[Samba] Change groupsid AD
Hi, I'm running Samba4 now for a couple of weeks, I'm currently stuck at the following problem: how do I change the AD groupsid? And this without the use of SUA in windows. For instance I have the group NiagaraUsers (S-1-5-21-1512407341-4132623508-1653607534-1001) with groupsid 10020. I just want to know how I can change this to 7002 for example. Best Regards Tim Vangehugten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Sudden authentication failures, hex dumps in log.samba
In a leap of faith, I decided to relax the iptables rules on our Samba DC (4.0.5) on Wednesday, permitting some of our production clients to actually authenticate against it (in addition to our W2k3R2 DC). After all, there are no replication errors and no errors either in log.samba or Windows event log, so things _should've_ been generally working, and various test clients also have had no problems. To limit the fallout of potential failures I chose to do this on the eve of the Ascension Day (a public holiday where I live), knowing that almost all people would be off work on the following day, and that many people would also be having an extra day off today. Alas, things didn't go entirely smoothly. One person, who had came to work on Thursday afternoon despite the holiday, complained to me that he was having login problems (wrong username or password) and that only after first (successfully) logging on to a different workstation he, on a second attempt, managed to log on to his normal workstation. He also said that these problems had been repeated this morning. Given this information, I investigated log.samba and found the following: [2013/05/09 12:39:57, 0] ../lib/util/util.c:457(dump_data) [] 00 00 00 00 62 00 00 00 00 00 00 00 20 00 20 00 b... . . [0010] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00. . . . . . . . [0020] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00. . . . . . . . [0030] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00. . . . . . . . [0040] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00. . . . . . . . [0050] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00. . . . . . . . [0060] 20 00 20 00 20 00 20 00 20 00 20 00 50 00 00 . . . . . .P.. That hexdump with exactly the same contents was repeated 10 times yesterday afternoon and another 31 times this morning. The times of the dumps roughly matched the times of the logon failures. Question: how much more verbosity for log.samba would be needed to further investigate this problem? I'd rather not log everything with -d10 for extended periods of time, because I really can't know how long it will take for the problem to reappear. I've now increased logging from the default level to -d3. I also wish to turn on Kerberos logging in Samba so that I could have something akin to Windows's security log and see all successful and failed login attempts. Can this be achieved by normal krb5 logging settings in krb5.conf (as described on man 3 krb5_openlog)? Any recommended logging settings? Pekka L.J. Jalkanen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 - windows 7+ partially synchronized roaming profile
Hi, I had searched long for the problem of only partially sync'd profiles on Windows 7/8 . Windows XP has worked fine. There was always the error Your roaming profile is not synchronized correctly with the server. You have been logged in with a partially synchronized profile. The application protocol of windows told me that the file \\leela$NOCSC$\profiles$\tn.V2\ntuser.ini can't be copied to C:\Users\tn\ntuser.ini and Details - The System can't find the given file. Testparam don't show any misconfiguration. But the problem was the parameter wide links = Yes in combination with unix extensions = No in the [global] section. Now I put wide links = Yes only in that sections where this parameter is needed so that my section [profiles$] are not affected by wide links anymore and everything works fine now. But what do wide links = Yes with the [profiles$] section that windows 7 profiles can't be loaded anymore? Does anybody know? Smb.conf # Global parameters [global] workgroup = FUTURAMA realm = futurama.loc netbios name = LEELA server role = active directory domain controller idmap_ldb:use rfc2307 = yes server services = -dns dns forwarder = 172.16.16.254 server string = map archive = No map hidden = No map readonly = No winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nested groups = Yes winbind separator = + template shell = /bin/bash unix extensions = No veto files = /.recycle/ panic action = /usr/bin/screen -d -m /usr/share/nolteinfosysteme/scripts/tsamba4restart.sh [netlogon] path = /opt/samba/var/locks/sysvol/futurama.loc/scripts read only = No [sysvol] path = /opt/samba/var/locks/sysvol read only = No [prog$] comment = Programme path = /opt/samba/var/shares/prog create mask = 0775 force create mode = 0775 directory mask = 2775 force directory mode = 2775 read only = no wide links = Yes browseable = no [...] [profiles$] profile acls = yes comment = Profile path = /opt/samba/var/shares/profiles create mask = 0770 force create mode = 0770 directory mask = 2770 force directory mode = 2770 read only = no browseable = no Regards Thomas Nolte -- Nolte Infosysteme, Im Sikfeld 8, 38304 Wolfenbuettel Tel 05331-946210, Fax 05331-946211, Handy 0170-5508198 Computer, Netzwerk, Kommunikation www.nisx.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SSL certificate in SAMBA4 LDAP?
Today I have looked again at the SSL certs from samba and I got them to work with intermediate certificates. If you want to do this you need to have to following: IntermediateCA.crt Yourdomain.crt Yourdomain.key and last your Global Root CA.pem (Mine intermediate CA is Alphassl so this was GlobalSign_root_CA.pem) Now copy your IntermediateCA.crt to /usr/local/samba/private/tls/ca.pem and Yourdomain.key to /usr/local/samba/private/tls/key.pem The part where it went wrong at first time was the cert.pem but to make it work you have to do the following, create the file /usr/local/samba/private/tls/cert.pem and put at the beginning of the file the certificate from Yourdomain.crt followed by the certificate in the file IntermediateCA.crt and behind this you have to put your rootCA.pem and then save the file. Your cert.pem will look like the following: -BEGIN CERTIFICATE- Certificate of Yourdomain.crt -END CERTIFICATE- -BEGIN CERTIFICATE- Certificate of IntermediateCA.crt -END CERTIFICATE- -BEGIN CERTIFICATE- Certificate of RootCA.crt in mine case this was GlobalSign_root_CA.pem -END CERTIFICATE- Restart samba and you now have your ldap running with a verified intermediate certificate. Best Regards Tim Vangehugten 2013/4/27 Michael Wood esiot...@gmail.com On 27 April 2013 10:02, Tim Vangehugten timvangehug...@gmail.com wrote: I already put them into /usr/local/samba/private/tls and samba had read them I just get the error that my CA is untrusted though I got my certificate signed by an intermediate CA. So probably it's somewhere my fault and not related to samba :) OK, not sure how it works with intermediate CAs. Maybe you need to have both root and intermediate CA certs in ca.pem, but I haven't tried it. 2013/4/26 Michael Wood esiot...@gmail.com On 25 April 2013 15:38, Tim Vangehugten timvangehug...@gmail.com wrote: Hello, Is it possible to load my signed certificate into samba4 ldap so the samba4 ldap would use it if a client connects to it? And if so, could someone provide me with the details on howto do this or point me in the right direction? Yes. Make sure you have the GnuTLS development libraries installed before compiling Samba. Then put your CA cert, cert and key in /usr/local/samba/private/tls. They should be named ca.pem, cert.pem and key.pem. I think you'll also need a DH params file. -- Michael Wood esiot...@gmail.com -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Sudden authentication failures, hex dumps in log.samba
On 10.5.2013 14:04, Pekka L.J. Jalkanen wrote: Question: how much more verbosity for log.samba would be needed to further investigate this problem? I'd rather not log everything with -d10 for extended periods of time, because I really can't know how long it will take for the problem to reappear. I've now increased logging from the default level to -d3. -d3 logging pays off: [2013/05/10 14:31:05, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: TGS-REQ someu...@mydomain.site from ipv4:10.10.59.151:4736 for cifs/w2k3r2dc.mydomain.s...@mydomain.site [renewable, forwardable] [2013/05/10 14:31:06, 1] ../librpc/ndr/ndr.c:412(ndr_pull_error) ndr_pull_error(11): Pull bytes 2 (../librpc/ndr/ndr_basic.c:103) [2013/05/10 14:31:06, 0] ../lib/util/util.c:457(dump_data) [] 00 00 00 00 62 00 00 00 00 00 00 00 20 00 20 00 b... . . [0010] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00. . . . . . . . [0020] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00. . . . . . . . [0030] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00. . . . . . . . [0040] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00. . . . . . . . [0050] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00. . . . . . . . [0060] 20 00 20 00 20 00 20 00 20 00 20 00 50 00 00 . . . . . .P.. [2013/05/10 14:31:06, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Client no longer in database: someu...@mydomain.site [2013/05/10 14:31:06, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Failed building TGS-REP to ipv4:10.10.59.151:4736 [2013/05/10 14:31:06, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: TGS-REQ someu...@mydomain.site from ipv4:10.10.59.151:4737 for cifs/w2k3r2dc.mydomain.s...@mydomain.site [renewable, forwardable] [2013/05/10 14:31:06, 1] ../librpc/ndr/ndr.c:412(ndr_pull_error) ndr_pull_error(11): Pull bytes 2 (../librpc/ndr/ndr_basic.c:103) [2013/05/10 14:31:06, 0] ../lib/util/util.c:457(dump_data) [] 00 00 00 00 62 00 00 00 00 00 00 00 20 00 20 00 b... . . [0010] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00. . . . . . . . [0020] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00. . . . . . . . [0030] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00. . . . . . . . [0040] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00. . . . . . . . [0050] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00. . . . . . . . [0060] 20 00 20 00 20 00 20 00 20 00 20 00 50 00 00 . . . . . .P.. [2013/05/10 14:31:06, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Client no longer in database: someu...@mydomain.site [2013/05/10 14:31:06, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Failed building TGS-REP to ipv4:10.10.59.151:4737 [2013/05/10 14:31:20, 3] ../source4/dsdb/repl/drepl_service.c:202(_drepl_schedule_replication) Client is Windows XP. I've yet to see this problem on newer clients... this and the other one that previously failed are the last two XP clients here that still remain in heavy production use. What is also common with this client and the other that previously failed is that they both have once been migrated from a different domain (that no longer exists) using MS ADMT. This also applies to the users' accounts that were used. Don't know if that really matters, but just for the record. Any ideas how to resolve this problem? Pekka L.J. Jalkanen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Why am i getting Transport endpoint is not connected
Hi, I got no replies to my last post win 7 client can't map drive: getpeername failed Anyway I've dug a little deeper on the server side by setting log level 10 and found the error: Transport endpoint is not connected Basically I compared the logs (several thousand lines!) from two windows 7 clients, one of which always works (the good client) and one which always fails (the bad client) On each client I ran net view \\saturn The logs are virtually identical up to the bad client error The only differences are: the bad client requests two additional protocols: [SMB 2.002] and [SMB 2.???]. But then both client log files say Selected protocol NT LM 0.12 anyway Both clients call set_remote_arch: Client arch is 'Win2K' at the same point in the logs But later on the good client calls set_remote_arch: Client arch is 'Vista' This does happen on the bad client but much later in the logs Thats it, everything else is idetical up until the error! On the good client we continue with read_smb_length_return_keepalive but on the bad client we see a read_fd_with_timeout Bad Client -- [2013/05/10 12:35:54.185760, 3] smbd/reply.c:846(reply_tcon_and_X) tconX service=IPC$ [2013/05/10 12:35:54.186151, 0] lib/util_sock.c:474(read_fd_with_timeout) [2013/05/10 12:35:54.186216, 0] lib/util_sock.c:1440(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2013/05/10 12:35:54.186259, 10] smbd/process.c:291(receive_smb_raw_talloc) receive_smb_raw: NT_STATUS_CONNECTION_RESET Good Client --- [2013/05/10 12:35:43.755239, 3] smbd/reply.c:846(reply_tcon_and_X) tconX service=IPC$ [2013/05/10 12:35:43.755642, 10] lib/util_sock.c:730(read_smb_length_return_keepalive) got smb length of 100 Does anyone have any ideas how I can resolve this or thoughts on how to investigate further? Does the NT_STATUS_CONNECTION_RESET mean the bad client is disconnecting ? But why ? Please guys you are my last hope of getting to the bottom of this :( Thanks Ed -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] win 7 client can't map drive: getpeername failed
I think the Error was Transport endpoint is not connected warnings are sometimes misleading. Do you have any control over the samba config (smb.conf) on the NAS ?On regular samba installs, changing the default port settings can cause more problems. Windows 7 will try to connect on port 445 (SMB or CIFS over tcp/ip), and will then reconnect to ports 137/138/139 (SMB over netbios over tcp/ip) since samba 3.x doesn't handle the newer SMB-over-tcp/ip. Disabling 445 on the server seems to cause more problems than it solves. Are you able to connect via IP ? e.g net use \\qnap_ip\share ? I had problems in the past when I disabled port 445 on samba servers. Remote users (no netbios broadcasts permitted) could connect via IP but not via name. For the name only connections, packet monitoring would show packets getting thru the the server but the exchange between client and server not being completed. For clients connecting via IP, the client would send packets to server, server respond, and then clients responded. On 05/07/13 03:53, Ed Strong wrote: Hi, I'm re-posting this (with some more info) as I don't think the original got through as I wasn't signed up to the samba list. this is my first foray in samba (and newsgroups) so go easy :) I've started reading the o'reilly samba book but finding it hard going. Anyway I'm trying to map a network drive from a windows 7 pro client to a QNAP NAS with the command: net use s: \\qnap\share I've posted on several forums and got good advice but the problem remains. Rather than repost all the detail, please see my original posts: http://forum.qnap.com/viewtopic.php?f=185t=74639 http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/11d35b0c-ac95-489f-b5d1-0486b9774603 http://www.edugeek.net/forums/windows-7/112309-map-network-drive-nas-but-get-error-64-58-a.html I've managed to ssh onto the QNAP via putty and found this in the logs (getpeername failed) [/var/log] # pwd /var/log [/var/log] # tail -f log.smbd [2013/05/01 09:36:17.135999, 0] lib/util_sock.c:474(read_fd_ with_timeout) [2013/05/01 09:36:17.136096, 0] lib/util_sock.c:1440(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2013/05/01 09:36:17.137700, 1] smbd/server.c:299(remove_child_pid) Scheduled cleanup of brl and lock database after unclean shutdown [2013/05/01 09:36:17.178522, 1] smbd/service.c:1073(make_connection_snum) 172.24.120.139 (172.24.120.139) connect to service Staff initially as user DOMAIN+admin (uid=10001423, gid=1514) (pid 25771) [2013/05/01 09:36:17.179093, 0] lib/util_sock.c:474(read_fd_with_timeout) [2013/05/01 09:36:17.179173, 0] lib/util_sock.c:1440(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2013/05/01 09:36:17.179289, 1] smbd/service.c:1254(close_cnum) 172.24.120.139 (172.24.120.139) closed connection to service Staff [2013/05/01 09:36:37.142714, 1] smbd/server.c:272(cleanup_timeout_fn) Cleaning up brl and lock database after unclean shutdown The QNAP's samba version appears to be 3.5.2: [/var/log] # ps -ef | grep smb 4016 admin 3104 S /usr/local/samba/sbin/winbindd -s /etc/config/smb.conf 4017 admin 3728 S /usr/local/samba/sbin/winbindd -s /etc/config/smb.conf 4366 admin 1840 S /usr/local/samba/sbin/winbindd -s /etc/config/smb.conf 4877 admin 3300 S /usr/local/samba/sbin/winbindd -s /etc/config/smb.conf 4902 admin 3952 S /usr/local/samba/sbin/winbindd -s /etc/config/smb.conf 4978 admin 4132 S /usr/local/samba/sbin/smbd -l /var/log -D -s /etc/config/smb.conf 4979 admin 3356 S /usr/local/samba/sbin/winbindd -s /etc/config/smb.conf 4980 admin 1224 S /usr/local/samba/sbin/winbindd -s /etc/config/smb.conf 4995 admin 1016 S /usr/local/samba/sbin/smbd -l /var/log -D -s /etc/config/smb.conf 5063 admin 2068 S /usr/local/samba/sbin/winbindd -s /etc/config/smb.conf 9509 admin 1664 S /usr/local/samba/sbin/nmbd -l /var/log -D -s /etc/config/smb.conf 25540 admin 544 S grep smb [/var/log] # /usr/local/samba/sbin/smbd -V Version 3.5.2 I've also installed MS network monitor on two clients and did a capture whilst running the command net use s:\ \\saturn\staff I've posted three screenshots here: https://plus.google.com/photos/108734482620454690509/albums/5875135861918839393?authkey=CJ3lwKu2xJqMyQE Basically, Worked.png shows the SMB frames on a PC where the net use command worked and Failed.png shows the SMB frames on a PC where the net use command did not work It looks to me like the first 6 SMB frames are identical. Then things start to change On the working client we continue with frame 10113 which is a Dfsc: Get DFS Referral Request but
[Samba] samba4 with glusterfs
Hi Sambalist, maybe someone with some glusterfs experience can help me. I have a running samba4 installation here. Now i tried to get glusterfs configured so I can use glusterfs as an additional storagesystem. The setup of glusterfs worked pretty easy. I tried multiple configurations with up to 4 virtual machines (Virtual Box). The bricks are xfs-filesystems. Mounting glusterfs (mount -t glusterfs gluster01:/volume1 /samba/glusterfs -o acl) is working as well, but I have a strange error. Trying to set the rights on that share /samba/glusterfs from windows is not possible. Gluster tells me following: [2013-05-10 15:43:43.508988] E [posix.c:2583:posix_getxattr] 0-dfsvol01-posix: getxattr failed on /export/brick1/: user.DOSATTRIB (No data available) another error: [2013-05-10 15:49:54.998621] E [posix.c:2583:posix_getxattr] 0-dfsvol01-posix: getxattr failed on /export/brick1/: system.posix_acl_access (No data available) [2013-05-10 15:49:55.028892] E [marker.c:2136:marker_removexattr_cbk] 0-dfsvol01-marker: No data available occurred while creating symlinks [2013-05-10 15:49:55.028952] I [server3_1-fops.c:738:server_removexattr_cbk] 0-dfsvol01-server: 127: REMOVEXATTR / (----0001) == -1 (No data available) And it's right, there is no data in there... samba wants to write it... I did a (in my opinion identical) setup on 2 virtualbox machines before. There everything is working fine. Trying to set xattrs in shell works fine, it works on the bricks (xfs) and on the mounted glusterfs-volume (mount -t glusterfs ... -o acl ... or without -o acl, doesnt matter). It works perfect, no errors in logfile nothing. just setfattr -n user.test -v test file.txt and thing is done... Prequesites for samba should be given in that case System: Debian Wheezy Brick fs: xfs (mounted with defaults) gluster version: 3.3.1 gluster replica 2 (2 nodes) Has someone any idea whats missing? Kind regards Uli -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 with glusterfs
have you tried mounting with user_xattr in addition to acl? I had to do that when I was using glusterfs for sysvol replication On Sat, May 11, 2013 at 12:00 AM, Ulrich Schinz u...@schinz.de wrote: Hi Sambalist, maybe someone with some glusterfs experience can help me. I have a running samba4 installation here. Now i tried to get glusterfs configured so I can use glusterfs as an additional storagesystem. The setup of glusterfs worked pretty easy. I tried multiple configurations with up to 4 virtual machines (Virtual Box). The bricks are xfs-filesystems. Mounting glusterfs (mount -t glusterfs gluster01:/volume1 /samba/glusterfs -o acl) is working as well, but I have a strange error. Trying to set the rights on that share /samba/glusterfs from windows is not possible. Gluster tells me following: [2013-05-10 15:43:43.508988] E [posix.c:2583:posix_getxattr] 0-dfsvol01-posix: getxattr failed on /export/brick1/: user.DOSATTRIB (No data available) another error: [2013-05-10 15:49:54.998621] E [posix.c:2583:posix_getxattr] 0-dfsvol01-posix: getxattr failed on /export/brick1/: system.posix_acl_access (No data available) [2013-05-10 15:49:55.028892] E [marker.c:2136:marker_**removexattr_cbk] 0-dfsvol01-marker: No data available occurred while creating symlinks [2013-05-10 15:49:55.028952] I [server3_1-fops.c:738:server_**removexattr_cbk] 0-dfsvol01-server: 127: REMOVEXATTR / (----**0001) == -1 (No data available) And it's right, there is no data in there... samba wants to write it... I did a (in my opinion identical) setup on 2 virtualbox machines before. There everything is working fine. Trying to set xattrs in shell works fine, it works on the bricks (xfs) and on the mounted glusterfs-volume (mount -t glusterfs ... -o acl ... or without -o acl, doesnt matter). It works perfect, no errors in logfile nothing. just setfattr -n user.test -v test file.txt and thing is done... Prequesites for samba should be given in that case System: Debian Wheezy Brick fs: xfs (mounted with defaults) gluster version: 3.3.1 gluster replica 2 (2 nodes) Has someone any idea whats missing? Kind regards Uli -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] win 7 client can't map drive: getpeername failed
Hi, Thanks for the info, I'm replying to you in gmail to samba@lists.samba.org, hope that is correct ? Yes I can edit the config file on the NAS Looking at the network packets all communication to NAS seems to be on port microsoft-ds (445) I can't see any traffic on ports 137/138/139 If i use the IP I get exactly the same error :( On 10 May 2013 15:01, Gaiseric Vandal gaiseric.van...@gmail.com wrote: I think the Error was Transport endpoint is not connected warnings are sometimes misleading. Do you have any control over the samba config (smb.conf) on the NAS ?On regular samba installs, changing the default port settings can cause more problems. Windows 7 will try to connect on port 445 (SMB or CIFS over tcp/ip), and will then reconnect to ports 137/138/139 (SMB over netbios over tcp/ip) since samba 3.x doesn't handle the newer SMB-over-tcp/ip. Disabling 445 on the server seems to cause more problems than it solves. Are you able to connect via IP ? e.g net use \\qnap_ip\share ? I had problems in the past when I disabled port 445 on samba servers. Remote users (no netbios broadcasts permitted) could connect via IP but not via name. For the name only connections, packet monitoring would show packets getting thru the the server but the exchange between client and server not being completed. For clients connecting via IP, the client would send packets to server, server respond, and then clients responded. On 05/07/13 03:53, Ed Strong wrote: Hi, I'm re-posting this (with some more info) as I don't think the original got through as I wasn't signed up to the samba list. this is my first foray in samba (and newsgroups) so go easy :) I've started reading the o'reilly samba book but finding it hard going. Anyway I'm trying to map a network drive from a windows 7 pro client to a QNAP NAS with the command: net use s: \\qnap\share I've posted on several forums and got good advice but the problem remains. Rather than repost all the detail, please see my original posts: http://forum.qnap.com/**viewtopic.php?f=185t=74639http://forum.qnap.com/viewtopic.php?f=185t=74639 http://social.technet.**microsoft.com/Forums/en-US/** winservergen/thread/11d35b0c-**ac95-489f-b5d1-0486b9774603http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/11d35b0c-ac95-489f-b5d1-0486b9774603 http://www.edugeek.net/forums/**windows-7/112309-map-network-** drive-nas-but-get-error-64-58-**a.htmlhttp://www.edugeek.net/forums/windows-7/112309-map-network-drive-nas-but-get-error-64-58-a.html I've managed to ssh onto the QNAP via putty and found this in the logs (getpeername failed) [/var/log] # pwd /var/log [/var/log] # tail -f log.smbd [2013/05/01 09:36:17.135999, 0] lib/util_sock.c:474(read_fd_ with_timeout) [2013/05/01 09:36:17.136096, 0] lib/util_sock.c:1440(get_peer_**addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2013/05/01 09:36:17.137700, 1] smbd/server.c:299(remove_**child_pid) Scheduled cleanup of brl and lock database after unclean shutdown [2013/05/01 09:36:17.178522, 1] smbd/service.c:1073(make_** connection_snum) 172.24.120.139 (172.24.120.139) connect to service Staff initially as user DOMAIN+admin (uid=10001423, gid=1514) (pid 25771) [2013/05/01 09:36:17.179093, 0] lib/util_sock.c:474(read_fd_** with_timeout) [2013/05/01 09:36:17.179173, 0] lib/util_sock.c:1440(get_peer_**addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2013/05/01 09:36:17.179289, 1] smbd/service.c:1254(close_**cnum) 172.24.120.139 (172.24.120.139) closed connection to service Staff [2013/05/01 09:36:37.142714, 1] smbd/server.c:272(cleanup_**timeout_fn) Cleaning up brl and lock database after unclean shutdown The QNAP's samba version appears to be 3.5.2: [/var/log] # ps -ef | grep smb 4016 admin 3104 S /usr/local/samba/sbin/winbindd -s /etc/config/smb.conf 4017 admin 3728 S /usr/local/samba/sbin/winbindd -s /etc/config/smb.conf 4366 admin 1840 S /usr/local/samba/sbin/winbindd -s /etc/config/smb.conf 4877 admin 3300 S /usr/local/samba/sbin/winbindd -s /etc/config/smb.conf 4902 admin 3952 S /usr/local/samba/sbin/winbindd -s /etc/config/smb.conf 4978 admin 4132 S /usr/local/samba/sbin/smbd -l /var/log -D -s /etc/config/smb.conf 4979 admin 3356 S /usr/local/samba/sbin/winbindd -s /etc/config/smb.conf 4980 admin 1224 S /usr/local/samba/sbin/winbindd -s /etc/config/smb.conf 4995 admin 1016 S /usr/local/samba/sbin/smbd -l /var/log -D -s /etc/config/smb.conf 5063 admin 2068 S /usr/local/samba/sbin/winbindd -s /etc/config/smb.conf 9509 admin 1664 S /usr/local/samba/sbin/nmbd
Re: [Samba] samba4 with glusterfs
Am 10.05.2013 16:15, schrieb Hisham Attar: have you tried mounting with user_xattr in addition to acl? I had to do that when I was using glusterfs for sysvol replication As far as i know xfs is mounted with user_xattr, isn't it? So the bricks should work well... And for glusterfs there is only the option acl, not user_xattr option... or am I wrong? kind regards uli -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 with glusterfs
you can mount glusterfs with user_xattr, I had to do that otherwise I couldnt rsync extended attributes to the mount point On Sat, May 11, 2013 at 1:00 AM, Ulrich Schinz u...@schinz.de wrote: Am 10.05.2013 16:15, schrieb Hisham Attar: have you tried mounting with user_xattr in addition to acl? I had to do that when I was using glusterfs for sysvol replication As far as i know xfs is mounted with user_xattr, isn't it? So the bricks should work well... And for glusterfs there is only the option acl, not user_xattr option... or am I wrong? kind regards uli -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] win 7 client can't map drive: getpeername failed
Are XP clients having the same problem? Trying with an XP client would help indicate if there was something specific to XP.(I skipped vista.) Can you check in smb.conf - is the server a member server, AD member server, standalone server, or domain controller. - Are ports explicitly defined - how is name resolution configured? - is NTLMv2 required (I couldn't get NTLMv2 support working.) Domain membership shouldn't matter at this point since you aren't even getting to the authentication phase. Can you telnet port 139 to make sure it is open? Do you have a WINS server defined?If so make sure client and NAS are using the same WINS server.Is your NAS configured to use a DNS server? Do you have a reverse lookup zone defined in DNS?the NAS maybe trying to do a reverse lookup on the IP of the client. There doesn't need to be a PTR entry for the client but you are least want the zone. If DNS tries to lookup an IP and gets an immediate host not found that is OK. If it times out because it can't even locate a DNS server then that could cause problems for other services dependent on DNS. On 05/10/13 10:58, Ed Strong wrote: Hi, Thanks for the info, I'm replying to you in gmail to samba@lists.samba.org, hope that is correct ? Yes I can edit the config file on the NAS Looking at the network packets all communication to NAS seems to be on port microsoft-ds (445) I can't see any traffic on ports 137/138/139 If i use the IP I get exactly the same error :( On 10 May 2013 15:01, Gaiseric Vandal gaiseric.van...@gmail.com wrote: I think the Error was Transport endpoint is not connected warnings are sometimes misleading. Do you have any control over the samba config (smb.conf) on the NAS ?On regular samba installs, changing the default port settings can cause more problems. Windows 7 will try to connect on port 445 (SMB or CIFS over tcp/ip), and will then reconnect to ports 137/138/139 (SMB over netbios over tcp/ip) since samba 3.x doesn't handle the newer SMB-over-tcp/ip. Disabling 445 on the server seems to cause more problems than it solves. Are you able to connect via IP ? e.g net use \\qnap_ip\share ? I had problems in the past when I disabled port 445 on samba servers. Remote users (no netbios broadcasts permitted) could connect via IP but not via name. For the name only connections, packet monitoring would show packets getting thru the the server but the exchange between client and server not being completed. For clients connecting via IP, the client would send packets to server, server respond, and then clients responded. On 05/07/13 03:53, Ed Strong wrote: Hi, I'm re-posting this (with some more info) as I don't think the original got through as I wasn't signed up to the samba list. this is my first foray in samba (and newsgroups) so go easy :) I've started reading the o'reilly samba book but finding it hard going. Anyway I'm trying to map a network drive from a windows 7 pro client to a QNAP NAS with the command: net use s: \\qnap\share I've posted on several forums and got good advice but the problem remains. Rather than repost all the detail, please see my original posts: http://forum.qnap.com/**viewtopic.php?f=185t=74639http://forum.qnap.com/viewtopic.php?f=185t=74639 http://social.technet.**microsoft.com/Forums/en-US/** winservergen/thread/11d35b0c-**ac95-489f-b5d1-0486b9774603http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/11d35b0c-ac95-489f-b5d1-0486b9774603 http://www.edugeek.net/forums/**windows-7/112309-map-network-** drive-nas-but-get-error-64-58-**a.htmlhttp://www.edugeek.net/forums/windows-7/112309-map-network-drive-nas-but-get-error-64-58-a.html I've managed to ssh onto the QNAP via putty and found this in the logs (getpeername failed) [/var/log] # pwd /var/log [/var/log] # tail -f log.smbd [2013/05/01 09:36:17.135999, 0] lib/util_sock.c:474(read_fd_ with_timeout) [2013/05/01 09:36:17.136096, 0] lib/util_sock.c:1440(get_peer_**addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2013/05/01 09:36:17.137700, 1] smbd/server.c:299(remove_**child_pid) Scheduled cleanup of brl and lock database after unclean shutdown [2013/05/01 09:36:17.178522, 1] smbd/service.c:1073(make_** connection_snum) 172.24.120.139 (172.24.120.139) connect to service Staff initially as user DOMAIN+admin (uid=10001423, gid=1514) (pid 25771) [2013/05/01 09:36:17.179093, 0] lib/util_sock.c:474(read_fd_** with_timeout) [2013/05/01 09:36:17.179173, 0] lib/util_sock.c:1440(get_peer_**addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2013/05/01 09:36:17.179289, 1] smbd/service.c:1254(close_**cnum) 172.24.120.139 (172.24.120.139)
Re: [Samba] samba4 with glusterfs
hmmm, ok, I'm not able to find an option... but I think it's enabled by default. If it wouldn't be enabled, I couldnt setfattr. And I can setfattr -n user.test -v test MOUNTEDGLUSTERFSDIR without any problems Only using windows - samba leads to the problems... maybe you can give me a hint with that user_xattr option... i use mount -t glusterfs -o acl gluster01:/vol01 /samba/glusterfs -o acl,user_xattr is not working, -o acl,fuse-opt=user_xattr also not working kind regards uli Am 10.05.2013 17:15, schrieb Hisham Attar: you can mount glusterfs with user_xattr, I had to do that otherwise I couldnt rsync extended attributes to the mount point -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 member, winbind caching and DC availability
Hello all, I've a box running Samba 3.5.6 (Debian Squeeze) that retrieves its user accounts from AD, using Winbind. The box is receiving incoming mail. Idmap backend is AD, with rfc2307 schema mode. Currently it's only accessing one AD DC, and the MTA on the Samba box is stopped whenever the DC is temporarily offline to prevent rejection of any incoming mail with user unknown status. However, I'd like to add another DC to the mix, but I'm concerned that mail could get rejected if the active DC suddenly goes offline and winbind doesn't switch to another DC promptly enough. Consider the following scenario: 1. There is an AD account foo. The account hasn't been used for some time, and it's thus not in winbind's cache. It's possibly not even in Winbind's idmap cache. 2. There are two AD DCs, A and B. 3. Samba member server C runs Winbind and is currently using the DC A. 4. Hardware fails and the DC A suddenly drops offline. 5. Just few seconds later an e-mail is arriving for foo. The MTA tries to check for the user. 6. As Winbind is not yet aware of the unavailability of the DC A, it tries to contact it. A. Now, in the ideal world this would continue as follows: 7. Winbind can't contact the DC A anymore, so it promptly contacts the DC B. 8. The DC B confirms the existence of foo. 9. The MTA delivers mail for foo. B. However, I'm afraid that in the real world, the following could result: 7. Winbind frantically tries to contact the DC A, but timeouts and can't confirm the existence of foo. It tells the MTA that there's no account. 8. The MTA replies sender with a 550 5.1.1 f...@my.site... User unknown error. 9. After the timeout Winbind finally manages to switch to the DC B, but the sender has already got the delivery failure message and now thinks that the address f...@my.site is no longer valid. I tried to look at the documentation, but didn't find any recommendations regarding winbind cache settings in situations where availability is critical. Is it recommended to just disable all Winbind caching entirely? Or do just the opposite and try to cache as much as ever possible? What are the practical effects of winbind cache time and idmap cache time smb.conf options in this situation? Also, are the caches for all accounts replenished every time the cache of any account expires, or in per-account basis? And do the idmap cache times even work in a predictable way with this old Samba, where bug 8658 still unfixed? Or should I just try to upgrade as soon as possible? I build a test box similar to the actual box receiving mail (Winbind cache time was the default (300 seconds) and idmap cache time was set to 86,400 seconds (one day)) and flooded it with messages while at the same time switching connections to the DCs back and forth. And sure enough, I did get some delivery errors due to Winbind unavailability, if the account receiving the mail hadn't been queried after the last winbind restart and before the DC went offline. So the likelihood of the scenario 'B' feels all too great. Any recommendations for avoiding it? Pekka L.J. Jalkanen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] passwd program in samba4
is there anyone who can explain me how to use passwd program in samba4 -- *Dr. Michael Cinti* *mi.ci...@ausl.fe.it mailto:mi.ci...@ausl.fe.it* U.O. Tecnologia della Comunicazione e della Informazione (I.C.T.) Azienda Usl Ferrara Ospedale del Delta - via Valle Oppio, 2 - 44023 Lagosanto (FE) Tel. +39-0533-723221 Tel. +39-0533-723163 Cortesemente pensa alla tua responsabilità ambientale. Prima di stampare questa email chiediti: Ho veramente bisogno di stamparla? *ATTENZIONE - DATI CONFIDENZIALI!* Questa e-mail contiene informazioni di carattere confidenziale rivolte esclusivamente al destinatario sopraindicato. E' vietato l'uso, la diffusione, distribuzione o riproduzione da parte di ogni altra persona. Nel caso aveste ricevuto questo messaggio per errore, siete pregati gentilmente di segnalarlo immediatamente al mittente all?indirizzo in calce e distruggere quanto ricevuto senza farne copia. Qualsivoglia utilizzo non autorizzato del contenuto di questo messaggio costituisce violazione del segreto della corrispondenza, salvo più grave illecito, ed espone il responsabile alle relative conseguenze civili e penali. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] passwd program in samba4
On Fri, 2013-05-10 at 21:22 +0200, Dr. Michael Cinti wrote: is there anyone who can explain me how to use passwd program in samba4 The Samba 4.0 AD DC does not use this parameter currently. You can use tools like pam_winbind to have PAM-based programs authenticate against Samba however, or ask them to authenticate against LDAP. Sorry, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ports
On Thu, May 09, 2013 at 10:02:23AM -0700, Jessica Guynn wrote: Is there a parameter for smb config for incoming connections to originate from ports greater than 1024 (insecure ports)? smbd doesn't care what port number the incoming connection is arriving from. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Fwd: Re: ports]
I have this for my domain IPTABLES -A INPUT-m mac --mac-source 00:0C:29:83:52:D9 -d samba4 -p tcp -m multiport --dports 53,636,389,88,443,465,445,139,464,123,135,137,138,1024:2024 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 8 and Samba 4 - network path not found
Hi list I have a problem and I hope anyone here can provide me a solution to my problem. I have a Samba4 Server installed on a hosted platform with bind9 flatfile backend. The OS is Ubuntu 12.04 LTS. All tests on the server succeeded. Name resolution works fine and also the sambaclient -L localhost -U% is successful. Whenever I try to join the domain with my Win8 machine I get the error message: Network path not found. Does Win8 works with Samba4 in general ? Where to look at when getting the error message ? Thankx in advance. My smb.conf file looks at follows: [global] workgroup = DELELLIS realm = DELELLIS.LAN netbios name = RV1325 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate [netlogon] path = /var/lib/samba/sysvol/delellis.lan/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No Regards, Carsten Laun-De Lellis Dipl.-Ing. Elektrotechnik Certified Information Systems Auditor (CISA) Hauptstrasse 13 D-67705 Trippstadt Phone: +49 (6306) 992140 Mobile: +49 (151) 27530865 Fax: +49 (6306) 992142 email:mailto:carsten.delel...@delellis.net carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis http://www.linkedin.com/in/carstenlaundelellis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 no longer installing samba_upgradeprovision?
On Thu, 2013-05-09 at 23:59 -0500, Ricky Nance wrote: This tool has been 'turned off' until it can be properly fixed, or completely implemented into samba-tool dbcheck (at least that is my very limited knowledge on this subject). That's correct. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] \map to guest = bad user\ ignored in Samba 4?
Hi Andrew,
I have written a small patch for this issue. I would appreciate if someone
could take a look at and comment. I have tested it on XP machines and seems to
work properly.
Cheers.
--
Samuel Cabrero - Developer
scabr...@zentyal.com
Easy IT for small business
www.zentyal.comdiff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index f234f72..582eb0d 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -69,6 +69,58 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, struct ldb_context *
}
/
+ Look for the guest account in the sam, return ldb result structures
+/
+
+static NTSTATUS authsam_search_guest_account(TALLOC_CTX *mem_ctx,
+ struct ldb_context *sam_ctx,
+ struct ldb_dn *domain_dn,
+ struct ldb_message **ret_msg)
+{
+ int ret;
+ const struct dom_sid *domain_sid;
+ struct dom_sid *guest_sid;
+
+ domain_sid = samdb_domain_sid(sam_ctx);
+ if (domain_sid == NULL) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ guest_sid = dom_sid_add_rid(mem_ctx, domain_sid, DOMAIN_RID_GUEST);
+ if (guest_sid == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* pull the user attributes */
+ ret = dsdb_search_one(sam_ctx, mem_ctx, ret_msg, domain_dn,
+ LDB_SCOPE_SUBTREE,
+ user_attrs,
+ DSDB_SEARCH_SHOW_EXTENDED_DN,
+ ((objectSID=%s)(objectclass=user)),
+ ldap_encode_ndr_dom_sid(mem_ctx, guest_sid));
+ if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+ DEBUG(3,(%s: Couldn't find guest user in samdb, under %s\n,
+ __func__,
+ ldb_dn_get_linearized(domain_dn)));
+ return NT_STATUS_NO_SUCH_USER;
+ }
+ if (ret != LDB_SUCCESS) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ /* Return no such user if the account is disabled */
+ uint16_t acct_flags = samdb_result_acct_flags(sam_ctx, mem_ctx,
+ *ret_msg, domain_dn);
+ if (acct_flags ACB_DISABLED) {
+ DEBUG(3,(%s: Account for guest user is disabled.\n,
+ __func__));
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/
Do a specific test for an smb password being correct, given a smb_password and
the lanman and NT responses.
/
@@ -269,15 +321,28 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx
return NT_STATUS_NO_SUCH_DOMAIN;
}
- nt_status = authsam_search_account(tmp_ctx, ctx-auth_ctx-sam_ctx, account_name, domain_dn, msg);
- if (!NT_STATUS_IS_OK(nt_status)) {
- talloc_free(tmp_ctx);
- return nt_status;
- }
-
- nt_status = authsam_authenticate(ctx-auth_ctx, tmp_ctx, ctx-auth_ctx-sam_ctx, domain_dn, msg, user_info,
- user_sess_key, lm_sess_key);
- if (!NT_STATUS_IS_OK(nt_status)) {
+ nt_status = authsam_search_account(tmp_ctx, ctx-auth_ctx-sam_ctx,
+ account_name, domain_dn, msg);
+ if (NT_STATUS_IS_OK(nt_status)) {
+ nt_status = authsam_authenticate(ctx-auth_ctx,
+tmp_ctx, ctx-auth_ctx-sam_ctx, domain_dn,
+msg, user_info, user_sess_key, lm_sess_key);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(tmp_ctx);
+ return nt_status;
+ }
+ } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) {
+ DEBUG(3, (%s: User %s not found, mapping to guest account\n,
+ __func__, account_name));
+ nt_status = authsam_search_guest_account(tmp_ctx,
+ctx-auth_ctx-sam_ctx, domain_dn, msg);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(tmp_ctx);
+ return nt_status;
+ }
+ user_sess_key = data_blob(NULL, 0);
+ lm_sess_key = data_blob(NULL, 0);
+ } else {
talloc_free(tmp_ctx);
return nt_status;
}
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 8 and Samba 4 - network path not found
I've been using Windows 8 with samba4 as an AD DC for a while (on ubuntu 13.04) with no big issues. Did you install using the git repo or apt? My biggest issues were with DNS -- perhaps double-check that DNS entries are correct and clients are also using the DNS server (https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS ) On Fri, May 10, 2013 at 5:26 PM, Carsten Laun-De Lellis carsten.delel...@delellis.net wrote: Hi list I have a problem and I hope anyone here can provide me a solution to my problem. I have a Samba4 Server installed on a hosted platform with bind9 flatfile backend. The OS is Ubuntu 12.04 LTS. All tests on the server succeeded. Name resolution works fine and also the sambaclient -L localhost -U% is successful. Whenever I try to join the domain with my Win8 machine I get the error message: Network path not found. Does Win8 works with Samba4 in general ? Where to look at when getting the error message ? Thankx in advance. My smb.conf file looks at follows: [global] workgroup = DELELLIS realm = DELELLIS.LAN netbios name = RV1325 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate [netlogon] path = /var/lib/samba/sysvol/delellis.lan/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No Regards, Carsten Laun-De Lellis Dipl.-Ing. Elektrotechnik Certified Information Systems Auditor (CISA) Hauptstrasse 13 D-67705 Trippstadt Phone: +49 (6306) 992140 Mobile: +49 (151) 27530865 Fax: +49 (6306) 992142 email:mailto:carsten.delel...@delellis.net carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis http://www.linkedin.com/in/carstenlaundelellis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 with glusterfs
for mine to work (under ubuntu) I had to mount with the options at the end or it didnt work mount -t glusterfs gluster01:/vol01/samba/glusterfs -o acl,user_xattr On Sat, May 11, 2013 at 1:59 AM, Ulrich Schinz u...@schinz.de wrote: hmmm, ok, I'm not able to find an option... but I think it's enabled by default. If it wouldn't be enabled, I couldnt setfattr. And I can setfattr -n user.test -v test MOUNTEDGLUSTERFSDIR without any problems Only using windows - samba leads to the problems... maybe you can give me a hint with that user_xattr option... i use mount -t glusterfs -o acl gluster01:/vol01 /samba/glusterfs -o acl,user_xattr is not working, -o acl,fuse-opt=user_xattr also not working kind regards uli Am 10.05.2013 17:15, schrieb Hisham Attar: you can mount glusterfs with user_xattr, I had to do that otherwise I couldnt rsync extended attributes to the mount point -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 8 and Samba 4 - network path not found
on windows this generally means it cant access the share of the DC, you'll find if you try to go to the network pather in explorer you will get the same message, if you can map to it on the DC, try reinstalling Simple file sharing and Client for microsoft networks on the adapter for the Windows 8 box On Sat, May 11, 2013 at 9:58 AM, Nick Semenkovich seme...@alum.mit.eduwrote: I've been using Windows 8 with samba4 as an AD DC for a while (on ubuntu 13.04) with no big issues. Did you install using the git repo or apt? My biggest issues were with DNS -- perhaps double-check that DNS entries are correct and clients are also using the DNS server (https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS ) On Fri, May 10, 2013 at 5:26 PM, Carsten Laun-De Lellis carsten.delel...@delellis.net wrote: Hi list I have a problem and I hope anyone here can provide me a solution to my problem. I have a Samba4 Server installed on a hosted platform with bind9 flatfile backend. The OS is Ubuntu 12.04 LTS. All tests on the server succeeded. Name resolution works fine and also the sambaclient -L localhost -U% is successful. Whenever I try to join the domain with my Win8 machine I get the error message: Network path not found. Does Win8 works with Samba4 in general ? Where to look at when getting the error message ? Thankx in advance. My smb.conf file looks at follows: [global] workgroup = DELELLIS realm = DELELLIS.LAN netbios name = RV1325 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate [netlogon] path = /var/lib/samba/sysvol/delellis.lan/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No Regards, Carsten Laun-De Lellis Dipl.-Ing. Elektrotechnik Certified Information Systems Auditor (CISA) Hauptstrasse 13 D-67705 Trippstadt Phone: +49 (6306) 992140 Mobile: +49 (151) 27530865 Fax: +49 (6306) 992142 email:mailto:carsten.delel...@delellis.net carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis http://www.linkedin.com/in/carstenlaundelellis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] \map to guest = bad user\ ignored in Samba 4?
On Sat, 2013-05-11 at 01:25 +0200, Samuel Cabrero wrote: Hi Andrew, I have written a small patch for this issue. I would appreciate if someone could take a look at and comment. I have tested it on XP machines and seems to work properly. This certainly appears to match what I understand to be the Windows behaviour. However, we need tests, in particular I need to know if this behaviour happens over LDAP, and if so, the test specifically needs to inspect the tokenGroups attribute in the rootDSE, to ensure we match Windows, specifically with regards to the 'authenticated user' entry in the token. I know this is a pain, but we do need to get this right, as marking a guest user as 'authenticated' would be a very bad idea. Finally, if you can prepare the patches with git format-patch, it will make it easier for me to apply them, once we verify these things. The test to extend is torture/unix/whoami.c invoked from source3/selftest/tests.py Thanks! Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 6013b0a Remove extra Web prefix from syloe URI via fd4d5ac Add mailto markup to praksys mail address via b803692 Add the alcove mail address via 8ed526c Cleanup mandriva url and mail ref via cde195d Add french vendor tranquil from 4f2d66d Announce Samba 3.6.15. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 6013b0a3df1470a684e5279b6609b18619902d2e Author: Lars Müller l...@samba.org Date: Fri May 10 16:49:52 2013 +0200 Remove extra Web prefix from syloe URI commit fd4d5acc5f2cc7a1c089a9306d3c2f58b1109fda Author: Lars Müller l...@samba.org Date: Fri May 10 16:48:51 2013 +0200 Add mailto markup to praksys mail address commit b80369200dab04f7ccc2ed5c76b5962f6ba23ec1 Author: Lars Müller l...@samba.org Date: Fri May 10 16:46:47 2013 +0200 Add the alcove mail address commit 8ed526c15c8f681e7cd85a6d4df6f2ea49dfec94 Author: Lars Müller l...@samba.org Date: Fri May 10 16:40:42 2013 +0200 Cleanup mandriva url and mail ref commit cde195de8e10b36fdb763049b3f1be68d27fdc8f Author: Lars Müller l...@samba.org Date: Fri May 10 16:34:24 2013 +0200 Add french vendor tranquil --- Summary of changes: support/france.html | 43 ++- 1 files changed, 38 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/support/france.html b/support/france.html index 3c26409..df70228 100644 --- a/support/france.html +++ b/support/france.html @@ -16,7 +16,7 @@ FRANCE a href=http://www.alcove.fr;http://www.alcove.fr/a 01 46 49 25 00 -a href=http://www.alcove.fr;http://www.alcove.fr/a +a href=mailto:i...@alcove.fr;i...@alcove.fr/a /small/pre p Alors que les teacute;nors de l'informatique s'investissent de plus en plus dans le deacute;veloppement de projets OpenSource, que les administrations poussent majoritairement agrave; l'utilisation des technologies libres, que la fracture numeacute;rique, tant deacute;crieacute;e, tend, dans une certaine mesure, agrave' s'estomper, force est de constater que le logiciel libre gagne ses lettres de noblesses et s'impose comme un acteur incontournable du monde informatique. @@ -63,7 +63,7 @@ praKsys a href=http://www.praksys.org;http://www.praksys.org/a 05 62 79 74 89 -cont...@praksys.org +a href=mailto:cont...@praksys.org;cont...@praksys.org/a /small/pre p Deacute;couvrez nos services reacute;seaux, internet et communication, d'infogeacute;rance, de cluster, et nos offres d'heacute;bergement et de formation. @@ -83,7 +83,7 @@ Z.A.C Parc 2000 34080 Montpellier Hérault -Weba href=http://www.syloe.com/;http://www.syloe.com//a +a href=http://www.syloe.com/;http://www.syloe.com//a 04 67 04 06 57 a href=mailto:i...@syloe.com;i...@syloe.com/a /small/pre @@ -109,6 +109,39 @@ applications libres performantes seacute;curiseacute;es, /p +hr / +h3TRANQUIL IT SYSTEMS/h3 +presmall +TRANQUIL IT SYSTEMS +12 avenue Jules Verne +Bâtiment A (Alliance Libre) +44230 Saint Sébastien sur Loire (France) + +a href=http://www.tranquil.it/;http://www.tranquil.it//a ++33 (0)2 40 97 57 55 +a href=mailto:c...@tranquil.it;c...@tranquil.it/a +/small/pre +p +Tranquil IT Systems, fondée en 2002, se spécialise dans le déploiement et la +maintenance de systèmes et de réseaux avec une expertise reconnue en logiciels +libres. Notre connaissance du libre nous permet de mettre en oeuvre avec nos +clients un large panel de technologies et de les combiner judicieusement avec +des briques propriétaires. +/pp +La totalité de nos clients en infogérance globale et une bonne partie de nos +clients en support niveau 3 utilisent SaMBa et nous déployons SaMBa4-AD pour +tout nouveau projet. +/pp +Dans la même vision que celle du projet SaMBa, TRANQUIL IT SYSTEMS poursuit le +but de simplifier l'administration d'un parc Windows en développant avec la +communauté le projet libre WAPT. WAPT vise à automatiser la gestion du cycle de +vie d'un parc applicatif sous Windows (http://dev.tranquil.it). D'ailleurs, WAPT +s'appuie sur certaines technologies constitutives de SaMBa et plusieurs +fonctionnalités avancées de WAPT dépendent de SaMBa4-AD/MSAD pour implementer +les mesures de sécurité. +/p + + !-- Added JHT 20100222 -- hr / h3LINAGORA SA/h3 @@ -145,9 +178,9 @@ Mandriva (formerly Mandrakesoft) 75002 Paris France -http://www2.mandriva.com/ +a href=http://www.mandriva.com/;http://www.mandriva.com//a Tel: 33 1 40 41 00 41 -Email: a href=mailto:servi...@mandriva.com;servi...@mandriva.com/a +a href=mailto:servi...@mandriva.com;servi...@mandriva.com/a /small/pre p Mandriva (formerly Mandrakesoft) has become a significant player in the professional Samba world. -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 6296266 Add missing hyphen in the title via 4a2fe6b Remove duplicate reference to France from address via a1fc35a Always have an empty line after any mailto: ref from 6013b0a Remove extra Web prefix from syloe URI http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 6296266c9b4f1911d6476c6a7f1e48bdfb508343 Author: Lars Müller l...@samba.org Date: Fri May 10 17:07:57 2013 +0200 Add missing hyphen in the title commit 4a2fe6b8fa5756c930c598a2b569f00e9514f567 Author: Lars Müller l...@samba.org Date: Fri May 10 17:06:52 2013 +0200 Remove duplicate reference to France from address commit a1fc35a06397c42933b3d580f19264008346 Author: Lars Müller l...@samba.org Date: Fri May 10 17:04:14 2013 +0200 Always have an empty line after any mailto: ref --- Summary of changes: support/france.html | 15 +-- 1 files changed, 9 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/support/france.html b/support/france.html index df70228..dec6a31 100644 --- a/support/france.html +++ b/support/france.html @@ -1,5 +1,5 @@ !--#include virtual=/samba/header.html -- - titleSamba Support--France/title + titleSamba Support -- France/title !--#include virtual=header_support.html -- h2 align=centerCommercial Support - France/h2 @@ -12,11 +12,11 @@ Alcocirc;ve 15, avenue de l'Agent Sarre 92700 COLOMBES -FRANCE a href=http://www.alcove.fr;http://www.alcove.fr/a 01 46 49 25 00 a href=mailto:i...@alcove.fr;i...@alcove.fr/a + /small/pre p Alors que les teacute;nors de l'informatique s'investissent de plus en plus dans le deacute;veloppement de projets OpenSource, que les administrations poussent majoritairement agrave; l'utilisation des technologies libres, que la fracture numeacute;rique, tant deacute;crieacute;e, tend, dans une certaine mesure, agrave' s'estomper, force est de constater que le logiciel libre gagne ses lettres de noblesses et s'impose comme un acteur incontournable du monde informatique. @@ -36,13 +36,12 @@ Les frontieacute;res existent, mais ne doivent pas entraver la deacute;marche Novso 8 rue Lemercier 75017 Paris -France a href=http://www.novso.com;http://www.novso.com/a Tel: +33 1 83 64 22 70 - a href=mailto:i...@novso.com;i...@novso.com/a Nicholas Deffayet + /small/pre p Novso provides commercial support for Samba and some other opensource @@ -64,6 +63,7 @@ praKsys a href=http://www.praksys.org;http://www.praksys.org/a 05 62 79 74 89 a href=mailto:cont...@praksys.org;cont...@praksys.org/a + /small/pre p Deacute;couvrez nos services reacute;seaux, internet et communication, d'infogeacute;rance, de cluster, et nos offres d'heacute;bergement et de formation. @@ -86,6 +86,7 @@ Hérault a href=http://www.syloe.com/;http://www.syloe.com//a 04 67 04 06 57 a href=mailto:i...@syloe.com;i...@syloe.com/a + /small/pre p Syloe est un prestataire de service informatique speacute;cialiseacute; en logiciels @@ -115,11 +116,12 @@ applications libres performantes seacute;curiseacute;es, TRANQUIL IT SYSTEMS 12 avenue Jules Verne Bâtiment A (Alliance Libre) -44230 Saint Sébastien sur Loire (France) +44230 Saint Sébastien sur Loire a href=http://www.tranquil.it/;http://www.tranquil.it//a +33 (0)2 40 97 57 55 a href=mailto:c...@tranquil.it;c...@tranquil.it/a + /small/pre p Tranquil IT Systems, fondée en 2002, se spécialise dans le déploiement et la @@ -153,6 +155,7 @@ Puteaux 92800 F a href=http://www.linagora.com/;www.linagora.com/a +33 (0)1 46 96 63 63 a href=mailto:i...@linagora.com;i...@linagora.com/a + /small/pre p Set up in 2000, LINAGORA has been one of the original promoters of the @@ -176,11 +179,11 @@ is able to give high level support for large scale migration projects. Mandriva (formerly Mandrakesoft) 43 rue d'Aboukir 75002 Paris -France a href=http://www.mandriva.com/;http://www.mandriva.com//a Tel: 33 1 40 41 00 41 a href=mailto:servi...@mandriva.com;servi...@mandriva.com/a + /small/pre p Mandriva (formerly Mandrakesoft) has become a significant player in the professional Samba world. -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3b3b5b0 docs: smb.conf: fix max read/write/trans default values (bug #9871) from 392b01f s4:torture fix a build break on AIX http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3b3b5b0272e48a751ea19ef9dd771a3862da Author: Björn Baumbach b...@sernet.de Date: Wed May 8 10:27:26 2013 +0200 docs: smb.conf: fix max read/write/trans default values (bug #9871) Commit 6d128aac119d948f0ecb0dcf6b400b4eb4027fe6 has increased the limit: s3:smb2_server increase defaults for read/write/trans sizes to 1MB Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri May 10 23:14:50 CEST 2013 on sn-devel-104 --- Summary of changes: docs-xml/smbdotconf/protocol/smb2maxread.xml |7 +-- docs-xml/smbdotconf/protocol/smb2maxtrans.xml |7 +-- docs-xml/smbdotconf/protocol/smb2maxwrite.xml |7 +-- 3 files changed, 15 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/protocol/smb2maxread.xml b/docs-xml/smbdotconf/protocol/smb2maxread.xml index 2666821..045e7d9 100644 --- a/docs-xml/smbdotconf/protocol/smb2maxread.xml +++ b/docs-xml/smbdotconf/protocol/smb2maxread.xml @@ -8,10 +8,13 @@ manvolnum8/manvolnum/citerefentry will return to a client, informing the client of the largest size that may be returned by a single SMB2 read call. /para -paraThe maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server./para +paraThe maximum is 1048576 bytes (1MiB), which is the same as a Windows Server 2008 r2./para +paraPlease note that the default is 1MiB, but it's limit is based on the +smb2 dialect (64KiB for SMB2.0, 1MiB for SMB2.1 with LargeMTU). +Large MTU is not supported over NBT (tcp port 139)./para /description relatedsmb2 max write/related relatedsmb2 max trans/related -value type=default65536/value +value type=default1048576/value /samba:parameter diff --git a/docs-xml/smbdotconf/protocol/smb2maxtrans.xml b/docs-xml/smbdotconf/protocol/smb2maxtrans.xml index 1c01ccc..d4d83b9 100644 --- a/docs-xml/smbdotconf/protocol/smb2maxtrans.xml +++ b/docs-xml/smbdotconf/protocol/smb2maxtrans.xml @@ -8,10 +8,13 @@ manvolnum8/manvolnum/citerefentry will return to a client, informing the client of the largest size of buffer that may be used in querying file meta-data via QUERY_INFO and related SMB2 calls. /para -paraThe maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server./para +paraThe maximum is 1048576 bytes (1MiB), which is the same as a Windows Server 2008 r2./para +paraPlease note that the default is 1MiB, but it's limit is based on the +smb2 dialect (64KiB for SMB2.0, 1MiB for SMB2.1 with LargeMTU). +Large MTU is not supported over NBT (tcp port 139)./para /description relatedsmb2 max read/related relatedsmb2 max write/related -value type=default65536/value +value type=default1048576/value /samba:parameter diff --git a/docs-xml/smbdotconf/protocol/smb2maxwrite.xml b/docs-xml/smbdotconf/protocol/smb2maxwrite.xml index a302a94..1789bc6 100644 --- a/docs-xml/smbdotconf/protocol/smb2maxwrite.xml +++ b/docs-xml/smbdotconf/protocol/smb2maxwrite.xml @@ -8,10 +8,13 @@ manvolnum8/manvolnum/citerefentry will return to a client, informing the client of the largest size that may be sent to the server by a single SMB2 write call. /para -paraThe maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server./para +paraThe maximum is 1048576 bytes (1MiB), which is the same as a Windows Server 2008 r2./para +paraPlease note that the default is 1MiB, but it's limit is based on the +smb2 dialect (64KiB for SMB2.0, 1MiB for SMB2.1 with LargeMTU). +Large MTU is not supported over NBT (tcp port 139)./para /description relatedsmb2 max read/related relatedsmb2 max trans/related -value type=default65536/value +value type=default1048576/value /samba:parameter -- Samba Shared Repository
