[Samba] Samba migration to a new server
Hi all, Is it possible to migrate Samba to a new server without breaking Domain membership of all the clients ? I didnt get any info on that issue, is there someone that has previous experience of doing that ? Or maybe a link to some relevant info ? I have currently a Samba 3.5.6 server that acts as a PDC and print Server, with tdbsam backend, no LDAP at all, no roaming profile. I have to migrate samba to a new server. Everything (Samba release, Domain Name, shares, ...) will remain the same except for the DNS name and IP address of the server, and the samba server netbios name. What is the best way to proceed to make this migration as seamless as possible for all users (more than 200 user accounts with more than 200 PC in the domain) ? I guess that just moving all the samba configuration files from the old machine to the new one will not be enough. Thanks in advance. I really need your help. Henri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba migration to a new server
Hi Gaiseric, It may actually be easier to move everything including hostname and IP to the new server and just shutdown the old (this would have to be off hours.) You should be able to do the following- - Configure the new server as a BDC. I don't know for use if you can configure a BDC with a TDB backend- From the Samba HowTo (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html#i d2565778 ) it seems that a BDC can be configured only with a LDAP backend. if not you may have to make the new server a PDC. I don't think I can run 2 PDCs on the same Domain , right ? - Copy the samba private directory (with the tdb files) from the 1st server to the 2nd server. In effect, this temporarily syncs the two servers. Is it sufficient ? Do I have to set the local SID of the BDC as the value of the PDC's SID ? i.e. : [oldserver$]net getlocalsid - value ... [newserver$]net setlocalsid value - promote the new server to PDC and the old server to BDC. - after hours- move the shared directories to the BDC, update login script if necessary. By After hours , do you mean after some sufficient long delay (one day ?) for everyclient to have authenticated with the BDC ? Clients will connect to either a PDC or a BDC for authentication.- it doesn't really matter that much except that clients will prefer a BDC if available. Once you take the OLD server offline you may need to have clients reboot to have them use the new server for authentication. But at least domain membership will not be broken? This is not a problem, I can easily ask all users to reboot. Are you using a WINS server? Yes , samba is also WINS server. Is it important ? I will have to make some heavy testing before doing the actual migration. Having 200 clients breaking their Domain membership will be some kind of a disaster :-( . Thanks a lot for your help. Any additional information welcome. Henri -Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of henri Sent: Wednesday, January 12, 2011 7:26 AM To: samba@lists.samba.org Subject: [Samba] Samba migration to a new server Hi all, Is it possible to migrate Samba to a new server without breaking Domain membership of all the clients ? I didn't get any info on that issue, is there someone that has previous experience of doing that ? Or maybe a link to some relevant info ? I have currently a Samba 3.5.6 server that acts as a PDC and print Server, with tdbsam backend, no LDAP at all, no roaming profile. I have to migrate samba to a new server. Everything (Samba release, Domain Name, shares, ...) will remain the same except for the DNS name and IP address of the server, and the samba server netbios name. What is the best way to proceed to make this migration as seamless as possible for all users (more than 200 user accounts with more than 200 PC in the domain) ? I guess that just moving all the samba configuration files from the old machine to the new one will not be enough. Thanks in advance. I really need your help. Henri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba migration to a new server
Hi Helmut Thanks for your answer. I have done a similar test some weeks ago without success. The client I tested have lost the Domain membership but I am not sure it was shutdown at the moment I switched from old to new server. In your case, has your new server a different DNS Name , IP address and netbios name from the old one ? Actually, if there are only a few clients that have to be manually rejoinded to the domain, it could be acceptable. The *ABSOLUTE* condition is that every users keep their windows profile (so their Domain SID I guess) once the switch has occurred. Thanks again. Henri -Message d'origine- De : samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] De la part de Helmut Hullen Envoyé : mercredi 12 janvier 2011 19:08 À : samba@lists.samba.org Objet : Re: [Samba] Samba migration to a new server Hallo, henri, Du meintest am 12.01.11: Is it possible to migrate Samba to a new server without breaking Domain membership of all the clients ? I didn?t get any info on that issue, is there someone that has previous experience of doing that ? Or maybe a link to some relevant info ? I have currently a Samba 3.5.6 server that acts as a PDC and print Server, with tdbsam backend, no LDAP at all, no roaming profile. I have to migrate samba to a new server. Everything (Samba release, Domain Name, shares, ...) will remain the same except for the DNS name and IP address of the server, and the samba server netbios name. What is the best way to proceed to make this migration as seamless as possible for all users (more than 200 user accounts with more than 200 PC in the domain) ? My usual way: - copy/overwrite /etc/samba to the new machine - copy/overwrite all user account and all machine account informations (especially in /etc/passwd and /etc/shadow) to the new machine - Stop samba on both machines - Shut off all Clients (that may be a bit neurotic ...) - start samba on the new machine - Start one client for testing - if ok: start the other clients Last friday a colleague and I have done these steps once more, successfully. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba migration to a new server
Yes it is exactly I have to do : migrate the current Samba setup to a new hardware configuration (new DNS name, IP address and netbios name. Everything else should remain the same). Henri -Message d'origine- De : samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] De la part de Helmut Hullen Envoyé : mercredi 12 janvier 2011 20:16 À : samba@lists.samba.org Objet : Re: [Samba] Samba migration to a new server Hallo, Mike, Du meintest am 12.01.11: Thank you too, for your kind response. Don't mention ... By the way: that description assumes that the new server is the new login server too and runs instead of the old server. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba migration to a new server
Hi Helmut Thanks for your answer. I have done a similar test some weeks ago without success. The client I tested have lost the Domain membership but I am not sure it was shutdown at the moment I switched from old to new server. In your case, has your new server a different DNS Name , IP address and netbios name from the old one ? Actually, if there are only a few clients that have to be manually rejoinded to the domain, it could be acceptable. The *ABSOLUTE* condition is that every users keep their windows profile (so their Domain SID I guess) once the switch has occurred. Thanks again. Henri -Message d'origine- De : samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] De la part de Helmut Hullen Envoyé : mercredi 12 janvier 2011 19:08 À : samba@lists.samba.org Objet : Re: [Samba] Samba migration to a new server Hallo, henri, Du meintest am 12.01.11: Is it possible to migrate Samba to a new server without breaking Domain membership of all the clients ? I didn?t get any info on that issue, is there someone that has previous experience of doing that ? Or maybe a link to some relevant info ? I have currently a Samba 3.5.6 server that acts as a PDC and print Server, with tdbsam backend, no LDAP at all, no roaming profile. I have to migrate samba to a new server. Everything (Samba release, Domain Name, shares, ...) will remain the same except for the DNS name and IP address of the server, and the samba server netbios name. What is the best way to proceed to make this migration as seamless as possible for all users (more than 200 user accounts with more than 200 PC in the domain) ? My usual way: - copy/overwrite /etc/samba to the new machine - copy/overwrite all user account and all machine account informations (especially in /etc/passwd and /etc/shadow) to the new machine - Stop samba on both machines - Shut off all Clients (that may be a bit neurotic ...) - start samba on the new machine - Start one client for testing - if ok: start the other clients Last friday a colleague and I have done these steps once more, successfully. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba migration to a new server
Hi Gaiseric, It may actually be easier to move everything including hostname and IP to the new server and just shutdown the old (this would have to be off hours.) You should be able to do the following- - Configure the new server as a BDC. I don't know for use if you can configure a BDC with a TDB backend- From the Samba HowTo (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html#i d2565778 ) it seems that a BDC can be configured only with a LDAP backend. if not you may have to make the new server a PDC. I don't think I can run 2 PDCs on the same Domain , right ? - Copy the samba private directory (with the tdb files) from the 1st server to the 2nd server. In effect, this temporarily syncs the two servers. Is it sufficient ? Do I have to set the local SID of the BDC as the value of the PDC's SID ? i.e. : [oldserver$]net getlocalsid - value ... [newserver$]net setlocalsid value - promote the new server to PDC and the old server to BDC. - after hours- move the shared directories to the BDC, update login script if necessary. By After hours , do you mean after some sufficient long delay (one day ?) for everyclient to have authenticated with the BDC ? Clients will connect to either a PDC or a BDC for authentication.- it doesn't really matter that much except that clients will prefer a BDC if available. Once you take the OLD server offline you may need to have clients reboot to have them use the new server for authentication. But at least domain membership will not be broken? This is not a problem, I can easily ask all users to reboot. Are you using a WINS server? Yes , samba is also WINS server. Is it important ? I will have to make some heavy testing before doing the actual migration. Having 200 clients breaking their Domain membership will be some kind of a disaster :-( . Thanks a lot for your help. Any additional information welcome. Henri -Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of henri Sent: Wednesday, January 12, 2011 7:26 AM To: samba@lists.samba.org Subject: [Samba] Samba migration to a new server Hi all, Is it possible to migrate Samba to a new server without breaking Domain membership of all the clients ? I didn't get any info on that issue, is there someone that has previous experience of doing that ? Or maybe a link to some relevant info ? I have currently a Samba 3.5.6 server that acts as a PDC and print Server, with tdbsam backend, no LDAP at all, no roaming profile. I have to migrate samba to a new server. Everything (Samba release, Domain Name, shares, ...) will remain the same except for the DNS name and IP address of the server, and the samba server netbios name. What is the best way to proceed to make this migration as seamless as possible for all users (more than 200 user accounts with more than 200 PC in the domain) ? I guess that just moving all the samba configuration files from the old machine to the new one will not be enough. Thanks in advance. I really need your help. Henri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Server migration
Hi all (and best wishes for the new year to everyone :-) ) I have currently a Samba 3.5.6 server that acts as a PDC and print Server, with tdbsam backend, no LDAP at all. In a very next future, I will have to migrate samba to a new server (a VM actually). This migration will have to be seamless for all users (more than 200 user accounts with more than 200 PC in the domain). The technical constraints will be : - migration from Readhat 9.0 to Centos 5.5 - the DNS name of the new server will change - the IP address of the new server will change (but still in the same network) - the samba server netbios name (which is currently the same as the machine DNS name) will have to be changed - everything else should remain the same : domain name , shares, home directory, domain admin account, ... , the netlogon scripts can be adapted if necessary My objectives are that after migration : 1) All PC that are currently joined to the domain will stay in the domain 2) All users will keep their SID and thus their original sessions on their PC What is the best way to proceed ? I guess that just moving all the samba configuration files to the new machine will not be enough. Thanks in advance for your help. Henri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: Windows 7 problems
-Message d'origine- De : samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] De la part de Cain, Marc Envoyé : mardi 9 novembre 2010 21:34 À : samba@lists.samba.org Objet : [Samba] Fwd: Windows 7 problems On Nov 9, 2010, at 7:29 AM, henri wrote: I have a couple of questions related to Windows 7 : - opening a domain session on the Win7 client takes a long time. At least 40 seconds, while there is no delay on XP client. Is it a kown problem ? A bug ? What can be done to avoid such a delay ? There are a least two timeouts that I've found that can affect domain logons -- Roaming profile logon timeout: When a user with a roaming profile attempts to logon to a Samba domain Windows will display the Welcome screen for 30 seconds before enabling the user's desktop. This bug does not affect Active Directory logons. Setting the GPO below to 0 seconds will work around this timeout. \\Computer Configuration\Administrative Templates\System\Set maximum wait time for the network if a user has a roaming user profile or remote home directory Set to: 0 -- Synchronous Logon script timeout: When the local Computer GPO is set to Run logon scripts synchronously Windows 7 displays the Welcome screen for 30 seconds before enabling the user's desktop. NOTE: this bug may only be extant in Windows 7 Professional, not Enterprise or may have been addressed in service pack. Creating the following REG_DWORD registry key will work around this bug: \\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Policies\System\DelayedDesktopSwitchTimeout Set to: 0001 There is also the solid color background bug (again, it may have since been addressed in a service pack): Change the background color to any .jpg image. Thanks for that. After some tests I got it work. - in smb.conf , the %a value for Windows 7 is Vista , right ? Don't know. The %a switch hasn't worked in our shop for some time. Windows 7 will tag the profile folder listed with a .V2 extension or will expect a .V2 extension. I was asking for the %a substitution in order to call the right script file at logon . For me , logon%a.cmd is substitued by logonVista.cmd . I assume it's ok. - NT Default Profile no longer works with Windows 7 . I guess it is normal , but is there a workaround ? Default User profiles do work with Windows 7 and Samba. See the article for Windows 7 default profile details: http://support.microsoft.com/kb/973289 Thanks for the link. I will try the procedure. - Same question for NT policies : I assume it is normal that windows 7 does not support NTconfig.pol files any longer. Nevertheless, is there a way to get the same features ? For these kind of functionality (having some control of user profiles on Win7 clients) , is AD the only and inescapable solution ? We create a local group policy that we copy from the server via logon script at logon time. Works great for bot WinXP and Windows 7. How do you generate the policy file and how do you copy it from server to client via logon script ? XP was automaticaly loading ntconfig.pol (generated by the old poledit.exe) in the netlogon directory , but what about Win 7 ? Thanks for your help. Henri For my needs (200 domain users), NT domain was a sufficient solution and worked perfectly with XP. I am affraid that with Windows 7, I will have to move to something much more and unnecessarily complex :-( . Thanks in advance for your help. Henri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 problems
Hi, I have upgraded to Samba 3.5.6 for Windows 7 Pro compatibility. I am in a test phase to evaluate the behavior of Windows 7 in a Samba PDC environment. I have one Samba server as a PDC with tdbsam backend (no LDAP at all), and I applied the reg and patch as described in the wiki. I have a couple of questions related to Windows 7 : - opening a domain session on the Win7 client takes a long time. At least 40 seconds, while there is no delay on XP client. Is it a kown problem ? A bug ? What can be done to avoid such a delay ? - in smb.conf , the %a value for Windows 7 is Vista , right ? - NT Default Profile no longer works with Windows 7 . I guess it is normal , but is there a workaround ? - Same question for NT policies : I assume it is normal that windows 7 does not support NTconfig.pol files any longer. Nevertheless, is there a way to get the same features ? For these kind of functionality (having some control of user profiles on Win7 clients) , is AD the only and inescapable solution ? For my needs (200 domain users), NT domain was a sufficient solution and worked perfectly with XP. I am affraid that with Windows 7, I will have to move to something much more and unnecessarily complex :-( . Thanks in advance for your help. Henri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot browse domain user list with 3.3.9 (and higher)
Hi Well, I finally fixed the problem on my own. For some reason, I had some badly encoded accentuated characters in the passdb.tdb in the description field of some accounts. They probably come from a samba 2.x smbpasswd file that was used in the past before upgrading to 3.x and tdb backend. I simply fixed it by checking (pdbedit + grep) all accounts , and correct them with usrmgr.exe under 3.3.2 , and then upgrade to 3.3.9 . It works. I will now upgrade directly to 3.5.6. These characters were treated correctly up to samba 3.3.2 but it seems something has changed about encoding of chars in the next versions, or maybe a bug ? Hope this can be useful to anyone. Henri -Message d'origine- De : samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] De la part de henri Envoyé : lundi 25 octobre 2010 21:00 À : samba@lists.samba.org Objet : Re: [Samba] Cannot browse domain user list with 3.3.9 (and higher) Hi Sorry to ask again, but I am really in trouble to upgrade my samba server from 3.3.2 to higher. I made some other tests with various version up to 3.5.4 I get the same symptoms and the same error as below : Bad char conversion. Is there a compatibility problem between Samba version ? Do I have to purge some old cached files in the var/locks dir (or other) ? Did I miss to compile samba with a specific option or specific lib ? Please help Thanks in avance. Henri -Message d'origine- De : samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] De la part de henri Envoyé : mercredi 20 octobre 2010 21:26 À : samba@lists.samba.org Objet : [Samba] Cannot browse domain user list with 3.3.9 Hi, I am trying to upgrade Samba from 3.3.2 to 3.3.9 for Win7 compatibility issue. It is running on Redhat 9.0 (I've planned to upgrade to Centos 5.5 in a second setp) and without any ldap backend (tdbsam actually). As I have already done in the past for upgrading, I have done the following procedure : 1) Compile 3.3.9 . My configure option are : ./configure --with-acl-support --enable-cups --with-pam --with-configdir=/usr/local/samba/etc --with-quotas --with-winbind 2) Stop the 3.3.2 service , and backup all the /usr/local/samba dir 3) make install the 3.3.9 4) restart the 3.3.9 service Everything seems to work fine, except that : - I can't use USRMGR.EXE anymore. I get a popup error when I run it : Incorrect Parameter, do you want to select another domain to administer . - I can't explore the users domain when I try to list the users for adding permissions to share a folder, or adding a domain user in a local group. I can see only the domain groups. I really need some help, I will have to deploy Win7 in a very near futur :-S . I have done some debugging in log level 2, it seems I got an error about Bad char conversion : When I run USRMGR.EXE : [2010/10/20 19:01:02, 2] smbd/close.c:close_normal_file(606) smbadmin closed file USRMGR.EXE (numopen=2) NT_STATUS_OK [2010/10/20 19:01:02, 2] smbd/open.c:open_file(551) smbadmin opened file USRMGR.EXE read=Yes write=No (numopen=3) [2010/10/20 19:01:02, 1] librpc/ndr/ndr.c:ndr_push_error(493) ndr_push_error(5): Bad char conversion [2010/10/20 19:01:02, 0] rpc_server/srv_pipe.c:api_rpcTNP(2381) api_rpcTNP: samr: SAMR_QUERYDISPLAYINFO failed. [2010/10/20 19:02:49, 1] librpc/ndr/ndr.c:ndr_push_error(493) ndr_push_error(5): Bad char conversion [2010/10/20 19:02:49, 0] rpc_server/srv_pipe.c:api_rpcTNP(2381) api_rpcTNP: samr: SAMR_QUERYDISPLAYINFO failed. When I try to list the domain users : 2010/10/20 19:03:43, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) Returning domain sid for domain CIRAD_STP - S-1-5-21-3907834674-2055786620-3212856667 [2010/10/20 19:03:43, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) Returning domain sid for domain CIRAD_STP - S-1-5-21-3907834674-2055786620-3212856667 [2010/10/20 19:03:43, 1] librpc/ndr/ndr.c:ndr_push_error(493) ndr_push_error(5): Bad char conversion [2010/10/20 19:03:43, 0] rpc_server/srv_pipe.c:api_rpcTNP(2381) api_rpcTNP: samr: SAMR_QUERYDISPLAYINFO failed. [2010/10/20 19:03:43, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) Returning domain sid for domain CIRAD_STP - S-1-5-21-3907834674-2055786620-3212856667 [2010/10/20 19:03:43, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) Returning domain sid for domain CIRAD_STP - S-1-5-21-3907834674-2055786620-3212856667 Here is the global section on my smb.conf : [global] log level = 2 netbios name = server1 server string = My Server workgroup = CIRAD_STP wins support = yes os level = 255 local master = yes preferred master = yes domain master
Re: [Samba] Cannot browse domain user list with 3.3.9 (and higher)
Hi Sorry to ask again, but I am really in trouble to upgrade my samba server from 3.3.2 to higher. I made some other tests with various version up to 3.5.4 I get the same symptoms and the same error as below : Bad char conversion. Is there a compatibility problem between Samba version ? Do I have to purge some old cached files in the var/locks dir (or other) ? Did I miss to compile samba with a specific option or specific lib ? Please help Thanks in avance. Henri -Message d'origine- De : samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] De la part de henri Envoyé : mercredi 20 octobre 2010 21:26 À : samba@lists.samba.org Objet : [Samba] Cannot browse domain user list with 3.3.9 Hi, I am trying to upgrade Samba from 3.3.2 to 3.3.9 for Win7 compatibility issue. It is running on Redhat 9.0 (I've planned to upgrade to Centos 5.5 in a second setp) and without any ldap backend (tdbsam actually). As I have already done in the past for upgrading, I have done the following procedure : 1) Compile 3.3.9 . My configure option are : ./configure --with-acl-support --enable-cups --with-pam --with-configdir=/usr/local/samba/etc --with-quotas --with-winbind 2) Stop the 3.3.2 service , and backup all the /usr/local/samba dir 3) make install the 3.3.9 4) restart the 3.3.9 service Everything seems to work fine, except that : - I can't use USRMGR.EXE anymore. I get a popup error when I run it : Incorrect Parameter, do you want to select another domain to administer . - I can't explore the users domain when I try to list the users for adding permissions to share a folder, or adding a domain user in a local group. I can see only the domain groups. I really need some help, I will have to deploy Win7 in a very near futur :-S . I have done some debugging in log level 2, it seems I got an error about Bad char conversion : When I run USRMGR.EXE : [2010/10/20 19:01:02, 2] smbd/close.c:close_normal_file(606) smbadmin closed file USRMGR.EXE (numopen=2) NT_STATUS_OK [2010/10/20 19:01:02, 2] smbd/open.c:open_file(551) smbadmin opened file USRMGR.EXE read=Yes write=No (numopen=3) [2010/10/20 19:01:02, 1] librpc/ndr/ndr.c:ndr_push_error(493) ndr_push_error(5): Bad char conversion [2010/10/20 19:01:02, 0] rpc_server/srv_pipe.c:api_rpcTNP(2381) api_rpcTNP: samr: SAMR_QUERYDISPLAYINFO failed. [2010/10/20 19:02:49, 1] librpc/ndr/ndr.c:ndr_push_error(493) ndr_push_error(5): Bad char conversion [2010/10/20 19:02:49, 0] rpc_server/srv_pipe.c:api_rpcTNP(2381) api_rpcTNP: samr: SAMR_QUERYDISPLAYINFO failed. When I try to list the domain users : 2010/10/20 19:03:43, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) Returning domain sid for domain CIRAD_STP - S-1-5-21-3907834674-2055786620-3212856667 [2010/10/20 19:03:43, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) Returning domain sid for domain CIRAD_STP - S-1-5-21-3907834674-2055786620-3212856667 [2010/10/20 19:03:43, 1] librpc/ndr/ndr.c:ndr_push_error(493) ndr_push_error(5): Bad char conversion [2010/10/20 19:03:43, 0] rpc_server/srv_pipe.c:api_rpcTNP(2381) api_rpcTNP: samr: SAMR_QUERYDISPLAYINFO failed. [2010/10/20 19:03:43, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) Returning domain sid for domain CIRAD_STP - S-1-5-21-3907834674-2055786620-3212856667 [2010/10/20 19:03:43, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) Returning domain sid for domain CIRAD_STP - S-1-5-21-3907834674-2055786620-3212856667 Here is the global section on my smb.conf : [global] log level = 2 netbios name = server1 server string = My Server workgroup = CIRAD_STP wins support = yes os level = 255 local master = yes preferred master = yes domain master = yes domain logons = yes security = user encrypt passwords = yes passdb backend = tdbsam:/usr/local/samba/private/passdb.tdb enable privileges = yes printcap name = /etc/printcap load printers = no printing = cups nt acl support = yes map acl inherit = yes inherit acls = yes obey pam restrictions = yes time server = yes username map = /usr/local/samba/etc/smbusers name resolve order = wins host lmhosts bcast logon script = logon%a.cmd logon path = logon drive = H: logon home = \\server1\%U Thanks in advance , any help would be very appreciated . Henri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot browse domain user list with 3.3.9
Hi, I am trying to upgrade Samba from 3.3.2 to 3.3.9 for Win7 compatibility issue. It is running on Redhat 9.0 (I've planned to upgrade to Centos 5.5 in a second setp) and without any ldap backend (tdbsam actually). As I have already done in the past for upgrading, I have done the following procedure : 1) Compile 3.3.9 . My configure option are : ./configure --with-acl-support --enable-cups --with-pam --with-configdir=/usr/local/samba/etc --with-quotas --with-winbind 2) Stop the 3.3.2 service , and backup all the /usr/local/samba dir 3) make install the 3.3.9 4) restart the 3.3.9 service Everything seems to work fine, except that : - I can't use USRMGR.EXE anymore. I get a popup error when I run it : Incorrect Parameter, do you want to select another domain to administer . - I can't explore the users domain when I try to list the users for adding permissions to share a folder, or adding a domain user in a local group. I can see only the domain groups. I really need some help, I will have to deploy Win7 in a very near futur :-S . I have done some debugging in log level 2, it seems I got an error about Bad char conversion : When I run USRMGR.EXE : [2010/10/20 19:01:02, 2] smbd/close.c:close_normal_file(606) smbadmin closed file USRMGR.EXE (numopen=2) NT_STATUS_OK [2010/10/20 19:01:02, 2] smbd/open.c:open_file(551) smbadmin opened file USRMGR.EXE read=Yes write=No (numopen=3) [2010/10/20 19:01:02, 1] librpc/ndr/ndr.c:ndr_push_error(493) ndr_push_error(5): Bad char conversion [2010/10/20 19:01:02, 0] rpc_server/srv_pipe.c:api_rpcTNP(2381) api_rpcTNP: samr: SAMR_QUERYDISPLAYINFO failed. [2010/10/20 19:02:49, 1] librpc/ndr/ndr.c:ndr_push_error(493) ndr_push_error(5): Bad char conversion [2010/10/20 19:02:49, 0] rpc_server/srv_pipe.c:api_rpcTNP(2381) api_rpcTNP: samr: SAMR_QUERYDISPLAYINFO failed. When I try to list the domain users : 2010/10/20 19:03:43, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) Returning domain sid for domain CIRAD_STP - S-1-5-21-3907834674-2055786620-3212856667 [2010/10/20 19:03:43, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) Returning domain sid for domain CIRAD_STP - S-1-5-21-3907834674-2055786620-3212856667 [2010/10/20 19:03:43, 1] librpc/ndr/ndr.c:ndr_push_error(493) ndr_push_error(5): Bad char conversion [2010/10/20 19:03:43, 0] rpc_server/srv_pipe.c:api_rpcTNP(2381) api_rpcTNP: samr: SAMR_QUERYDISPLAYINFO failed. [2010/10/20 19:03:43, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) Returning domain sid for domain CIRAD_STP - S-1-5-21-3907834674-2055786620-3212856667 [2010/10/20 19:03:43, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) Returning domain sid for domain CIRAD_STP - S-1-5-21-3907834674-2055786620-3212856667 Here is the global section on my smb.conf : [global] log level = 2 netbios name = server1 server string = My Server workgroup = CIRAD_STP wins support = yes os level = 255 local master = yes preferred master = yes domain master = yes domain logons = yes security = user encrypt passwords = yes passdb backend = tdbsam:/usr/local/samba/private/passdb.tdb enable privileges = yes printcap name = /etc/printcap load printers = no printing = cups nt acl support = yes map acl inherit = yes inherit acls = yes obey pam restrictions = yes time server = yes username map = /usr/local/samba/etc/smbusers name resolve order = wins host lmhosts bcast logon script = logon%a.cmd logon path = logon drive = H: logon home = \\server1\%U Thanks in advance , any help would be very appreciated . Henri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot browse domain user list with 3.5.4
My database backend is tdbsam : passdb backend = tdbsam:/usr/local/samba/private/passdb.tdb I have done exactly the same procedure to upgrade from 3.2.7 to 3.3.2 without any problem. Is there something new about privileges in 3.5 ? Henri _ De : t...@tms3.com [mailto:t...@tms3.com] Envoyé : samedi 24 juillet 2010 10:17 À : henri Cc : samba@lists.samba.org Objet : Re: [Samba] Cannot browse domain user list with 3.5.4 Does anyone have any idea about this problem ? I can't migrate because of it . Thanks in advance . What's your database backend. Hi, I am using Samba as a Domain Controler without AD nor LDAP. Everything works fine for a long time with samba 3.3.2. I am trying to upgrade to the latest samba release 3.5.4 . Here is the procedure I followed : - download, configure , and make samba 3.5.4 - stop the samba daemon (3.3.2 ) - backup the /usr/local/samba tree where samba 3.3.2 is installed - make install , (in the same location as 3.3.2 ) - restart the samba daemon (3.5.4) After doing some tests, everything seems to work ok. Except that : - when trying to use usrmgr.exe as a Domain Admin , I can't connect to the domain , I got the message : do you want to select another domain to administer - when I try to list the domain users (for adding Permissions to share a folder, or adding a domain user in a local group), I only see the domain groups, no domain users. Is it a known issue ? Does it have something to do with Domain Admin rights ? Please help ! Thanks in advance Henri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot browse domain user list with 3.5.4
Does anyone have any idea about this problem ? I can't migrate because of it . Thanks in advance . Hi, I am using Samba as a Domain Controler without AD nor LDAP. Everything works fine for a long time with samba 3.3.2. I am trying to upgrade to the latest samba release 3.5.4 . Here is the procedure I followed : - download, configure , and make samba 3.5.4 - stop the samba daemon (3.3.2 ) - backup the /usr/local/samba tree where samba 3.3.2 is installed - make install , (in the same location as 3.3.2 ) - restart the samba daemon (3.5.4) After doing some tests, everything seems to work ok. Except that : - when trying to use usrmgr.exe as a Domain Admin , I can't connect to the domain , I got the message : do you want to select another domain to administer - when I try to list the domain users (for adding Permissions to share a folder, or adding a domain user in a local group), I only see the domain groups, no domain users. Is it a known issue ? Does it have something to do with Domain Admin rights ? Please help ! Thanks in advance Henri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot browse domain user list with 3.5.4
Sorry, I resend my message in a more readable format :-S . Hi, I am using Samba as a Domain Controler without AD nor LDAP. Everything works fine for a long time with samba 3.3.2. I am trying to upgrade to the latest samba release 3.5.4 . Here is the procedure I followed : - download, configure , and make samba 3.5.4 - stop the samba daemon (3.3.2 ) - backup the /usr/local/samba tree where samba 3.3.2 is installed - make install , (in the same location as 3.3.2 ) - restart the samba daemon (3.5.4) After doing some tests, everything seems to work ok. Except that : - when trying to use usrmgr.exe as a Domain Admin , I can't connect to the domain , I got the message : do you want to select another domain to administer - when I try to list the domain users (for adding Permissions to share a folder, or adding a domain user in a local group), I only see the domain groups, no domain users. Is it a known issue ? Does it have something to do with Domain Admin rights ? Please help ! Thanks in advance Henri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Transfer Efficiency
Afternoon all, I'm running a transfer setup as follows: A - B - C - fairly simple, B initiates a transfer from A to C - B is a vital intermediary as it bridges two otherwise seperate networks. All machines have onboard Gigabit ethernet, A+B are connected via Crossover and B-C is connected by very fast switch (i.e. all connections should be able to use the full gig if they wanted to) I see an average of about 23-25% usage in both the crossover (A-B) and the connection (B-C) - are there any tricks you can recommend for me to speed up my transfers? Box A is the box running Samba 3.5.1-42.el5 Box B is Win Server 2003 Box C is a NAS (BSD) I've found a lot of what seems to be outdated information online like changing my SNDBUF to 8192 so I thought i'd drop an email to the list for more up to date information. Many thanks, Henri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Using the 'WatchSubDirectories' setting in a .NET FileSystemWatcher with a Samba Share
Hi all, I've just managed to upgrade to Samba 3.3 and am pretty ecstatic about finding i can now use FileSystemWatcher to watch for file changes in a directory. On a Windows system however, when I say 'watch $dir' with watchsubdirectories == true and $dir/a/file.jpg is changed, I get a filechanged notification - on Samba 3.3 this doesn't happen - does anyone know if it's a bug that was fixed, or something that's not being approached? I do get notifications for files in $dir with the above example. Is there anyway I can watch for changes in $dir/a/ $dir/b/ etc with my .NET program? References for these filesystem-level onchange events: http://lists.samba.org/archive/samba/2006-February/117361.html - Back in 2006 was when the first support for these events was implemented, i'm really wondering whether anyone knows if it's come any further than this - or whether it's a bug that's looking to be fixed, or whether it's simply never going to make it into Samba? Thanks in advance, first post to the list - whoop! Henri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Charset conversion : init_iconv error
Hi all, Debian Server with linux-image-2.6.18-5-amd64 and Samba 3.0.24-6et: When I run testparm I get the error: Load smb config files from /etc/samba/smb.conf init_iconv: Conversion from UTF-16LE to IS0-8859-15 not supported init_iconv: Attempting to replace with conversion from UTF-16LE to ASCII init_iconv: Conversion from UTF8 to IS0-8859-15 not supported init_iconv: Attempting to replace with conversion from ASCII to ASCII init_iconv: Conversion from IS0-8859-15 to UTF-16LE not supported init_iconv: Attempting to replace with conversion from ASCII to UTF-16LE init_iconv: Conversion from IS0-8859-15 to UTF8 not supported init_iconv: Attempting to replace with conversion from ASCII to ASCII init_iconv: Conversion from IS0-8859-15 to CP850 not supported etc. Someone has an idea? It seems to be a known issue, doesn'it? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem with init_iconv on Debian 4.0 Amd64
Hi, I' ve found a lot of issues of the same probllem on the web , but no solution. So if someone can help me? I have a Debian Server with linux-image-2.6.18-5-amd64 and Samba 3.0.24-6et in my smb.conf I put these lines: [global] unix charset = UTF8 display charset = IS0-8859-15 ... But when I run testparm I get the error: Load smb config files from /etc/samba/smb.conf init_iconv: Conversion from UTF-16LE to IS0-8859-15 not supported init_iconv: Attempting to replace with conversion from UTF-16LE to ASCII init_iconv: Conversion from UTF8 to IS0-8859-15 not supported init_iconv: Attempting to replace with conversion from ASCII to ASCII init_iconv: Conversion from IS0-8859-15 to UTF-16LE not supported init_iconv: Attempting to replace with conversion from ASCII to UTF-16LE init_iconv: Conversion from IS0-8859-15 to UTF8 not supported init_iconv: Attempting to replace with conversion from ASCII to ASCII init_iconv: Conversion from IS0-8859-15 to CP850 not supported init_iconv: Attempting to replace with conversion from ASCII to ASCII init_iconv: Conversion from IS0-8859-15 to UTF8 not supported init_iconv: Attempting to replace with conversion from ASCII to ASCII init_iconv: Conversion from CP850 to IS0-8859-15 not supported init_iconv: Attempting to replace with conversion from ASCII to ASCII init_iconv: Conversion from UTF8 to IS0-8859-15 not supported init_iconv: Attempting to replace with conversion from ASCII to ASCII ... On another Debian test server, with linux-image-2.6.18-6-686 and the same Samba environnement It works well !! Is there a bug on the 64 bits linux version and Samba ? Someone can help me? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] make_connection: connection to ipc$ denied due to security descriptor.
time: Tue, 19 Jan 2038 04:14:07 CET
Kickoff time: Tue, 19 Jan 2038 04:14:07 CET
Password last set:Thu, 25 Oct 2007 11:13:26 CEST
Password can change: 0
Password must change: Tue, 19 Jan 2038 04:14:07 CET
Last bad password : 0
Bad password count : 0
Logon hours : FF
What could it be wrong ?
Do you have an idea ?
Some post seen on Internet make me think to upgrade and this is caused
by the 3.0.24 version...
Could it be true ?
Thanks for your propositions.
- --
Marc-Henri PAMISEUX
_o _o _
// // // __
//__ // / o) //o // ///° ( °
/___/// /__/ // // //\\ .__)
S.A.R.L. Libricks
Maison de la technopole
6, rue Léonard de Vinci - BP 0119
53001 LAVAL Cedex
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHOKdLMJ9khz7GW8ERAuV5AJ9DJXfHCxXE3xB1qiGFiBfFifI3pwCfVYWH
ma+moVcQMf1fwpt1E5lQtKY=
=Ivyx
-END PGP SIGNATURE-
#=== Global Settings ===
[global]
;
## Browsing/Identification ###
workgroup = MYWORKGROUP
netbios name = RHEA
server string = Serveur-Fichiers
;
Debugging/Accounting
syslog = 0
syslog only = no
log level = 2
log file = /var/log/samba/log.%m
max log size = 1000
;
Browse Options
os level = 80
local master = yes
domain master = yes
preferred master = yes
;
## Domains ###
domain logons = yes
logon script = logon.cmd
logon drive = U:
logon home = \\%L\%U
# logon path = \\%L\%U\.winprofile
logon path =
;
## Wins Options ##
name resolve order = wins lmhosts hosts bcast
dns proxy = no
wins proxy = no
wins support = yes
;
### Authentication ###
security = user
null passwords = no
unix password sync = no
encrypt passwords = true
update encrypted = yes
map to guest = Bad User
passdb backend = ldapsam:ldap://127.0.0.1/ ldap://192.168.1.3/;
passwd program = /usr/sbin/smbldap-passwd ?u %u
admin users = administrateur,@SmbDomAdmins
guest account = guest
username map = /etc/samba/smbusers
password level = 5
username level = 5
valid users = administrateur,guest,@SmbDomAdmins,@SmbDomUsers,@SmbUsers
client ntlmv2 auth = no
# auth methods =
# obey pam restrictions = yes
# restrict anonymous = 1
# invalid users = root
# pam pasword change = no
# acl group control = yes
;
Ldap Options
ldap delete dn = yes
ldap admin dn = cn=admin,ou=ldapadmins,dc=local,dc=mydomain,dc=org
ldap suffix = dc=local,dc=mydomain,dc=org
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
ldap idmap suffix = ou=users
ldap ssl = no
ldap passwd sync = yes
;
Scripts Options
add user script = /usr/sbin/smbldap-useradd -m %u
delete user script = /usr/sbin/smbldap-userdel %u
add machine script = /usr/sbin/smbldap-useradd -w -i %u
add group script = /usr/sbin/smbldap-groupadd -p %g
# delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
panic action = /usr/share/samba/panic-action %d
;
Networking
bind interfaces only = true
interfaces = 127.0.0.1 192.168.1.2
remote announce = 192.168.1.255/HAPTION
socket options = IPTOS_LOWDELAY SO_KEEPALIVE TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
hosts allow = 127.0.0.1 192.168.1.0/24
hosts deny = 0.0.0.0/0
time server = yes
include = /etc/samba/dhcp.conf
;
Filename Handling
preserve case = yes
short preserve case = yes
case sensitive = no
# default case = lower
dos charset = 850
unix charset = UTF-8
hide files = /.*/desktop.ini/ntuser.ini/NTUSER.*/
veto files = /*.eml/*.nws/*.{*}/
veto oplock files = /*.doc/*.xml/*.mdb/
create mode = 0660
force create mode = 660
directory mode = 0770
force directory mode = 770
;
Locking Options
oplocks = yes
level2 oplocks = yes
strict locking = yes
posix locking = yes
kernel oplocks = yes
oplock contention limit = 2
share modes = yes
;
Protocol Options
smb ports = 139 445
announce version = 5.2
announce as = NT Server
;
Winbind Options
idmap backend =
winbind use
Re: [Samba] Cannot connect to NT 4 BDC Server
Cybionet a écrit : Salut Marc-Henri! :-) Ok the message A peripheral connected to this system doesn't works mean that the SID of your user/group are not the same of the Domain Controller. Check the SID between the result of 'net groupmap list' and 'net getlocalsid'. Robert So there is no other idea from this problem ? What research must i investigate now ? Regards, -- Marc-Henri PAMISEUX mél. [EMAIL PROTECTED] Tél. +33 0 243 020 161 31, rue des closeaux 53240 SAINT JEAN SUR MAYENNE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot connect to NT 4 BDC Server
() returned Yes added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 added interface ip=192.168.5.11 bcast=192.168.5.255 nmask=255.255.255.0 Client started (version 3.0.22). Connecting to 192.168.5.12 at port 445 error connecting to 192.168.5.12:445 (Connexion refusée) Connecting to 192.168.5.12 at port 139 session request ok Password: Domain=[ALITEC] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] session setup ok tconx ok dos_clean_name [] smb: \ exit Something else, when i try to connect from SERVEUR to SAMBA, using the LDAP user i've just add, all work nice: C:\ NET USE P: \\SAMBA\partage /USER:ALITEC\marcori Taper le mot de passe pour \\SAMBA\partage : La commande a été exécutée. C:\ P: P:\ dir [ ... some files ... ] P:\ C: C:\ NET USE P: /DELETE Connexions can be established in a single way ! In fact, when i go to NT4 server, in the domain user interface, menu Strategy - User rights, i can't see any strategy defined (they were defined before acting as a BDC). Before adding some strategy, i've create some well defined group and group mapping: # net groupmap list Administrators (S-1-5-32-544) - SmbAdministrators Replicators (S-1-5-32-552) - SmbReplicators Account Operators (S-1-5-32-548) - SmbAccountOperators Backup Operators (S-1-5-32-551) - SmbBackupOperators Domain Admins (S-1-5-21-114968459-120084214-1990678075-512) - SmbDomAdmins Domain Computers (S-1-5-21-114968459-120084214-1990678075-515) - SmbDomComputers Domain Guests (S-1-5-21-114968459-120084214-1990678075-514) - SmbDomGuests Domain Users (S-1-5-21-114968459-120084214-1990678075-513) - SmbDomUsers Print Operators (S-1-5-32-550) - SmbPrintOperators Guests (S-1-5-32-546) - SmbGuests Server Operators (S-1-5-32-549) - SmbServerOperators Users (S-1-5-32-545) - SmbUsers Anonymous (S-1-5-7) - SmbAnonymous Power Users (S-1-5-32-547) - SmbPowerUsers So, i've try to add some user's strategy, NT4 can see my group, but when i try to add it, i've got an error 'A peripheral connected to this system doesn't works' or something like that... When i try to modify LDAP user i've add, i've got an error indicate that NT4 can't find the primary Group Name (or any group in reality). My question is: Is it possible to connect to an NT4 server acting as a BDC, or should i denote NT4 server as a standalone server (and then join it to Samba PDC) ? Another question: Is it possible to denote an NT4 server acting as a BDC to a standalone server, and how can i do that without re-installing NT4 ? Do you know some free utility, or some Registry Key to change ? Best Regards, -- Marc-Henri PAMISEUX mél. [EMAIL PROTECTED] Tél. +33 0 243 020 161 31, rue des closeaux 53240 SAINT JEAN SUR MAYENNE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
