headers
Matthieu Patou | 1 Jul 2012 05:55
Picon
Favicon

Re: Samba4 DC replication

On 06/26/2012 12:56 AM, steve wrote:
> Hi
> We have just added a second DC to our existing domain. Replication is 
> working fine. We have setup the second DC with bind DLZ and that too 
> is working fine (except that the DNS partition is not replicated).
>
> So, we now have two DC's and so also two DNS servers.
>
> Question, Do I now have to go to every client and add the new IP for 
> the new DNS?
That's an administration question not an Samba one.

-- 
Matthieu Patou
Samba Team
http://samba.org

--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Permalink | Reply | 1 comment |
headers
Andrew Bartlett | 1 Jul 2012 05:59
Picon
Favicon

uid handling changes (was:Re: Error with samba-tool when upgrading from 3 to 4 / NT_STATUS_IO_TIMEOUT)

On Sat, 2012-06-30 at 14:49 -0700, Matthieu Patou wrote:
> On 06/29/2012 05:24 AM, Hervé Hénoch wrote:
> > I've this in the logs :
> >  ../source3/param/loadparm.c:6337(service_ok)
> > Jun 29 14:11:10 samba4 smbd[2627]:   WARNING: No path in service IPC$ 
> > - making it unavailable!
> > Jun 29 14:11:10 samba4 smbd[2627]: [2012/06/29 14:11:10.671944, 0] 
> > ../source3/smbd/server.c:1266(main)
> > Jun 29 14:11:10 samba4 smbd[2627]:   standard input is not a socket, 
> > assuming -D option
> > Jun 29 14:11:10 samba4 smbd[2627]: [2012/06/29 14:11:10.672366, 0] 
> > ../source3/lib/pidfile.c:154(pidfile_create)
> > Jun 29 14:11:10 samba4 smbd[2627]:   ERROR: can't open 
> > /usr/local/samba/var/run/smbd-fileserver.conf.pid: Error was Le 
> > fichier existe
> It seems that this file is already existing can you retry without this 
> file ?
> > Jun 29 14:11:31 samba4 smbd[2647]: [2012/06/29 14:11:31.356436,  0] 
> > ../source3/param/loadparm.c:6337(service_ok)
> > Jun 29 14:11:31 samba4 smbd[2647]:   WARNING: No path in service IPC$ 
> > - making it unavailable!
> > Jun 29 14:11:31 samba4 smbd[2647]: [2012/06/29 14:11:31.372172, 0] 
> > ../source3/smbd/server.c:1266(main)
> > Jun 29 14:11:31 samba4 smbd[2647]:   standard input is not a socket, 
> > assuming -D option
> > Jun 29 14:11:33 samba4 smbd[2647]: [2012/06/29 14:11:33.223200, 0] 
> > ../source3/printing/print_standard.c:68(std_pcap_cache_reload)
> > Jun 29 14:11:33 samba4 smbd[2647]:   Unable to open printcap file 
> > /etc/printcap for read!
> > Jun 29 14:11:43 samba4 smbd[2662]: [2012/06/29 14:11:43.118319, 0]
(Continue reading)

Permalink | Reply | 1 comment |
headers
Jeremy Allison | 1 Jul 2012 06:04
Picon
Favicon

Re: uid handling changes (was:Re: Error with samba-tool when upgrading from 3 to 4 / NT_STATUS_IO_TIMEOUT)

On Sun, Jul 01, 2012 at 01:59:13PM +1000, Andrew Bartlett wrote:
> > > ../source3/lib/pidfile.c:154(pidfile_create)
> > > Jun 29 14:11:10 samba4 smbd[2627]:   ERROR: can't open 
> > > /usr/local/samba/var/run/smbd-fileserver.conf.pid: Error was Le 
> > > fichier existe
> > It seems that this file is already existing can you retry without this 
> > file ?
> > > Jun 29 14:11:31 samba4 smbd[2647]: [2012/06/29 14:11:31.356436,  0] 
> > > ../source3/param/loadparm.c:6337(service_ok)
> > > Jun 29 14:11:31 samba4 smbd[2647]:   WARNING: No path in service IPC$ 
> > > - making it unavailable!
> > > Jun 29 14:11:31 samba4 smbd[2647]: [2012/06/29 14:11:31.372172, 0] 
> > > ../source3/smbd/server.c:1266(main)
> > > Jun 29 14:11:31 samba4 smbd[2647]:   standard input is not a socket, 
> > > assuming -D option
> > > Jun 29 14:11:33 samba4 smbd[2647]: [2012/06/29 14:11:33.223200, 0] 
> > > ../source3/printing/print_standard.c:68(std_pcap_cache_reload)
> > > Jun 29 14:11:33 samba4 smbd[2647]:   Unable to open printcap file 
> > > /etc/printcap for read!
> > > Jun 29 14:11:43 samba4 smbd[2662]: [2012/06/29 14:11:43.118319, 0] 
> > > ../source3/lib/util_sec.c:124(assert_gid)
> > > Jun 29 14:11:43 samba4 smbd[2662]:   Failed to set gid privileges to 
> > > (-1,3000004) now set to (0,50884) uid=(0,0)
> > Also it's worth investigating why the script thinks that the UID is -1, 
> > obviously it will fail a bit.
> > I can advise first to rebuild with symbols then dig a bit and understand 
> > why the UID is -1.
> 
> I think -1 in this case is 'no change', but what is a worry is that a
> large number of our users have reported hitting this after Jeremy's
(Continue reading)

Permalink | Reply | 0 comments |
headers
David Touzeau | 1 Jul 2012 19:10
Picon
Gravatar

samba 3.6.6: cluster support not available: support for SCHEDULE_FOR_DELETION control missing

Dear, i cannot compile the latest build with cluster support:

I have tried the debian repository
I have tried by compiling the ctdb-1.0.112-12 via the rsync explained in 
the wiki
I have tried by compiling the ctdb-1.0.114.5  available here :
http://ftp.sernet.de/pub/ctdb/1.0.114/src/ctdb-1.0.114.5.tar.gz

The samba package still refuse to compile when enable the cluster support:

checking cluster support... yes
configure: checking whether cluster support is available
checking for ctdb.h... yes
checking for ctdb_private.h... yes
checking for CTDB_CONTROL_TRANS3_COMMIT declaration... yes
checking for CTDB_CONTROL_SCHEDULE_FOR_DELETION declaration... no
configure: error: "cluster support not available: support for 
SCHEDULE_FOR_DELETION control missing"

Is there any tips to fix this issue ?

--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Permalink | Reply | 1 comment |
headers
Christian PERRIER | 2 Jul 2012 08:30
Picon
Favicon
Gravatar

Re: samba 3.6.6: cluster support not available: support for SCHEDULE_FOR_DELETION control missing

Quoting David Touzeau (david <at> touzeau.eu):
> Dear, i cannot compile the latest build with cluster support:
> 
> I have tried the debian repository

Any reason for not using the Debian packages?

If you're using Debian stable (squeeze), we have backports of packages
that are in Debian testing. As of now, they're still 3.6.5 as we first
need the 3.6.6 packages to enter Debian testing before we can backport
them. It's however only a matter of days : the 3.6.6 packages should
enter testing as of July 8th and I'll upload backported packages
immediately to backports.debian.org.

--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Permalink | Reply | 0 comments |
headers
Daniel Müller | 2 Jul 2012 09:12
Picon

Re: Samba4 DC replication

To your login.bat or login cmd  add:
netsh interface ipv4 add dns  local "Your-Lan-Connection" static
your.new.dns.server 255.255.255.0 

This should do the job.

-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller <at> tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: samba-bounces <at> lists.samba.org [mailto:samba-bounces <at> lists.samba.org] Im
Auftrag von Matthieu Patou
Gesendet: Sonntag, 1. Juli 2012 05:56
An: samba <at> lists.samba.org
Betreff: Re: [Samba] Samba4 DC replication

On 06/26/2012 12:56 AM, steve wrote:
> Hi
> We have just added a second DC to our existing domain. Replication is 
> working fine. We have setup the second DC with bind DLZ and that too 
> is working fine (except that the DNS partition is not replicated).
(Continue reading)

Permalink | Reply | 0 comments |
headers
Derek Lewis | 2 Jul 2012 09:23
Picon
Favicon

Samba share access problems

Hello,

I have Samba 3.6.6 compiled and running under Ubuntu 10.04 server, I
upgraded from 3.5.x and used the same share and configuration file.

I have access problems from my Windows machines "network path not found"
that I am trying to diagnose via smbclient from the server console: with
smbclient...

When I run, smblcient -L wen-chang\<user1>,. For any of my users, I see the
error message "Error returning browse list: NT STATUS OK".

The shares are browseable=yes, so I think this is a permissions problem or
an issue with the way I created my Samba users.

Suggestions on additional tests to locate the problem?
--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Permalink | Reply | 0 comments |
headers
Andrew Bartlett | 2 Jul 2012 09:53
Picon
Favicon

Re: DMZ Kerberos authentication, is Samba needed or helpful?

On Sat, 2012-06-30 at 13:14 -0400, Nico Kadel-Garcia wrote:
> I'm dealing with an environment with AD servers in a normal working
> environment, all working and happy. I'm using bare Kerberos
> authentication for my Linux hosts to authenticate local accounts
> against the AD server, all well and good, I've not needed to integrate
> LDAP support and don't want to.
> 
> But there are DMZ VLAN's with hosts exposed directly to the Internet.
> I'd like to allow those hosts similar authentication, and do *NOT*
> want to slap an AD server into the DMZ, for more security reasons than
> I can count. What I'd love to do is to set up either a Samba server,
> slaved to the master AD servers, to handle authentication and *not*
> allow propagating any changes to AD servers, basically a pure slave
> server. This way, I can do it on a far more secure Linux system than
> most AD servers could ever hope to be and protect it from the DMZ
> hosts or accidental external exposure.
> 
> Or, if I can do it, just set up a pure Kerberos slave. Again, I can
> secure that a lot more than I can hope to secure an AD server. And I'd
> love to have that *only* handle authentication, not allow password
> changing or queries against the Kerberos.
> 
> Will I need or benefit from Samba for this? Or has someone here done
> the simple Kerberos slave setup and can point me to some notes?
> 
> [ In case it's not clear, I wrote some of the early Samba ports to
> SunOS, so I know the basic capabilities and architecture. ]

Samba 4.0 as an AD RODC would seem to fit the bill here.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Dave Ewart | 2 Jul 2012 12:57
Picon
Picon

Re: Windows 7 v. Samba: why is default network profile in 'NETLOGON/Default User.v2' not used?

On Friday, 29.06.2012 at 17:33 +0200, Harry Jede wrote:

> According to "KB-973289" http://support.microsoft.com/kb/973289 the
> owner should be "everyone". Everyone has SID S-1-1-0
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q243330 . Do
> you have a usermapping for "everyone"?

(Thanks for your reply, Harry)

We don't, actually: I read those instructions and, since our NETLOGON
share is not generally writeable and our Samba isn't configured to use
ACLs, those permissions wouldn't apply when following the recipe as
described in the link above.  Nowhere I've read suggests that the
ownership setting is *critical*: our NETLOGON share presents as
read-only guest, in effect.

Do you think the ownership is critical and that Windows is rejecting the
use of 'Default User.v2' simply because it can't ascertain that it's
"EVERYONE"-owned, despite the fact that it could read it if it tried?!

(I admit I side-stepped this part of the process and hoped it wouldn't
matter, since reconfiguring Samba to allow this type of change would be
potentially disruptive!)

Thanks,

Dave.

--

-- 
Dave Ewart
(Continue reading)

Permalink | Reply | 0 comments |
headers
Charalampos Anargyrou | 2 Jul 2012 16:24
Picon

Samba 4 & Smart card logon

Hello list,

I have installed and configured a domain with Samba version 
4.0.0beta2-GIT-7e80b89 on a CentOS 6.2

I can successfully join a Windows PC in the domain (both Windows XP and 
Windows 7 tested)

Now, I am trying to move a step forward and I would like to configure 
Samba to accept Windows smart card logon
This is a requirement for a project I am involved to

I have already installed the required client on Windows and I have a 
smart card for testing
I have already installed EJBCA as my CA on CentOS 6.2

On Samba wiki the how to in 
http://wiki.samba.org/index.php/Samba4/Smart_Card_Login is not ready, so 
if anyone can help I will appreciate it
According to the headers in the how to, I have to configure Heimdal to 
accept PKINIT
I found a guide on 
http://www.h5l.org/manual/HEAD/info/heimdal/Setting-up-PK_002dINIT.html
I've also found a guide on 
http://k5wiki.kerberos.org/wiki/Pkinit_configuration for MIT Kerberos 
which has some more info on the certificates

I have created the Kerberos certificate according to what I have 
understood from the guides but I don't know how to test if the 
certificate is correct
(Continue reading)

Permalink | Reply | 13 comments |

Gmane