Re: [Samba] Upgrading samba 2.2.8a to 3.6.15 on Solaris 9 --> 3.6.15 brings all inetd services down
Hello Jordan, Am 17.09.2013 01:28, schrieb Jordan Verschuer: However, after rebooting I can log on to swat and see that the smbd and nmbd services are running and I can make quick changes to the configuration, like adding a new user or updating the password, and I can even map to the share... for about a minute! After about 1 minute the swat/smbd/nmbd services stop... as well as all inetd services!! I don't know Solaris, but why are you starting Samba through Inetd and not as standalone? And what happens if you start it standalone? I never saw Samba through Inetd. But as I said: I'm not familiar with Solaris. :-) I cannot rlogin from a new terminal, or rsh or finger in the current terminal, however ssh still works but this isn't an inetd service. Has anyone got a clue as to what might be happening? It seems that something crashes the whole Inetd, what causes it's child processes automatically also to die. I haven't used Inetd any more for almost 15 years. Is there anything in the logs or a way to increase Inetd loglevel? I would try to avoid Inetd for starting samba. And why not updating to the latest Samba version? 3.6 goes into security only maintainance mode with it's next version. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrading samba 2.2.8a to 3.6.15 on Solaris 9 --> 3.6.15 brings all inetd services down
Hi samba friends, I'm upgrading our Samba 2.2.8a server to 3.6.15 on a Solaris 9 box, we need to do this as all our latest Mac OS X 10.8 clients cannot map to the 2.2.8a network share, and need the newer Samba (well known issue for mountain lion). I've compiled 3.6.15 and this seemed to go ok, no obvious errors were shown during .configure make and make install, and smbd -V gives output and seems ok, I've updated /etc/inet/inetd.conf and also added the same users to smbpasswd, and smb.conf lists the same shares and passes testparm. However, after rebooting I can log on to swat and see that the smbd and nmbd services are running and I can make quick changes to the configuration, like adding a new user or updating the password, and I can even map to the share... for about a minute! After about 1 minute the swat/smbd/nmbd services stop... as well as all inetd services!! I cannot rlogin from a new terminal, or rsh or finger in the current terminal, however ssh still works but this isn't an inetd service. Has anyone got a clue as to what might be happening? I can attach log files for anyone who might like to help a samba friend out, thanks for reading. Cheers, Jordan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group share directory
On Mon, 2013-09-16 at 09:58 -0700, David Christensen wrote: > On 09/16/13 02:10, steve wrote: > > How about a big hammer? cron: > > find /mnt/z/data -type f -exec chmod 777 {} \; > > as often as you think users may mv or cp. > > Try exec+ if they move a lot of files. > > Thanks for the reply. :-) > > > I would also need to do directories. Ignoring the group sticky bit, the > desired mode is the same. So, I could lose the find and just "chmod -R > 0777". But, what about symbolic links? Or sockets, named pipes, block > or character specials, etc.? Hmmm... Perhaps I need to forget about > local access and settle for a Samba solution for regular files and > directories only -- e.g. configure Samba to provide the needed > functionality and then make Samba the only way into or out of GroupShare. > > > David Hi It picks up directories too. It will be slow without the find. Just find all the files without 777. If it doesn't find any, it won't do anything: find / -type f ! -perm 777 For symlinks everyone here will tell you not to use smb.conf: follow symlinks = Yes wide links = Yes sockets and pipes, don't know. Cheers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group share directory
On 09/16/13 09:58, David Christensen wrote: Perhaps I need to forget about local access and settle for a Samba solution for regular files and directories only -- e.g. configure Samba to provide the needed functionality and then make Samba the only way into or out of GroupShare. This seems to work: # grep groupshare /etc/passwd groupshare:x:999:999::/home/groupshare:/bin/false # grep groupshare /etc/group groupshare:x:999: # ls -ld /mnt/z/groupshare/ drwxrwxrwx 3 groupshare groupshare 4096 Sep 16 12:24 /mnt/z/groupshare/ # grep -A 99 groupshare /etc/samba/smb.conf [groupshare] path = /mnt/z/groupshare force user = groupshare read only = No create mask = 0777 force create mode = 0666 force security mode = 0666 directory mask = 0777 force directory mode = 0777 force directory security mode = 0777 force unknown acl user = Yes HTH, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: Samba4 DC with multiple IPs
