Re: [Samba] [PATCH] Fix Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ

As has been pointed out elsewhere, the patch is incorrect. Try this one instead: https://attachments.samba.org/attachment.cgi?id=9210 Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT

Re: [Samba] using samba 4 as plugin replacement for samba 3

g with exact directions to reproduce. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL an

[Samba] [homes] support in Samba 4.x

nge in this area. It is actually also meant to work on our AD DC, but I know a number of folks don't use it because a [home] share works better with ADUC (because that creates the home directory). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Sa

Re: [Samba] [PATCH] Fix Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ

-s' so I can apply it with all the right author stuff etc? Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL an

Re: [Samba] execute permissions missing after upgrade to Samba 4

ZIP archive > with executables, they have no x-bit set). Should Samba4 itself set > 'Read-And-Execute' rights, either by settin x bit or by setting these > rights in extended attributes? See the new parameter in Samba 4.0.10 'acl allow execute always' Andrew Bartl

Re: [Samba] Problems joining Samba4 domain

hat you use the latest tarball (4.1.0) I totally agree. We are only now getting current Samba 4.0 packages into Debian unstable, and Ubuntu's package, particularly on 12.04 is very, very old. Start with current code, and then get network traces and log files if you still have issues. Andrew

Re: [Samba] using samba 4 as plugin replacement for samba 3

ll windows acl's in extended attributes, or is > this improvement only available in combination with letting it run as > active directory domain controller? You can load acl_xattr as a vfs module without being an AD DC, it's just on by default in that

Re: [Samba] [PATCH] Fix Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ

On Sat, 2013-10-12 at 12:35 -0700, Mauricio Alvarez wrote: > Is there any chance the problem I am having (drsuapi.DsBindInfoFallBack' > object has no attribute 'supported_extensions') is related to this patch? No. Sorry, Andrew Bartlett -- Andrew Bartlett

[Samba] HTML docs and the removal of SWAT in 4.1

be generated by running 'make htmlman' in the docs-xml directory, but some of this seems to have bitrotted, at least in my brief testing. Patches to have HTML manpages generated by our main buildsystem (see docs-xml/wscript_build and buildtools/wafsamba/wafsamba.py) are most welcome. Andre

Re: [Samba] Samba 4.0.10 - 4.1.0 - master can no longer join existing Win2003 domain?

ver. > > Now when I try join the domain it fails with > ERROR(): uncaught exception - > 'drsuapi.DsBindInfoFallBack' object has no attribute 'supported_extensions' To make any progress we need the full backtrace. Andrew Bartlett -- Andrew Bartlett

[Samba] HTML docs and the removal of SWAT in 4.1

be generated by running 'make htmlman' in the docs-xml directory, but some of this seems to have bitrotted, at least in my brief testing. Patches to have HTML manpages generated by our main buildsystem (see docs-xml/wscript_build and buildtools/wafsamba/wafsamba.py) are most welcome. Andre

[Samba] [PATCH] Fix Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ

"/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line > 1072, in do_join > ctx.join_add_objects() > File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line > 616, in join_add_objects > ctx.samdb.add(msg) > root@s

Re: [Samba] Multiple A records on my parent domain name are confusing hosts

tries to set it to match the network interfaces of the DC, because AD clients may (few actually do, in this specific case) use this name to find a DC. See dns_update_list. I suggest breaking the CNAME and not using example.com to find your website internally. Andrew Bartlett -- Andrew Bartlett

Re: [Samba] samba_upgradedns output

was originally only for upgrades from FLATFILE to DLZ was extended, and it should now check for the partition first, before looking for a flat-file. Certainly it shouldn't suggest it is re-generating DNS when it won't do that. Andrew Bartlett -- Andrew Bartlett

Re: [Samba] Samba release series

xes > > require filling in > > Sure, will do that as soon as possible. While we are talking about the release pages, I wonder with the new colour table on that page, should we remove the Branch policy page, and just fold the text into this page? That way, we don't have two pages

Re: [Samba] samba 4 DC slow users bulk load

he investigation, because it relies on system-specific symbols. I hope this is clearer. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsu

Re: [Samba] git folder moved : waf : The top source directory has moved. Please run distclean and reconfigure // OK

ng for help > > ... TIA > > Nicolas > Turned out that bin directory couldn't be deleted by the script. > sudo rm -R bin > allowed compilation to complete This typically happens due to 'sudo make install', which creates root-owned files during the

Re: [Samba] [SPAM] Re: Problem with squid+ntlm+samba

On Thu, 2013-10-10 at 11:05 -0300, Silvio Aparecido wrote: > On 10/07/2013 04:30 PM, Andrew Bartlett wrote: > > What does wbinfo -P show? > wbinfo -p > Ping to winbindd succeeded > > > Are you correctly joined to the domain. > net ads testjoin > Join is OK >

Re: [Samba] Samba 4 and squid ntlm auth

a look at a wireshark trace of the success and failure modes, and see if you can show a difference. If the traces are not massive, these you can mail to me. Either way, the wireshark 'service response time' over DCE/RPC would be particularly interesting to see. I hope this helps, And

Re: [Samba] GPO Permissions _AGAIN_

ba > works too when it comes to providing the sysvol share? In Samba, sysvol is not special. It may well need to be, as the issue you describe certainly sounds plausible. Can you file a bug, and work with us to see how we might create a fix for this? Thanks, Andrew Bartlett -- Andrew Bartle

Re: [Samba] Problem with Classic-Migration and Sernet Samba4 Packages

an also be used as an ldap proxy > in conjunction with samba4. Please provide that feedback back to SerNET. I also don't think the packages should be described as breaking each other. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Sa

[Samba] Delay in vendor packages for Samba 4.0

t in their packaging work. Fedora shipped Samba 4.0 as soon as it was released, but does not ship the Active Directory domain controller. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst

Re: [Samba] samba 3 EOL ?

ally release. I hope this clarifies things, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following

Re: [Samba] samba 4 DC slow users bulk load

ly unexpected. I hope this helps you make some more progress chasing this down. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubsc

Re: [Samba] Problem with squid+ntlm+samba

H: NT_STATUS_ACCESS_DENIED > > [2013/10/01 10:30:12, 3] utils/ntlm_auth.c:329(check_plaintext_auth) >NT_STATUS_ACCESS_DENIED: Access denied (0xc022) What does wbinfo -P show? Are you correctly joined to the domain. Can you authenticate using wbinfo as root, and then as squid? What do the winbind logs

Re: [Samba] Failover

r not passed down to the OS in this case, followed by a unexpected loss of power. The corrupt database was then perfectly mirrored to the DRDB clone, resulting in two corrupt mirrors. DRS replication likely would have detected the corruption (because the database would not have been valid) an

Re: [Samba] samba 4 DC slow users bulk load

ort, run samba under TDB_NO_FSYNC=1. This makes samba unsafe against a poweroff event (equivalent to linking with libeatmydata), so don't use this in production, but it will make things much, much faster for the initial import. Andrew Bartlett Andrew Bartlett -- Andrew Bartlett htt

Re: [Samba] SAMBA + open LDAP + password hashing

mba + > kerberos + ldap? > Thanks The easiest way to do Samba + kerberos + ldap is to set up Samba as an AD DC. That said, I shouldn't have mentioned Kerberos in the context of your original query, as it still has the same issues of needing those password types, which you don't have

Re: [Samba] SAMBA + open LDAP + password hashing

The encryption types are incompatible. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] problem server WIN 2003 R2 - samba HP-UX

most certainly relates to the lack of 'smb signing' support in that release, but so many other things have changed in the past dozen years that it could really be anything. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authenticati

Re: [Samba] Samba4: where are ACLs stored?

y magic' whenever we see 'server role = active directory domain controller'. Frankly I think it should be the default, except for the fact that we didn't want to change it for upgrading users. We used the 'new' server role as a chance to at least make it a defa

Re: [Samba] /etc/passwd backend

y just incompatible. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4: where are ACLs stored?

> I'm concerned that backups might be incomplete when part of the access > rights are hidden somewhere else. Will 'cp -a' really copy everything? Can you show me your smb.conf? Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet

Re: [Samba] /etc/passwd backend

e two databases to keep 'in sync'. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Understanding the difference of lock/state/cache directory

ell (others I hope will clarify). At least that is how I understand the issue. See also the FHS: http://www.pathname.com/fhs/pub/fhs-2.3.html#PURPOSE33 Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http:/

Re: [Samba] Samba4, ZFS and FreeBSD

SD ZFS > support. But I am afraid I am not good enough to code it myself. I am > a sysadmin who reads C code frequently, it does not make me a good > coder.. The issue is essentially that the python-based provision code need to detect the use of zfs, load the zfsacl module in t

Re: [Samba] S4-Winbind dumping core on password

> (2008R2) domain. Are you able to reproduce this with winbindd running under valgrind? eg: valgrind --trace-children=yes winbindd Thanks, -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsu

Re: [Samba] samba4 adding an index to sam.ldb

: #define SEARCH_FLAG_ATTINDEX0x001 So, just add one to the existing value in the schema attribute, and you will find it indexed. Let me know if you have more trouble. > > - Original Message - > > > From: "Bo Kersey" > > > To: "Andrew Bartlett&quo

Re: [Samba] On Machine Accounts

On Sun, 2013-09-15 at 11:53 -0700, Yannick Gingras wrote: > On 09/14/2013 05:33 PM, Andrew Bartlett wrote: > > On Fri, 2006-10-06 at 12:32 -0400, Yannick Gingras wrote: > >> [...] > > You can't do a domain logon without a machine account. You could set > > the

Re: [Samba] samba4 upgradeprovision

s tool to turn on a NIS server, perhaps it works remotly against Samba. Otherwise, I asked a user on IRC to consider plumbing in the code that adds these objects (a python function) into a new 'samba-tool domain enablerfc2307' (or similar) command. I've not heard any pr

Re: [Samba] On Machine Accounts

ge. You can't do a domain logon without a machine account. You could set them up as just standalone workstation however. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org --

Re: [Samba] Network Neighbourhood samba 4

er) priority. (Sadly on the AD DC, there isn't spare developer time just floating around). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org

Re: [Samba] samba4 adding an index to sam.ldb

it will help us advise others. Thanks! Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 consumes more CPU

into the perf screen) Then, can you re-run it under 'perf record -g -p '? And then show me the output of perf report -g, expanding the first function call stacks to find out what is the eventual high-level caller of the spinning routine. This may give us the critical clues we need

Re: [Samba] Disable password complexity does not work?

in. > > Again, that's IIRC - but I think that's the case. That is correct on both counts, we do not honour it currently (GSoC project to do this is in progress), but if a windows DC changes the AD database to match the GPO, we will honour that. Andrew Bartlett -- Andrew

Re: [Samba] Odd Samba 4 ("4.2.0pre1-GIT-b505111"; actually only using client) behaviour #2 - "accept: Software caused connection abort".

ming connection. We need to throttle things until the system clears enough resources to handle this new socket. If we don't then we will spin filling the log and causing more problems. We don't panic as this is

Re: [Samba] Samba4 Member Server not working

> Here is the problems: > > When I run "getent passwd", it lists only the local users. For performance reasons, by default we do not list users in the AD domain. See winbind enum users in your smb.conf > When I run "id Administrator", it returns "No such use

Re: [Samba] Samba4 consumes more CPU

ng DLZ_BIND9 using the samba_upgradedns script, and see if that helps. I have had a more successful investigation with another user that indicates an issue there, trigged by double-processing of secure DNS updates from clients in our DNS server. Thanks, Andrew Bartlett -- Andrew Bartlett h

Re: [Samba] Add Win2008R2 DC to Samba4 domain

In terms of the Win2008R2 server not taking over the Samba domain, perhaps DNS is not configured on that DC, or the DNS configuration for the domain was stored in the replicated database (the bind9 flat file solution). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentica

Re: [Samba] samba-tool classicupgrade throws uncaught exception

#x27;s in the test environment where my samba4 server > is, or some tool that can assist in such. The 'Samba3' tools still work in Samba 4.0, so if you put the files in the 'expected' locations on in the new server, then you should be able to just edit them there, as if it

Re: [Samba] Is kerberos authentication against AD possible without joining the domain?

On Tue, 2013-08-20 at 09:43 -0500, Les Mikesell wrote: > On Mon, Aug 19, 2013 at 10:29 PM, Andrew Bartlett wrote: > > > > OK. > > > >> Most (maybe not all) of the windows boxes are already logged > >> into the domain as the appropriate user, but I don'

Re: [Samba] Is kerberos authentication against AD possible without joining the domain?

On Mon, 2013-08-19 at 18:22 -0500, Les Mikesell wrote: > On Mon, Aug 19, 2013 at 5:40 PM, Andrew Bartlett wrote: > > >> On CentOS (and presumably RHEL), the authconfig tool can set up > >> kerberos authentication via PAM so that locally added users can be > >&g

Re: [Samba] Is kerberos authentication against AD possible without joining the domain?

change on being part of the domain or not. I hope this helps, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe f

Re: [Samba] Samba 4 with LDAP proxy in DMZ

tips. Try just setting the DN as ldapbind...@bordengrammer.kent.sch.uk (AD allows these kind of DNs for binds). Otherwise, just turn up the logging on the Samba side and see what it says. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team

Re: [Samba] Upgrade

alled version's > private folder? Ensure you also move the sysvol tree, the lock, locks and state dirs and the etc/smb.conf file, and keep the xattrs. Essentially find the new location for all the files, and move them to match. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ A

Re: [Samba] Need support

On Sat, 2013-08-10 at 04:37 -0400, Scott Lovenberg wrote: > On Aug 10, 2013, at 4:22, Andrew Bartlett wrote: > > > On Sat, 2013-08-10 at 03:19 -0400, Scott Lovenberg wrote: > >> On Aug 5, 2013, at 0:09, ketut.nur...@dexagroup.com wrote: > >> > >>> d

[Samba] Upgrading Samba 3 DC to a Samba 4.0 AD DC

; > Is there any tools or support to provide upgrade solution from Samba 3 to > samba 4 ? See https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authenticati

Re: [Samba] Need support

ses from the 4.0 alpha series. Use of the samba-tool domain classicupgrade command remains and will remain fully supported. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] security.NTACL Not Being Set Using LXC Containers

> Does anyone know how NTACLs in XATTR compare to using 'vfs objects = > xattr_tdb' or any other options that I'm unaware of? Using the TDB backend is a very poor second choice, because if something other than Samba adds/deletes files, the inode-related entry may be either be left

Re: [Samba] How to use --simple-bind-dn in samba-tool

orrect. > > I could not find any documentation saying what the DN should be. Perhaps I need to be clearer: DO NOT USE --simple-bind-dn against an AD server. USE -U administrator Additionally, your DN above has a typo, cs=administrator rather than cn=administrator. Andrew Bartlett

Re: [Samba] samba4 and squid with NTLM auth

rate one ntlm_auth in client mode, another in squid-2.5-ntlmssp mode and copy the blobs back and forth), and demonstrate it? This will avoid all the complexity of squid, and help isolate the issue. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team

Re: [Samba] Samba 4 empty password

the password, it just performs calculations based on the stored hash. How did you set the 'empty' password in Samba? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT

Re: [Samba] Debian Package Updates

On Wed, 2013-08-07 at 17:58 +0100, Dominic Evans wrote: > On 5 August 2013 01:28, Andrew Bartlett wrote: > > On Fri, 2013-08-02 at 14:41 +0100, Dominic Evans wrote: > >> The debian package of samba4 is still sitting at 4.0.3 in > >> experimental. Please could someone

Re: [Samba] How to use --simple-bind-dn in samba-tool

more to the ldb* commands that samba-tool, which probably shouldn't show this option except it comes from common code). I hope this helps, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cataly

Re: [Samba] Samba 4 and DFS replication

omain controllers, and we have 2+ Windows servers doing DFS > between each other (where the Samba 4 file server isn't involved at > all), is that supported? That should be fine, we just don't implement that protocol yet. Andrew Bartlett -- Andrew Bartlett http://samba.org/~a

Re: [Samba] Joining DC

On Mon, 2013-08-05 at 16:03 +1200, Andrew Bartlett wrote: > On Fri, 2013-08-02 at 13:58 +1000, Alex Ferrara wrote: > > I am having some trouble joining a new samba4 server as a DC. I am pretty > > sure this stems from trying to use OpenChange and subsequently removing it. >

Re: [Samba] Samba4 domain trust

his, once that's done, the rest won't be too hard. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go

Re: [Samba] Problem to demote samba4 dc

move a dead DC from the AD domain. It shouldn't matter that it's a Samba DC. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To uns

[Samba] [PATCH] Allow dbcheck to fix Rid Set records

t; at least one mandatory attribute ('rIDNextRID') on entry 'CN=RID > Set,CN=DC1,OU=Domain Controllers,DC=domain,DC=local' wasn't specified!") > Checked 336 objects (1 errors) The attached patch should resolve this issue. Let me know if it helps. Thanks, A

Re: [Samba] Need support

; samba-client-3.0.23b-7mdv2007.0 > samba-doc-3.0.23b-7mdv2007.0 See: https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cata

Re: [Samba] Joining DC

ed network upgrade this to git master, and try to join another git master server to it? If that fails in the same way, we may wish to get a dump of this object (and potentially the database via a secure route) so we can investigate further. Thanks, Andrew Bartlett -- Andrew Bartlett http://sam

Re: [Samba] Joining DC

While I can understand the advise, this should work, just as we work with different versions of AD. Particularly after the 4.0 release. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst

Re: [Samba] Debian Package Updates

7 will follow shortly. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instruct

[Samba] [PATCH] Re: "./configure" LDAP checks failing on AIX

On Thu, 2013-08-01 at 11:10 +0200, Gilles Pion wrote: > 2013/7/31 Andrew Bartlett > > > > Very interesting! That we certainly can fix, thanks for the heads-up! > > I've also filed a bug on that issue: > https://bugzilla.samba.org/show_bug.cgi?id=10047 If I

Re: [Samba] Turnkey Samba 4 Solutions?

x27; solution - once you run provision, you should have a working domain. https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT

Re: [Samba] Problem to demote samba4 dc

nd tell it that the Samba DC is permanently off-line. The roles can be seized from there. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To u

Re: [Samba] Slow FIND_FIRST2 response

aster, as this is based on the file handle. Try: vfs objects = streams_xattr (if you use resource forks, then they may not fit, in which case perhaps try vfs objects = streams_depot, which uses a magic directory, but is less tidy and less efficient). Andrew Bartlett -- Andrew Bartlett h

Re: [Samba] samba4 - classicupgrade - problem - passdb.error uncaught exception - Cannot load backend methods for 'ldapsam:ldap://localhost' backend NT_STATUS_CANT_ACCESS_DOMAIN_INFO

--use-xattrs=yes > --realm=mydomain.com /samba3/smb.conf --dns-backend=BIND9_DLZ This is clearly your issue: > smbldap_search_domain_info: Problem during LDAPsearch: Timed out If your LDAP server is timing out, there is no hope Samba can upgrade this domain. You need to work out wh

Re: [Samba] "./configure" LDAP checks failing on AIX

conf.CHECK_FUNCS_IN('ldap_add_result_entry', 'ldap', > headers='ldap.h') Very interesting! That we certainly can fix, thanks for the heads-up! Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, S

Re: [Samba] "./configure" LDAP checks failing on AIX

conf.CHECK_FUNCS_IN('ldap_add_result_entry', 'ldap', > headers='ldap.h') Very interesting! That we certainly can fix, thanks for the heads-up! Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, S

Re: [Samba] Samba 4 Slow Performance

On Wed, 2013-07-31 at 10:07 +0800, Kinglok, Fong wrote: > On 29 Jul, 2013, at 1:13 PM, Andrew Bartlett wrote: > > > On Sat, 2013-07-27 at 23:20 +0800, Kinglok, Fong wrote: > >> Dear all, > >> > >> After using samba 3 for two years, I have just spent total

Re: [Samba] NT4 clients

erent with Windows 2008, rather than Samba 4.0 as an AD DC. Then I might be able to assist, otherwise, the only 'buggy' part of this would seem to be the new security behavior of Windows 7, which you may be able to disable. Andrew Bartlett -- Andrew Bartlett http://samba

Re: [Samba] NT4 clients

seful if the member server can still negotiate for only NTLM without protection, but waiting for that is for another day). Have you tested and shows windows behaves any differently? Finally, as a workaround try connecting to the machine by IP or by a name the KDC doesn't know. Andrew

Re: [Samba] Error on classic upgrade - valid group

e might not read that correctly in our internal handler, but nss_ldap would have, if configured. It's just a guess, but somewhere to start. Otherwise, perhaps look at this group and see if there is anything different about it? Can you show me the LDIF? Andrew Bartlett -- Andrew Bartlett ht

Re: [Samba] Does anyone think a mini-Samba server would be useful?

nk there even is an option to disable that code - but a 'cut down samba' isn't free either. Much of the bulk comes from library code we have come to depend on across the whole sever. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team

Re: [Samba] AD DC and the Guest account

the work. Certainly when matching windows (which I would like to do for this, but understand the desire to also have the smb.conf option work) the correct way is to see if Guest is enabled. Otherwise, it is a known issue, so at least don't feel bad about hitting it. Sorry, Andrew Bartlett -

Re: [Samba] "./configure" LDAP checks failing on AIX

ot;clean" way to patch configure to fix this > > Anyone able to help? Where is ldap.h on your system. It may be enough to just specify CFLAGS="-I/usr/local/openldap/include" ./configure (if that is where ldap.h is). If we have found ldap.h, it will be added to those tests.

Re: [Samba] samba4 - classicupgrade - problem - passdb.error uncaught exception - Cannot load backend methods for 'ldapsam:ldap://localhost' backend NT_STATUS_CANT_ACCESS_DOMAIN_INFO

73741606,NT_STATUS_CANT_ACCESS_DOMAIN_INFO) > I think you may have cleaned too much, or not have the right settings - this means that the ldap server listning on port 389 localhost does not have a copy of your Samba3 domain. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/

Re: [Samba] NT4 clients

le confirm the behavior is incorrect. NT4 doesn't know about Kerberos, I think any TGS traffic is highly likely a red herring. Are you really sure the client is issuing it, and you have not additional software installed on the NT4 machine? Andrew Bartlett -- Andrew Bartlett http://samba.o

Re: [Samba] Samba 4 Slow Performance

- be it in regards to your network, or our code, we don't mind either way, but we need to work out which to look into. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT

Re: [Samba] Upgrading samba3 to samba4 on a new server, and running them both at the same time

, particularly for NT System Policies, or if they change their machine account passwords. Additionally, the DCs will fight over the PDC role netbios name. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team

Re: [Samba] Samba4 join new DC: No RID Set DN - Failed to add RID Set

ize of 'rid' role: objectclass: modify > message must have elements/attributes! > > Still.. I have now been able to successfully join my domain - which does > solve my initial problem, so I'm happy there at least. > > (Interestingly, my shiny new DC does no

Re: [Samba] Win 2003 DC Demotion

hen this fails for you. It certainly is meant to work. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Building with debug symbols and different optimisation levels

been searching but cannot find a way to do this in the build system, I > can't even find where the optimisation level is set, however, I am > unfamiliar with waf. Is there a (even hacky) way to do this? Just pass whatever CFLAGS you desire to the ./configure wra

Re: [Samba] samba4 - error during classicupgrade

r ignore "-500" test but > when script read my "administrator" account, script hang because > administrator alread exist (created by full provision I suppose) Just rename 'Administrator' to 'English Administrator' and then after then upgrade, rename

Re: [Samba] samba4 - error during classicupgrade

tor. The issue is that we add it in english, so if you have a second administrator (a bad idea in my view) it will collide. Just remove that from the import source before you start. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samb

Re: [Samba] WARNING to those running Samba on OpenIndiana or other Illumos based systems with > 16 groups

On Wed, 2013-04-24 at 10:31 +1000, Andrew Bartlett wrote: > Just a heads-up, because this bug took me absolutely ages to chase down, > and I want to save others the same pain. > > Samba is perhaps the most prominent reason why you might find a user in > more than 16 groups on a U

Re: [Samba] About NAS versus Samba

On Fri, 2013-07-12 at 11:55 -0300, Fernando Lozano wrote: > Hi Andrew, > > > I work on a NAS product myself, and at this vendor and my previous > > vendor Samba 4.0 as an AD DC was all I ever needed to use to test the > > AD integration features of the NAS. Thanks, A

Re: [Samba] Samba 4.0.6 update - login issues

are of course free to test. Sorry, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions:

Re: [Samba] Samba4 KCC

ng something? One of our outstanding tasks is to replace our KCC with a new prototype developed in python. I don't know if it understands sites, but it was designed rather than what we have now, which was just put in place as a stop-gap. Andrew Bartlett -- Andrew Bartlett

  1   2   3   4   5   6   7   8   9   10   >