully, s*l*o*w. 'loading your personal settings' and 'saving your settings' can take upwards of 10 minutes for some users. In the process, users either get impatient and forcibly power off their machines/undock their notebooks, which leads to data corruption and damaged profiles. Sometimes, minutes into the process, a '...could not update your [local|roaming] profile...' message will appear. Is there *anything* that can be done to help with this in the short run? (Not using Windows would be the best, but it's not an option.) 2. I may upgrade to 2.2.6 tonight. Is there anything special I should do besides ./configure make make install which could remedy the situation? Thanks in advance. I can post my smb.conf if needed, but I'll save the bandwidth until it's requested. -- Len Laughridge, Director of Information Technology Kitchen Associates Architectural Services, PA Architecture - Planning - Interior Design 856.854.1880 x101
RE: Fixed: OpLocks caused the corruptions/slowness -- Understand technology not products
Quoting Chris de Vidal [EMAIL PROTECTED]: The challenge is it doesn't appear to be a problem with Samba but the clients. Regardless, I feel the Samba documentation ought to be noted when/if we can reproduceably show it to be the client's fault, so others don't fall into the same trap. If I'd have been warned, there is a chance we wouldn't have had the grief we did. But you aren't warned with Windows servers either. It's the responsibility of the sysadmin to get familiar with the _technologies_** involved, _not_ just the products**. The SMB protocol is a moving target and a PITA atop of that (although NFS and AFS have their PITA points too ;-). There are endless options and configuration choices in Samba _because_ of Microsoft and their SMB protocol. It's a bitch to pick it all up, but that's not the fault of the Samba team. *BUT* there is plenty of extra documentation filesoutside of the already massive smb.conf man page that covers all this. IN A NUTSHELL: I recommend reading _most_ of all those extra documentation files _regardless_ of whether or not you run Samba -- because their content is 100% applicable to even native Windows servers! Understanding the _technology_**, SMB in this case, is the key to successful sysadmin'ing. Which is the #1 reason why I thank God for Open Source. It puts the focus back on the technology, so you can resolve issues the vendors don't talk about but you _always_ run into. -- Bryan TheBS Smith **SIDE NOTE: This is the #1 reason why I _dispise_ vendor certifications (even though I just recently obtained several, but only to secure employment). They focus on products instead of technologies. E.g., understand X.500 and LDAP, and you can understand Microsoft ActiveDirectory or Novell NDS fairly easily. -- Bryan J. Smith, E.I.Contact Info: http://thebs.org A+/i-Net+/Linux+/Network+/Server+ CCNA CIWA CNA SCSA/SCWSE/SCNA --- limit guilt = { psychopath, remorse-0innocent }
RE: Fixed: OpLocks caused the corruptions/slowness (Was: How Samb a let us down)
On Tue, 29 Oct 2002, David Brodbeck wrote: -Original Message- From: Green, Paul [mailto:Paul.Green;stratus.com] My opinion is that the right fix is for anyone who is experiencing data corruption of any sort, whether with oplocks on, off, or sideways, to work with the Samba team to come up with a reproducible test case so that we can root cause the true source of the problem. Then, we can design and test some sort of fix, and no one else will ever have to worry about it. What I'm seeing from the Samba team is this is a Windows client bug or this is an MS Access bug. I'm not saying they're wrong, but if that's the conclusion that's been reached wouldn't the rest of us just be wasting our time by trying to test this? The consensus seems to be that oplocks with Windows clients are simply broken by design. Correct, but we still need to emulate the way it works correctly. So if we have a bug, we need to find and fix it. We need help from our users to create the test case that reproduces the problem. In the absence of this all we can really do is offer empathy with the pain. FWIW, I've never seen any corruption I could blame on Samba, with oplocks on, but my site only has 30 users, tops, and the most we ever had using the Access database simultaneously was five or six. (I did turn kernel oplocks off a couple months ago, but only because we don't need them -- nothing gets accessed from the UNIX side except during backups.) We actually saw more corruption in the Access database under Windows NT, but I blame this on a user who had a bad network connection that we discovered about the time we switched to Samba. This is a not uncommon finding. I have followed up with many users who have complained of Linux and / or Samba problems to find that they were having problems with MS Windows NT so they decided to try Samba. So when this fails they turn to this list (or even mail team members directly) complaining that Samba is broken. We all know that all software is likely to be broken in some way - bugs are inevitable and the risk increases exponentially with the size of the code base. (Don't flame me for this statement please ;)) Here are the more common causes of corruption problems: 1. Defective HUBs/Switches (especially the cheaper varieties) 2. Defective Network cards 3. Defective Routers (in particular incorrect use of NetBIOS UDP forwarding) 4. Defective Hard Disk on server 5. ESD (Electro-Static Damage) to motherboard - many older style motherboards suffered ESD damage to the interrupt controller chip. 6. Bad TCP/IP configuration _or_ inconsistent installation of multiple network protocols (on MS Windows clients) - ie: Inconsistent LANA ordering on MS Windows (9X,NT,...) I am sure that with a little effort we can expand this list, just like I am certain that when someone is in trouble they like to find help, though some do it by blaming the gasolene when the tires wear out. I do agree that we could better document the ins and outs of data corruption and how to correctly diagnose a problem situation. Then again, when in the heat of a serious problem, it is a bit trying to rememeber to RTFM isn't it? This would tend to back up the theory that dropped packets aggravate this problem. It's rather shocking to me that SMB reacts to poorly to network problems, but I realize there's not much Samba can do about the crummy protocol design. ;) - John T. -- John H Terpstra Email: [EMAIL PROTECTED]
RE: Fixed: OpLocks caused the corruptions/slowness (Was: How Samb a let us down)
-Original Message- From: John H Terpstra [mailto:jht;samba.org] This is a not uncommon finding. I have followed up with many users who have complained of Linux and / or Samba problems to find that they were having problems with MS Windows NT so they decided to try Samba. That wasn't really the case in my situation, but Samba *did* help me track down the problem. See, with NT it mostly manifested itself in hidden, irreproducable ways, like data corruption, that were easy to blame on general flakiness. We switched to Samba, and suddenly there was a major reproducable issue -- the user would find that AutoCAD files he had opened, then closed, tended to stay locked, forcing him to reboot before accessing them again. An investigation showed he had been connected to a badly overloaded hub by mistake. When this was fixed, our Access corruption problems magically disappeared as well. Here are the more common causes of corruption problems: 1. Defective HUBs/Switches (especially the cheaper varieties) 2. Defective Network cards I'd add Duplex mismatch problems. This isn't the same thing as 1 and 2, because it can happen through misconfiguration even when all the hardware is operating as designed.
Re: Solaris/Samba logon slowness
1. WinXP logon/logoff is unbearably, excruciatingly, painfully, s*l*o*w. 'loading your personal settings' and 'saving your settings' can take upwards of 10 minutes for some users. In the process, users either get impatient and forcibly power off their machines/undock their notebooks, which leads to data corruption and damaged profiles. Sometimes, minutes into the process, a '...could not update your [local|roaming] profile...' message will appear. Is there *anything* that can be done to help with this in the short run? (Not using Windows would be the best, but it's not an option.) Verify that IE's cache isn't being stored in the user's profile. That has been the number one cause of long logon/logoff on my network. Go to Internet Properties, General, Temporary Internet Files, Settings, Move Folder. I usually stick it in C:\TEMP. Slight security issue, cache may be accessible to other people use the same machine. After you make this change, it'll chug for a bit while it moves things around, you may want to delete all offline content first, it goes much faster then (at least with IE5.5). Andy.
Re: Solaris/Samba logon slowness
On Tuesday 29 October 2002 11:50, Andy Bakun wrote: 1. WinXP logon/logoff is unbearably, excruciatingly, painfully, s*l*o*w. 'loading your personal settings' and 'saving your settings' can take upwards of 10 minutes for some users. In the process, users either get impatient and forcibly power off their machines/undock their notebooks, which leads to data corruption and damaged profiles. Sometimes, minutes into the process, a '...could not update your [local|roaming] profile...' message will appear. Is there *anything* that can be done to help with this in the short run? (Not using Windows would be the best, but it's not an option.) Verify that IE's cache isn't being stored in the user's profile. ... may want to delete all offline content first, it goes much faster then (at least with IE5.5). Andy. Andy - Thanks, will look into it, but I have an ntconfig.pol file set with policies to do that automatically. Although the ntconfig.pol is an NT/2K carryover that isn't 100% supported on XP, so maybe it's slipping through... -- Len Laughridge, Director of Information Technology Kitchen Associates Architectural Services, PA Architecture - Planning - Interior Design 856.854.1880 x101
Separate profiles (solution? comments please)
Hello, Group: I'm not a developer at all, but I follow the list pretty closely to get useful tips and insight for my samba installations. Some time ago I saw a question from a list member which was something I had been wondering myself. There were no responses to that question (I checked with the poster directly, too), so I set about seeing if I could solve it. Here's my concept, and I may wind up testing this tonight to solve some serious problems we've been having. Scenario: KA-1 is a Solaris 8/Samba 2.2.5 server PDC. KA-2 is an NT4TSE/Citrix server, configured as member-server. It serves published apps to the Solaris workstations (36 of them). KA is the netbios domain. There are some PC workstations in the company as well. Executives secretaries have notebooks desktops, and the rest of the Sun users frequently log in at 2 'open' stations to run some specialised software that can't be done reasonably through Citrix. ALL OF THESE are WindowsXP. When people log into the Citrix server, they DO need access to their home directory on h:\ and other shared volumes. They DO NOT need any other aspects of their Windows profile. If you have a Windows profile that is 'pure' XP, when you log into the citrix session everything is a mess, especially printer drivers. If you have an XP profile, and log into the NT4 Citrix server, it messes up your XP profile (e.g. non-functional shortcuts in the start menu, 'My Briefcase' icon that's non-functional under XP, email settings get overwritten, or mail documents get lost, etc.) I want separate profiles for each. I want the NT4/Citrix profiles to be small (no cached email, etc.) and I want to be able to delete them on a whim without it messing up the XP profiles. The problem is that Samba does not support having a separate 'terminal profile' path. In going through the mailing list archives and the smb.conf manual, I came up with this idea (untested, as of yet): In smb.conf: netbios name = KA-1 netbios aliases = KA-1-TSE ... domain logons = Yes logon drive = h: logon path = \\%L\profiles\%L\%U logon home = \\%L\%U\profile logon script = logon.bat ... Then, on the terminal server, DISABLE any WINS lookups by deleting the ip address of the primary WINS (the samba box). Check the box for 'enable LMHOSTS lookup', and import an LMHOSTS file like below: # Force the SaMBa PDC to be called by an alias 192.168.1.15KA-1-TSE # Other things we need to browse, since WINS is disabled... ... Lastly, in the logon.bat file, you need some logic to say that if you are logging on at the Citrix box, then you need to map drives using the alias name, since that's all this machine understands, and if you're logging on at any other machine, map drives using the 'real' NETBIOS name from WINS like in this abbreviated sample: if '%COMPUTERNAME%'=='KA-2' goto :nt4tse if not '%COMPUTERNAME%'=='KA-2' goto :winxp goto :end :nt4tse net use f: \\ka-1-tse\Private /yes net use g: \\ka-1-tse\Public /yes net use h: /home /yes net use i: \\ka-1-tse\Archive /yes :winxp net use f: \\ka-1\Private /yes net use g: \\ka-1\Public /yes net use h: /home /yes net use i: \\ka-1\Archive /yes :end What do you think? If this works, should this be added to a HOWTO so that others can learn/improve/extend/submit improvments? Thanks, -- Len Laughridge, Director of Information Technology Kitchen Associates Architectural Services, PA Architecture - Planning - Interior Design 856.854.1880 x101
Re: RPC message service?
Yep. I know it's *similar* to 'net send'. The thing is that 'net send' typically starts off by trying to use port 139, connecting to the 03 NetBIOS name. From other messages I have received, I also understand that there is an MS-RPC call that handle's messaging. The spammers are using this RPC call because most folks know to block port 139. We have not had trouble with these pop-up messages where I work because we have been blocking port 135 for a while now. Thanks! Chris -)- On Tue, Oct 29, 2002 at 12:19:50PM -, Gareth Davies wrote: Original Message - From: Christopher R. Hertel [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 28, 2002 10:24 PM Subject: RPC message service? A curious article: http://www.wired.com/news/technology/0,1282,55795,00.html It says that the Messenger Service Spammers are using port 135, which means that they're not using regular WinPOPUP stuff (the 03 names on port 139). I do, in fact, see connect attempts to port 135 in my home firewall logs. (I think they should be called slimewalls.) I'm guessing that they're doing something RPC-related that has, basically, the same effect. I'm just curious to know what it is... snip They are they are using Windows messenger.. net send ip address message goes here AFAIK Shaolin - IT Systems WB Ltd. .: http://www.security-forums.com :. -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: Solaris/Samba logon slowness
On Tue, Oct 29, 2002 at 11:38:57AM -0400, Len Laughridge wrote: Hello: I've been following the thread about oplocks recently, and have been waiting for more info on the (now dormant) thread about Solaris fcntl() issues. My server is a Sun E-250, 2x400MHz, 1-Gig RAM, lots of storage, samba 2.2.5 1. WinXP logon/logoff is unbearably, excruciatingly, painfully, s*l*o*w. 'loading your personal settings' and 'saving your settings' can take upwards of 10 minutes for some users. In the process, users either get impatient and forcibly power off their machines/undock their notebooks, which leads to data corruption and damaged profiles. Sometimes, minutes into the process, a '...could not update your [local|roaming] profile...' message will appear. Is there *anything* that can be done to help with this in the short run? (Not using Windows would be the best, but it's not an option.) 2. I may upgrade to 2.2.6 tonight. Is there anything special I should do besides ./configure make make install which could remedy the situation? Thanks in advance. I can post my smb.conf if needed, but I'll save the bandwidth until it's requested. You need the Sun patch (sorry I'm not in my office right now and can't get to the patch-id). *Definately*. Samba will be slow on Solaris without it. Jeremy.
Re: ActiveX Core Technology Reference
On Tue, Oct 29, 2002 at 07:09:11PM +1030, Richard Sharpe wrote: Hi, Are people aware of this? http://www.opengroup.org/onlinepubs/009899899/toc.htm Yes, I printed it out a long time ago :-). Jeremy.
Re: Fixes for netlogon unigroup.
Alexander Bokovoy wrote: On Sun, Oct 27, 2002 at 02:14:54PM +1100, Andrew Bartlett wrote: I was wondering, would you have time to look at the netlogon unigroup issue again? I'll add this to TODO list. I finally have an arragement to dedicate up to 8-16 hrs of work time per week to Samba development during next several months. Since that code was commited, we have found that we need to use the 'extra sids' in the info3 as well. I was thinking the cache should be redesigned to be indexed by SID only (not domain-sid/rid) and to store full sids for each group. Also, we never addressed the timeout issue (we should not cache that info forever). Should we also move to Mimir's new cache code as well? Now that would make sense :-). The only problem is deciding how long to cache it for... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: [PATCH] security hole in Samba 3.0 start tls handling
Steve Langasek wrote: It appears that in Samba 3.0, the meaning of ldap ssl = start tls is somewhat diluted. First, the start tls command is only ever issued if the given ldapsam URI has a protocol string of ldaps://, which is definitely an issue -- TLS is quite a different protocol from SSL, and the whole point of TLS is to NOT use a separate port for SSL connections. Second, the STARTTLS support is completely disabled if using newer versions of the OpenLDAP client libs, resulting in the ldap ssl option being *silently* ignored to the detriment of SAM security. A workaround for existing systems is to use ldaps instead of tls. The attached patch against SAMBA_3_0 will add support for STARTTLS when using OpenLDAP libs. The muddled interaction between TLS and SSL is not addressed. Hmm - I had hoped that we could specify as much information in that URL as possible... Is there no way to indicate this in the URL? Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: [PATCH] security hole in Samba 3.0 start tls handling
On Wed, Oct 30, 2002 at 10:15:46AM +1100, Andrew Bartlett wrote: It appears that in Samba 3.0, the meaning of ldap ssl = start tls is somewhat diluted. First, the start tls command is only ever issued if the given ldapsam URI has a protocol string of ldaps://, which is definitely an issue -- TLS is quite a different protocol from SSL, and the whole point of TLS is to NOT use a separate port for SSL connections. Second, the STARTTLS support is completely disabled if using newer versions of the OpenLDAP client libs, resulting in the ldap ssl option being *silently* ignored to the detriment of SAM security. A workaround for existing systems is to use ldaps instead of tls. The attached patch against SAMBA_3_0 will add support for STARTTLS when using OpenLDAP libs. The muddled interaction between TLS and SSL is not addressed. Hmm - I had hoped that we could specify as much information in that URL as possible... Is there no way to indicate this in the URL? No, no more than you can indicate SASL preferences in a URL. You *could* embed this information in a URI string, but there would be nothing particularly standard about this, and the LDAP libraries are unlikely to understand them -- so Samba will still have to parse these components out of the URL and handle them directly. Steve Langasek postmodern programmer msg04134/pgp0.pgp Description: PGP signature
Re: [PATCH] security hole in Samba 3.0 start tls handling
Steve Langasek wrote: On Wed, Oct 30, 2002 at 10:15:46AM +1100, Andrew Bartlett wrote: It appears that in Samba 3.0, the meaning of ldap ssl = start tls is somewhat diluted. First, the start tls command is only ever issued if the given ldapsam URI has a protocol string of ldaps://, which is definitely an issue -- TLS is quite a different protocol from SSL, and the whole point of TLS is to NOT use a separate port for SSL connections. Second, the STARTTLS support is completely disabled if using newer versions of the OpenLDAP client libs, resulting in the ldap ssl option being *silently* ignored to the detriment of SAM security. A workaround for existing systems is to use ldaps instead of tls. The attached patch against SAMBA_3_0 will add support for STARTTLS when using OpenLDAP libs. The muddled interaction between TLS and SSL is not addressed. Hmm - I had hoped that we could specify as much information in that URL as possible... Is there no way to indicate this in the URL? No, no more than you can indicate SASL preferences in a URL. You *could* embed this information in a URI string, but there would be nothing particularly standard about this, and the LDAP libraries are unlikely to understand them -- so Samba will still have to parse these components out of the URL and handle them directly. That's fine then - but you can put quite a bit in that URL. (Like bind dn, search suffix and quite a few other things). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: RPC message service?
Gareth Davies wrote: Original Message - From: Christopher R. Hertel [EMAIL PROTECTED] A curious article: http://www.wired.com/news/technology/0,1282,55795,00.html It says that the Messenger Service Spammers are using port 135, which means that they're not using regular WinPOPUP stuff (the 03 names on port 139). I do, in fact, see connect attempts to port 135 in my home firewall logs. (I think they should be called slimewalls.) When it is coming from any major U.S. ISP, a copy of the firewall logs, along with the time and timezone e-mailed to the abuse@ and the security@ seems to stop it for a while. I'm guessing that they're doing something RPC-related that has, basically, the same effect. I'm just curious to know what it is... snip They are they are using Windows messenger.. net send ip address message goes here It looks like the author of the spamware issued a press release and conned a bunch of reporters into giving them free advertising. I have not followed the latest link, but they are hawking the spamware for between $300 U.S.D. and $700 a copy. There was also a report that someone was offering $2000 U.S.D for a program to send such spam. Here is a great opportunity for Samba Developer's, especially published authors to get their name in print while delivering a clue to these reporters about what the real story is. -John [EMAIL PROTECTED] Personal Opinion Only
Re: Comparing SAMBA_3_0 to HEAD
At 09:33 29.10.2002 -0500, you wrote: Thanks for doing this...can I ask how you did it? I'm not so good at cvs. I just have to tree's and run 'diff --brief HEAD 3_0' then I looked up each file in http://cvs.samba.org/cgi-bin/cvsweb/samba/source/ but I think I can write a little script that do this automaticly... (If I do this I tell you) Jim McDonough IBM Linux Technology Center Samba Team 6 Minuteman Drive Scarborough, ME 04074 USA [EMAIL PROTECTED] [EMAIL PROTECTED] Phone: (207) 885-5565 IBM tie-line: 776-9984 metze - Stefan metze Metzmacher [EMAIL PROTECTED]
Profile permissions ...
Hi, In looking at NTUSER.DAT, it seems that the permissions associated with some of the SIDs are: 0x000f003f Hmmm, here is one of the entries: 0x0014 003f 000f 0101 0005 0012 Which seems to be: ACCESS Denied, No Propogate Inherit, All Access, S-1-5-4608 Does this seem reasonable? Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], http://www.richardsharpe.com
Re: Profile permissions ...
On Wed, 30 Oct 2002, Richard Sharpe wrote: Hi, In looking at NTUSER.DAT, it seems that the permissions associated with some of the SIDs are: 0x000f003f Hmmm, here is one of the entries: 0x0014 003f 000f 0101 0005 0012 Which seems to be: ACCESS Denied, No Propogate Inherit, All Access, S-1-5-4608 Does this seem reasonable? hum the sid looks more like S-1-5-18 (this one exists i'm sure) or S-1-5-18-0 (don't remember that one). Are you sure the access mask is a file's access mask ? The lower bits of an access mask is linked to the type of the object, it applies to. files access bits != printer access bits != SAM access bits != LSA access bits, and so on. J.F.
Re: [Samba] auth to two diff PDCs? (success, sort of)
Collins, Kevin wrote: Hi All: Excuse me for butting in here, but I'm planning a migration from WinNT 4 to Samba in the near future and this thread has caused me to worry a little. Take the case that I'm planning: 3 Domains each to its own LAN (connected via 128k Frame Relay lines to form a WAN) Each domain currently has a NT 4 PDC and each domain trusts each other. How do I accomplish these trusts only using Samba PDCs? With difficulty. There are a number of ways to hack round the problem which you'll find if you search, but it's not supported functionality ATM. Meaning: If I rip out the NT Domains, replace the PDCs with Samba PDCs and rebuild new domains (new Domain Names, new NetBIOS names for the PDCs, etc.) How do I get the three domains to once again trust each other? Is there a Samba command to do this? Not at present. The current release branch of Samba (2.2.x) does not support trust relationships between domains. Samba 3.x will support this functionality, and I believe the code is already in CVS to do it. You could get an alpha of Samba 3.x, or a CVS checkout, and try to make it work with that. If I were you, I think I'd try this, but run 2 copies of Samba on each server, 3.x alpha for the PDC aspect, and 2.2.x for the actual file/print serving. You can bind two IP's to the NIC in your machines, and run 3.x on one IP, and 2.2 on the other. Mike.
RE: Samba PDCs/BDCs and Trusts WAS: auth to two diff PDCs? (success, sort of)
Andrew Barlett wrote: Domain trusts (in terms of us being a PDC trusting other DCs) are currenetly a work in progress. We hope to have it finished for Samba 3.0. However, why do you need domain trusts? (There are lots of good answers to this question, but make sure you do have one of the answers). Samba 2.2 has always supported being a member server in a domain with domain trusts, for the record. Andrew: Interesting you should ask about the *need* for my three domains and their trusts. Myself and a junior-admin had this same discussion the day I wrote the post. Looking back, it just seemed the logical thing to do. You see, in the beginning the three domains weren't connected - definite need then. When we put the WAN in place we didn't want to rip-out anything, so we used the trusts to bind the domains together - *need* defined as we needed it working ASAP. Personally, I would prefer to keep them separate just for greater user/group control. But, I can also see that I may not *need* the independent PDCs that trust each other, but maybe a PDC and 2 BDCs. I'm looking hard at the latter just so I do not hit any major hurdles when moving to SAMBA. Thinking along those lines I must pose the question: Will a SAMBA BDC function as an NT BDC in that an NT BDC will cache (i.e. store locally) user/group/SID information and only update/sync with the PDC at a specified intervals? If we go with the one domain concept here, I'm going to need the BDCs in each office to basically run the show for that office when it comes to authentication. I do not want logons, etc. being passed to the PDC across a 128K frame line half-way across the state - except in an emergency like the BDC being offline. The reason I ask is that I've not tried to simulate this yet and it really is the only sticking point in the single domain plan (that I can see now). Thanks for your response and I hope that I have not broad-sided you with my theorizing and planning. Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. smime.p7s Description: application/pkcs7-signature
RE: Samba PDCs/BDCs and Trusts WAS: auth to two diff PDCs? (succe ss, sort of)
Steven Langasek wrote: Having one PDC and two BDCs also gives you greater fault-tolerance than having three domains with a single PDC each. Samba+LDAP can give you this fault tolerance; it can't give you trust relationships today, without a lot of finagling. Steve Langasek postmodern programmer Steve: I understand the role of/need for the BDC, I'm just concerned about flooding the WAN connections with replication traffic and not being able to send things like e-mail or project files. I can control the replication in NT, but I need to know if I can do the same in SAMBA. With all the tweaks god knows there should be. :-) I've thought about the LDAP course too but haven't given it enough serious thought yet. You know of a good HOWTO? Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. (859) 233-3111 x24 smime.p7s Description: application/pkcs7-signature
Re: Samba PDCs/BDCs and Trusts WAS: auth to two diff PDCs? (succe ss, sort of)
On Tue, Oct 29, 2002 at 11:10:22AM -0500, Collins, Kevin wrote: Steven Langasek wrote: Having one PDC and two BDCs also gives you greater fault-tolerance than having three domains with a single PDC each. Samba+LDAP can give you this fault tolerance; it can't give you trust relationships today, without a lot of finagling. Steve Langasek postmodern programmer I understand the role of/need for the BDC, I'm just concerned about flooding the WAN connections with replication traffic and not being able to send things like e-mail or project files. I can control the replication in NT, but I need to know if I can do the same in SAMBA. With all the tweaks god knows there should be. :-) The only pre-packaged BDC implementation for Samba that I know of is based on LDAP. With LDAP, only changes are replicated across the link, so you have no excess traffic associated with keeping the DCs in sync. Samba sorta skipped over the NT4 technology and went straight to an ActiveDirectory approach to management... :) I've thought about the LDAP course too but haven't given it enough serious thought yet. You know of a good HOWTO? There is a Samba-PDC-LDAP HOWTO included with the Samba documentation. You can also find Ignacio Coupeau's step-by-step guide at http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html. Steve Langasek postmodern programmer msg04148/pgp0.pgp Description: PGP signature
Re: Samba PDCs/BDCs and Trusts WAS: auth to two diff PDCs? (success, sort of)
There's another poor man way. Use the classic smbpasswd file and use rsync to sync the file periodically with a cron (of course you'll miss the ability to have things promptly synced but generally this is a good enough solution for many environments). Simo. On Tue, 2002-10-29 at 17:23, Steve Langasek wrote: On Tue, Oct 29, 2002 at 11:10:22AM -0500, Collins, Kevin wrote: Steven Langasek wrote: Having one PDC and two BDCs also gives you greater fault-tolerance than having three domains with a single PDC each. Samba+LDAP can give you this fault tolerance; it can't give you trust relationships today, without a lot of finagling. Steve Langasek postmodern programmer I understand the role of/need for the BDC, I'm just concerned about flooding the WAN connections with replication traffic and not being able to send things like e-mail or project files. I can control the replication in NT, but I need to know if I can do the same in SAMBA. With all the tweaks god knows there should be. :-) The only pre-packaged BDC implementation for Samba that I know of is based on LDAP. With LDAP, only changes are replicated across the link, so you have no excess traffic associated with keeping the DCs in sync. Samba sorta skipped over the NT4 technology and went straight to an ActiveDirectory approach to management... :) I've thought about the LDAP course too but haven't given it enough serious thought yet. You know of a good HOWTO? There is a Samba-PDC-LDAP HOWTO included with the Samba documentation. You can also find Ignacio Coupeau's step-by-step guide at http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html. Steve Langasek postmodern programmer -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] Re: strange locks
[EMAIL PROTECTED] wrote The locks you see here are used by MS Office as semaphores. No one really knows why (well the MS Office programmers do, but they're not telling :-). Thank s! That explains that. But I expected to see locks for the whole of the file for the duration of the MS-Word session. Why don't I see that?Without that, I don't see how Samba locks could play nicely with other Unix processes. Actually, being a Samba techo newbie, I sort of expected that those sort of locks would be dealt with internally to Samba, and smbd would lock the whole file anyway. Anyway to get that behaviour? (Thinks: probably not as Samba doesn't know why the file is being locked -- could be a word doco, could be a database I s'pose) -Matt