Hello Rafael, Am 16.09.2013 17:18, schrieb Rafael Steiner: Is there a way to limit dynamic updates to a specific interface or can I disable it altogether on the DC? Do you want to listen Samba on any interface and only limit dynamic updates to a defined interface? In this case I don't think this is possible. If you want Samba to listen on defined interfaces in general: https://wiki.samba.org/index.php/Samba_port_usage#Prevent_Samba_from_listening_on_all_interfaces Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group share directory
On 09/16/13 02:10, steve wrote: How about a big hammer? cron: find /mnt/z/data -type f -exec chmod 777 {} \; as often as you think users may mv or cp. Try exec+ if they move a lot of files. Thanks for the reply. :-) I would also need to do directories. Ignoring the group sticky bit, the desired mode is the same. So, I could lose the find and just "chmod -R 0777". But, what about symbolic links? Or sockets, named pipes, block or character specials, etc.? Hmmm... Perhaps I need to forget about local access and settle for a Samba solution for regular files and directories only -- e.g. configure Samba to provide the needed functionality and then make Samba the only way into or out of GroupShare. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: Samba4 DC with multiple IPs
Hi, I installed a samba 4 DC. It works fine, however it autoregisters all IPs in DNS (Dynmaic Update). This bears the problem that when a client wants to connect to the DC it connects using a wrong ip. I tried to remove the IP using dnsmgmt.msc, this works for around an hour than the "wrong" address is back again. Is there a way to limit dynamic updates to a specific interface or can I disable it altogether on the DC? Thanks for your help in advance! Best Regards, Rafael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] AD DC eventually not browsable without restart, RPC server unavailable for user selection
I'm now getting another error in a different spot that I hadn't tried before. If I go to a share \\newdc\\whatever, right-click a folder in it, go Properties, then the Security tab, then Advanced, then Effective Permissions, then Select, I get this: The program cannot open the required dialog box because it cannot determine whether the computer named "newdc" is joined to a domain. Close this message, and try again. [Close] And upon clicking Close: --- Security --- Unable to display the user selection dialog. The RPC server is unavailable. --- OK --- I'm using this particular share in production at the moment so I'll have to wait until after-hours to try restarting Samba to see if it goes away. Has anyone else come across either of these errors? Why does Samba's equivalent of the RPC server seem to function fine and then after some amount of time no longer seem to be available? Thanks, Kev On 2013-09-06 2:49 PM, Kevin Field wrote: Nothing too interesting: $ sudo tail -n 50 /var/log/samba/log.smbd smbd version 4.0.8-SerNet-RedHat-4.el6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 [2013/08/15 17:56:21.535409, 0] ../source3/smbd/server.c:1253(main) server role = 'active directory domain controller' not compatible with running smbd standalone. You should start 'samba' instead, and it will control starting smbd if required [2013/08/15 22:57:15, 0] ../source3/smbd/server.c:1201(main) smbd version 4.0.8-SerNet-RedHat-4.el6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 [2013/08/15 22:57:15, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter "dns recursive queries" [2013/08/15 22:57:15.902304, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter "dns recursive queries" [2013/08/15 22:57:15.909854, 0] ../source3/smbd/server.c:1281(main) standard input is not a socket, assuming -D option [2013/08/15 22:57:16.631301, 0] ../source3/printing/print_cups.c:151(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2013/08/15 22:57:16.632045, 0] ../source3/printing/print_cups.c:528(cups_async_callback) failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL [2013/08/15 22:58:16.689780, 0] ../source3/printing/print_cups.c:151(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2013/08/15 22:58:16.690368, 0] ../source3/printing/print_cups.c:528(cups_async_callback) failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL [2013/08/15 23:00:37.725980, 0] ../source3/param/loadparm.c:3033(lp_set_enum_parm) WARNING: Ignoring invalid value 'unsecure' for parameter 'allow dns updates' [2013/08/15 23:00:37.726249, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter "dns recursive queries" [2013/08/15 23:00:37.772626, 0] ../source3/param/loadparm.c:3033(lp_set_enum_parm) WARNING: Ignoring invalid value 'unsecure' for parameter 'allow dns updates' [2013/08/15 23:00:37.772883, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter "dns recursive queries" [2013/08/15 23:00:38.037790, 0] ../source3/param/loadparm.c:3033(lp_set_enum_parm) WARNING: Ignoring invalid value 'unsecure' for parameter 'allow dns updates' [2013/08/15 23:00:38.038080, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter "dns recursive queries" [2013/08/15 23:02:35.872174, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter "dns recursive queries" [2013/08/15 23:02:35.935461, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter "dns recursive queries" [2013/08/15 23:02:36.200408, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter "dns recursive queries" [2013/08/15 23:02:39.710286, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter "dns recursive queries" [2013/08/15 23:02:39.792444, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter "dns recursive queries" [2013/08/15 23:02:40.054341, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter "dns recursive queries" [2013/08/15 23:02:55.374983, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter "dns recursive queries" [2013/08/15 23:04:13.125656, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter "dns recursive queries" And: top - 14:47:13 up 14 days, 22:05, 1 user, load average: 0.13, 0.12, 0.09 Tasks: 222 total, 1 running, 221 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 12194316k total, 6204420k used, 5989896k free, 810524k buffers Swap: 6168568k total, 2784k u
[Samba] [SOLVED] Re: samba4+bind9.9 will not start: samba_dlz: dns_rdata_fromtext: buffer-0x7f1c0cbcd680:1: near 'hostmaster.domain.de': not a valid number
Hello, I solved my bind problem: Am Donnerstag, den 12.09.2013, 16:16 +0200 schrieb Noël Köthe: > 12-Sep-2013 15:43:07.495 samba_dlz: started for DN DC=domain,DC=de > 12-Sep-2013 15:43:07.495 samba_dlz: starting configure > 12-Sep-2013 15:43:07.496 dns_rdata_fromtext: buffer-0x7f1c0cbcd680:1: near > 'hostmaster.domain.de': not a valid number >realm = DOMAIN.DE >netbios name = sso-test System The netbios name was "sso-test System" (my failure to add a additional and wrong space) with the result in the machine account "SSO-TEST SYSTEM $@DOMAIN.DE" but the system name is just sso-test. Comment out this option and reprovisioning solves my bind problem. Just if somebody have the same problem. Is it worth to file a bug to have the option checked? -- Noël Köthe Debian GNU/Linux, www.debian.org signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] automatically create users home directories samba 4.0.9
On Mon, 2013-09-16 at 13:55 +0200, Shaun Megaw wrote: > > I have tried to create a physical directory and then invoke : > chmod 770 /home/Users/xlinuxd -R > but this does not work either Try this first: samba-tool user delete xlinuxd The recreate it but with: --home-directory="\\mydomain\Users\xlinuxd" When that doesn't work, try this too: I think you'll need to set the permissions. wbinfo -i xlinuxd then chown uidNumber:gidNumber /home/Users/xlinuxd chmod 755 /home/Users/xlinuxd In windows, it'll then appear as H:\ HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] On Machine Accounts
Hi, machine account is a rules of windows domains. since NT4 domain, W2k domain, AD domain, all requiere a machine account. It's a security purpose who exist in samba and microsoft domain controler. You cannot bypass this rules if your network use a domain controler. You have to possibility : put your DC on standalone server who just have share (no home and no profile) or create your full disk image on a client out of your domain and sysadmin just change machine name and add to the domain. best regards Stéphane --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 15/09/2013 20:53:11: > De : Yannick Gingras > A : Andrew Bartlett , > Cc : samba@lists.samba.org > Date : 16/09/2013 14:04 > Objet : Re: [Samba] On Machine Accounts > Envoyé par : samba-boun...@lists.samba.org > > On 09/14/2013 05:33 PM, Andrew Bartlett wrote: > > On Fri, 2006-10-06 at 12:32 -0400, Yannick Gingras wrote: > >> [...] > > You can't do a domain logon without a machine account. You could set > > them up as just standalone workstation however. > > > > Andrew Bartlett > > > > Andrew, > while I appreciate you taking the time to answer this question, I have > to confess that this was a problem that I had 7 years ago and that I am > no longer in charge of these machines. > > Wishing you an excellent day, > > -- > Yannick Gingras > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] automatically create users home directories samba 4.0.9
Hi all same problem as here https://lists.samba.org/archive/samba/2013-January/170817.html I can create a user called xlinuxd but it does not automatically create a home directory. I use the following command: samba-tool user add xlinuxd --given-name=Linux --surname=Delta --home-drive=H --home-directory="\\\mydomain\Users\xlinuxd" --mail-address= linux.de...@mydomain.co.za --script-path=xlinuxd.cmd When going to a windows machine, if I open dsa.msc it shows the home folder correctly, but does not physically create a home folder. I have tried to create a physical directory and then invoke : chmod 770 /home/Users/xlinuxd -R but this does not work either I am also creating hundreds of users, so would like a command line option instead of editing each user through the dsa.msc and creating home directories. Any assistance would be appreciated. Kind Regards -- -- *Shaun Megaw* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrading samba 2.2.8a to 3.6.15 on Solaris 9 --> 3.6.15 brings all inetd services down
Hi samba friends, I'm upgrading our Samba 2.2.8a server to 3.6.15 on a Solaris 9 box, we need to do this as all our latest Mac OS X 10.8 clients cannot map to the 2.2.8a network share, and need the newer Samba (well known issue for mountain lion). I've compiled 3.6.15 and this seemed to go ok, no obvious errors were shown during .configure make and make install, and smbd -V gives output and seems ok, I've updated /etc/inet/inetd.conf and also added the same users to smbpasswd, and smb.conf lists the same shares and passes testparm. However, after rebooting I can log on to swat and see that the smbd and nmbd services are running and I can make quick changes to the configuration, like adding a new user or updating the password, and I can even map to the share... for about a minute! After about 1 minute the swat/smbd/nmbd services stop... as well as all inetd services!! I cannot rlogin from a new terminal, or rsh or finger in the current terminal, however ssh still works but this isn't an inetd service. Has anyone got a clue as to what might be happening? I can attach log files for anyone who might like to help a samba friend out, thanks for reading. Cheers, Jordan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] On Machine Accounts
On 09/14/2013 05:33 PM, Andrew Bartlett wrote: On Fri, 2006-10-06 at 12:32 -0400, Yannick Gingras wrote: [...] You can't do a domain logon without a machine account. You could set them up as just standalone workstation however. Andrew Bartlett Andrew, while I appreciate you taking the time to answer this question, I have to confess that this was a problem that I had 7 years ago and that I am no longer in charge of these machines. Wishing you an excellent day, -- Yannick Gingras -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] need help with samba4 sharing files with mac osx 10.8.3
Hi here is a little up of my last message : Having an issue on my new samba4 AD I was able to set it up, joint windows clients and share folder. Also as i work in a mixed environmment i have some mac osx clients, that i was able to koint on domaine. The problem is that i can not write to my samba share from mac clients. the mac seems to understand the file permissions as i can view/edit them from file info. i simply can not write to any smb share. is there a work around on samba 4 special for mac clients ? any help is very apréciate :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 AD with bind DNS / TKEY is unacceptable
Hello, after resolving my problem (more or less), i try to migrate an W2k3 SBS. Here i found new but similar problems. It seems that the LDAP Structure for the DNS Zones of a SBS is different from w2k3 standard or enterprise. It seems that the BIND9_DLZ driver, samba-tool and samba_dnsupdate have problems with this structure. We switched the DNS to samba internal. After this resolving names is possible: s4ad:~ # dig @localhost s4ad..local ; <<>> DiG 9.9.3-P2 <<>> @localhost s4ad..local ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61943 ;; flags: qr aa rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;s4ad..local. IN A ;; ANSWER SECTION: s4ad..local. 900 IN A 192.168.1.10 ...but using samba-tool didn't work: samba-tool dns zonelist s4ad..local GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:s4ad..local[,sign] Ticket in credentials cache for administrator@.LOCAL expired, will refresh Password for [administrator@.LOCAL]: ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.6/site-packages/samba/netcmd/dns.py", line 812, in run request_filter) The Samba Logfile shows: [2013/09/16 11:12:30.197554, 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection) Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED' [2013/09/16 11:12:30.197757, 3] ../source4/smbd/process_single.c:114(single_terminate) single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED] [2013/09/16 11:12:39.875479, 3] ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2013/09/16 11:12:39.903960, 2] ../source4/rpc_server/dnsserver/dnsdb.c:140(dnsserver_db_enumerate_zones) dnsserver: Found DNS zone . [2013/09/16 11:12:39.908238, 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection) Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED' [2013/09/16 11:12:39.908471, 3] ../source4/smbd/process_single.c:114(single_terminate) single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED] It seems, that samba-tool and samba_dnsupdate didn't know where to find the DNS Zones in the LDAP DID of the SBS LDAP-Structure. Does anybody knows this behavior or any workarounds? Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group share directory
On Sun, 2013-09-15 at 13:57 -0700, David Christensen wrote: > but copying and moving > didn't. How about a big hammer? cron: find /mnt/z/data -type f -exec chmod 777 {} \; as often as you think users may mv or cp. Try exec+ if they move a lot of files. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] tdb idmap returns different GID's for the same SID from time to time
Greetings! I have a samba 3.6.18 acts as a domain member. I'm using a samba nss and creating local groups for a domain users. Here part of my nsswitch.conf: group: files winbind passwd: files winbind The problem is that the tdb unix GID mappings returns different ID from time to time for the same SIDs. Suppose we have a local group "samba_svn1", created with "NET SAM CREATELOCALGROUP". After creation, group "samba_svn1" has SID S-1-5-21-3743722752-3344840800-2625497366-1074 and GID 30025. But, from time to time this SID receives a different GID mapping: 30027. Following are the result of service commands, which demonstrates a real problem: NSS is always works correctly: [root@dynamo ~]# getfacl /zfsmount/svn/svn1 # file: /zfsmount/svn/svn1 # owner: www # group: www group:DYNAMO\samba_svn1:rwxpDdaARWcCos:fd:allow owner@:rwxp--aARWcCos:--:allow group@:--a-R-c--s:--:allow everyone@:--a-R-c--s:--:allow [root@dynamo ~]# getent group samba_svn1 DYNAMO\samba_svn1:x:30025 [root@dynamo ~]# wbinfo --sid-to-gid S-1-5-21-3743722752-3344840800-2625497366-1074 30025 But, just after that, when i try to get info from idmap DB and the cache, i see a very strange results. SID S-1-5-21-3743722752-3344840800-2625497366-1074 is mapped to GID 30027: [root@dynamo ~]# net idmap dump|grep S-1-5-21-3743722752-3344840800-2625497366-1074 dumping id mapping from /var/db/samba/winbindd_idmap.tdb GID 30027 S-1-5-21-3743722752-3344840800-2625497366-1074 [root@dynamo ~]# net cache list|grep S-1-5-21-3743722752-3344840800-2625497366-1074 Key: IDMAP/SID2GID/S-1-5-21-3743722752-3344840800-2625497366-1074 Timeout: Mon Sep 23 09:14:17 2013 Value: 30025 Key: IDMAP/GID2SID/30025 Timeout: Mon Sep 23 09:14:17 2013 Value: S-1-5-21-3743722752-3344840800-2625497366-1074 Key: IDMAP/GID2SID/30027 Timeout: Thu Sep 19 13:44:48 2013 Value: S-1-5-21-3743722752-3344840800-2625497366-1074 "net idmap check" doesn't resolve the problem, but gives an additional info: 30027 is a highest GID from my DB (maybe it's a key to problem): [root@dynamo ~]# net idmap check check database: /var/db/samba/winbindd_idmap.tdb uid hwm: 30018 gid hwm: 30027 mappings: 39 other: 3 invalid records: 0 missing links: 0 invalid links: 0 0 changes: Question: is my problem because of bug, or it's because of misconfigured server. Here my config: [global] dos charset = CP866 workgroup = HTS realm = HTS.KH.UA server string = security = ADS map to guest = Bad Password local master = No wins server = 192.168.32.5 winbind enum users = Yes winbind enum groups = Yes winbind expand groups = 10 winbind nss info = rfc2307 winbind max domain connections = 50 idmap config HTS : schema_mode = rfc2307 idmap config HTS : range = 1-2 idmap config HTS : backend = ad idmap config HTS : default = yes idmap config * : range = 3-4 idmap config * : backend = tdb [svn1] path = /zfsmount/svn/svn1 valid users = @samba_svn1 read only = No create mask = 0700 force create mode = 0700 inherit owner = Yes map archive = No map readonly = no vfs objects = zfsacl nfs4: chown = no nfs4:acedup = dontcare nfs4: mode = special P.S. An upgrade to newer ver. 4.0 is undesirable for me, and i do it only if ver. 4.0 really solve my problem. Thanks in advance. -- Best regards, Pavel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba