[no subject]
UNSUBSCRIBE * ana...@aol.com
Re: [Samba] (no subject)
Le 28/09/2013 01:15, Jim Jenkins a écrit : Hey Gang, I'm stuck near the end of installing Samba 4 on a Debian Wheezy machine. I'm trying to connect to a Win2k AD. Basically I can't get getent passwd to show domain accounts. I also can't access shares using my credentials. What did I forget?! Here is what works: sudo net ads join -U DOMAINADMIN wbinfo -g //shows domain groups! wbinfo -u //shows domain users! I have setup symlinks from */lib/i386-linux-gnu/libnss_winbind.so* to * /lib/i386-linux-gnu/libnss_winbind.so if you did compile samba4, then the correct libnss_winbind.so library is located at /usr/local/samba/lib/libnss_winbind.so.2 (cf. http://wiki.samba.org/index.php/Samba4/Winbind#Using_libnss_winbind) if you used the samba4 (4.0.0~beta2+dfsg1-3.2) package from debian repository, then you'd better go for the compiled version. The package in wheezy repository are quite old. * *smb.conf [global] workgroup = DOMAIN realm = DOMAIN.COM server string = %h server security = ADS map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . I guess most of those lines are not needed if you are using AD authentication I guess. unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 idmap config SHORTDOMAINNAME:range = 500-4 idmap config SHORTDOMAINNAME:schema_mode = rfc2307 idmap config SHORTDOMAINNAME:backend = ad idmap config *:range = 70001-8 idmap config * : backend = tdb store dos attributes = Yes * *Besides getent passwd failing to show domain accounts, I get this when I attempt to authenticate via a SMB client. [2013/09/27 19:03:28.678145, 3] ../auth/ntlmssp/ntlmssp_server.c:358(ntlmssp_server_preauth) Got user=[TestUser] domain=[DOMAIN] workstation=[BADASS] len1=24 len2=154 . . [2013/09/27 19:03:28.681267, 3] ../source3/auth/auth.c:177(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user samba is complaining of unmapped user, this should go away once libnss is proprely configured Cheers, Denis [**DOMAIN]\[TestUser]@[BADASS] with the new password interface [2013/09/27 19:03:28.681359, 3] ../source3/auth/auth.c:180(auth_check_ntlm_password) check_ntlm_password: mapped user is: [**DOMAIN]\[**TestUser]@[BADASS] [2013/09/27 19:03:28.691085, 3] ../source3/auth/auth_util.c:1247(check_account) Failed to find authenticated user **DOMAIN+jjenkins via getpwnam(), denying access. [2013/09/27 19:03:28.691235, 2] ../source3/auth/auth.c:288(auth_check_ntlm_password) check_ntlm_password: Authentication for user [jjenkins] - [**TestUser] FAILED with error NT_STATUS_NO_SUCH_USER [2013/09/27 19:03:28.691354, 3] ../source3/auth/auth_util.c:1593(do_map_to_guest_server_info) No such user jjenkins [**DOMAIN] - using guest account * -- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Hey Gang, I'm stuck near the end of installing Samba 4 on a Debian Wheezy machine. I'm trying to connect to a Win2k AD. Basically I can't get getent passwd to show domain accounts. I also can't access shares using my credentials. What did I forget?! Here is what works: sudo net ads join -U DOMAINADMIN wbinfo -g //shows domain groups! wbinfo -u //shows domain users! I have setup symlinks from */lib/i386-linux-gnu/libnss_winbind.so* to * /lib/i386-linux-gnu/libnss_winbind.so * *smb.conf [global] workgroup = DOMAIN realm = DOMAIN.COM server string = %h server security = ADS map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 idmap config SHORTDOMAINNAME:range = 500-4 idmap config SHORTDOMAINNAME:schema_mode = rfc2307 idmap config SHORTDOMAINNAME:backend = ad idmap config *:range = 70001-8 idmap config * : backend = tdb store dos attributes = Yes * *Besides getent passwd failing to show domain accounts, I get this when I attempt to authenticate via a SMB client. [2013/09/27 19:03:28.678145, 3] ../auth/ntlmssp/ntlmssp_server.c:358(ntlmssp_server_preauth) Got user=[TestUser] domain=[DOMAIN] workstation=[BADASS] len1=24 len2=154 . . [2013/09/27 19:03:28.681267, 3] ../source3/auth/auth.c:177(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user [**DOMAIN]\[TestUser]@[BADASS] with the new password interface [2013/09/27 19:03:28.681359, 3] ../source3/auth/auth.c:180(auth_check_ntlm_password) check_ntlm_password: mapped user is: [**DOMAIN]\[**TestUser]@[BADASS] [2013/09/27 19:03:28.691085, 3] ../source3/auth/auth_util.c:1247(check_account) Failed to find authenticated user **DOMAIN+jjenkins via getpwnam(), denying access. [2013/09/27 19:03:28.691235, 2] ../source3/auth/auth.c:288(auth_check_ntlm_password) check_ntlm_password: Authentication for user [jjenkins] - [**TestUser] FAILED with error NT_STATUS_NO_SUCH_USER [2013/09/27 19:03:28.691354, 3] ../source3/auth/auth_util.c:1593(do_map_to_guest_server_info) No such user jjenkins [**DOMAIN] - using guest account * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
Andrew Bartlett abartlet at samba.org writes: Where is ldap.h on your system. It may be enough to just specify CFLAGS=-I/usr/local/openldap/include ./configure (if that is where ldap.h is). If we have found ldap.h, it will be added to those tests. I'm using a dedicated openldap installation located in the samba destination directory (openldap ./configure prefix is the same as samba ./configure prefix) Also, as I've alway done for configure env variables, for includes switches, I'm not using CFLAGS but CPPLAGS. (which BTW contains the required -I switch pointing to ldap headers directory) Is this not correct? Note that with the following fix to .source3/wscript the check is successfull, replaced conf.CHECK_FUNCS_IN('ldap_init ldap_init_fd ldap_initialize ldap_set_rebind_proc', 'ldap') conf.CHECK_FUNCS_IN('ldap_add_result_entry', 'ldap') by conf.CHECK_FUNCS_IN('ldap_init ldap_init_fd ldap_initialize ldap_set_rebind_proc', 'ldap', headers='ldap.h lber.h') conf.CHECK_FUNCS_IN('ldap_add_result_entry', 'ldap', headers='ldap.h') -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
hagaiy hagai yaffe . I'll turn over a new leaf. -- Miguel de Cervantes % -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
I had a test environment with a few hundreds of users using Windows 7 under a samba 3 domain. They had the registry tweaks required to join a samba 3 domain. I followed the classicupgrade migration to samba 4 and everything seemed to be ok. In my scenario I have a DNS server different from the samba server, and the DNS server forwards all queries to my samba domain to the samba server. The samba server is also acting as a NTP server, and the option ntp-servers on DHCP is specified. Some users see a pop-up requesting to log off and log in again - with a windows need your credentials message. Moreover, they seem to not have any kerberos ticket - running a klist shows no active tickets; and they do not have the time synchronized and sometimes they see a message regarding the time mismatch. We tried to set up a NTP time using GPOs without luck. Looking at the samba logs doesn't give a clue - just some errors which may be normal. Any hint to look at or any configuration/misconfiguration? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Hello list Iam add a server as BDC with samba4, my PDC samba 4 too, I read the how to and everything ok, but but give me this error Partition[DC=eccmg,DC=cupet,DC=cu] objects[11735/15277] linked_values[0/0] Partition[DC=eccmg,DC=cupet,DC=cu] objects[12137/15277] linked_values[0/0] Partition[DC=eccmg,DC=cupet,DC=cu] objects[12539/15277] linked_values[0/0] Partition[DC=eccmg,DC=cupet,DC=cu] objects[12941/15277] linked_values[0/0] Partition[DC=eccmg,DC=cupet,DC=cu] objects[13343/15277] linked_values[0/0] Partition[DC=eccmg,DC=cupet,DC=cu] objects[13745/15277] linked_values[0/0] Partition[DC=eccmg,DC=cupet,DC=cu] objects[14147/15277] linked_values[0/0] Partition[DC=eccmg,DC=cupet,DC=cu] objects[14549/15277] linked_values[0/0] Partition[DC=eccmg,DC=cupet,DC=cu] objects[14951/15277] linked_values[0/0] Partition[DC=eccmg,DC=cupet,DC=cu] objects[15353/15277] linked_values[255/0] Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=eccmg,DC=cupet,DC=cu Partition[DC=DomainDnsZones,DC=eccmg,DC=cupet,DC=cu] objects[399/399] linked_values[0/0] Refusing to replicate DC=4\0ADEL:169f9b66-aeb6-4753-bba7-e27a96f0c3f5,CN=Deleted Objects,DC=DomainDnsZones,DC=eccmg,DC=cupet,DC=cu from a read-only repilca into a read-write replica! Failed to convert object DC=4\0ADEL:169f9b66-aeb6-4753-bba7-e27a96f0c3f5,CN=Deleted Objects,DC=DomainDnsZones,DC=eccmg,DC=cupet,DC=cu: WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA Failed to convert objects: WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA Join failed - cleaning up checking sAMAccountName Deleted CN=OKA,OU=Domain Controllers,DC=eccmg,DC=cupet,DC=cu Deleted CN=NTDS Settings,CN=OKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=eccmg,DC=cupet,DC=cu Deleted CN=OKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=eccmg,DC=cupet,DC=cu ERROR(type 'exceptions.TypeError'): uncaught exception - Failed to process chunk: NT code 0xc0002111 File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.6/site-packages/samba/join.py, line 1104, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.6/site-packages/samba/join.py, line 1009, in do_join ctx.join_replicate() File /usr/local/samba/lib/python2.6/site-packages/samba/join.py, line 756, in join_replicate replica_flags=ctx.replica_flags) File /usr/local/samba/lib/python2.6/site-packages/samba/drs_utils.py, line 252, in replicate schema=schema, req_level=req_level, req=req) Somebody can helpme? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Hi, Actually I am working on a project in which we are migrating from 3.x to 4, so Please tell me the difference in versions and also give me information that how we can use active directory of 4.0 effectively as we are having CIFS and Kerberos feature in 3.x, And how this active directory can be helpful in our implementation. And I am also having a question as we are using 3.x so only because of active directory in 4.0 we should migrate from 3.x to 4.0 or is it having some more additional features that can be useful in future. Please reply as soon as possible. Nirmit Kansal ~~Disclaimer~~~ Information contained and transmitted by this e-mail is confidential and proprietary to iGATE and its affiliates and is intended for use only by the recipient. If you are not the intended recipient, you are hereby notified that any dissemination, distribution, copying or use of this e-mail is strictly prohibited and you are requested to delete this e-mail immediately and notify the originator or mailad...@igate.com mailto:mailad...@igate.com. iGATE does not enter into any agreement with any party by e-mail. Any views expressed by an individual do not necessarily reflect the view of iGATE. iGATE is not responsible for the consequences of any actions taken on the basis of information provided, through this email. The contents of an attachment to this e-mail may contain software viruses, which could damage your own computer system. While iGATE has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage which you sustain as a result of software viruses. You should carry out your own virus checks before opening an attachment. To know more about iGATE please visit www.igate.com http://www.igate.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Hello, perhaps fixing the problem mentioned by my colleague, please see the attached patch to samba-tool. It adds an option to create a UID/SID mapping when creating a user, replacing the ldbedit step in https://wiki.samba.org/index.php/Samba4/HOWTO#Step_1:_Adding_Users_into_Samba_4_Active_Directory by samba-tool create user alice --match-unix-uid --unix-uid 12345 I guess using samba-tool this way will not work on a remote server since using IDmapDB needs access to the local ldb files. Also, perhaps some similar mechanism for groups should be implemented. Ciao, Alexander Wuerstlein. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Subject: samba 3.6.6: unstable network behaviour on win7 clients + segfault in smbstatus
Dear list, I'm experiencing some severe problems on three independent standalone samba file servers: 1. Strange behaviour on Windows 7 Clients - sometimes users can't delete files or folders - Samba would delete the files (they're gone off the filesystem) but still show them in the explorer with a zero filesize, throwing a 'permission denied' message if one would try to delete them a second time - a workaround for this seems to be to MOVE the files to the desktop instead and then delete them locally?! - when some heavy program (i.e. AutoCAD) attempts to save a document it starts a series of file operations (create temp, rename, rename, delete) it often wouldn't succeed the first but the second or third time you press the 'Save' button (error 'can't save .dwg file. save as .tmp!') 2. 'smbstatus' on the server quits with a segmentation fault when trying to list the locked files. it wouldn't do that if there are no or just a few files open. But as soon as there is enough traffic it does so very reliable: $tail /var/log/messages ... Aug 1 08:52:36 data kernel: [47608.306972] smbstatus[5331]: segfault at 7f808615a2c0 ip 7f807f2244cf sp 7fff5c4697b8 error 4 in *libc-2.13.so*[7f807f10d000+17d000] - it sounds like a network problem (like some kind of timeout maybe) but its reproducable on three different servers in three different offices on three different hardware setups, some pure gigabit networks, some mixed (but all same software). the biggest office has the most problems though. - it seems that smbstatus' segfault and the weird network behaviour depend on each other - I haven't seen any of the errors alone - I tested the memory and the CPU without error and any other application on the servers behaves normally - the system run succesfully for over six months, before the error started to appear - deleting the SAMBA cache didn't seem to change anything - it doesn't depend on a recent switch of kernel versions - same behaviour on 3.1.0-1 to 3.2.0-3 I tried to raise the loglevel (= 5) to watch one of those fileoperations fail, but its a lot of output that seems mostly normal to me. there're some 'file not found' messages though: [2012/07/31 18:33:25.609210, 5] smbd/open.c:1690(open_file_ntcreate) open_file_ntcreate: FILE_OPEN requested for file Temp/27_test.dwk and file doesn't exist. I'm not sure if its related but if I see the address of smbstatus' segfault and then read the strace output of one of those smbd processes it fails to query, I see a lot of failed readv system calls that point to a very nearby address: readv(10, 0x7fb6d80ca960, 1)= -1 EAGAIN (Resource temporarily unavailable) This error (if it is one) appears very often in the strace output, sometimes every 15 to 20 lines (which adds to a lot!) I couldn't really find out if its the same block though as I don't know how to determine which process occupies a given memory address (searching through the/proc/ID/maps output seemed rather cumbersome - I'm sure there is a better way..) I really doubt its a bug in 'libc', but maybe there is a wrong pointer reference in whereever this system call is triggered? At least to me those mistakes slip easy of the pen and the error code seems reasonable. The samba server depends on an awful lot of libraries and I'm definitely not skilled enough to debug it by myself. Its quite hard to track down and I didn't want to open up a bugreport without asking for help first. Especially as I think IF it was a bug the internet should be full of posts about it already.. Many thanks in advance. If you need more information please let me know. Paul -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages samba depends on: ii adduser3.113+nmu3 ii debconf [debconf-2.0] 1.5.44 ii dpkg 1.16.4.3 ii libacl12.2.51-8 ii libattr1 1:2.4.46-8 ii libc6 2.13-33 ii libcap21:2.22-1 ii libcomerr2 1.42.4-3 ii libcups2 1.5.3-1 ii libgssapi-krb5-2 1.10.1+dfsg-1 ii libk5crypto3 1.10.1+dfsg-1 ii libkrb5-3 1.10.1+dfsg-1 ii libldap-2.4-2 2.4.31-1 ii libpam-modules 1.1.3-7.1 ii libpam-runtime 1.1.3-7.1 ii libpam0g 1.1.3-7.1 ii libpopt0 1.16-7 ii libtalloc2 2.0.7+git20120207-1 ii libtdb11.2.10-2 ii libwbclient0 2:3.6.6-2 ii lsb-base 4.1+Debian7 ii procps 1:3.3.3-2 ii samba-common 2:3.6.6-2 ii update-inetd 4.43 ii zlib1g 1:1.2.7.dfsg-13 Versions of packages samba recommends: ii logrotate 3.8.1-4 ii tdb-tools 1.2.10-2
[Samba] (no subject)
Hello People ! I´m using the new version Debian 6.0 (squeeze), so I configurate ldap and Samba. But when i try log in windows machine, i enter with user and password, after click, show the message for change your password, so come the message say: you not have permission to change the password. See mys commands: root@debian:~# smbclient -L localhost -U secretary Enter secretary's password: session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE root@debian# smbclient -L localhost -U rodrigo Enter rodrigo's password: session setup failed: NT_STATUS_LOGON_FAILURE - In the first the user is samba user, and second posix. root@debian-fileserver:~# ldapsearch -xLLL uid=secretaria dn: uid=secretaria,ou=Users,dc=defensoria,dc=net objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: secretaria sn: secretaria givenName: secretaria uid: secretaria uidNumber: 1009 gidNumber: 513 homeDirectory: /home/secretaria loginShell: /bin/bash gecos: Secretaria sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 displayName: secretaria sambaSID: S-1-5-21-3973246732-289451499-211008055-3018 sambaPrimaryGroupSID: S-1-5-21-3973246732-289451499-211008055-513 sambaLogonScript: logon.bat sambaProfilePath: \\PDC-SRV\profiles\secretaria sambaHomePath: \\PDC-SRV\secretaria sambaHomeDrive: H: sambaLMPassword: 86A5FB68C21C24D3B435B51404EE sambaAcctFlags: [U] sambaNTPassword: 6755830B5B0326545526B270AFFF4EEA sambaPwdLastSet: 1343154178 sambaPwdMustChange: 1347042178 shadowMax: 45 root@debian-fileserver:~# ldapsearch -xLLL uid=rodrigo dn: uid=rodrigo,ou=Users,dc=defensoria,dc=net objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: rodrigo sn: rodrigo givenName: rodrigo uid: rodrigo uidNumber: 1002 gidNumber: 513 homeDirectory: /home/rodrigo loginShell: /bin/bash gecos: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 displayName: rodrigo sambaSID: S-1-5-21-3973246732-289451499-211008055-3004 sambaPrimaryGroupSID: S-1-5-21-3973246732-289451499-211008055-513 sambaLogonScript: logon.bat sambaProfilePath: \\PDC-SRV\profiles\rodrigo sambaHomePath: \\PDC-SRV\rodrigo sambaHomeDrive: H: sambaLMPassword: 37CB7D408A71AB28AAD3B435B51404EE sambaAcctFlags: [U] sambaNTPassword: D8139AC71D1B08A58445C69F60DB30AD sambaPwdLastSet: 1343157675 sambaPwdMustChange: 1347045675 shadowMax: 45 I have a red about sambaActFlags, I change this value with 0. But is not resolve. My Smb.conf [global] workgroup = DEFENSORIABH netbios name = DEFENSORIA server string = %h server interfaces = 127.0.0.0/8, eth0 bind interfaces only = Yes obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 name resolve order = lmhosts host wins bcast add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = logon.cmd logon path = \\%N\profiles\%U logon drive = H: domain logons = Yes os level = 35 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=defensoria,dc=net ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=people ldap suffix = dc=defensoria,dc=net ldap ssl = no ldap user suffix = ou=people panic action = /usr/share/samba/panic-action %d idmap backend = ldap:ldap://10.26.7.46 idmap uid = 1-2 idmap gid = 1-2 My /etc/ldap/slapd.conf include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema #include /etc/ldap/schema/samba.schema include
[Samba] (no subject)
Was wondering if anyone else has run into this problem: CentOS 6.3 Samba 4.0.0alpha18-2.centos6 When running this command: [root@mail sysconfig]# samba-tool drs showrepl ERROR(type 'exceptions.IndexError'): uncaught exception - list index out of range File /usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 162, in _run return self.run(*args, **kwargs) File /usr/lib64/python2.6/site-packages/samba/netcmd/drs.py, line 136, in run ntds_dn = self.samdb.get_dsServiceName() File /usr/lib64/python2.6/site-packages/samba/samdb.py, line 854, in get_dsServiceName return res[0][dsServiceName][0] Server is showing up on Win2k8 R2 box as another DC. What configs can I submit to help with troubleshooting? Or has anyone already run into this? -- § Nathan § -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Hi Moray, Thanks for your answer. It could help but only partially. The script name logon%u.cmd was a bad example. Actually, a user can log on from WinXP , or Win 7 workstations, and I'like to run different logon scripts depending on the OS . So having logon script = logon%a.cmd in the smb.conf generally works thanks to variable substitution. But for user accounts that have been created with the USRMGR.EXE tools, the Logon Script attributes have not been set and it seems not possible to modify it with variables using pdbedit --script .(one precision : I use passdb backend = tdbsam ). Your script could help , but as you said logon script name will be hardcoded for each users which I want to avoid. Isn't it possible to manually change some entries in the passdb.tdb file ? Henri -Message d'origine- De : Moray Henderson [mailto:moray.hender...@ict-software.org] Envoyé : mercredi 4 avril 2012 12:56 À : ciradhb.forw...@laposte.net; samba@lists.samba.org Objet : RE: [Samba] macro characters with pdbedit ? From: ciradhb.forw...@laposte.net [mailto:ciradhb.forw...@laposte.net] Sent: 03 April 2012 11:49 Hi, I would like to change the Logon script name attributes of a samba user account to something like logon%u.cmd using pdbedit with the --script option. It does not work because the string logon%u.cmd is litteraly taken as the value, loosing the variable substitution at evaluation time. pdbedit -v output gives Logon Script : logon%u.cmd . When creating a user account without --script option, it takes by default the string that is specified in the smb.conf (say : logon%a.cmd) as a macro that will be evaluated later (pdbedit -v gives Logon Script: logonUNKNOWN.cmd which seems normal on linux). So my question is : is it possible to use macro characters with pdbedit the same way they are used in the smb.conf ? If not how can I change account attributes (and specifically the Logon Script Name) with macro charaters ? maybe with another tool than pdbedit ? Thanks in advance Henri You could hard-code each user name into the Logon Script using a shell script to loop through the user database and pick out the names: for u in `pdbedit -L | cut -d: -f1`; do [[ $u =~ \\$ ]] continue # Filter out machine accounts echo pdbedit -S logon_$u.cmd -u $u done If it looks like the pdbedit commands are correct, remove the echo. Otherwise, you could try setting --script to whatever it gets when it picks up its value from logon script in smb.conf. Moray. “To err is human; to purr, feline.” Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ? Je crée ma boîte mail www.laposte.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
Have a look: http://linux.die.net/man/1/ldbedit --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von ciradhb.forw...@laposte.net Gesendet: Mittwoch, 4. April 2012 12:06 An: Moray Henderson; samba@lists.samba.org Betreff: [Samba] (no subject) Hi Moray, Thanks for your answer. It could help but only partially. The script name logon%u.cmd was a bad example. Actually, a user can log on from WinXP , or Win 7 workstations, and I'like to run different logon scripts depending on the OS . So having logon script = logon%a.cmd in the smb.conf generally works thanks to variable substitution. But for user accounts that have been created with the USRMGR.EXE tools, the Logon Script attributes have not been set and it seems not possible to modify it with variables using pdbedit --script .(one precision : I use passdb backend = tdbsam ). Your script could help , but as you said logon script name will be hardcoded for each users which I want to avoid. Isn't it possible to manually change some entries in the passdb.tdb file ? Henri -Message d'origine- De : Moray Henderson [mailto:moray.hender...@ict-software.org] Envoyé : mercredi 4 avril 2012 12:56 À : ciradhb.forw...@laposte.net; samba@lists.samba.org Objet : RE: [Samba] macro characters with pdbedit ? From: ciradhb.forw...@laposte.net [mailto:ciradhb.forw...@laposte.net] Sent: 03 April 2012 11:49 Hi, I would like to change the Logon script name attributes of a samba user account to something like logon%u.cmd using pdbedit with the --script option. It does not work because the string logon%u.cmd is litteraly taken as the value, loosing the variable substitution at evaluation time. pdbedit -v output gives Logon Script : logon%u.cmd . When creating a user account without --script option, it takes by default the string that is specified in the smb.conf (say : logon%a.cmd) as a macro that will be evaluated later (pdbedit -v gives Logon Script: logonUNKNOWN.cmd which seems normal on linux). So my question is : is it possible to use macro characters with pdbedit the same way they are used in the smb.conf ? If not how can I change account attributes (and specifically the Logon Script Name) with macro charaters ? maybe with another tool than pdbedit ? Thanks in advance Henri You could hard-code each user name into the Logon Script using a shell script to loop through the user database and pick out the names: for u in `pdbedit -L | cut -d: -f1`; do [[ $u =~ \\$ ]] continue# Filter out machine accounts echo pdbedit -S logon_$u.cmd -u $u done If it looks like the pdbedit commands are correct, remove the echo. Otherwise, you could try setting --script to whatever it gets when it picks up its value from logon script in smb.conf. Moray. “To err is human; to purr, feline.” Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ? Je crée ma boîte mail www.laposte.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Hello, I'm on a debian Squeez and I use Samba 3.5.6 and CUPS 1.4.4 When I add a printer with windows: \\server\Name_printer, regulary all printers on this server come with this syntax: Auto-Nameprinter on server. I search in the configuration file but I can not find options that will fix this problem. Thanks! -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
If I understand you properly, I believe you want to disable or enable pending on what you need these two settings in cupsd.conf Browsing on/off BrowseAllow None/All On 01/25/2012 11:28 AM, Yécine Allouache wrote: Hello, I'm on a debian Squeez and I use Samba 3.5.6 and CUPS 1.4.4 When I add a printer with windows: \\server\Name_printer, regulary all printers on this server come with this syntax: Auto-Nameprinter on server. I search in the configuration file but I can not find options that will fix this problem. Thanks! -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
Sorry I'm not really fluent in english :) I will try tomorrow, but I did not know that CUPS could be the reason Le 25 janvier 2012 17:28, Yécine Allouache yecine.alloua...@gmail.com a écrit : Hello, I'm on a debian Squeez and I use Samba 3.5.6 and CUPS 1.4.4 When I add a printer with windows: \\server\Name_printer, regulary all printers on this server come with this syntax: Auto-Nameprinter on server. I search in the configuration file but I can not find options that will fix this problem. Thanks! -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- J'ai mal au dos callaghan! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
You could turn off the Windows Automatic printer find feature? That would stop the printers that are found and Tagged Auto I believe.. Windows searches the network for shared printers and will auto add the printer if this is turned on and they will be tagged as Auto.. My first post is probably irrelevant if this is the issue.. But it may have the same effect to set BrowseAllow NONE, if it is finding the cups shared printers.. On 01/25/2012 01:09 PM, Yécine Allouache wrote: Sorry I'm not really fluent in english :) I will try tomorrow, but I did not know that CUPS could be the reason Le 25 janvier 2012 17:28, Yécine Allouacheyecine.alloua...@gmail.com a écrit : Hello, I'm on a debian Squeez and I use Samba 3.5.6 and CUPS 1.4.4 When I add a printer with windows: \\server\Name_printer, regulary all printers on this server come with this syntax: Auto-Nameprinter on server. I search in the configuration file but I can not find options that will fix this problem. Thanks! -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
Come on! Let�s do shopping together! Don�t waste any time!.. http://www.lecki.boo.pl/new.year.php?levgoogleId=30e6 -- Herczeg Péter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Hey all, iam using samba 4 (apt -get - Ubunt 11.04) and did the provision with --ldap-backend-type=openldap . It generates a slapd file and included a modul called: rndval which can not be located. it tryed it again with compiling samba 4 from source, and the same, no module rndval for ldap. unfotunatly i cannot find the Modul inside the system or somewhere else to download i hope you can give me an advice thanks ___ SMS schreiben mit WEB.DE FreeMail - einfach, schnell und kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
On 12/12/2011 09:53, Molo CoC wrote: Hey all, iam using samba 4 (apt -get - Ubunt 11.04) and did the provision with --ldap-backend-type=openldap . It generates a slapd file and included a modul called: rndval which can not be located. it tryed it again with compiling samba 4 from source, and the same, no module rndval for ldap. Do not use the openldap backend we don't support this configuration anymore. unfotunatly i cannot find the Modul inside the system or somewhere else to download i hope you can give me an advice Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
On 12/12/2011 10:55, Molo CoC wrote: thanks for your answer. that mean, the whole replication process works inside Samba4. i am currently learning ldap for lpic 301, an there are 15 pages which descripe how to replicate via ldap - samba users and setup a secondary dc controller. what about samba 3.5 can i still use ldap as backend there, or same as samba 4, not longer supported 'ldap' It's two different things, samba 3.x as a NT domain controller can use openldap because the constraints on the schema are not the same as the constraints for a AD domain controller. and if so, what is the recommend backend type yet ? When using samba4 as AD domain controller you have the option for using just the ldb backend and using the standard DRS for DC to DC replication. Matthieu. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
On Mon, 2011-12-12 at 09:53 +0100, Molo CoC wrote: iam using samba 4 (apt -get - Ubunt 11.04) and did the provision with --ldap-backend-type=openldap . It generates a slapd file and included a modul called: rndval which can not be located. it tryed it again with compiling samba 4 from source, and the same, no module rndval for ldap. The Samba4 LDAP backend no longer works; it hasn't worked for some time and is not longer expected to work. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Hello I tried to install Samba 4 but I still have an error log file. Config before completing the installation. Mr sure helps me on this subject and I am very s recognition of your gift Thank you in advance. Bonjour J’ai essayé d’installer samba 4 mais j’ai toujours une erreur de fichier log. Config avant de terminer l’installation. Veillez Monsieur m’aide sur ce sujet et je serai tr »s reconnaissance de votre geste Merci d’avance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Hello To all, I have a special question: Did someone succeed in running a W2008 failover Cluster with samba3 as Domain Controller? Or is it possible to run this cluster with samba4 (ADS) at this time? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Hi, I have running samba PDC/BDC with ldap backend on debian and external home directory server (samba member server) on solaris. I'm using zfs as a file system for home directories. When I access home directory on windows some directories are truncated to old dos name length. main problem is with snapshotting directory where unix name is ex. zfs-auto-snap:hourly-2010-06-28-11:00 under Windows: ZYV2FC~H what samba options should I add to my smb.conf to avoid such behavior. thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
I've been trying to upgrade from samba 3.4.5 to 3.5.x (currently 3.5.3) on a Ubuntu 9.10 system where I compile my own Samba. The server is a PDC for several win2000 clients and uses an LDAP backend hosted on the same machine. After the upgrade, clients can connect to shares but can not perform domain logons. 3.5.3 does not build a browse list of other domains on the subnet. Executing net view /DOMAIN:mydomain on the client produces an error 59 or error 64. Log-3 during the net view is basically the same between 3.4.5 and 3.5.3, and I can see both successfully connect, negotiate sign/seal, and authenticate a guest session with LDAP. After that, the working 3.4.5 log says: [2010/05/23 08:33:34, 3] smbd/service.c:1047(make_connection_snum) CLIENT (x.x.x.x) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 2454) [2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/05/23 08:33:34, 3] smbd/reply.c:759(reply_tcon_and_X) tconX service=IPC$ [2010/05/23 08:33:34, 3] smbd/process.c:1459(process_smb) Transaction 4 of length 129 (0 toread) [2010/05/23 08:33:34, 3] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 2454) conn 0xb9034f58 [2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2010/05/23 08:33:34, 3] smbd/ipc.c:536(handle_trans) trans \PIPE\LANMAN data=0 params=33 setup=0 [2010/05/23 08:33:34, 3] smbd/ipc.c:487(named_pipe) named pipe command on LANMAN name [2010/05/23 08:33:34, 3] smbd/lanman.c:4694(api_reply) Got API command 104 of form WrLehDz B16BBDz (tdscnt=0,tpscnt=33,mdrcnt=4200,mprcnt=8) [2010/05/23 08:33:34, 3] smbd/lanman.c:4698(api_reply) Doing NetServerEnum [2010/05/23 08:33:34, 3] smbd/lanman.c:1511(api_RNetServerEnum) NetServerEnum domain = mydomain uLevel=1 counted=1 total=1 [2010/05/23 08:33:34, 3] smbd/process.c:1459(process_smb) Transaction 5 of length 43 (0 toread) [2010/05/23 08:33:34, 3] smbd/process.c:1273(switch_message) switch message SMBulogoffX (pid 2454) conn 0x0 [2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/05/23 08:33:34, 3] smbd/reply.c:1948(reply_ulogoffX) ulogoffX vuid=100 [2010/05/23 08:33:34, 3] smbd/process.c:1459(process_smb) Transaction 6 of length 39 (0 toread) [2010/05/23 08:33:34, 3] smbd/process.c:1273(switch_message) switch message SMBtdis (pid 2454) conn 0xb9034f58 [2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/05/23 08:33:34, 3] smbd/service.c:1226(close_cnum) CLIENT (x.x.x.x) closed connection to service IPC$ [2010/05/23 08:33:34, 3] smbd/connection.c:31(yield_connection) Yielding connection to IPC$ [2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/05/23 08:33:34, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/05/23 08:33:34, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/05/23 08:33:34, 3] smbd/server.c:845(exit_server_common) Server exit (failed to receive smb request) where the not-working 3.5.3 says [2010/05/23 08:25:50.455781, 3] smbd/service.c:1069(make_connection_snum) CLIENT (x.x.x.x) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 2128) [2010/05/23 08:25:50.455844, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/05/23 08:25:50.455914, 3] smbd/reply.c:846(reply_tcon_and_X) tconX service=IPC$ [2010/05/23 08:25:50.458037, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/05/23 08:25:50.458221, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/05/23 08:25:50.458326, 3] smbd/service.c:1250(close_cnum) CLIENT (x.x.x.x) closed connection to service IPC$ [2010/05/23 08:25:50.458394, 3] smbd/connection.c:31(yield_connection) Yielding connection to IPC$ [2010/05/23 08:25:50.458530, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/05/23 08:25:50.458643, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/05/23 08:25:50.458869, 3] smbd/server.c:902(exit_server_common) Server exit (failed to receive smb request) [2010/05/23 08:25:50.476063, 3] smbd/server.c:259(remove_child_pid) smbd/server.c:259 Unclean shutdown of pid 2128 [2010/05/23 08:25:50.476423, 1] smbd/server.c:267(remove_child_pid) Scheduled cleanup of brl and lock database after unclean shutdown after which it logs a second sign/seal negotiation, authentication, and failed $IPC connection. smb.conf is [global] unix charset = iso8859-1 workgroup =
[Samba] (no subject)
I think I'm chalking this up to a bug with either the configure script or the xl_C compiler not returning the correct results for that test. If I use the gcc compiler, the configure log has: configure:29740: checking whether krb5_mk_error takes 3 arguments MIT or 9 Heimdal configure:29758: gcc -c -I/opt/CMNSsamba/include -O -I/opt/CMNSsamba/include -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/tevent -I./libaddn s -I./librpc -I./.. -I./../lib/popt -I/opt/CMNSsamba/include -DLDAP_DEPRECATED conftest.c 5 conftest.c: In function 'main': conftest.c:525: error: too few arguments to function 'krb5_mk_error' configure:29758: $? = 1 If I use the xl_C compiler, the configure log has: configure:29740: checking whether krb5_mk_error takes 3 arguments MIT or 9 Heimdal configure:29758: cc -qlanglvl=extc89 -qlanglvl=extc99 -c -I/opt/CMNSsamba/include -D_LINUX_SOURCE_COMPAT -qmaxmem=32000 -D_LINUX_SOURCE_COMPAT -qmaxmem=3200 0 -I/opt/CMNSsamba/include -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/tevent -I./libaddns -I./librpc -I./.. -I./../lib/popt -I/opt/CMNSsam ba/include -DLDAP_DEPRECATED conftest.c 5 conftest.c, line 524.18: 1506-098 (E) Missing argument(s). configure:29758: $? = 0 configure:29765: result: yes So editing config.h to undefine HAVE_SHORT_KRB5_MK_ERROR_INTERFACE, allows me to continue compiling, however, when I get to linking smbd, I get the following output. The duplicate symbols are fine, but I can't seem to figure out the unresolved symbol. Linking bin/smbd ld: 0711-224 WARNING: Duplicate symbol: __start ld: 0711-224 WARNING: Duplicate symbol: .__start ld: 0711-224 WARNING: Duplicate symbol: __C_runtime_pstartup ld: 0711-224 WARNING: Duplicate symbol: p_xargc ld: 0711-224 WARNING: Duplicate symbol: p_xargv ld: 0711-224 WARNING: Duplicate symbol: .__threads_init ld: 0711-224 WARNING: Duplicate symbol: __threads_init ld: 0711-224 WARNING: Duplicate symbol: _malloc_user_defined_name ld: 0711-224 WARNING: Duplicate symbol: __pth_init_routine ld: 0711-224 WARNING: Duplicate symbol: _bsd_init_routine ld: 0711-224 WARNING: Duplicate symbol: _xti_tli_init_routine ld: 0711-224 WARNING: Duplicate symbol: _nsl_init_routine ld: 0711-224 WARNING: Duplicate symbol: __dce_compat_init_routine ld: 0711-224 WARNING: Duplicate symbol: .rep_asprintf ld: 0711-224 WARNING: Duplicate symbol: .rep_vsnprintf ld: 0711-224 WARNING: Duplicate symbol: .rep_snprintf ld: 0711-224 WARNING: Duplicate symbol: .rep_vasprintf ld: 0711-224 WARNING: Duplicate symbol: .fsav ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF14 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef14 ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF15 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef15 ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF16 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef16 ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF17 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef17 ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF18 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef18 ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF19 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef19 ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF20 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef20 ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF21 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef21 ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF22 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef22 ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF23 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef23 ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF24 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef24 ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF25 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef25 ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF26 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef26 ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF27 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef27 ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF28 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef28 ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF29 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef29 ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF30 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef30 ld: 0711-224 WARNING: Duplicate symbol: .$SAVEF31 ld: 0711-224 WARNING: Duplicate symbol: .Ssavef31 ld: 0711-224 WARNING: Duplicate symbol: ._savef3 ld: 0711-224 WARNING: Duplicate symbol: .fres ld: 0711-224 WARNING: Duplicate symbol: .$RESTF14 ld: 0711-224 WARNING: Duplicate symbol: .Srestf14 ld: 0711-224 WARNING: Duplicate symbol: ._restf14 ld: 0711-224 WARNING: Duplicate symbol: .$RESTF15 ld: 0711-224 WARNING: Duplicate symbol: .Srestf15 ld: 0711-224 WARNING: Duplicate symbol: ._restf15 ld: 0711-224 WARNING: Duplicate symbol: .$RESTF16 ld: 0711-224 WARNING: Duplicate symbol: .Srestf16 ld: 0711-224 WARNING: Duplicate symbol: .$RESTF17 ld: 0711-224 WARNING: Duplicate symbol: .Srestf17 ld: 0711-224 WARNING: Duplicate symbol: .$RESTF18 ld: 0711-224
[Samba] (no subject)
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
On Thu, Apr 15, 2010 at 12:07:40PM +0200, yves.coutoll...@erymaservices.com wrote: Hi, When I try to save a new execl file to a samba share, I 've got an error unable to access to file, but the file is currently well saved. No problem with open office nor ms word. A wireshark trace indicate Query_path_info/ error status_access_denied thanks for your help regards More details needed please. Log a bug @ bugzilla.samba.org and attach the relevent files/logs. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Hi, When I try to save a new execl file to a samba share, I 've got an error unable to access to file, but the file is currently well saved. No problem with open office nor ms word. A wireshark trace indicate Query_path_info/ error status_access_denied thanks for your help regards - here's my configuration: Samba 3.5.2/ centos 5.4 [global] unix charset = ISO8859-15 display charset = ISO8859-15 workgroup = xxx netbios name = PRYDERI server string = SERVEUR BUREAUTIQUE xxx interfaces = 10.10.xxx.xxx/16, 127.0.0.1/8 bind interfaces only = Yes security = DOMAIN client schannel = No server schannel = No passdb backend = smbpasswd guest account = ipconly pam password change = Yes passwd program = /usr/bin/passwd username map = /etc/samba/smbusers log file = /var/log/samba/%m.log smb ports = 139 445 large readwrite = No name resolve order = wins lmhosts host bcast max wins ttl = 1000 min wins ttl = 300 time server = Yes unix extensions = No socket options = SO_SNDBUF=2920 printcap name = /etc/printcap logon script = %U.bat logon path = d:\Profiles_xxx\%U logon drive = j: domain logons = Yes os level = 99 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap ssl = no socket address = 10.10.xxx.xxx valid users = root, ipconly, +itm, +burutil hosts allow = 10.10., 127.0.0.1 strict allocate = Yes case sensitive = Yes map hidden = Yes browseable = No strict locking = No wide links = Yes [PERSO] comment = Repertoire personnel path = /mnt/san/unite1/%U valid users = root, +itm, +burutil read only = No create mask = 0777 directory mask = 0777 and other shares ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
http://DerrickVoisinet0470.co.cc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
I'm not sure :/ Theres only 1 windows box, and the clients connect to it via RDP. So does that need roaming profiles?? Does it always have to create the users profile in C:\users ?? The profiles directory, profile.V2 doesn't seem to be where i thought it would be, ie whats in the smb.conf. Everyones home directory showing up in network places as a share is also a bit of a mess, and I'm not sure why they are showing up there. On Tue, 2010-03-23 at 13:35 -0500, Adam wrote: what are you wanting to do? disable roaming profiles? evan.ing...@cariss.co.uk wrote: hi having a few troubles with samba profile directories. im using a windows server 2008 r2 server as a remote desktop server so the terminals connect over RDP, the windows box is then authenticating against a samba pdc. to begin with profiles just were not working so i tried a few different options in smb.conf and stumbled across one that worked... heres my smb.conf - http://pastebin.com/Kcssv9Vp but its creating the profiles in the users home directory in a directory called profile.V2, takes a long time to log in as it is waiting for the profile service, as it does when logging out. the profile is also ending up in C:\users on the windows box, (is this avaoidable? i thought it would start to fill up the relatively small harddrive space i gave to the windows vm as opposed to the samba vm). when logged in to a user account on windows, all the other users home directories are showing up in network places, so it look a bit of a mess when i just want a couple of central shared directories. any advice on any of the above? cheers -- *** Please note change of contact details below with immediate effect *** Evan Ingram Technical Manager CARISS CARISS House, 205 Westbrook Avenue, Margate, CT9 5HS 01843 823 724 www.cariss.co.uk CARISS is a trading name of Ask-4-IT Ltd Company registered in England and Wales Company Number - 5374955 VAT Number - 856 1229 22 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
Try this: http://pastebin.com/reBxWQTE John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
hi having a few troubles with samba profile directories. im using a windows server 2008 r2 server as a remote desktop server so the terminals connect over RDP, the windows box is then authenticating against a samba pdc. to begin with profiles just were not working so i tried a few different options in smb.conf and stumbled across one that worked... heres my smb.conf - http://pastebin.com/Kcssv9Vp but its creating the profiles in the users home directory in a directory called profile.V2, takes a long time to log in as it is waiting for the profile service, as it does when logging out. the profile is also ending up in C:\users on the windows box, (is this avaoidable? i thought it would start to fill up the relatively small harddrive space i gave to the windows vm as opposed to the samba vm). when logged in to a user account on windows, all the other users home directories are showing up in network places, so it look a bit of a mess when i just want a couple of central shared directories. any advice on any of the above? cheers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
what are you wanting to do? disable roaming profiles? evan.ing...@cariss.co.uk wrote: hi having a few troubles with samba profile directories. im using a windows server 2008 r2 server as a remote desktop server so the terminals connect over RDP, the windows box is then authenticating against a samba pdc. to begin with profiles just were not working so i tried a few different options in smb.conf and stumbled across one that worked... heres my smb.conf - http://pastebin.com/Kcssv9Vp but its creating the profiles in the users home directory in a directory called profile.V2, takes a long time to log in as it is waiting for the profile service, as it does when logging out. the profile is also ending up in C:\users on the windows box, (is this avaoidable? i thought it would start to fill up the relatively small harddrive space i gave to the windows vm as opposed to the samba vm). when logged in to a user account on windows, all the other users home directories are showing up in network places, so it look a bit of a mess when i just want a couple of central shared directories. any advice on any of the above? cheers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
That what happens with those, who don't use FreeBSD ports infrastructure :) On Tue, Feb 9, 2010 at 11:35 AM, . . bb...@mail.ru wrote: Hi, Anyone! Help me get Samba compiled, if you can. Latest Samba, freshest FreeBSD 8.0. So, full steps: fetch http://www.samba.org/samba/ftp/stable/samba-3.4.5.tar.gz tar zxf samba-3.4.5.tar.gz ; cd samba-3.4.5/source3 ./configure --prefix=/usr/local --with-configdir=/usr/local/etc --with-mandir=/usr/share/man --with-libiconv=/usr/local --with-krb5=/usr/local \ --enable-swat --enable-shared-libs --with-ads --with-libsmbclient --with-winbind --with-ldap --with-acl-support --enable-cups \ --with-libaddns --with-libsmbsharemodes --with-aio-support --with-included-popt --with-quotas libsmb/libsmb_cache.c: In function 'SMBC_purge_cached_servers': libsmb/libsmb_cache.c:232: error: dereferencing pointer to incomplete type -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Hi, Anyone! Help me get Samba compiled, if you can. Latest Samba, freshest FreeBSD 8.0. So, full steps: fetch http://www.samba.org/samba/ftp/stable/samba-3.4.5.tar.gz tar zxf samba-3.4.5.tar.gz ; cd samba-3.4.5/source3 ./configure --prefix=/usr/local --with-configdir=/usr/local/etc --with-mandir=/usr/share/man --with-libiconv=/usr/local --with-krb5=/usr/local \ --enable-swat --enable-shared-libs --with-ads --with-libsmbclient --with-winbind --with-ldap --with-acl-support --enable-cups \ --with-libaddns --with-libsmbsharemodes --with-aio-support --with-included-popt --with-quotas make .. Compiling utils/smbget.c Compiling libsmb/libsmb_cache.c In file included from libsmb/libsmb_cache.c:25: include/libsmb_internal.h:177: error: expected specifier-qualifier-list before 'smbc_smb_encrypt_level' libsmb/libsmb_cache.c: In function 'SMBC_add_cached_server': libsmb/libsmb_cache.c:91: error: dereferencing pointer to incomplete type libsmb/libsmb_cache.c:91: error: dereferencing pointer to incomplete type libsmb/libsmb_cache.c:91: error: dereferencing pointer to incomplete type libsmb/libsmb_cache.c:91: error: dereferencing pointer to incomplete type libsmb/libsmb_cache.c:91: error: dereferencing pointer to incomplete type libsmb/libsmb_cache.c: In function 'SMBC_get_cached_server': libsmb/libsmb_cache.c:121: error: dereferencing pointer to incomplete type libsmb/libsmb_cache.c:163: error: called object 'smbc_getFunctionRemoveCachedServer(context)' is not a function libsmb/libsmb_cache.c:178: error: called object 'smbc_getFunctionRemoveCachedServer(context)' is not a function libsmb/libsmb_cache.c: In function 'SMBC_remove_cached_server': libsmb/libsmb_cache.c:203: error: dereferencing pointer to incomplete type libsmb/libsmb_cache.c:207: error: dereferencing pointer to incomplete type libsmb/libsmb_cache.c:207: error: dereferencing pointer to incomplete type libsmb/libsmb_cache.c:207: error: dereferencing pointer to incomplete type libsmb/libsmb_cache.c:207: error: dereferencing pointer to incomplete type libsmb/libsmb_cache.c:207: error: dereferencing pointer to incomplete type libsmb/libsmb_cache.c: In function 'SMBC_purge_cached_servers': libsmb/libsmb_cache.c:232: error: dereferencing pointer to incomplete type How to cure it? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
[global] security = user map to guest = bad password [share] guest ok = yes read only = yes write list = yourspecificuser Add the path = and other settings you need. Does that work for you? Volker Ok, I tested yours and Michael Woods' recommendation to set 'security = user' and 'map to guest = bad password'. I also googled and read about it. And yes, it now works both on XP and Ubuntu. When I click on the restricted share it asks for a password (this also happened with the earlier config), only that this times it really logs me in. Earlier I had to create a mapped networked driver with credentials for it to work. Thanks for your help guys. Will definitely remember this config option. Alex F. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Hi I Have a problem: I'm sharing ~600 folders on my samba server: [SHARE 192.168.0.20] comment = Private share for host 192.168.0.20 browseable = yes writable = yes path = /var/archives/USERS/192.168.0.20 public=yes hosts deny = 192.168. EXCEPT 192.168.0.20 [SHARE 192.168.0.21] comment = Private share for host 192.168.0.21 browseable = yes writable = yes path = /var/archives/USERS/192.168.0.21 public=yes hosts deny = 192.168. EXCEPT 192.168.0.21 . . . But any user can see all shares even those without permissions (each host can see ~600 shares and only one is working for him) I don't know how to hide shares for each host so that he can see only share created for him. For Example host 192.168.0.10 will see only SHARE 192.168.0.10 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
2010/2/6 Greg Byshenk sa...@byshenk.net On Sat, Feb 06, 2010 at 11:31:31AM +0100, kornel kornatka wrote: I Have a problem: I'm sharing ~600 folders on my samba server: [SHARE 192.168.0.20] comment = Private share for host 192.168.0.20 browseable = yes writable = yes path = /var/archives/USERS/192.168.0.20 public=yes hosts deny = 192.168. EXCEPT 192.168.0.20 [SHARE 192.168.0.21] comment = Private share for host 192.168.0.21 browseable = yes writable = yes path = /var/archives/USERS/192.168.0.21 public=yes hosts deny = 192.168. EXCEPT 192.168.0.21 . . . But any user can see all shares even those without permissions (each host can see ~600 shares and only one is working for him) I don't know how to hide shares for each host so that he can see only share created for him. For Example host 192.168.0.10 will see only SHARE 192.168.0.10 I'm not a samba expert, but what you're doing seems clumsy to me. Why not create a single share something like this: [privateshare] comment = Private share for local machines browseable = yes writable = yes path = /var/archives/USERS/%I public = yes hosts deny = 192.168. EXCEPT %I This allows every host to see just a single folder of its own -- and also makes for a much simpler smb.conf. -- greg byshenk - gbysh...@byshenk.net - Leiden, NL As you can see I'm beginner with samba. I've changed my conf as you said... it's not working But in my understanding ... : Samba can't know possibilities of %I variable to create shares. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
On 6 February 2010 13:05, kornel kornatka ds14.kor...@gmail.com wrote: 2010/2/6 Greg Byshenk sa...@byshenk.net [...] Why not create a single share something like this: [privateshare] comment = Private share for local machines browseable = yes writable = yes path = /var/archives/USERS/%I public = yes hosts deny = 192.168. EXCEPT %I This allows every host to see just a single folder of its own -- and also makes for a much simpler smb.conf. As you can see I'm beginner with samba. I've changed my conf as you said... it's not working But in my understanding ... : Samba can't know possibilities of %I variable to create shares. I agree with Greg. I believe Samba should create the shares on the fly when the user connects, the same way it does for the [homes] share. I have not tried this, though. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
On Sat, Feb 06, 2010 at 11:31:31AM +0100, kornel kornatka wrote: I Have a problem: I'm sharing ~600 folders on my samba server: [SHARE 192.168.0.20] comment = Private share for host 192.168.0.20 browseable = yes writable = yes path = /var/archives/USERS/192.168.0.20 public=yes hosts deny = 192.168. EXCEPT 192.168.0.20 [SHARE 192.168.0.21] comment = Private share for host 192.168.0.21 browseable = yes writable = yes path = /var/archives/USERS/192.168.0.21 public=yes hosts deny = 192.168. EXCEPT 192.168.0.21 . . . But any user can see all shares even those without permissions (each host can see ~600 shares and only one is working for him) I don't know how to hide shares for each host so that he can see only share created for him. For Example host 192.168.0.10 will see only SHARE 192.168.0.10 I'm not a samba expert, but what you're doing seems clumsy to me. Why not create a single share something like this: [privateshare] comment = Private share for local machines browseable = yes writable = yes path = /var/archives/USERS/%I public = yes hosts deny = 192.168. EXCEPT %I This allows every host to see just a single folder of its own -- and also makes for a much simpler smb.conf. -- greg byshenk - gbysh...@byshenk.net - Leiden, NL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
2010/2/6 Michael Wood esiot...@gmail.com On 6 February 2010 13:05, kornel kornatka ds14.kor...@gmail.com wrote: 2010/2/6 Greg Byshenk sa...@byshenk.net [...] Why not create a single share something like this: [privateshare] comment = Private share for local machines browseable = yes writable = yes path = /var/archives/USERS/%I public = yes hosts deny = 192.168. EXCEPT %I This allows every host to see just a single folder of its own -- and also makes for a much simpler smb.conf. As you can see I'm beginner with samba. I've changed my conf as you said... it's not working But in my understanding ... : Samba can't know possibilities of %I variable to create shares. I agree with Greg. I believe Samba should create the shares on the fly when the user connects, the same way it does for the [homes] share. I have not tried this, though. -- Michael Wood esiot...@gmail.com * * I've tested new configuration [privateshare %I] comment = Private share for local machines browseable = yes writable = yes path = /var/archives/USERS/%I public = yes Works preaty good :) obviously - the hosts allow is no need now (thats why it wasn't working earlier) Thank you for your help! :) Regards Kornel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject) - DOS apps are failing on recent samba version
Am Mittwoch 03 Februar 2010 03:52:43 schrieb Günter Kukkukk: Am Dienstag 02 Februar 2010 23:56:06 schrieb James Hurlburt: Sirs: I have a Ubuntu 6.06 samba 3.0.22 file server running on linux. I am attempting to update the file server to ubuntu 8.10, samba 3.2.3. I have been attempting this, intermittently, for some time which is why 8.10. I have 10 MSDOS (mostly 6.22) workstations as a part of the network. The ones that have to run, control production machinery on the plant floor. Updating the operating system on those machines is effectivly impossible. There are some of them that run software that I control, most of them use vendor supplied software to control the older machines. They are using lanman 2.2 as the client software. (I have many xp workstations, they work fine with both systems. I can map drives, read and save and run the same dos exe files that the dos stations are failing on. Print stuff...) On the old server, the dos stations can log in and use network resources. Thus far, I have failed to make them work on the new server. The relevant parts of the smb.conf files for the servers are -- The 3.0.22 server. This one is the production server and the dos stations work. # Samba config file created using SWAT # from 10.23.0.118 (10.23.0.118) # Date: 2010/01/29 09:46:06 [global] workgroup = ATRIUM-DW server string = Samba passwd program = /usr/bin/passwd %u unix password sync = Yes change notify timeout = 30 deadtime = 30 printcap name = CUPS disable spoolss = Yes show add printer wizard = No ldap ssl = no case sensitive = No [bestbilt] comment = Mapped as U: path = /atrium/bestbilt valid users = @users force group = users read only = No create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 oplocks = No level2 oplocks = No strict locking = No *** The 3.2.3 server # Samba config file created using SWAT # from UNKNOWN () # Date: 2010/02/02 13:20:51 [global] workgroup = ATRIUM-DW guest account = bbijimhur lanman auth = Yes ldap ssl = no [bestbilt] comment = working production data path = /atrium/bestbilt username = bbijimhur valid users = @users force group = users read only = No guest ok = Yes [dosbbilt] comment = win94 for dos workstations path = /atrium/bestbilt read only = No guest ok = Yes This smb.conf file is the best one I have been able to create for the dos stations. With it, I can log in and map the drive. net use u: \\bbi-sam-2-srv\bestbilt I can do directory listings and change directory to u:\win94 When I attempt to run a dos program (tracking.exe) I get the following u:\win94\ Tracking NET805: NETWORK DEVICE NO LONGER EXISTS READING DRIVE U Abort, Retry, Fail? f Access denied. I have much the same error if I put the executable on the local drive and attempt to use shared .dbf data files from the server. I can connect to the old server with the same box. It takes a few minutes to change all the config files for lanman, but it works. On the old server, I can login, map the drives and run executables and use the dbf data files. It seems to me as if there is some configuration flag where the default has from 3.0 to 3.2 that I can't find. I did a detailed view of both config files from swat and ran a dif on them. I was unable to identify a place that could be changed that would allow the dos machines to utilize the samba file server. I am willing to use either different client software on the dos stations, or update the samba setup to a different version. I like ubuntu, but am not wedded to it. However, the dos stations must stay, even if I must maintain a server with 3.0 on it to keep them running. Any ideas? I am more that willing to RTFM, but have exausted my ideas of which FM and which part of it to read. Hints in this matter would be welcome. Hints on which config option in smb.conf would be even more welcome. Thanks in advance, Jim Hurlburt Atrium Windows and Doors Northwest. Yakima, WA USA 1.) On your new server add the following to the [global] section of smb.conf: log level = 10 This will raise the debug level of samba - the log file(s) are usually written to /var/log/samba/log.smbd (this might be different in your distro) 2.) Take a network sniff on your new server, details are here: http://wiki.samba.org/index.php/Capture_Packets Now do the failing DOS commands again. The 1.) samba debug log might already be sufficient to track down the problem. Better would be both - the samba debug 10 log and a corresponding
[Samba] (no subject)
Sirs: I have a Ubuntu 6.06 samba 3.0.22 file server running on linux. I am attempting to update the file server to ubuntu 8.10, samba 3.2.3. I have been attempting this, intermittently, for some time which is why 8.10. I have 10 MSDOS (mostly 6.22) workstations as a part of the network. The ones that have to run, control production machinery on the plant floor. Updating the operating system on those machines is effectivly impossible. There are some of them that run software that I control, most of them use vendor supplied software to control the older machines. They are using lanman 2.2 as the client software. (I have many xp workstations, they work fine with both systems. I can map drives, read and save and run the same dos exe files that the dos stations are failing on. Print stuff...) On the old server, the dos stations can log in and use network resources. Thus far, I have failed to make them work on the new server. The relevant parts of the smb.conf files for the servers are -- The 3.0.22 server. This one is the production server and the dos stations work. # Samba config file created using SWAT # from 10.23.0.118 (10.23.0.118) # Date: 2010/01/29 09:46:06 [global] workgroup = ATRIUM-DW server string = Samba passwd program = /usr/bin/passwd %u unix password sync = Yes change notify timeout = 30 deadtime = 30 printcap name = CUPS disable spoolss = Yes show add printer wizard = No ldap ssl = no case sensitive = No [bestbilt] comment = Mapped as U: path = /atrium/bestbilt valid users = @users force group = users read only = No create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 oplocks = No level2 oplocks = No strict locking = No *** The 3.2.3 server # Samba config file created using SWAT # from UNKNOWN () # Date: 2010/02/02 13:20:51 [global] workgroup = ATRIUM-DW guest account = bbijimhur lanman auth = Yes ldap ssl = no [bestbilt] comment = working production data path = /atrium/bestbilt username = bbijimhur valid users = @users force group = users read only = No guest ok = Yes [dosbbilt] comment = win94 for dos workstations path = /atrium/bestbilt read only = No guest ok = Yes This smb.conf file is the best one I have been able to create for the dos stations. With it, I can log in and map the drive. net use u: \\bbi-sam-2-srv\bestbilt I can do directory listings and change directory to u:\win94 When I attempt to run a dos program (tracking.exe) I get the following u:\win94\ Tracking NET805: NETWORK DEVICE NO LONGER EXISTS READING DRIVE U Abort, Retry, Fail? f Access denied. I have much the same error if I put the executable on the local drive and attempt to use shared .dbf data files from the server. I can connect to the old server with the same box. It takes a few minutes to change all the config files for lanman, but it works. On the old server, I can login, map the drives and run executables and use the dbf data files. It seems to me as if there is some configuration flag where the default has from 3.0 to 3.2 that I can't find. I did a detailed view of both config files from swat and ran a dif on them. I was unable to identify a place that could be changed that would allow the dos machines to utilize the samba file server. I am willing to use either different client software on the dos stations, or update the samba setup to a different version. I like ubuntu, but am not wedded to it. However, the dos stations must stay, even if I must maintain a server with 3.0 on it to keep them running. Any ideas? I am more that willing to RTFM, but have exausted my ideas of which FM and which part of it to read. Hints in this matter would be welcome. Hints on which config option in smb.conf would be even more welcome. Thanks in advance, Jim Hurlburt Atrium Windows and Doors Northwest. Yakima, WA USA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject) - DOS apps are failing on recent samba version
Am Dienstag 02 Februar 2010 23:56:06 schrieb James Hurlburt: Sirs: I have a Ubuntu 6.06 samba 3.0.22 file server running on linux. I am attempting to update the file server to ubuntu 8.10, samba 3.2.3. I have been attempting this, intermittently, for some time which is why 8.10. I have 10 MSDOS (mostly 6.22) workstations as a part of the network. The ones that have to run, control production machinery on the plant floor. Updating the operating system on those machines is effectivly impossible. There are some of them that run software that I control, most of them use vendor supplied software to control the older machines. They are using lanman 2.2 as the client software. (I have many xp workstations, they work fine with both systems. I can map drives, read and save and run the same dos exe files that the dos stations are failing on. Print stuff...) On the old server, the dos stations can log in and use network resources. Thus far, I have failed to make them work on the new server. The relevant parts of the smb.conf files for the servers are -- The 3.0.22 server. This one is the production server and the dos stations work. # Samba config file created using SWAT # from 10.23.0.118 (10.23.0.118) # Date: 2010/01/29 09:46:06 [global] workgroup = ATRIUM-DW server string = Samba passwd program = /usr/bin/passwd %u unix password sync = Yes change notify timeout = 30 deadtime = 30 printcap name = CUPS disable spoolss = Yes show add printer wizard = No ldap ssl = no case sensitive = No [bestbilt] comment = Mapped as U: path = /atrium/bestbilt valid users = @users force group = users read only = No create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 oplocks = No level2 oplocks = No strict locking = No *** The 3.2.3 server # Samba config file created using SWAT # from UNKNOWN () # Date: 2010/02/02 13:20:51 [global] workgroup = ATRIUM-DW guest account = bbijimhur lanman auth = Yes ldap ssl = no [bestbilt] comment = working production data path = /atrium/bestbilt username = bbijimhur valid users = @users force group = users read only = No guest ok = Yes [dosbbilt] comment = win94 for dos workstations path = /atrium/bestbilt read only = No guest ok = Yes This smb.conf file is the best one I have been able to create for the dos stations. With it, I can log in and map the drive. net use u: \\bbi-sam-2-srv\bestbilt I can do directory listings and change directory to u:\win94 When I attempt to run a dos program (tracking.exe) I get the following u:\win94\ Tracking NET805: NETWORK DEVICE NO LONGER EXISTS READING DRIVE U Abort, Retry, Fail? f Access denied. I have much the same error if I put the executable on the local drive and attempt to use shared .dbf data files from the server. I can connect to the old server with the same box. It takes a few minutes to change all the config files for lanman, but it works. On the old server, I can login, map the drives and run executables and use the dbf data files. It seems to me as if there is some configuration flag where the default has from 3.0 to 3.2 that I can't find. I did a detailed view of both config files from swat and ran a dif on them. I was unable to identify a place that could be changed that would allow the dos machines to utilize the samba file server. I am willing to use either different client software on the dos stations, or update the samba setup to a different version. I like ubuntu, but am not wedded to it. However, the dos stations must stay, even if I must maintain a server with 3.0 on it to keep them running. Any ideas? I am more that willing to RTFM, but have exausted my ideas of which FM and which part of it to read. Hints in this matter would be welcome. Hints on which config option in smb.conf would be even more welcome. Thanks in advance, Jim Hurlburt Atrium Windows and Doors Northwest. Yakima, WA USA 1.) On your new server add the following to the [global] section of smb.conf: log level = 10 This will raise the debug level of samba - the log file(s) are usually written to /var/log/samba/log.smbd (this might be different in your distro) 2.) Take a network sniff on your new server, details are here: http://wiki.samba.org/index.php/Capture_Packets Now do the failing DOS commands again. The 1.) samba debug log might already be sufficient to track down the problem. Better would be both - the samba debug 10 log and a corresponding network sniff. To track that problem, please open a bug report at https://bugzilla.samba.org/
Re: [Samba] (no subject)
James Hurlburt put forth on 2/2/2010 4:56 PM: NET805: NETWORK DEVICE NO LONGER EXISTS READING DRIVE U Abort, Retry, Fail? Hi James, You didn't happen to put the new Samba server on a different IP subnet or VLAN than the old server did you? You didn't show the IP's and subnet masks of each machine. IIRC, NETBIOS can have problems crossing some routers and VLANs, possibly other network boundaries. If you aren't already, the first thing I'd do is get the new server on an IP address consecutive to the old server and make sure they're jacked into the same switch. This should eliminate any possible network topology issues causing problems. Is the new server a virtual machine? Make sure the hypervisor is allowing NETBIOS traffic to flow from the physical NIC to/from the VM. Actually, I should say, make sure it isn't disallowing such traffic. This is unlikely, but it's best to check. Running in a VM can often cause goofy hard to solve problems because of things not working at low levels the way we expect them to. Lastly, disable any iptables rules on the new server or other firewall scripting software, and disable SELinux if it is enabled. Look at netstat -an on both servers when connecting with the clients, and make sure all the same ports are being used. That's about all I can think of at this point. As Gunter mentioned, a network trace couldn't hurt. I'd probably try a few of the less time consuming recommendations above before resorting to the trace. -- Stan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Sent from my iPhone -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
BUMP! :-) Jeremy Allison wrote: On Fri, Oct 23, 2009 at 02:34:45PM -0600, Robert LeBlanc wrote: 3.4.2 Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Fri, Oct 23, 2009 at 1:23 PM, Jeremy Allison j...@samba.org wrote: On Fri, Oct 23, 2009 at 01:19:46PM -0600, Robert LeBlanc wrote: Here is a capture of top at the time: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 5842 root 20 0 873m 6912 4612 S 0.0 0.4 0:01.20 winbindd 5848 root 20 0 872m 3260 2272 S 0.0 0.2 0:00.08 winbindd 5849 root 20 0 872m 3640 2652 S 0.0 0.2 0:00.06 winbindd 5850 root 20 0 872m 3320 2200 S 0.0 0.2 0:00.06 winbindd 5859 root 20 0 874m 2684 1448 S 0.0 0.2 0:00.00 winbindd 5954 root 20 0 872m 3740 2284 S 0.0 0.2 0:00.02 winbindd 5955 root 20 0 872m 3804 2348 S 0.0 0.2 0:00.04 winbindd 6025 root 20 0 873m 15444 S 0.0 0.1 0:00.00 winbindd 6026 root 20 0 873m 15484 S 0.0 0.1 0:00.00 winbindd 6518 root 20 0 873m 5048 3476 S 0.0 0.3 0:00.00 winbindd 6576 root 20 0 873m 6228 4232 S 0.0 0.4 0:00.00 winbindd 5 root RT -5 000 S 0.0 0.0 0:00.00 watchdog/0 529 root 16 -4 21076 6320 S 0.0 0.0 0:00.16 udevd 6574 root 20 0 18824 1264 940 R 0.0 0.1 0:00.10 top 1761 root 20 0 5904 320 184 S 0.0 0.0 0:00.06 syslogd 1805 root 20 0 48868 720 216 S 0.0 0.0 0:00.00 sshd 5768 root 20 0 78572 916 200 S 0.0 0.1 0:00.14 sshd Well 873m is a little excessive, even for virtual memory :-). That's a memory leak I'd guess. What winbindd version is this ? Ok, can you get a message pool usage dump by doing: smbcontrol pid pool-usage on one of the monstrous winbindd processes please ? Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Just out of curiosity, do any of you have mdns4_minimal or mdsn4 in your /etc/nsswitch.conf file? I think mdns4 doesn't work too well and I usually take it out, but it was alive and well on these machines. Does removing those items help anyone? Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Thu, Oct 22, 2009 at 4:45 PM, Robert LeBlanc rob...@leblancnet.uswrote: I'm using 3.4.2 right now and I'm seeing a similar problem. We are using winbind to authenticate our users on our Linux cluster. The worker and interactive nodes are on a private subnet that is NATed to the local LAN. Two head nodes provide failover for the NATing. When failover is happening, winbind whacks out. The system is not unusable, but no authentication happens for about 30 minutes after the failover. I'm going to see if I can get iptables to share state between machines to help prevent this, but there needs to be a faster reconnection after domain controllers seem to be down. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Thu, Oct 22, 2009 at 1:55 AM, Clayton Hill ad...@ateamonsite.comwrote: Hi Jason, Yup you got the same problem - just going about it a sorta different way - ouch that must really suck having winbind\ADdomain own the account you are logged in as. bummer! My problem is slightly less serious as I am trying to use my local accounts (such as root) and I just use samba as a domain member to host files with AD ACLs in the filesystem permissions... but we see the same bug. because winbind (even caching) kills access to my local accounts. I hope this is fixed in 3.4 (I just installed it yesterday) I haven't had a chance to run the same test on 3.4 possibilities: winbind is not caching right to allow smooth operation when the DC is offline and the system is virtually locked up winbind doesnt know the moment it cant connect to the DC that it should really use cache or just buzz off and die somehow winbind may or may not connect back up to the DC immediately I need to play with parameters and see what the new winbind options in 3.4 do. I have been on 3.2 until yesterday. Thanks for the info on the bug report.. Cheers, -Clayton Jason Haar wrote: Just a FYI, but this looks an awful lot like the bug I reported months ago https://bugzilla.samba.org/show_bug.cgi?id=6103 Basically I'm running Fedora11 with no local accounts (beyond root) - relying on winbind. On occasion winbind appears to hang - and no local access works - including root - which shouldn't need winbind to succeed! Normally I have to reboot to fix, however if I was lucky enough for it to happen before my screensaver kicked in, then simply restarting winbind fixes the problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
I also see this in the syslog sometimes: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.132286] rsync invoked oom-killer: gfp_mask=0x201d2, order=0, oomkilladj=0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.132649] Pid: 6516, comm: rsync Not tainted 2.6.26-2-amd64 #1 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.132916] Oct 23 13:09:35 lsbeast-i2 kernel: [74133.132917] Call Trace: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.133470] [802738c0] oom_kill_process+0x57/0x1dc Oct 23 13:09:35 lsbeast-i2 kernel: [74133.133746] [8023b551] __capable+0x9/0x1c Oct 23 13:09:35 lsbeast-i2 kernel: [74133.133993] [80273beb] badness+0x188/0x1c7 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.134245] [80273e1f] out_of_memory+0x1f5/0x28e Oct 23 13:09:35 lsbeast-i2 kernel: [74133.140836] [80276b70] __alloc_pages_internal+0x31d/0x3bf Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141048] [80272d1c] generic_file_aio_read+0x3b7/0x4ae Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141279] [8029ae47] do_sync_read+0xc9/0x10c Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141472] [80246221] autoremove_wake_function+0x0/0x2e Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141682] [8029b638] vfs_read+0xaa/0x152 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141864] [8029ba19] sys_read+0x45/0x6e Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142046] [8020beca] system_call_after_swapgs+0x8a/0x8f Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142254] Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142376] Mem-info: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142511] Node 0 DMA per-cpu: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142662] CPU0: hi:0, btch: 1 usd: 0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142844] Node 0 DMA32 per-cpu: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142998] CPU0: hi: 186, btch: 31 usd: 173 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.143183] Active:189862 inactive:179626 dirty:0 writeback:0 unstable:0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.143184] free:3011 slab:7697 mapped:76 pagetables:1122 bounce:0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.143592] Node 0 DMA free:6020kB min:32kB low:40kB high:48kB active:3012kB inactive:2676kB present:10724kB pages_scanned:9007 all_unreclaimable? yes Oct 23 13:09:35 lsbeast-i2 kernel: [74133.144711] lowmem_reserve[]: 0 1499 1499 1499 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.144894] Node 0 DMA32 free:6024kB min:4936kB low:6168kB high:7404kB active:756436kB inactive:715828kB present:1535136kB pages_scanned:626785 all_unreclaimable? no Oct 23 13:09:35 lsbeast-i2 kernel: [74133.145479] lowmem_reserve[]: 0 0 0 0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.145648] Node 0 DMA: 3*4kB 1*8kB 1*16kB 5*32kB 3*64kB 2*128kB 3*256kB 1*512kB 0*1024kB 0*2048kB 1*4096kB = 6020kB Oct 23 13:09:35 lsbeast-i2 kernel: [74133.146045] Node 0 DMA32: 162*4kB 28*8kB 9*16kB 7*32kB 1*64kB 1*128kB 0*256kB 1*512kB 0*1024kB 0*2048kB 1*4096kB = 6040kB Oct 23 13:09:35 lsbeast-i2 kernel: [74133.155603] 364394 total pagecache pages Oct 23 13:09:35 lsbeast-i2 kernel: [74133.155831] Swap cache: add 0, delete 0, find 0/0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.156064] Free swap = 0kB Oct 23 13:09:35 lsbeast-i2 kernel: [74133.156064] Total swap = 0kB Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164049] 393200 pages of RAM Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164049] 6902 reserved pages Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164049] 2124 pages shared Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164247] 0 pages swap cached Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164396] Out of memory: kill process 5842 (winbindd) score 76798 or a child Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164850] Killed process 5847 (winbindd) Looks like winbind is running out of memory? Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Fri, Oct 23, 2009 at 9:33 AM, Robert LeBlanc rob...@leblancnet.uswrote: Just out of curiosity, do any of you have mdns4_minimal or mdsn4 in your /etc/nsswitch.conf file? I think mdns4 doesn't work too well and I usually take it out, but it was alive and well on these machines. Does removing those items help anyone? Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Thu, Oct 22, 2009 at 4:45 PM, Robert LeBlanc rob...@leblancnet.uswrote: I'm using 3.4.2 right now and I'm seeing a similar problem. We are using winbind to authenticate our users on our Linux cluster. The worker and interactive nodes are on a private subnet that is NATed to the local LAN. Two head nodes provide failover for the NATing. When failover is happening, winbind whacks out. The system is not unusable, but no authentication happens for about 30 minutes after the failover. I'm going to see if I can get iptables to share state between machines to help prevent this, but there needs to be a faster reconnection after domain controllers seem to be down. Robert LeBlanc
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Here is a capture of top at the time: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 5842 root 20 0 873m 6912 4612 S 0.0 0.4 0:01.20 winbindd 5848 root 20 0 872m 3260 2272 S 0.0 0.2 0:00.08 winbindd 5849 root 20 0 872m 3640 2652 S 0.0 0.2 0:00.06 winbindd 5850 root 20 0 872m 3320 2200 S 0.0 0.2 0:00.06 winbindd 5859 root 20 0 874m 2684 1448 S 0.0 0.2 0:00.00 winbindd 5954 root 20 0 872m 3740 2284 S 0.0 0.2 0:00.02 winbindd 5955 root 20 0 872m 3804 2348 S 0.0 0.2 0:00.04 winbindd 6025 root 20 0 873m 15444 S 0.0 0.1 0:00.00 winbindd 6026 root 20 0 873m 15484 S 0.0 0.1 0:00.00 winbindd 6518 root 20 0 873m 5048 3476 S 0.0 0.3 0:00.00 winbindd 6576 root 20 0 873m 6228 4232 S 0.0 0.4 0:00.00 winbindd 5 root RT -5 000 S 0.0 0.0 0:00.00 watchdog/0 529 root 16 -4 21076 6320 S 0.0 0.0 0:00.16 udevd 6574 root 20 0 18824 1264 940 R 0.0 0.1 0:00.10 top 1761 root 20 0 5904 320 184 S 0.0 0.0 0:00.06 syslogd 1805 root 20 0 48868 720 216 S 0.0 0.0 0:00.00 sshd 5768 root 20 0 78572 916 200 S 0.0 0.1 0:00.14 sshd Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Fri, Oct 23, 2009 at 1:17 PM, Robert LeBlanc rob...@leblancnet.uswrote: I also see this in the syslog sometimes: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.132286] rsync invoked oom-killer: gfp_mask=0x201d2, order=0, oomkilladj=0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.132649] Pid: 6516, comm: rsync Not tainted 2.6.26-2-amd64 #1 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.132916] Oct 23 13:09:35 lsbeast-i2 kernel: [74133.132917] Call Trace: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.133470] [802738c0] oom_kill_process+0x57/0x1dc Oct 23 13:09:35 lsbeast-i2 kernel: [74133.133746] [8023b551] __capable+0x9/0x1c Oct 23 13:09:35 lsbeast-i2 kernel: [74133.133993] [80273beb] badness+0x188/0x1c7 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.134245] [80273e1f] out_of_memory+0x1f5/0x28e Oct 23 13:09:35 lsbeast-i2 kernel: [74133.140836] [80276b70] __alloc_pages_internal+0x31d/0x3bf Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141048] [80272d1c] generic_file_aio_read+0x3b7/0x4ae Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141279] [8029ae47] do_sync_read+0xc9/0x10c Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141472] [80246221] autoremove_wake_function+0x0/0x2e Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141682] [8029b638] vfs_read+0xaa/0x152 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.141864] [8029ba19] sys_read+0x45/0x6e Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142046] [8020beca] system_call_after_swapgs+0x8a/0x8f Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142254] Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142376] Mem-info: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142511] Node 0 DMA per-cpu: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142662] CPU0: hi:0, btch: 1 usd: 0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142844] Node 0 DMA32 per-cpu: Oct 23 13:09:35 lsbeast-i2 kernel: [74133.142998] CPU0: hi: 186, btch: 31 usd: 173 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.143183] Active:189862 inactive:179626 dirty:0 writeback:0 unstable:0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.143184] free:3011 slab:7697 mapped:76 pagetables:1122 bounce:0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.143592] Node 0 DMA free:6020kB min:32kB low:40kB high:48kB active:3012kB inactive:2676kB present:10724kB pages_scanned:9007 all_unreclaimable? yes Oct 23 13:09:35 lsbeast-i2 kernel: [74133.144711] lowmem_reserve[]: 0 1499 1499 1499 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.144894] Node 0 DMA32 free:6024kB min:4936kB low:6168kB high:7404kB active:756436kB inactive:715828kB present:1535136kB pages_scanned:626785 all_unreclaimable? no Oct 23 13:09:35 lsbeast-i2 kernel: [74133.145479] lowmem_reserve[]: 0 0 0 0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.145648] Node 0 DMA: 3*4kB 1*8kB 1*16kB 5*32kB 3*64kB 2*128kB 3*256kB 1*512kB 0*1024kB 0*2048kB 1*4096kB = 6020kB Oct 23 13:09:35 lsbeast-i2 kernel: [74133.146045] Node 0 DMA32: 162*4kB 28*8kB 9*16kB 7*32kB 1*64kB 1*128kB 0*256kB 1*512kB 0*1024kB 0*2048kB 1*4096kB = 6040kB Oct 23 13:09:35 lsbeast-i2 kernel: [74133.155603] 364394 total pagecache pages Oct 23 13:09:35 lsbeast-i2 kernel: [74133.155831] Swap cache: add 0, delete 0, find 0/0 Oct 23 13:09:35 lsbeast-i2 kernel: [74133.156064] Free swap = 0kB Oct 23 13:09:35 lsbeast-i2 kernel: [74133.156064] Total swap = 0kB Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164049] 393200 pages of RAM Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164049] 6902 reserved pages Oct 23 13:09:35 lsbeast-i2 kernel: [74133.164049] 2124 pages shared Oct 23
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
On Fri, Oct 23, 2009 at 01:19:46PM -0600, Robert LeBlanc wrote: Here is a capture of top at the time: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 5842 root 20 0 873m 6912 4612 S 0.0 0.4 0:01.20 winbindd 5848 root 20 0 872m 3260 2272 S 0.0 0.2 0:00.08 winbindd 5849 root 20 0 872m 3640 2652 S 0.0 0.2 0:00.06 winbindd 5850 root 20 0 872m 3320 2200 S 0.0 0.2 0:00.06 winbindd 5859 root 20 0 874m 2684 1448 S 0.0 0.2 0:00.00 winbindd 5954 root 20 0 872m 3740 2284 S 0.0 0.2 0:00.02 winbindd 5955 root 20 0 872m 3804 2348 S 0.0 0.2 0:00.04 winbindd 6025 root 20 0 873m 15444 S 0.0 0.1 0:00.00 winbindd 6026 root 20 0 873m 15484 S 0.0 0.1 0:00.00 winbindd 6518 root 20 0 873m 5048 3476 S 0.0 0.3 0:00.00 winbindd 6576 root 20 0 873m 6228 4232 S 0.0 0.4 0:00.00 winbindd 5 root RT -5 000 S 0.0 0.0 0:00.00 watchdog/0 529 root 16 -4 21076 6320 S 0.0 0.0 0:00.16 udevd 6574 root 20 0 18824 1264 940 R 0.0 0.1 0:00.10 top 1761 root 20 0 5904 320 184 S 0.0 0.0 0:00.06 syslogd 1805 root 20 0 48868 720 216 S 0.0 0.0 0:00.00 sshd 5768 root 20 0 78572 916 200 S 0.0 0.1 0:00.14 sshd Well 873m is a little excessive, even for virtual memory :-). That's a memory leak I'd guess. What winbindd version is this ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
3.4.2 Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Fri, Oct 23, 2009 at 1:23 PM, Jeremy Allison j...@samba.org wrote: On Fri, Oct 23, 2009 at 01:19:46PM -0600, Robert LeBlanc wrote: Here is a capture of top at the time: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 5842 root 20 0 873m 6912 4612 S 0.0 0.4 0:01.20 winbindd 5848 root 20 0 872m 3260 2272 S 0.0 0.2 0:00.08 winbindd 5849 root 20 0 872m 3640 2652 S 0.0 0.2 0:00.06 winbindd 5850 root 20 0 872m 3320 2200 S 0.0 0.2 0:00.06 winbindd 5859 root 20 0 874m 2684 1448 S 0.0 0.2 0:00.00 winbindd 5954 root 20 0 872m 3740 2284 S 0.0 0.2 0:00.02 winbindd 5955 root 20 0 872m 3804 2348 S 0.0 0.2 0:00.04 winbindd 6025 root 20 0 873m 15444 S 0.0 0.1 0:00.00 winbindd 6026 root 20 0 873m 15484 S 0.0 0.1 0:00.00 winbindd 6518 root 20 0 873m 5048 3476 S 0.0 0.3 0:00.00 winbindd 6576 root 20 0 873m 6228 4232 S 0.0 0.4 0:00.00 winbindd 5 root RT -5 000 S 0.0 0.0 0:00.00 watchdog/0 529 root 16 -4 21076 6320 S 0.0 0.0 0:00.16 udevd 6574 root 20 0 18824 1264 940 R 0.0 0.1 0:00.10 top 1761 root 20 0 5904 320 184 S 0.0 0.0 0:00.06 syslogd 1805 root 20 0 48868 720 216 S 0.0 0.0 0:00.00 sshd 5768 root 20 0 78572 916 200 S 0.0 0.1 0:00.14 sshd Well 873m is a little excessive, even for virtual memory :-). That's a memory leak I'd guess. What winbindd version is this ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
On Fri, Oct 23, 2009 at 02:34:45PM -0600, Robert LeBlanc wrote: 3.4.2 Ok, what does your smb.conf look like. What is the configured winbindd backend ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Robert, Thank you so much for your efforts! :-) Here is a timed output of a simple getfacl command with the DC powered off: HSA-PFX10101001:/etc/samba # time getfacl /tera getfacl: Removing leading '/' from absolute path names # file: /tera # owner: root # group: root user::rwx user:webadmin:rwx group::r-x group:webadmin:r-x group:2000512:rwx group:2000513:rwx mask::rwx other::r-- default:user::rwx default:group::r-x default:group:webadmin:r-x default:group:2000512:rwx default:group:2000513:rwx default:mask::rwx default:other::r-- real27m17.393s user0m0.036s sys 0m0.048s It took 30 minutes to run! Now here is the same command with winbind turned off: HSA-PFX10101001:/etc/samba # time getfacl /tera getfacl: Removing leading '/' from absolute path names # file: /tera # owner: root # group: root user::rwx user:webadmin:rwx group::r-x group:webadmin:r-x group:2000512:rwx group:2000513:rwx mask::rwx other::r-- default:user::rwx default:group::r-x default:group:webadmin:r-x default:group:2000512:rwx default:group:2000513:rwx default:mask::rwx default:other::r-- real0m0.012s user0m0.004s sys 0m0.008s Next I will do logging of the issue, log level 10 Cheers, -Clayton On Fri, 23 Oct 2009 14:34:45 -0600, Robert LeBlanc rob...@leblancnet.us wrote: 3.4.2 Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Fri, Oct 23, 2009 at 1:23 PM, Jeremy Allison j...@samba.org wrote: On Fri, Oct 23, 2009 at 01:19:46PM -0600, Robert LeBlanc wrote: Here is a capture of top at the time: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 5842 root 20 0 873m 6912 4612 S 0.0 0.4 0:01.20 winbindd 5848 root 20 0 872m 3260 2272 S 0.0 0.2 0:00.08 winbindd 5849 root 20 0 872m 3640 2652 S 0.0 0.2 0:00.06 winbindd 5850 root 20 0 872m 3320 2200 S 0.0 0.2 0:00.06 winbindd 5859 root 20 0 874m 2684 1448 S 0.0 0.2 0:00.00 winbindd 5954 root 20 0 872m 3740 2284 S 0.0 0.2 0:00.02 winbindd 5955 root 20 0 872m 3804 2348 S 0.0 0.2 0:00.04 winbindd 6025 root 20 0 873m 15444 S 0.0 0.1 0:00.00 winbindd 6026 root 20 0 873m 15484 S 0.0 0.1 0:00.00 winbindd 6518 root 20 0 873m 5048 3476 S 0.0 0.3 0:00.00 winbindd 6576 root 20 0 873m 6228 4232 S 0.0 0.4 0:00.00 winbindd 5 root RT -5 000 S 0.0 0.0 0:00.00 watchdog/0 529 root 16 -4 21076 6320 S 0.0 0.0 0:00.16 udevd 6574 root 20 0 18824 1264 940 R 0.0 0.1 0:00.10 top 1761 root 20 0 5904 320 184 S 0.0 0.0 0:00.06 syslogd 1805 root 20 0 48868 720 216 S 0.0 0.0 0:00.00 sshd 5768 root 20 0 78572 916 200 S 0.0 0.1 0:00.14 sshd Well 873m is a little excessive, even for virtual memory :-). That's a memory leak I'd guess. What winbindd version is this ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
I personally am using idmap rid - I wonder what Robert, and the fellow with the laptop who has the bug report has... Note: I will switch to idmap hash in the future.. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = TRUST2K8 realm = TRUST2K8.EDU server string = HSA-PFX10101001 - 10.10.1.154 interfaces = eth2 security = ADS map to guest = Bad User username map = /etc/samba/smbusers log file = /var/log/samba/log%m printcap name = /dev/null disable spoolss = Yes os level = 24 preferred master = Yes local master = No domain master = No idmap config TRUST2K8:range = 200 - 299 idmap config TRUST2K8:base_rid = 0 idmap config TRUST2K8:backend = rid idmap config IDONT:range = 100 - 199 idmap config IDONT:base_rid = 0 idmap config IDONT:backend = rid admin users = webadmin inherit acls = Yes map acl inherit = Yes printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j dos filemode = Yes [tera] comment = big un path = /tera valid users = webadmin, @TRUST2K8\domain admins, @TRUST2K8\domain users write list = webadmin, @TRUST2K8\domain admins, @TRUST2K8\domain users read only = No Cheers, -Clayton On Fri, 23 Oct 2009 13:45:29 -0700, Jeremy Allison j...@samba.org wrote: On Fri, Oct 23, 2009 at 02:34:45PM -0600, Robert LeBlanc wrote: 3.4.2 Ok, what does your smb.conf look like. What is the configured winbindd backend ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
On Fri, Oct 23, 2009 at 2:45 PM, Jeremy Allison j...@samba.org wrote: On Fri, Oct 23, 2009 at 02:34:45PM -0600, Robert LeBlanc wrote: 3.4.2 Ok, what does your smb.conf look like. What is the configured winbindd backend ? We have switched to hash for the increased flexibility. I have flushed the idmap cache and everything resolves perfectly when a DC is contactable. #=== Global Settings === [global] workgroup = byu realm = BYU.LOCAL preferred master = no server string = %h server dns proxy = no Debugging/Accounting log file = /cluster/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d ### Authentication ### security = ADS encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes invalid users = root unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes ## Printing ## load printers = no printing = bsd printcap name = /dev/null show add printer wizard = no disable spoolss = yes Misc socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # allow trusted domains = No # idmap backend = rid:BYU=1-1 # idmap config BYU:backend = rid # idmap config BYU:range = 1-1 # idmap uid = 1-1 # idmap gid = 1-1 idmap backend = hash winbind nss info = hash winbind use default domain = yes winbind separator = + winbind enum groups = no winbind enum users = no winbind nested groups = yes template homedir = /home/%U template shell = /bin/bash winbind refresh tickets = yes # use kerberos keytab = yes # kerberos method = system keytab # should work after bug is fixed winbind offline logon = yes #=== Share Definitions === Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Ok folks, Got ya some log level 10 of this fun stuff.. Steps: First everything is normal. DCs are up. Log level 10 is set. I run wbinfo -t I run net ads info I run net ads testjoin then I bring the DC down. Now I run time getfacl /xymount/tera HSA-PFX10101001:/var/log/samba # time getfacl /xymount/tera getfacl: Removing leading '/' from absolute path names # file: xymount/tera # owner: root # group: root user::rwx user:webadmin:rwx group::r-x group:webadmin:r-x group:2000512:rwx group:2000513:rwx mask::rwx other::r-- default:user::rwx default:group::r-x default:group:webadmin:r-x default:group:2000512:rwx default:group:2000513:rwx default:mask::rwx default:other::r-- real29m10.058s user0m0.020s sys 0m0.008s Then I bring the DCs back up then I run again getfacl /xymount/tera All is well - winbind recovered after the DCs were back up. This must be because Im on 3.4.2 now instead of 3.2.X or earlier which would not recover quickly after the DCs were back. LOGS here: ftp://djfuq.org/logs10.tar Cheers, -Clayton On Fri, 23 Oct 2009 14:51:03 -0600, Robert LeBlanc rob...@leblancnet.us wrote: On Fri, Oct 23, 2009 at 2:45 PM, Jeremy Allison j...@samba.org wrote: On Fri, Oct 23, 2009 at 02:34:45PM -0600, Robert LeBlanc wrote: 3.4.2 Ok, what does your smb.conf look like. What is the configured winbindd backend ? We have switched to hash for the increased flexibility. I have flushed the idmap cache and everything resolves perfectly when a DC is contactable. #=== Global Settings === [global] workgroup = byu realm = BYU.LOCAL preferred master = no server string = %h server dns proxy = no Debugging/Accounting log file = /cluster/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d ### Authentication ### security = ADS encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes invalid users = root unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes ## Printing ## load printers = no printing = bsd printcap name = /dev/null show add printer wizard = no disable spoolss = yes Misc socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # allow trusted domains = No # idmap backend = rid:BYU=1-1 # idmap config BYU:backend = rid # idmap config BYU:range = 1-1 # idmap uid = 1-1 # idmap gid = 1-1 idmap backend = hash winbind nss info = hash winbind use default domain = yes winbind separator = + winbind enum groups = no winbind enum users = no winbind nested groups = yes template homedir = /home/%U template shell = /bin/bash winbind refresh tickets = yes # use kerberos keytab = yes # kerberos method = system keytab # should work after bug is fixed winbind offline logon = yes #=== Share Definitions === Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Doh! wrong protocol for logs! lol here is the right link: http://djfuq.org/logs10.tar have alot of fun -Clayton On Fri, 23 Oct 2009 17:33:15 -0600, ad...@ateamonsite.com wrote: Ok folks, Got ya some log level 10 of this fun stuff.. Steps: First everything is normal. DCs are up. Log level 10 is set. I run wbinfo -t I run net ads info I run net ads testjoin then I bring the DC down. Now I run time getfacl /xymount/tera HSA-PFX10101001:/var/log/samba # time getfacl /xymount/tera getfacl: Removing leading '/' from absolute path names # file: xymount/tera # owner: root # group: root user::rwx user:webadmin:rwx group::r-x group:webadmin:r-x group:2000512:rwx group:2000513:rwx mask::rwx other::r-- default:user::rwx default:group::r-x default:group:webadmin:r-x default:group:2000512:rwx default:group:2000513:rwx default:mask::rwx default:other::r-- real29m10.058s user0m0.020s sys 0m0.008s Then I bring the DCs back up then I run again getfacl /xymount/tera All is well - winbind recovered after the DCs were back up. This must be because Im on 3.4.2 now instead of 3.2.X or earlier which would not recover quickly after the DCs were back. LOGS here: ftp://djfuq.org/logs10.tar Cheers, -Clayton On Fri, 23 Oct 2009 14:51:03 -0600, Robert LeBlanc rob...@leblancnet.us wrote: On Fri, Oct 23, 2009 at 2:45 PM, Jeremy Allison j...@samba.org wrote: On Fri, Oct 23, 2009 at 02:34:45PM -0600, Robert LeBlanc wrote: 3.4.2 Ok, what does your smb.conf look like. What is the configured winbindd backend ? We have switched to hash for the increased flexibility. I have flushed the idmap cache and everything resolves perfectly when a DC is contactable. #=== Global Settings === [global] workgroup = byu realm = BYU.LOCAL preferred master = no server string = %h server dns proxy = no Debugging/Accounting log file = /cluster/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d ### Authentication ### security = ADS encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes invalid users = root unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes ## Printing ## load printers = no printing = bsd printcap name = /dev/null show add printer wizard = no disable spoolss = yes Misc socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # allow trusted domains = No # idmap backend = rid:BYU=1-1 # idmap config BYU:backend = rid # idmap config BYU:range = 1-1 # idmap uid = 1-1 # idmap gid = 1-1 idmap backend = hash winbind nss info = hash winbind use default domain = yes winbind separator = + winbind enum groups = no winbind enum users = no winbind nested groups = yes template homedir = /home/%U template shell = /bin/bash winbind refresh tickets = yes # use kerberos keytab = yes # kerberos method = system keytab # should work after bug is fixed winbind offline logon = yes #=== Share Definitions === Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
On Fri, Oct 23, 2009 at 02:34:45PM -0600, Robert LeBlanc wrote: 3.4.2 Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Fri, Oct 23, 2009 at 1:23 PM, Jeremy Allison j...@samba.org wrote: On Fri, Oct 23, 2009 at 01:19:46PM -0600, Robert LeBlanc wrote: Here is a capture of top at the time: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 5842 root 20 0 873m 6912 4612 S 0.0 0.4 0:01.20 winbindd 5848 root 20 0 872m 3260 2272 S 0.0 0.2 0:00.08 winbindd 5849 root 20 0 872m 3640 2652 S 0.0 0.2 0:00.06 winbindd 5850 root 20 0 872m 3320 2200 S 0.0 0.2 0:00.06 winbindd 5859 root 20 0 874m 2684 1448 S 0.0 0.2 0:00.00 winbindd 5954 root 20 0 872m 3740 2284 S 0.0 0.2 0:00.02 winbindd 5955 root 20 0 872m 3804 2348 S 0.0 0.2 0:00.04 winbindd 6025 root 20 0 873m 1544 4 S 0.0 0.1 0:00.00 winbindd 6026 root 20 0 873m 1548 4 S 0.0 0.1 0:00.00 winbindd 6518 root 20 0 873m 5048 3476 S 0.0 0.3 0:00.00 winbindd 6576 root 20 0 873m 6228 4232 S 0.0 0.4 0:00.00 winbindd 5 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/0 529 root 16 -4 21076 632 0 S 0.0 0.0 0:00.16 udevd 6574 root 20 0 18824 1264 940 R 0.0 0.1 0:00.10 top 1761 root 20 0 5904 320 184 S 0.0 0.0 0:00.06 syslogd 1805 root 20 0 48868 720 216 S 0.0 0.0 0:00.00 sshd 5768 root 20 0 78572 916 200 S 0.0 0.1 0:00.14 sshd Well 873m is a little excessive, even for virtual memory :-). That's a memory leak I'd guess. What winbindd version is this ? Ok, can you get a message pool usage dump by doing: smbcontrol pid pool-usage on one of the monstrous winbindd processes please ? Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Hi Jason, Yup you got the same problem - just going about it a sorta different way - ouch that must really suck having winbind\ADdomain own the account you are logged in as. bummer! My problem is slightly less serious as I am trying to use my local accounts (such as root) and I just use samba as a domain member to host files with AD ACLs in the filesystem permissions... but we see the same bug. because winbind (even caching) kills access to my local accounts. I hope this is fixed in 3.4 (I just installed it yesterday) I haven't had a chance to run the same test on 3.4 possibilities: winbind is not caching right to allow smooth operation when the DC is offline and the system is virtually locked up winbind doesnt know the moment it cant connect to the DC that it should really use cache or just buzz off and die somehow winbind may or may not connect back up to the DC immediately I need to play with parameters and see what the new winbind options in 3.4 do. I have been on 3.2 until yesterday. Thanks for the info on the bug report.. Cheers, -Clayton Jason Haar wrote: Just a FYI, but this looks an awful lot like the bug I reported months ago https://bugzilla.samba.org/show_bug.cgi?id=6103 Basically I'm running Fedora11 with no local accounts (beyond root) - relying on winbind. On occasion winbind appears to hang - and no local access works - including root - which shouldn't need winbind to succeed! Normally I have to reboot to fix, however if I was lucky enough for it to happen before my screensaver kicked in, then simply restarting winbind fixes the problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
I'm using 3.4.2 right now and I'm seeing a similar problem. We are using winbind to authenticate our users on our Linux cluster. The worker and interactive nodes are on a private subnet that is NATed to the local LAN. Two head nodes provide failover for the NATing. When failover is happening, winbind whacks out. The system is not unusable, but no authentication happens for about 30 minutes after the failover. I'm going to see if I can get iptables to share state between machines to help prevent this, but there needs to be a faster reconnection after domain controllers seem to be down. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Thu, Oct 22, 2009 at 1:55 AM, Clayton Hill ad...@ateamonsite.com wrote: Hi Jason, Yup you got the same problem - just going about it a sorta different way - ouch that must really suck having winbind\ADdomain own the account you are logged in as. bummer! My problem is slightly less serious as I am trying to use my local accounts (such as root) and I just use samba as a domain member to host files with AD ACLs in the filesystem permissions... but we see the same bug. because winbind (even caching) kills access to my local accounts. I hope this is fixed in 3.4 (I just installed it yesterday) I haven't had a chance to run the same test on 3.4 possibilities: winbind is not caching right to allow smooth operation when the DC is offline and the system is virtually locked up winbind doesnt know the moment it cant connect to the DC that it should really use cache or just buzz off and die somehow winbind may or may not connect back up to the DC immediately I need to play with parameters and see what the new winbind options in 3.4 do. I have been on 3.2 until yesterday. Thanks for the info on the bug report.. Cheers, -Clayton Jason Haar wrote: Just a FYI, but this looks an awful lot like the bug I reported months ago https://bugzilla.samba.org/show_bug.cgi?id=6103 Basically I'm running Fedora11 with no local accounts (beyond root) - relying on winbind. On occasion winbind appears to hang - and no local access works - including root - which shouldn't need winbind to succeed! Normally I have to reboot to fix, however if I was lucky enough for it to happen before my screensaver kicked in, then simply restarting winbind fixes the problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
On 10/23/2009 11:45 AM, Robert LeBlanc wrote: I'm using 3.4.2 right now and I'm seeing a similar problem. We are using winbind to authenticate our users on our Linux cluster. The worker and interactive nodes are on a private subnet that is NATed to the local LAN. Two head nodes provide failover for the NATing. When failover is happening, winbind whacks out. The system is not unusable, but no authentication happens for about 30 minutes after the failover. I'm going to see if I can get iptables to share state between machines to help prevent this, but there needs to be a faster reconnection after domain controllers seem to be down. What I see (as a winbind-laptop user) is that sometimes winbind thinks it has working connections to domain controllers when either the network is down or is no longer the corporate network. e.g. I can be logged in at work, sleep my laptop and take it home. After coming out of sleep, netstat -t shows that there are still ESTABLISHED tcp sessions to domain controllers - even though my home network has no access to my work network. I think winbind then gets into a state where it is continually trying to talk to these non-available domain controllers and it never gives up - and so the offline mode never kicks in. It's got so bad that I now have scripts that run whenever a network change occurs, to check if winbind is stuck and restart accordingly. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
On Fri, Oct 23, 2009 at 12:13:22PM +1300, Jason Haar wrote: On 10/23/2009 11:45 AM, Robert LeBlanc wrote: I'm using 3.4.2 right now and I'm seeing a similar problem. We are using winbind to authenticate our users on our Linux cluster. The worker and interactive nodes are on a private subnet that is NATed to the local LAN. Two head nodes provide failover for the NATing. When failover is happening, winbind whacks out. The system is not unusable, but no authentication happens for about 30 minutes after the failover. I'm going to see if I can get iptables to share state between machines to help prevent this, but there needs to be a faster reconnection after domain controllers seem to be down. What I see (as a winbind-laptop user) is that sometimes winbind thinks it has working connections to domain controllers when either the network is down or is no longer the corporate network. e.g. I can be logged in at work, sleep my laptop and take it home. After coming out of sleep, netstat -t shows that there are still ESTABLISHED tcp sessions to domain controllers - even though my home network has no access to my work network. I think winbind then gets into a state where it is continually trying to talk to these non-available domain controllers and it never gives up - and so the offline mode never kicks in. It's got so bad that I now have scripts that run whenever a network change occurs, to check if winbind is stuck and restart accordingly. Hmmm. If netstat -t shows an established TCP connection then that's active in the kernel. winbindd will then use that connection (as it think's it's ok). It should correctly time out (20 - 30 seconds) and then tear down and re-establish if the DC isn't responding. Can you post debug level 10 logs from winbindd in this state to your bug report (apologies if you've already done so, I've been triaging 3.4.3 blocker bugs this week). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Just a FYI, but this looks an awful lot like the bug I reported months ago https://bugzilla.samba.org/show_bug.cgi?id=6103 Basically I'm running Fedora11 with no local accounts (beyond root) - relying on winbind. On occasion winbind appears to hang - and no local access works - including root - which shouldn't need winbind to succeed! Normally I have to reboot to fix, however if I was lucky enough for it to happen before my screensaver kicked in, then simply restarting winbind fixes the problem. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
- Original Message From: Clayton Hill ad...@ateamonsite.com To: Matthew J. Salerno vagabond_k...@yahoo.com Cc: samba@lists.samba.org; Jeremy Allison j...@samba.org Sent: Sun, October 18, 2009 7:49:01 PM Subject: Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity) Thanks for confirming my config is good. I already know about the old problem with SSH and reverse DNS lookups. That actually takes about 5 minutes or less to log in, with this issue be prepared to wait almost an hour if it even works. Similar but not the same issue. Please, to get an understanding of this problem do the following steps to reproduce this problem. SUSE 11.0 Samba 3.2 Join windows 2003 AD domain (with 40,000 objects) using net ads join Take domain controller offline. Try to log in LOCALLY as ROOT to your console on your domain member linux box. Do not even bother to log in as any samba user of do ANYTHING samba related. Watch as it takes more time than bearable (I am talking MORE THAN 20 minutes!) to0 log in to the LOCAL TERMINAL attempt to do the same with ssh if you are already logged in before you do this test as root LOCALLY TTY then try and run simple commands such as: top,ls,ps,man etc etc After seeing the problem clearly simply do this to become unstuck: killall winbindd or service winbind stop have a lot of fun. Cheers, -Clayton Matthew J. Salerno wrote: Your /etc/nsswitch.conf looks correct to me. For services like ssh, you should just disable ptr lookups (VerifyReverseMapping no). Regarding winbind, do you have any services or processes running on the box as a domain user? Perhaps there is a timeout setting for krb and winbind. I don't recall seeing one for winbind, but I would imagine that there is one for kerberos. Have you bumped up the debugging and purposefully caused an ad failure (ifdown or bad route) ? Have you had the console open and watched top to see if it's a processes consuming to much cpu? What kind of troubleshooting have you done? and what are the results? - Original Message From: ad...@ateamonsite.com ad...@ateamonsite.com To: ad...@ateamonsite.com Cc: samba@lists.samba.org; Jeremy Allison j...@samba.org Sent: Fri, October 16, 2009 3:59:45 PM Subject: Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity) Ok I am not hearing replies back - I dont want this issue to be swept under the rug. It has been a issue for me since SuSE 10.1 + samba-3.0.30-0.1.112 even.. I know now that the commands I was telling you all access UN/PW info such as LS or MAN etc, to see if you have permission to run them? IDK I am guessing. BUT - if winbind is really caching and the connection is lost, then this should be a non-issue as you say. Well here is my nsswitch.conf: cat /etc/nsswitch.conf passwd: compat winbind group: compat winbind networks: files dns services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files aliases: files hosts: files dns shadow: compat Isn't this set up right? ;-) So, famously when DNS is down, crap like SSH and NFS take unreasonable amounts of time and cause system hangs in linux. This is what I've been told, and I can accept that. Since DNS is hosted on the AD server, when that server goes down, SSH, and even local login hang for extremely long amounts of time - im talking more than 10 minutes... then fail. In Windows (im sorry Im about to compare 2 operating systems) this is a non issue and you can use the machine even if the networking is hosed or you cant talk to the AD. So... BUMP! :-) On Wed, 14 Oct 2009 16:51:10 -0600, ad...@ateamonsite.com wrote: Hopefully that isn't a bad thing! haha Thanks! On Wed, 14 Oct 2009 15:44:54 -0700, Jeremy Allison j...@samba.org wrote: On Wed, Oct 14, 2009 at 04:02:41PM -0600, ad...@ateamonsite.com wrote: Hi Jeremy, Sorry, didn't look too closely at your winbindd issue. winbindd will cache all information to allow disconnected operation (we made this work perfectly at SuSE), so there certainly shouldn't be a problem with a loss of connection to a DC. I am sorry to report that I am in fact using SuSE, and this problem is very easy to reproduce if I power off my AD domain, then wait (I guess) 10 minutes - then try and ssh to my Linux box. There is no way to log into the box. Ok, then I'm going to hand you over to the SuSE Samba Team maintainers on this list (sorry :-). Jeremy. I don't have the time to setup an environment to match yours, but I did take the time to go back to your initial post and read through your smb.conf. 1. http://samba.org/samba/docs/man/manpages-3/winbindd.8.html - Did you check
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Hi Matthew, /I don't have the time to setup an environment to match yours, but I did take the time to go back to your initial post and read through your smb.conf./ Understandable, but that is not going to be of much help if you don't have a way to reproduce this issue.. and I'll be answering too many basic questions. ;-) / 1. http://samba.org/samba/docs/man/manpages-3/winbindd.8.html - Did you check your winbind config to make sure you are not running it with a -n ? / Yes. I am using the default init script to start and stop winbind. Remember I am using suse 11.0 x86_64 BUT I have tested this without -n which is a totally useless way to run winbind and ironically should be far worse usability-wise than this scenario - but isn't. 2. http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html - Have you tried playing with the winbind cache time, winbind offline logon, winbind reconnect delay and idmap cache time settings? I will reread those options in the man page, but what do you recommend here? Feels like a shot in the dark, and a lengthy way to randomly test this. IE: This test renders a samba machine useless every time it is ran... so very long, slow, shots in the dark here. _Need some experienced expert advice here on which options are best to modify and why._ / 3. Have you tried increasing the log level and enabling winbind debug and creating an artificial outage and then review the logs?/ Yes - I will give you a snippet of log level 2 though during a fake AD outage in a bit. I doubt it will be useful but I'll try it. / Again, what kind of troubleshooting have you done and what are the results?/ Please- try and reproduce this issue. It will become quite obvious to you after that. Thanks, -Clayton Matthew J. Salerno wrote: - Original Message From: Clayton Hill ad...@ateamonsite.com To: Matthew J. Salerno vagabond_k...@yahoo.com Cc: samba@lists.samba.org; Jeremy Allison j...@samba.org Sent: Sun, October 18, 2009 7:49:01 PM Subject: Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity) Thanks for confirming my config is good. I already know about the old problem with SSH and reverse DNS lookups. That actually takes about 5 minutes or less to log in, with this issue be prepared to wait almost an hour if it even works. Similar but not the same issue. Please, to get an understanding of this problem do the following steps to reproduce this problem. SUSE 11.0 Samba 3.2 Join windows 2003 AD domain (with 40,000 objects) using net ads join Take domain controller offline. Try to log in LOCALLY as ROOT to your console on your domain member linux box. Do not even bother to log in as any samba user of do ANYTHING samba related. Watch as it takes more time than bearable (I am talking MORE THAN 20 minutes!) to0 log in to the LOCAL TERMINAL attempt to do the same with ssh if you are already logged in before you do this test as root LOCALLY TTY then try and run simple commands such as: top,ls,ps,man etc etc After seeing the problem clearly simply do this to become unstuck: killall winbindd or service winbind stop have a lot of fun. Cheers, -Clayton Matthew J. Salerno wrote: Your /etc/nsswitch.conf looks correct to me. For services like ssh, you should just disable ptr lookups (VerifyReverseMapping no). Regarding winbind, do you have any services or processes running on the box as a domain user? Perhaps there is a timeout setting for krb and winbind. I don't recall seeing one for winbind, but I would imagine that there is one for kerberos. Have you bumped up the debugging and purposefully caused an ad failure (ifdown or bad route) ? Have you had the console open and watched top to see if it's a processes consuming to much cpu? What kind of troubleshooting have you done? and what are the results? - Original Message From: ad...@ateamonsite.com ad...@ateamonsite.com To: ad...@ateamonsite.com Cc: samba@lists.samba.org; Jeremy Allison j...@samba.org Sent: Fri, October 16, 2009 3:59:45 PM Subject: Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity) Ok I am not hearing replies back - I dont want this issue to be swept under the rug. It has been a issue for me since SuSE 10.1 + samba-3.0.30-0.1.112 even.. I know now that the commands I was telling you all access UN/PW info such as LS or MAN etc, to see if you have permission to run them? IDK I am guessing. BUT - if winbind is really caching and the connection is lost, then this should be a non-issue as you say. Well here is my nsswitch.conf: cat /etc/nsswitch.conf passwd: compat winbind group: compat winbind networks: files dns services: files protocols: files rpc:files ethers: files netmasks: files netgroup: files publickey: files bootparams:files automount: files aliases:files
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
From: Clayton Hill ad...@ateamonsite.com To: Matthew J. Salerno vagabond_k...@yahoo.com Cc: samba@lists.samba.org Sent: Mon, October 19, 2009 1:20:00 PM Subject: Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity) Hi Matthew, I don't have the time to setup an environment to match yours, but I did take the time to go back to your initial post and read through your smb.conf. Understandable, but that is not going to be of much help if you don't have a way to reproduce this issue.. and I'll be answering too many basic questions. ;-) 1. http://samba.org/samba/docs/man/manpages-3/winbindd.8.html - Did you check your winbind config to make sure you are not running it with a -n ? Yes. I am using the default init script to start and stop winbind. Remember I am using suse 11.0 x86_64 BUT I have tested this without -n which is a totally useless way to run winbind and ironically should be far worse usability-wise than this scenario - but isn't. 2. http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html - Have you tried playing with the winbind cache time, winbind offline logon, winbind reconnect delay and idmap cache time settings? I will reread those options in the man page, but what do you recommend here? Feels like a shot in the dark, and a lengthy way to randomly test this. IE: This test renders a samba machine useless every time it is ran... so very long, slow, shots in the dark here. Need some experienced expert advice here on which options are best to modify and why. 3. Have you tried increasing the log level and enabling winbind debug and creating an artificial outage and then review the logs? Yes - I will give you a snippet of log level 2 though during a fake AD outage in a bit. I doubt it will be useful but I'll try it. Again, what kind of troubleshooting have you done and what are the results? Please- try and reproduce this issue. It will become quite obvious to you after that. Thanks, -Clayton Matthew J. Salerno wrote: - Original Message From: Clayton Hill ad...@ateamonsite.com To: Matthew J. Salerno vagabond_k...@yahoo.com Cc: samba@lists.samba.org; Jeremy Allison j...@samba.org Sent: Sun, October 18, 2009 7:49:01 PM Subject: Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity) Thanks for confirming my config is good. I already know about the old problem with SSH and reverse DNS lookups. That actually takes about 5 minutes or less to log in, with this issue be prepared to wait almost an hour if it even works. Similar but not the same issue. Please, to get an understanding of this problem do the following steps to reproduce this problem. SUSE 11.0 Samba 3.2 Join windows 2003 AD domain (with 40,000 objects) using net ads join Take domain controller offline. Try to log in LOCALLY as ROOT to your console on your domain member linux box. Do not even bother to log in as any samba user of do ANYTHING samba related. Watch as it takes more time than bearable (I am talking MORE THAN 20 minutes!) to0 log in to the LOCAL TERMINAL attempt to do the same with ssh if you are already logged in before you do this test as root LOCALLY TTY then try and run simple commands such as: top,ls,ps,man etc etc After seeing the problem clearly simply do this to become unstuck: killall winbindd or service winbind stop have a lot of fun. Cheers, -Clayton Matthew J. Salerno wrote: Your /etc/nsswitch.conf looks correct to me. For services like ssh, you should just disable ptr lookups (VerifyReverseMapping no). Regarding winbind, do you have any services or processes running on the box as a domain user? Perhaps there is a timeout setting for krb and winbind. I don't recall seeing one for winbind, but I would imagine that there is one for kerberos. Have you bumped up the debugging and purposefully caused an ad failure (ifdown or bad route) ? Have you had the console open and watched top to see if it's a processes consuming to much cpu? What kind of troubleshooting have you done? and what are the results? - Original Message From: ad...@ateamonsite.com ad...@ateamonsite.com To: ad...@ateamonsite.com Cc: samba@lists.samba.org; Jeremy Allison j...@samba.org Sent: Fri, October 16, 2009 3:59:45 PM Subject: Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity) Ok I am not hearing replies back - I dont want this issue to be swept under the rug. It has been a issue for me since SuSE 10.1 + samba-3.0.30-0.1.112 even.. I know now that the commands I was telling you all access UN/PW info such as LS or MAN etc, to see if you have permission to run them? IDK I am guessing. BUT - if winbind is really caching and the connection is lost, then this should be a non-issue as you say. Well here is my nsswitch.conf
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Matthew J. Salerno wrote: Please understand that I am not a samba dev, I am just an average user who is willing to help others out when I can because I know how much it sucks to be stuck. I do not have the time to mirror your environment. Regarding the settings I recommended in my last post, I'm not sure what the best settings would be for them, but since they all deal with caching info from AD I figured that they might be usefull. Honestly, I would set them all to cache for a very long time, simulate outtage, adjust and repeat. Have you checked on any suse forums? If it is a suse issue, chances are that you are not the only person having this problem. I'll try the outage out in my Redhat env. I appreciate your help, dev or not - even though my answers are somewhat glib. (hopefully amusing!) honestly wish I could have posted this to the samba technical list instead... but I like the chain of command here. Also, I didnt find anything useful on the suse forums and I besides, I dont think this is suse issue. Plus I hope to avoid standard overgeneralized tech support/newbie Linux user questions, or inflated forum moderator egos by posting here instead. I guaranty they would ask me the opposite question: hey did you check the samba forums? ;-) Those options you mentioned: idmap cache time (G) This parameter specifies the number of seconds that Winbind's idmap interface will cache positive SID/uid/gid query results. Default: //|idmap cache time|/ = |604800 (one week)| / This default setting looks fine to me... one week is a lot longer than 1 hour so this I dont believe causes this issue nor does it help alleviate the symptoms. Maybe I am wrong. idmap negative cache time (G) This parameter specifies the number of seconds that Winbind's idmap interface will cache negative SID/uid/gid query results. Default: //|idmap negative cache time|/ = |120| / 120 what? hmmm seconds? minutes? LOL I am assuming the term negative is not an integer and that it means bad. Since I do not query bad SIDs in this test I dont think this is the cause either. Maybe I am wrong. winbind cache time (G) This parameter specifies the number of seconds the winbindd(8) http://samba.org/samba/docs/man/manpages-3/winbindd.8.html daemon will cache user and group information before querying a Windows NT server again. This does not apply to authentication requests, these are always evaluated in real time unless the winbind offline logon http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WINBINDOFFLINELOGON option has been enabled. Default: //|winbind cache time|/ = |300| / 300 what? -- years? fortnights? furlongs? farthings? bushels? bottles of beer on the wall? This setting may be useful... but the problem with messing with this is once the limit is reached - the system is still unusable. Messing with this I do not see the system go back to a usable state in a reasonable amount of time once the AD is back up either. Perhaps my goal is to find out if this is a design misstep, and if so have devs fix that issue and make samba more resilient, able to tell if the AD is up or down at a moments notice, and not fubar the samba server during a AD server outage. You know, like you would see if you used a windows workstation winbind offline logon (G) This isnt really what I am doing here. I am not using this samba box as a workstation. I am using it as a NAS joined to a AD domain. The only querys it does is validate passwords for logging into CIFS shares from windows workstations, and set/read ACLs in the filesystem. Neither of which cause this condition of the system becoming unresponsive. All you need to do is take the AD offline for a minute or two. -- Option Disqualified! ;-) winbind reconnect delay (G) This parameter specifies the number of seconds the winbindd(8) http://samba.org/samba/docs/man/manpages-3/winbindd.8.html daemon will wait between attempts to contact a Domain controller for a domain that is determined to be down or not contactable. Default: //|winbind reconnect delay|/ = |30|/ Hmm 30 bottles of beer? I am guessiung seconds. If this is true, then I should not have this issue once the AD is back up. I have seen this problem continue long after the AD is back up and running so this causes concern. If this was working right then it looks like it would cure my problem and know immediately if the AD was up or down if I set it to 5 instead of 30 -- but hey it could be 30 minutes, hours, days etc - I dont know! Hope this helps! Thanks, -Clayton *From:* Clayton Hill ad...@ateamonsite.com *To:* Matthew J. Salerno vagabond_k...@yahoo.com *Cc:* samba@lists.samba.org *Sent:* Mon, October 19, 2009 1:20:00 PM *Subject:* Re: [Samba] winbind causes Linux to lockup when connectivity to AD
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
On 10/19/2009, Clayton Hill (ad...@ateamonsite.com) wrote: idmap negative cache time (G) This parameter specifies the number of seconds that Winbind's idmap snip 120 what? hmmm seconds? minutes? LOL and winbind cache time (G) This parameter specifies the number of seconds snip 300 what? -- years? fortnights? furlongs? farthings? bushels? bottles of beer on the wall? Ummm...in both of these cases, it says quite plainly that it is SECONDS. -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Doh! Missed that! LOL Thanks :-) Charles Marcus wrote: On 10/19/2009, Clayton Hill (ad...@ateamonsite.com) wrote: idmap negative cache time (G) This parameter specifies the number of seconds that Winbind's idmap snip 120 what? hmmm seconds? minutes? LOL and winbind cache time (G) This parameter specifies the number of seconds snip 300 what? -- years? fortnights? furlongs? farthings? bushels? bottles of beer on the wall? Ummm...in both of these cases, it says quite plainly that it is SECONDS. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Good to know, and your description fits my understanding of this issue and reproduces my scenario well. Basically all I have to to render the server completely unresponsive (even basic command line stuff) is take _any_ domain offline. This seems to mean winbind's caching is not behaving as designed. François Legal wrote: I don't know if it helps, but I ran through similar problems with one samba DC trusting another domain connected via a VPN. Each time the VPN went down, I had to hard reboot the server (no I did not have an open session all the time to kill winbindd). As far as I remember, this was with self built versions 3.2.4 through 3.2.6. After that, I decided to surrender with trusting another domain with samba. François On Fri, 16 Oct 2009 13:59:45 -0600, ad...@ateamonsite.com wrote: Ok I am not hearing replies back - I dont want this issue to be swept under the rug. It has been a issue for me since SuSE 10.1 + samba-3.0.30-0.1.112 even.. I know now that the commands I was telling you all access UN/PW info such as LS or MAN etc, to see if you have permission to run them? IDK I am guessing. BUT - if winbind is really caching and the connection is lost, then this should be a non-issue as you say. Well here is my nsswitch.conf: cat /etc/nsswitch.conf passwd: compat winbind group: compat winbind networks: files dns services: files protocols: files rpc:files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files aliases:files hosts: files dns shadow: compat Isn't this set up right? ;-) So, famously when DNS is down, crap like SSH and NFS take unreasonable amounts of time and cause system hangs in linux. This is what I've been told, and I can accept that. Since DNS is hosted on the AD server, when that server goes down, SSH, and even local login hang for extremely long amounts of time - im talking more than 10 minutes... then fail. In Windows (im sorry Im about to compare 2 operating systems) this is a non issue and you can use the machine even if the networking is hosed or you cant talk to the AD. So... BUMP! :-) On Wed, 14 Oct 2009 16:51:10 -0600, ad...@ateamonsite.com wrote: Hopefully that isn't a bad thing! haha Thanks! On Wed, 14 Oct 2009 15:44:54 -0700, Jeremy Allison j...@samba.org wrote: On Wed, Oct 14, 2009 at 04:02:41PM -0600, ad...@ateamonsite.com wrote: Hi Jeremy, Sorry, didn't look too closely at your winbindd issue. winbindd will cache all information to allow disconnected operation (we made this work perfectly at SuSE), so there certainly shouldn't be a problem with a loss of connection to a DC. I am sorry to report that I am in fact using SuSE, and this problem is very easy to reproduce if I power off my AD domain, then wait (I guess) 10 minutes - then try and ssh to my Linux box. There is no way to log into the box. Ok, then I'm going to hand you over to the SuSE Samba Team maintainers on this list (sorry :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Thanks for confirming my config is good. I already know about the old problem with SSH and reverse DNS lookups. That actually takes about 5 minutes or less to log in, with this issue be prepared to wait almost an hour if it even works. Similar but not the same issue. Please, to get an understanding of this problem do the following steps to reproduce this problem. SUSE 11.0 Samba 3.2 Join windows 2003 AD domain (with 40,000 objects) using net ads join Take domain controller offline. Try to log in LOCALLY as ROOT to your console on your domain member linux box. Do not even bother to log in as any samba user of do ANYTHING samba related. Watch as it takes more time than bearable (I am talking MORE THAN 20 minutes!) to0 log in to the LOCAL TERMINAL attempt to do the same with ssh if you are already logged in before you do this test as root LOCALLY TTY then try and run simple commands such as: top,ls,ps,man etc etc After seeing the problem clearly simply do this to become unstuck: killall winbindd or service winbind stop have a lot of fun. Cheers, -Clayton Matthew J. Salerno wrote: Your /etc/nsswitch.conf looks correct to me. For services like ssh, you should just disable ptr lookups (VerifyReverseMapping no). Regarding winbind, do you have any services or processes running on the box as a domain user? Perhaps there is a timeout setting for krb and winbind. I don't recall seeing one for winbind, but I would imagine that there is one for kerberos. Have you bumped up the debugging and purposefully caused an ad failure (ifdown or bad route) ? Have you had the console open and watched top to see if it's a processes consuming to much cpu? What kind of troubleshooting have you done? and what are the results? - Original Message From: ad...@ateamonsite.com ad...@ateamonsite.com To: ad...@ateamonsite.com Cc: samba@lists.samba.org; Jeremy Allison j...@samba.org Sent: Fri, October 16, 2009 3:59:45 PM Subject: Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity) Ok I am not hearing replies back - I dont want this issue to be swept under the rug. It has been a issue for me since SuSE 10.1 + samba-3.0.30-0.1.112 even.. I know now that the commands I was telling you all access UN/PW info such as LS or MAN etc, to see if you have permission to run them? IDK I am guessing. BUT - if winbind is really caching and the connection is lost, then this should be a non-issue as you say. Well here is my nsswitch.conf: cat /etc/nsswitch.conf passwd: compat winbind group: compat winbind networks: files dns services: files protocols: files rpc:files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files aliases:files hosts: files dns shadow: compat Isn't this set up right? ;-) So, famously when DNS is down, crap like SSH and NFS take unreasonable amounts of time and cause system hangs in linux. This is what I've been told, and I can accept that. Since DNS is hosted on the AD server, when that server goes down, SSH, and even local login hang for extremely long amounts of time - im talking more than 10 minutes... then fail. In Windows (im sorry Im about to compare 2 operating systems) this is a non issue and you can use the machine even if the networking is hosed or you cant talk to the AD. So... BUMP! :-) On Wed, 14 Oct 2009 16:51:10 -0600, ad...@ateamonsite.com wrote: Hopefully that isn't a bad thing! haha Thanks! On Wed, 14 Oct 2009 15:44:54 -0700, Jeremy Allison j...@samba.org wrote: On Wed, Oct 14, 2009 at 04:02:41PM -0600, ad...@ateamonsite.com wrote: Hi Jeremy, Sorry, didn't look too closely at your winbindd issue. winbindd will cache all information to allow disconnected operation (we made this work perfectly at SuSE), so there certainly shouldn't be a problem with a loss of connection to a DC. I am sorry to report that I am in fact using SuSE, and this problem is very easy to reproduce if I power off my AD domain, then wait (I guess) 10 minutes - then try and ssh to my Linux box. There is no way to log into the box. Ok, then I'm going to hand you over to the SuSE Samba Team maintainers on this list (sorry :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Ok I am not hearing replies back - I dont want this issue to be swept under the rug. It has been a issue for me since SuSE 10.1 + samba-3.0.30-0.1.112 even.. I know now that the commands I was telling you all access UN/PW info such as LS or MAN etc, to see if you have permission to run them? IDK I am guessing. BUT - if winbind is really caching and the connection is lost, then this should be a non-issue as you say. Well here is my nsswitch.conf: cat /etc/nsswitch.conf passwd: compat winbind group: compat winbind networks: files dns services: files protocols: files rpc:files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files aliases:files hosts: files dns shadow: compat Isn't this set up right? ;-) So, famously when DNS is down, crap like SSH and NFS take unreasonable amounts of time and cause system hangs in linux. This is what I've been told, and I can accept that. Since DNS is hosted on the AD server, when that server goes down, SSH, and even local login hang for extremely long amounts of time - im talking more than 10 minutes... then fail. In Windows (im sorry Im about to compare 2 operating systems) this is a non issue and you can use the machine even if the networking is hosed or you cant talk to the AD. So... BUMP! :-) On Wed, 14 Oct 2009 16:51:10 -0600, ad...@ateamonsite.com wrote: Hopefully that isn't a bad thing! haha Thanks! On Wed, 14 Oct 2009 15:44:54 -0700, Jeremy Allison j...@samba.org wrote: On Wed, Oct 14, 2009 at 04:02:41PM -0600, ad...@ateamonsite.com wrote: Hi Jeremy, Sorry, didn't look too closely at your winbindd issue. winbindd will cache all information to allow disconnected operation (we made this work perfectly at SuSE), so there certainly shouldn't be a problem with a loss of connection to a DC. I am sorry to report that I am in fact using SuSE, and this problem is very easy to reproduce if I power off my AD domain, then wait (I guess) 10 minutes - then try and ssh to my Linux box. There is no way to log into the box. Ok, then I'm going to hand you over to the SuSE Samba Team maintainers on this list (sorry :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
I don't know if it helps, but I ran through similar problems with one samba DC trusting another domain connected via a VPN. Each time the VPN went down, I had to hard reboot the server (no I did not have an open session all the time to kill winbindd). As far as I remember, this was with self built versions 3.2.4 through 3.2.6. After that, I decided to surrender with trusting another domain with samba. François On Fri, 16 Oct 2009 13:59:45 -0600, ad...@ateamonsite.com wrote: Ok I am not hearing replies back - I dont want this issue to be swept under the rug. It has been a issue for me since SuSE 10.1 + samba-3.0.30-0.1.112 even.. I know now that the commands I was telling you all access UN/PW info such as LS or MAN etc, to see if you have permission to run them? IDK I am guessing. BUT - if winbind is really caching and the connection is lost, then this should be a non-issue as you say. Well here is my nsswitch.conf: cat /etc/nsswitch.conf passwd: compat winbind group: compat winbind networks: files dns services: files protocols: files rpc:files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files aliases:files hosts: files dns shadow: compat Isn't this set up right? ;-) So, famously when DNS is down, crap like SSH and NFS take unreasonable amounts of time and cause system hangs in linux. This is what I've been told, and I can accept that. Since DNS is hosted on the AD server, when that server goes down, SSH, and even local login hang for extremely long amounts of time - im talking more than 10 minutes... then fail. In Windows (im sorry Im about to compare 2 operating systems) this is a non issue and you can use the machine even if the networking is hosed or you cant talk to the AD. So... BUMP! :-) On Wed, 14 Oct 2009 16:51:10 -0600, ad...@ateamonsite.com wrote: Hopefully that isn't a bad thing! haha Thanks! On Wed, 14 Oct 2009 15:44:54 -0700, Jeremy Allison j...@samba.org wrote: On Wed, Oct 14, 2009 at 04:02:41PM -0600, ad...@ateamonsite.com wrote: Hi Jeremy, Sorry, didn't look too closely at your winbindd issue. winbindd will cache all information to allow disconnected operation (we made this work perfectly at SuSE), so there certainly shouldn't be a problem with a loss of connection to a DC. I am sorry to report that I am in fact using SuSE, and this problem is very easy to reproduce if I power off my AD domain, then wait (I guess) 10 minutes - then try and ssh to my Linux box. There is no way to log into the box. Ok, then I'm going to hand you over to the SuSE Samba Team maintainers on this list (sorry :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Your /etc/nsswitch.conf looks correct to me. For services like ssh, you should just disable ptr lookups (VerifyReverseMapping no). Regarding winbind, do you have any services or processes running on the box as a domain user? Perhaps there is a timeout setting for krb and winbind. I don't recall seeing one for winbind, but I would imagine that there is one for kerberos. Have you bumped up the debugging and purposefully caused an ad failure (ifdown or bad route) ? Have you had the console open and watched top to see if it's a processes consuming to much cpu? What kind of troubleshooting have you done? and what are the results? - Original Message From: ad...@ateamonsite.com ad...@ateamonsite.com To: ad...@ateamonsite.com Cc: samba@lists.samba.org; Jeremy Allison j...@samba.org Sent: Fri, October 16, 2009 3:59:45 PM Subject: Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity) Ok I am not hearing replies back - I dont want this issue to be swept under the rug. It has been a issue for me since SuSE 10.1 + samba-3.0.30-0.1.112 even.. I know now that the commands I was telling you all access UN/PW info such as LS or MAN etc, to see if you have permission to run them? IDK I am guessing. BUT - if winbind is really caching and the connection is lost, then this should be a non-issue as you say. Well here is my nsswitch.conf: cat /etc/nsswitch.conf passwd: compat winbind group: compat winbind networks: files dns services: files protocols: files rpc:files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files aliases:files hosts: files dns shadow: compat Isn't this set up right? ;-) So, famously when DNS is down, crap like SSH and NFS take unreasonable amounts of time and cause system hangs in linux. This is what I've been told, and I can accept that. Since DNS is hosted on the AD server, when that server goes down, SSH, and even local login hang for extremely long amounts of time - im talking more than 10 minutes... then fail. In Windows (im sorry Im about to compare 2 operating systems) this is a non issue and you can use the machine even if the networking is hosed or you cant talk to the AD. So... BUMP! :-) On Wed, 14 Oct 2009 16:51:10 -0600, ad...@ateamonsite.com wrote: Hopefully that isn't a bad thing! haha Thanks! On Wed, 14 Oct 2009 15:44:54 -0700, Jeremy Allison j...@samba.org wrote: On Wed, Oct 14, 2009 at 04:02:41PM -0600, ad...@ateamonsite.com wrote: Hi Jeremy, Sorry, didn't look too closely at your winbindd issue. winbindd will cache all information to allow disconnected operation (we made this work perfectly at SuSE), so there certainly shouldn't be a problem with a loss of connection to a DC. I am sorry to report that I am in fact using SuSE, and this problem is very easy to reproduce if I power off my AD domain, then wait (I guess) 10 minutes - then try and ssh to my Linux box. There is no way to log into the box. Ok, then I'm going to hand you over to the SuSE Samba Team maintainers on this list (sorry :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Hi Jeremy, Sorry, didn't look too closely at your winbindd issue. winbindd will cache all information to allow disconnected operation (we made this work perfectly at SuSE), so there certainly shouldn't be a problem with a loss of connection to a DC. I am sorry to report that I am in fact using SuSE, and this problem is very easy to reproduce if I power off my AD domain, then wait (I guess) 10 minutes - then try and ssh to my Linux box. There is no way to log into the box. If I am fortunate to have a terminal open already logged in, I cannot run commands like ls or man getfacl or many others. The machine is useless until I killall winbindd then magically the system is back to normal and commands are able to execute. I looked at the init script for that version on SUSE for winbind and it is running in cached mode. If it helps to know, I have about 4 user/group objects in the windows 2003 R2 AD (with 1 child domain) and I try and put as many acls as I can in the filesystem permissions using setfacl for my cross platform filesystem capability testing. I doubt this is the issue though, I just want you to be informed in case some gotcha I dont know about exists for this scenerio. I have a nice server with plenty of ram and cpu oomph and a nice RAID setup so I doubt it is that either. I am hoping some light can be shed on this issue, so here is my smb.conf and system info:. samba-3.2.7-11.2.1.x86_64 krb5-1.6.3-50.1.x86_64 openSUSE 11.0 (X86-64) VERSION = 11.0 [global] workgroup=qa2k3192 realm=QA2K3192.EDU server string=HSA-PFX10101001 - 10.10.1.72 os level=24 domain master=no local master=no preferred master=yes encrypt passwords=yes level2 oplocks=yes security=ads password server=* wins server= inherit acls=yes map acl inherit=yes log file=/var/log/samba/log%m dos filemode=yes printing=BSD printcap name = /dev/null admin users = webadmin username map = /etc/samba/smbusers winbind enum users=no winbind enum groups=no map to guest = bad user interfaces = eth2 disable spoolss = yes idmap domains = \ QA2K3192 \ QA2K3SUB192 #QA2K3192 S-1-5-21-937701456-36023052-1036737269 idmap config QA2K3192:backend = rid idmap config QA2K3192:base_rid = 0 idmap config QA2K3192:range = 100 - 199 #QA2K3SUB192 S-1-5-21-3854371235-711543302-3856612158 idmap config QA2K3SUB192:backend = rid idmap config QA2K3SUB192:base_rid = 0 idmap config QA2K3SUB192:range = 200 - 299 [company] comment=foo path=/cifs/company writeable=yes browseable=yes hosts allow= hosts deny= inherit acls=yes guest ok=no force unknown acl user=no valid users = @QA2K3192\domain admins,@QA2K3SUB192\domain admins,@QA2K3192\ladies write list = @QA2K3192\domain admins,@QA2K3SUB192\domain admins,@QA2K3192\ladies read list = I desperately hope we can nail down this issue... it is giving me support headaches when people change their networks then want to reconfigure the samba server last.. catch 22! . Thank you again, -Clayton On Tue, 13 Oct 2009 21:14:30 -0700, Jeremy Allison j...@samba.org wrote: On Tue, Oct 13, 2009 at 08:10:56PM -0700, Clayton Hill wrote: Thank you for the info Jeremy I think I will try EXT4 and see if I have better results then - also I agree with you about streams - I just think some of my more foolish clients wont. Better just tell them NO firmly and then give them the example you gave - ;-) Well I'm not saying we won't support streams in Samba, we'll just have to do it by layering meta-data over the filesystem. We already have 2 vfs modules that implement this. Any workaround for the winbind problem I have? This to me is a very serious problem and all I can think of for a solution is of making a script that would ping the DC and if the connection to the DC was gone, to kill winbind, then if the DC is back, start winbind back up. IS this a good idea? It seems very very bad and hacky to me... I am hoping with all my fingers crossed that you have a better solution! Sorry, didn't look too closely at your winbindd issue. winbindd will cache all information to allow disconnected operation (we made this work perfectly at SuSE), so there certainly shouldn't be a problem with a loss of connection to a DC. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
On Wed, Oct 14, 2009 at 04:02:41PM -0600, ad...@ateamonsite.com wrote: Hi Jeremy, Sorry, didn't look too closely at your winbindd issue. winbindd will cache all information to allow disconnected operation (we made this work perfectly at SuSE), so there certainly shouldn't be a problem with a loss of connection to a DC. I am sorry to report that I am in fact using SuSE, and this problem is very easy to reproduce if I power off my AD domain, then wait (I guess) 10 minutes - then try and ssh to my Linux box. There is no way to log into the box. Ok, then I'm going to hand you over to the SuSE Samba Team maintainers on this list (sorry :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Hopefully that isn't a bad thing! haha Thanks! On Wed, 14 Oct 2009 15:44:54 -0700, Jeremy Allison j...@samba.org wrote: On Wed, Oct 14, 2009 at 04:02:41PM -0600, ad...@ateamonsite.com wrote: Hi Jeremy, Sorry, didn't look too closely at your winbindd issue. winbindd will cache all information to allow disconnected operation (we made this work perfectly at SuSE), so there certainly shouldn't be a problem with a loss of connection to a DC. I am sorry to report that I am in fact using SuSE, and this problem is very easy to reproduce if I power off my AD domain, then wait (I guess) 10 minutes - then try and ssh to my Linux box. There is no way to log into the box. Ok, then I'm going to hand you over to the SuSE Samba Team maintainers on this list (sorry :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permission Issues - Email found in subject - Email found in subject - Email found in subject - Email found in subject
Hi, Anyone?, please help!! Thanks, Shaun -- Shaun Martin Systems Administrator Akaza Research smar...@akazaresearch.com www.akazaresearch.com http://www.akazaresearch.com/ www.openclinica.org http://www.openclinica.org/ Open Source Platform for Clinical Research From: Shaun Martin smar...@akazaresearch.com Date: Wed, 26 Aug 2009 09:12:33 -0400 To: Jeremy Allison j...@samba.org Cc: samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject - Email found in subject - Email found in subject - Email found in subject Hi All, Ok I think I have isolated the problem a little more. I did not know the user in question was using a MAC as she is a remote user I have never seen. It seems this issue is only happening with MAC's I did not think that could happen as she is still using the smb protocol. Below is a dir listing of newly created dir's from win, linux and mac clients all using the smb protocol. drwxrwxr-x 2 bbaumann isovera 48 2009-08-26 09:07 ben --windows drwxrwxr-x 2 crusso isovera 48 2009-08-26 09:07 chris---linux (ubunutu) drwxr-xr-x 2 efogel isovera 48 2009-08-26 09:08 erin ---MAC (Newest Version) As you can see the only one not respecting my config of a 775 dir is the mac client. Has anyone seen this before? Any help is greatly appreciated. Thanks, Shaun -- Shaun Martin Systems Administrator Akaza Research smar...@akazaresearch.com www.akazaresearch.com http://www.akazaresearch.com/ www.openclinica.org http://www.openclinica.org/ Open Source Platform for Clinical Research From: Jeremy Allison j...@samba.org Reply-To: Jeremy Allison j...@samba.org Date: Tue, 18 Aug 2009 11:55:03 -0700 To: Shaun Martin smar...@akazaresearch.com Cc: Adam Williams awill...@mdah.state.ms.us, samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject - Email found in subject - Email found in subject On Tue, Aug 18, 2009 at 11:38:21AM -0400, Shaun Martin wrote: Hi, Thank you for noticting that, although it did not fix my issue. My current config is below. And below that is ls lah on the new directories I made after I killed and restarted samba. PLEASE HELP :) [shared] delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 force directory security mask = 0775 directory security mask = 0775 force security mode = 0775 security mask = 0775 browseable = yes I created both shaun and the sub-directory new. Still has 755 permissions. I want 775 permissions. root# ls -lah |grep shaun drwxr-xr-x 2 smartin akaza 48 2009-08-18 11:35 shaun root# ls -lah shaun/ total 1.0K drwxr-xr-x 3 smartin akaza 72 2009-08-18 11:35 . drwxrwx--- 21 smartin isovera 1.3K 2009-08-18 11:35 .. drwxr-xr-x 2 smartin akaza 48 2009-08-18 11:35 new I just tested this using the latest released 3.4.0 code and it works fine. I suggest you upgrade to the latest version from 3.2.0. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba rg/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permission Issues - Email found in subject - Email found in subject - Email found in subject
Hi All, Ok I think I have isolated the problem a little more. I did not know the user in question was using a MAC as she is a remote user I have never seen. It seems this issue is only happening with MAC's I did not think that could happen as she is still using the smb protocol. Below is a dir listing of newly created dir's from win, linux and mac clients all using the smb protocol. drwxrwxr-x 2 bbaumann isovera 48 2009-08-26 09:07 ben --windows drwxrwxr-x 2 crusso isovera 48 2009-08-26 09:07 chris---linux (ubunutu) drwxr-xr-x 2 efogel isovera 48 2009-08-26 09:08 erin ---MAC (Newest Version) As you can see the only one not respecting my config of a 775 dir is the mac client. Has anyone seen this before? Any help is greatly appreciated. Thanks, Shaun -- Shaun Martin Systems Administrator Akaza Research smar...@akazaresearch.com www.akazaresearch.com http://www.akazaresearch.com/ www.openclinica.org http://www.openclinica.org/ Open Source Platform for Clinical Research From: Jeremy Allison j...@samba.org Reply-To: Jeremy Allison j...@samba.org Date: Tue, 18 Aug 2009 11:55:03 -0700 To: Shaun Martin smar...@akazaresearch.com Cc: Adam Williams awill...@mdah.state.ms.us, samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject - Email found in subject - Email found in subject On Tue, Aug 18, 2009 at 11:38:21AM -0400, Shaun Martin wrote: Hi, Thank you for noticting that, although it did not fix my issue. My current config is below. And below that is ls lah on the new directories I made after I killed and restarted samba. PLEASE HELP :) [shared] delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 force directory security mask = 0775 directory security mask = 0775 force security mode = 0775 security mask = 0775 browseable = yes I created both shaun and the sub-directory new. Still has 755 permissions. I want 775 permissions. root# ls -lah |grep shaun drwxr-xr-x 2 smartin akaza 48 2009-08-18 11:35 shaun root# ls -lah shaun/ total 1.0K drwxr-xr-x 3 smartin akaza 72 2009-08-18 11:35 . drwxrwx--- 21 smartin isovera 1.3K 2009-08-18 11:35 .. drwxr-xr-x 2 smartin akaza 48 2009-08-18 11:35 new I just tested this using the latest released 3.4.0 code and it works fine. I suggest you upgrade to the latest version from 3.2.0. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Running Sun Solaris 9 sparc; trying to get Samba to interact with our Windows Active Directory so we can create shares on our Sun server. Kerberos works well. Wbinfo -u and Wbinfo -g both return results. Getent also returns results, both getent passwd getent group. I've created a test folder and added it in the smb.conf file as a share: [test] path = /test writeable = yes browseable = yes guest ok = no valid users = VANDERBILT\mcgranj public = no This folder does exist on the server, but when I try to map, I get no results. When I check the samba log, I see that samba crashes: lib240:/usr/local/samba/var#tail 129.59.149.157.log [2009/06/22 10:26:12, 0] lib/util.c:log_stack_trace(1827) unable to produce a stack trace on this platform [2009/06/22 10:26:12, 0] lib/fault.c:dump_core(231) dumping core in /usr/local/samba/var/cores/smbd [2009/08/19 09:50:50, 0] lib/util.c:smb_panic(1673) PANIC (pid 21681): sys_setgroups failed [2009/08/19 09:50:50, 0] lib/util.c:log_stack_trace(1827) unable to produce a stack trace on this platform [2009/08/19 09:50:50, 0] lib/fault.c:dump_core(231) dumping core in /usr/local/samba/var/cores/smbd I really need to get this running. Please advise. Thank you! *** * Jamen McGranahan * Systems Services Librarian * Library Information Technology Services * Vanderbilt University * Suite 700 * 110 21st Avenue South * Nashville, TN 37240 * (615) 343-1614 * (615) 343-8834 (fax) * jamen.mcgrana...@vanderbilt.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
On Wed, Aug 19, 2009 at 09:58:39AM -0500, McGranahan, Jamen wrote: Running Sun Solaris 9 sparc; trying to get Samba to interact with our Windows Active Directory so we can create shares on our Sun server. Kerberos works well. Wbinfo -u and Wbinfo -g both return results. Getent also returns results, both getent passwd getent group. I've created a test folder and added it in the smb.conf file as a share: [test] path = /test writeable = yes browseable = yes guest ok = no valid users = VANDERBILT\mcgranj public = no This folder does exist on the server, but when I try to map, I get no results. When I check the samba log, I see that samba crashes: lib240:/usr/local/samba/var#tail 129.59.149.157.log [2009/06/22 10:26:12, 0] lib/util.c:log_stack_trace(1827) unable to produce a stack trace on this platform [2009/06/22 10:26:12, 0] lib/fault.c:dump_core(231) dumping core in /usr/local/samba/var/cores/smbd [2009/08/19 09:50:50, 0] lib/util.c:smb_panic(1673) PANIC (pid 21681): sys_setgroups failed [2009/08/19 09:50:50, 0] lib/util.c:log_stack_trace(1827) unable to produce a stack trace on this platform [2009/08/19 09:50:50, 0] lib/fault.c:dump_core(231) dumping core in /usr/local/samba/var/cores/smbd You're running into this bug : https://bugzilla.samba.org/show_bug.cgi?id=2496 Solaris limits the number of supplementary groups a user can be in to 32. This is too small for Windows, and in Sun's in-kernel CIFS server running on ZFS they have a kernel-only workaround which they currently have refused to make available to user-space processes. Please complain to Sun support about this situation, and ask them to fix this limitation in the solaris userspace support. Attached to this bug you'll find a workaround written by Dave Collier-Brown which uses an LB_PRELOAD library to use the Solaris group list as a cache. Jeremy. - From the code: /* * libgroups - a library for Samba on Solaris to allow * an arbitrarily large number of groups. * * * Problem Description: * Unix has a system-wide limit on the number of groups * a user may be in. Samba, which provides file service * to Windows clients, needs to support larger numbers * of groups per user. This is due to the Windows use of * groups, which typically results in more than 16 or * 32 groups for a user. At the moment, only Linux has * enoug groups for a medium to large Windows AD domain. * * I therefor wrote this interposer library (at home) * to remove this limitation on a per-process basis. * It keeps an unbounded list of groups and treats the * standard Solaris groups list as a cache. Before opening * a file, the interposer checks to see if the open would * fail because of a group not being in the cache, and if so * will move it to the head of the ache, shifting the * other entries down. * * Caveats: * This was written for Samba, which is setuid-root. * As the library requries root permissions for setgroups, * it will ONLY work if the program is setuid root or * otherwise has the ablity to call setgroups from the * middle of the open interposer function. The library will * try to abort immediately on startup if it does not * have sufficient privelege. * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permission Issues - Email found in subject - Email found in subject
Hi All, Anyone know why I am getting this issue? Thanks, Shaun From: Shaun Martin smar...@akazaresearch.com Date: Mon, 17 Aug 2009 09:14:40 -0400 To: Jeremy Allison j...@samba.org Cc: samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject - Email found in subject Hi All, Here is the version number. r...@akaza-fs:/usr/local/samba/sbin# ./smbd --version Version 3.2.0 r...@akaza-fs:/usr/local/samba/sbin# ./nmbd --version Version 3.2.0 Thanks, Shaun From: Jeremy Allison j...@samba.org Reply-To: Jeremy Allison j...@samba.org Date: Fri, 14 Aug 2009 14:46:57 -0700 To: Shaun Martin smar...@akazaresearch.com Cc: samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject On Fri, Aug 14, 2009 at 04:22:22PM -0400, Shaun Martin wrote: Hi All, I am trying to achieve something pretty simple. I have a samba share and I would like all new directories and files within that share to have 775 permissions. My config for that share is below. Whenever I create a dir I get 755 permissions. I have set every force permission their is. Both configs below produced the same directory. I feel like this should be very easy and my settings are correct. I have been managing samba server for years and have never run into this issue before. PLEASE HELP!! Thanks, Shaun ls of newly created dir drwxr-xr-x 2 smartin akaza 48 2009-08-14 16:15 shaun Orig Config: delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 browseable = yes Crazy Config setting every force option: delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 force directory security mask = 0775 directory security mask = 0775 force security mode = 775 security mask = 0755 browseable = yes That should work. What version of Samba ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permission Issues - Email found in subject - Email found in subject
did you notice you still have: security mask = 0755 shouldn't that be 0775? Shaun Martin wrote: Hi All, Anyone know why I am getting this issue? Thanks, Shaun From: Shaun Martin smar...@akazaresearch.com Date: Mon, 17 Aug 2009 09:14:40 -0400 To: Jeremy Allison j...@samba.org Cc: samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject - Email found in subject Hi All, Here is the version number. r...@akaza-fs:/usr/local/samba/sbin# ./smbd --version Version 3.2.0 r...@akaza-fs:/usr/local/samba/sbin# ./nmbd --version Version 3.2.0 Thanks, Shaun From: Jeremy Allison j...@samba.org Reply-To: Jeremy Allison j...@samba.org Date: Fri, 14 Aug 2009 14:46:57 -0700 To: Shaun Martin smar...@akazaresearch.com Cc: samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject On Fri, Aug 14, 2009 at 04:22:22PM -0400, Shaun Martin wrote: Hi All, I am trying to achieve something pretty simple. I have a samba share and I would like all new directories and files within that share to have 775 permissions. My config for that share is below. Whenever I create a dir I get 755 permissions. I have set every force permission their is. Both configs below produced the same directory. I feel like this should be very easy and my settings are correct. I have been managing samba server for years and have never run into this issue before. PLEASE HELP!! Thanks, Shaun ls of newly created dir drwxr-xr-x 2 smartin akaza 48 2009-08-14 16:15 shaun Orig Config: delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 browseable = yes Crazy Config setting every force option: delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 force directory security mask = 0775 directory security mask = 0775 force security mode = 775 security mask = 0755 browseable = yes That should work. What version of Samba ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permission Issues - Email found in subject - Email found in subject - Email found in subject
Hi, Thank you for noticting that, although it did not fix my issue. My current config is below. And below that is ls lah on the new directories I made after I killed and restarted samba. PLEASE HELP :) [shared] delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 force directory security mask = 0775 directory security mask = 0775 force security mode = 0775 security mask = 0775 browseable = yes I created both shaun and the sub-directory new. Still has 755 permissions. I want 775 permissions. root# ls -lah |grep shaun drwxr-xr-x 2 smartin akaza 48 2009-08-18 11:35 shaun root# ls -lah shaun/ total 1.0K drwxr-xr-x 3 smartin akaza 72 2009-08-18 11:35 . drwxrwx--- 21 smartin isovera 1.3K 2009-08-18 11:35 .. drwxr-xr-x 2 smartin akaza 48 2009-08-18 11:35 new Thanks, Shaun From: Adam Williams awill...@mdah.state.ms.us Date: Tue, 18 Aug 2009 09:28:02 -0500 To: Shaun Martin smar...@akazaresearch.com Cc: samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject - Email found in subject - Email found in subject did you notice you still have: security mask = 0755 shouldn't that be 0775? Shaun Martin wrote: Hi All, Anyone know why I am getting this issue? Thanks, Shaun From: Shaun Martin smar...@akazaresearch.com mailto:smar...@akazaresearch.com Date: Mon, 17 Aug 2009 09:14:40 -0400 To: Jeremy Allison j...@samba.org mailto:j...@samba.org Cc: samba@lists.samba.org mailto:samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject - Email found in subject Hi All, Here is the version number. r...@akaza-fs:/usr/local/samba/sbin# ./smbd --version Version 3.2.0 r...@akaza-fs:/usr/local/samba/sbin# ./nmbd --version Version 3.2.0 Thanks, Shaun From: Jeremy Allison j...@samba.org mailto:j...@samba.org Reply-To: Jeremy Allison j...@samba.org mailto:j...@samba.org Date: Fri, 14 Aug 2009 14:46:57 -0700 To: Shaun Martin smar...@akazaresearch.com mailto:smar...@akazaresearch.com Cc: samba@lists.samba.org mailto:samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject On Fri, Aug 14, 2009 at 04:22:22PM -0400, Shaun Martin wrote: Hi All, I am trying to achieve something pretty simple. I have a samba share and I would like all new directories and files within that share to have 775 permissions. My config for that share is below. Whenever I create a dir I get 755 permissions. I have set every force permission their is. Both configs below produced the same directory. I feel like this should be very easy and my settings are correct. I have been managing samba server for years and have never run into this issue before. PLEASE HELP!! Thanks, Shaun ls of newly created dir drwxr-xr-x 2 smartin akaza 48 2009-08-14 16:15 shaun Orig Config: delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 browseable = yes Crazy Config setting every force option: delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 force directory security mask = 0775 directory security mask = 0775 force security mode = 775 security mask = 0755 browseable = yes That should work. What version of Samba ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permission Issues - Email found in subject - Email found in subject - Email found in subject
i dunno, here's what I have on a share on my server and it works, i'm doing 777 however. [exec] path = /samba/executive force directory mode = 0777 browseable = Yes create mask = 0777 force create mode = 0777 directory mask = 0777 writeable = Yes force group = @ADMIN\executive inherit permissions = yes valid users = @executive write list = @ADMIN\executive csc policy = disable nt acl support = no force security mode = 777 msdfs root = yes Shaun Martin wrote: Hi, Thank you for noticting that, although it did not fix my issue. My current config is below. And below that is ls --lah on the new directories I made after I killed and restarted samba. PLEASE HELP :) [shared] delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 force directory security mask = 0775 directory security mask = 0775 force security mode = 0775 security mask = 0775 browseable = yes I created both shaun and the sub-directory new. Still has 755 permissions. I want 775 permissions. root# ls -lah |grep shaun drwxr-xr-x 2 smartin akaza 48 2009-08-18 11:35 shaun root# ls -lah shaun/ total 1.0K drwxr-xr-x 3 smartin akaza 72 2009-08-18 11:35 . drwxrwx--- 21 smartin isovera 1.3K 2009-08-18 11:35 .. drwxr-xr-x 2 smartin akaza 48 2009-08-18 11:35 new Thanks, Shaun *From: *Adam Williams awill...@mdah.state.ms.us *Date: *Tue, 18 Aug 2009 09:28:02 -0500 *To: *Shaun Martin smar...@akazaresearch.com *Cc: *samba@lists.samba.org *Subject: *Re: [Samba] Permission Issues - Email found in subject - Email found in subject - Email found in subject did you notice you still have: security mask = 0755 shouldn't that be 0775? Shaun Martin wrote: Hi All, Anyone know why I am getting this issue? Thanks, Shaun From: Shaun Martin smar...@akazaresearch.com mailto:smar...@akazaresearch.com Date: Mon, 17 Aug 2009 09:14:40 -0400 To: Jeremy Allison j...@samba.org mailto:j...@samba.org Cc: samba@lists.samba.org mailto:samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject - Email found in subject Hi All, Here is the version number. r...@akaza-fs:/usr/local/samba/sbin# ./smbd --version Version 3.2.0 r...@akaza-fs:/usr/local/samba/sbin# ./nmbd --version Version 3.2.0 Thanks, Shaun From: Jeremy Allison j...@samba.org mailto:j...@samba.org Reply-To: Jeremy Allison j...@samba.org mailto:j...@samba.org Date: Fri, 14 Aug 2009 14:46:57 -0700 To: Shaun Martin smar...@akazaresearch.com mailto:smar...@akazaresearch.com Cc: samba@lists.samba.org mailto:samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject On Fri, Aug 14, 2009 at 04:22:22PM -0400, Shaun Martin wrote: Hi All, I am trying to achieve something pretty simple. I have a samba share and I would like all new directories and files within that share to have 775 permissions. My config for that share is below. Whenever I create a dir I get 755 permissions. I have set every force permission their is. Both configs below produced the same directory. I feel like this should be very easy and my settings are correct. I have been managing samba server for years and have never run into this issue before. PLEASE HELP!! Thanks, Shaun ls of newly created dir drwxr-xr-x 2 smartin akaza 48 2009-08-14 16:15 shaun Orig Config: delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 browseable = yes Crazy Config setting every force option: delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask
Re: [Samba] Permission Issues - Email found in subject - Email found in subject - Email found in subject
On Tue, Aug 18, 2009 at 11:38:21AM -0400, Shaun Martin wrote: Hi, Thank you for noticting that, although it did not fix my issue. My current config is below. And below that is ls lah on the new directories I made after I killed and restarted samba. PLEASE HELP :) [shared] delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 force directory security mask = 0775 directory security mask = 0775 force security mode = 0775 security mask = 0775 browseable = yes I created both shaun and the sub-directory new. Still has 755 permissions. I want 775 permissions. root# ls -lah |grep shaun drwxr-xr-x 2 smartin akaza 48 2009-08-18 11:35 shaun root# ls -lah shaun/ total 1.0K drwxr-xr-x 3 smartin akaza 72 2009-08-18 11:35 . drwxrwx--- 21 smartin isovera 1.3K 2009-08-18 11:35 .. drwxr-xr-x 2 smartin akaza 48 2009-08-18 11:35 new I just tested this using the latest released 3.4.0 code and it works fine. I suggest you upgrade to the latest version from 3.2.0. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permission Issues - Email found in subject
Hi All, Here is the version number. r...@akaza-fs:/usr/local/samba/sbin# ./smbd --version Version 3.2.0 r...@akaza-fs:/usr/local/samba/sbin# ./nmbd --version Version 3.2.0 Thanks, Shaun From: Jeremy Allison j...@samba.org Reply-To: Jeremy Allison j...@samba.org Date: Fri, 14 Aug 2009 14:46:57 -0700 To: Shaun Martin smar...@akazaresearch.com Cc: samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject On Fri, Aug 14, 2009 at 04:22:22PM -0400, Shaun Martin wrote: Hi All, I am trying to achieve something pretty simple. I have a samba share and I would like all new directories and files within that share to have 775 permissions. My config for that share is below. Whenever I create a dir I get 755 permissions. I have set every force permission their is. Both configs below produced the same directory. I feel like this should be very easy and my settings are correct. I have been managing samba server for years and have never run into this issue before. PLEASE HELP!! Thanks, Shaun ls of newly created dir drwxr-xr-x 2 smartin akaza 48 2009-08-14 16:15 shaun Orig Config: delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 browseable = yes Crazy Config setting every force option: delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 force directory security mask = 0775 directory security mask = 0775 force security mode = 775 security mask = 0755 browseable = yes That should work. What version of Samba ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Thank Collen for response, I was change my pdc to a better is OPldap my log is : Whe i try to connect typing this i can't connect to the pdc server PLease can you help me to solve this, i'm working in a University and this is the solution that I proposed as a solution r...@multiterminal:/home/usuario2# net join -U prueba [2009/06/16 10:21:03, 2] lib/smbldap.c:smbldap_open_connection(786) smbldap_open_connection: connection opened [2009/06/16 10:21:03, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545) init_sam_from_ldap: Entry found for user: prueba [2009/06/16 10:21:03, 2] passdb/pdb_ldap.c:init_group_from_ldap(2167) init_group_from_ldap: Entry found for group: 1001 [2009/06/16 10:21:03, 2] passdb/pdb_ldap.c:init_group_from_ldap(2167) init_group_from_ldap: Entry found for group: 1001 [2009/06/16 10:21:03, 1] auth/auth_sam.c:sam_account_ok(173) sam_account_ok: Account for user 'prueba' password must change!. [2009/06/16 10:21:03, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [prueba] - [prueba] FAILED with error NT_STATUS_PASSWORD_MUST_CHANGE My OPen ldap is : OpenLDAP: slapd 2.4.9 My samba is Samba 3.0.28a In a ubuntu hardy heron 8.04 My smb.conf is: [global] ### Configuracion basica del servidor ### workgroup = home netbios name = servidor server string = Samba PDC Version %v socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 ### Configuracion para que la maquina sea el PDC master ### os level = 65 preferred master = yes local master = yes domain master = yes domain logons = yes ### Configuracion de seguridad y conexion ### security = user guest ok = no encrypt passwords = yes null passwords = no hosts allow = 127.0.0.1 10.154.50.2/255.255.255.0 wins support = yes name resolve order = wins lmhosts host bcast dns proxy = no time server = yes ### Otras configuraciones varias para SAMBA ### log file = /var/log/samba/log.%m log level = 2 max log size = 50 hide unreadable = yes hide dot files = yes panic action = /usr/share/samba/panic-action %d unix charset = ISO8859-1 ### Parametros para el soporte de LDAP ### passdb backend = ldapsam:ldap://127.0.0.1 ldap suffix = dc=home ldap machine suffix = ou=machines ldap user suffix = ou=users ldap group suffix = ou=groups ldap admin dn = cn=admin,dc=home ldap delete dn = no enable privileges = yes ; Para permitir a los usuarios cambiar su clave desde Windows ldap password sync = yes ### Perfiles moviles de usuario, carpeta home y script de inicio ### logon home = \\%L\%U\.profile logon drive = H: logon path = \\%L\profiles\%U logon script = %U.bat OR netlogon.bat ### Script para automatizar la adicion de cuentas de maquinas ### ### al arbol LDAP cuando estas se unan por primera vez al dominio ### add machine script = /usr/sbin/smbldap-useradd -w %u ### Impresion ### load printers = yes printcap name = /etc/printcap printing = cups printcap name = cups ; Si quiero que el grupo sambaadmins pueda administrar las impresoras ; printer admin = @sambaadmins ### Recursos SAMBA ### # Ruta en donde se alojaran el(los) script(s) de inicio [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = no writable = no browseable = no share modes = no # Carpeta en donde se guardan los perfiles moviles de los usuarios [profiles] comment = Perfiles de Usuarios path = /home/samba/profiles writeable = yes browseable = no guest ok = no hide files = /desktop.ini/ntuser.ini/NTUSER.*/ create mask = 0600 directory mask = 0700 csc policy = disable # Impresoras [printers] comment = Impresoras browseable = no path = /var/spool/samba printable = yes public = no writable = no create mode = 0700 # Los clientes Windows buscan este recurso como fuente de drivers [print$] comment = Drivers de Impresoras path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no # carpetas home de los usuarios [homes] path = /home/users/%U comment = Carpetas HOME browseable = no writeable = yes valid users = %S read only = no guest ok = no inherit permissions = yes # Este es un recurso que solo debe ser accesible # para un grupo POSIX especial llamado sysfox [sysfox] comment = Directorio de Sistemas en Fox path = /home/posix/sysfox writeable = yes delete readonly = yes valid users = @sysfox write list = @sysfox force group = sysfox browseable = yes create mask = 0770 directory mask = 0770 # Este recurso es por si quiero compartir la unidad de CD ;[cdrom] ; comment = Samba server CD ; writable = no ; locking = no ; path = /media/cdrom0 ; public = yes ; Lo siguiente es para auto-montar el CD cada vez que es accesado y desmontarlo ; cuando se termina la conexión al servidor. ; Para que esto trabaje, el archivo /etc/fstab debe
[Samba] (no subject)
Ultimate goal: to utilize Active Directory service on all Unix servers Server: SunOS 5.10 Generic_120011-14 sun4u sparc SUNW,Sun-Fire-V440 Software installed: openldap-2.4.16; openssl-0.9.8k; sasl-2.1.21; gcc-3.4.6 I've spent the past couple of days getting OpenLDAP installed on our Sun box. I believe I have it now and am onto Samba. However, when I run the following command, it bails on me with errors about krb5: (trying to configure samba-3.2.4) ./configure --with-krb5=/etc/krb5 \ -- with-ldap \ -- with-ads \ -- with-winbind Error (last part): configure:63086: result: no configure:63105: WARNING: krb5_mk_req_extended not found in -lkrb5 configure:63113: WARNING: no CREATE_KEY_FUNCTIONS detected configure:63121: WARNING: no GET_ENCTYPES_FUNCTIONS detected configure:63129: WARNING: no KT_FREE_FUNCTION detected configure:63137: WARNING: no KRB5_VERIFY_CHECKSUM_FUNCTION detected configure:63183: error: krb5 libs don't have all features required for Active Directory support I'm honestly at a loss here. Can someone please advise me as to what I need to check and/or do? Thank you!! *** * Jamen McGranahan * Systems Services Librarian * Library Information Technology Services * Vanderbilt University * Suite 700 * 110 21st Avenue South * Nashville, TN 37240 * (615) 343-1614 * (615) 343-8834 (fax) * jamen.mcgrana...@vanderbilt.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Solaris build [was Re: [Samba] (no subject)]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 McGranahan, Jamen wrote: Error (last part): configure:63086: result: no configure:63105: WARNING: krb5_mk_req_extended not found in -lkrb5 configure:63113: WARNING: no CREATE_KEY_FUNCTIONS detected configure:63121: WARNING: no GET_ENCTYPES_FUNCTIONS detected configure:63129: WARNING: no KT_FREE_FUNCTION detected configure:63137: WARNING: no KRB5_VERIFY_CHECKSUM_FUNCTION detected configure:63183: error: krb5 libs don't have all features required for Active Directory support Sounds like the configure test may be picking up the Solaris native libs. been a while since I looked at that. Check the config.log file for clues. cheers, jerry - -- = What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ2lK5IR7qMdg1EfYRAtMSAJ0bfUpzowppEtmbp2uf1f7knR/zPwCfdiPl uAGWFTK/KolOO2g7p/0de4A= =OQQh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: Solaris build [was Re: [Samba] (no subject)]
On Mon, Apr 6, 2009 at 3:06 PM, jerry je...@samba.org wrote: Sounds like the configure test may be picking up the Solaris native libs. been a while since I looked at that. Check the config.log file for clues. Yes, I think this is the problem. From my year-old notes building Samba on Solaris 10: checking whether krb5_mk_error takes 3 arguments MIT or 9 Heimdal... yes configure: WARNING: krb5_mk_req_extended not found in -lkrb5 configure: WARNING: no CREATE_KEY_FUNCTIONS detected configure: WARNING: no GET_ENCTYPES_FUNCTIONS detected configure: WARNING: no KT_FREE_FUNCTION detected configure: WARNING: no KRB5_VERIFY_CHECKSUM_FUNCTION detected configure: error: krb5 libs don't have all features required for Active Directory support Use Heimdal kerberos from http://www.pdc.kth.se/heimdal/, download source: http://www.h5l.org/dist/src/heimdal-1.1.tar.gz http://www.h5l.org/dist/src/heimdal-1.1.tar.gz.asc Untarred into /usr/local/{bin,sbin,..}. Make sure /usr/local/bin comes first in path to get propper krb5-config. Hmm, krb5-config wants it to be installed /usr/heimdel/. Make sure /usr/heimdel/bin is first in PATH You may also need to set your LDFLAGS environment variable to include -L and -R flags for the heimdal library directory. -David -- David Eisner http://cradle.brokenglass.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Hello list, My samba server stopped allowing access to shares this morning. It gave some funky errors. Has anyone seen these before? The OS is Fedora 9 and the version is... Version 3.2.0pre3-9.fc9 Am using ADS security for serving shares. Server is EXAMPLEDC.EXAMPLE.CORP Looks like it is saying no login servers in client log but, there are two listed in smb.conf and they both replied to a ping when this happened. I tried restarting smb but it did not help. A reboot cleared up the issue but I want to get to the root cause. There are some strange lines in the smbd log as well(bottom). Any help is greatly appreciated. Can I avoid rebooting this to fix it if it happens again. Or better yet can I permanently fix it maybe upgrade Samba. I saw a previous post where raising amount of processes allowed per group was suggested. Thank you James + + Client log excerpt+ * [2009/01/21 07:08:35, 1] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/mutex.tdb): tdb_lock failed on list 12 ltype=1 (Interrupted system call) [2009/01/21 07:08:35, 0] lib/util_tdb.c:tdb_chainlock_with_timeout_internal(91) tdb_chainlock_with_timeout_internal: alarm (10) timed out for key EXAMPLEDC.EXAMPLE.CORP in tdb /var/lib/samba/mutex.tdb [2009/01/21 07:08:35, 1] lib/server_mutex.c:grab_named_mutex(71) Could not get the lock for EXAMPLEDC.EXAMPLE.CORP [2009/01/21 07:08:55, 0] auth/auth_domain.c:domain_client_validate(221) domain_client_validate: Domain password server not available. [2009/01/21 07:08:55, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [some_user] - [some_user] FAILED with error NT_STATUS_NO_LOGON_SERVERS [2009/01/21 07:09:09, 1] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/mutex.tdb): tdb_lock failed on list 12 ltype=1 (Interrupted system call) [2009/01/21 07:09:09, 0] lib/util_tdb.c:tdb_chainlock_with_timeout_internal(91) tdb_chainlock_with_timeout_internal: alarm (10) timed out for key EXAMPLEDC.EXAMPLE.CORP in tdb /var/lib/samba/mutex.tdb [2009/01/21 07:09:09, 1] lib/server_mutex.c:grab_named_mutex(71) Could not get the lock for EXAMPLEDC.EXAMPLE.CORP +++ = log.smbd excerpt = [2009/01/19 14:33:44, 0] lib/util_sock.c:get_peer_addr_internal(1601) getpeername failed. Error was Transport endpoint is not connected [2009/01/20 13:29:40, 0] lib/util_sock.c:get_peer_addr_internal(1601) getpeername failed. Error was Transport endpoint is not connected [2009/01/21 09:03:39, 0] smbd/server.c:main(1208) smbd version 3.2.0pre3-9.fc9 started. Copyright Andrew Tridgell and the Samba Team 1992-2008 [2009/01/21 09:03:39, 2] lib/tallocmsg.c:register_msg_pool_usage(106) Registered MSG_REQ_POOL_USAGE [2009/01/21 09:03:39, 2] lib/dmallocmsg.c:register_dmalloc_msgs(77) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED = CONFIDENTIALITY This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof. ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] (no subject)
On Thu, Oct 30, 2008 at 09:42:47PM +0530, vishesh wrote: mimagabooks wrote: smbd crashes on startup /var/log/samba/smbd output: [2008/10/30 00:58:56, 1] passdb/pdb_ldap.c:ldapsam_enum_group_memberships(2850) User account [nobody] not found! [2008/10/30 00:58:56, 0] lib/fault.c:fault_report(40) === [2008/10/30 00:58:56, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 6 in pid 3902 (3.2.3-0.1-1882-SUSE-SL11.0) Please read the Trouble-Shooting section of the Samba3-HOWTO Signal 6 is an abort, not a crash in the stricter sense. It is very likely that some assumption in the LDAP code is not met. This time it seems you have something like ldapsam:trusted set but you don't have the user nobody defined in your ldap tree. Please define nobody. Volker pgpXYKvD75Rwr.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
smbd crashes on startup /var/log/samba/smbd output: [2008/10/30 00:58:56, 1] passdb/pdb_ldap.c:ldapsam_enum_group_memberships(2850) User account [nobody] not found! [2008/10/30 00:58:56, 0] lib/fault.c:fault_report(40) === [2008/10/30 00:58:56, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 6 in pid 3902 (3.2.3-0.1-1882-SUSE-SL11.0) Please read the Trouble-Shooting section of the Samba3-HOWTO [2008/10/30 00:58:56, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2008/10/30 00:58:56, 0] lib/fault.c:fault_report(44) === [2008/10/30 00:58:56, 0] lib/util.c:smb_panic(1663) PANIC (pid 3902): internal error [2008/10/30 00:58:56, 0] lib/util.c:log_stack_trace(1767) BACKTRACE: 10 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x2d) [0xb7dcaaed] #1 /usr/sbin/smbd(smb_panic+0x2d) [0xb7dcabed] #2 /usr/sbin/smbd [0xb7db3846] #3 [0xe400] #4 /lib/libc.so.6(abort+0x188) [0xb75e3238] #5 /usr/sbin/smbd(talloc_free+0x22d) [0xb7d992ed] #6 /usr/sbin/smbd(init_guest_info+0xb8) [0xb7e1d018] #7 /usr/sbin/smbd(main+0x816) [0xb800afe6] #8 /lib/libc.so.6(__libc_start_main+0xe5) [0xb75cd5f5] #9 /usr/sbin/smbd [0xb7b92521] [2008/10/30 00:58:56, 0] lib/fault.c:dump_core(201) dumping core in /var/log/samba/cores/smbd /etc/samba/smb.conf [global] unix charset = LOCALE workgroup = MAGABOOKS.ORG netbios name = arizona passdb backend =ldapsam:ldap://arizona.magabooks.org username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 0 name resolve order = wins bcast hosts time server = Yes printcap name = CUPS add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u' delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon script = logon.bat logon path = \\arizona\profiles\%u logon drive = Z: domain logons = Yes domain master = Yes wins support = Yes # peformance optimization all users stored in ldap ldapsam:trusted = yes ldap suffix = dc=magabooks,dc=org ldap machine suffix = ou=Computers,ou=Users ldap user suffix = ou=People,ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=sambaadmin,dc=magabooks,dc=org idmap backend = ldap://127.0.0.1 idmap uid = 1-2 idmap gid = 1-2 # printer admin = root printing = cups #Share Definitions= [homes] comment = Home Directories valid users = %S browseable = yes writable = yes create mask = 0600 directory mask = 0700 [sysvol] path = /var/lib/samba/sysvol read only = no [netlogon] comment = Network Logon Service path = /var/lib/samba/sysvol/magabooks.org/scripts writeable = yes browseable = yes read only = no [profiles] path = /var/lib/samba/profiles writeable = yes browseable = no read only = no create mode = 0777 directory mode = 0777 [Documents] comment = share to test samba path = /var/lib/samba/documents writeable = yes browseable = yes read only = no valid users = @Domain Users If I comment out passdb backend then it does not crash. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba