[Samba] Problem with authentification Samba 3.0.24
Dear listmembers, a few weeks ago i've installed a server based on openSUSE 10.0 and Samba 3.0.20 in addition to two existing Windows 2003 servers. My aim is to replace the Windows servers in medium term. The Samba server uses Kerberos v5 to authentificate the users against the W2003-Server. The W2003-Server ist the primary domain controller, the other W2K3-server is the backup domain controller. Samba is a domain member (via server = ADS). Nearly everthing works. But now my problem: The first connect to a samba share needs nearly 20 (!) seconds to be finished (via network places or via network drive - it's the same). If this connect is done, everything works fine. The logfiles show no(!) error or timeout or something like that. Have someone a clue, how i can disable the timeout at the first authentification? I've updated from 3.0.20 to 3.0.24, but nothing happens in that way. Other errors were fixed, but the timeout is the same. Thanks in advance for every hint. Regards, Michel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with authentification Samba 3.0.24
Hi Charles, i've tested this on the linux machine: firmacad4:~ # nslookup firma_cad_sv02.firma.de Server: 192.168.1.195 Address:192.168.1.195#53 Name: firma_cad_sv02.firma.de Address: 192.168.1.195 firmacad4:~ # nslookup 192.168.1.195 Server: 192.168.1.195 Address:192.168.1.195#53 195.1.168.192.in-addr.arpa name = firma_cad_sv02.firma.de. firmacad4:~ # nslookup 192.168.1.180 Server: 192.168.1.195 Address:192.168.1.195#53 180.1.168.192.in-addr.arpa name = firma_cad_sv04.firma.de. 192.168.1.180 ist the Samba Server, 192.168.1.195 ist the Windows PDC with DNS-Server. In my opinion, DNS is ok. Or not? Regards, Michael Charles Bueche schrieb: Hi, 20 seconds looks like a DNS timeout. Do your reverse-lookups work ? Charles On 13 févr. 07, at 20:21, Michael Paarmann wrote: -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with authentification Samba 3.0.24
Hallo Charles, firmacad4 is the linux server with samba. This is the hostname of it. The netbios name this machine firma_cad_sv04.firma.de. So, i've done the lookups on the samba machine, you see. And the lookups work without a delay. If done some additional test - i've tested the network performance with netio. And it's good, too. Hmmm... regards, Michel Charles Bueche schrieb: Hi, your tests show that DNS contains the records, but you should run the nslookps on the samba server, not on firmacad4. Charles On 14 févr. 07, at 10:47, Michael Paarmann wrote: Hi Charles, i've tested this on the linux machine: firmacad4:~ # nslookup firma_cad_sv02.firma.de Server: 192.168.1.195 Address:192.168.1.195#53 Name: firma_cad_sv02.firma.de Address: 192.168.1.195 firmacad4:~ # nslookup 192.168.1.195 Server: 192.168.1.195 Address:192.168.1.195#53 195.1.168.192.in-addr.arpa name = firma_cad_sv02.firma.de. firmacad4:~ # nslookup 192.168.1.180 Server: 192.168.1.195 Address:192.168.1.195#53 180.1.168.192.in-addr.arpa name = firma_cad_sv04.firma.de. 192.168.1.180 ist the Samba Server, 192.168.1.195 ist the Windows PDC with DNS-Server. In my opinion, DNS is ok. Or not? Regards, Michael Charles Bueche schrieb: Hi, 20 seconds looks like a DNS timeout. Do your reverse-lookups work ? Charles On 13 févr. 07, at 20:21, Michael Paarmann wrote: --Charles Bueche netnea ag, www.netnea.com gsm +41 79 330 0070 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with authentification Samba 3.0.24
Dear listmembers, a few weeks ago i've installed a server based on openSUSE 10.0 and Samba 3.0.20 in addition to two existing Windows 2003 servers. My aim is to replace the Windows servers in medium term. The Samba server uses Kerberos v5 to authentificate the users against the W2003-Server. The W2003-Server ist the primary domain controller, the other W2K3-server is the backup domain controller. Samba is a domain member (via server = ADS). Nearly everthing works. But now my problem: The first connect to a samba share needs nearly 20 (!) seconds to be finished (via network places or via network drive - it's the same). If this connect is done, everything works fine. The logfiles show no(!) error or timeout or something like that. Have someone a clue, how i can disable the timeout at the first authentification? I've updated from 3.0.20 to 3.0.24, but nothing happens in that way. Other errors were fixed, but the timeout is the same. Thanks in advance for every hint. Regards, Michel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] CANNOT ACCESS MY DOMAIN ANYMORE ?!?
Hi there ! I've configured a Samba 2.2.8a-Server as a NT-PDC and it work very fine with nearly 50 workstations. But now a strange problem appears: I cannot add a Win2000-Workstation to my domain anymore. I've tried a lot of things (changing the computer name, deleting the machine account and crating a new one and so on...), but nothing works. Some days ago the Workstation was a member of the domain. I've changed nothing, but i can't add it anymore. Win2000 says always, that there a conflict. On other workstations the same operation works fine. I fear, that this is a windows issue and not a Samba problem, so perhaps my posting is in the wrong mailinglist, but maybe anyone here can give me a hint. Thanx in advance !!! Regards, Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SWAT
At 22:01 25.02.2003 +0100, you wrote: Dear Andrew Tridgell, Hi. I'm not Mr. Tridgell, but i hope it's ok ;-) i am *not successful to run SWAT*. Can you help me? Look at your inetd.conf. Please uncomment or insert the following in the inetd.conf. swat stream tcp nowait.400 root/usr/sbin/swat swat And check, if you're inetd starts. If not, run rcinetd start. As an alternative, you can use Webmin for administrating Samba. It's very easy to install and runs directly: www.webmin.com Hope, my answers can help you. Michel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is Samba made for trash ?!?
Hi Jerry ! Do you have security = domain? Did you join teh Samba box to the domain using smbpasswd? Please supply a copy of your smb.conf. Send it to me off list if you want. Ok, here it is: [global] workgroup = Office os level = 128 server string = File- and Printserver encrypt passwords = Yes guest account = Nobody map to guest = Bad User security = DOMAIN printing = LPRNG printcap name = /etc/printcap load printers = Yes socket options = TCP_NODELAY passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *Password*changed* unix password sync = yes local master = YES character set = ISO8859-15 client code page = 850 mangle case = no case sensitive = no short preserve case = yes preserve case = yes time server = yes admin users = domadmin log file = /var/log/samba/samba_log.%U@%m max log size = 500 log level = 0 logon script = %U.bat logon path = \\server_office01\%U\profileNT logon home = \\server_office01\%U hide dot files = yes domain logons = YES domain master = YES preferred master = True local master = Yes wins support = Yes hosts allow = 192.168.0. hosts deny = ALL EXCEPT 192.168.0. kernel oplocks = NO level2 oplocks = NO [homes] comment = Home Directories read only = No create mask = 0770 directory mask = 0770 browseable = No oplocks = no [netlogon] comment = Network Logon Service path = /home/samba/netlogon [printers] comment = Alle Drucker path = /tmp create mask = 0600 printable = Yes browseable = No printer admin = @ma oplocks = no [profiles] comment = Network Profiles Service path = /home/%U/profileNT writeable = yes create mode = 0770 directory mode = 0770 browseable = No oplocks = NO [interna] path = /daten/interna create mode = 0770 directory mode = 0770 force group = ma valid users = @ma comment = Interna write list = @ma oplocks = NO and so on... I've disabled all oplocks. With them the clients crashed much more often than without. But Samba is a lot slower. You are dealing with a different network protocol and different network clients. No, i'm only working with TCP/IP now. And yes, the clients work with W98 or W2K. It is possible that a misformatted response could cause client crashes (like explorer.exe or spoolss.exe), but you are going to have to be more specific here. That's right. Spool32.exe or spoolss.exe die very often. I can see a read or a write socket error in the log list nearly at the same time. I will say that there are no known issues of clients crashing due to the Samba release. Or are 35 workstations and 15 printers too much for one Samba server ? No. Samba on apprpriate hardware can handle much more than that :-) Ok. Upgrade to 2.2.7a. You are running an older release. Hmm, do you really think that this can solve some of my problems? The update from 2.2.3a to 2.2.5 wasn't very effective. But is there a possibility to set Samba in a kind of Compatibility Mode, so that i can be sure the source of the problems isn't Samba ? Thanks in advance. Michel cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+VPZDIR7qMdg1EfYRAt+AAKDDQwSXQQoUeK+O1wxGnlDCen5K+QCgpkAl OA37r8xHJJE89qdjX9ZR2w8= =9NZO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Is Samba made for trash ?!?
Hi Sambafriends ! I have done a migration from Novell to a Samba-PDC in a medium enterprise with nearly 50 workstations eight weeks ago. When i look at the /var/log/warn listing i still see some errors, and i like to ask you, if this messages are normal ? smbd[7809]: [2003/02/11 18:26:45, 0] smbd/password.c:domain_client_validate(1517) smbd[7809]: domain_client_validate: could not fetch trust account password for domain OFFICE smbd[4902]: [2003/02/11 18:32:32, 0] lib/util_sock.c:read_data(436) smbd[4902]: read_data: read failure for 4. Error = Connection reset by peer smbd[3535]: [2003/02/11 18:33:28, 0] lib/util_sock.c:read_data(436) smbd[3535]: read_data: read failure for 4. Error = No route to host smbd[30829]: [2003/02/11 14:02:15, 0] rpc_server/srv_netlog.c:api_net_sam_logon(206) smbd[30829]: api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON. smbd[30829]: [2003/02/11 14:02:15, 0] rpc_server/srv_pipe.c:api_rpcTNP(1200) smbd[30829]: api_rpcTNP: api_netlog_rpc: NET_SAMLOGON failed. smbd[3777]: [2002/12/23 12:03:43, 0] lib/util_sock.c:write_socket_data(500) smbd[3777]: write_socket_data: write failure. Error = Broken pipe The workstations run with Win98, Win 2000 and Win XP Pro. I have diabled all oplocks (because i had a lot of oplock-failures). The workstation now hang more often than with the Novell-Server. I fear, that the read_date and the write_socket_data errors cause this hangs. And after i have disabled the oplocks and the socket options Samba is very slow. The same hardware has worked under Novell very well and more stable in inaction with the workstations. I'm frustrated - please help. Thanx. Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is Samba made for trash ?!?
Hi! At 21:25 19.02.2003 -0600, you wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 19 Feb 2003, Michael Paarmann wrote: smbd[7809]: [2003/02/11 18:26:45, 0] smbd/password.c:domain_client_validate(1517) smbd[7809]: domain_client_validate: could not fetch trust account password for domain OFFICE Is office you domain? Did you successfully join the domain? Yes. And that's what confuse me. Everyone from a Win98 or W2K workstation can log in and gets the login script and so on - but Samba generates this error message. Can i ignore this ? If yes, it's ok, but this messages fill up my logs. smbd[4902]: [2003/02/11 18:32:32, 0] lib/util_sock.c:read_data(436) smbd[4902]: read_data: read failure for 4. Error = Connection reset by peer The client dropped the socket. Not Samba. smbd[3535]: [2003/02/11 18:33:28, 0] lib/util_sock.c:read_data(436) smbd[3535]: read_data: read failure for 4. Error = No route to host Did the client crash? In this case:Yes. And the clients crash much more often than before i replace the old server based on novell with Samba. The intenstion of replacing novell was to stabilize the network. I've checked the hardware once again and it's ok. But this messages appears whether the client dies or not! Or are 35 workstations and 15 printers too much for one Samba server ? smbd[30829]: [2003/02/11 14:02:15, 0] rpc_server/srv_netlog.c:api_net_sam_logon(206) smbd[30829]: api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON. Please see the ml archives on this one. 99% chance you can ignore it. Can i disable this warning ? smbd[30829]: [2003/02/11 14:02:15, 0] rpc_server/srv_pipe.c:api_rpcTNP(1200) smbd[30829]: api_rpcTNP: api_netlog_rpc: NET_SAMLOGON failed. smbd[3777]: [2002/12/23 12:03:43, 0] lib/util_sock.c:write_socket_data(500) smbd[3777]: write_socket_data: write failure. Error = Broken pipe cheers, jerry thankx. Michel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Experience with Samba - are errors normal ?
Hi Sambafriends ! I have done a migration from Novell to a Samba-PDC in a medium enterprise with nearly 50 workstations eight weeks ago. After a couple of problems the most things run well. But i have a few questions left and it would be nice, if an experienced user can help me: When i look at the /var/log/warn listing i still see some errors, and i like to ask you, if this messages are normal ? smbd[7809]: [2003/02/11 18:26:45, 0] smbd/password.c:domain_client_validate(1517) smbd[7809]: domain_client_validate: could not fetch trust account password for domain OFFICE smbd[4902]: [2003/02/11 18:32:32, 0] lib/util_sock.c:read_data(436) smbd[4902]: read_data: read failure for 4. Error = Connection reset by peer smbd[3535]: [2003/02/11 18:33:28, 0] lib/util_sock.c:read_data(436) smbd[3535]: read_data: read failure for 4. Error = No route to host smbd[30829]: [2003/02/11 14:02:15, 0] rpc_server/srv_netlog.c:api_net_sam_logon(206) smbd[30829]: api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON. smbd[30829]: [2003/02/11 14:02:15, 0] rpc_server/srv_pipe.c:api_rpcTNP(1200) smbd[30829]: api_rpcTNP: api_netlog_rpc: NET_SAMLOGON failed. smbd[3777]: [2002/12/23 12:03:43, 0] lib/util_sock.c:write_socket_data(500) smbd[3777]: write_socket_data: write failure. Error = Broken pipe The workstations run with Win98, Win 2000 and Win XP Pro. I have diabled all oplocks (because i had a lot of oplock-failures). The workstation now hang more often than with the Novell Server. I fear, that the read_date and the write_socket_data errors cause this hangs. It would be very nice, if you could help me. I'm sure that a lot of other samba-users have the same problems. Thanx. Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] fine grain perms
Hi! What I mean is; dir /a/b/c/d condition; 1) dir abc cannot be deleted 2) dir d can be deleted 3) files in dir ab cannot be deleted but can be created 4) files in dir cd can be deleted As a work around I've created an empty tree structure (a sort of template) and have just renamed the dirs while maintaning the custom perms. Would be nice if it were dynamic. I have nearly the same problem. But, sorry, i don't have real solution for this. I try to set the permissions with the unix rights. In addition to create mask and directory mask i use the sticky bits to realize my permission structure. It's sad to say, but i think, that this to a real big disadvantage of Samba. If you try to set a complex permission structure, it's very difficult work. With Windows or especially Novell it's much more easier, i think. Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] fine grain perms
Hi! What I mean is; dir /a/b/c/d condition; 1) dir abc cannot be deleted 2) dir d can be deleted 3) files in dir ab cannot be deleted but can be created 4) files in dir cd can be deleted As a work around I've created an empty tree structure (a sort of template) and have just renamed the dirs while maintaning the custom perms. Would be nice if it were dynamic. I have nearly the same problem. But, sorry, i don't have real solution for this. I try to set the permissions with the unix rights. In addition to create mask and directory mask i use the sticky bits to realize my permission structure. It's sad to say, but i think, that this is a real big disadvantage of Samba. If you try to set a complex permission structure, it's a very difficult work. With Windows or especially Novell it's much more easier, i think. Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Win98 policies,profiles and logon scripts
Hi ! Please post your smb.conf . It may help to solve your problem. Regards, Michael At 12:10 06.02.2003 -0500, you wrote: I am running Samba 2.2.3a and have my users logging into the 'samba domain'. My WinNT and WinXP users are working fine with roaming profiles and policies. My problem is my Win98 users. The logon script doesn't seem to be working, i.e. when I log onto a Win98 machine (logging into the domain), the logon script doesn't run. I have opened up the permissions to the logon script (for testing) and that doesn't seem to help, it's still not running. Also, I have implemented a domain policy to 'exclude directories in roaming profiles', namely temporary internet files, cookies, etc. This policy works fine for WinNT but doesn't seem to work for Win98, is this a 'feature' of WinNT and not Win98? I did create separate policies for WinNT (ntconfig.POL) and Win98 (config.POL). Other settings within the policy ARE working, for example, restricting the screen saver tab on the display. Joseph Morin Dominion Diagnostics -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba as PDC for WinXP, Win98 and Win95
Hi! If done the same job, but i've replaced a novell server with a samba pdc based on SuSE Linux. I had different problems with Win XP Pro, but none with the other WinOS. Have you installed the SignOrSeal-Patch? Without this, you can't logon with a win xp machine on a samba domain. Use Google to find this patch. Regards, Michael At 13:54 27.01.2003 -0200, you wrote: well, first thing to know... is your Xp home or professional ? if is home, bad news, great troubles... if professional, try The Windows XP service pack 1, here at my network it has worked very well... but if is home... all logon scripts and profiles will be stored locally at the client side, no way to do different. another thing to do is to create a machine account on the samba side, just like an NT4 machine. At 12:20 27/01/03, you wrote: Hello! Ive just got the lovely job of converting and old Windows NT 4 fileserver to FreeBSD, ive set up samba before as a simple fileshare but this place requires roaming profile login from WinXP, Win98 and Win95 clients. My question is whether or not any of you people have any experience with this and might be able to give some tips on the way? I've tried fidling with it but i cant get my WinXP clients to logon to the domain :( I need all the help i can get :) regards Simon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] oplock_break: client failure in break - shutting down thissmbd.
Dear list! I'm very confused and it would be very nic, if someone can help me. I've installed a Sambaserver (2.2.3a) based on SuSE Linux 8.0. Nealy 40 clients with Windows 98, Windows 2000 or Windows XP Pro are working with this Samba. Now my problem: Sometimes the client are crashing down and i see in /var/log/warn something like: oplock_break: client failure in break - shutting down this smbd. before they crash. I've searched Google and so on, but i haven't find an acceptable solution for this. But i've seen, thatr a lot people have this problem too. So, does anyone have an answer or a tip ?! Thanks in advance. Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] oplock_break: client failure in break - shutting down this smbd.
Thanks for your quick help. Hmm, performance. How drastic is the lost of performance if i disable oplocks. And isn't it a problem, when i disable them and some tries to open an already opened file? Michael At 11:41 26.01.2003 -0500, you wrote: Read about oplocks in the samba documentation. SWAT might be nice. Disable oplocks on your samba server, if you don't mind the performance hit. Oplocks are fine when they work, but a source of file corruption when they fail. shutting down this smbd just means that the daemon serving that connection is closing. This is good. Joel On Sun, Jan 26, 2003 at 05:27:21PM +0100, Michael Paarmann wrote: Dear list! I'm very confused and it would be very nic, if someone can help me. I've installed a Sambaserver (2.2.3a) based on SuSE Linux 8.0. Nealy 40 clients with Windows 98, Windows 2000 or Windows XP Pro are working with this Samba. Now my problem: Sometimes the client are crashing down and i see in /var/log/warn something like: oplock_break: client failure in break - shutting down this smbd. before they crash. I've searched Google and so on, but i haven't find an acceptable solution for this. But i've seen, thatr a lot people have this problem too. So, does anyone have an answer or a tip ?! Thanks in advance. Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ___ squIT - Individuelle IT-Lösungen Michael Paarmann Saturnweg 23 D- 45478 Mülheim an der Ruhr Fon:02 08 / 77 87 56 3 Mobil:01 79 / 77 43 96 0 Fax:02 08 / 301 77 66 E-Mail: [EMAIL PROTECTED] M-Mail: [EMAIL PROTECTED] Web: http://www.squIT.de __