[Samba] About new test cases for Durable handle version 2
Hi, I am not sure if I am addressing to the correct audience. So apologize for the that. I found in the existing smbtorture test suit do not have much test cases related to durable handle version 2 that is supported for SMB version 3 . I have done some work on that and would like to contribute on that filed. Can anyone let me know the process for that? Thanks in advance, Santanu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: samba_dnsupdate principal and TKEY unacceptable
Probably the way you do revers dns lookups, but I couldn't say for sure Krb is very dependent on DNS both forward and reverse. On Wed, Dec 12, 2012 at 9:16 PM, Tushar Dalvi tushar.dalvi.sa...@gmail.com wrote: Thanks for the reply Andrew. I had made sure the keytab was accessible to bind but it still failed. Looked like it was an SPN issue. samba_dnsupdate tried to use DNS/host@DOMAIN.LOCAL (not DNS/host.domain.local@DOMAIN.LOCAL). Using samba-tool, when I added an spn for DNS/host to the dns-host user and exported the keytab to dns.keytab, then bind accepted the TKEY. I am wondering what caused samba_dnsupdate to use DNS/host instead of DNS/host.domain.local spn. Regards, Tushar On Tue, Dec 11, 2012 at 7:03 PM, Andrew Dumaresq dumar...@gmail.com wrote: This probably means that bind can't read your dns keytab file make sure you have tkey-gssapi-keytab /path to/dns.keytab; in the options section of your bind config Then make sure it's readable by the bind user you might start making the file 666 and then sort it out later, in my case I set it chmod 600 and chown it to the user bind, which is way more secure. also your dns.keytab file should have a lot of entries in it: klist -k /usr/local/samba/private/dns.keytab Keytab name: FILE:/usr/local/samba/private/dns.keytab KVNO Principal -- 1 DNS/host.domain.local@DOMAIN.LOCAL 1 dns-host@DOMAIN.LOCAL 1 DNS/host.domain.local@DOMAIN.LOCAL 1 dns-host@DOMAIN.LOCAL 1 DNS/host.domain.local@DOMAIN.LOCAL 1 dns-host@DOMAIN.LOCAL 1 DNS/host.domain.local@DOMAIN.LOCAL 1 dns-host@DOMAIN.LOCAL 1 DNS/host.domain.local@DOMAIN.LOCAL 1 dns-host@DOMAIN.LOCAL On Sun, Dec 9, 2012 at 3:52 PM, Tushar Dalvi tushar.dalvi.sa...@gmail.com wrote: Hi, I am trying to run samba with bind_dlz (bind-9.9.1 - P1) on a multi-homed network. I have configured the setup as per Samba4 Howto. But when I try to do samba_dnsupdate --all-names it fails with error: dns_tkey_negotiategss: TKEY is unacceptable The kerberos ticket being used by samba_dnsupdate shows follwoing principals: klist -c /tmp/tmp6cxfgY Ticket cache: FILE:/tmp/tmp6cxfgY Default principal: DB-SERVER$@BOM.MH.IN Service principal krbtgt/BOM.MH.IN DNS/db-ser...@bom.mh.in Whereas the dns.keytab shows following principals (repeated for multiple encryption algorithms) klist -k private/dns.keytab: DNS/db-server.bom.mh...@bom.mh.in dns-db-ser...@bom.mh.in Wireshark shows that samba_dnsupdate requests TGS-REQ for DNS/ db-ser...@bom.mh.in I retried this thing with samba's internal DNS and there samba_dnsupdate requests for DNS/db-server.bom.mh...@bom.mh.in. In case of internal server the ticket cache shows up like: Service principal krbtgt/BOM.MH.IN DNS/db-server.bom.mh...@bom.mh.in As the principal being used by samba_dnsupdate in case of Bind doesn't contain domain name at its end, can this be the reason for Tkey failure? Why is there a difference in the principal names requested by samba_dnsupdate in case of Bind and Internal DNS? PS: I couldn't go ahead with samba's internal DNS because there I got Tsig verify failure as already posted here: http://permalink.gmane.org/gmane.network.samba.general/127722 Thank you folks for the awesome work! Regards, Tushar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Building NTP RPM Fails on CentOS 6.3
Thank you, Stephen. It seems I can't edit the wiki, but here are copy and paste instructions for building and installing ntp 4.2.6p5 RPMS on CentOS 6.3. yum remove ntp ntpdate yum install libcap-devel openssl-devel libedit-devel mkdir -p ~/install_files/ntp cd ~/install_files/ntp wget http://vault.centos.org/6.3/os/Source/SPackages/ntp-4.2.4p8-2.el6.centos.src.rpm rpm -i ntp-4.2.4p8-2.el6.centos.src.rpm cd ~/rpmbuild/SOURCES wget http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.6p5.tar.gz cd ~/rpmbuild/SPECS cp ntp.spec ntp.spec.bak sed -i 's/Version: 4.2.4p8/Version: 4.2.6p5/g' ntp.spec sed -i 's/--enable-linuxcaps/--enable-linuxcaps --enable-ntp-signd/g' ntp.spec sed -i 's/%patch/#%patch/g' ntp.spec sed -i 's/%{_sbindir}\/tickadj/%{_sbindir}\/tickadj\n%{_sbindir}\/sntp/g' ntp.spec rpmbuild -ba ntp.spec cd ~/rpmbuild/RPMS/$(uname -i)/ rpm -i ntp-4.2.6p5-2.el6.$(uname -i).rpm ntpdate-4.2.6p5-2.el6.$(uname -i).rpm On Wed, Dec 12, 2012 at 7:23 PM, Stephen Jones lloydsyst...@fastmail.com.au wrote: Hi, I built ntp-4.2.6p5 on CentOS 6.3 for my Samba4 server. The instructions in the HowTo are not quite right (at least for CentOS). Make only the following changes to the ntp.spec file: 1. Update the version/release numbers 2. Comment out all 'patch' lines 3. Add the '--enable-ntp-signd' option after '--enable-linuxcaps' 4. Add the line '%{_sbindir}/sntp' after the '%{_ntptime}' line Ignore the suggested edits related to 'man' entries or it will not compile, as you have found. With the above changes rpmbuild will work. It seems in the latest version of the HowTo they have removed the rpmbuild instructions altogether. Regards, Stephen Jones Lloyd Systems Engineering On Thu, Dec 13, 2012, at 06:50 AM, Thomas Simmons wrote: Hello, I am trying to build an NTP v4.2.6p5 RPM using the instructions in the S4 how-to, however rpmbuild fails with the following error: error: File not found by glob: /home/thomas/rpmbuild/BUILDROOT/ntp-4.2.6p5-2.el6.x86_64/usr/share/man/man8/ntpdtime.8* RPM build errors: File not found by glob: /home/thomas/rpmbuild/BUILDROOT/ntp-4.2.6p5-2.el6.x86_64/usr/share/man/man8/ntpdtime.8* I have updated my ntp.spec by updating the version and commenting out all lines that begin with %patch. I have also made the following changes, as directed in the how-to. I assume the error is coming from the line addition %{_mandir}/man8/ntpdtime.8*, however I'm not sure of the fix. It seems like that should be included in the source RPM? --enable-linuxcaps --- --enable-linuxcaps --enable-ntp-signd 330a331 %{_sbindir}/sntp 348,349c349,350 %{_mandir}/man8/ntptime.8* %{_mandir}/man8/tickadj.8* --- %{_mandir}/man8/ntpdtime.8* #%{_mandir}/man8/tickadj.8* 355c356 %{_mandir}/man8/ntp-wait.8* --- #%{_mandir}/man8/ntp-wait.8* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 - Windows 200x DNS Migration
Has anyone been able to migrate DNS from a Samba4 DC to a Windows 200x server? I've looked around the wiki, etc... and haven't found any pertaining to moving DNS between platforms. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smbclient 3.5.6 potential bug: 100-character filenames not extracted properly from tar
Hello Samba folks, I have come across a problem with smbclient 3.5.6 when I use the tar 'x' feature. Pathnames that work out to be 100 characters long are extracted incorrectly: bash-3.2$ tar tvf ugh.tar -rw-r--r-- bdavis/Domain Users 137 2012-12-07 13:36:40 a50characterpathnameABCDEFGHIJKLMNOPQRSTUVWXYZABCD/a49characterpathnameABCDEFGHIJKLMNOPQRSTUVWXYZABC -rw-r--r-- bdavis/Domain Users 138 2012-12-07 13:37:11 a50characterpathnameABCDEFGHIJKLMNOPQRSTUVWXYZABCD/a50characterpathnameABCDEFGHIJKLMNOPQRSTUVWXYZABCD bash-3.2$ smbclient --version Version 3.5.6 bash-3.2$ smbclient //XXX/Temp30Day -U XX/bdavis Enter XX/bdavis's password: Domain=[XXX] OS=[Windows Server 2003 3790 Service Pack 2] Server=[Windows Server 2003 5.2] smb: \ cd bdavis smb: \bdavis\ tar x ugh.tar restore tar file \bdavis\a50characterpathnameABCDEFGHIJKLMNOPQRSTUVWXYZABCD\a49characterpathnameABCDEFGHIJKLMNOPQRSTUVWXYZABC644 of size 137 bytes restore tar file \bdavis\a50characterpathnameABCDEFGHIJKLMNOPQRSTUVWXYZABCD\a50characterpathnameABCDEFGHIJKLMNOPQRSTUVWXYZABCD of size 138 bytes tar: restored 2 files and directories smb: \bdavis\ cd a50characterpathnameABCDEFGHIJKLMNOPQRSTUVWXYZABCD\ smb: \bdavis\a50characterpathnameABCDEFGHIJKLMNOPQRSTUVWXYZABCD\ dir . D0 Fri Dec 7 13:44:34 2012 .. D0 Fri Dec 7 13:44:34 2012 a49characterpathnameABCDEFGHIJKLMNOPQRSTUVWXYZABC644 137 Fri Dec 7 13:36:40 2012 a50characterpathnameABCDEFGHIJKLMNOPQRSTUVWXYZABCD 138 Fri Dec 7 13:37:11 2012 35000 blocks of size 4194304. 10651 blocks available smb: \bdavis\a50characterpathnameABCDEFGHIJKLMNOPQRSTUVWXYZABCD\ exit As you can see, the file with the 100 character pathname is extracted with its octal permissions concatenated to the name. I'm attaching the tar file that I used. I don't know if this problem is fixed in a newer release of smbclient. Please let me know if there's more information you need. Thanks. --Bjoren Davis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 rc6 join win2k3 domain failed
On Friday, December 07, 2012 10:56:12 PM Innocent Yevide wrote: Hello, I am trying to join samba4 rc6 to win2k3 server, and failing with: descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=office,DC=local not found under DC=office,DC=local full log below... anyone knows why? Not sure but there is a lot of discussions on the web about some problems using a .local domain name not only with samba. -- Ali -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problems with ADS and user mapping
Hi, I am having problems with the mapping of a windows users to a unix user using Active Directory. When I perform the following every think seems ok smbclient -U ADOMAIN\clearcase_albd -L CCSERVER Enter ADOMAIN\clearcase_albd's password: Domain=[ADOMAIN] OS=[Unix] Server=[Samba 3.4.3-1.17.2-2359-SUSE- CODE11] Sharename Type Comment - --- IPC$IPC IPC Service (ClearCase) LicenseMonitor Disk License monitoring directory ccviews Disk View storage directory vobstoreDisk Vob storage directory Domain=[ADOMAIN] OS=[Unix] Server=[Samba 3.4.3-1.17.2-2359-SUSE- CODE11] Server Comment ---- CCSERVER ClearCase CCSERVER2 CCSERVER3 WorkgroupMaster ---- ADOMAIN CCSERVER3 However this fails: smbclient -U ADOMAIN\clearcase_albd //CCSERVER/ccviews Enter ADOMAIN\clearcase_albd's password: Domain=[ADOMAIN] OS=[Unix] Server=[Samba 3.4.3-1.17.2-2359-SUSE- CODE11] tree connect failed: NT_STATUS_ACCESS_DENIED Both vobadmin and clearcase_albd are in Active Directory and both in the same ADOMAIN Any help would be greatly appreciated # /etc/samba/smb.conf [global] workgroup = ADOMAIN password server = ldap1.ADOMAIN.int, ldap2.ADOMAIN.int domain master = no realm = ADOMAIN.INT server string = ClearCase netbios name = CCSERVER security = ADS encrypt passwords = yes winbind use default domain = Yes winbind nested groups = Yes client use spnego = Yes winbind enum users = Yes winbind enum groups = Yes template shell = /bin/bash template homedir = /home/%D/%u log level = 2 log file = /var/log/samba/%m max log size = 50 winbind separator = + winbind cache time = 5 winbind refresh tickets = true map to guest = Bad User username map = /etc/samba/user.map max open files = 11000 add machine script = /usr/sbin/useradd -c Machine -d /var/lib/ nobody -s /bin/false %m$ usershare allow guests = Yes directory security mask = 0775 ##map untrusted to domain = Yes -- This has no effect! kernel oplocks = No create mask = 0775 directory mask = 0775 map archive = No oplocks = No level2 oplocks = No lock directory = /var/run/samba ldap timeout = 30 ldap connection timeout = 30 host msdfs = No preserve case = Yes [vobstore] comment = Vob storage directory path = /vobstore valid users = @ADOMAIN+ccusers writeable = Yes create mask = 0775 [ccviews] comment = View storage directory path = /ccviews valid users = @ADOMAIN+ccusers writeable = Yes create mask = 0775 [LicenseMonitor] comment = License monitoring directory path = /home/vobadmin/LicenseMonitor valid users = clearcase_albd vobadmin writeable = yes create mask = 0755 # /etc/samba/user.map root = administrator admin nobody = guest pcguest smbguest vobadmin = ADOMAIN\clearcase_albd clearcase_albd ## /var/log/samba/CCSERVER [2012/12/11 11:50:10, 1] smbd/service.c:676(make_ connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2012/12/11 11:51:17, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [clearcase_albd] - [vobadmin] FAILED with error NT_STATUS_NO_SUCH_USER [2012/12/11 11:51:17, 2] smbd/service.c: 584(create_connection_server_info) guest user (from session setup) not permitted to access this share (ccviews) [2012/12/11 11:51:17, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2012/12/11 11:57:33, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [clearcase_albd] - [vobadmin] FAILED with error NT_STATUS_NO_SUCH_USER [2012/12/11 11:57:34, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [clearcase_albd] - [vobadmin] FAILED with error NT_STATUS_NO_SUCH_USER [2012/12/11 11:58:54, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [clearcase_albd] - [vobadmin] FAILED with error NT_STATUS_NO_SUCH_USER [2012/12/11 11:58:54, 2] smbd/service.c: 584(create_connection_server_info) guest user (from session setup) not permitted to access this share (ccviews) [2012/12/11 11:58:54, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED Thanks in advance Matt -- To unsubscribe from this list go to the following URL and read the instructions:
Re: [Samba] Samba 4.0 released - The First Free Software Active Directory Compatible Server is now available !
Congrats. Long life to the samba projects. Cheers 2012/12/11, Jeremy Allison j...@samba.org: Samba Team Releases Samba 4.0 = December 11th 2012. The Samba Team is proud to announce the release of Samba 4.0, a major new release of the award-winning Free Software file, print and authentication server suite for Microsoft Windows clients. The First Free Software Active Directory Compatible Server == As the culmination of ten years' work, the Samba Team has created the first compatible Free Software implementation of Microsoft’s Active Directory protocols. Familiar to all network administrators, the Active Directory protocols are the heart of modern directory service implementations. Samba 4.0 comprises an LDAP directory server, Heimdal Kerberos authentication server, a secure Dynamic DNS server, and implementations of all necessary remote procedure calls for Active Directory. Samba 4.0 provides everything needed to serve as an Active Directory Compatible Domain Controller for all versions of Microsoft Windows clients currently supported by Microsoft, including the recently released Windows 8. The Samba 4.0 Active Directory Compatible Server provides support for features such as Group Policy, Roaming Profiles, Windows Administration tools and integrates with Microsoft Exchange and Free Software compatible services such as OpenChange. The Samba 4.0 Active Directory Compatible Server can also be joined to an existing Microsoft Active Directory domain, and Microsoft Active Directory Domain Controllers can be joined to a Samba 4.0 Active Directory Compatible Server, showing true peer-to-peer interoperability of the Microsoft and Samba implementations of the Active Directory protocols. Acknowledging the value of the interoperability of the Samba 4.0 Active Directory Compatible Server, Steve van Maanen, the co-founder of Starsphere LLC, an IT services company in Tokyo, said: Thanks to Samba4, I have two fully replicating Active Directory Domain controllers that boot in under 10 seconds ! It is nice to have alternatives, and Samba4 is a great one. Upgrade scripts are also provided for organizations using the previous Microsoft Windows NT Domain Controller functionality in Samba 3.x, to allow them to migrate smoothly to Samba 4.0. Suitable for low-power and embedded applications, yet scaling to large clusters, Samba 4.0 is efficient and flexible. Its Python programming interface and administration toolkit help in enterprise deployments. Created Using Microsoft Documentation = The Samba 4.0 Active Directory Compatible Server was created with help from the official protocol documentation published by Microsoft Corporation and the Samba Team would like acknowledge the documentation help and interoperability testing by Microsoft engineers that made our implementation interoperable. Active Directory is a mainstay of enterprise IT environments, and Microsoft is committed to support for interoperability across platforms, said Thomas Pfenning, director of development, Windows Server. We are pleased that the documentation and interoperability labs that Microsoft has provided have been key in the development of the Samba 4.0 Active Directory functionality. Introducing SMB2.1 File Serving Support === Samba 4.0 includes the first Free Software implementation of Microsoft's SMB2.1 file serving protocol. Building on the success of the SMB2.0 server in Samba 3.6, the Samba 4.0 file server component is an evolution of the trusted Samba file serving code that is used worldwide by vendors of file servers, such as IBM's clustered Scale Out Network Attached Storage (SONAS), and many other commercial products. In addition, the Samba 4.0 file server contains an initial implementation of SMB3, which will be further developed in later Samba 4 releases into a fully-featured SMB3 clustered file server implementation. Future developments of our SMB3 server and client suite, in combination with our expanding number of SMB3 tests, will keep driving the performance improvements and improved compatibility with Microsoft Windows that Samba users have come to expect from our software. Integrated Clustered File Server Support Building on our success as the first commercial implementation of a clustered SMB/CIFS server, Samba 4.0 provides industry-leading scalability and performance as a clustered SMB2/SMB/CIFS file server, using our clustered tdb (ctdb) technology - also available as Free Software. Clustered Samba provides a Single Server view of clustered file storage, allowing clients to connect to the least loaded server and still providing a completely coherent view of the underlying clustered file
[Samba] Difference between real and reported disk usage
(I'm not subscribed to the list: please keep me in CC) I'm copying files between two samba server using robocopy from a third Windows PC and i'm experiencing disk usage that is much higher on the destination PC. The origin samba server is Debian Lenny with samba 3.2.5. The destination samba server is Debian Wheezy with samba 3.6.9 The PC running robocopy is Windows Server 2003 with robocopy XP026. I'm copying from //gam/c$ to //gam2/c$. Either source and destination shares are mounted on /smbshare on the corresponding PCs, ext3 the former and ext4 the latter. From gam (the source): -- # du -s -h /smbshare/ 45G /smbshare/ # du -s -h --apparent-size /smbshare/ 45G /smbshare/ # df -h FilesystemSize Used Avail Use% Mounted on /dev/md2 129G 45G 78G 37% /smbshare -- And now gam2 (the destination): -- # du -s -h /smbshare/ 123G/smbshare/ # du -s -h --apparent-size /smbshare/ 45G /smbshare/ # df -h FilesystemSize Used Avail Use% Mounted on /dev/md1 210G 123G 77G 62% /smbshare -- Reading the destination share size with Windows, i obtain the same size of the origin share, which is the same as reported by du -s -h --apparent-size on the destination. But the real filesystem usage is much more, as you can see. This is the /etc/samba/smb.conf of the destination PC: [global] security = DOMAIN workgroup = BERNI log file = /var/log/samba/samba-berni.log idmap config * : backend = rid idmap config * : range = 100-199 invalid users = root admin users = +berni\domain admins create mask = 0664 directory mask = 0771 vfs object = acl_xattr inherit owner = Yes hide special files = Yes veto files = /lost+found/ map archive = No map readonly = No map hidden = No map system = No store dos attributes = Yes strict allocate = yes usershare path = restrict anonymous = 2 [c$] path = /smbshare read only = No From dumpe2fs, these are the filesystem features of the destination PC: Filesystem features: has_journal ext_attr resize_inode dir_index filetype needs_recovery extent flex_bg sparse_super large_file huge_file uninit_bg dir_nlink extra_isize Default mount options:user_xattr acl What do you think? Cesare. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] MMC crashes with rc6
Am 06.12.2012 19:54, schrieb Thomas Simmons: Provision Set acl:search=false Start S4 Boot client login (this is the first time it's seeing S4) Remove acl:search=false + Restart S4 Open MMC = crash Add acl:search=false + Restart S4 Open MMC = works Remove acl:search=false + Restart S4 Open MMC = works Reboot client Open MMC = works This I can't confirm: rc5 Domain: everything is fine migrating to rc6: the mmc I had open the whole time works fine log off/on, open MMC: broken set acl:search=false + restart open mmc : works remove set acl:search=false + restart open mmc : broken again set acl:search=false again + restart open mmc : works Removing the workaround, actually breaks it again. Regards, Marc -- Marc Muehlfeld (IT-Leiter) Zentrum für Humangenetik und Laboratoriumsmedizin Dr. Klein, Dr. Rost und Kollegen Lochhamer Str. 29 - D-82152 Martinsried Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-780 http://www.medizinische-genetik.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba question
Hi. I am not a developer, or IT person, so, I have what is probably a dumb question. I am looking for a way to connect my kindle fire to my company network through vpn. I have established a connection, but am not able to see anything on the network. I had downloaded an app from AntTek that said it connected using Samba/Window technology. The description of their app sounded like it might do what I wanted, but I haven't been able to make it work yet. I thought I would check with you before I spent any more time on it. Thanks for your help Jim Sent from my Kindle Fire HD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0 released - The First Free Software Active Directory Compatible Server is now available !
Very nice work! Congrats to all of the Samba team on achieving such a great milestone! Ricky On Tue, Dec 11, 2012 at 11:32 AM, Jeremy Allison j...@samba.org wrote: Samba Team Releases Samba 4.0 = December 11th 2012. The Samba Team is proud to announce the release of Samba 4.0, a major new release of the award-winning Free Software file, print and authentication server suite for Microsoft Windows clients. The First Free Software Active Directory Compatible Server == As the culmination of ten years' work, the Samba Team has created the first compatible Free Software implementation of Microsoft’s Active Directory protocols. Familiar to all network administrators, the Active Directory protocols are the heart of modern directory service implementations. Samba 4.0 comprises an LDAP directory server, Heimdal Kerberos authentication server, a secure Dynamic DNS server, and implementations of all necessary remote procedure calls for Active Directory. Samba 4.0 provides everything needed to serve as an Active Directory Compatible Domain Controller for all versions of Microsoft Windows clients currently supported by Microsoft, including the recently released Windows 8. The Samba 4.0 Active Directory Compatible Server provides support for features such as Group Policy, Roaming Profiles, Windows Administration tools and integrates with Microsoft Exchange and Free Software compatible services such as OpenChange. The Samba 4.0 Active Directory Compatible Server can also be joined to an existing Microsoft Active Directory domain, and Microsoft Active Directory Domain Controllers can be joined to a Samba 4.0 Active Directory Compatible Server, showing true peer-to-peer interoperability of the Microsoft and Samba implementations of the Active Directory protocols. Acknowledging the value of the interoperability of the Samba 4.0 Active Directory Compatible Server, Steve van Maanen, the co-founder of Starsphere LLC, an IT services company in Tokyo, said: Thanks to Samba4, I have two fully replicating Active Directory Domain controllers that boot in under 10 seconds ! It is nice to have alternatives, and Samba4 is a great one. Upgrade scripts are also provided for organizations using the previous Microsoft Windows NT Domain Controller functionality in Samba 3.x, to allow them to migrate smoothly to Samba 4.0. Suitable for low-power and embedded applications, yet scaling to large clusters, Samba 4.0 is efficient and flexible. Its Python programming interface and administration toolkit help in enterprise deployments. Created Using Microsoft Documentation = The Samba 4.0 Active Directory Compatible Server was created with help from the official protocol documentation published by Microsoft Corporation and the Samba Team would like acknowledge the documentation help and interoperability testing by Microsoft engineers that made our implementation interoperable. Active Directory is a mainstay of enterprise IT environments, and Microsoft is committed to support for interoperability across platforms, said Thomas Pfenning, director of development, Windows Server. We are pleased that the documentation and interoperability labs that Microsoft has provided have been key in the development of the Samba 4.0 Active Directory functionality. Introducing SMB2.1 File Serving Support === Samba 4.0 includes the first Free Software implementation of Microsoft's SMB2.1 file serving protocol. Building on the success of the SMB2.0 server in Samba 3.6, the Samba 4.0 file server component is an evolution of the trusted Samba file serving code that is used worldwide by vendors of file servers, such as IBM's clustered Scale Out Network Attached Storage (SONAS), and many other commercial products. In addition, the Samba 4.0 file server contains an initial implementation of SMB3, which will be further developed in later Samba 4 releases into a fully-featured SMB3 clustered file server implementation. Future developments of our SMB3 server and client suite, in combination with our expanding number of SMB3 tests, will keep driving the performance improvements and improved compatibility with Microsoft Windows that Samba users have come to expect from our software. Integrated Clustered File Server Support Building on our success as the first commercial implementation of a clustered SMB/CIFS server, Samba 4.0 provides industry-leading scalability and performance as a clustered SMB2/SMB/CIFS file server, using our clustered tdb (ctdb) technology - also available as Free Software. Clustered Samba provides a Single Server view of clustered file storage, allowing clients to connect to the least loaded server and still
Re: [Samba] [Announce] Samba 4.0.0 Available for Download!
Congratulations, I look forward to testing samba 4 as having an AD server 2008 (imposed) customers with Debian, I had many difficulties to operate (Luckily it yay Broken Power / Likewise). I will replace the samba 4 AD 2008 now I'd share my feedback. Thank you again! Stéphane On Tue, 11 Dec 2012 18:40:26 +0100, Karolin Seeger ksee...@samba.org wrote: == Nothing is impossible, the word itself says 'I'm possible'! Audrey Hepburn == Release Announcements - This is is the first stable release of Samba 4.0. This release contains the best of all of Samba's technology parts, both a file server (that you can reasonably expect to upgrade existing Samba 3.x releases to) and the AD domain controller work previously known as 'Samba4'. Major enhancements in Samba 4.0.0 include: Active Directory services = Samba 4.0 supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients. Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue. When running an AD DC, you only need to run 'samba' (not smbd/nmbd/winbindd), as the required services are co-coordinated by this master binary. The tool to administer the Active Directory services is called 'samba-tool'. A short guide to setting up Samba 4 as an AD DC can be found on the wiki: http://wiki.samba.org/index.php/Samba4/HOWTO File Services = Samba 4.0.0 ships with two distinct file servers. We now use the file server from the Samba 3.x series 'smbd' for all file serving by default. Samba 4.0 also ships with the 'NTVFS' file server. This file server is what was used prior to the beta2 release of Samba 4.0, and is tuned to match the requirements of an AD domain controller. We continue to support this, not only to provide continuity to installations that have deployed it as part of an AD DC, but also as a running example of the NT-FSA architecture we expect to move smbd to in the longer term. For pure file server work, the binaries users would expect from that series (smbd, nmbd, winbindd, smbpasswd) continue to be available. DNS === As DNS is an integral part of Active Directory, we also provide two DNS solutions, a simple internal DNS server for 'out of the box' configurations and a more elaborate BIND plugin using the BIND DLZ mechanism in versions 9.8 and 9.9. During the provision, you can select which backend to use. With the internal backend, your DNS server is good to go. If you chose the BIND_DLZ backend, a configuration file will be generated for bind to make it use this plugin, as well as a file explaining how to set up bind. NTP === To provide accurate timestamps to Windows clients, we integrate with the NTP project to provide secured NTP replies. To use you need to start ntpd and configure it with the 'restrict ... ms-sntp' and ntpsigndsocket options. Python Scripting Interface == A new scripting interface has been added to Samba 4, allowing Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python. Known Issues - Replication of DNS data from one AD server to another may not work. The DNS data used by the internal DNS server and bind9_dlz is stored in an application partition in our directory. The replication of this partition is not yet reliable. - Replication may fail on FreeBSD due to getaddrinfo() rejecting names containing _. A workaround will be in a future release. - samba_upgradeprovision should not be run when upgrading to this release from a recent release. No important database format changes have been made since alpha16. - Installation on systems without a system iconv (and developer headers at compile time) is known to cause errors when dealing with non-ASCII characters. - Domain member support in the 'samba' binary is in its infancy, and is not comparable to the support found in winbindd. As such, do not use the 'samba' binary (provided for the AD server) on a member server. - There is no NetBIOS browsing support (network neighbourhood) available for the AD domain controller. (Support in nmbd and smbd for classic domains and member/standalone servers is unchanged). - Clock
[Samba] samba compatibility with ms server 2012
Hello, We are currently running windows server 2008 r2 and map CIFS shares via SLES 10 sp3 and samba 3.5.4. Shortly we will be upgrading to MS server 2012 and would like to know which samba version we would need to be compatible with MS server 2012 ? Thanks, Dave Mahder -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DNS Replication
I created a test domain on a Samba 4.0.0 machine, and added a Server 2008 R2 server. I joined it as a domain controller and DNS server. I've noticed that records that I create on one server aren't being replicated to the other. I experienced this with some of the Betas and Release Candidates too, but I thought it was fixed. Why isn't DNS replication working? Thanks Samba team -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] logon Samba workstation domain with Active Directory trustdom account issue
Hello samba list, I'm close to be able to make this work but I just need a bit help. Here is the situation: - Windows 2008 R2 x64 Domain Controller: domain ES01 - Samba 3.4.3 Domain Controller:domain ES02 - Windows Seven Workstation (SSO4): on domain ES02 - Window Xp Workstation (SSO2): on domain ES01 We put a both side trust relationship and seems to work regarding command net rpc trustdom list. *[root@localhost ~]# net rpc trustdom list* *Enter root's password:* *Trusted domains list:* * * *ES01S-1-5-21-1816646249-803782145-3669927669* * * *Trusting domains list:* * * *ES01S-1-5-21-1816646249-803782145-3669927669* Now, here is the issue: We can logon domain ES01 with Windows account from Windows Xp Workstation (normal use) We can logon domain ES01 with Samba account from Windows Xp Workstation (that's outgoing trust relationship's work) We can logon domain ES02 with samba account (pretty normal use) *We CAN'T logon domain ES02 with Windows Account (and unfortunatly, that's what we need to go further)* I join you all my configuration files and SS4 workstation log while I try to log with tata account from ES01 windows domain. As you can see in smb.conf, we tried some custom tricks to make winbind working... Hope you will give us a fresh idea that we didn't think about. Regards, Romain -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind - samba4
Hello Clodonil, I just got to this point in my testing. Be sure you link the files to /lib64 if you are running a 64 bit version of CentOS. I was having the same problem and realized the files needed to go in /lib64. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - Windows 200x DNS Migration
Windows 200x AD DC's do not require that the DNS master is on a WIn 2003 AD server. You need a BIND9 compatible server with dynamic updates preferably enabled. If dynamic updates are not enabled then when a Windows machine joins the DC it will dump out DNS records that need to be added to the DNS master. As long as the Samba4 DNS server support dynamic updates it should work fine for supporting other domains. On 12/13/12 13:56, Adam Tauno Williams wrote: Has anyone been able to migrate DNS from a Samba4 DC to a Windows 200x server? I've looked around the wiki, etc... and haven't found any pertaining to moving DNS between platforms. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba DC and DNS DLZ ? [was: Samba4 - Windows 200x DNS Migration]
I'm sorry to jump in the middle, just had some work given to me and I'm looking at docs and clearly in need of a primmer, that perhaps you can point me to. What I was told was that we need to use the samba 4 backend DNS or enable DLZ, dynamically loaded zones, in our DNS server. I haven't yet run across anything that says that the Samba server used as a domain controller, will dynamically generate new DNS records (but its a believable issue), which would make the case for dynamic DNS. But I can't seem to find a reason why dynamically loaded zones would be useful, particularly if the samba server is on a different platform than the DNS server, and I presume unable to affect the data repository that would be dynamically loaded (I guess client/server SQL, but I haven't found any such reference). Will a samba DC generate new content for DNS? Assuming that the data created by the SAMBA dc is available to DNS, I could see the need to reload the zone, or have the records load dynamically, and I guess DLZ will do that. Is that what we are looking to achieve? thanks, and sorry, will change the subjecton the thread, don't want to hijack it. On Thu, Dec 13, 2012 at 03:58:21PM -0500, Gaiseric Vandal wrote: Windows 200x AD DC's do not require that the DNS master is on a WIn 2003 AD server. You need a BIND9 compatible server with dynamic updates preferably enabled. If dynamic updates are not enabled then when a Windows machine joins the DC it will dump out DNS records that need to be added to the DNS master. As long as the Samba4 DNS server support dynamic updates it should work fine for supporting other domains. On 12/13/12 13:56, Adam Tauno Williams wrote: Has anyone been able to migrate DNS from a Samba4 DC to a Windows 200x server? I've looked around the wiki, etc... and haven't found any pertaining to moving DNS between platforms. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba --- Brian R Cuttler brian.cutt...@wadsworth.org Computer Systems Support(v) 518 486-1697 Wadsworth Center(f) 518 473-6384 NYS Department of HealthHelp Desk 518 473-0773 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Proper way to upgrade from rc1?
Running the dbcheck command suggested in the release notes might also be a good idea, but we haven't intentionally made changes that would hit. No errors found so it was not neccessery. A late change turned on read ACL enforcement, but your directory won't have the correct ACLs set, so you can set 'acl:search=false' to return to rc5 behaviour here, until we provide an upgrade script. (This seems to hit joining windows DCs to the domain in particular). I added it to globals in smb.conf but could you explain why is it required and what it does? I upgraded through ssh remotely from home, after talking on phnoe with one user at work it seems to work (login and GPO computer config). Toomorow will know if roaming profiles and logon scripts works ok. Hope that DNS will work now without problem (dynamic updates) and will not have to restart samba every night becouse internal DNS gets stuck after few days of heavy load. Szymon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind - samba4
Hello Thomas, That was it. I made a link in / lib64 and resolved. Clodonil 2012/12/13 Thomas Simmons twsn...@gmail.com I just got to this point in my testing. Be sure you link the files to /lib64 if you are running a 64 bit version of CentOS. I was having the same problem and realized the files needed to go in /lib64. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Proper way to upgrade from rc1?
On Thu, 2012-12-13 at 23:03 +0100, Szymon Życiński wrote: Running the dbcheck command suggested in the release notes might also be a good idea, but we haven't intentionally made changes that would hit. No errors found so it was not neccessery. A late change turned on read ACL enforcement, but your directory won't have the correct ACLs set, so you can set 'acl:search=false' to return to rc5 behaviour here, until we provide an upgrade script. (This seems to hit joining windows DCs to the domain in particular). I added it to globals in smb.conf but could you explain why is it required and what it does? With that option ('acl:search=false'), we have the same behaviour that we have before rc6, that is that all users can read all non-password attributes. The only other change is that attributes explicitly marked as 'confidential' are also protected from reading by normal users (this, also in rc6, is always done now). The new default is to apply the ntSecurityDescriptor to all reads (as well as writes, which we have done for some time). This may well have some unexpected consequences, particularly if the directory is an upgrade, not a fresh provision. I upgraded through ssh remotely from home, after talking on phnoe with one user at work it seems to work (login and GPO computer config). Toomorow will know if roaming profiles and logon scripts works ok. Hope that DNS will work now without problem (dynamic updates) and will not have to restart samba every night becouse internal DNS gets stuck after few days of heavy load. Do let us know if you have any remaining issues. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Migrate to samba 4 in ( relatively ) complex openLDAP environment
Hello, we, a public hospital, would like to migrate to samba4 from our samba3.x environment. According to the documentation samba4 does use a internal ldap server. We use openLDAP as directory for samba horde Oracle name resolution zope user authentication, Checkpoint Firewall authentication (only few users ), squid proxy authentication, logon authentication to our linux servers, logon authentication to our enterasys switches via freeradius The objectClasses we need are objectClass: account objectClass: dcObject objectClass: device objectClass: domain objectClass: groupOfNames objectClass: hordePerson objectClass: hostObject objectClass: inetOrgPerson objectClass: ipHost objectClass: ipNetwork objectClass: orclNetService objectClass: orcluser objectClass: organizationalPerson objectClass: organizationalUnit objectClass: person objectClass: posixAccount objectClass: posixGroup objectClass: radiusprofile objectClass: sambaDomain objectClass: sambaGroupMapping objectClass: sambaSamAccount objectClass: sambaTrustedDomainPassword objectClass: sambaUnixIdPool objectClass: shadowAccount objectClass: SuSEeMailObject objectClass: top that are defined int this schema files /etc/openldap/schema/core.schema /etc/openldap/schema/cosine.schema /etc/openldap/schema/freeradius.schema /etc/openldap/schema/inetorgperson.schema /etc/openldap/schema/horde.schema /etc/openldap/schema/nis.schema /etc/openldap/schema/oracle.schema /etc/openldap/schema/oracle-neu.schema /etc/openldap/schema/suse.schema /etc/openldap/schema/samba.schema /etc/openldap/schema/yast.schema Below the attributes I got exporting to ldif and awk | sort -u We have one master and two replicas ( one direction replication ) Is it possible to implement this with samba4 ? Thanks Andreas Attributes alias c cn dc departmentNumber description displayName dn employeeNumber employeeType facsimileTelephoneNumber gecos gidNumber givenName groupMemberShip homeDirectory homePhone host imapPort imapServer initials ipHostNumber ipNetmaskNumber ipNetworkNumber l labeledURI loginShell mail mailDomain mailenabled member memberUid mobile o objectClass orclnetdescstring orclpassword ou pager postalCode preferredLanguage radiusFilterId radiusTunnelMediumType radiusTunnelPrivateGroupId radiusTunnelType sambaAcctFlags sambaAlgorithmicRidBase sambaClearTextPassword sambaDomainName sambaForceLogoff sambaGroupType sambaHomeDrive sambaKickoffTime sambaLMPassword sambaLockoutDuration
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-12-13-1529/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-12-13-1529/samba3.stderr http://git.samba.org/autobuild.flakey/2012-12-13-1529/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-12-13-1529/samba.stderr http://git.samba.org/autobuild.flakey/2012-12-13-1529/samba.stdout The top commit at the time of the failure was: commit 229d934d2fb653e02b38d242bf01f199434cd1f3 Author: Andreas Schneider a...@samba.org Date: Thu Dec 6 14:45:24 2012 +0100 s4-libnet: Fix setting the group handle and return codes. Found by Coverity. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Günther Deschner g...@samba.org Autobuild-User(master): Günther Deschner g...@samba.org Autobuild-Date(master): Thu Dec 13 01:01:14 CET 2012 on sn-devel-104
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-12-14-0731/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-12-14-0731/samba3.stderr http://git.samba.org/autobuild.flakey/2012-12-14-0731/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-12-14-0731/samba.stderr http://git.samba.org/autobuild.flakey/2012-12-14-0731/samba.stdout The top commit at the time of the failure was: commit 229d934d2fb653e02b38d242bf01f199434cd1f3 Author: Andreas Schneider a...@samba.org Date: Thu Dec 6 14:45:24 2012 +0100 s4-libnet: Fix setting the group handle and return codes. Found by Coverity. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Günther Deschner g...@samba.org Autobuild-User(master): Günther Deschner g...@samba.org Autobuild-Date(master): Thu Dec 13 01:01:14 CET 2012 on sn-devel-104