Re: [Samba] Bad configuration file
In your schema directory,, grep for 1.3.6.1.4.1.1466.115.121.1.38 and try to narrow it down to which file the bad schema is in.. . On 06/05/2012 05:13 AM, Cédric Carlen wrote: Hello, I reup my topic, because i don't find something interessant on the Net. I've try to delete ppolicy.schema but nothing changes :( Cédric 2012/6/1 Cédric Carlencarlen.ced...@gmail.com Hello everyone, I'm writing you a topic because i have a problem with smaba and LDAP. This is my problem, when I type in the shell slapcat, i've got this message : str2entry: invalid value for attributeType objectClass #1 (syntax 1.3.6.1.4.1.1466.115.121.1.38) slapcat: bad configuration file! There is my slapd.conf : include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/ppolicy.schema modulepath /usr/lib/ldap moduleload back_bdbn moduleload ppolicy.la moduleload smbk5pwd.la overlay smbk5pwd smbk5pwd-enable samba overlay ppolicy ppolicy_default ou=default,ou=policies,dc=my,dc=test ppolicy_use_lockout ppolicy_hash_cleartext Please help :( Flake -- Cédric CARLEN Élève-ingénieur à TELECOM Lille 1 Promotion FI15 ☎ 06.59.42.81.55 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic questions regarding Samba capabilities
First, I'm not sure if your speaking of samba4 or just upgrading your s3 domain structure .. my comments are based on samba4 hope it helps .. Policies: -- Group policy works with S4.. So whatever group policies you can set in windows DC you can set on the S4 dcs.. Scalability -- 1PDC and several BDCs would be your answer. Essentially your going to create the same infrastructure as you would with the windows family of servers. unstead of multiple pdc's you'd use bdc's at in different vlans.. or RODC's but I am not sure where the RODC's are in terms of completeness. Backend -- OPENLDAP isn't supported as a back-end.. I believe that your only option is to use the built-in samba4 back-end at this point.. Compatability -- there are no special steps in joining windows 7 or 2008 servers to the S4 domain.. There is an upgrade script that should pull your users and computers to the new domain, obviously this would require extensive testing in your environment. On 05/20/2012 11:32 AM, Jason Voorhees wrote: Hi people: I've been using Samba for a long time with some basic features like Samba working as a PDC, integrated with OpenLDAP, being a print server, among others, for a small number of almost controlled users (no more than 30 or 50 users). But now I'm interested to implement a Windows domain using Samba for a University with 6000-8000 users distributed through several VLANs, subnets, offices in a medium/big campus. I'd like to avoid using a propietary solution like Windows 2008 with ADS so I'd like to know some suggestions like these: Policies: === - How well can Samba manage policies for workstations? - Is it easy or safe to apply and/or remove policies from workstations? - What kind of things can I allow or deny from succeding in workstations using policies? For example: could I avoid users from changing the IP address of the workstation? Could I set a fixed wallpaper or internet explorer proxy settings to workstations? Scalability In a big scenario like the previous i mentioned: - How many BDCs would be needed? Is it enough to have 1 PDC and severals BDCs? - Is it possible to have multiple PDCs of the same domain each one being in a different VLAN? or, what's the right approach in terms of structure-architecture to implement PDCs and BDCs? Backend === Definitely I plan to use OpenLDAP as backend but, similar to the previous question about BDCs: how many Master/Slave OpenLDAP servers do you think it would be necessary? It could be 1 BDC+OpenLDAP (slave or master) for each office or VLAN? Compatibility: === - I know that are some procedures to join Windows 7 to Samba domain, I did this before successfully. Do you know -maybe- of another possible compatibility problem that you suggest I can be prepared for? - If after some time (weeks, months or years) I plan to replace this Samba based domain to Windows 2k ADS domain: is it possible to do this migration without problem? it isn't necessary to reinstall all the domain and rejoin all the workstation? Technically I can investigate how to implement each of these features (policies, BDCs, openldap, etc...) but before taking a decision like this i would like to have some suggestions of people that have done similar implementations before. This help it would be excellent for me, I hope some one can help. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Backup
On 05/16/2012 11:19 AM, Jorell wrote: On 5/15/2012 12:36 PM, Aaron E. wrote: You can copy /usr/local/samba/private and /usr/local/samba/etc directories to the new machine with the new samba compiled install. You will also need to rsync /usr/local/samba/var/locks/sysvol to the new machine but you need to do this with ntacl support using rsync I have found works as it is provisioned with specific permissions and it's a bitch to get them back to normal.. That being said samba ships with a backup script /usr/local/src/samba-master/source4/scripting/bin/samba_backup .. you can tailor for your environment.. I stopped it from backing up the sysvol as it wasn't backing up the ntacls.. On 05/15/2012 02:50 PM, sandy.napo...@eccmg.cupet.cu wrote: Hello list, I have to change the PC where run my samba4 as PDC, the cause is that this PC will change all hardware, if i copy the /usr/local/samba to new pc everything work succeful? or I must make other change? thanks upgradeprovision has the option --fixntacl 'Only fix NT ACLs in sysvol / netlogon share'. It has a few other items that might also be of intrest. This is an item I would have been smarter for having known 3 weeks ago lol.. Thanks for the tip.. I never would have thought to look at the upgrade provision script for this .. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Backup
You can copy /usr/local/samba/private and /usr/local/samba/etc directories to the new machine with the new samba compiled install. You will also need to rsync /usr/local/samba/var/locks/sysvol to the new machine but you need to do this with ntacl support using rsync I have found works as it is provisioned with specific permissions and it's a bitch to get them back to normal.. That being said samba ships with a backup script /usr/local/src/samba-master/source4/scripting/bin/samba_backup .. you can tailor for your environment.. I stopped it from backing up the sysvol as it wasn't backing up the ntacls.. On 05/15/2012 02:50 PM, sandy.napo...@eccmg.cupet.cu wrote: Hello list, I have to change the PC where run my samba4 as PDC, the cause is that this PC will change all hardware, if i copy the /usr/local/samba to new pc everything work succeful? or I must make other change? thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] s3 connect to s4 ads woes, need guidance..
I hadn't had a chance to get back to the list on this one.. Indeed, this was the reason it was failing. I added this so it would create the keytab for me and assumed this should work.. I'll just use net rpc keytab create from now on.. I was experiencing one issue that I couldn't connect to the share via \\name so I strayed away from the keytab being the problem as it did work to some degree.. Thanks for the reply and keep up the good work Andrew!! On 05/10/2012 06:54 PM, Andrew Bartlett wrote: On Wed, 2012-05-09 at 09:37 -0400, Aaron E. wrote: The problem came right back after I posted that it was fixed after being compiled... I've been doing much more troubleshooting trial and error with options in smb.conf.. Here is a debug of the machine.. Machine Details Samba4 Domain,, Samba3 Print server, Windows 2008 R2 [2012/05/09 09:18:56, 0] libads/kerberos_verify.c:72(ads_dedicated_keytab_verify_ticket) krb5_rd_req failed (Wrong principal in request) [2012/05/09 09:18:56, 3] libads/kerberos_verify.c:568(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Wrong principal in request) My suggestion is to remove any non-default setting for 'kerberos method' and rejoin. My guess is that you are connecting under a different name to that stored in the system-wide /etc/krb5.keytab. Our default method copes with this. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] s3 connect to s4 ads woes, need guidance..
The problem came right back after I posted that it was fixed after being compiled... I've been doing much more troubleshooting trial and error with options in smb.conf.. Here is a debug of the machine.. Machine Details Samba4 Domain,, Samba3 Print server, Windows 2008 R2 [2012/05/09 09:18:56, 3] smbd/oplock.c:911(init_oplocks) init_oplocks: initializing messages. [2012/05/09 09:18:56, 3] smbd/oplock_linux.c:223(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2012/05/09 09:18:56, 3] smbd/process.c:1459(process_smb) Transaction 0 of length 159 (0 toread) [2012/05/09 09:18:56, 3] smbd/process.c:1273(switch_message) switch message SMBnegprot (pid 1852) conn 0x0 [2012/05/09 09:18:56, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/05/09 09:18:56, 3] smbd/negprot.c:567(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2012/05/09 09:18:56, 3] smbd/negprot.c:567(reply_negprot) Requested protocol [LANMAN1.0] [2012/05/09 09:18:56, 3] smbd/negprot.c:567(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2012/05/09 09:18:56, 3] smbd/negprot.c:567(reply_negprot) Requested protocol [LM1.2X002] [2012/05/09 09:18:56, 3] smbd/negprot.c:567(reply_negprot) Requested protocol [LANMAN2.1] [2012/05/09 09:18:56, 3] smbd/negprot.c:567(reply_negprot) Requested protocol [NT LM 0.12] [2012/05/09 09:18:56, 3] smbd/negprot.c:567(reply_negprot) Requested protocol [SMB 2.002] [2012/05/09 09:18:56, 3] smbd/negprot.c:567(reply_negprot) Requested protocol [SMB 2.???] [2012/05/09 09:18:56, 3] smbd/negprot.c:387(reply_nt1) using SPNEGO [2012/05/09 09:18:56, 3] smbd/negprot.c:672(reply_negprot) Selected protocol NT LM 0.12 [2012/05/09 09:18:56, 3] smbd/process.c:1459(process_smb) Transaction 1 of length 1764 (0 toread) [2012/05/09 09:18:56, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 1852) conn 0x0 [2012/05/09 09:18:56, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/05/09 09:18:56, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/05/09 09:18:56, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/05/09 09:18:56, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/05/09 09:18:56, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1619 [2012/05/09 09:18:56, 0] libads/kerberos_verify.c:72(ads_dedicated_keytab_verify_ticket) krb5_rd_req failed (Wrong principal in request) [2012/05/09 09:18:56, 3] libads/kerberos_verify.c:568(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Wrong principal in request) [2012/05/09 09:18:56, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2012/05/09 09:18:56, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/05/09 09:18:56, 3] smbd/process.c:1459(process_smb) Transaction 2 of length 1764 (0 toread) [2012/05/09 09:18:56, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 1852) conn 0x0 [2012/05/09 09:18:56, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 1852) conn 0x0 [2012/05/09 09:18:56, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/05/09 09:18:56, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/05/09 09:18:56, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/05/09 09:18:56, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/05/09 09:18:56, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1619 [2012/05/09 09:18:56, 0] libads/kerberos_verify.c:72(ads_dedicated_keytab_verify_ticket) krb5_rd_req failed (Wrong principal in request) [2012/05/09 09:18:56, 3] libads/kerberos_verify.c:568(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Wrong principal in request) [2012/05/09 09:18:56, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2012/05/09 09:18:56, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/05/09 09:18:56, 3] smbd/process.c:1459(process_smb) Transaction 3 of length 1764 (0 toread) [2012/05/09 09:18:56, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 1852) conn 0x0 [2012/05/09 09:18:56, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/05/09 09:18:56, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/05/09
[Samba] s3 connect to s4 ads woes, need guidance..
I'm beating my head up against the wall here.. Need some extra eyes!!! Setup -- Samba4 Domain Controller and samba3 print server.. DNS FlatFile,, All dns works.. Issue, When I browse to the print Server vi \\IP-Address I am able to connect just fine.. When I browse using \\netbios-name I connect to the server but it opens up a username/pass dialog box and no name or passwords will work.. wbinfo -g / -u work fine.. getent passwd/group works perfectly.. I get the following snippet in the log file.. With smb.conf and krb5.conf following that.. setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/05/04 11:45:29, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1619 [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:378(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:568(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2012/05/04 11:45:29, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2012/05/04 11:45:29, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/05/04 11:45:29, 3] smbd/process.c:1459(process_smb) Transaction 2 of length 1764 (0 toread) [2012/05/04 11:45:29, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 14493) conn 0x0 [2012/05/04 11:45:29, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/05/04 11:45:29, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/05/04 11:45:29, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1619 [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:378(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:568(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2012/05/04 11:45:29, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2012/05/04 11:45:29, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/05/04 11:45:29, 3] smbd/process.c:1459(process_smb) Transaction 3 of length 1764 (0 toread) [2012/05/04 11:45:29, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 14493) conn 0x0 [2012/05/04 11:45:29, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/05/04 11:45:29, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/05/04 11:45:29, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1619 [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:378(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:568(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2012/05/04 11:45:29, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2012/05/04 11:45:29, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE SMB.CONF [global] workgroup = ASTROINTERNAL realm = ASTROINTERNAL.COM preferred master = no server string = Linux Test Machine security = ADS encrypt passwords = yes log level = 3 log file = /var/log/samba/%m.log
Re: [Samba] s3 connect to s4 ads woes, need guidance..
I would like to add that kinit works just fine also.. On 05/04/2012 11:51 AM, Aaron E. wrote: I'm beating my head up against the wall here.. Need some extra eyes!!! Setup -- Samba4 Domain Controller and samba3 print server.. DNS FlatFile,, All dns works.. Issue, When I browse to the print Server vi \\IP-Address I am able to connect just fine.. When I browse using \\netbios-name I connect to the server but it opens up a username/pass dialog box and no name or passwords will work.. wbinfo -g / -u work fine.. getent passwd/group works perfectly.. I get the following snippet in the log file.. With smb.conf and krb5.conf following that.. setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/05/04 11:45:29, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1619 [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:378(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:568(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2012/05/04 11:45:29, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2012/05/04 11:45:29, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/05/04 11:45:29, 3] smbd/process.c:1459(process_smb) Transaction 2 of length 1764 (0 toread) [2012/05/04 11:45:29, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 14493) conn 0x0 [2012/05/04 11:45:29, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/05/04 11:45:29, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/05/04 11:45:29, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1619 [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:378(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:568(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2012/05/04 11:45:29, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2012/05/04 11:45:29, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/05/04 11:45:29, 3] smbd/process.c:1459(process_smb) Transaction 3 of length 1764 (0 toread) [2012/05/04 11:45:29, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 14493) conn 0x0 [2012/05/04 11:45:29, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/05/04 11:45:29, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/05/04 11:45:29, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1619 [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:378(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:568(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2012/05/04 11:45:29, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2012/05/04 11:45:29, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE SMB.CONF [global] workgroup = ASTROINTERNAL realm = ASTROINTERNAL.COM preferred master = no server string = Linux Test Machine security = ADS encrypt passwords = yes log level = 3 log file = /var/log/samba/%m.log max log size = 50 printcap name = cups printing = cups allow
Re: [Samba] s3 connect to s4 ads woes, need guidance..
I found the issue was with kerberos,, I compiled from source kerberos and linked s3 to it .. set everythying up and it works .. (found this resolution through google.. ) I assume that I'll have to do this since ubuntu doesn't update their packages .. lts my arse!! Might be time to switch server distros as I run across this more and more as time goes on.. On 05/04/2012 11:54 AM, Aaron E. wrote: I would like to add that kinit works just fine also.. On 05/04/2012 11:51 AM, Aaron E. wrote: I'm beating my head up against the wall here.. Need some extra eyes!!! Setup -- Samba4 Domain Controller and samba3 print server.. DNS FlatFile,, All dns works.. Issue, When I browse to the print Server vi \\IP-Address I am able to connect just fine.. When I browse using \\netbios-name I connect to the server but it opens up a username/pass dialog box and no name or passwords will work.. wbinfo -g / -u work fine.. getent passwd/group works perfectly.. I get the following snippet in the log file.. With smb.conf and krb5.conf following that.. setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/05/04 11:45:29, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1619 [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:378(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:568(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2012/05/04 11:45:29, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2012/05/04 11:45:29, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/05/04 11:45:29, 3] smbd/process.c:1459(process_smb) Transaction 2 of length 1764 (0 toread) [2012/05/04 11:45:29, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 14493) conn 0x0 [2012/05/04 11:45:29, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/05/04 11:45:29, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/05/04 11:45:29, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1619 [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:378(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:568(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2012/05/04 11:45:29, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2012/05/04 11:45:29, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/05/04 11:45:29, 3] smbd/process.c:1459(process_smb) Transaction 3 of length 1764 (0 toread) [2012/05/04 11:45:29, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 14493) conn 0x0 [2012/05/04 11:45:29, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/05/04 11:45:29, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/05/04 11:45:29, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1619 [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:378(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:568(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2012/05/04 11:45:29, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2012/05/04 11:45:29
Re: [Samba] User's home folders
No Problem You'll just need the proper filesystem iee ext3, ext4 on the partition your home folders will be on.. On 05/02/2012 10:52 AM, zingalo wrote: Hi, i have a debian server with 2 hd, sda and sdb. Debian is installed in sda1. I'll create an home folder for every user. He will login into this from the clients. Could be a problem creating and using on sdb where there is not the operating system? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User's home folders
I think we'll need more information about your setup.. All linux machines, or mix of windows / linux.. On 05/02/2012 11:33 AM, zingalo wrote: Thanks! i have a second question. sorry if i didn't write before. My server has samba, smbldap-tools and ldap installed. On the server i have a public directory /user_data with some documents available to everyone of domain and the directory i told you /usersHomes where i'll make every directory for every user. (ex: /usersHomes/username). /user_data doesn't need authentication but a user can enter in his home directory only. I don't understand how these directory will be mount from the clients after the user login. What are the possibility? - insert in /etc/fstab two line to mount the /user_data and /usersHomes? - or autofs? Thanks again On 05/02/2012 05:02 PM, Aaron E. wrote: No Problem You'll just need the proper filesystem iee ext3, ext4 on the partition your home folders will be on.. On 05/02/2012 10:52 AM, zingalo wrote: Hi, i have a debian server with 2 hd, sda and sdb. Debian is installed in sda1. I'll create an home folder for every user. He will login into this from the clients. Could be a problem creating and using on sdb where there is not the operating system? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Users
Make sure you can look up users with wbinfo if not fillow the samba4 winbind wiki.. On 03/30/2012 06:23 PM, sandy.napo...@eccmg.cupet.cu wrote: Hello list, Look at it chown pepe Temp chown: invalid user: `pepe' Where pepe es a users tha was create in active directory, it problem is in samba4 as BDC, i follow the step in how to samba4 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mode mask
you can set default permissions on the share folder using something like this.. setfacl -m default:group:gid:perms folder -- default perms are inherited.. On 03/30/2012 07:29 AM, lejeczek wrote: actually it gets even more weird, from my perspective at least maybe it all works but not for empty folders if there are no subfolders then everyone authenticated has full control, can delete the folder permissions seem to begin to apply as soon as some content ends up the folder but there is another thing test\ testA test.txt testB test.txt if a user B was given, with means of windows client, 'Modify' permission over testB and then this user creates test.txt in this testB folder, then nobody has access to the file apart from listing it, cannot open/read it testA remained intact, userA created testA and test.txt in it and everybody can open/read test.txt it seems like at the point where windows acl are added, by adding a user/permission to folder, that newly created file by that added user gets unix acl like this # file: testB\test.txt # owner: my_Buser # group: Domain\040Users user::rwx user:my_Buser:rwx group::--- mask::rwx other::--- whereas testA\test.txt has no ACLs yet, in other words has: # owner: my_Auser # group: Domain\040Users user::rwx group::r-- other::r-- how to tell samba to make it readable to the group, by default, at file creation time? many thanks On 30/03/12 11:30, lejeczek wrote: dear all trivial kind of question for which I do apologize, but it's sort of puzzling in a share when a windows client creates something samba sets it as 755, yet another user can still delete, in this case a folder which part of configuration fixes it so it would behave as expected? what I have by default is: acl check permissions = Yes acl group control = No acl map full control = Yes create mask = 0744 force create mode = 00 security mask = 0777 force security mode = 00 directory mask = 0755 force directory mode = 00 directory security mask = 0777 force directory security mode = 00 force unknown acl user = No inherit permissions = No inherit acls = No inherit owner = No cheers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is there a startup script for ubuntu 10.04.1 lts for samba4 alpha 18?
I just took the smb3 init script and edited / commented out what wasn't relevent.. On 02/23/2012 02:04 AM, Michael Wood wrote: On 22 February 2012 23:13, timothy mcdanieltimnb...@gmail.com wrote: Is there a startup script for ubuntu 10.04.1 LTS for samba4 alpha 18? Please could someone please give me a script so that samba4 is automaticly started up when my server starts up? You can try the attached script. (Let's hope the mailing list doesn't strip it.) Move it to /etc/init.d/samba4 and make sure it is executable. Then run: update-rc.d samba4 defaults -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl's, Samba4 and rw shares
The permissions are slightly different for s4, as in you will be setting most of the folder perissions at the windows level. Youll need to make sure that user_xattr and acl is enabled for the filesystem. You can't really chmod per say, youll need to access the security tab for the share and apply permissions you need at that level... you can view the permissions using the samba-tool for the share at the nix level like so samba-tool ntacl folder/file you'll see this gives a bunch of jibberish but you will see it working.. If you havn't assigned perms through windows yet it will return stating no permissions or something to that effect.. Youneed to set the setfacl -m default:user:xxx folder for inheritance in linux but windows users will always use ntacls I believe On 02/16/2012 06:37 AM, steve wrote: Hi I'm trying to make a share called dropbox rw for members of a group. /usr/local/samba/etc/smb.conf [global] server role = domain controller workgroup = CACTUS realm = hh3.site netbios name = HH3 passdb backend = samba4 template shell = /bin/bash [netlogon] path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [home] path = /home/CACTUS/%USERNAME% read only = No [profiles] path = /home/CACTUS/profiles%USERNAME% read only = No [dropbox] path = /home/dropbox read only = No I have mkdir -m 0770 /home/dropbox chown steve:debusers /home/dropbox chmod g+s /home/dropbox/ setfacl -Rm g:debusers:rw,d:g:debusers:rw /home/dropbox/ getfacl /home/dropbox/ getfacl: Removing leading '/' from absolute path names # file: home/dropbox/ # owner: steve # group: debusers # flags: -s- user::rwx group::rwx group:debusers:rw- mask::rwx other::--- default:user::rwx default:group::rwx default:group:debusers:rw- default:mask::rwx default:other::--- If I create a file in the share using touch (or right click on the share new in explorer), no problem: steve2@hh3:~$ touch /home/dropbox/hola steve2@hh3:~$ ls -l /home/dropbox/hola -rw-rw+ 1 steve2 debusers 0 2012-02-16 12:11 /home/dropbox/hola But, if I create the file in my home folder (or the mapped home folder drive on Windows) and then copy or drag it to the share, I don't get group rw: steve2@hh3:~$ touch hola2 steve2@hh3:~$ cp hola2 /home/dropbox/ steve2@hh3:~$ ls -la /home/dropbox/hola2 -rw-r-+ 1 steve2 debusers 0 2012-02-16 12:12 /home/dropbox/hola2 None of the smb.conf force group nor acl commands are recognised. I could cron the setfacl as a workaround or get the users to chmod it to 660 but, well. . . 1. Is it possible to copy a file to a folder and have it inherit the parent folder permissions? 2. How do you chmod 660 on windows? Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl's, Samba4 and rw shares
If you apply ntacl to the share in windows you will not get this error ERROR(type 'exceptions.TypeError'): uncaught exception - (61, 'No data available') That is simply saying there are no extra ntacl settings applied to the share.. If there were you would see them.. Unfortunately I cannot help with applying settings from the command line, I was also trying to accomplish this to no avail.. I would suggest setting share permissions through windows and then looking at them via command line,, they are like nothing your going to want to work with. I posed this question in samba-technical IRC, was advised that samba-tool ntacl was more for scripting than actual management at this point in time.. I believe you'll get better results with tieing up a windows box.. On 02/16/2012 12:31 PM, steve wrote: On 02/16/2012 03:48 PM, Aaron E. wrote: The permissions are slightly different for s4, as in you will be setting most of the folder perissions at the windows level. Youll need to make sure that user_xattr and acl is enabled for the filesystem. That seems OK: mount | grep xattr /dev/sda1 on / type ext4 (rw,errors=remount-ro,user_xattr,commit=0) You can't really chmod per say, youll need to access the security tab for the share and apply permissions you need at that level... you can view the permissions using the samba-tool for the share at the nix level like so samba-tool ntacl folder/file you'll see this gives a bunch of jibberish but you will see it working.. If you havn't assigned perms through windows yet it will return stating no permissions or something to that effect.. I tried this: -rw-r- 1 steve2 debusers 0 2012-02-16 14:47 /home/dropbox/s2 samba-tool ntacl get /home/dropbox/s2 ERROR(type 'exceptions.TypeError'): uncaught exception - (61, 'No data available') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 162, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py, line 106, in run acl = getntacl(lp, file, xattr_backend, eadb_file) File /usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py, line 62, in getntacl xattr.XATTR_NTACL_NAME) samba-tool ntacl set /home/dropbox/s2 Usage: samba-tool ntacl set acl file [options] But I can't find that documented anywhere. Would I need to look in the source to get a list of options? Basically I'm trying not to have to tie up a windows box to do his stuff. Youneed to set the setfacl -m default:user:xxx folder for inheritance in linux but windows users will always use ntacls I believe I've done a few ldbsearch's in /usr/local/samba/private but I can't find anything to do with the dropbox share I have defined. Any ideas? Thanks On 02/16/2012 06:37 AM, steve wrote: Hi I'm trying to make a share called dropbox rw for members of a group. /usr/local/samba/etc/smb.conf [global] server role = domain controller workgroup = CACTUS realm = hh3.site netbios name = HH3 passdb backend = samba4 template shell = /bin/bash [netlogon] path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [home] path = /home/CACTUS/%USERNAME% read only = No [profiles] path = /home/CACTUS/profiles%USERNAME% read only = No [dropbox] path = /home/dropbox read only = No I have mkdir -m 0770 /home/dropbox chown steve:debusers /home/dropbox chmod g+s /home/dropbox/ setfacl -Rm g:debusers:rw,d:g:debusers:rw /home/dropbox/ getfacl /home/dropbox/ getfacl: Removing leading '/' from absolute path names # file: home/dropbox/ # owner: steve # group: debusers # flags: -s- user::rwx group::rwx group:debusers:rw- mask::rwx other::--- default:user::rwx default:group::rwx default:group:debusers:rw- default:mask::rwx default:other::--- If I create a file in the share using touch (or right click on the share new in explorer), no problem: steve2@hh3:~$ touch /home/dropbox/hola steve2@hh3:~$ ls -l /home/dropbox/hola -rw-rw+ 1 steve2 debusers 0 2012-02-16 12:11 /home/dropbox/hola But, if I create the file in my home folder (or the mapped home folder drive on Windows) and then copy or drag it to the share, I don't get group rw: steve2@hh3:~$ touch hola2 steve2@hh3:~$ cp hola2 /home/dropbox/ steve2@hh3:~$ ls -la /home/dropbox/hola2 -rw-r-+ 1 steve2 debusers 0 2012-02-16 12:12 /home/dropbox/hola2 None of the smb.conf force group nor acl commands are recognised. I could cron the setfacl as a workaround or get the users to chmod it to 660 but, well. . . 1. Is it possible to copy a file to a folder and have it inherit the parent folder permissions? 2. How do you chmod 660 on windows? Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl's, Samba4 and rw shares
Setting the Permissions in windows is easy, browse to your server like so..start run \\server right click share properties, security tab -- if your unfamiliar with windows permissions I would read up on those.. being doable in linux,, hmm I'm sure it is but as I said I would create a share change windows permissions and look at them through linux, do that and you'll get the idea of what I'm talking about... Someone can correct me here if I step out of bounds but I don't think the samba team has gotten this far yet to make the samba-tool ntacl tree practical to use.. as far as how the perms are shared is relative to file-system support, that's what the user_xattr support on the mount point is for.. so it adds the support for the Linux mount to store the NTACLS , Hi Thanks for taking the time to explain this. Just thinking out loud, but since windows will be storing stuff on an ext4 filesystem, whatever the ntacl does must be doable in Linux too no? Or am I missing the point here? Anyway, the next stage is to find where to set the ntacl from the windows side. Is it a case of searching or is it buried deep inside the registry somewhere? BTW, we have setup the S4 users with posix attrs and files are stored correctly on both Linux and windows. We map via nss-pam-ldapd on Linux. Not set any ntacls there, so far that is since we've only just started to experiment with rw shares.. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Joining a MS sevrer 2008 R2 machine to a Samba domain
Unfortunately, 2008 servers require AD to function properly with licensing. This question has been posed a few times and that was the conclusion. It works with S4 but not s3,, I had a third party seem to get this working on a test server with adding extra samba/ldap schemas but have never implemented live as we decided to move to S4.. On 02/13/2012 07:47 AM, Stuart Bailey wrote: Hello, I'm have an established Samba domain, where Samba is the PDC. It is working well with XP and Win7 clients. However, there is some bespoke software that must run on a Windows Server, due to the number of concurrent connections issue. So, we have installed a Windows 2008 R2 server and joined it to the Samba domain. This worked fine after applying the registry changes listed on the Samba wiki. However, I am now getting an error displayed on the Windows Server: 'The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller. If the license check cannot be completed, the server will automatically shut down in 10 day(s) 22 hour(s). For more information, click Help' Are the any suggested fixes, or config options that will satisfy the Windows server? Many thanks, Stuart Bailey BSc (hons) CEng CITP MBCS LinuSoft (Managing Director) Linux Specialist Software Developer ~~~ Phone: (0845) 658 3563 Direct: +44 (0) 1953 878162 Fax:+44 (0) 1603 858583 ~~~ http://www.linusoft.co.uk __ Information from ESET Mail Security, version of virus signature database 6879 (20120213) __ The message was checked by ESET Mail Security. http://www.eset.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Joining a MS sevrer 2008 R2 machine to a Samba domain
Nope, R1 was the version I was first working with.. On 02/13/2012 12:04 PM, Gaiseric Vandal wrote: Any chance you can downgrade to Win 2008 (not R2?) On 02/13/2012 11:21 AM, Stuart Bailey wrote: Thanks, I'll see if we can upgrade to S4. On Monday 13 February 2012 16:00:13 Aaron E. wrote: Unfortunately, 2008 servers require AD to function properly with licensing. This question has been posed a few times and that was the conclusion. It works with S4 but not s3,, I had a third party seem to get this working on a test server with adding extra samba/ldap schemas but have never implemented live as we decided to move to S4.. On 02/13/2012 07:47 AM, Stuart Bailey wrote: Hello, I'm have an established Samba domain, where Samba is the PDC. It is working well with XP and Win7 clients. However, there is some bespoke software that must run on a Windows Server, due to the number of concurrent connections issue. So, we have installed a Windows 2008 R2 server and joined it to the Samba domain. This worked fine after applying the registry changes listed on the Samba wiki. However, I am now getting an error displayed on the Windows Server: 'The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller. If the license check cannot be completed, the server will automatically shut down in 10 day(s) 22 hour(s). For more information, click Help' Are the any suggested fixes, or config options that will satisfy the Windows server? Many thanks, Stuart Bailey BSc (hons) CEng CITP MBCS LinuSoft (Managing Director) Linux Specialist Software Developer ~~~ Phone: (0845) 658 3563 Direct: +44 (0) 1953 878162 Fax: +44 (0) 1603 858583 ~~~ http://www.linusoft.co.uk __ Information from ESET Mail Security, version of virus signature database 6879 (20120213) __ The message was checked by ESET Mail Security. http://www.eset.com Stuart Bailey BSc (hons) CEng CITP MBCS LinuSoft (Managing Director) Linux Specialist Software Developer ~~~ Phone: (0845) 658 3563 Direct: +44 (0) 1953 878162 Fax: +44 (0) 1603 858583 ~~~ http://www.linusoft.co.uk __ Information from ESET Mail Security, version of virus signature database 6880 (20120213) __ The message was checked by ESET Mail Security. http://www.eset.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 user mapping into filesystem
This may help you out.. https://wiki.samba.org/index.php/Samba4/Winbind On 02/09/2012 07:17 AM, Brantley Hobbs wrote: On Wed, Feb 8, 2012 at 5:31 PM, William Brown william.e.br...@adelaide.edu.au wrote: You likely don't have ACL's enabled on the filesystem that samba is sharing. You can check with sudo tune2fs -l /dev/vg_lillie/lv_root | grep option replacing your disk into that command. You should see something like Default mount options:user_xattr acl If not, you should enable the filesystem ACL using tune2fs, then reboot your machine. tune2fs -o acl /dev/sda1 And this is why you don't use a mailing list while half asleep. I misread yoru problem. Probably still good to check that. Anyway, do you have the machine joined to its own domain? Are you running winbind to resolve the usernames etc? The issue you might be seeing is that while they have an owner that isn't there, if you use getfacl on the file it should have the ACL's to allow the group / user in question to read/write it. The non existent user could be due to winbind trying to map the user Id to an account, but you don't have the client side of the resolver setup, so it shows non existant. using ls, check the numerical ID on the files. Odd. I certainly have the mount options in /etc/fstab, and using the little test on the HOWTO (https://wiki.samba.org/index.php/Samba4/HOWTO#NOTE_about_filesystem_support), it's supposed to be working. However, listing the filesystem options with tune2fs shows none for Default mount options. ext_attr does show as a feature in Filesystem features however. To your other questions: - I assume that provisioning the installation implicitly joined it to the domain. This is the only domain controller on a very small network. If provisioning didn't join it automatically, then no, it's not joined to its own domain. - Winbind isn't installed. I followed the HOWTO, but didn't see a step about installing winbind. Like I say, everything else appears to be working fine. I'm just trying to wrap my head around the relationship between Samba's internal users and the underlying filesystem permissions. Thanks for you help! Brantley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Remote Desktop Users Group
This group should be predefined on the Windows server,, It is in the local users and groups (not domain).. I believe all servers have this group.. Create a domain group add this domain to the local group and add users to the domain group.. whalla.. On 02/07/2012 10:59 AM, Fergus M wrote: On 07/02/12 15:31, Jürgen Echter wrote: Hi, could somebody tell me how to add the group 'Remote Desktop Users' to my domain? So i can add users there to login into machines remotely. thanks juergen I think I can around this by going to Remote properties within My Computer properties, and there is a button to specify users/groups that can remote login to the machine. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Joining Active Directory wbinfo -u
I'll take a wild stab at this one though someone will probably correct me.. I have not set up winbind4 but this is my take on it.. First, check your /etc/nsswitch.conf file and verify that you have something similar to the following.. winbind needs to be there to work.. Unless it's changed in winbind4. passwd: files ldap winbind group: files ldap winbind shadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis Second,, I would probably go with samba3 if it isnt' going to be your DC. It would work just fine.. You'll just need to set up your smb.conf to properly join the domain with winbind settings to connect to an AD Domain with the nsswitch file setup properly. On 02/02/2012 01:25 PM, Gilmour, Scott wrote: Hi, I was able to join the domain correctly and from what I Understand I should see it added as A computer on my Windows 2008 Server PC. Is this true? But when I do a wbinfo -u I do not see my domain users listed. I was wondering if this is because we installed winbind4 rather than winbind? I installed samba4 and winbind4 in Ubuntu 11.04 LTS Thanks for everyones help, Scott root@FreeRadius:/etc/init.d#mailto:root@FreeRadius:/etc/init.d# net ads testjoin Join is OK root@FreeRadius:/etc/init.d#mailto:root@FreeRadius:/etc/init.d# net ads info LDAP server: 20.1.180.55 LDAP server name: 2008ServerR2.SQA.net Realm: SQA.NET Bind Path: dc=SQA,dc=NET LDAP port: 389 Server time: Thu, 02 Feb 2012 09:27:31 EST KDC server: 20.1.180.55 Server time offset: -124 root@FreeRadius:/etc/init.d#mailto:root@FreeRadius:/etc/init.d# wbinfo -u Error looking up domain users root@FreeRadius:/etc/init.d#mailto:root@FreeRadius:/etc/init.d# -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] TS licensing problem on samba domain
I can confirm that this is an issue. We went through this to great lengths. I can also confirm that after you install the licensing it will not keep track of the issued calls properly. I also remember that since it isn't working properly that you may still be on the temporary install and after the term period it will not function. We had a third party work with this and they were able to get the cals to function with specific schemas added to samba and ldap. This allowed it to work and keep track of cals properly but the error in Licensing / Diagnostics was still there.. The licensing was working and looked like it would not expire. I went through great lengths on this one and found no resolution aside from special schemas.. On 01/29/2012 08:08 PM, Andrew Bartlett wrote: On Sun, 2012-01-29 at 12:02 -0500, Ludovic Rouse-Lamarre wrote: Hello, We have recently joined a Windows Server 2008 R1 on our samba domain as a domain member. The samba domain controller runs Samba version 3.4.9 on FreeBSD 8.2. We use the Windows Server as a terminal server for our domain users who need an accounting application called Acomba. Therefore we have added TS User CALs to the server in question. The TS Licensing Server was activated and the licenses were installed succesfully. The problem comes when we use the Licensing Diagnosis tool inside the TS Configuration application. It then reports that it cannot find the TS Licensing Server and that we are still within the grace period. I have also called Microsoft and they have confirmed to me that this is a technical issue and that the licenses are correctly installed. I get the feeling however that when I tell them I use a Samba domain controller they won't be of any help. Microsoft has gone to great technical lengths to support Samba3 domains. It may well be that some functionality of Microsoft products relies on an AD domain (which we are providing with Samba4), but do not assume that they will be hostile. If they claim an interoperability issue, we can refer that to the group within Microsoft that specifically deals with interoperability issues for us. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
If I understand you properly, I believe you want to disable or enable pending on what you need these two settings in cupsd.conf Browsing on/off BrowseAllow None/All On 01/25/2012 11:28 AM, Yécine Allouache wrote: Hello, I'm on a debian Squeez and I use Samba 3.5.6 and CUPS 1.4.4 When I add a printer with windows: \\server\Name_printer, regulary all printers on this server come with this syntax: Auto-Nameprinter on server. I search in the configuration file but I can not find options that will fix this problem. Thanks! -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
You could turn off the Windows Automatic printer find feature? That would stop the printers that are found and Tagged Auto I believe.. Windows searches the network for shared printers and will auto add the printer if this is turned on and they will be tagged as Auto.. My first post is probably irrelevant if this is the issue.. But it may have the same effect to set BrowseAllow NONE, if it is finding the cups shared printers.. On 01/25/2012 01:09 PM, Yécine Allouache wrote: Sorry I'm not really fluent in english :) I will try tomorrow, but I did not know that CUPS could be the reason Le 25 janvier 2012 17:28, Yécine Allouacheyecine.alloua...@gmail.com a écrit : Hello, I'm on a debian Squeez and I use Samba 3.5.6 and CUPS 1.4.4 When I add a printer with windows: \\server\Name_printer, regulary all printers on this server come with this syntax: Auto-Nameprinter on server. I search in the configuration file but I can not find options that will fix this problem. Thanks! -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-tool samba3upgrade question
Oh man well that is good to know!! I was assuming that if things should go real wrong I would be able to backpedal and do handstands!! On 01/12/2012 10:01 AM, Adam Tauno Williams wrote: Quoting Deyan Stoykov dstoy...@uni-ruse.bg: I'm looking into using this tool for migration to samba4, however I'm unable to determine if it requires any intervention on the domain members like ADMT does? After looking into the source code I see that the domain SID remains the same. Does this mean that the members (WinXP 7) will continue to function properly? Theoretically, yes. But be careful, once they find the Active Directory domain they can't be made to go back to the old domain model / controller. So TEST TEST TEST. Will they start using AD membership functionality such as Group policies and kerberos automatically? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba with LDAP Authentication
Check out SASL library's On 01/10/2012 04:35 PM, steve wrote: On 01/10/2012 09:50 PM, Amit More wrote: Hello All, I want to authenticate existing LDAP users to samba shares. From what i have been reading, it seems like there are two ways to achieve this 1. Configure samba to use plaintext passwords (encrypt passwords = no in smb.conf) and configure clients to send unencrypted passwords. 2. Use smbpasswd utility to add users. Using this utility the user's samba password will be different from the LDAP password. I don't want to use plaintext authentication so cannot use the first method described here. I also want the samba password to be the same as the LDAP password and must be in sync. Is there anyway to achieve this? Can anyone please point me in the right direction? I would really appreciate your help. Thanks, Amit Hi. We have a one password solution like you describe running on openSUSE. There is a good howto here: http://digiplan.eu.org/ldap-samba-howto-v4.html It may get you started at least. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Folder Permissions
Check your extended ACL permissions and verify that they are enabled for your kernel.. On 01/03/2012 09:05 AM, Stefan Horning wrote: Hello list members, my name is Stefan, this is my first post to this Mailinglist, so please bear with me. ;) I am working as a Network Administrator of a small Office Network. We use Debian Server as Samba PDC and Fileserver. The Domain runs pretty well with all the Windows 7 Clients. I have just one thing that bugs me. In the groupshare we set up, users can only access folders that are world readable, for some reason. As a temporary fix I put all users into the Domain Admin group, so they can at least use the groupshare. But first of all you probably want to know the details. The Samba Version is 3.5.6 This is my smb.conf: - [global] netbios name = SCM-SRV-01 server string = Domain Server (%h) workgroup = SCM interfaces = eth1 eth2 eth3 bind interfaces only = yes security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . local master = yes preferred master = yes os level = 200 domain master = yes domain logons = yes logon path = \\%L\%U\profile logon drive = h: logon script = login.bat profile acls = yes hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/AppData/profile.V2/ hide dot files = yes wins support = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d socket options = TCP_NODELAY #=== Share Definitions === [homes] comment = Home Directories browseable = no valid users = %S writeable = yes create mode = 0600 directory mode = 0700 [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writeable = no share modes = no [groups] writable = yes path = /home/groups force group = users comment = All group folders create mode = 660 directory mode = 770 --- Output of net groupmap list: Domain Users (S-1-5-21-2431676908-1022338963-3230702413-513) - users Domain Guests (S-1-5-21-2431676908-1022338963-3230702413-514) - guests Domain Admins (S-1-5-21-2431676908-1022338963-3230702413-512) - domainadmin --- Like I said everyting works well, except the permissions in the share [groups]. All linux (and therefore domain) users are in the primary group users. All the employees are in the group 'mitarbeiter'. So if I set /home/groups to drwxr-x-- 11 root users 4096 2. Jan 13:08 groups/ the share is not accessible. Eventhough alle users are in the group users and should therefore be able to read that folder. If I put users into the domainadmin group, group permissions work as expected. All employees can access subfolders of groups which are readable to mitarbeiter (but not others they have no permissions for) and can also read the content of /home/groups. So the mapping of unix groups from Windows7 works without problems. Folder permission in Samba can only be realized if I make folders world readable, which is not what I want for all folders. After extensive internet research I could not figure out what I am doing wrong. I also had similar samba setups where unix group permissions always where correctly used in samba. I suspect it being a problem with domain groups and there mapping. I also tried to create some samba Domain Groups and map them to the local unix groups, which didn't make a difference either. So I hope anybody on this list knows what the problem is. I am happy to give more information as needed! Thanks, Stefan Horning -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC file server on same machine?
I have a s3.4 pdc with a bdc,, pdc is serving around 80 users on terminal services and another 50 fat clients,,, acts as the file server.. roaming profiles etc... I have no issues other than the network card only being 100mb,, I do have a throughput issues.. but that is on the table.. On 12/07/2011 06:03 PM, John Heim wrote: How much of a resource hog is a PDC? My understanding is that authentication is done vs a BDC if available. I configured my new file server as the domain PDC because I figured it would already have to run samba. I have two other machines configured as BDCs to serve as logon servers. I'm looking for opinions on whether I'm asking for performance problems by making my file server the PDC. Actually, this machine is already serving as PDC but its not in production yet as a file server. So right now, its just the domain PDC. When I log into the domain and echo %logonserver%, it shows that one of the BDCs was the logon server, not the PDC. It doesn't look like the PDC has to do anything but handle joining machines to the domain. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] log.smbd vs smbd.log?
that drove me nuts also, I just change it in the smb.conf, though it still seems to populate the smbd.log with some items, that might be just restarting the daemon.. On 11/22/2011 10:52 AM, John Heim wrote: Obviously this is not a very important question but I was wondering why the convention seems to be to name samba log files log.something instead of something.log. For example, the smbd log is called log.smbd rather than smbd.log. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] User authentication log
We've changed the password for the administrator account, once it was changed a few minutes later the administrator account locked out, Something is set to log in as admin on our network whether it be a share set up with those credentials,, not sure at this point.. I'm having trouble finding any logs of failed login attempts, and would like some help on getting the proper logging or pointers on what to grep for from the logs, or anything that will point me in the right direction to find the nodes in questions? I have an openldap backend.. Right now for logging I have #log file = /var/log/samba/%m.%U.log log file = /var/log/samba/%m.log log level = 5 vfs objects = full_audit full_audit:prefix = %u|%I|%m|%S full_audit:success = connect mkdir rename rmdir #full_audit:success = all full_audit:failure = none full_audit:facility = LOCAL7 full_audit:priority = alert Thank you Very much, Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password expires every month even though 'Password Must Change' is set to 'never' (Samba+LDAP)
Sounds like you've checked mostly all except your ldap backend... Check your LDAP DB for... (they will be in nix timestamp) sambaPasswordCanChange sambaPasswordLastSet sambaPasswordMustChange setup smbldap-tools package On 10/13/2011 11:00 PM, Jeffrey Chan wrote: I'm using OpenLDAP as backend. On Wed, Oct 12, 2011 at 11:16 PM, Aaron E.ssures...@gmail.com wrote: Just cuirous are you using pam or ldap backend? On 10/12/2011 09:22 AM, Marco Ciampa wrote: On Wed, Oct 12, 2011 at 12:15:16PM +0800, Jeffrey Chan wrote: Hi all, I've posted this a month ago but haven't gotten a reply. Can anyone please help? - Jeff On Mon, Aug 29, 2011 at 5:14 PM, Jeffrey Changoofri...@gmail.com wrote: Hi all, Since a few months ago Samba ask each of our users to change password at log on every month and I have not been able to disable it. I found this page and follow the instructions: http://playingwithsid.**blogspot.com/2010/12/change-** samba-password-expiry-setting.**htmlhttp://playingwithsid.blogspot.com/2010/12/change-samba-password-expiry-setting.html The default ‘Password Must Change’ policy was set to never and pdbedit shows ‘Password Must Change: never’ for each user, yet the passwords still get expire once a month. Can anyone please give me some pointers? - Jeff Just a hint (maybe wrong...) obey pam restrictions = No ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password expires every month even though 'Password Must Change' is set to 'never' (Samba+LDAP)
Just cuirous are you using pam or ldap backend? On 10/12/2011 09:22 AM, Marco Ciampa wrote: On Wed, Oct 12, 2011 at 12:15:16PM +0800, Jeffrey Chan wrote: Hi all, I've posted this a month ago but haven't gotten a reply. Can anyone please help? - Jeff On Mon, Aug 29, 2011 at 5:14 PM, Jeffrey Changoofri...@gmail.com wrote: Hi all, Since a few months ago Samba ask each of our users to change password at log on every month and I have not been able to disable it. I found this page and follow the instructions: http://playingwithsid.blogspot.com/2010/12/change-samba-password-expiry-setting.html The default ‘Password Must Change’ policy was set to never and pdbedit shows ‘Password Must Change: never’ for each user, yet the passwords still get expire once a month. Can anyone please give me some pointers? - Jeff Just a hint (maybe wrong...) obey pam restrictions = No ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba with nfs mount in path and MS Office App's
I believe I remember seeing a similar thread and it was disabling oplocks in samba ? On 10/12/2011 10:30 AM, free...@gmx.ch wrote: Hi Listmembers Problem: Windows Clients having problems with Microsoft Office App's (Excel, Word) when the files are on the Samba Share documents (which is mapped through a Windows Drive Letter on the client). Two clients have MS Office 2003. They can open doc Documents but when they want to save it error messages are appearing (message about to less space on drive, but this is a false errormessage). Saving of documents does not work and MS Office crashes. Sometimes Word is crashing already when the user opens a document. Same with XLS document. One client has MS Office 2010. He can open and save changes in Microsoft Office Documents. But saving changes, even small ones, are taking 30 seconds. Clients which are using Open Office having no problems. They can even open and saving the MS Office document without Problem. Also with other Applications there are no problems (ex. opening pdf documents, txt documents with notepad etc.). So the problems occurs only while working with this share documents and using Microsoft Office. I've got another share on the same Samba Server named personal. The Microsoft Office clients have no problems on this share. The only difference is that the path from personal share in smb.conf is not a NFS Mount but a location on the harddisk of the server itselve (ext3 partition). So the problem has something to do with using Samba shares which have their path on NFS Mounts. System environment: Centos 5.x Server Samba Version 3.0.33 ***Samba Config [global] workgroup = OfficeLAN server string = qube2 lanman auth = Yes client NTLMv2 auth = Yes time server = Yes add machine script = /usr/sbin/useradd -d /dev/null -g samba-clients -s /bin/false -M %u logon script = %U.bat logon drive = M: logon home = \\%N\profiles\%U logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins server = 10.0.10.12 wins support = Yes ldap ssl = no admin users = @sysadmin printer admin = @sysadmin cups options = raw [documents] comment = documents path = /home/nfs_qube2/documents force user = admin read only = No guest ok = Yes *** The documents share is on a NFS Mount which is mounted in /etc/fstab 10.0.10.13:/vol/nfs_qube2/office-data /home/nfs_qube2 nfs rw,bg,vers=3,tcp,timeo=600,rsize=32768,wsize=32768,hard,intr Thanks for any advice -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Moving Domains - profiles question
I'm gong to go out on a limb here and say the process will need tested on your end. In my experience what has worked for one site has not worked for another. It is all about getting the procedure right for your site. That being said the procedure you linked usually works pretty well when dealing with local profiles, I have found it doesn't work all that great with roaming profiles but, what does work well with roaming profiles? I usually clean out all the temp files/cookies and any items you can clean up before the transfer of profiles but that's just my preference.. On 08/11/2011 12:03 PM, Dermot wrote: Hi, I have an existing WinNT domain and, after some labour, a new Samba3x domain. I created the Samba domain with a different name because the WinNT domain name wasn't appropriate. I have about 40 users. Their accounts have been added to the new domain. I'm almost ready to shift everyone to the new domain but I am a bit concerned about the user's profiles. These are local profiles. I want this domain move to be transparent to the users so I need to copy or move the individual profiles. I've seen this procedure for copying a profile (http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sysdm_userprofile_copy.mspx?mfr=true) What I'm concerned about is if I move the profile wholesale into the new path, keys in the old user.dat might conflict with the new domain. Does anyone have any experience of this type of migration that can offer any advice? Thanks in advance, Dermot. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
clear the logs and monitor for a few days,, If there is not real activity just shut down the service and see if anyone complains they can't access something.. After a few days/weeks/months pull the server. Might not be the perfect scenario but if smbstatus isn't displaying what you need then this might make you feel better about it lol On 07/27/2011 04:33 AM, Malte Forkel wrote: Am 26.07.2011 19:27, schrieb Jeremy Allison: On Tue, Jul 26, 2011 at 07:18:15PM +0200, Malte Forkel wrote: Am 26.07.2011 19:08, schrieb John Drescher: On Tue, Jul 26, 2011 at 1:04 PM, Malte Forkelmalte.for...@berlin.de wrote: Am 26.07.2011 18:42, schrieb Chris Weiss: On Tue, Jul 26, 2011 at 3:06 AM, Malte Forkelmalte.for...@berlin.de wrote: Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an open file in Windows/Samba, after all? May be it depends on the application used to open the file? yes, it depends on the application. If the app closes the file and leaves the share, samba honors that. if the app keeps the file handle open, samba does too. So an application (like SciTE) might open a file, read and display its contents, and close the file while continuing to display it. And in contrast, a different application might not close the file while it is displaying its contents? Exactly. John Well, thanks to all of you for your help. In summary then, it looks to me like I won't be able to reliably detect if there is any client out there who would be disappointed if the server shuts down. Of course you will ! smbstatus does this as I keep repeating. If an application has opened and closed the file and keeps it in memory, then the user won't be disappointed if the server is shut down, they'll get an IO error on save and have to do a save as to a local (or other remote) drive. If an application keeps the file open (so it's not safely stored in memory) then smbstatus will show this and you don't shut the server down. You seem to think there's some magic option that will show you client intent, not client activity. Client activity is all you need to care about, and smbstatus show you this. Doesn't matter if applications are running or not, whether that have actual files open is all that matters. Jeremy. Well, I guess some people get disappointed more easily than others :-) I understand that users won't loose any data if the server shuts down and they save as their changes. But having to re-synchronize those files with those on the server once it is up again is something I'd like to avoid. Plus, the open files (from a user perspective) might just be an indicator that the user would like to use other capabilities of the server as well. E.g., he might do remote development of an application on the server using Eclipse on the Windows machine. If I found out that the server had shut down when I try to compile a new version (implicitly saving changed files before), I'd be disappointed. Malte -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows printer drivers
First you have to install a Printer in Cups, then reload samba. Verify you can see the shared printer through windows.. You'll need to use the net rpc command to grant the rights to add the print drivers to the $print share. Read the following section for print rights.. Administering User Rights and Privileges http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html On 06/27/2011 05:09 AM, Bruno Martins wrote: Hello everyone. My name is Bruno and I'm setting up a CentOS-based print server. This is the only GNU/Linux machine on our network, which serves something like 30 Windows XP/7 clients. I've already installed and configured CUPS and Samba. Very basic configuration. Also, I have already added our printers to CUPS. But now I don't know how to download Windows printer drivers to my print server and share it to Windows users, although I have read a lot of documentation. May you please help me? This is the content of my smb.conf file: http://pastebin.com/ueipkrL2 And this, of cupsd.conf file: http://pastebin.com/YedSasSB Best regards, Bruno Martins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] filesystem of choice?
I vote for ext4 also, we have been running on that for a few years with no issues.. On 06/24/2011 10:22 AM, Gary Dale wrote: On 24/06/11 09:46 AM, John G. Heim wrote: I'm setting up a new linux fileserver and I was wondering if samba likes one filesystem more than another. I have to format a 1.8Tb partition sometime today and I'll probably do ext3 unless samba prefers something else. We have a lot more linux users than Windows users but the Windows users have more problems with slow access. I use ext4 on mine without any issues. Since you're unlikely to change the file system once it's set up, why not go for the more modern version? It's stable and will probably receive better support over the long run. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tkey-gssapi-credential and bind (Samba4)
In my experience this is due to gssapi not being compiled to the correct directory for bind.. I also used 11.04 and my compile path was --with-gssapi=/usr/include/gssapi,, instead of /usr On 06/21/2011 10:45 AM, Marcel Ritter wrote: Hi Mauricio, this is usually caused by one of 3 things: 1) bind is started without KRB5_KTNAME being set, and therefore doesn't know where to look for it's keytab 2) the bind user does not have access permission to the keytab (or any directory in its path) 3) I also hat problems related to apparmor (on Ubuntu 10.04) where the apparmor security framework prevented bind from accessing the keytab, even if file permissions were ok Hope this helps, Marcel -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Mauricio Tavares Gesendet: Dienstag, 21. Juni 2011 16:11 An: samba@lists.samba.org Betreff: [Samba] tkey-gssapi-credential and bind (Samba4) So I am in step 10 of the samba4 howto (https://wiki.samba.org/index.php/Samba4/HOWTO#Step_10_Configure_kerberos_DNS_dynamic_updates); my bind9 is 9.7.3 which seems to be current enough for this. In it we are to add tkey-gssapi-credential DNS/samdom.example.com; tkey-domain SAMDOM.EXAMPLE.COM; to /etc/bind/named.conf.options. Since my test domain is test.domain.com, I changed the above to tkey-gssapi-credential DNS/test.domain.com; tkey-domain TEST.DOMAIN.COM; In the log file I have: Jun 21 10:02:39 sambabox named[3302]: automatic empty zone: D.F.IP6.ARPA Jun 21 10:02:39 sambabox named[3302]: automatic empty zone: 8.E.F.IP6.ARPA Jun 21 10:02:39 sambabox named[3302]: automatic empty zone: 9.E.F.IP6.ARPA Jun 21 10:02:39 sambabox named[3302]: automatic empty zone: A.E.F.IP6.ARPA Jun 21 10:02:39 sambabox named[3302]: automatic empty zone: B.E.F.IP6.ARPA Jun 21 10:02:39 sambabox named[3302]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Jun 21 10:02:39 sambabox named[3302]: configuring TKEY: failure Jun 21 10:02:39 sambabox named[3302]: loading configuration: failure Jun 21 10:02:39 sambabox named[3302]: exiting (due to fatal error) Jun 21 10:02:50 sambabox named[3316]: starting BIND 9.7.3 -u bind Jun 21 10:02:50 sambabox named[3316]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS=' IMHO, just saying TKEY:failure is not very helpful. I did find out the line bind does not seem to like is the first one, tkey-gssapi-credential DNS/test.domain.com; This is an ubuntu 11.04 machine if this matters. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restricting logins using pam_winbind require_membership_of ?
In the samba share definition you could add valid users = +group this should have the effect your looking for if I understand you correctly. If not my apologies.. On 06/17/2011 12:28 PM, John McNulty wrote: Hi. I have some shares on a server that are offered to specific Active Directory user groups, but the business doesn't want those users to be able to login to the server. If I were to add require_membership_of to pam_winbind to limit logins and shut out the users I don't want, would it also have the side effect of denying those users access to the shares as well? Regards, John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net ads join
I believe it takes the name from either the, netbios name = or server string = x in the smb.conf file. On 05/27/2011 05:50 AM, fsos...@gmail.com wrote: Hello, I would like to know where samba takes the computer name to join the AD domain. Is it from classic computer name DNS resolution? regards, Fred -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Winbind Trust -- grr
First, Thanks for any and all help I can't seem to figure out what I need to do, I've been fighting this for a month and am now beating my head off my desk with no solution to be found. I've read others having this issue but they were all older versions.. I am using 3.5.4,, Please read over and give me some input.. Every 7 days winbindd fails on the trust secret. The only way I can figure to fix it is rejoin the domain. My only solution I can think of is script and cron so the machine rejoins the domain every 6 days on it's own.. I believe I'm forced to use winbind due to dansguardian using ntlm_auth. Dansguardian cant use ldap connection. Now My smb.conf is as follows on the squid server.. [global] workgroup = EXAMPLE netbios name = squid1 server string = Squid1 security = domain password server = netfiles1san, netfiles2san log level = 3 log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = False local master = No domain master = False dns proxy = No ;Winbind winbind refresh tickets = false winbind separator = / winbind enum users = yes winbind enum groups = yes winbind use default domain = yes idmap uid = 1-2 idmap gid = 1-2 smb.conf on my DC relevent info is as follows security = user LDAP Backend master Possibly an issue with using domain on the squid server and user on the DC?? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind Trust -- grr
Ah, a new avenue to look down.. winbind cache was 300, idmap cache is set to 7 days so I changed them both to 60 seconds restarted services and rejoined domain, hoping that the problem would happen right away, this was not the case though. Was your issue on the server side or client side? I have not changed server only client.. I try to keep server settings aside as last resort.. Thanks much, aaron On 05/25/2011 02:47 PM, Gaiseric Vandal wrote: It may be related to a caching issue. Use testparm -v to check the values for the following: idmap cache time winbind cache time I had a problem with samba 3.0.x where idmap entries would populate for users in a trusted domain- but after the cache time expired the cache would not repopulate and I would loose the trusted users. Increasing the cache time at least reduced how frequently I had to delete the cache entries. This is not a solution but may be will help locate the problem. On 05/25/2011 12:16 PM, Aaron E. wrote: First, Thanks for any and all help I can't seem to figure out what I need to do, I've been fighting this for a month and am now beating my head off my desk with no solution to be found. I've read others having this issue but they were all older versions.. I am using 3.5.4,, Please read over and give me some input.. Every 7 days winbindd fails on the trust secret. The only way I can figure to fix it is rejoin the domain. My only solution I can think of is script and cron so the machine rejoins the domain every 6 days on it's own.. I believe I'm forced to use winbind due to dansguardian using ntlm_auth. Dansguardian cant use ldap connection. Now My smb.conf is as follows on the squid server.. [global] workgroup = EXAMPLE netbios name = squid1 server string = Squid1 security = domain password server = netfiles1san, netfiles2san log level = 3 log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = False local master = No domain master = False dns proxy = No ;Winbind winbind refresh tickets = false winbind separator = / winbind enum users = yes winbind enum groups = yes winbind use default domain = yes idmap uid = 1-2 idmap gid = 1-2 smb.conf on my DC relevent info is as follows security = user LDAP Backend master Possibly an issue with using domain on the squid server and user on the DC?? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind Trust -- grr
I guess the client/server question is a moot point as I don't even have winbind running on my DC.. On 05/25/2011 04:09 PM, Aaron E. wrote: Ah, a new avenue to look down.. winbind cache was 300, idmap cache is set to 7 days so I changed them both to 60 seconds restarted services and rejoined domain, hoping that the problem would happen right away, this was not the case though. Was your issue on the server side or client side? I have not changed server only client.. I try to keep server settings aside as last resort.. Thanks much, aaron On 05/25/2011 02:47 PM, Gaiseric Vandal wrote: It may be related to a caching issue. Use testparm -v to check the values for the following: idmap cache time winbind cache time I had a problem with samba 3.0.x where idmap entries would populate for users in a trusted domain- but after the cache time expired the cache would not repopulate and I would loose the trusted users. Increasing the cache time at least reduced how frequently I had to delete the cache entries. This is not a solution but may be will help locate the problem. On 05/25/2011 12:16 PM, Aaron E. wrote: First, Thanks for any and all help I can't seem to figure out what I need to do, I've been fighting this for a month and am now beating my head off my desk with no solution to be found. I've read others having this issue but they were all older versions.. I am using 3.5.4,, Please read over and give me some input.. Every 7 days winbindd fails on the trust secret. The only way I can figure to fix it is rejoin the domain. My only solution I can think of is script and cron so the machine rejoins the domain every 6 days on it's own.. I believe I'm forced to use winbind due to dansguardian using ntlm_auth. Dansguardian cant use ldap connection. Now My smb.conf is as follows on the squid server.. [global] workgroup = EXAMPLE netbios name = squid1 server string = Squid1 security = domain password server = netfiles1san, netfiles2san log level = 3 log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = False local master = No domain master = False dns proxy = No ;Winbind winbind refresh tickets = false winbind separator = / winbind enum users = yes winbind enum groups = yes winbind use default domain = yes idmap uid = 1-2 idmap gid = 1-2 smb.conf on my DC relevent info is as follows security = user LDAP Backend master Possibly an issue with using domain on the squid server and user on the DC?? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] security = user vs security = domain and winbind trust
If you require and more information let me know and thanks in advance .. I'm working with dansguardian and squid with ntlm_auth. I join squid to the domain and it works for 7 days. After 7 days to the minute from the time I joined the server to the domain winbind decides it has lost its trust. And then squid cant utilize ntlm_auth as it requires winbind to function properly. I'm using the packaged version from Ubuntu Lucid.. samba 3.4.7.. I guess from what I've researched winbind isn't able to change or doesn't get updated with the machine password? CAn I force this somehow? Does it have anything to do with the fact I don't have an AD domain and using security = domain? security = user (winbind doesn't return users or groups with wbinfo and squid will not authenticate.) security = domain ( winbind works for 7 days as does squid, once the 7 days is up I have to rejoin the machine to the domain in order to get it in a working condition..) My DC is a samba server with openldap as it's backend. wbinfo -t returns the following checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc022) Could not check secret Below is a snipet of winbind.log initialize_winbindd_cache: clearing cache and re-creating with version number 1 [2011/05/19 08:57:27, 2] winbindd/winbindd_util.c:235(add_trusted_domain) Added domain BUILTIN S-1-5-32 [2011/05/19 08:57:27, 2] winbindd/winbindd_util.c:235(add_trusted_domain) Added domain APPSRV5 S-1-5-21-2430456434-2706775456-2994855025 [2011/05/19 08:57:27, 2] winbindd/winbindd_util.c:235(add_trusted_domain) Added domain EXAMPLE S-1-5-21-496710657-683828429-1874078741 [2011/05/19 08:57:28, 3] libsmb/cliconnect.c:940(cli_session_setup_spnego) Doing spnego session setup (blob length=58) [2011/05/19 08:57:28, 3] libsmb/cliconnect.c:967(cli_session_setup_spnego) got OID=1.3.6.1.4.1.311.2.2.10 [2011/05/19 08:57:28, 3] libsmb/cliconnect.c:975(cli_session_setup_spnego) got principal=NONE [2011/05/19 08:57:28, 3] libsmb/ntlmssp.c:1023(ntlmssp_client_challenge) Got challenge flags: [2011/05/19 08:57:28, 3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60898215 [2011/05/19 08:57:28, 3] libsmb/ntlmssp.c:1045(ntlmssp_client_challenge) NTLMSSP: Set final flags: [2011/05/19 08:57:28, 3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088215 [2011/05/19 08:57:28, 3] libsmb/ntlmssp_sign.c:342(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2011/05/19 08:57:28, 3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088215 [2011/05/19 08:57:28, 3] winbindd/winbindd_cm.c:570(cm_get_ipc_userpass) cm_get_ipc_userpass: No auth-user defined [2011/05/19 08:57:28, 1] rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host NETFILES2! [2011/05/19 08:57:31, 3] winbindd/winbindd_misc.c:754(winbindd_interface_version) [10751]: request interface version [2011/05/19 08:57:31, 3] winbindd/winbindd_misc.c:787(winbindd_priv_pipe_dir) [10751]: request location of privileged pipe [2011/05/19 08:57:31, 3] winbindd/winbindd_misc.c:34(winbindd_check_machine_acct) [10751]: check machine account -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Issue with Bind
Glad I could help, as far as your last question, I'll have to let someone else answer that one.. I don't know enough about it to make that determination. On 05/12/2011 12:09 PM, fe...@epepm.cupet.cu wrote: Thanks a lot for your hint. I finally made it in Debian Lenny (with Samba4 alpha15 and Bind9.8.0) installing libkrb5-dev. My named.conf just has an include /usr/local/samba/private/named.conf; and there I also included the options, related to tkey, suggested in the HowTo. I would like to notice that I followed the recommendation from Bind source and I used the option tkey-gssapi-keytab instead of tkey-gssapi-credential and tkey-domain which I finally commented. Finally, I would like to know if I'll need a KDC, and if so, which one, MIT or Heimdal??? Best regards, Felix. It looks like kerberos support installs the proper files, Check for the packages listed below. This is Ubuntu Lucid, not sure how the names have changed for your distribution. root@FILESRV1:/usr/include/mit-krb5# dpkg -S gssapi.h libkrb5-dev: /usr/include/gssrpc/auth_gssapi.h krb5-multidev: /usr/include/mit-krb5/gssapi/gssapi.h libkrb5-dev: /usr/include/gssapi.h libkrb5-dev: /usr/include/gssapi/gssapi.h krb5-multidev: /usr/include/mit-krb5/gssapi.h krb5-multidev: /usr/include/mit-krb5/gssrpc/auth_gssapi.h On 05/11/2011 02:12 PM, fe...@epepm.cupet.cu wrote: I'm trying to compile using --with-gssapi but I found gssapi.h in /usr/loca/include/dst/ and I used this path but the answer is gssapi.h not found??? I'm using Debian Lenny. I think this gssapi.h I have becomes from the previous installation of bind9 because I found that file in Bind9 source directory. My question is how can I install gssapi??? Best regards, Felix. did you compile bind with gssapi? my compile options with ubuntu are this..Verify your pointing to the proper path when compiling for gssapi. ./configure --prefix=/usr/local/bind9 --with-gssapi=/usr/include/gssapi verify that you have the proper environments in bind,,, I have this in the init script.. KEYTAB_FILE=/usr/local/samba1/private/dns.keytab KRB5_KTNAME=/usr/local/samba1/private/dns.keytab export KEYTAB_FILE export KRB5_KTNAME and verify that the options are in named.conf properly.. CASE matters.. tkey-gssapi-credential DNS/example.com; tkey-domain EXAMPLE.COM; Verify all this and modify for your environment... On 05/11/2011 12:15 PM, fe...@epepm.cupet.cu wrote: I followed the Howto http://wiki.samba.org/index.php/Samba4/HOWTO Using: -Samba4 alpha15 -Bind9.8.0 When I added an XP PC (192.168.123.244) to my domain I got this in syslog: May 11 12:04:18 samba4 named[10705]: client 192.168.123.244#1061: update 'mydomain.com/IN' denied May 11 12:04:18 samba4 named[10705]: tkey.c:486: ENSURE(result == (((1) 16) + 28) || result == 0) failed, back trace May 11 12:04:18 samba4 named[10705]: #0 0x805ac45 in assertion_failed()+0x45 May 11 12:04:18 samba4 named[10705]: #1 0x81c62f7 in isc_assertion_failed()+0x27 May 11 12:04:18 samba4 named[10705]: #2 0x81659ba in dns_tkey_processquery()+0x98a May 11 12:04:18 samba4 named[10705]: #3 0x80696ff in ns_query_start()+0x40f May 11 12:04:18 samba4 named[10705]: #4 0x8051d44 in client_request()+0xdc4 May 11 12:04:18 samba4 named[10705]: #5 0x81e270d in isc__taskmgr_dispatch()+0x17d May 11 12:04:18 samba4 named[10705]: #6 0x81e5e34 in evloop()+0x74 May 11 12:04:18 samba4 named[10705]: #7 0x81e60af in isc__app_ctxrun()+0x12f May 11 12:04:18 samba4 named[10705]: #8 0x81e6182 in isc__app_run()+0x12 May 11 12:04:18 samba4 named[10705]: #9 0x805bd56 in main()+0xc96 May 11 12:04:18 samba4 named[10705]: #10 0xb7d04455 in _fini()+0xafb0d6b9 May 11 12:04:18 samba4 named[10705]: #11 0x804bb61 in _start()+0x21 May 11 12:04:18 samba4 named[10705]: exiting (due to assertion failure) Any ideas?? Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Issue with Bind
did you compile bind with gssapi? my compile options with ubuntu are this..Verify your pointing to the proper path when compiling for gssapi. ./configure --prefix=/usr/local/bind9 --with-gssapi=/usr/include/gssapi verify that you have the proper environments in bind,,, I have this in the init script.. KEYTAB_FILE=/usr/local/samba1/private/dns.keytab KRB5_KTNAME=/usr/local/samba1/private/dns.keytab export KEYTAB_FILE export KRB5_KTNAME and verify that the options are in named.conf properly.. CASE matters.. tkey-gssapi-credential DNS/example.com; tkey-domain EXAMPLE.COM; Verify all this and modify for your environment... On 05/11/2011 12:15 PM, fe...@epepm.cupet.cu wrote: I followed the Howto http://wiki.samba.org/index.php/Samba4/HOWTO Using: -Samba4 alpha15 -Bind9.8.0 When I added an XP PC (192.168.123.244) to my domain I got this in syslog: May 11 12:04:18 samba4 named[10705]: client 192.168.123.244#1061: update 'mydomain.com/IN' denied May 11 12:04:18 samba4 named[10705]: tkey.c:486: ENSURE(result == (((1) 16) + 28) || result == 0) failed, back trace May 11 12:04:18 samba4 named[10705]: #0 0x805ac45 in assertion_failed()+0x45 May 11 12:04:18 samba4 named[10705]: #1 0x81c62f7 in isc_assertion_failed()+0x27 May 11 12:04:18 samba4 named[10705]: #2 0x81659ba in dns_tkey_processquery()+0x98a May 11 12:04:18 samba4 named[10705]: #3 0x80696ff in ns_query_start()+0x40f May 11 12:04:18 samba4 named[10705]: #4 0x8051d44 in client_request()+0xdc4 May 11 12:04:18 samba4 named[10705]: #5 0x81e270d in isc__taskmgr_dispatch()+0x17d May 11 12:04:18 samba4 named[10705]: #6 0x81e5e34 in evloop()+0x74 May 11 12:04:18 samba4 named[10705]: #7 0x81e60af in isc__app_ctxrun()+0x12f May 11 12:04:18 samba4 named[10705]: #8 0x81e6182 in isc__app_run()+0x12 May 11 12:04:18 samba4 named[10705]: #9 0x805bd56 in main()+0xc96 May 11 12:04:18 samba4 named[10705]: #10 0xb7d04455 in _fini()+0xafb0d6b9 May 11 12:04:18 samba4 named[10705]: #11 0x804bb61 in _start()+0x21 May 11 12:04:18 samba4 named[10705]: exiting (due to assertion failure) Any ideas?? Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Could not convert sid ..... to ..... gid
See what wbinfo --name-to-sid (group) reports for both groups , also did you change the ACL in squid to point to the new group? On 05/05/2011 09:32 AM, olaf.bo...@hvbg.hessen.de wrote: Hi! More than a week ago I sent the below-mentioned message but did not receive any answer. I think that the subject heading was not correct, and so I changed it. Hope that I will get an answer now. Olaf Von: Boldt, Olaf (HVBG) Gesendet: Mittwoch, 27. April 2011 14:58 An: 'samba@lists.samba.org' Betreff: Problems with Squid and Active Directory Hello! Since a few weeks I have Squid Version 2.7.STABLE7 on Ubuntu Server 10.04. All worked fine - different users in an AD-Group could reach the internet through my proxy. Because of this my Squid-configuration seems to be OK. Since the name of the AD-Group was changed it is no more possible to reach the internet through the proxy. The error is: Access control configuration prevents your request from being allowed at this time. Switching to the old group name all works fine again, switching to the new one: the same error as above. I changed the debug options and found this entry in cache.log: Could not convert sid S-1-5-21-3365863304-72330373-946326852-415981 to gid From the Squid Mailing List I got the answer that this is a problem of Samba and/or winbind. I have installed: samba 2:3.4.7~dfsg-1ubuntu3.5 winbind 2:3.4.7~dfsg-1ubuntu3.5 What to do? Thanks! Olaf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Could not convert sid ..... to ..... gid
Once you try that then try converting the opposite like so.. wbinfo --sid-to-uid (sid from previous step) On 05/05/2011 03:16 PM, Aaron E. wrote: See what wbinfo --name-to-sid (group) reports for both groups , also did you change the ACL in squid to point to the new group? On 05/05/2011 09:32 AM, olaf.bo...@hvbg.hessen.de wrote: Hi! More than a week ago I sent the below-mentioned message but did not receive any answer. I think that the subject heading was not correct, and so I changed it. Hope that I will get an answer now. Olaf Von: Boldt, Olaf (HVBG) Gesendet: Mittwoch, 27. April 2011 14:58 An: 'samba@lists.samba.org' Betreff: Problems with Squid and Active Directory Hello! Since a few weeks I have Squid Version 2.7.STABLE7 on Ubuntu Server 10.04. All worked fine - different users in an AD-Group could reach the internet through my proxy. Because of this my Squid-configuration seems to be OK. Since the name of the AD-Group was changed it is no more possible to reach the internet through the proxy. The error is: Access control configuration prevents your request from being allowed at this time. Switching to the old group name all works fine again, switching to the new one: the same error as above. I changed the debug options and found this entry in cache.log: Could not convert sid S-1-5-21-3365863304-72330373-946326852-415981 to gid From the Squid Mailing List I got the answer that this is a problem of Samba and/or winbind. I have installed: samba 2:3.4.7~dfsg-1ubuntu3.5 winbind 2:3.4.7~dfsg-1ubuntu3.5 What to do? Thanks! Olaf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] What are others Doing?
If you read samba-technical sorry for the double read, I accidentally posted this over there earlier.. I'm still working on possible upgrade to samba4 and will be in testing on that for a long while, but in the mean time I need to at least get a Windows 2008 Terminal server up and functioning on my samba 3 domain.. I am having licensing issues since it isnt' an active directory domain and the 2008 TS server will not issue licenses.. My question is this,,, How are others implementing 2008 TS servers into their samba 3 domain and getting the licensing to work properly.. The Licensing Service Configuratio manager is running under the local service account and cannot be changed due to other dependencies IE RPS,,, That is the error in the diagnostics.. Thanks much for any input.. If you read samba-technical sorry for the double read, I accidentally posted this over there earlier.. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot set ACL for Authenticated Users
Does the file system your working with support ACL? IS it set to use acls in the /etc/fstab? On 04/29/2011 06:24 AM, Arnaud Lesauvage wrote: Hi list ! I have found someone having a similar problem back in 2007 (http://lists.samba.org/archive/samba/2007-April/131574.html), but as I understand it, this problem is fixed for a long time now. So basically, I am trying to give Authenticated Users some permissions on a folder in a samba share, but when I wheck back either with my windows GUI or via getfacl, the permission has just been dismissed and nothing ahas changed. The serveur is running samba version 3.2.7 on OpenSuse 11. Here is the result of testparm : [global] workgroup = dom realm = dom.ext server string = Samba Server security = ADS password server = pdc1.dom.ext pdc2.dom.ext idmap uid = 1200-2 idmap gid = 1200-2 winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind expand groups = 3 And for the share where the folder is stored : [data] comment = data path = /srv/samba/data valid users = @LOCAL+Domain Users admin users = @LOCAL+Domain Admins read only = no browseable = no map acl inherit = yes inherit acls = yes create mask = 0600 directory mask = 0700 store dos attributes = yes csc policy = disable What should I change to be able to attribute permissions to the Authenticated Users group ? Thanks a lot for your help ! Arnaud -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot set ACL for Authenticated Users
Windows PDC? Does wbinfo -u return a list of domain users? On 04/29/2011 09:44 AM, Arnaud Lesauvage wrote: Le 29/04/2011 14:45, Aaron E. a écrit : Does the file system your working with support ACL? IS it set to use acls in the /etc/fstab? Hi Aaron, thanks for your answer. Yes, it is set to use ACL and usr_xattr. Both work well. But Authenticated Users seem to be not mappable to a gid. On 04/29/2011 06:24 AM, Arnaud Lesauvage wrote: Hi list ! I have found someone having a similar problem back in 2007 (http://lists.samba.org/archive/samba/2007-April/131574.html), but as I understand it, this problem is fixed for a long time now. So basically, I am trying to give Authenticated Users some permissions on a folder in a samba share, but when I wheck back either with my windows GUI or via getfacl, the permission has just been dismissed and nothing ahas changed. The serveur is running samba version 3.2.7 on OpenSuse 11. Here is the result of testparm : [global] workgroup = dom realm = dom.ext server string = Samba Server security = ADS password server = pdc1.dom.ext pdc2.dom.ext idmap uid = 1200-2 idmap gid = 1200-2 winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind expand groups = 3 And for the share where the folder is stored : [data] comment = data path = /srv/samba/data valid users = @LOCAL+Domain Users admin users = @LOCAL+Domain Admins read only = no browseable = no map acl inherit = yes inherit acls = yes create mask = 0600 directory mask = 0700 store dos attributes = yes csc policy = disable What should I change to be able to attribute permissions to the Authenticated Users group ? Thanks a lot for your help ! Arnaud -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] researching options need advice
Our current infrastructure is Openldap back end with samba3 pdc. With 2003 terminal servers Using poledit.exe with policies.. We are in need of upgrade of our terminal servers. I cannot get the old way of policies to lock the server down as I need to function on Windows Server 2008. What are other people doing? I can't be the first one to run across this and can't seem to find anything substantial in googling. Advice Greatly appriciated. Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] researching options need advice
Another Idea I was thinking was to migrate to Windows AD then Migrate to Samba4 but this seems like a long process.. Thoughts? On 04/05/2011 11:58 AM, Aaron E. wrote: Our current infrastructure is Openldap back end with samba3 pdc. With 2003 terminal servers Using poledit.exe with policies.. We are in need of upgrade of our terminal servers. I cannot get the old way of policies to lock the server down as I need to function on Windows Server 2008. What are other people doing? I can't be the first one to run across this and can't seem to find anything substantial in googling. Advice Greatly appriciated. Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Ubuntu Init Scripts
here's one I put together and it works pretty good. I took parts from various net research and came up with this, I have since gathered a better understanding and probably should rewrite it without the killall statement but Ill save that for another day.. Edit paths accordingly.. #! /bin/bash -e ### BEGIN INIT INFO # Provides: samba # Required-Start: # Required-Stop: # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Samba # Description: Samba Domain controller #scheduler ### END INIT INFO # # # set -e PATH=/bin:/usr/bin:/sbin:/usr/sbin DAEMON=/usr/local/samba1/sbin/samba test -x $DAEMON || exit 0 case $1 in start) echo -ne Starting Samba samba \n $DAEMON -D ;; stop) echo -ne Stopping Samba samba \n PIDSMB=`ps -e | grep samba | awk '{ print $1 }'` killall samba ;; restart) $0 stop echo -ne Sleeping 5 Seconds Before Start: \n sleep 5 $0 start ;; *) echo Usage: /etc/init.d/samba {start|stop|restart) exit 1 ;; esac exit 0 On 04/01/2011 12:43 PM, Ryan Leimenstoll wrote: Hello all, I was wondering if anyone has developed an init script for Samba4 Alpha14. I am using alpha 12 right now (from APT), but I would like to upgrade to Alpha14. Since Samba4 from GIT doesn't come with an init script, I have been unable to upgrade. Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Information needed,, wide open to ideas.. ACL's
I'm looking to migrate to samba4 AD domain from samba3 but this will not happen over night, I plan on slowly migrating which brings me to acl issues, I will be creating a new domain but still need to have a single data store. IS this something that can just have a domain trust built? Can I somehow mount the data on the new domain and stay relatively close to the acls that are currently in place? NFS, smbfs? I'm hoping for some direction or best practice in a scenario like this.. Give me possible items to research, possible scenarios etc.. I am completely open to ideas. Thanks you Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba3.5.4 windows 2008 R1 32bit
What is the trick to getting a Windows 2008 R1 32bit server to connect to a samba print share? Error = Windows could no connect to printer, Operation could not be completed (error 0x6d1) My configuration is this.. Samba4 PDC Samba3 print server windows 2008 TS server Everything works using a windows XP pc,, I can install the drivers on the samba server and point and click works with windows XP. I've googled and can't seem to come up with a solution or fix.. Thank you Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] alpha 15 ?
I've seen people mention an Samba4 Alpha 15, though I can't seem to find it on the samba ftp. Where can I get the source for this if it is available? Thanks Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CentOs 5.5 Glusterfs 3.1.0 Samba 3.5 MSOffice Files
Is this possibly a caching issue? I had some problems with nfs file share that sounded somewhat like this and it turned out to be caching. I disabled caching on the mount and it all worked perfectly. On 02/08/2011 10:16 AM, Volker Lendecke wrote: On Tue, Feb 08, 2011 at 03:51:26PM +0100, Daniel Müller wrote: So I created the file versuch.docx on the glusterd-vol. At the end of my smbd.log the file is read only. Only one change in the file possible If that is all the logs that you can ever get out of your Server (your max log size must be EXTREMELY small) then I don't see any chance to help you. A full debug level 10 log, a network sniff and at some point potentially a strace of smbd, that would be the information that you might have a chance with. But that is probably more effort for you than installing GFS2. Sorry for that, Volker Lendecke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Conversion to Samba4
I'm looking for direction on converting from openldap / samba3 backend to samba4. At this point I've got my samba4 domain provisioned and working and I now want to start importing users but for the life of me I can't find any information on the net about the process. Few questions. Do I need to use the converted schema from oLschema2ldif? Do I need to convert the exported ldifs I have somehow? I'm trying to clean up my DB and only import certain trees so I don't need the whole ldap db just certain exported portions. Thank you for any direction... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to map shared folders when start user profile in XP
I believe you need to put the .bat scripts in a subdirectory of netlogon/scripts in order for the script to be found and run... On 11/19/2010 08:05 AM, Daniel Müller wrote: I think you meant script per each user? Then you need exactly logon script = %u.bat %u substitutes the login user name. The if you have two users: mike, carl You need to have ex.: mike.bat;carl.bat in your netlogon path You can exactly make this too for groups. EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de Von: marcos gonzalez [mailto:marcos.gonzalez.c...@gmail.com] Gesendet: Freitag, 19. November 2010 13:33 An: muel...@tropenklinik.de Cc: anil; samba@lists.samba.org Betreff: Re: [Samba] how to map shared folders when start user profile in XP Hi But If I put [netlogon] comment = Network Logon Service path = /pathtoyour/netlogon/ Only accepts one script and my doubt is how to config one script for user. Thanks 2010/11/17 Daniel Müllermuel...@tropenklinik.de Hi, your logon script must be put in your: [global] logon script = %u.bat [netlogon] comment = Network Logon Service path = /pathtoyour/netlogon/ --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von marcos gonzalez Gesendet: Mittwoch, 17. November 2010 12:41 An: anil Cc: samba@lists.samba.org Betreff: Re: [Samba] how to map shared folders when start user profile in XP Hi No, the problem continues. I putted in smb.conf this: logon script = %u.bat logon path = \\%n\Profiles\%u logon drive = H: And inside user profile, in the root folder, i putted user.bat with instrucciones to test. If I execute manually works fine, but not works at start of sesion. Suggestions? Thanks 2010/11/16 anilaswakh...@gmail.com Hi, Your problem is sorted now? On 11/16/2010 10:18 PM, marcos gonzalez wrote: Hi I understand If I change the smb.conf to : logon script = %u.bat logon path = \\%n\Profiles\%u logon drive = H: putting the script user.bat into the root profile folder (for example /var/lib/samba/profiles/user/ ) for every user load their configuration? Thanks! 2010/11/16 Anil Wakhareaswakh...@gmail.com Hi, According to me,you can first configure the smb.conf file. Use the following domain master = yes domain logons = yes # the login script name depends on the machine name logon script = %m.bat # the login script name depends on the unix user used logon script = %u.bat logon path = \\%n\Profiles\%u ; logon drive = H: # disables profiles support by specifing an empty path logon path = \\uccagent\%u logon path = \\administrator\%u On Tue, Nov 16, 2010 at 4:04 PM, marcos gonzalez marcos.gonzalez.c...@gmail.comwrote: Hi Im searching examples to configure logon scripts for every user. If I configure netlogon how this [global] logon path = \\%N\profiles\%U logon drive = H: logon home = logon script = logon.bat [netlogon] # comment = Network Logon Service path = /var/lib/samba/netlogon # admin users = root # guest ok = yes read only = yes browseable = no Only I can use one script, but I prefer to use specific scripts for users too. I don't know If I can. Other problem is how to configure shared folders for groups of users. Thanks 2010/11/16 Anil Wakhareaswakh...@gmail.com Hi, I am not getting ur question.can u explain it briefly. On Tue, Nov 16, 2010 at 1:08 PM, marcos gonzalez marcos.gonzalez.c...@gmail.comwrote: Hi yes, Im interested in a login script, but Im a newbie with this and I don't know where I can take examples. Inside samba documentacion there are no the sufficient complex examples and in my case Im interested to made a script for every user. Suggestions? Thnaks 2010/11/15 Gaiseric Vandalgaiseric.van...@gmail.com Are you using a login script? That should take care of mapping shared folders to drive letters. You can't use login scripts to setup printers. If the printers are properly shared from a Windows server or Samba server users should be able to easily locate them in My Network Places. On 11/12/2010 06:33 AM, marcos gonzalez wrote: Hi guys I have configured samba 3.3.2 in a domain with Xp clients and I would like to config inside clients the shared folders how units when users starts, and the printers too. Im looking for this and the information is very confused, and I dont know which the fast option for users. Suggestions? Thanks --
Re: [Samba] SAMBA accessible with hostname only on local subnet
Other items to check are, 1. can you ping by hostname 2. can you ping by ip a. if you cannot by hostname then you have a DNS issue, 3. What type of firewall is between? Check the configuration.. 4. Check the firewall configuration on your samba server. (fedora has most items blocked by default (including samba)(ubuntu I dont' even has firewall enabled.) What OS's are involved.. On 11/15/2010 05:02 AM, *...@ppu wrote: Dear Aaron, Sorry for the delay in repying.Please find the output of route command. default gateway was set properly and its is pinging. Destination Gateway Genmask Flags Metric RefUse Iface 172.27.0.0 * 255.255.240.0 U 0 00 eth0 169.254.0.0 * 255.255.0.0 U 0 00 eth0 default 172.27.0.1 0.0.0.0 UG0 00 eth0 From: Aaron E.ssures...@gmail.com To: samba@lists.samba.org Date: Thu, 11 Nov 2010 08:15:54 -0500 Subject: Re: [Samba] SAMBA accessible with hostname only on local subnet I would verify the routing table on the server. This sounds like the default gateway isn't set or the server doesn't know how to reach the other networks. try # route and examine the table. On 11/11/2010 06:17 AM, *...@ppu wrote: hi all, i have integrated SAMBA with active directory and everthing is working . however SAMBA server is accessible with hostname only on local subnet. it is not opening in other subnets and opening with ipaddress. it keeps on asking for password and saying access denied while using net view \\testsambafile://testsamba/ corp.raju.ad. command any one faced the same problem ?? please help me out. Regards Appaji.p -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA accessible with hostname only on local subnet
I would verify the routing table on the server. This sounds like the default gateway isn't set or the server doesn't know how to reach the other networks. try # route and examine the table. On 11/11/2010 06:17 AM, *...@ppu wrote: hi all, i have integrated SAMBA with active directory and everthing is working . however SAMBA server is accessible with hostname only on local subnet. it is not opening in other subnets and opening with ipaddress. it keeps on asking for password and saying access denied while using net view \\testsamba corp.raju.ad. command any one faced the same problem ?? please help me out. Regards Appaji.p -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Mandatory Profile
I'm using samba 3.4 with ldap backend, I'm trying to get a mandatory profile working with 4 of my floor machines. I can't seem to get the proper permissions in order for all 4 users to pull this profile. Only the owner of the profile can use even if I set the permissions to 777 on the profile... I've tried using different groups iee. guests, domusers, users, recursive all the way down the profile.. Is this possible? Or am I chasing an item that should be possible in theory but just won't work? Thanks Endo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ntlm_auth = NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e)
security = domain or security = user? I had problems with winbind using security = user.. I can't remember properly it's been a while.. On 11/11/2010 04:22 PM, Rowley, Mathew wrote: I had to downgrade samba on a rh5.5 instance due to ntlm_auth not working properly: https://bugzilla.redhat.com/show_bug.cgi?format=multipleid=561325 Now, when I add the computer to the domain ('net ads join –U Administrator') it seems to work, is visible on the AD interface, but the logs show an error: Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:idmap_alloc_init(589) Nov 11 16:03:22 rhclient winbindd[4483]: ERROR: Initialization failed for alloc backend, deferred! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) Nov 11 16:03:22 rhclient winbindd[4483]: idmap_alloc module ldap already registered! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) Nov 11 16:03:22 rhclient winbindd[4483]: idmap_alloc module tdb already registered! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap(149) Nov 11 16:03:22 rhclient winbindd[4483]: Idmap module passdb already registered! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap(149) Nov 11 16:03:22 rhclient winbindd[4483]: Idmap module nss already registered! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:idmap_alloc_init(589) Nov 11 16:03:22 rhclient winbindd[4483]: ERROR: Initialization failed for alloc backend, deferred! Nov 11 16:03:22 rhclient pcscd: winscard.c:304:SCardConnect() Reader E-Gate 0 0 Not Found And wbinfo gives me nothing – so I am assuming there is a problem: [r...@rhclient samba]# wbinfo -u [r...@rhclient samba]# wbinfo -g [r...@rhclient samba]# When trying to do a ntlm_auth, I get a funky error as well: [r...@rhclient samba]# ntlm_auth --request-nt-key --domain=VMSECLAB.CABLE.COMCAST.COM --username=user password: NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc05e) Yet, there is a login server in the samba.conf, and dns/reverse dns works: [r...@rhclient samba]# grep 'password server' /etc/samba/smb.conf password server = ad.vmseclab.cable.com [r...@rhclient samba]# nslookup ad.vmseclab.cable.com Server: 10.252.159.138 Address: 10.252.159.138#53 Name: ad.vmseclab.cable.com Address: 10.252.159.138 [r...@rhclient samba]# nslookup 10.252.159.138 Server: 10.252.159.138 Address: 10.252.159.138#53 138.159.252.10.in-addr.arpa name = ad.vmseclab.cable.com. The samba logs show this when trying to ntlm_auth: == /var/log/samba/log.winbindd-dc-connect== [2010/11/11 16:16:55, 1] libads/cldap.c:recv_cldap_netlogon(157) no reply received to cldap netlogon [2010/11/11 16:16:55, 1] libads/ldap.c:ads_find_dc(427) ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC [2010/11/11 16:16:55, 1] libads/ldap.c:ads_find_dc(427) ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC [2010/11/11 16:17:25, 1] libads/cldap.c:recv_cldap_netlogon(157) no reply received to cldap netlogon [2010/11/11 16:17:25, 1] libads/ldap.c:ads_find_dc(427) ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC [2010/11/11 16:17:25, 1] libads/ldap.c:ads_find_dc(427) ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC Has anyone seen this, or have any clue what could be happening? It seems like my DC does not have cldap open/working? What port does that run over? If its normal ldap(389), I can telnet to that fine. I am out of ideas, any help would be appreciated. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba