headers
Ulrich Schneider | 25 May 2013 16:09
Picon
Favicon

Developmen state Samba as ADDC?

Hi everybody,

I read about the development state ... samba as an ad domain controller 
and that many functions / group policies have been implemented. Still, 
there is some work in progress.

Is there a documentation where I can look up the functions not 
implemented yet?

Regards,
Ulrich Schneider
--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Permalink | Reply | 0 comments |
headers
Ulrich Schneider | 25 May 2013 16:03
Picon
Favicon

Entwicklungsstand Samba als ADDC?

Hallo zusammen,

ich habe gelesen, dass man Samba als AD Domain Controller verwenden 
kann, dass aber hier die Entwicklung noch nicht abgeschlossen ist.

Wo kann ich denn nachlesen, welche Funktionen/Gruppenrichtlinien 
implementiert sind und welche noch in der Entwicklung sind?

Grüsse,
Ulrich Schneider
--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Permalink | Reply | 0 comments |
headers
X-Dimension | 25 May 2013 15:30
Picon

Samba 4 Alpha 17 to 4.0.x update - questions concerning S3FS / NTVFS

We had used Samba 4 alpha 17 for a long time and want to update our 
server now to Samba 4.0.x.
The old Samba versions was using NTVFS and Samba 4.0.x is now using S3FS 
by default.

So, what is the best practice now? Should we stay on NTVFS or should we 
switch to S3FS?

The global part of our smb.conf looks like this:

---
[global]
         interfaces = eth0
         netbios name = PDC
         passdb backend = samba4
         realm = MYDOMAIN.LAN
         # Global parameters
         server role = domain controller
         server string = PDC
         workgroup = MYDOMAIN
---

When we start Samba 4.0.x with this configuration, is it using NTVFS 
like before or is it using S3FS then?

Thx for help!
--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
(Continue reading)

Permalink | Reply | 0 comments |
headers
Lee Allen | 24 May 2013 23:12

Unable to get Samba-3.6.12 to authenticate using ADS

I have a Samba-4 system running as an Active Directory server.  It's
working great: computers are joined to it, users are logged in, etc.  Good
job Samba developers, and thank you!

But of course I am not satisfied.  Now I want to configure another server
(well, a VM) as a file server using Samba-3.6.12.  I want it to refer to
the Samba4 server for all user authentication.  My understanding of the
documentation is that I set "server = ads" and join the samba3 system to my
domain.  I do not need to create any users/accounts on the Samba3
(fileserver) system.

Am I right so far?

But, it's not working -- it is not authenticating requests using the AD
server.  There are error messages coming out of Samba that I don't
understand (no surprise there).

I have read the relevant documentation, including the Domain Membership
section, and I have followed the instructions here:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member

Here are the details.

AD is Samba-4 running on samba-ad.allenlan.net (192.168.0.13).
Fileserver is Samba-3.6.12 on smb-test-zone.allenlan.net (192.168.0.17).
A Win7 PC named t110-win7-base.allenlan.net (192.168.0.93) is joined to the
domain, user "allenlan\lallen" is logged in to it, and I attempt to map a
share on the Samba-3.6.12 system using:
# net use L: \\192.168.0.17\Lee
this prompts for username (it should not), I enter "allenlan\lallen" (or "
(Continue reading)

Permalink | Reply | 1 comment |
headers
?icro MEGAS | 24 May 2013 12:55
Favicon

BDC needs a [profile] and [netlogon] share ?

Hi all,

I have a BDC which uses the LDAP backend of my PDC. Unfortunately all the users who log-in in the morning and
who are processed by this BDC, do not get their logon script executed. The BDC logs this error message:

[2013/05/24 07:28:11.946577,  2] auth/auth.c:304(check_ntlm_password)
  check_ntlm_password:  authentication for user [foobar] -> [foobar] -> [foobar] succeeded
[2013/05/24 07:28:11.948108,  0] param/loadparm.c:8686(process_usershare_file)
  process_usershare_file: stat of /var/lib/samba/usershares/netlogon failed. File or directory not found
[2013/05/24 07:28:12.976867,  0] param/loadparm.c:8686(process_usershare_file)
  process_usershare_file: stat of /var/lib/samba/usershares/netlogon failed. Access denied
[2013/05/24 07:28:12.979372,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: foobar

I did not understand, why the BDC looks for the netlogon at /var/lib/samba/usershares/netlogon so I
double-checked my smb.conf, on both PDC and BDC. Here are the relevant option in smb.conf:

***PDC***smb.conf:
[global]
     ...
        security = user
        passdb backend = ldapsam:ldap://172.16.0.1
        logon script = %U.bat
        logon path = \\pdc\profiles\%U
        logon drive = U:
        domain logons = Yes
        preferred master = Yes
        local master = Yes
        domain master = Yes
        os level = 254
(Continue reading)

Permalink | Reply | 1 comment |
headers
François Lafont | 24 May 2013 03:15
Picon
Favicon
Gravatar

[samba4] smbd processes never die after logoff

Hello,

I'm using Samba 4.0.5 in Debian Wheezy as a member server of a DC (in Debian Wheezy too with Samba 4.0.5) and
the clients are Windows7 Pro. The users use shares in the member server.

Sometimes, after the logoff of the users in the Win7 clients, there are connections with the member server
whiches never stop. I can see it with the "smbstatus" command which point PID out to me and indeed with the «
ps aux | grep smbd » I can see smbd processes whiches never die.

I have try this in the smb.conf file :

   deadtime = 10
   socket options = TCP_NODELAY SO_KEEPALIVE

But it doesn't work. This is a embarrassing problem for me because it takes resources of the server.

Thanks in advande for your help.

PS: here is my smb.conf for the member server :

[global]

   workgroup = MYDOMAIN
   security = ADS
   realm = MYDOMAIN.PRIV
   encrypt passwords = yes

   idmap config *:backend = tdb
   idmap config *:range = 70001-80000
(Continue reading)

Permalink | Reply | 2 comments |
headers
Paul Davis | 24 May 2013 00:47

Looking for compiled version 1.9 of Samba

I am trying to assist a client who need a compiled version of Samba 1.9 for his SCO ODT 3.2 v4.2 environment. We
are trying to connect an old version of DataFlex on SCO and need the bridge.

Anybody have an old compiled version?

Thanks

Paul Davis
Sr. Business Development Manager
CONNX Solutions - www.connx.com<http://www.connx.com/>
Direct -    (425) 519-6670
Mobile -    (425) 269-3956

--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Permalink | Reply | 1 comment |
headers
Dale Schroeder | 23 May 2013 18:58
Favicon

Samba bug 9615

Debian "testing" recently released a large version jump update to Samba 
(3.6.6 to 3.6.15).  After the upgrade, winbind no longer works which, 
according to the information in the bug report, is due to authentication 
again a Windows 2000 DC.

https://bugzilla.samba.org/show_bug.cgi?id=9615

Are there any plans to patch this bug, or is winbind against a W2K DC 
forever a nonviable combination?

cli_rpc_pipe_open_schannel_with_key failed: NT_STATUS_UNSUCCESSFUL
msrpc_sid_to_name: failed to looKup sids: NT_STATUS_UNSUCCESSFUL

Thanks,
Dale
--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Permalink | Reply | 0 comments |
headers
nipponunited.keithrob91 | 23 May 2013 17:56
Favicon

File deleted while locked

Hi,

I'm running Samba 4.0.0 on a RHEL 6.4 machine and have created a simple share with all the default
configuration options. I've also created an application (running on the RHEL box) that does the following:

- detects a file appearing in the share (using Inotify looking for the IN_CLOSE_WRITE event)
- open and fcntl lock the file
- do some processing
- move the file to somewhere else in the filesystem

When I use a Windows 7 machine to copy a file to the share (using explorer) my app works fine. However if I copy a
file as before, but then while my app is processing the file if I copy the file to the share again, I get a
dialog in Windows stating the file is locked, 'Try Again' or 'Cancel'. If I press Cancel, the dialog goes
away but so does the file within the share. When my app tries to move the file it fails because it no longer exists.

Looking at the wireshark output on the Windows machine I see that a SetInfo request is made with a
SMB2_FILE_DISPOSITION_INFO and 'Delete on close set', followed by a success response. I assume this is
the cause of the file deletion? I have to admit to being a novice at both SMB and Samba so apologies in advance
if I'm a little vague.

Is the above expected even though I have locked the file?

For further info, I disabled oplocks for my share with no change in behaviour.

Keith
--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tom Hanstra | 23 May 2013 17:08
Picon
Favicon

RHEL6 implementation running slow

I am running Samba 3.6.15 on a RHEL6 server.  The server has been joined 
to the campus AD.

The complaint I am getting from users is that this is much slower than 
other, earlier versions of Samba.  We have older versions running on 
both RHEL4 and RHEL5, but this version on RHEL6 seems to be running much 
slower.

One thing to note is that I had first installed and had Samba 4 
working.  But, then, the campus AD servers were upgraded to Windows 2008 
R2 and my connections would no longer work.  I downgraded to 3.6.15 and 
that allows me to connect, but with the complaints of slowness.

I've increased the logging, and am including one connection log to this 
email.  I really don't know what to be looking for in the logs.  What 
types of red flags should I be watching for?  What are some typical 
reasons for slow connections?  Might I have to downgrade even further?

Thanks in advance for any help,
Tom

--

-- 

-----------------------------------------------------------------------------
      Tom Hanstra                              Sr. Systems Administrator
      Hesburgh Libraries of Notre Dame         Phone: (574)631-4686
      208 Hesburgh Library                     Email: tom <at> nd.edu
      Notre Dame, IN  46556
                             in Just-
                             spring        when the world is mud-
(Continue reading)

Permalink | Reply | 0 comments |
headers
Marcos Renato da Silva Junior | 23 May 2013 16:50
Picon

Problem with SID after upgrade for samba 3.6.6

Hi,

After upgrading debian 6 to version 7 samba stopped working properly.

Log:

[2013/05/23 08:29:55.811240,  1] auth/server_info.c:386(samu_to_SamInfo3)
   The primary group domain 
sid(S-1-5-21-3651478259-4121578499-3132057975-513) does not match the 
domain sid(S-1-5-21-3182595135-1874831366-4239877494) for 
user(S-1-5-21-3182595135-1874831366-4239877494-60012)
[2013/05/23 08:29:55.811383,  0] auth/check_samsec.c:491(check_sam_security)
   check_sam_security: make_server_info_sam() failed with 
'NT_STATUS_UNSUCCESSFUL'

# net getlocalsid
SID for domain ROCKY is: S-1-5-21-2260219023-4180104146-1160048873

# net getdomainsid
SID for local machine ROCKY is: S-1-5-21-2260219023-4180104146-1160048873
SID for domain PRINTERRESERVA is: S-1-5-21-3651478259-4121578499-3132057975

#pdbedit -v user
User SID: S-1-5-21-3182595135-1874831366-4239877494-60012
Primary Group SID:    S-1-5-21-3651478259-4121578499-3132057975-513

Thanks,

Marcos.
(Continue reading)

Permalink | Reply | 0 comments |

Gmane