Re: [Samba] Questions for minimal AD DC, DNS setup and Posix use
Hi On 1 February 2013 04:18, Andrew Bartlett abart...@samba.org wrote: On Fri, 2013-02-01 at 07:45 +1100, Dewayne Geraghty wrote: [...] Andrew, I would like to avoid killing processes by not asking for them to start. :) Regards, Dewayne. Just start and stop 'samba' and ignore any other processes it may create as children, no matter what they may be named now and in the future. Currently those child processes are called 'samba' and 'smbd', but that may change. Well, adding server services = -s3fs, -winbind and commenting out any share definitions seems to stop smbd from starting, but I have no idea whether or not that will break anything. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions for minimal AD DC, DNS setup and Posix use
On Fri, 2013-02-01 at 10:50 +0200, Michael Wood wrote: Hi On 1 February 2013 04:18, Andrew Bartlett abart...@samba.org wrote: On Fri, 2013-02-01 at 07:45 +1100, Dewayne Geraghty wrote: [...] Andrew, I would like to avoid killing processes by not asking for them to start. :) Regards, Dewayne. Just start and stop 'samba' and ignore any other processes it may create as children, no matter what they may be named now and in the future. Currently those child processes are called 'samba' and 'smbd', but that may change. Well, adding server services = -s3fs, -winbind and commenting out any share definitions seems to stop smbd from starting, but I have no idea whether or not that will break anything. Michael, I know you are trying to address Dewayne's requirements, but please do not suggest untested combinations of server services. I say this because users tend to try out these things without understanding them, and only come back later to get us to come back and diagnose the breakage. I will address Dewayne's specific requirements in another mail. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions for minimal AD DC, DNS setup and Posix use
On 1 February 2013 13:13, Andrew Bartlett abart...@samba.org wrote: On Fri, 2013-02-01 at 10:50 +0200, Michael Wood wrote: Hi On 1 February 2013 04:18, Andrew Bartlett abart...@samba.org wrote: On Fri, 2013-02-01 at 07:45 +1100, Dewayne Geraghty wrote: [...] Andrew, I would like to avoid killing processes by not asking for them to start. :) Regards, Dewayne. Just start and stop 'samba' and ignore any other processes it may create as children, no matter what they may be named now and in the future. Currently those child processes are called 'samba' and 'smbd', but that may change. Well, adding server services = -s3fs, -winbind and commenting out any share definitions seems to stop smbd from starting, but I have no idea whether or not that will break anything. Michael, I know you are trying to address Dewayne's requirements, but please do not suggest untested combinations of server services. I say this because users tend to try out these things without understanding them, and only come back later to get us to come back and diagnose the breakage. Fair enough. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions for minimal AD DC, DNS setup and Posix use
For your POSIX issue there could be an interesting hint: https://wiki.samba.org/index.php/Samba4/beyond Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Dewayne Gesendet: Donnerstag, 31. Januar 2013 06:55 An: samba@lists.samba.org Betreff: [Samba] Questions for minimal AD DC, DNS setup and Posix use Our plan is to have one AD DC running in Head Office, RODC's at Branches and a second writeable DC at a contingency site. Fileshares will run on separate servers. The Windows 2003/2008 Servers use authentication services from samba4 and run applications. Our current environment is Samba-3.6.9 PDC,BDCs fileshares, openldap stores samba, posix and acts as heimdal backend - for SSO. My questions are: AD DC Are smbd and winbindd necessary on the AD DC. I would prefer to start samba with only what it needs to function. When I kill the smbd and winbindd processes, the kerberos, ldap dns functionality remain. How can I produce a minimal AD DC: 1) Do I need smbd to parse the smb.conf for samba4 to start correctly? 2) If not, is there a better way than kill -9 to achieve the result of samba4 without smbd, winbindd? For readers new to RODC, this is useful: http://technet.microsoft.com/en-us/library/cc772234(v=ws.10).aspx DNS DNS is required in Samba4 AD DC as explained here http://blog.tridgell.net/?p=122 (Coming from a samba3 background, Tridge's article is informative). The internal DNS works like a dream. However the internal DNS doesn't slave to a master DNS, so --dns-backend=BIND9_DLZ is the best option for a complex environment using Windows servers as members or DC's. However: 3) For Samba4 AD DC to act purely as an authentication engine, within a UNIX only servers where PCs and WinServers are effectively desktops for users; can I use --dns-backend=NONE without loss of DRS or RODC functionality. (Or are these contradictory requirements). 4) If we need to redesign our DNS infrastructure, is it sufficient that a dhcp server, provide updates to bind9-DLZ (as a component of Samba4 AD DC)? Posix In a Samba3 world, I rely upon smbldap-tools (http://gna.org/projects/smbldap-tools) to manipulate user/group information, including assignment of uidNumber/gidNumber that is unique to an individual, per IT audit instruction. I would greatly appreciate guidance on how to set/use posix on Samba4. I've spent 4 hours trolling the web and mailing list searches with hints or scripts, so 5) Do I need to manually add the ldap posixAccount object to each users' ldap record, or is there an option in samba-tool user create that I haven't found? Next issue is how to manage as the uidNumber/gidNumber content? {This was being worked: http://samba.2283325.n4.nabble.com/Enabling-idmap-ldb-use-rfc2307-yes-on-2-D Cs-td4637386.html ?} 6) Is there any mechanism that allows me to change the uid's being assigned to files that are created by Samba AD DC to being the same as pre-existing uid's used by Samba3. For example changing uid 320 to 1046, or gid 319 to 1001? Miscellaineous 7) Will the list of smb.conf options described in samba4 source folder source4/TODO be updated to reflect what appears in testparm -vss? It's a little confusing as to which takes precedence? With some instruction, I'd be happy to update/maintain some wiki information for others' benefit. Regards, Dewayne. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions for minimal AD DC, DNS setup and Posix use
On Thu, 2013-01-31 at 16:55 +1100, Dewayne wrote: Our plan is to have one AD DC running in Head Office, RODC's at Branches and a second writeable DC at a contingency site. Fileshares will run on separate servers. The Windows 2003/2008 Servers use authentication services from samba4 and run applications. Our current environment is Samba-3.6.9 PDC,BDCs fileshares, openldap stores samba, posix and acts as heimdal backend - for SSO. My questions are: AD DC Are smbd and winbindd necessary on the AD DC. I would prefer to start samba with only what it needs to function. When I kill the smbd and winbindd processes, the kerberos, ldap dns functionality remain. How can I produce a minimal AD DC: 1) Do I need smbd to parse the smb.conf for samba4 to start correctly? on the AD DC, you start only 'samba'. We may start other binaries or provide services via plugins, but you only have to start 'samba'. 2) If not, is there a better way than kill -9 to achieve the result of samba4 without smbd, winbindd? You should just kill the parent 'samba' process and any child processes will notice this and go away. As you know, in general don't generally kill -9 stuff, as something may be in progress. I think tdb is safe for kill -9 these days, but it has always been best not to do this as a first choice. For readers new to RODC, this is useful: http://technet.microsoft.com/en-us/library/cc772234(v=ws.10).aspx DNS DNS is required in Samba4 AD DC as explained here http://blog.tridgell.net/?p=122 (Coming from a samba3 background, Tridge's article is informative). The internal DNS works like a dream. However the internal DNS doesn't slave to a master DNS, so --dns-backend=BIND9_DLZ is the best option for a complex environment using Windows servers as members or DC's. However: You can always forward to another DC, or have your complex DNS server point only a particular domain to Samba, say with a bind zone of type 'forward'. 3) For Samba4 AD DC to act purely as an authentication engine, within a UNIX only servers where PCs and WinServers are effectively desktops for users; can I use --dns-backend=NONE without loss of DRS or RODC functionality. (Or are these contradictory requirements). No, DNS is always required, even for our internal use. 4) If we need to redesign our DNS infrastructure, is it sufficient that a dhcp server, provide updates to bind9-DLZ (as a component of Samba4 AD DC)? There is discussion on the list about ways to make DHCP work. I would like to make this 'just work' using the normal TSIG code for both the bind9 and the internal server, but this remains a development task for an interested developer. (Warning, some crypto required). Posix In a Samba3 world, I rely upon smbldap-tools (http://gna.org/projects/smbldap-tools) to manipulate user/group information, including assignment of uidNumber/gidNumber that is unique to an individual, per IT audit instruction. I would greatly appreciate guidance on how to set/use posix on Samba4. I've spent 4 hours trolling the web and mailing list searches with hints or scripts, so 5) Do I need to manually add the ldap posixAccount object to each users' ldap record, or is there an option in samba-tool user create that I haven't found? Next issue is how to manage as the uidNumber/gidNumber content? {This was being worked: http://samba.2283325.n4.nabble.com/Enabling-idmap-ldb-use-rfc2307-yes-on-2-DCs-td4637386.html ?} Yes, samba-tool is tested as being able to manage this. 4.0.3 will be a little easier in this regard, the posixAccount/posixGroup requirement has been dropped. 6) Is there any mechanism that allows me to change the uid's being assigned to files that are created by Samba AD DC to being the same as pre-existing uid's used by Samba3. For example changing uid 320 to 1046, or gid 319 to 1001? Set those uid values on the LDAP directory using uidNumber and gidNumber, and set 'idmap_ldb:use rfc2307=yes'. Miscellaineous 7) Will the list of smb.conf options described in samba4 source folder source4/TODO be updated to reflect what appears in testparm -vss? It's a little confusing as to which takes precedence? Yes, this is confusing. Even the output of testparm -v and samba-tool testparm -v do not match up, and that TODO list refers mostly to the more limited capabilities of the ntvfs file server, which is available and supported, but is not the default. We essentially need to transform these details into manpage notes. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions for minimal AD DC, DNS setup and Posix use
Hi On 31 January 2013 13:56, Andrew Bartlett abart...@samba.org wrote: On Thu, 2013-01-31 at 16:55 +1100, Dewayne wrote: Our plan is to have one AD DC running in Head Office, RODC's at Branches and a second writeable DC at a contingency site. Fileshares will run on separate servers. The Windows 2003/2008 Servers use authentication services from samba4 and run applications. Our current environment is Samba-3.6.9 PDC,BDCs fileshares, openldap stores samba, posix and acts as heimdal backend - for SSO. My questions are: AD DC Are smbd and winbindd necessary on the AD DC. I would prefer to start samba with only what it needs to function. When I kill the smbd and winbindd processes, the kerberos, ldap dns functionality remain. How can I produce a minimal AD DC: 1) Do I need smbd to parse the smb.conf for samba4 to start correctly? on the AD DC, you start only 'samba'. We may start other binaries or provide services via plugins, but you only have to start 'samba'. 2) If not, is there a better way than kill -9 to achieve the result of samba4 without smbd, winbindd? You should just kill the parent 'samba' process and any child processes will notice this and go away. As you know, in general don't generally kill -9 stuff, as something may be in progress. I think tdb is safe for kill -9 these days, but it has always been best not to do this as a first choice. I think for the above two questions he's asking how to run the samba binary without it spawning irrelevant (to him) things like smbd and winbindd. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions for minimal AD DC, DNS setup and Posix use
-Original Message- From: Michael Wood [mailto:esiot...@gmail.com] Sent: Friday, 1 February 2013 12:22 AM To: Andrew Bartlett Cc: Dewayne; samba@lists.samba.org Subject: Re: [Samba] Questions for minimal AD DC, DNS setup and Posix use Hi On 31 January 2013 13:56, Andrew Bartlett abart...@samba.org wrote: On Thu, 2013-01-31 at 16:55 +1100, Dewayne wrote: Our plan is to have one AD DC running in Head Office, RODC's at Branches and a second writeable DC at a contingency site. Fileshares will run on separate servers. The Windows 2003/2008 Servers use authentication services from samba4 and run applications. Our current environment is Samba-3.6.9 PDC,BDCs fileshares, openldap stores samba, posix and acts as heimdal backend - for SSO. My questions are: AD DC Are smbd and winbindd necessary on the AD DC. I would prefer to start samba with only what it needs to function. When I kill the smbd and winbindd processes, the kerberos, ldap dns functionality remain. How can I produce a minimal AD DC: 1) Do I need smbd to parse the smb.conf for samba4 to start correctly? on the AD DC, you start only 'samba'. We may start other binaries or provide services via plugins, but you only have to start 'samba'. 2) If not, is there a better way than kill -9 to achieve the result of samba4 without smbd, winbindd? You should just kill the parent 'samba' process and any child processes will notice this and go away. As you know, in general don't generally kill -9 stuff, as something may be in progress. I think tdb is safe for kill -9 these days, but it has always been best not to do this as a first choice. I think for the above two questions he's asking how to run the samba binary without it spawning irrelevant (to him) things like smbd and winbindd. -- Michael Wood esiot...@gmail.com Thanks Michael, I am looking for an AD DC (authentication) server, which as I observe doesn't require smbd and winbindd. These will run on a separate (fileserving) server(s). Andrew, I would like to avoid killing processes by not asking for them to start. :) Regards, Dewayne. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions for minimal AD DC, DNS setup and Posix use
On 31/01/13 20:45, Dewayne Geraghty wrote: -Original Message- From: Michael Wood [mailto:esiot...@gmail.com] Sent: Friday, 1 February 2013 12:22 AM To: Andrew Bartlett Cc: Dewayne; samba@lists.samba.org Subject: Re: [Samba] Questions for minimal AD DC, DNS setup and Posix use Hi On 31 January 2013 13:56, Andrew Bartlett abart...@samba.org wrote: On Thu, 2013-01-31 at 16:55 +1100, Dewayne wrote: Our plan is to have one AD DC running in Head Office, RODC's at Branches and a second writeable DC at a contingency site. Fileshares will run on separate servers. The Windows 2003/2008 Servers use authentication services from samba4 and run applications. Our current environment is Samba-3.6.9 PDC,BDCs fileshares, openldap stores samba, posix and acts as heimdal backend - for SSO. My questions are: AD DC Are smbd and winbindd necessary on the AD DC. I would prefer to start samba with only what it needs to function. When I kill the smbd and winbindd processes, the kerberos, ldap dns functionality remain. How can I produce a minimal AD DC: 1) Do I need smbd to parse the smb.conf for samba4 to start correctly? on the AD DC, you start only 'samba'. We may start other binaries or provide services via plugins, but you only have to start 'samba'. 2) If not, is there a better way than kill -9 to achieve the result of samba4 without smbd, winbindd? You should just kill the parent 'samba' process and any child processes will notice this and go away. As you know, in general don't generally kill -9 stuff, as something may be in progress. I think tdb is safe for kill -9 these days, but it has always been best not to do this as a first choice. I think for the above two questions he's asking how to run the samba binary without it spawning irrelevant (to him) things like smbd and winbindd. -- Michael Wood esiot...@gmail.com Thanks Michael, I am looking for an AD DC (authentication) server, which as I observe doesn't require smbd and winbindd. These will run on a separate (fileserving) server(s). Andrew, I would like to avoid killing processes by not asking for them to start. :) Regards, Dewayne. Just setup a Samba 4 AD DC and use another Linux computer running Samba 3.6.* as a fileserver. Use Samba 4 for authentication and the Samba 3 fileserver for everything else. If you run Samba 4 as a DC, you run the samba daemon which starts the smbd daemon, you cannot stop the smbd daemon running ( feel free to chime in here if I am wrong), also winbindd is built into Samba 4, there is no separate Daemon. Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions for minimal AD DC, DNS setup and Posix use
On Fri, 2013-02-01 at 07:45 +1100, Dewayne Geraghty wrote: -Original Message- From: Michael Wood [mailto:esiot...@gmail.com] Sent: Friday, 1 February 2013 12:22 AM To: Andrew Bartlett Cc: Dewayne; samba@lists.samba.org Subject: Re: [Samba] Questions for minimal AD DC, DNS setup and Posix use Hi On 31 January 2013 13:56, Andrew Bartlett abart...@samba.org wrote: On Thu, 2013-01-31 at 16:55 +1100, Dewayne wrote: Our plan is to have one AD DC running in Head Office, RODC's at Branches and a second writeable DC at a contingency site. Fileshares will run on separate servers. The Windows 2003/2008 Servers use authentication services from samba4 and run applications. Our current environment is Samba-3.6.9 PDC,BDCs fileshares, openldap stores samba, posix and acts as heimdal backend - for SSO. My questions are: AD DC Are smbd and winbindd necessary on the AD DC. I would prefer to start samba with only what it needs to function. When I kill the smbd and winbindd processes, the kerberos, ldap dns functionality remain. How can I produce a minimal AD DC: 1) Do I need smbd to parse the smb.conf for samba4 to start correctly? on the AD DC, you start only 'samba'. We may start other binaries or provide services via plugins, but you only have to start 'samba'. 2) If not, is there a better way than kill -9 to achieve the result of samba4 without smbd, winbindd? You should just kill the parent 'samba' process and any child processes will notice this and go away. As you know, in general don't generally kill -9 stuff, as something may be in progress. I think tdb is safe for kill -9 these days, but it has always been best not to do this as a first choice. I think for the above two questions he's asking how to run the samba binary without it spawning irrelevant (to him) things like smbd and winbindd. -- Michael Wood esiot...@gmail.com Thanks Michael, I am looking for an AD DC (authentication) server, which as I observe doesn't require smbd and winbindd. These will run on a separate (fileserving) server(s). Andrew, I would like to avoid killing processes by not asking for them to start. :) Regards, Dewayne. Just start and stop 'samba' and ignore any other processes it may create as children, no matter what they may be named now and in the future. Currently those child processes are called 'samba' and 'smbd', but that may change. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Questions for minimal AD DC, DNS setup and Posix use
Our plan is to have one AD DC running in Head Office, RODC's at Branches and a second writeable DC at a contingency site. Fileshares will run on separate servers. The Windows 2003/2008 Servers use authentication services from samba4 and run applications. Our current environment is Samba-3.6.9 PDC,BDCs fileshares, openldap stores samba, posix and acts as heimdal backend - for SSO. My questions are: AD DC Are smbd and winbindd necessary on the AD DC. I would prefer to start samba with only what it needs to function. When I kill the smbd and winbindd processes, the kerberos, ldap dns functionality remain. How can I produce a minimal AD DC: 1) Do I need smbd to parse the smb.conf for samba4 to start correctly? 2) If not, is there a better way than kill -9 to achieve the result of samba4 without smbd, winbindd? For readers new to RODC, this is useful: http://technet.microsoft.com/en-us/library/cc772234(v=ws.10).aspx DNS DNS is required in Samba4 AD DC as explained here http://blog.tridgell.net/?p=122 (Coming from a samba3 background, Tridge's article is informative). The internal DNS works like a dream. However the internal DNS doesn't slave to a master DNS, so --dns-backend=BIND9_DLZ is the best option for a complex environment using Windows servers as members or DC's. However: 3) For Samba4 AD DC to act purely as an authentication engine, within a UNIX only servers where PCs and WinServers are effectively desktops for users; can I use --dns-backend=NONE without loss of DRS or RODC functionality. (Or are these contradictory requirements). 4) If we need to redesign our DNS infrastructure, is it sufficient that a dhcp server, provide updates to bind9-DLZ (as a component of Samba4 AD DC)? Posix In a Samba3 world, I rely upon smbldap-tools (http://gna.org/projects/smbldap-tools) to manipulate user/group information, including assignment of uidNumber/gidNumber that is unique to an individual, per IT audit instruction. I would greatly appreciate guidance on how to set/use posix on Samba4. I've spent 4 hours trolling the web and mailing list searches with hints or scripts, so 5) Do I need to manually add the ldap posixAccount object to each users' ldap record, or is there an option in samba-tool user create that I haven't found? Next issue is how to manage as the uidNumber/gidNumber content? {This was being worked: http://samba.2283325.n4.nabble.com/Enabling-idmap-ldb-use-rfc2307-yes-on-2-DCs-td4637386.html ?} 6) Is there any mechanism that allows me to change the uid's being assigned to files that are created by Samba AD DC to being the same as pre-existing uid's used by Samba3. For example changing uid 320 to 1046, or gid 319 to 1001? Miscellaineous 7) Will the list of smb.conf options described in samba4 source folder source4/TODO be updated to reflect what appears in testparm -vss? It's a little confusing as to which takes precedence? With some instruction, I'd be happy to update/maintain some wiki information for others' benefit. Regards, Dewayne. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] questions about password complexity checking.
On Tue, 2012-02-14 at 10:48 -0600, Morgan Toal wrote: Hi Samba folks, I had a couple questions about password complexity checking. To preface, in smb.conf, we set: check password script = /usr/local/sbin/crackcheck -d /usr/share/cracklib/pw_dict Also, if I understand correctly: /usr/local/sbin/crackcheck comes from samba source rpm package. maybe we need to compile it ourselves. /usr/share/cracklib/pw_dict* comes from cracklib-dicts rpm package Here are my questions: 1) may we also specify -c along with -d in check password script paramater to enable NT like complexity checks? If you want, you can. 2) what precisely are NT like complexity checks? At least 3 of: upper, lower, digit, punctuation. 3) there is no file /usr/share/cracklib/pw_dict however there in /usr/share/cracklib there is: pw_dict.hwm, pw_dict.pwd, and pw_dict.pwi I am thinking pw_dict.pwd is the actual dictionary. It's in some sort of binary format. Why do we not specify the file extension in the smb.conf paramater? Because the underlying FascistCheck() function only wants the prefix, without the extension. 4) How may we list/modify contents of pw_dict.pwd? I don't think you can. But you can instead change crackcheck to also check your personal dictionary of banned passwords. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] questions about password complexity checking.
Hi Samba folks, I had a couple questions about password complexity checking. To preface, in smb.conf, we set: check password script = /usr/local/sbin/crackcheck -d /usr/share/cracklib/pw_dict Also, if I understand correctly: /usr/local/sbin/crackcheck comes from samba source rpm package. maybe we need to compile it ourselves. /usr/share/cracklib/pw_dict* comes from cracklib-dicts rpm package Here are my questions: 1) may we also specify -c along with -d in check password script paramater to enable NT like complexity checks? 2) what precisely are NT like complexity checks? 3) there is no file /usr/share/cracklib/pw_dict however there in /usr/share/cracklib there is: pw_dict.hwm, pw_dict.pwd, and pw_dict.pwi I am thinking pw_dict.pwd is the actual dictionary. It's in some sort of binary format. Why do we not specify the file extension in the smb.conf paramater? 4) How may we list/modify contents of pw_dict.pwd? thanks for your time! mtoal -- Morgan Toal, RHCE, CFCE, CEH, MCP Network Manager City of Burlington, Iowa 319-759-8882 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Questions on running Samba with Windows 2008
HI, We currently have Samba version 3.0.7 based on HP CIFS Server A.02.01.02, and our O/S is HP/UX 11i (version 1). We are upgrading our Domain controller to a windows 2008 server. However, when we try to join to the server 2008, we are unable to authenticate with the Windows 2008 server. I have attached the message I am receiving. HP has told us we need to upgrade which involves not only Samba but O/S. However, we currently cannot upgrade. We are wondering if they is anyone out there that has successfully accomplished this task? Thanks, LInda - - - - Both the individual sending this e-mail and Premix Inc. intend that this electronic message be used exclusively by the individual or entity to which it is intended to be addressed. This message may contain information that is privileged, confidential and may fall under specific export controls. Therefore, this message should not be transmitted or provided to a non U.S. person without the specific approval of Premix and/or any governing U.S. Government Agency. This message is thereby exempt and protected from unauthorized disclosure under applicable law. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering the message to the intended recipient, be aware that any disclosure, dissemination, distribution or copying of this communication, or the use of its contents, is not authorized and is strictly prohibited. If you have received this communication and are not the intended recipient, please notify the sender immediately and permanently delete the original message from your e-mail system. ROOT:DEV1-Development:#net rpc join -S SERVER027 -d 10 -U eireland [2011/09/08 13:07:44, 5] lib/debug.c:debug_dump_status(366) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 [2011/09/08 13:07:44, 3] param/loadparm.c:lp_load(3927) lp_load: refreshing parameters [2011/09/08 13:07:44, 3] param/loadparm.c:init_globals(1337) Initialising global parameters [2011/09/08 13:07:44, 3] param/params.c:pm_process(566) params.c:pm_process() - Processing configuration file /etc/opt/samba/smb.conf [2011/09/08 13:07:44, 3] param/loadparm.c:do_section(3427) Processing section [global] doing parameter workgroup = PREMIX doing parameter realm = DEV1.PREMIX.COM doing parameter netbios aliases = dev1, DEV1 doing parameter server string = dev1 doing parameter interfaces = 198.232.130.193/24, 127.0.0.1/24 doing parameter bind interfaces only = Yes doing parameter security = DOMAIN doing parameter update encrypted = Yes doing parameter map to guest = Bad User doing parameter password server = SERVER027 doing parameter guest account = bsp doing parameter client NTLMv2 auth = Yes doing parameter client lanman auth = No doing parameter client plaintext auth = No doing parameter syslog = 0 doing parameter log file = /var/opt/samba/log.%m doing parameter max log size = 1000 doing parameter smb ports = 139 doing parameter name resolve order = wins host bcast doing parameter client signing = No doing parameter keepalive = 0 doing parameter paranoid server security = No doing parameter socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_S NDBUF=262144 SO_RCVBUF=262144 SO_REUSEADDR SO_REUSEPORT doing parameter name cache timeout = 1500 doing parameter load printers = No doing parameter lm announce = Yes doing parameter preferred master = No doing parameter local master = No doing parameter domain master = No doing parameter wins server = 198.232.130.230 doing parameter kernel oplocks = No doing parameter socket address = doing parameter idmap uid = 5-6 doing parameter idmap gid = 5-6 doing parameter winbind enum users = No doing parameter winbind enum groups = No doing parameter read only = No doing parameter hosts allow = ALL doing parameter short preserve case = No doing parameter locking = No doing parameter oplocks = No doing parameter level2 oplocks = No doing parameter dos filetime resolution = Yes [2011/09/08 13:07:44, 4] param/loadparm.c:lp_load(3958) pm_process() returned Yes [2011/09/08 13:07:44, 7] param/loadparm.c:lp_servicenumber(4068) lp_servicenumber: couldn't find homes [2011/09/08 13:07:44, 10] param/loadparm.c:set_server_role(3874) set_server_role: role = ROLE_DOMAIN_MEMBER [2011/09/08 13:07:44, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset UCS-2LE [2011/09/08 13:07:44, 5] lib/iconv.c:smb_register_charset(103) Registered charset UCS-2LE [2011/09/08 13:07:44, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset UTF8
Re: [Samba] Questions on running Samba with Windows 2008
From: linda.nem...@premix.com Date: Fri, 9 Sep 2011 10:45:24 -0400 HI, We currently have Samba version 3.0.7 based on HP CIFS Server A.02.01.02, and our O/S is HP/UX 11i (version 1). We are upgrading our Domain controller to a windows 2008 server. However, when we try to join to the server 2008, we are unable to authenticate with the Windows 2008 server. That's by design. Samba 3.0.28a or later is required to join to Windows Server 2008 domain. If you want to use Samba 3.0.28a - 3.0.X, security = ads is also required as far as I examined. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions about ldap organizational units
I'm kinda new to this too, but I'll share what knowledge I've acquired recently On 12/29/2010 23:01, Taso Hatzi wrote: Environment is Samba as a PDC, OpenLDAP backend, with smbldap-tools providing the scripts to manipulate the data. What are the recommended/mandated organizational units (OU=) for user, computer, group info. Whatever suits your needs I'm pretty sure that groups go in ou=Groups, but I am confused about where user and computer data goes. Groups go wherever you need them I have seen ou=People, ou=Computers, and ou=Users in various places. Which is it and why? You can have 0 or more OUs to store data. you can put everything directly in your root dn, or you can use Organizational Units to organize them. for example, you can store users, groups, etc. by department instead of by users, groups, machines. but the smbldaptools use users, groups, machines (or similarly named OUs) to place these objects in. If you wanted, you could have users stored by department, or by zip code, or any arbitrary scheme you like (ou=PeopleILike,dc=.., ou=PeopleIDontLike,dc=.., etc..). for ldap in general there's no real rhyme or reason to where they need to be. Samba seems to like them sorted into users, groups, machines, and idmaps in one branch of your directory. the thinking seems to be each organizational unit of your organization should represent a domain with it's own users, groups, idmaps, etc. I believe it's possible to configure samba to handle whatever you need, but I can't find any entries in the smb.conf manpage about ldap search depth. the long and short of it is call them whatever you want, but keep 'em together and remember what you called them -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions about ldap organizational units
Hi, Can anybody give me the idea about squid server. On Thu, Dec 30, 2010 at 2:01 AM, Taso Hatzi taso.ha...@gmail.com wrote: Environment is Samba as a PDC, OpenLDAP backend, with smbldap-tools providing the scripts to manipulate the data. What are the recommended/mandated organizational units (OU=) for user, computer, group info. I'm pretty sure that groups go in ou=Groups, but I am confused about where user and computer data goes. I have seen ou=People, ou=Computers, and ou=Users in various places. Which is it and why? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- --- Thanks Regards. Anil S Wakhare. Pune 411027,Maharashtra,India Ph:-9763328839 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions about ldap organizational units
I think you should post question in squid mailing list. googling 'squid' will help you On 12/30/10, Anil Wakhare aswakh...@gmail.com wrote: Hi, Can anybody give me the idea about squid server. On Thu, Dec 30, 2010 at 2:01 AM, Taso Hatzi taso.ha...@gmail.com wrote: Environment is Samba as a PDC, OpenLDAP backend, with smbldap-tools providing the scripts to manipulate the data. What are the recommended/mandated organizational units (OU=) for user, computer, group info. I'm pretty sure that groups go in ou=Groups, but I am confused about where user and computer data goes. I have seen ou=People, ou=Computers, and ou=Users in various places. Which is it and why? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- --- Thanks Regards. Anil S Wakhare. Pune 411027,Maharashtra,India Ph:-9763328839 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Questions about ldap organizational units
Environment is Samba as a PDC, OpenLDAP backend, with smbldap-tools providing the scripts to manipulate the data. What are the recommended/mandated organizational units (OU=) for user, computer, group info. I'm pretty sure that groups go in ou=Groups, but I am confused about where user and computer data goes. I have seen ou=People, ou=Computers, and ou=Users in various places. Which is it and why? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions on Samba and LDAP failover
Gary Peck wrote: I have actually tired that and could not get that to work. At least it does not work on the version of samba that is bundled with Solaris 10 (3.0.37). passdb backend = ldap:ldap://ldap1.example.com ldap://ldap2.example.com; --- This causes a core dump oh, i mis-spelled ldap: instead of ldapsam: passdb backend = ldapsam:ldap://ldap1.example.com ldap://ldap2.example.com; smbpasswd username fails connecting to primary ldap server and just errors out. Hmm, what ldap library are you using? reading from the smb.conf manpage: - ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an optional argument (defaults to ldap://localhost) LDAP connections should be secured where possible. This may be done using either Start-TLS (see ldap ssl) or by specifying ldaps:// in the URL argument. Multiple servers may also be specified in double-quotes. Whether multiple servers are supported or not and the exact syntax depends on the LDAP library you use. Examples of use are: passdb backend = tdbsam:/etc/samba/private/passdb.tdb or multi server LDAP URL with OpenLDAP library: passdb backend = ldapsam:ldap://ldap-1.example.com ldap://ldap-2.example.com; or multi server LDAP URL with Netscape based LDAP library: passdb backend = ldapsam:ldap://ldap-1.example.com ldap-2.example.com So it depends on your LDAP client library and the example I gave you is valid for openLDAP, possibly not for yours, if it supports multiple servers at all. You could try the second syntax ldapsam:ldap://ldap-1.example.com ldap-2.example.com. The bottom line is that the string between the quotes has to be a valid string accepted by the ldap init routine of your library... Cheers - Michael It seems to be the 3.0.22 release that I remember seeing a not that ldap failover was deprecated for some reason. The only way I have been able to get any type of failover is setting up a DNS entry to round robin between two Sun DS7 multimaster directory servers. Thanks, Gary On 3/25/2010 3:16 PM, Michael Adam wrote: Hi Gary, Gary Peck wrote: After trying multiple options in the smb.conf file the only way I could get fail over to work was having two ldap servers setup in a multimaster replication and having a DNS entry setup that round robins between the two. Everything seems to work, I can bring down one ldap server and samba will still authenticate and let users in. Anybody know of any issues doing it this way? Thanks, Gary If I have read the documentation correctly, it looks like you can not have a fail over LDAP server defined in the smb.conf file for the passdb backend. It looks like this feature was taken away in an earlier release. Is this correct? If not could somebody steer me in the right direction. Is the question how to specify multiple ldap servers in smb.conf? If so, here is the answer: passdb backend = ldap:ldap://ldap1.example.com ldap://ldap2.example.com; I.e. put a spaces separated list of ldap urls into quotes. If that was not your question, please clarify. Cheers - Michael pgpDOBA6mxBxI.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions on Samba and LDAP failover
Gary Peck wrote: Hi Michael, This option seemed to work: passdb backend = ldapsam:ldap://ldap-1.example.com ldap-2.example.com I swear I had tried that before, but I must not have. Thanks for your help. I am that much closer to having 2000 Faculty/Staff users start using the system. Ok, good to know things are working again! Please try to keep the list posted. Cheers - Michael Thanks, Gary On 3/26/2010 6:15 AM, Michael Adam wrote: Gary Peck wrote: I have actually tired that and could not get that to work. At least it does not work on the version of samba that is bundled with Solaris 10 (3.0.37). passdb backend = ldap:ldap://ldap1.example.com ldap://ldap2.example.com; --- This causes a core dump oh, i mis-spelled ldap: instead of ldapsam: passdb backend = ldapsam:ldap://ldap1.example.com ldap://ldap2.example.com; smbpasswd username fails connecting to primary ldap server and just errors out. Hmm, what ldap library are you using? reading from the smb.conf manpage: - ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an optional argument (defaults to ldap://localhost) LDAP connections should be secured where possible. This may be done using either Start-TLS (see ldap ssl) or by specifying ldaps:// in the URL argument. Multiple servers may also be specified in double-quotes. Whether multiple servers are supported or not and the exact syntax depends on the LDAP library you use. Examples of use are: passdb backend = tdbsam:/etc/samba/private/passdb.tdb or multi server LDAP URL with OpenLDAP library: passdb backend = ldapsam:ldap://ldap-1.example.com ldap://ldap-2.example.com; or multi server LDAP URL with Netscape based LDAP library: passdb backend = ldapsam:ldap://ldap-1.example.com ldap-2.example.com So it depends on your LDAP client library and the example I gave you is valid for openLDAP, possibly not for yours, if it supports multiple servers at all. You could try the second syntax ldapsam:ldap://ldap-1.example.com ldap-2.example.com. The bottom line is that the string between the quotes has to be a valid string accepted by the ldap init routine of your library... Cheers - Michael It seems to be the 3.0.22 release that I remember seeing a not that ldap failover was deprecated for some reason. The only way I have been able to get any type of failover is setting up a DNS entry to round robin between two Sun DS7 multimaster directory servers. Thanks, Gary On 3/25/2010 3:16 PM, Michael Adam wrote: Hi Gary, Gary Peck wrote: After trying multiple options in the smb.conf file the only way I could get fail over to work was having two ldap servers setup in a multimaster replication and having a DNS entry setup that round robins between the two. Everything seems to work, I can bring down one ldap server and samba will still authenticate and let users in. Anybody know of any issues doing it this way? Thanks, Gary If I have read the documentation correctly, it looks like you can not have a fail over LDAP server defined in the smb.conf file for the passdb backend. It looks like this feature was taken away in an earlier release. Is this correct? If not could somebody steer me in the right direction. Is the question how to specify multiple ldap servers in smb.conf? If so, here is the answer: passdb backend = ldap:ldap://ldap1.example.com ldap://ldap2.example.com; I.e. put a spaces separated list of ldap urls into quotes. If that was not your question, please clarify. Cheers - Michael pgpWzjSXPs9ci.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Questions on Samba and LDAP failover
After trying multiple options in the smb.conf file the only way I could get fail over to work was having two ldap servers setup in a multimaster replication and having a DNS entry setup that round robins between the two. Everything seems to work, I can bring down one ldap server and samba will still authenticate and let users in. Anybody know of any issues doing it this way? Thanks, Gary If I have read the documentation correctly, it looks like you can not have a fail over LDAP server defined in the smb.conf file for the passdb backend. It looks like this feature was taken away in an earlier release. Is this correct? If not could somebody steer me in the right direction. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions on Samba and LDAP failover
Hi Gary, Gary Peck wrote: After trying multiple options in the smb.conf file the only way I could get fail over to work was having two ldap servers setup in a multimaster replication and having a DNS entry setup that round robins between the two. Everything seems to work, I can bring down one ldap server and samba will still authenticate and let users in. Anybody know of any issues doing it this way? Thanks, Gary If I have read the documentation correctly, it looks like you can not have a fail over LDAP server defined in the smb.conf file for the passdb backend. It looks like this feature was taken away in an earlier release. Is this correct? If not could somebody steer me in the right direction. Is the question how to specify multiple ldap servers in smb.conf? If so, here is the answer: passdb backend = ldap:ldap://ldap1.example.com ldap://ldap2.example.com; I.e. put a spaces separated list of ldap urls into quotes. If that was not your question, please clarify. Cheers - Michael pgpjlMSAsSSEB.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Questions about nsswitch/winbindd_dual.c behavior
I'm using samba-3.0.34, and I have two questions: (1) I'm not exactly sure how the asyncronous behavior of winbindd_dual works. Does it fork a child for each domain? each domain controller? Or does it fork a child ad hoc whenever it needs to handle a request? (2) I'm joining to an active directory domain using net rpc join fine, but wireshark shows winbindd doing a search to find all domain controllers. Since I explicitly gave a primary domain controller in smb.conf and when I joined, why is it looking up the other domain controllers? Thanks, - Jeremiah -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] questions about bug 5535
AFAICs Simo's patch for bug 5535 was only applied to the 3.3 series. Does the closing comment in https://bugzilla.samba.org/show_bug.cgi?id=5535 mean that the inconsistencies about RID calculation won't be addressed in the 3.0 and 3.2 series? Does the fact that 3.3.2 always uses sambaNextRid mean that algorithmic RID allocation is doomed to obsolescence? Regards, Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] questions about bug 5535
AFAICs Simo's patch for bug 5535 was only applied to the 3.3 series. Does the closing comment in https://bugzilla.samba.org/show_bug.cgi?id=5535 mean that the inconsistencies about RID calculation won't be addressed in the 3.0 and 3.2 series? Does the fact that 3.3.2 always uses sambaNextRid mean that algorithmic RID allocation is doomed to obsolescence? Regards, Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] questions about bug 5535
AFAICs Simo's patch for bug 5535 was only applied to the 3.3 series. Does the closing comment in https://bugzilla.samba.org/show_bug.cgi?id=5535 mean that the inconsistencies about RID calculation won't be addressed in the 3.0 and 3.2 series? Does the fact that 3.3.2 always uses sambaNextRid mean that algorithmic RID allocation is doomed to obsolescence? Regards, Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] questions about bug 5535
AFAICs Simo's patch for bug 5535 was only applied to the 3.3 series. Does the closing comment in https://bugzilla.samba.org/show_bug.cgi?id=5535 mean that the inconsistencies about RID calculation won't be addressed in the 3.0 and 3.2 series? Does the fact that 3.3.2 always uses sambaNextRid mean that algorithmic RID allocation is doomed to obsolescence? Regards, Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Questions about PDC with SAMBA
Hi! I have 8 subnets: 192.168.100.x/24 192.168.150.y/24 192.168.200.z/16 etc ... Install a Primary Domain Controller (PDC), so that users to perform authentication on the domain with its mounting remote disks, among others. The network is correctly configured, that is, the teams are perfectly by ping and the open ports between the networks see no problems. Notes: - I disabled the multicast UDP in the route - Add the lines in the smb.conf: - Hosts allow = 192.168.100. 192.168.150. 192.168.200. [..] The others go right, because as I said it all works this, but only for the subnet. - Customers and resolve the server name netbios (wins OK) However, I encountered only heard the PDC requests only on its subnet (192.168.200.z). * Questions: - Why if the machines are visible between them they are not able to hear the requests to the PDC? - Is there another method instead of putting 8 samba servers in each subnet? Reggard Marcelo Opazo Vivallos Chile -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions about PDC with SAMBA
Marcelo Opazo Vivallos: Hi! I have 8 subnets: 192.168.100.x/24 192.168.150.y/24 192.168.200.z/16 etc ... Install a Primary Domain Controller (PDC), so that users to perform authentication on the domain with its mounting remote disks, among others. The network is correctly configured, that is, the teams are perfectly by ping and the open ports between the networks see no problems. Notes: - I disabled the multicast UDP in the route - Add the lines in the smb.conf: - Hosts allow = 192.168.100. 192.168.150. 192.168.200. [..] The others go right, because as I said it all works this, but only for the subnet. - Customers and resolve the server name netbios (wins OK) However, I encountered only heard the PDC requests only on its subnet (192.168.200.z). * Questions: - Why if the machines are visible between them they are not able to hear the requests to the PDC? - Is there another method instead of putting 8 samba servers in each subnet? Reggard Marcelo Opazo Vivallos Chile Hi. Try to use LMHOSTS file on Windows clients. We had problems when clients in some routed subnets can not reach the PDC sometimes even though the WINS was configured OK - and this helped us. We are using this batch file on Windows: echo 192.168.x.y PDC_NAME #PRE #DOM:DOMAIN %systemroot%\system32\drivers\etc\lmhosts echo 192.168.x.y DOMAIN \0x1b #PRE %systemroot%\system32\drivers\etc\lmhosts nbtstat -R Replace PDC_NAME with netbions name of your PDC and DOMAIN with your domain name and 192.168.x.y with IP of the PDC. Length of record on the second line must be kept at 16 characters. Vlastimil Setka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions about PDC with SAMBA
On Thu, Feb 12, 2009 at 10:04 PM, Marcelo Opazo Vivallos amarz...@gmail.com wrote: Hi! I have 8 subnets: 192.168.100.x/24 192.168.150.y/24 192.168.200.z/16 etc ... Install a Primary Domain Controller (PDC), so that users to perform authentication on the domain with its mounting remote disks, among others. The network is correctly configured, that is, the teams are perfectly by ping and the open ports between the networks see no problems. Notes: - I disabled the multicast UDP in the route - Add the lines in the smb.conf: - Hosts allow = 192.168.100. 192.168.150. 192.168.200. [..] The others go right, because as I said it all works this, but only for the subnet. - Customers and resolve the server name netbios (wins OK) However, I encountered only heard the PDC requests only on its subnet (192.168.200.z). * Questions: - Why if the machines are visible between them they are not able to hear the requests to the PDC? - Is there another method instead of putting 8 samba servers in each subnet? Reggard Marcelo Opazo Vivallos Chile -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hi Marcelo, I'm not sure if it's a mistake, but I don't think your subnetting scheme will work with the /16 overlapping /24s. Ari Constancio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions about PDC with SAMBA
Hallo, Marcelo, Du meintest am 12.02.09: I have 8 subnets: 192.168.100.x/24 192.168.150.y/24 192.168.200.z/16 etc ... The third net includes the first two. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Questions about known bugs
I need to find a source for discussing known bugs in Samba. Is this a good place, or should I go elsewhere? R, John A.M. Darnell Team Leader Walsworth Publishing Company Brookfield, MO John may also be reached at [EMAIL PROTECTED] Trivia Question: Who was the only US president to be elected to four consecutive terms in office? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about known bugs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 john darnell wrote: I need to find a source for discussing known bugs in Samba. Is this a good place, or should I go elsewhere? This is the best place. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJEcfeIR7qMdg1EfYRAi7xAKCsL1zKpFCKHyS69RtNvBrr5CVwIQCfQUq4 1kkKnFKL79XsTTvMhanz0r8= =YI92 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about known bugs
Hi, see the samba bugzilla: https://bugzilla.samba.org/ Reggards, -- Iarly Selbir ( Ski0s ) On Wed, Nov 5, 2008 at 3:47 PM, john darnell [EMAIL PROTECTED]wrote: I need to find a source for discussing known bugs in Samba. Is this a good place, or should I go elsewhere? R, John A.M. Darnell Team Leader Walsworth Publishing Company Brookfield, MO John may also be reached at [EMAIL PROTECTED] Trivia Question: Who was the only US president to be elected to four consecutive terms in office? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about known bugs
here, samba-technial list, and bugzilla.samba.org john darnell wrote: I need to find a source for discussing known bugs in Samba. Is this a good place, or should I go elsewhere? R, John A.M. Darnell Team Leader Walsworth Publishing Company Brookfield, MO John may also be reached at [EMAIL PROTECTED] Trivia Question: Who was the only US president to be elected to four consecutive terms in office? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Questions about Samba 3.x on AIX 4.3.3
-Original Message- From: James Kosin [mailto:[EMAIL PROTECTED] Sent: Thursday, October 30, 2008 11:12 PM To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: Re: [Samba] Questions about Samba 3.x on AIX 4.3.3 - Original Message - From: [EMAIL PROTECTED] Newsgroups: linux.samba Sent: Thursday, October 30, 2008 1:10 PM Subject: [Samba] Questions about Samba 3.x on AIX 4.3.3 I'm hoping someone could answer at least one of the following questions: 1. I don't understand the purpose of expfull or bigtoc. If I can compile/link without -bexpfull and -bbigtoc, will the resulting binaries be safe to use? 2. If it's not safe, what is the latest release of Samba that can be built without having a C99-compliant compiler? 3. What is the latest 'known buildable' version of Samba for AIX 4.3.3, and what build tools are required for success? Thanks, -Will Will, I know this is silly; but, have you tried compiling samba-3.0.6 from here ? http://us1.samba.org/samba/ftp/old-versions/ From what I can find now, 3.0.12pre1 didn't compile on AIX 4.3.3 so I'm making a good guess any version less than this may work well. I found may people with problems with AIX 4.3.3 and compiling various versions but didn't see any solutions. James, I did get that just in case that was the best I could do. I figure I could also try to backport the fsusage.c changes from 3.0.6 since they were minor. I have learned 2 things since I posted - one, if I disable winbind, ldap, ads, cups and readline + comment out the bexpfull and bbigtoc flags, I can build/install 3.0.32 without issue. I haven't tested it yet, but it may work. I also learned that the gnu ld on AIX is just a bad idea, and that it may be possible to tell gcc to use the IBM/AIX ld instead. I may try that later. Thanks for your reply. -Will -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about Samba 3.x on AIX 4.3.3
Hello, I realize that AIX 4.3.3 is a very old platform, but we have one such system which cannot be upgraded and requires Samba. We are currently using Samba 2.2.1a (!) and I'd like to upgrade to something more modern. This system participates in a Clearcase environment and we are trying to share an MVFS filesystem. Users complain that it takes a very long time (5+ minutes) to access this share, or that the access times out. I found a mailing list post describing a similar problem on Linux from 2004 here: http://lists.samba.org/archive/samba/2004-July/089889.html It doesn't look like Rational released a fix for this issue for the latest supported version of Clearcase on AIX 4.3.3. It does look like the Samba workaround appears in Samba 3.0.6. This is a newer version than the most recent binary package I am able to find for AIX 4.3.3, which is Samba 3.0.4. So I'm trying to compile the latest 3.0 and 3.2 versions without much success. I can't compile using the IBM compiler we have because it doesn't support C99 correctly and configure fails. Compiling smbd/ with gcc 2.95.2 or 3.3.4 succeeds, but the associated linker doesn't understand the -bexpfull or -bbigtoc targets and linking fails. If I comment these targets out in the Makefile, linking succeeds. I'm hoping someone could answer at least one of the following questions: 1. I don't understand the purpose of expfull or bigtoc. If I can compile/link without -bexpfull and -bbigtoc, will the resulting binaries be safe to use? 2. If it's not safe, what is the latest release of Samba that can be built without having a C99-compliant compiler? 3. What is the latest 'known buildable' version of Samba for AIX 4.3.3, and what build tools are required for success? Thanks, -Will -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about Samba 3.x on AIX 4.3.3
- Original Message - From: [EMAIL PROTECTED] Newsgroups: linux.samba Sent: Thursday, October 30, 2008 1:10 PM Subject: [Samba] Questions about Samba 3.x on AIX 4.3.3 Hello, I realize that AIX 4.3.3 is a very old platform, but we have one such system which cannot be upgraded and requires Samba. We are currently using Samba 2.2.1a (!) and I'd like to upgrade to something more modern. This system participates in a Clearcase environment and we are trying to share an MVFS filesystem. Users complain that it takes a very long time (5+ minutes) to access this share, or that the access times out. I found a mailing list post describing a similar problem on Linux from 2004 here: http://lists.samba.org/archive/samba/2004-July/089889.html It doesn't look like Rational released a fix for this issue for the latest supported version of Clearcase on AIX 4.3.3. It does look like the Samba workaround appears in Samba 3.0.6. This is a newer version than the most recent binary package I am able to find for AIX 4.3.3, which is Samba 3.0.4. So I'm trying to compile the latest 3.0 and 3.2 versions without much success. I can't compile using the IBM compiler we have because it doesn't support C99 correctly and configure fails. Compiling smbd/ with gcc 2.95.2 or 3.3.4 succeeds, but the associated linker doesn't understand the -bexpfull or -bbigtoc targets and linking fails. If I comment these targets out in the Makefile, linking succeeds. I'm hoping someone could answer at least one of the following questions: 1. I don't understand the purpose of expfull or bigtoc. If I can compile/link without -bexpfull and -bbigtoc, will the resulting binaries be safe to use? 2. If it's not safe, what is the latest release of Samba that can be built without having a C99-compliant compiler? 3. What is the latest 'known buildable' version of Samba for AIX 4.3.3, and what build tools are required for success? Thanks, -Will Will, I know this is silly; but, have you tried compiling samba-3.0.6 from here ? http://us1.samba.org/samba/ftp/old-versions/ From what I can find now, 3.0.12pre1 didn't compile on AIX 4.3.3 so I'm making a good guess any version less than this may work well. I found may people with problems with AIX 4.3.3 and compiling various versions but didn't see any solutions. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about Active Directory Password Cache overlay
Thanks to Buchan Milne, I'm looking into the Active Directory Password Cache overlay for OpenLDAP, which seems to offer more or less what I'm trying to do. Is anyone here experienced with it? Is this the right place to ask or is there an openLDAP overlays list? I understand this description of ADPC: Active Directory Password Cache === Active Directory does not provide any means to read user credentials on any public API. It is possible, to install additional libraries as password sniffer to catch and forward cleartext passwords on changes. In case you cannot or simply dont want to install such libraries, the Active Directory Password Cache overlay is your option. The Active Directory Password Cache overlay allows to mirror user account credentials without any modification on the AD server. It only takes one occasional simple bind authentication against the OpenLDAP server. If the credential has not been mirrored yet, the overlay uses the krbPrincipalName and the password provided by the user to perform a Kerberos init against the Active Directory. A successful Kerberos init guarantees a correct password for this principal, and therefor the bind finally succeeds. Within this overlay operation, the password gets encrypted with the default OpenLDAP hash alorithm and stored as userPassword attribute. There is an option to update the sambaNTPassword also (using code borrowed from Howard Chu's smbk5pwd overlay). All following simple bind authentications will first try these cached credentials, making the OpenLDAP server independent from AD. In case the user changes its password on the Active Directory server, the old password stays valid in OpenLDAP until the user first presents the new password for an simple bind. Within this bind operation, the overlay performs another Kerberos init and updates the cached credentials in OpenLDAP. It is clear to me that after a password change, that a failure to authenticate initiates a new auth attempt against the KDC, and if it succeeds, ADPC caches the passwd as a hash in OpenLDAP. But if Samba fails to authenticate against the hash stored in sambaNTPassword, is a new authentication attempt made against the KDC? And if it does, where does it get the passwd to hash (since Samba never gets the passwd in NTLM authentication)? Practically speaking, it seems that the password that the overlay hashes has to come from a source other than Samba. A web app? How have people used it in the past? W. -- Wes Modes Server Administrator Programmer Analyst McHenry Library Computing Network Services Information and Technology Services 459-5208 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about SIDs and sambaDomains
Hi, just two questions which I could not find precise answers for in web and books: When I have n samba servers, sharing the same LDAP tree, is that correct that I have n+1 sambaDomain entries in LDAP, one for each host and another one for the workgroup? Wouldn't a single doman entry be sufficient? Does the SID in the server's sambaDomain entry have to be the same as in the workgroup entry? Should all samba servers in a network sharing an LDAP tree have the same SID? regards Hadmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about using Winbind to auth linux users
Hi there, I have some questions about authenticating linux users against Active Directory 2003 using winbind. My server is a member of an AD 2003 domain. It is running Samba Version 3.0.23c-2.el5.2.0.2 on a RHEL5. First of all, authentication is working. But I have some smaller issues : * wbinfo -u is very, very slow when dumping AD users. About 30 seconds. Whereas wbinfo -g is instantaneous. How can I make it go faster ? I'm interested in this answer as I suspect it to be the root of all problems... * Using finger to have more infos about an AD user is also very slow. Probably a nss problem but... Almost sure it is related to the first question. * Using 'ls -al' on an AD user's home directory is very slow and gives unix permissions as follows : [EMAIL PROTECTED] CRBN]# ll total 4 drwx-- 4 CRBN\elesouef CRBN\ssiom 4096 sep 18 15:15 elesouef Is it possible to strip the domain part of these permissions ? * And finally, is it possible to restrict authentications to this AD Samba domain member to a particular OU, such as : OU=myOU,DC=crbn,DC=intra Thanks for your help. -- Emmanuel Lesouef CRBN | DSI t : 0231069671 e : [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about the new idmap interface
Hi, Thomas Blank schrieb: Is it the same problem I tried to explain here? http://lists.samba.org/archive/samba/2007-September/135060.html It looks like a bug to me as it works in 3.0.24 My problem seams something different. Here the account is located tough winbind from the trusted domain, but samba tries to search the accounts/groups in it's local LDAP tree. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about the new idmap interface
simo schrieb: Sorry if I already asked about this, do you see the TestGroup from PASING if you do a getent PASING\\TestGroup ? Do you mean a getent group from a member of the PASING domain? Yes. # getent group | grep TestGroup TestGroup:x:7500:muehlfeld From the MUC member server I also see the group trough winbind: # wbinfo -g | grep -i TestGroup PASING+testgroup If so there seem to be something fishy as from the log it seem to recognize this group comes from the trusted domain, but still tries to see if it is mapped with Group Mapping, might be a bug, need to drill more into it, and unfortunately, right now I don;t have a setup like yours to test. Just tell me what I could do for you to find what could be wrong. Regards Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about the new idmap interface
Is it the same problem I tried to explain here? http://lists.samba.org/archive/samba/2007-September/135060.html It looks like a bug to me as it works in 3.0.24 Regards, Thomas Marc Muehlfeld schrieb: simo schrieb: Sorry if I already asked about this, do you see the TestGroup from PASING if you do a getent PASING\\TestGroup ? Do you mean a getent group from a member of the PASING domain? Yes. # getent group | grep TestGroup TestGroup:x:7500:muehlfeld From the MUC member server I also see the group trough winbind: # wbinfo -g | grep -i TestGroup PASING+testgroup If so there seem to be something fishy as from the log it seem to recognize this group comes from the trusted domain, but still tries to see if it is mapped with Group Mapping, might be a bug, need to drill more into it, and unfortunately, right now I don;t have a setup like yours to test. Just tell me what I could do for you to find what could be wrong. Regards Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about the new idmap interface
Sorry if I already asked about this, do you see the TestGroup from PASING if you do a getent PASING\\TestGroup ? If so there seem to be something fishy as from the log it seem to recognize this group comes from the trusted domain, but still tries to see if it is mapped with Group Mapping, might be a bug, need to drill more into it, and unfortunately, right now I don;t have a setup like yours to test. Simo. On Wed, 2007-09-12 at 09:49 +0200, Marc Muehlfeld wrote: Hi, for easier explanation I used easy expressions on my last postings. Below I provide the original messages/logs, because I don't wanna confuse someone in this huge logfile. Just for explanation: MUC = First domain GENOME = PDC of MUC (Samba 3.0.22) OPERON = MemberServer in domain MUC (Samba 3.0.26a) IT-10 = Workstation in domain PASING (WinXP SP2) PASING = Second domain CODON = PDC of PASING (Samba 3.0.25c) simo schrieb: This is smbd trying to find the group in its SAM (which happens to be on LDAP as well). Are you sure you have a trust with DOM2 ? # net rpc trustdom list Trusted domains list: PASING S-1-5-21-1183370737-3874734740-1589004535 Trusting domains list: PASING S-1-5-21-1183370737-3874734740-1589004535 If so can you please provide the full file log, as before this call there may be useful information. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about the new idmap interface
Hi, for easier explanation I used easy expressions on my last postings. Below I provide the original messages/logs, because I don't wanna confuse someone in this huge logfile. Just for explanation: MUC = First domain GENOME = PDC of MUC (Samba 3.0.22) OPERON = MemberServer in domain MUC (Samba 3.0.26a) IT-10 = Workstation in domain PASING (WinXP SP2) PASING = Second domain CODON = PDC of PASING (Samba 3.0.25c) simo schrieb: This is smbd trying to find the group in its SAM (which happens to be on LDAP as well). Are you sure you have a trust with DOM2 ? # net rpc trustdom list Trusted domains list: PASING S-1-5-21-1183370737-3874734740-1589004535 Trusting domains list: PASING S-1-5-21-1183370737-3874734740-1589004535 If so can you please provide the full file log, as before this call there may be useful information. The information are out of the machine logfile when trying to access the share \\operon\intranet from it-10, a workstation of the trusted domain PASING. Because the log is to big (158Kb) for the mailing-list, I put it on a webserver: http://www.medical-genetics.de/samba-log.txt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about the new idmap interface
Hi, I tried to configure the new idmap interface. Currently without much success. I have two samba domains, trusting each other. Each PDC using it's own LDAP server. I tried idmap domains = DOM1, DOM2 idmap config DOM1:default = yes idmap config DOM1:backend = ldap idmap config DOM1:ldap_base_dn = ou=Idmap,dc=dom1,dc=mydomain,dc=de idmap config DOM1:ldap_url = ldap://192.168.0.1 idmap config DOM1:range = 1 - 2 idmap alloc backend = ldap idmap config DOM2:default = no idmap config DOM2:backend = ldap idmap config DOM2:ldap_base_dn = ou=Idmap,dc=dom2,dc=mydomain,dc=de idmap config DOM2:ldap_url = ldap://192.168.1.1 idmap config DOM2:range = 1 - 2 idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/false winbind nested groups = yes winbind cache time = 300 winbind nss info = template winbind use default domain = yes But then I have the problem, that samba used the ldap admin dn account and password for both LDAP server, but each have it's own. How can I configure a second password for my trusted domain? Is there any usefull documentation, best would be with different samples, of the new idmap interface? The manpage didn't helped me much for understanding this. Regards Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about the new idmap interface
On Tue, 2007-09-11 at 14:39 +0200, Marc Muehlfeld wrote: Hi, I tried to configure the new idmap interface. Currently without much success. I have two samba domains, trusting each other. Each PDC using it's own LDAP server. I tried idmap domains = DOM1, DOM2 idmap config DOM1:default = yes idmap config DOM1:backend = ldap idmap config DOM1:ldap_base_dn = ou=Idmap,dc=dom1,dc=mydomain,dc=de idmap config DOM1:ldap_url = ldap://192.168.0.1 idmap config DOM1:range = 1 - 2 idmap alloc backend = ldap ---^^ this is not enough, you have to explicitly configure the alloc backend For example: idmap alloc config:ldap_base_dn = ou=Idmap,dc=dom1,dc=mydomain,dc=de idmap alloc config:ldap_user_dn = the privileged user dn idmap alloc config:ldap_url = ldap://192.168.0.1 idmap alloc config:range = 1-2 idmap config DOM2:default = no idmap config DOM2:backend = ldap idmap config DOM2:ldap_base_dn = ou=Idmap,dc=dom2,dc=mydomain,dc=de idmap config DOM2:ldap_url = ldap://192.168.1.1 idmap config DOM2:range = 1 - 2 idmap uid = 1-2 idmap gid = 1-2 no need to add these if you use the new options winbind separator = + winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/false winbind nested groups = yes winbind cache time = 300 winbind nss info = template winbind use default domain = yes But then I have the problem, that samba used the ldap admin dn account and password for both LDAP server, but each have it's own. How can I configure a second password for my trusted domain? you have to specify the ldap_user_dn option for each domain and the use net idmap secret In your case probably net idmap secret DOM1 secret1 net idmap secret alloc secret1 net idmap secret DOM2 secret2 However if you read the man pages for idamp_ldap you will find all these informations. Is there any usefull documentation, best would be with different samples, of the new idmap interface? The manpage didn't helped me much for understanding this. Maybe because you didn't read the actually relevant man page: man idmap_ldap Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about the new idmap interface
Hi, I changed the settings in smb.conf according to your reply to: winbind separator = + winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/false winbind nested groups = yes winbind cache time = 300 winbind nss info = template winbind use default domain = yes idmap domains = DOM1, DOM2 idmap config DOM1:default = yes idmap config DOM1:backend = ldap idmap config DOM1:ldap_base_dn = ou=Idmap,dc=dom1,dc=mydomain,dc=de idmap config DOM1:ldap_url = ldap://192.168.0.1 idmap config DOM1:range= 1 - 2 idmap config DOM1:ldap_user_dn = uid=samba,ou=Users,dc=dom1,dc=mydomain,dc=de idmap config DOM2:default = no idmap config DOM2:backend = ldap idmap config DOM2:ldap_base_dn = ou=Idmap,dc=dom2,dc=mydomain,dc=de idmap config DOM2:ldap_url = ldap://192.168.1.1 idmap config DOM2:range= 1 - 2 idmap config DOM2:ldap_user_dn = uid=samba,ou=Users,dc=dom2,dc=mydomain,dc=de idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=Idmap,dc=dom1,dc=mydomain,dc=de idmap alloc config:ldap_user_dn = uid=samba,ou=Users,dc=dom1,dc=mydomain,dc=de idmap alloc config:ldap_url = ldap://192.168.0.1 idmap alloc config:range= 1-2 simo schrieb: In your case probably net idmap secret DOM1 secret1 net idmap secret alloc secret1 net idmap secret DOM2 secret2 However if you read the man pages for idamp_ldap you will find all these informations. I read it, but not the note where something about using net idmap is said for setting the password. I meanwhile set the secrets. Is there any usefull documentation, best would be with different samples, of the new idmap interface? The manpage didn't helped me much for understanding this. Maybe because you didn't read the actually relevant man page: man idmap_ldap For me it was very confusing for my trusted domain environment. Currently i'm not sure if I really need the two idmap configs. I just have the problem that I can't connect from a DOM2 workstation to a share on a MemberServer of DOM1. On this share I setup valid users = +DOM1\Group1 +DOM2\Group2. Connections from DOM1 workstations are fine (if I'm in Group1), but not from DOM2 (if I'm member of DOM2\Group2). It seems the group of the remote domain is searched inside the LDAP of DOM1 (why isn't winbind just getting the information from the responsible DC?). [2007/09/11 17:02:57, 5] lib/smbldap.c:smbldap_search_ext(1182) smbldap_search_ext: base = [ou=Groups,dc=dom1,dc=mydomain,dc=de], filter = [((objectClass=sambaGroupMapping)(|(displayName=TestGroup)(cn=TestGroup)))], scope = [2] [2007/09/11 17:02:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2235) ldapsam_getgroup: Did not find group [2007/09/11 17:02:57, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/09/11 17:02:57, 5] smbd/share_access.c:token_contains_name(118) lookup_name DOM2+Group2 failed [2007/09/11 17:02:57, 10] smbd/share_access.c:user_ok_token(211) User muehlfeld not in 'valid users' [2007/09/11 17:02:57, 2] smbd/service.c:make_connection_snum(616) user 'muehlfeld' (from session setup) not permitted to access this share (intranet) [2007/09/11 17:02:57, 3] smbd/error.c:error_packet_set(106) error packet at smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about the new idmap interface
On Tue, 2007-09-11 at 17:09 +0200, Marc Muehlfeld wrote: For me it was very confusing for my trusted domain environment. Currently i'm not sure if I really need the two idmap configs. I just have the problem that I can't connect from a DOM2 workstation to a share on a MemberServer of DOM1. On this share I setup valid users = +DOM1\Group1 +DOM2\Group2. Connections from DOM1 workstations are fine (if I'm in Group1), but not from DOM2 (if I'm member of DOM2\Group2). It seems the group of the remote domain is searched inside the LDAP of DOM1 (why isn't winbind just getting the information from the responsible DC?). [2007/09/11 17:02:57, 5] lib/smbldap.c:smbldap_search_ext(1182) smbldap_search_ext: base = [ou=Groups,dc=dom1,dc=mydomain,dc=de], filter = [((objectClass=sambaGroupMapping)(|(displayName=TestGroup)(cn=TestGroup)))], scope = [2] [2007/09/11 17:02:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2235) ldapsam_getgroup: Did not find group This specific error is not IDMAP related. This is smbd trying to find the group in its SAM (which happens to be on LDAP as well). Are you sure you have a trust with DOM2 ? If so can you please provide the full file log, as before this call there may be useful information. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about samba+LDAP
Hi, just three simple questions about samba+LDAP: Samba allows to configure several LDAP suffixes, ldap group suffix ldap idmap suffix ldap machine suffix ldap user suffix and the general ldap base with ldap suffix. But is there a way to configure a suffix for the sambaDomain objects? When I call pdbedit -L , it automatically creates a Domain for the machine, but directly under the ldap base, which is a little bit annoying, would like to have them in a subtree with ou=... Interestingly, the LDAP administration tool ldap-account-manager does keep the sambaDomains in a subtree separated with ou=..., but samba does not accept them. Second question: does pdbedit always create (and does samba always use) a sambaDomain object named after the netbios name? Third question: The configuration file for the smbldap tools allow to specify a slave LDAP just for the read access, and a master for write access, thus supporting LDAP replications. Does ldapsam support the same? regards Hadmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [questions] aio settings in smb.conf and compile options
hi, i just have some questions about specific (uncommon) compile options and aio-settings in smb.conf: Asynchronous IO Support === Experimental support for async IO has been added to smbd for certain platforms. To enable this new feature, Samba must be compiled to include the --with-aio-support configure option. In addition, the aio read size and aio write size to non-zero values. See the smb.conf(5) man page for more details on these settings. unfortunately i can´t find any documentation about this although it has been in the code since a while. Compile Options - what means/provides (more detailed please) ... ? == --with-cluster-support --with-automount BIG THX!! btw: what happened to john? is he still an active member of the samba team, ´cause i did not see any posts on the list for example?!?! -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [questions] aio settings in smb.conf and compile options
On Tue, Aug 01, 2006 at 09:17:04AM +0200, Michael Gasch wrote: --with-cluster-support That's an option to later enable all cluster features that we're working on. If you are interested in the current (VERY experimental) state of affairs look at the vl-messaging temporary svn branch. The idea is that with a clustered file system like GFS, OCFS, GPFS or some others you will be able to share the same file space transparently from all cluster nodes and have locking working properly. Right now we are discussing and designing ways to make the experimental support for that robust so that we don't depend on a single point of failure. Volker pgpJ9JfynMdV1.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [questions] aio settings in smb.conf and compile options
On Tue, Aug 01, 2006 at 09:17:04AM +0200, Michael Gasch wrote: hi, i just have some questions about specific (uncommon) compile options and aio-settings in smb.conf: Asynchronous IO Support === Experimental support for async IO has been added to smbd for certain platforms. To enable this new feature, Samba must be compiled to include the --with-aio-support configure option. In addition, the aio read size and aio write size to non-zero values. See the smb.conf(5) man page for more details on these settings. unfortunately i can´t find any documentation about this although it has been in the code since a while. Compile with --with-aio-support to enable this. Look in the source code smbd/aio.c. I haven't documented the parameters yet (thanks for the reminder, I'll try and get this done soon). They are : aio read size = bytes aio write size = bytes aio write behind = true|false Any reads/writes over bytes will be done via aio. It hasn't been turned on fully yet as some Linux's fake aio support using pthreads which makes smbd *slower* :-(. Kernel support for aio is still a little flakey - I need to spend some more time testing it. The biggest disappointment is that there seems to be no way to get Windows clients to pipeline more than one read or write on the wire. They simply stick with a request/response pair. smbclient will pipeline reads/writes though. Not sure about cifsfs - Stevef, any comments (or I'll just go look in the code :-). aio write behind was an attempt to see if we could fool Windows clients into pipelining. If set true, smbd *lies* about writes being done (and assumes the aio will always succeed) and returns early success to the client. Don't set this if you have *any* interest in your data :-). Compile Options - what means/provides (more detailed please) ... ? == --with-cluster-support --with-automount Volker knows more about these. BIG THX!! btw: what happened to john? is he still an active member of the samba team, ´cause i did not see any posts on the list for example?!?! John is now working at AMD, who keep him rather busy on his day job :-). He still wants to keep active but it's easier said than done :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [questions] aio settings in smb.conf and compile options
thx to jeremy and volker for your quick and detailed response (as usual)... if someone has any explanation for --with-automount i would appreciate this as well :) i'm just trying to explore samba features i recognized but often can't interpret there meaning. @jeremy looks like you took over john's part since you seem to be more present on the list than before :-D (could be too much imagition, though) cheerz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [questions] aio settings in smb.conf and compile options
IIRC --with-automount should automount the home directory when a user steps in. Simo. On Tue, 2006-08-01 at 20:52 +0200, Michael Gasch wrote: thx to jeremy and volker for your quick and detailed response (as usual)... if someone has any explanation for --with-automount i would appreciate this as well :) i'm just trying to explore samba features i recognized but often can't interpret there meaning. @jeremy looks like you took over john's part since you seem to be more present on the list than before :-D (could be too much imagition, though) cheerz -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [questions] aio settings in smb.conf and compile options
On Tue, Aug 01, 2006 at 08:52:27PM +0200, Michael Gasch wrote: @jeremy looks like you took over john's part since you seem to be more present on the list than before :-D (could be too much imagition, though) Nah, no one can replace John :-). I'm just trying to keep answering questions as usual (modulo working for a living :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [questions] aio settings in smb.conf and compile options
On Tue, Aug 01, 2006 at 03:05:06PM -0400, simo wrote: IIRC --with-automount should automount the home directory when a user steps in. I'm afraid, this is not what it does. man smb.conf says %N the name of your NIS home directory server. This is obtained from your NIS auto.map entry. If you have not compiled Samba with the --with-automount option then this value will be the same as %. Looking at the code it also needs the undocumented parameter 'nis home map' to be true. Volker pgpuZ970dFBzr.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [questions] aio settings in smb.conf and compile options
On Tue, 2006-08-01 at 21:20 +0200, Volker Lendecke wrote: On Tue, Aug 01, 2006 at 03:05:06PM -0400, simo wrote: IIRC --with-automount should automount the home directory when a user steps in. I'm afraid, this is not what it does. man smb.conf says %N the name of your NIS home directory server. This is obtained from your NIS auto.map entry. If you have not compiled Samba with the --with-automount option then this value will be the same as %. Looking at the code it also needs the undocumented parameter 'nis home map' to be true. Right, reading the code it also looks up where your NIS home directory is using yp calls when %p is used. This configure option name is really misleading imo. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about roaming profiles
I am toiling with the idea of using the roaming profiles. I do not want to just 'turn it on' however; Can they be enabled or disabled on a per user basis? Is this a Samba configuration or workstation thing? If either what do I need to change? I only want to make a 'test' user to try roaming profiles out with. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
AW: [Samba] Questions about sub-folders, access...?
Hi, Am Wed, 22 Feb 2006 09:00:21 +0100 schrieb Alberto Moreno: Hi people, iam testing samba3 on freebsd 5.4, i install samba from ports with no problems, i have this simple smb.conf file: [global] workgroup = WORKGROUP netbios name = FREEBSD server string = Samba Server FreeBSD security = user encrypt passwords = yes [public] comment = %h Shared Public Directory path = /opt/test force directory mode = 0777 force create mode = 0777 force group = nobody force user = nobody public = yes writeable = yes read only = no My problem right now is that i want to create one folder with the user X inside this share and give access to user Y to that sub-folder, them i create the folder with the user X from windows 2000, smbd create the folder with this permisions: what do you mean when saying with the user x inside this share? root# getfacl test #file:test #owner:65534 #group:0 user::rwx group::rwx other::rwx The owner is nobody like the smb.conf say, the group 0 is wheel, ok here everybody can access the folder, but what about if i only want to give access to the owner(X user) and the user Y...? so why creating force user 0777? best method would be creating a group which is supposed to have access to that specific folder, placing all users into that group and then setting the rights.for example create group test, make user x and user y be a member of the group. then: setfacl -R -m g:test:rwx test and if you want this group to have access to all files and folders createt later on in this folder then in adition setfacl -d -R -m g:test:rwx test Ok, after rading some docs, i do this: Go to freebsd login with root and change the folder rights: root# chown X:Y /opt/test/NewFolder root# chmod 770 /opt/test/NewFolder Now user X or Y if try to access the folder from windows 2000 smbd say \\Freebsd\public\test is not accessible Access is denied I have been reading the samba 3 by examples book 10.3.3 Share Point Directory and File Permisions, but didnt find the answer, and the chapter 15 of the samba how-to but they speak about the smb.conf shares, and i want to apply this to sub-folders i create inside of samba shares...? I think this can be done inside the Unix/Linux box with the root user but i still dont find the way, what i forget...? Hope you can help me people, thanks all for your time!!! hth torsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about sub-folders, access...?
On 2/22/06, Alberto Moreno [EMAIL PROTECTED] wrote: Hi people, iam testing samba3 on freebsd 5.4, i install samba from ports with no problems, i have this simple smb.conf file: [global] workgroup = WORKGROUP netbios name = FREEBSD server string = Samba Server FreeBSD security = user encrypt passwords = yes [public] comment = %h Shared Public Directory path = /opt/test force directory mode = 0777 force create mode = 0777 force group = nobody force user = nobody public = yes writeable = yes read only = no My problem right now is that i want to create one folder with the user X inside this share and give access to user Y to that sub-folder, them i create the folder with the user X from windows 2000, smbd create the folder with this permisions: root# getfacl test #file:test #owner:65534 #group:0 user::rwx group::rwx other::rwx The owner is nobody like the smb.conf say, the group 0 is wheel, ok here everybody can access the folder, but what about if i only want to give access to the owner(X user) and the user Y...? Ok, after rading some docs, i do this: Go to freebsd login with root and change the folder rights: root# chown X:Y /opt/test/NewFolder root# chmod 770 /opt/test/NewFolder Now user X or Y if try to access the folder from windows 2000 smbd say \\Freebsd\public\test is not accessible Access is denied yes, maybe access denied because you connect to public as user nobody and then you access a subfolder in it where only user:group X:Y has the permission. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about sub-folders, access...?
Hi people, iam testing samba3 on freebsd 5.4, i install samba from ports with no problems, i have this simple smb.conf file: [global] workgroup = WORKGROUP netbios name = FREEBSD server string = Samba Server FreeBSD security = user encrypt passwords = yes [public] comment = %h Shared Public Directory path = /opt/test force directory mode = 0777 force create mode = 0777 force group = nobody force user = nobody public = yes writeable = yes read only = no My problem right now is that i want to create one folder with the user X inside this share and give access to user Y to that sub-folder, them i create the folder with the user X from windows 2000, smbd create the folder with this permisions: root# getfacl test #file:test #owner:65534 #group:0 user::rwx group::rwx other::rwx The owner is nobody like the smb.conf say, the group 0 is wheel, ok here everybody can access the folder, but what about if i only want to give access to the owner(X user) and the user Y...? Ok, after rading some docs, i do this: Go to freebsd login with root and change the folder rights: root# chown X:Y /opt/test/NewFolder root# chmod 770 /opt/test/NewFolder Now user X or Y if try to access the folder from windows 2000 smbd say \\Freebsd\public\test is not accessible Access is denied I have been reading the samba 3 by examples book 10.3.3 Share Point Directory and File Permisions, but didnt find the answer, and the chapter 15 of the samba how-to but they speak about the smb.conf shares, and i want to apply this to sub-folders i create inside of samba shares...? I think this can be done inside the Unix/Linux box with the root user but i still dont find the way, what i forget...? Hope you can help me people, thanks all for your time!!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Questions about file system support in Samba
I tried to access these shares from Windows XP Pro SP2 and got identical results. Ext3 filesystems smaller than 2 GB work fine. Anything bigger than 2 GB and xfs filesystems of any size fails. I guess I'm going to have to resort to reading code, posting on bugzilla as a bug and maybe switching to a Windows based server. I really need to get this system up and doing its intended job. I'd really like to hear from someone that they are actually exporting ext3 filesystems larger than 2 GB and xfs filesystems and it's working. If they're doing so with the Fedora core 4 release, that would definitely point to something strange here. Smitty Hibbard T. Smith, JR [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Craig White Sent: Saturday, February 04, 2006 12:29 PM To: samba@lists.samba.org Subject: Re: [Samba] Questions about file system support in Samba On Sat, 2006-02-04 at 12:00 -0500, Hibbard Smith wrote: I'm a relative newcomer to Samba, but very experienced with computers and linux. I'm attempting to build a file/backup server for a small shop. I'm using Fedora core 4 and samba on a system with a 2.1 TB RAID 50 array formatted as 1 very large xfs partition. I want to share directories (folders) within the partition with a few Windows XP-Pro SP2 systems which are our primary work-stations. Currently I'm running samba-3.0.21b. I started with the 3.0.14 that was released with FC4, but upgraded to the latest and greatest when I couldn't make the original work correctly. The kernel has also been upgraded to the Fedora released 2.6.14.1-1656-FC4- SMP. Our business is primarily imaging and video. A large percentage of our files are over 2 GB with some way over that. Therefore, the only way this could be useful is with very large shared file systems. Here are the issues and my questions: When I try to share this large partition (2.1 TB xfs) and use smbclient to access it, the log records an error which states that the share doesn't exist or can't be accessed The error was access denied. I've made the share mode 0777 just to make sure permissions wouldn't get in the way. If I move the share to an ext3 file system that's smaller than 2 GB it works correctly. Any file system over 2 GB or any size xfs file system produces the error. I haven't even tried to access the shares from a Windows system yet, I'm just using smbclient on the Fedora system. I'm pretty sure I've got the config and permissions right because just changing the share to an ext3 file system under 2 GB works fine. So, here's my question(s): 1) Does samba work with xfs file systems? 2) Does samba work with large file systems (2 GB +)? 3) If the answer to the above is yes, what might I be doing wrong? I haven't been able to find limits documented anywhere. However, I see a great deal of discussion on the web about files over 2 GB along with suggestions that they work fine. This would imply that file systems of over 2 GB must work okay. I've also seen much discussion which would suggest that xfs works fine also. All this discussion seems to indicate that I've got something wrong. I'm just not sure what it is or how to proceed. I have turned samba debugging up and the logs show that the correct user/group is being used and that case is working okay. So, I'm really confused and I sure would appreciate any help. I really need to get this done and I don't like the alternative (Windows Server 2003). I don't use smbclient much at all but am of the belief that smbclient application would use an smbfs type mount and my understanding is that an smbfs mount would error on files 2Gb whereas the cifs mount would not. samba should have no problems with filesystem of that size. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Questions about file system support in Samba
If I remember correctly from the documents I have read on samba.org the smb client will only allow up to 2gig of information and for anything larger than this you need to use cifs client. Most of our shares don't excede 2 gig so I haven't set this up myself but there is some good documentation on how to do this and I have seen lots of postings saying that with cifs they had no problems with large files Chris Hibbard Smith [EMAIL PROTECTED] 02/05/06 8:18 AM I tried to access these shares from Windows XP Pro SP2 and got identical results. Ext3 filesystems smaller than 2 GB work fine. Anything bigger than 2 GB and xfs filesystems of any size fails. I guess I'm going to have to resort to reading code, posting on bugzilla as a bug and maybe switching to a Windows based server. I really need to get this system up and doing its intended job. I'd really like to hear from someone that they are actually exporting ext3 filesystems larger than 2 GB and xfs filesystems and it's working. If they're doing so with the Fedora core 4 release, that would definitely point to something strange here. Smitty Hibbard T. Smith, JR [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Craig White Sent: Saturday, February 04, 2006 12:29 PM To: samba@lists.samba.org Subject: Re: [Samba] Questions about file system support in Samba On Sat, 2006-02-04 at 12:00 -0500, Hibbard Smith wrote: I'm a relative newcomer to Samba, but very experienced with computers and linux. I'm attempting to build a file/backup server for a small shop. I'm using Fedora core 4 and samba on a system with a 2.1 TB RAID 50 array formatted as 1 very large xfs partition. I want to share directories (folders) within the partition with a few Windows XP-Pro SP2 systems which are our primary work-stations. Currently I'm running samba-3.0.21b. I started with the 3.0.14 that was released with FC4, but upgraded to the latest and greatest when I couldn't make the original work correctly. The kernel has also been upgraded to the Fedora released 2.6.14.1-1656-FC4- SMP. Our business is primarily imaging and video. A large percentage of our files are over 2 GB with some way over that. Therefore, the only way this could be useful is with very large shared file systems. Here are the issues and my questions: When I try to share this large partition (2.1 TB xfs) and use smbclient to access it, the log records an error which states that the share doesn't exist or can't be accessed The error was access denied. I've made the share mode 0777 just to make sure permissions wouldn't get in the way. If I move the share to an ext3 file system that's smaller than 2 GB it works correctly. Any file system over 2 GB or any size xfs file system produces the error. I haven't even tried to access the shares from a Windows system yet, I'm just using smbclient on the Fedora system. I'm pretty sure I've got the config and permissions right because just changing the share to an ext3 file system under 2 GB works fine. So, here's my question(s): 1) Does samba work with xfs file systems? 2) Does samba work with large file systems (2 GB +)? 3) If the answer to the above is yes, what might I be doing wrong? I haven't been able to find limits documented anywhere. However, I see a great deal of discussion on the web about files over 2 GB along with suggestions that they work fine. This would imply that file systems of over 2 GB must work okay. I've also seen much discussion which would suggest that xfs works fine also. All this discussion seems to indicate that I've got something wrong. I'm just not sure what it is or how to proceed. I have turned samba debugging up and the logs show that the correct user/group is being used and that case is working okay. So, I'm really confused and I sure would appreciate any help. I really need to get this done and I don't like the alternative (Windows Server 2003). I don't use smbclient much at all but am of the belief that smbclient application would use an smbfs type mount and my understanding is that an smbfs mount would error on files 2Gb whereas the cifs mount would not. samba should have no problems with filesystem of that size. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about file system support in Samba
[EMAIL PROTECTED] wrote: I tried to access these shares from Windows XP Pro SP2 and got identical results. Ext3 filesystems smaller than 2 GB work fine. Anything bigger than 2 GB and xfs filesystems of any size fails. I guess I'm going to have to resort to reading code, posting on bugzilla as a bug and maybe switching to a Windows based server. I really need to get this system up and doing its intended job. I'd really like to hear from someone that they are actually exporting ext3 filesystems larger than 2 GB and xfs filesystems and it's working. If they're doing so with the Fedora core 4 release, that would definitely point to something strange here. Smitty Hibbard T. Smith, JR [EMAIL PROTECTED] Samba works fine with xfs. I have xfs volumes up to 12 TB on a Mandriva system and export Samba shares on that volume without issue. Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about file system support in Samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hibbard Smith a écrit : I tried to access these shares from Windows XP Pro SP2 and got identical results. Ext3 filesystems smaller than 2 GB work fine. Anything bigger than 2 GB and xfs filesystems of any size fails. I guess I'm going to have to resort to reading code, posting on bugzilla as a bug and maybe switching to a Windows based server. I really need to get this system up and doing its intended job. I'd really like to hear from someone that they are actually exporting ext3 filesystems larger than 2 GB and xfs filesystems and it's working. If they're doing so with the Fedora core 4 release, that would definitely point to something strange here. Smitty Hibbard T. Smith, JR [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Craig White Sent: Saturday, February 04, 2006 12:29 PM To: samba@lists.samba.org Subject: Re: [Samba] Questions about file system support in Samba On Sat, 2006-02-04 at 12:00 -0500, Hibbard Smith wrote: I'm a relative newcomer to Samba, but very experienced with computers and linux. I'm attempting to build a file/backup server for a small shop. I'm using Fedora core 4 and samba on a system with a 2.1 TB RAID 50 array formatted as 1 very large xfs partition. I want to share directories (folders) within the partition with a few Windows XP-Pro SP2 systems which are our primary work-stations. Currently I'm running samba-3.0.21b. I started with the 3.0.14 that was released with FC4, but upgraded to the latest and greatest when I couldn't make the original work correctly. The kernel has also been upgraded to the Fedora released 2.6.14.1-1656-FC4- SMP. Our business is primarily imaging and video. A large percentage of our files are over 2 GB with some way over that. Therefore, the only way this could be useful is with very large shared file systems. Here are the issues and my questions: When I try to share this large partition (2.1 TB xfs) and use smbclient to access it, the log records an error which states that the share doesn't exist or can't be accessed The error was access denied. I've made the share mode 0777 just to make sure permissions wouldn't get in the way. If I move the share to an ext3 file system that's smaller than 2 GB it works correctly. Any file system over 2 GB or any size xfs file system produces the error. I haven't even tried to access the shares from a Windows system yet, I'm just using smbclient on the Fedora system. I'm pretty sure I've got the config and permissions right because just changing the share to an ext3 file system under 2 GB works fine. So, here's my question(s): 1) Does samba work with xfs file systems? 2) Does samba work with large file systems (2 GB +)? 3) If the answer to the above is yes, what might I be doing wrong? I haven't been able to find limits documented anywhere. However, I see a great deal of discussion on the web about files over 2 GB along with suggestions that they work fine. This would imply that file systems of over 2 GB must work okay. I've also seen much discussion which would suggest that xfs works fine also. All this discussion seems to indicate that I've got something wrong. I'm just not sure what it is or how to proceed. I have turned samba debugging up and the logs show that the correct user/group is being used and that case is working okay. So, I'm really confused and I sure would appreciate any help. I really need to get this done and I don't like the alternative (Windows Server 2003). I don't use smbclient much at all but am of the belief that smbclient application would use an smbfs type mount and my understanding is that an smbfs mount would error on files 2Gb whereas the cifs mount would not. samba should have no problems with filesystem of that size. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba What exactly is the error in samba log ? Can you verify the mount point description and the right of directory that you want to share. Could you send your smb.conf ? - -- Stéphane Purnelle [EMAIL PROTECTED] Site Web : http://www.linuxplusvalue.be -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD5i3x8tswkE3d0ecRAjW6AKCECSCwE8EBt1XY8F0lY1cgBkco8wCfU4kD oQJ7MUPDsGpQuLvAkd08IUQ= =unoZ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Questions about file system support in Samba
Thank you for this. I have a couple questions. I hope you don't mind. Do you access the shares with smbclient and Windows XP Pro(SP2)? What version is your kernel (mines 2.6.14 or 2.6.11) and samba (I've tried 3.0.14 and 3.0.21b)? Smitty Hibbard T. Smith, JR [EMAIL PROTECTED] -Original Message- From: andy liebman [mailto:[EMAIL PROTECTED] Sent: Sunday, February 05, 2006 11:02 AM To: [EMAIL PROTECTED] Cc: 'Craig White'; samba@lists.samba.org Subject: Re: [Samba] Questions about file system support in Samba [EMAIL PROTECTED] wrote: I tried to access these shares from Windows XP Pro SP2 and got identical results. Ext3 filesystems smaller than 2 GB work fine. Anything bigger than 2 GB and xfs filesystems of any size fails. I guess I'm going to have to resort to reading code, posting on bugzilla as a bug and maybe switching to a Windows based server. I really need to get this system up and doing its intended job. I'd really like to hear from someone that they are actually exporting ext3 filesystems larger than 2 GB and xfs filesystems and it's working. If they're doing so with the Fedora core 4 release, that would definitely point to something strange here. Smitty Hibbard T. Smith, JR [EMAIL PROTECTED] Samba works fine with xfs. I have xfs volumes up to 12 TB on a Mandriva system and export Samba shares on that volume without issue. Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Questions about file system support in Samba
Here it is. As I said, I'm new at Samba. This is really borrowed from the sample provided with FC4. I've edited out everything that I had commented out and the commentary in the interest of size. Thank you all for all the help. [global] netbios name = Shadow1 workgroup = LANGROUP log level = 2 server string = Samba Server printcap name = /etc/printcap load printers = yes log file = /var/log/samba/%m.log max log size = 50 security = user password level = 8 username level = 8 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no #= Share Definitions = idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no username map = /etc/samba/smbusers security = user ; encrypt passwords = yes ; guest ok = no ; guest account = nobody [homes] comment = Home Directories browseable = no writeable = yes printable = no [tmp] comment = Temporary file space path = /tmp read only = no ; public = yes [public] path = /TheArray writeable = yes browseable = yes ; guest ok = yes ; public = yes valid users = judith smitty printable = no Hopefully, this isn't too screwed up! Thanks again, Smitty Hibbard T. Smith, JR [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Stéphane Purnelle Sent: Sunday, February 05, 2006 11:55 AM To: samba@lists.samba.org Subject: Re: [Samba] Questions about file system support in Samba -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hibbard Smith a écrit : I tried to access these shares from Windows XP Pro SP2 and got identical results. Ext3 filesystems smaller than 2 GB work fine. Anything bigger than 2 GB and xfs filesystems of any size fails. I guess I'm going to have to resort to reading code, posting on bugzilla as a bug and maybe switching to a Windows based server. I really need to get this system up and doing its intended job. I'd really like to hear from someone that they are actually exporting ext3 filesystems larger than 2 GB and xfs filesystems and it's working. If they're doing so with the Fedora core 4 release, that would definitely point to something strange here. Smitty Hibbard T. Smith, JR [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Craig White Sent: Saturday, February 04, 2006 12:29 PM To: samba@lists.samba.org Subject: Re: [Samba] Questions about file system support in Samba On Sat, 2006-02-04 at 12:00 -0500, Hibbard Smith wrote: I'm a relative newcomer to Samba, but very experienced with computers and linux. I'm attempting to build a file/backup server for a small shop. I'm using Fedora core 4 and samba on a system with a 2.1 TB RAID 50 array formatted as 1 very large xfs partition. I want to share directories (folders) within the partition with a few Windows XP-Pro SP2 systems which are our primary work-stations. Currently I'm running samba-3.0.21b. I started with the 3.0.14 that was released with FC4, but upgraded to the latest and greatest when I couldn't make the original work correctly. The kernel has also been upgraded to the Fedora released 2.6.14.1-1656- FC4- SMP. Our business is primarily imaging and video. A large percentage of our files are over 2 GB with some way over that. Therefore, the only way this could be useful is with very large shared file systems. Here are the issues and my questions: When I try to share this large partition (2.1 TB xfs) and use smbclient to access it, the log records an error which states that the share doesn't exist or can't be accessed The error was access denied. I've made the share mode 0777 just to make sure permissions wouldn't get in the way. If I move the share to an ext3 file system that's smaller than 2 GB it works correctly. Any file system over 2 GB or any size xfs file system produces the error. I haven't even tried to access the shares from a Windows system yet, I'm just using smbclient on the Fedora system. I'm pretty sure I've got the config and permissions right because just changing the share to an ext3 file system under 2 GB works fine. So, here's my question(s): 1) Does samba work with xfs file systems? 2) Does samba work with large file systems (2 GB +)? 3) If the answer to the above is yes, what might I be doing wrong? I haven't been able to find limits documented anywhere. However, I
Re: [Samba] Questions about file system support in Samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hibbard Smith a écrit : Here it is. As I said, I'm new at Samba. This is really borrowed from the sample provided with FC4. I've edited out everything that I had commented out and the commentary in the interest of size. Thank you all for all the help. Here, your smb.conf with some corrections : [global] netbios name = Shadow1 workgroup = LANGROUP log level = 5 # for debug, it's better, for prod : 1 server string = Samba Server printcap name = /etc/printcap load printers = yes log file = /var/log/samba/%m.log max log size = 50 security = user password level = 8 username level = 8 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no #= Share Definitions = # idmap uid = 16777216-33554431 # idmap gid = 16777216-33554431 #template shell = /bin/false # winbind use default domain = no # username map = /etc/samba/smbusers # security = user # double #encrypt passwords = yes # double ;guest ok = no ;guest account = nobody [homes] comment = Home Directories browseable = no writeable = yes printable = no [tmp] comment = Temporary file space path = /tmp read only = no ; public = yes [public] path = /TheArray writeable = yes browseable = yes ;guest ok = yes ;public = yes valid users = judith smitty # Theses users exists in passwd and smbpasswd ? # printable = no Could you send the content of the mount command and show me the line with display the mount of /TheArray (the xfs FS). And also the content of log file after a test. Hopefully, this isn't too screwed up! Thanks again, Smitty Hibbard T. Smith, JR [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Stéphane Purnelle Sent: Sunday, February 05, 2006 11:55 AM To: samba@lists.samba.org Subject: Re: [Samba] Questions about file system support in Samba Hibbard Smith a écrit : I tried to access these shares from Windows XP Pro SP2 and got identical results. Ext3 filesystems smaller than 2 GB work fine. Anything bigger than 2 GB and xfs filesystems of any size fails. I guess I'm going to have to resort to reading code, posting on bugzilla as a bug and maybe switching to a Windows based server. I really need to get this system up and doing its intended job. I'd really like to hear from someone that they are actually exporting ext3 filesystems larger than 2 GB and xfs filesystems and it's working. If they're doing so with the Fedora core 4 release, that would definitely point to something strange here. Smitty Hibbard T. Smith, JR [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Craig White Sent: Saturday, February 04, 2006 12:29 PM To: samba@lists.samba.org Subject: Re: [Samba] Questions about file system support in Samba On Sat, 2006-02-04 at 12:00 -0500, Hibbard Smith wrote: I'm a relative newcomer to Samba, but very experienced with computers and linux. I'm attempting to build a file/backup server for a small shop. I'm using Fedora core 4 and samba on a system with a 2.1 TB RAID 50 array formatted as 1 very large xfs partition. I want to share directories (folders) within the partition with a few Windows XP-Pro SP2 systems which are our primary work-stations. Currently I'm running samba-3.0.21b. I started with the 3.0.14 that was released with FC4, but upgraded to the latest and greatest when I couldn't make the original work correctly. The kernel has also been upgraded to the Fedora released 2.6.14.1-1656- FC4- SMP. Our business is primarily imaging and video. A large percentage of our files are over 2 GB with some way over that. Therefore, the only way this could be useful is with very large shared file systems. Here are the issues and my questions: When I try to share this large partition (2.1 TB xfs) and use smbclient to access it, the log records an error which states that the share doesn't exist or can't be accessed The error was access denied. I've made the share mode 0777 just to make sure permissions wouldn't get in the way. If I move the share to an ext3 file system that's smaller than 2 GB it works correctly. Any file system over 2 GB or any size xfs file system produces the error. I haven't even tried to access the shares from a Windows system yet, I'm just using smbclient on the Fedora system. I'm pretty sure I've got the config and permissions right because just changing the share to an ext3 file system under 2 GB works fine. So, here's my question(s): 1) Does samba work with xfs file systems? 2) Does samba work with large file
RE: [Samba] Questions about file system support in Samba
On Sun, 2006-02-05 at 08:30 -0700, Chris Lounsbury wrote: If I remember correctly from the documents I have read on samba.org the smb client will only allow up to 2gig of information and for anything larger than this you need to use cifs client. Most of our shares don't excede 2 gig so I haven't set this up myself but there is some good documentation on how to do this and I have seen lots of postings saying that with cifs they had no problems with large files Chris This thread is getting a big out of control. The 2GB limitation applies if your OS is so limited and to smbfs, the deprecated Linux kernel module. Indeed, for those needing a Linux kernel filesystem, we always suggest cifsvfs over smbfs, particularly given recent enhancements. smbclient does not use smbfs, so does not suffer this limitation. The server is not limited either, except in both cases by your OS, or a failure to correctly detect the capabilities of your OS (unlikely, but possible). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about file system support in Samba
I'm a relative newcomer to Samba, but very experienced with computers and linux. I'm attempting to build a file/backup server for a small shop. I'm using Fedora core 4 and samba on a system with a 2.1 TB RAID 50 array formatted as 1 very large xfs partition. I want to share directories (folders) within the partition with a few Windows XP-Pro SP2 systems which are our primary work-stations. Currently I'm running samba-3.0.21b. I started with the 3.0.14 that was released with FC4, but upgraded to the latest and greatest when I couldn't make the original work correctly. The kernel has also been upgraded to the Fedora released 2.6.14.1-1656-FC4-SMP. Our business is primarily imaging and video. A large percentage of our files are over 2 GB with some way over that. Therefore, the only way this could be useful is with very large shared file systems. Here are the issues and my questions: When I try to share this large partition (2.1 TB xfs) and use smbclient to access it, the log records an error which states that the share doesn't exist or can't be accessed The error was access denied. I've made the share mode 0777 just to make sure permissions wouldn't get in the way. If I move the share to an ext3 file system that's smaller than 2 GB it works correctly. Any file system over 2 GB or any size xfs file system produces the error. I haven't even tried to access the shares from a Windows system yet, I'm just using smbclient on the Fedora system. I'm pretty sure I've got the config and permissions right because just changing the share to an ext3 file system under 2 GB works fine. So, here's my question(s): 1) Does samba work with xfs file systems? 2) Does samba work with large file systems (2 GB +)? 3) If the answer to the above is yes, what might I be doing wrong? I haven't been able to find limits documented anywhere. However, I see a great deal of discussion on the web about files over 2 GB along with suggestions that they work fine. This would imply that file systems of over 2 GB must work okay. I've also seen much discussion which would suggest that xfs works fine also. All this discussion seems to indicate that I've got something wrong. I'm just not sure what it is or how to proceed. I have turned samba debugging up and the logs show that the correct user/group is being used and that case is working okay. So, I'm really confused and I sure would appreciate any help. I really need to get this done and I don't like the alternative (Windows Server 2003). Smitty Hibbard T. Smith, JR [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about file system support in Samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hibbard Smith a écrit : I'm a relative newcomer to Samba, but very experienced with computers and linux. I'm attempting to build a file/backup server for a small shop. I'm using Fedora core 4 and samba on a system with a 2.1 TB RAID 50 array formatted as 1 very large xfs partition. I want to share directories (folders) within the partition with a few Windows XP-Pro SP2 systems which are our primary work-stations. Currently I'm running samba-3.0.21b. I started with the 3.0.14 that was released with FC4, but upgraded to the latest and greatest when I couldn't make the original work correctly. The kernel has also been upgraded to the Fedora released 2.6.14.1-1656-FC4-SMP. Our business is primarily imaging and video. A large percentage of our files are over 2 GB with some way over that. Therefore, the only way this could be useful is with very large shared file systems. Here are the issues and my questions: When I try to share this large partition (2.1 TB xfs) and use smbclient to access it, the log records an error which states that the share doesn't exist or can't be accessed The error was access denied. I've made the share mode 0777 just to make sure permissions wouldn't get in the way. If I move the share to an ext3 file system that's smaller than 2 GB it works correctly. Any file system over 2 GB or any size xfs file system produces the error. I haven't even tried to access the shares from a Windows system yet, I'm just using smbclient on the Fedora system. I'm pretty sure I've got the config and permissions right because just changing the share to an ext3 file system under 2 GB works fine. It's maybe a bug in smbclient ? With a windows client, have you this problem ? what says smbclient -L ? The user which try to acces to this share is correcly configured ? I suppose that the answer is YES. So, here's my question(s): 1) Does samba work with xfs file systems? YES, My PDC/File print server use two XFS partition. 2) Does samba work with large file systems (2 GB +)? Yes 3) If the answer to the above is yes, what might I be doing wrong? I haven't been able to find limits documented anywhere. However, I see a great deal of discussion on the web about files over 2 GB along with suggestions that they work fine. This would imply that file systems of over 2 GB must work okay. I've also seen much discussion which would suggest that xfs works fine also. All this discussion seems to indicate that I've got something wrong. I'm just not sure what it is or how to proceed. I have turned samba debugging up and the logs show that the correct user/group is being used and that case is working okay. So, I'm really confused and I sure would appreciate any help. I really need to get this done and I don't like the alternative (Windows Server 2003). Smitty Hibbard T. Smith, JR [EMAIL PROTECTED] - -- Stéphane Purnelle [EMAIL PROTECTED] Site Web : http://www.linuxplusvalue.be -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD5N/O8tswkE3d0ecRAmW0AJ4ggfuZ3KvfHD+tnJCNLx8sUgfNhgCfVrUL Y24RDN1T93CrVKl3DFVdui8= =rKo4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about file system support in Samba
On Sat, Feb 04, 2006 at 12:00:50PM -0500, Hibbard Smith wrote: So, here's my question(s): 1) Does samba work with xfs file systems? Yes. 2) Does samba work with large file systems (2 GB +)? Yes. 3) If the answer to the above is yes, what might I be doing wrong? Looks like a bad definition in smb.conf or an authentication issue to me. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Questions about file system support in Samba
Thanks Stephane, That says I definitely have something very wrong. I guess I'll start with my smb.conf file and try to cut out all the junk. I started from the sample provided with FC4 and that's got a lot of extras in it (mostly commented out). I think I'll try to build a simple one from scratch and see if I can't get this going. Thanks for the help! Smitty Hibbard T. Smith, JR [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Stéphane Purnelle Sent: Saturday, February 04, 2006 12:10 PM To: samba@lists.samba.org Subject: Re: [Samba] Questions about file system support in Samba -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hibbard Smith a écrit : I'm a relative newcomer to Samba, but very experienced with computers and linux. I'm attempting to build a file/backup server for a small shop. I'm using Fedora core 4 and samba on a system with a 2.1 TB RAID 50 array formatted as 1 very large xfs partition. I want to share directories (folders) within the partition with a few Windows XP-Pro SP2 systems which are our primary work-stations. Currently I'm running samba-3.0.21b. I started with the 3.0.14 that was released with FC4, but upgraded to the latest and greatest when I couldn't make the original work correctly. The kernel has also been upgraded to the Fedora released 2.6.14.1-1656-FC4- SMP. Our business is primarily imaging and video. A large percentage of our files are over 2 GB with some way over that. Therefore, the only way this could be useful is with very large shared file systems. Here are the issues and my questions: When I try to share this large partition (2.1 TB xfs) and use smbclient to access it, the log records an error which states that the share doesn't exist or can't be accessed The error was access denied. I've made the share mode 0777 just to make sure permissions wouldn't get in the way. If I move the share to an ext3 file system that's smaller than 2 GB it works correctly. Any file system over 2 GB or any size xfs file system produces the error. I haven't even tried to access the shares from a Windows system yet, I'm just using smbclient on the Fedora system. I'm pretty sure I've got the config and permissions right because just changing the share to an ext3 file system under 2 GB works fine. It's maybe a bug in smbclient ? With a windows client, have you this problem ? what says smbclient -L ? The user which try to acces to this share is correcly configured ? I suppose that the answer is YES. So, here's my question(s): 1) Does samba work with xfs file systems? YES, My PDC/File print server use two XFS partition. 2) Does samba work with large file systems (2 GB +)? Yes 3) If the answer to the above is yes, what might I be doing wrong? I haven't been able to find limits documented anywhere. However, I see a great deal of discussion on the web about files over 2 GB along with suggestions that they work fine. This would imply that file systems of over 2 GB must work okay. I've also seen much discussion which would suggest that xfs works fine also. All this discussion seems to indicate that I've got something wrong. I'm just not sure what it is or how to proceed. I have turned samba debugging up and the logs show that the correct user/group is being used and that case is working okay. So, I'm really confused and I sure would appreciate any help. I really need to get this done and I don't like the alternative (Windows Server 2003). Smitty Hibbard T. Smith, JR [EMAIL PROTECTED] - -- Stéphane Purnelle [EMAIL PROTECTED] Site Web : http://www.linuxplusvalue.be -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD5N/O8tswkE3d0ecRAmW0AJ4ggfuZ3KvfHD+tnJCNLx8sUgfNhgCfVrUL Y24RDN1T93CrVKl3DFVdui8= =rKo4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about file system support in Samba
On Sat, 2006-02-04 at 12:00 -0500, Hibbard Smith wrote: I'm a relative newcomer to Samba, but very experienced with computers and linux. I'm attempting to build a file/backup server for a small shop. I'm using Fedora core 4 and samba on a system with a 2.1 TB RAID 50 array formatted as 1 very large xfs partition. I want to share directories (folders) within the partition with a few Windows XP-Pro SP2 systems which are our primary work-stations. Currently I'm running samba-3.0.21b. I started with the 3.0.14 that was released with FC4, but upgraded to the latest and greatest when I couldn't make the original work correctly. The kernel has also been upgraded to the Fedora released 2.6.14.1-1656-FC4-SMP. Our business is primarily imaging and video. A large percentage of our files are over 2 GB with some way over that. Therefore, the only way this could be useful is with very large shared file systems. Here are the issues and my questions: When I try to share this large partition (2.1 TB xfs) and use smbclient to access it, the log records an error which states that the share doesn't exist or can't be accessed The error was access denied. I've made the share mode 0777 just to make sure permissions wouldn't get in the way. If I move the share to an ext3 file system that's smaller than 2 GB it works correctly. Any file system over 2 GB or any size xfs file system produces the error. I haven't even tried to access the shares from a Windows system yet, I'm just using smbclient on the Fedora system. I'm pretty sure I've got the config and permissions right because just changing the share to an ext3 file system under 2 GB works fine. So, here's my question(s): 1) Does samba work with xfs file systems? 2) Does samba work with large file systems (2 GB +)? 3) If the answer to the above is yes, what might I be doing wrong? I haven't been able to find limits documented anywhere. However, I see a great deal of discussion on the web about files over 2 GB along with suggestions that they work fine. This would imply that file systems of over 2 GB must work okay. I've also seen much discussion which would suggest that xfs works fine also. All this discussion seems to indicate that I've got something wrong. I'm just not sure what it is or how to proceed. I have turned samba debugging up and the logs show that the correct user/group is being used and that case is working okay. So, I'm really confused and I sure would appreciate any help. I really need to get this done and I don't like the alternative (Windows Server 2003). I don't use smbclient much at all but am of the belief that smbclient application would use an smbfs type mount and my understanding is that an smbfs mount would error on files 2Gb whereas the cifs mount would not. samba should have no problems with filesystem of that size. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about Samba
On Tue, 2006-01-31 at 10:36 -0600, Steve wrote: Dear Samba Team: I work as a systems engineer in the US for a growing publishing company. I have been charged with doing some research that will allow us to put together an infrastructure for our company. Currently we have a isolated Windows 2003 on AD domain. My manager, for personal and financial reasons would like to avoid having our other locations, across the United States, be Microsoft. The nature of our business has lead most of our users' systems to be Macintosh and we have many server systems that are Linux (Red Hat). We will have over 100 locations all within the states within a year or two. This does seem to be the ideal environment in which to deploy a non-microsoft server solution. With this background you can probably guess my interest in Samba. However, while I'm familiar with Microsoft servers and OS, my knowledge of SMB and CIFS is limited. To converse bandwidth and improve user request/response times we would like to have all authentication done locally, even though we may only have one domain and many OUs or subdomains. One option is to deploy Samba3 backed with OpenLDAP. You could put a replica LDAP server at each site. Having looked and researched your website and reading about your latest release (two days old), it does seem like Samba is working hard to incorporate the AD technology. Since we are not in an immediate hurry at this time we have no experimented with 4.0.0, since you clearly state it's a ways away from being ready for production. We also don't have a replicated solution yet, and if your main clients are Mac and Linux, perhaps the AD areas are not as much a key requirement. Once the bugs are fixed and patched will you believe that Samba would be able to meet our vision of how we would like our network to work. One Microsoft DC running 2003 Active Directory, and many subdomains, or OUs with a Linux box taking care of all local traffic authentication, and file sharing. The Linux box will need to replicate and communicate with the DC running AD. I think this will eventually be possible, and certainly Samba4 is in a better position to do this than Samba3. I realize this may be premature, and not very detailed. This plan is somewhat in a gray area at this time, and we are simply trying to get some preliminary research done. If this is not the correct address or form in which to ask questions of this nature, I do apologize, and if you can respond with the proper address or link to the proper form I would appreciate it very much. In addition any further research material or links regarding your software would be very helpful. Thank you for your time. I certainly hope to create in Samba4 a great centralised logon server for Windows, Mac and Linux clients. However this will take time and, you may wish to look at solutions around Samba3 and a more traditional LDAP+Kerberos setup. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about Samba
Dear Samba Team: I work as a systems engineer in the US for a growing publishing company. I have been charged with doing some research that will allow us to put together an infrastructure for our company. Currently we have a isolated Windows 2003 on AD domain. My manager, for personal and financial reasons would like to avoid having our other locations, across the United States, be Microsoft. The nature of our business has lead most of our users' systems to be Macintosh and we have many server systems that are Linux (Red Hat). We will have over 100 locations all within the states within a year or two. With this background you can probably guess my interest in Samba. However, while I'm familiar with Microsoft servers and OS, my knowledge of SMB and CIFS is limited. To converse bandwidth and improve user request/response times we would like to have all authentication done locally, even though we may only have one domain and many OUs or subdomains. Having looked and researched your website and reading about your latest release (two days old), it does seem like Samba is working hard to incorporate the AD technology. Since we are not in an immediate hurry at this time we have no experimented with 4.0.0, since you clearly state it's a ways away from being ready for production. Once the bugs are fixed and patched will you believe that Samba would be able to meet our vision of how we would like our network to work. One Microsoft DC running 2003 Active Directory, and many subdomains, or OUs with a Linux box taking care of all local traffic authentication, and file sharing. The Linux box will need to replicate and communicate with the DC running AD. I realize this may be premature, and not very detailed. This plan is somewhat in a gray area at this time, and we are simply trying to get some preliminary research done. If this is not the correct address or form in which to ask questions of this nature, I do apologize, and if you can respond with the proper address or link to the proper form I would appreciate it very much. In addition any further research material or links regarding your software would be very helpful. Thank you for your time. Sincerely, Steve Katzen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about Browsing and PDC / BDC
hi, i have a working PDC / BDC setup with both samba v3. my question is related to failover: is the following config right for a correctly configured network browsing and name resolution (especially for clients)? PDC Config: local master = yes preferred master = yes domain master = yes os level = 120 domain logons = yes wins support = yes BDC Config: domain master = auto os level = 65 domain logons = yes if PDC fails, normally BDC should recognize that and become a domain master with this config, right? is there any error in reasoning with wins support = yes and a failing PDC? may be you have some more experience and a 100% working smb.conf regarding browsing (PDC/BDC). thx in advance, greez -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions regarding ADS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | I 've spent the last week troubleshooting a configuration issue regarding | samba not being able to connect to other domains beside the domain of which | it 's a member server (samba 3.0.14a, krb 1.3.6, w2k). | | I have some doubts perhaps someone can answer... | | Suppose this scenario: | | Samba name : SAMBA | Main domain: DOMAINA (domain controller = DCA) | Others domains : DOMAINB, DOMAINC (domain controllers DCB y DCC) | | | 1) When samba tries to connect via kerberos to others | domains, which principal is supposed to use? I 'd think | it is [EMAIL PROTECTED] What I see is that it first connects | via LDAP using this machine account but then tries to connect | via kerberos with [EMAIL PROTECTED] or [EMAIL PROTECTED] Is this | correct or I am not understanding the logfiles correctly? It should be obtaining a service for [EMAIL PROTECTED] That's probably what you are seeing. | 2) Is wbinfo --set-auth-user still needed? I 'm not using | it because I read somewhere that with 3.0+ is not needed | anymore. Generally it is not needed. Certainly not when all the domains are AD and the Samba host is configured with 'security = ads'. | 3) My krb5.conf doesn 't contain any references to | servers. All it contains is dns_lookup_realm=true, | dns_lookup_kdc=true and default_realm=X. Do I | need anything specific or current krb5 can obtain everything | it needs from the DNS? DNS is fine. That's how I run. Make sure that the appropriate SRV records are in DNS though. | 4) Do I need to do the ktpass thing at the windows DC? Nope. It is all handled by the AD trusts. Hope this helps. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCy9eZIR7qMdg1EfYRAqisAJ9rX1cPqnc6nFsiaOrWlzdpySPThgCg5Sr8 WYhFbq5OfcZc37LNf/Nva+U= =ESfW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions regarding ADS
Thanks Jerry, that 's very useful information. The particular problem I am facing is that when samba tries to connect to another domain, kerberos can 't find the principal, as in this example: libads/sasl.c:ads_sasl_spnego_bind(211) ads_sasl_spnego_bind: got server principal name [EMAIL PROTECTED] libsmb/clikrb5.c:ads_krb5_mk_req(389) ads_krb5_mk_req: krb5_get_credentials failed for [EMAIL PROTECTED] (Server not found in Kerberos database) nsswitch/winbindd_ads.c:ads_cached_connection(81) ads_connect for domain SIDERAR failed: Server not found in Kerberos database What I understand is that the principal sarswdc3$ doesn 't exist. If I try to kinit [EMAIL PROTECTED] it consecuentelly fails. The thing I don 't understand is why if I kinit [EMAIL PROTECTED] (note the abscense of the dollar sign) it finds it (I mean, it prompts for a password). Any ideas I can try or anything further I can watch? Best regards, Martin -- Martin arpon Original Message: - From: Gerald (Jerry) Carter [EMAIL PROTECTED] Date: Wed, 06 Jul 2005 08:07:38 -0500 To: [EMAIL PROTECTED], samba@lists.samba.org Subject: Re: [Samba] Questions regarding ADS [EMAIL PROTECTED] wrote: | I 've spent the last week troubleshooting a configuration issue regarding | samba not being able to connect to other domains beside the domain of which | it 's a member server (samba 3.0.14a, krb 1.3.6, w2k). | | I have some doubts perhaps someone can answer... | | Suppose this scenario: | | Samba name : SAMBA | Main domain: DOMAINA (domain controller = DCA) | Others domains : DOMAINB, DOMAINC (domain controllers DCB y DCC) | | | 1) When samba tries to connect via kerberos to others | domains, which principal is supposed to use? I 'd think | it is [EMAIL PROTECTED] What I see is that it first connects | via LDAP using this machine account but then tries to connect | via kerberos with [EMAIL PROTECTED] or [EMAIL PROTECTED] Is this | correct or I am not understanding the logfiles correctly? It should be obtaining a service for [EMAIL PROTECTED] That's probably what you are seeing. | 2) Is wbinfo --set-auth-user still needed? I 'm not using | it because I read somewhere that with 3.0+ is not needed | anymore. Generally it is not needed. Certainly not when all the domains are AD and the Samba host is configured with 'security = ads'. | 3) My krb5.conf doesn 't contain any references to | servers. All it contains is dns_lookup_realm=true, | dns_lookup_kdc=true and default_realm=X. Do I | need anything specific or current krb5 can obtain everything | it needs from the DNS? DNS is fine. That's how I run. Make sure that the appropriate SRV records are in DNS though. | 4) Do I need to do the ktpass thing at the windows DC? Nope. It is all handled by the AD trusts. Hope this helps. cheers, jerry mail2web - Check your email from the web at http://mail2web.com/ . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions regarding ADS
I 've spent the last week troubleshooting a configuration issue regarding samba not being able to connect to other domains beside the domain of which it 's a member server (samba 3.0.14a, krb 1.3.6, w2k). I have some doubts perhaps someone can answer... Suppose this scenario: Samba name : SAMBA Main domain: DOMAINA (domain controller = DCA) Others domains : DOMAINB, DOMAINC (domain controllers DCB y DCC) 1) When samba tries to connect via kerberos to others domains, which principal is supposed to use? I 'd think it is [EMAIL PROTECTED] What I see is that it first connects via LDAP using this machine account but then tries to connect via kerberos with [EMAIL PROTECTED] or [EMAIL PROTECTED] Is this correct or I am not understanding the logfiles correctly? 2) Is wbinfo --set-auth-user still needed? I 'm not using it because I read somewhere that with 3.0+ is not needed anymore. 3) My krb5.conf doesn 't contain any references to servers. All it contains is dns_lookup_realm=true, dns_lookup_kdc=true and default_realm=X. Do I need anything specific or current krb5 can obtain everything it needs from the DNS? 4) Do I need to do the ktpass thing at the windows DC? Documentation doesn 't say I should, but I keep reading in the web examples of importing the data into the keytab. Thanks. I 've already posted some days my log files trying to find some specific help but probable my post was too unnecesary complicated. Perhaps if anyone can answer this more-generic questions I can advance a step in the resolution of the problem. Regards, Martin mail2web - Check your email from the web at http://mail2web.com/ . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about 3.0.12rc1
Hello! Before this post, i'm send 3 problems in 3.0.11 I'm compiled 3.0.12rc1 and found next: 1) Settings primary group problem solved, but question to developer You append to mapping.c in smb_set_primary_group ret = smbrun(add_script,NULL); flush_pwnam_cache(); But not check ret code .if my script exit in code != 0, i'm change primary group ... ( script set primary group still needed ? ) 2) Next in this code is winbind, but debug message string have code DEBUG(3,(smb_delete_group: You use copy/paste ;) This is affect in function: smb_add_user_group,smb_delete_user_group smb_add_user_group have bug if ( winbind_add_user_to_group( unix_user, unix_group ) ) { DEBUG(3,(smb_delete_group: winbindd added user (%s) to the group (%s)\n, unix_user, unix_group)); return -1; ^^ needed return 0; } 3) I'm analized problems 1 ( user who not have privileges add machine account ) In function _samr_create_user ( srv_samr_nt.c ) you have code: if ( can_add_account ) become_root(); And if user not have privileges(user|machine) you MAY CREATE USER ( posix account or machine account ) through SCRIPT :( I'm change code to: if ( can_add_account == False ) { return NT_STATUS_ACCESS_DENIED; } it's fixed problem I'm do simple test and is work correct, ... but i'm do not full test. and I want to apologize for my english, well .. you understand ;) Sergey Loskutov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about 3.0.12rc1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sergey Loskutov wrote: | Hello! | | Before this post, i'm send 3 problems in 3.0.11 | I'm compiled 3.0.12rc1 and found next: | | 1) Settings primary group problem solved, but question to developer |You append to mapping.c in smb_set_primary_group |ret = smbrun(add_script,NULL); |flush_pwnam_cache(); | | But not check ret code .if my script exit in code != 0, i'm change | primary group ... ( script set primary group still needed ? ) It's just flushing the internal pwnam cache. Semantically this is ok. Probably not optimal. I'll look at it later. | 2) Next in this code is winbind, but debug message string have code | DEBUG(3,(smb_delete_group: | | You use copy/paste ;) | | This is affect in function: smb_add_user_group,smb_delete_user_group | | smb_add_user_group have bug | | if ( winbind_add_user_to_group( unix_user, unix_group ) ) { | DEBUG(3,(smb_delete_group: winbindd added user (%s) to the group | (%s)\n, | unix_user, unix_group)); | return -1; | ^^ | needed return 0; | | } The 'winbind local accounts' code is deprecated at this point. So this code will eventually be removed anyways. However, I'll clean up the debug messages and check return codes before the final 3.0.12. | 3) I'm analized problems 1 | ( user who not have privileges add machine account ) | | In function _samr_create_user ( srv_samr_nt.c ) you have code: | | if ( can_add_account ) | become_root(); | | And if user not have privileges(user|machine) you MAY CREATE USER ( | posix account or machine account ) through SCRIPT :( | | I'm change code to: | | if ( can_add_account == False ) { | return NT_STATUS_ACCESS_DENIED; | } | it's fixed problem | I'm do simple test and is work correct, ... but i'm do | not full test. I've thought about this before. The problem is actually that your 'add user script' can be run successfully as a non-root user. A simple 'chmod 700 script; chown root script' will solve this. I'll look at it some more but this is not a pressing issue I don't think. smbd is not doing anything that the normal user couldn't do anyways. And your fix doesn't cover all the possible scenarios (e.g. root user with no assigned privileges should still be able to join clients to the domain). Thanks for the feedback. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCNaHJIR7qMdg1EfYRAgFkAJ9RYuBYrAJkidjOAg7M3ffe/bNo1ACgkV2e AoI7f/tiRTxysi6x8wSQmPY= =Rgb4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about 3.0.12rc1
Gerald (Jerry) Carter write: Sergey Loskutov wrote: | Hello! | | Before this post, i'm send 3 problems in 3.0.11 | I'm compiled 3.0.12rc1 and found next: | | 1) Settings primary group problem solved, but question to developer |You append to mapping.c in smb_set_primary_group |ret = smbrun(add_script,NULL); |flush_pwnam_cache(); | | But not check ret code .if my script exit in code != 0, i'm change | primary group ... ( script set primary group still needed ? ) It's just flushing the internal pwnam cache. Semantically this is ok. Probably not optimal. I'll look at it later. I'm know that you flushing the cache... but thank you | 3) I'm analized problems 1 | ( user who not have privileges add machine account ) | | In function _samr_create_user ( srv_samr_nt.c ) you have code: | | if ( can_add_account ) | become_root(); | | And if user not have privileges(user|machine) you MAY CREATE USER ( | posix account or machine account ) through SCRIPT :( | | I'm change code to: | | if ( can_add_account == False ) { | return NT_STATUS_ACCESS_DENIED; | } | it's fixed problem | I'm do simple test and is work correct, ... but i'm do | not full test. I've thought about this before. The problem is actually that your 'add user script' can be run successfully as a non-root user. A simple 'chmod 700 script; chown root script' will solve this. I'll look at it some more but this is not a pressing issue I don't think. smbd is not doing anything that the normal user couldn't do anyways. And your fix doesn't cover all the possible scenarios (e.g. root user with no assigned privileges should still be able to join clients to the domain). NO NO NO settings chmod or chown . Why need privileges ? :) I'm want settings privileges add machine to user, who not members in root Sample :) chmod 770 script; chown root.smart man script; Look good :) User: John ( member in smart man ) User: Leon ( member in smart man ) I want give privileges for John, but not for Leon ... :) Why i must use setfacl|getfacl . i'm have privileges . you decision ... bad And anyway user who have uidNumber == 0 and not having privileges, not able join machine and users ;) i'm checked this before send code. And why i'm permit execute script if code semantic not allowed use ldap not member in root ? Check you ldap code ;) Thanks you help ! Sergey Loskutov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions on build farm
Hi all, I've been looking at the samba build farm code and hope you can help with a couple questions... First, is the build_farm code usable under an open source license? Second, does the build_farm currently run any network tests between a client and server on separate machines? Thanks, Bryce -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions on build farm
On Fri, 2005-02-11 at 14:03 -0800, Bryce Harrington wrote: Hi all, I've been looking at the samba build farm code and hope you can help with a couple questions... First, is the build_farm code usable under an open source license? I think most of it is tagged GPL. It is all in subversion - http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/?root=build-farm Let me know if there is anything you can't find a valid licence for, it's probably just been overlooked. Second, does the build_farm currently run any network tests between a client and server on separate machines? No, we avoid this to reduce the security impact of a build farm installation on those who supply machines to us. All tests are done on localhost, in such a way that other processes cannot interfere with the tests. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions on build farm
On Sat, 12 Feb 2005, Andrew Bartlett wrote: On Fri, 2005-02-11 at 14:03 -0800, Bryce Harrington wrote: Hi all, I've been looking at the samba build farm code and hope you can help with a couple questions... First, is the build_farm code usable under an open source license? I think most of it is tagged GPL. It is all in subversion - http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/?root=build-farm Let me know if there is anything you can't find a valid licence for, it's probably just been overlooked. Ok great, yeah I was just looking in the directory at http://www.samba.org/ftp/unpacked/build_farm/ but didn't spot a license file so figured I should ask. I did notice that the scripts under /web have Perl GPL/Artistic boilerplate. Second, does the build_farm currently run any network tests between a client and server on separate machines? No, we avoid this to reduce the security impact of a build farm installation on those who supply machines to us. All tests are done on localhost, in such a way that other processes cannot interfere with the tests. Ok, gotcha. Thanks for the quick reply! Bryce -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about %a macro - Documentation bug.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I know that %a is for architecture. Either Samba, Windows XP, Windows 2K, Windows For Workgroups or Windows 95. I also know that %a will return WinXP when the client architecture is Windows XP. I know this because all of my current boxes are XP Pro boxes and testing it is pretty easy if you have a box of that type available. Problem is that I need to work on a backup plan for all architectures but I don't know what exactly the system will use for architectures other than WinXP. So... Will it be Win2000 or Win2K? What about Windows for Workgroups? Will it be WFW or Win3.11? Samba or smb? Etc. etc. Jim C. - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCBuCf57L0B7uXm9oRAp3+AJ0VBUj8zInpTsOaXZ+gAmaDNh9EZQCfVPjz ELENWe9bvRahT2/y6ZLzaC4= =V+nI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions to share right's
Hi all, I have here following, RHEL clone, Samba 3.09x + Winbind, 2 NT4 domains (trustet) Questions in addition: It concerns the Share [Install]. Why can a user, who does not a member in write list is, nevertheless files and Directorys create?? What do I understand here wrongly? Thx Stefan With the following configuration: [global] unix charset = ISO8859-15 display charset = ISO8859-15 workgroup = FELTEN1 server string = Linux-Fileserver-SFE002 interfaces = 192.168.1.35/24 security = DOMAIN password server = 192.168.1.51 log level = 1 log file = /var/log/samba/%m.log max log size = 50 name resolve order = wins lmhosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 32 local master = No dns proxy = No wins server = 192.168.1.51 kernel oplocks = No ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template homedir = /daten/Home privat/%D/%U template shell = /bin/bash winbind separator = + winbind cache time = 15 winbind enable local accounts = Yes winbind use default domain = Yes admin users = administrator, backup cups options = raw #vscan-clamav:config-file = /etc/samba/vscan-clamav.conf #vfs objects = vscan-clamav [homes] comment = ~~~ privates Homeverzeichnis~~~ path = %H read only = No create mask = 0700 directory mask = 0700 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [Install] comment = Install valid users = @DACSYS1+Domänen-Benutzer,@Domänen-Benutzer writeable = yes create mode = 0664 write list = @DACSYS1+Install_Serrig,@Install_Serrig path = /daten/Install directory mode = 0775 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] General Samba Questions
On Wed, 2005-01-05 at 23:21 -0500, [EMAIL PROTECTED] wrote: Hi, We've been having lots of issues with our Linux based Samba servers since the Windows domains have migrated to AD. We were hoping and expecting that, at least in the short term, we could run in mixed mode and not have to make any changes to our Samba servers. However, things just aren't working well. Also, I've posted several issues to this list over the last several weeks and many of the issues I've encountered have gone unresolved. So, the question(s) I have is what is the recommended/suggested Samba version and configuration we should consider deploying in an infrastructure running with Windows 2003 servers and AD? We are running primarily RedHat 9 and RedHat ES 30 and a majority of our Samba servers are currently running 3.0.7 with some running 2.2.7a, (both of which are RedHat's distributions). We've had all kinds of problems varying from intermittent password server not available issues, to smbd locking up and most recently having problems changing a server from server to domain security style. Interestingly, (or maybe not), none of these problems existed prior to the AD upgrades I'm considering making an effort to go full ads mode on the samba servers, however, I've also seen that others have had issues doing this. I'm open to suggestions. You must make sure you use MIT Kerberos v1.3.4+ (1.3.[0|1|2|3] seemed intermittent to me). Winbind... this is the pivotal piece that needs to work properly. If everything else fails except winbind, thats a wonderful start. If everything works except for winbind, that will be an uphill battle, at least it has been for me doing remote samba installs where I have to rely on others to fix W2K3 domains and perms and such. Most of the time they fudge it up... or don't really trust Samba due to it being Shareware (yes I know it isn't) Work on getting a simple test environ (if possible) and try Samba in full ADS mode. (no mixed mode) Hammer it and make it work. Then apply your knowledge to a limited production server. The deploy once all the issues are resolved. I also want to heavily suggest samba 3.0.8 or after... really 3.0.10 as of now. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] General Samba Questions
John, Just last month we setup a AD network with Samba 3.0.10 on Solaris 8 9 and it worked the first time! I didn't have anything to do with setting up AD but I was responsible for samba. I installed the MIT Kerberos 1.3.5 libraries, built Samba 3.0.10 with --with-ads. Worked excellantly :-)) spike [EMAIL PROTECTED] wrote: Hi, We've been having lots of issues with our Linux based Samba servers since the Windows domains have migrated to AD. We were hoping and expecting that, at least in the short term, we could run in mixed mode and not have to make any changes to our Samba servers. However, things just aren't working well. Also, I've posted several issues to this list over the last several weeks and many of the issues I've encountered have gone unresolved. So, the question(s) I have is what is the recommended/suggested Samba version and configuration we should consider deploying in an infrastructure running with Windows 2003 servers and AD? We are running primarily RedHat 9 and RedHat ES 30 and a majority of our Samba servers are currently running 3.0.7 with some running 2.2.7a, (both of which are RedHat's distributions). We've had all kinds of problems varying from intermittent password server not available issues, to smbd locking up and most recently having problems changing a server from server to domain security style. Interestingly, (or maybe not), none of these problems existed prior to the AD upgrades I'm considering making an effort to go full ads mode on the samba servers, however, I've also seen that others have had issues doing this. I'm open to suggestions. Thanks, -John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] General Samba Questions
Hi, We've been having lots of issues with our Linux based Samba servers since the Windows domains have migrated to AD. We were hoping and expecting that, at least in the short term, we could run in mixed mode and not have to make any changes to our Samba servers. However, things just aren't working well. Also, I've posted several issues to this list over the last several weeks and many of the issues I've encountered have gone unresolved. So, the question(s) I have is what is the recommended/suggested Samba version and configuration we should consider deploying in an infrastructure running with Windows 2003 servers and AD? We are running primarily RedHat 9 and RedHat ES 30 and a majority of our Samba servers are currently running 3.0.7 with some running 2.2.7a, (both of which are RedHat's distributions). We've had all kinds of problems varying from intermittent password server not available issues, to smbd locking up and most recently having problems changing a server from server to domain security style. Interestingly, (or maybe not), none of these problems existed prior to the AD upgrades I'm considering making an effort to go full ads mode on the samba servers, however, I've also seen that others have had issues doing this. I'm open to suggestions. Thanks, -John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about Domain Member server
Hi list, I have a couple of questions regarding Samba being a Domain Member of a Samba PDC and BDC. Situation: 3 servers, running Solaris 9 and Samba 3.0.7. The Solaris machines are LDAP clients (getpwent fetches info from LDAP). The Samba domain is called 'ALW'. Machine 1: PDC + LDAP master(PDC1) Machine 2: BDC + LDAP slave (BDC1) Machine 3: Domain Member server (FS1) A Windows XP client, joined to the domain, can be used to log on to the domain. This works without problems. Files created on the shares of the PDC and BDC are owned by users/groups 'ALW\username' and 'ALW\groupname'. The Domain Member server is joined to the ALW domain, which is confirmed to be OK by the 'net rpc testjoin' command. Shares on the FS1 server can be browsed. When creating files however, the files are owned by the users/groups 'FS1\username' and 'FS1\groupname'. I would expect the same ownership as the files created on the PDC and BDC. Why is this FS1\... on the Domain Member server? Besides the above problem, I cannot explain entirely why this line appears in the logs: -- [2004/11/17 11:08:57, 1] lib/smbldap.c:add_new_domain_info(1289) failed to add domain dn= sambaDomainName=FS1,dc=falw,dc=vu,dc=nl with: Insufficient access no write access to parent [2004/11/17 11:08:57, 0] lib/smbldap.c:smbldap_search_domain_info(1338) Adding domain info for FS1 failed with NT_STATUS_UNSUCCESSFUL -- I do understand why this fails; the LDAP bind dn of Samba does not have the rights to add this information. The thing I don't understand is why Samba wants to add info to LDAP about the domain 'FS1', while the domain the server joined is 'ALW'. In the logs of the LDAP server, I see queries for uid 'alwremy', when I mount shares on the FS1 server as user 'remy'. These queries are a result of the Solaris system 'getpwent' call, as I can tell from the bind-dn. To summarise: - Why is the ownership of files created on the Domain Member server SERVERNAME\username instead of DOMAINNAME\username ? - Why does Samba want to add info about the 'FS1' domain in LDAP? - Why does Samba perform a getpwent call with the Samba domainname and the username merged together? Best regards, Remy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Questions on VFS modules (audit)
Hello, I'm configuring Samba 3.0.6 on Debian stable, after using version 2.2.8a for a while. I have some questions on VFS modules, which could be summed up into a single big question: is there any documentation about them, other than the few paragaphs in the official howto? Now for the single questions: 1. audit: its output goes into syslog, no options to change this, right? And also no options to only record some specific actions, right? Due to the way Windows clients access files, I see lots of useless lines cluttering syslog. 2. extd_audit: same as audit, but it ALSO outputs to Samba logs. Can't the output to syslog be deactivated here? Also, I read it has a configurable parameter, a log level; what's the syntax for this parameter? The howto does not explain it. 3. In my installation I can see more modules, not mentioned at all in the howto: cap.so default_quota.so expand_msdfs.so full_audit.so readonly.so What's their use? Of course, I'm particularly interested in full_audit. Its source code (seen downloading the samba tarball) contains some limited docs, e.g. it does not list all possible options for its parameters. But, most of all, if I try using it in smb.conf my samba won't run at all, reporting errors with full_audit.so. Sorry that I can't show you the error log now, I currently do not have access to that machine. Thanks in advance for any info. -- Ciao, Marco. ...Hergest Ridge, Mike Oldfield 1974 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Questions on NT4 vs ADS Domains and Samba
I have a situation at work where we need to migrate our NT4 domain into a native ADS domain. However, we have some applications which need to be integrated with this which do not support Samba 3 at the moment (ie. ClearCase). Would it be possible to run Samba 2.2.8 on our ClearCase (UNIX) server, and specify USER authentication with the SERVER entry pointing to a Samba3 machine which is a member of the ADS domain? In other words, can I use a SAMBA3 machine as an authentication proxy for clients using the NT4 authentication protocol? Thanks, Wolf Paul -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about smb_mount
Hello samba list. We have a Windows 2003 Server with a share called users where Windows users store there files (H:) :) We have a several FreeBSD and MacOS X based Computers here. It have wold be very nice to have same home directory for both windows and Unix. so /home/tomten wold be tomtens home directory (:H) in windows. When Im running smb_mount command, it asks me for a password for a specific user I have specified in the smb_mount command. And when Im mounting the windows share as this user, I can see all users home directories with wrong permissions becaus I gave the user name and password when Im mounted the smb share. So my question is. Is there a way to set up this? So every user account have right permissions to the home directory? Have anyone done this? And is it a HOWTO somewhere out there? I know there is a SFU 3.5 for windows out there, but it wold be very nice to use Samba and maybe kerberos that is already there. /regards Olle Hansosn Olle Hansson. System Administrator Dept. of Medical Epidemiology and Biostatistics Karolinska Institutet Nobels Väg 12A 17177 Stockholm Phone: +46852483980 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Questions about smb_mount
Olle, Here is a link to the documents section of the Sweden Samba mirror. You will find a link to the current HOWTO there: http://se.samba.org/samba/docs/ Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS -Original Message- From: Olle Hansson [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 11:09 AM To: [EMAIL PROTECTED] Subject: [Samba] Questions about smb_mount Hello samba list. We have a Windows 2003 Server with a share called users where Windows users store there files (H:) :) We have a several FreeBSD and MacOS X based Computers here. It have wold be very nice to have same home directory for both windows and Unix. so /home/tomten wold be tomtens home directory (:H) in windows. When Im running smb_mount command, it asks me for a password for a specific user I have specified in the smb_mount command. And when Im mounting the windows share as this user, I can see all users home directories with wrong permissions becaus I gave the user name and password when Im mounted the smb share. So my question is. Is there a way to set up this? So every user account have right permissions to the home directory? Have anyone done this? And is it a HOWTO somewhere out there? I know there is a SFU 3.5 for windows out there, but it wold be very nice to use Samba and maybe kerberos that is already there. /regards Olle Hansosn Olle Hansson. System Administrator Dept. of Medical Epidemiology and Biostatistics Karolinska Institutet Nobels Väg 12A 17177 Stockholm Phone: +46852483980 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba _ This message was content-scanned by IXC Shield Powered by GatewayDefender - BG08a0ca18.0001.mml -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] questions regarding SAMBA and Windows Terminal Server
I currently have a debian web server, Win2k Exchange server as a PDC, and a Win2k Terminal Server. I want to get rid of exchange and I am looking at putting openldap on the Debian box with email. If I did this I would want to get the Win2k TS to authenticate to the Debian openldap box. If I set up SAMBA could I get it to do so? I want only one place to manage user accounts and since I have to have them on the Debian machine to get the email accounts I am hoping SAMBA can help me with TS authentication. I can't seem to find much information on this however. I would also wonder if anyone has gotten it to work with Win2k3 TS. Eventually I will be upgrading the server. If not is there any way anyone knows of to drop exchange, use a second machine as Windows PDC to authenticate the TS to, but replicate that information to SAMBA as a secondary DC? That way I could still manage my user accounts on the openldap on the Debian machine and just get the accounts replicated up to the PDC running Windows? Thanks for any info and advice you can offer in this situation. Rick Harding -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] questions regarding SAMBA and Windows Terminal Server
On Sat, 2004-01-31 at 01:50, Richard Harding wrote: I currently have a debian web server, Win2k Exchange server as a PDC, and a Win2k Terminal Server. I want to get rid of exchange and I am looking at putting openldap on the Debian box with email. If I did this I would want to get the Win2k TS to authenticate to the Debian openldap box. If I set up SAMBA could I get it to do so? I want only one place to manage user accounts and since I have to have them on the Debian machine to get the email accounts I am hoping SAMBA can help me with TS authentication. I can't seem to find much information on this however. Terminal server operates much like any other domain member, with a few extra things that it stores. This information is handled correctly in Samba 3.0.1, but I would suggest running 3.0.2rc1. I would also wonder if anyone has gotten it to work with Win2k3 TS. Eventually I will be upgrading the server. http://swflug.org/modules.php?name=Downloadsd_op=viewdownloadcid=4 I would also suggest you read HP's paper above. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba