:-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman
rsync on NT for backup to a
remote tape library server. Use rsync to backup the data, and cacls into a
file to gain the perm structure.
So the same could be done with xfs - using whatever command it uses to show
ACLs.
Could all be wrapped into one funky shell script...
--
Cheers
Jason Haar
, as the user logs on, he/she will gain local administrator
rights and privilidges.
That doesn't really work does it? Basically an unpriviledged user runs a
program, and suddenly they're local admin?!?!?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3
? It doesn't
appear to happen very often: I have 28 servers world-wide with this same
eth0, eth0:2 trick and this is the first time I've seen it.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6
to the closest DC by measuring the latency...?
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following URL
\myaccount not in 'valid users'
[2007/12/12 00:21:14, 2] smbd/service.c:make_connection_snum(616)
user 'AD\myaccount' (from session setup) not permitted to access this
share (test)
Any ideas? I can send the entire log (even a packet trace) to someone if
they need it.
--
Cheers
Jason Haar
Jason Haar wrote:
Does this ring any bells? Would recompiling Samba with
--with-dnsupdate (which still seems to be disabled by default)
enable Samba to *continually* ensure its A record is kept intact?
Weirdly enough, we find that if you go through this grief of
disappearing A records
A
records for a week or so (and adding it back in), then suddenly it seems
to all go right and the problem disappears for that particular server.
But then the next one you install goes through the same problem.
Any ideas appreciated.
--
Cheers
Jason Haar
Information Security Manager, Trimble
3.0.28 and I can
flip flop between these two scenarios by making this change - I just
checked :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
a posting in 2003 - can't
find anything newer).
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following URL
issues with DSL links - which I see you mentioning too.
Change your client's MTU to 1300 and see if the problem disappears. Then
reduce it on the Samba server involved instead - as that's an easier
solution than touching every client.
--
Cheers
Jason Haar
Information Security Manager
- that's why you should use the -A
/path/file option where possible.
...unfortunately the Samba net command doesn't support it - I think
it's the only Samba client command that doesn't?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3
-3.0.28a. Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following URL and read the
instructions: https
- which shouldn't need winbind to succeed!
Normally I have to reboot to fix, however if I was lucky enough for it
to happen before my screensaver kicked in, then simply restarting
winbind fixes the problem.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3
the server sending STATUS_FILE_LOCK_CONFLICT errors to
Linux, but it appears that isn't exposed to the OS?
Is this a bug - or a lack of a feature? This is samba-3.2.11-1
Thanks
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP
On 10/22/2009 12:07 PM, Jeremy Allison wrote:
On Thu, Oct 22, 2009 at 10:33:28AM +1300, Jason Haar wrote:
Hi there
I recall in times past that when a locked file on a Windows server was
accessed by smbfs, you received a kind of text file busy type error
under Linux. However, on our
controllers and
it never gives up - and so the offline mode never kicks in.
It's got so bad that I now have scripts that run whenever a network
change occurs, to check if winbind is stuck and restart accordingly.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3
this with 3.2.11, I'm assuming it still affects the current
version
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list
that information - but it looks like
Samba can not? Is that correct, or is there something else I can do?
Resolving usernames/groups is pretty dire due to this - a Samba server
in Sweden is currently using a DC in Beijing for example.
This is Samba-3.0.23d under CentOS4.4
--
Cheers
Jason Haar
Information
? (e.g. does that
lack of a TTY in cron trigger something?)
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go
not anything else?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following URL and read the
instructions: https
to the same
token (at least I had huge trouble getting it to work correctly), so
mapping everything to separate IPs is the cleanest IMHO.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422
) and couldn't figure out what was wrong. Then we noticed log
level = 9 ;-) Turning that off kicked performance up to 80Mbs - which
is equivalent to our Win2K3 servers.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint
servers?
(I assuming all Win2K/WinwK3 servers are utf8?)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following
is quite capable of successfully doing a
getent passwd DOM2\account.
Am I doing something wrong? How can I get a Samba server in either DOM1
or DOM2 to fully support allowing anyone in that Domain Local Group to
connect?
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble
Access Denied?
And yes, allow trusted domains = Yes is set.
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go
that do what you want? Someone opens a file on Samba-Site1,
and the central NFS server locks it for the rest?
Obviously performance will be an issue as I assume you are talking about
sites being geographically separate. Neither NFS nor Samba/SMB perform
well over a WAN.
--
Cheers
Jason Haar
at that
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org
ticket.
Correcting the time fixed the fault. However, it remains that Samba
rejected them when Windows servers didn't.
Is that an option that can be enabled? Anything that makes Samba look
more like Windows is a Good Thing (even if it violates the entire point
of Kerberos! ;-)
--
Cheers
Jason
these trusts more reliable? We
are running Samba-3.0.24 under CentOS4.4
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from
an identical issue with
running virtual Linux in the same environment. The syslog is filled with
ntp errors about being unable to slew the clock.
So we're going to run VMware under Fedora instead - at least that kernel
is less than 2 years old ;-)
--
Cheers
Jason Haar
Information Security Manager
if it means handling such a
hare-brained situation. But - that's easy for me to say :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from
Active Directory's Kerberos is susceptible to man-in-the-middle attacks
then? :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from
to servers work
(as you'd expect with the correct time).
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following
Gerald (Jerry) Carter wrote:
Jason Haar wrote:
Hi there
We have a bunch of Win2K3 trusted domains that are
parts of other forests from our own Win2K3 forest.
...
We should be talking to DNS anyways in this case.
Can you DNS resolve teh SRV records for the trusted domain?
Absolutely
else confirm? This is a serious bug for us. Returning bogus
data is majorly worse than even a crash... (we're supposed to be
rsync'ing that data). We're sticking with 2.6.18 for the time being.
Thanks
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635
2.6.18...?
Help?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following URL and read the
instructions: https
this as a bug a while ago, but it apparently hasn't been
fixed yet. See https://bugzilla.samba.org/show_bug.cgi?id=4066.
Thanks for that - I'll add a me too
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407
have rolled back to 3.0.24 and the problem disappears - so it's
something in 3.0.25 fer shure...
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Christian Perrier wrote:
Quoting Jason Haar ([EMAIL PROTECTED]):
Hi there
I was using username map under 3.0.24 so that when I connected from
DOM\jhaar under (ADS Win2K3) Windows, it was mapped to my local jhaar
Unix account - with homedir /home/jhaar, etc.
That sounds like samba
://lists.samba.org/mailman/options/samba
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following URL and read
to domain is not valid: Undetermined error
The Undetermined error is a bit of a pain :-)
Any ideas what's happening here? I assume tonnes of other Samba sites
talk to RODCs and I haven't heard of this as a general issue?
Thanks
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
%define initdir %{_sysconfdir}/rc.d/init.d
%define auth %(test -f /etc/pam.d/system-auth echo /etc/pam.d/system
One thing: do you have log level set? If so, put it down to 0 -
logging (which is really debugging) totally kills Samba performance
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo
- but
effectively it's a cow.
If you can stomach the lack of encryption, go back to Basic proxy
authentication - squid can cache the hell out of that! I bet you'll find
all your problems disappear.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635
of encryption, but with basic proxy auth can they still
authenticate to AD?
Absolutely. There is no difference in Squid's ntlm_auth functionality
between choosing Basic or NTLM/Negotiate. ie you can still do
group-based access controls using Basic.
--
Cheers
Jason Haar
Information Security Manager
.
Known issue in pre-3.0.29 releases of Samba. Upgrade to 3.0.30 and
you'll be right :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from
3.0.30 -
so it's still a problem with the current release.
Is there a tool or something to manipulate/delete individual entries
from the cache so that we don't have to go through this whole exercise
every time?
Thanks
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo
actually be fixed? :-)
This is under FC8.
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following URL and read
. But I don't think that's normal? Under 3.0.30 it never seemed to go
above 10-ish?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from
) is a Distribution List too BTW (not just a Security Group).
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following URL
the username to the same SID.
As mentioned earlier, ntlm_auth with such an account and correct
password returns OK.
Any ideas? It smells so close to working...
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E
it surprises me. I know I can easily deduce the same values
that I just put into krb5.conf via some DNS lookups - I thought Samba
would have done the same... (actually you don't even need DNS for that:
Under ADS, realm == fqdn)
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble
and Computers shows the hostname in the
Computers container - but it either has 8bit garbage after the name (i.e
it's corrupt), or it's marked as Disabled.
Any ideas what's wrong?
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3
:-)
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following URL and read the
instructions: https
filename - freaks the hell out of the Windows Admins ;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following
/util.c:show_msg(485)
I have re-added the machine to the domain without any change. Any other
ideas? I have just finished adding 16 Samba servers to 4 different
domains and this is the only one to fail in such a way. I'm a bit stumped...
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation
to this ;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options
there -
maybe not - dunno
Is this a known issue, and if not, what can I do to track down the
cause, as it sort of diminishes the usefulness of Samba if you can't
trust the file ownership anymore
Thanks
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
issues with
3.6 which I've blamed on old system libraries and have given up on 3.6
until we upgrade to CentOS-6 later this year. At that point the
intention is to keep to the vendor release
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP
:
NT_STATUS_UNSUCCESSFUL
So that makes no sense: how can wbinfo -s SID work, when the winbind
logfile shows that it couldn't convert the same sid?
Thanks
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063
no sense - any ideas
what's gone wrong? I suspect the server has some old library that is
triggering this - but don't know where to look...?
Thanks
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063
this problem - didn't help)
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
To unsubscribe from this list go to the following URL and read the
instructions: https
Windows dropped the messaging service with Vista - you simply cannot do what
you want with Win7 either
Jason
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
backends - but they all assume your Windows
environment is Unix friendly which ours isn't. I'm just trying to make
our Samba servers play nicely within our Windows-dominated empire ;-)
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP
ID, so that
if a *different* version of winbindd starts, it'll delete the cache,
otherwise it'll use it (and if error, then delete and try again).
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6
, Samba 2.2.7a.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Listen to what you just said:
This is the second time a WINS-related problem...
You have a Microsoft problem, and management is blaming Samba!?!?!?!?
Drop WINS on M$ - start WINS on Samba. Then you only have one thing to worry
about.
--
Cheers
Jason Haar
Information Security Manager, Trimble
70 matches
Mail list logo