Geekasaurus | 1 Jun 02:08 2008
Picon

FC8/Samba 3.0.28: Could not receive trustdoms


I've been using Samba for a number of years, but this is becoming IMPOSSIBLE
to set up and maintain.   The setup is simple: 2 computers, 1 Windows XP SP2
with all the latest patches and such [hostname doofus], 1 Fedora Core 8
running Samba 3.0.28 [hostname dumbee]. 

I am able to make it work after a fashion.  I can browse to the /mnt1
filesystem [ext3, if anyone cares] and read/write files to it.  I am now
trying to get Norton Ghost to work, and their help desk is worse than
useless.  The goal is to backup the XP system to the Linux system.

Ghost did work for a week, but recently I've been getting errors.  It does
seem to be a problem with Samba.  At the time I get the Ghost errors, I get
the an error in the  log.wb-WORKGROUP file, with a timestamp that matches
the attempt on the XP machine.  The error is:
libsmb/clientgen.c:cli_receive_smb(112)   Receiving SMB: Server stopped
responding.  

At the same moment, in the log.winbindd file, I get another error with the
same timestamp, and the mesage: 
nsswitch/winbindd_util.c:trustdom_recv(229)   Could not receive trustdoms. 

With the same timestamp, in the log.$IP_ADDY file I see:
auth/auth_util.c:create_token_from_username(1116)   sid_to_uid for cvail
(S-1-5-21-1203031067-1067078206-1052721417-2000) failed

The results of # net user
root
cvail

(Continue reading)

William Jojo | 1 Jun 04:28 2008

CORRECT configure.in Patches for 3.0.30/3.2.0rc1

Ugh, note to self: do not keep so many versions of "trial" patches kicking around.

As a result I sent the wrong two configure.in patches earlier.

Apologies...

Bill
Love Hörnquist Åstrand | 1 Jun 06:35 2008
Picon
Picon

Re: Strange secblob returned from WIndows 2008 server

Maybe this is credssp ?

http://msdn.microsoft.com/en-us/library/bb204772.aspx

Love

16 apr 2008 kl. 12.53 skrev ronnie sahlberg:

> http://www.alvestrand.no/objectid/1.3.6.1.4.1.311.2.html
>
> is part of the tree for Microsoft authenticode objects.
> .2.30 is however not known by alvestrand nor by
> http://www.oid-info.com/get/1.3.6.1.4.1.311.2
>
> :-(
>
>
> On Thu, Apr 17, 2008 at 4:40 AM, Dan Sledz <dan.sledz <at> isilon.com>  
> wrote:
>> We had a report of a winbindd (v3.0.24 + Todd Stecher's 2k8 patches)
>> core on a customer's Windows 2008 forest.  On investigation, it  
>> appears
>> that the negTokenInit returned via Negotiate Protocol Response is
>> strangely formed.  In particular, it has a new OID that I've never  
>> seen
>> before (1.3.6.1.4.1.311.2.2.30) as well as a zero length mechToken
>> instead of it being omitted per spec.  All I have right now is the  
>> blob
>> itself since I've been unable to get a pcap of it occurring.
>>
(Continue reading)

Christian Perrier | 1 Jun 08:59 2008
Picon

3.2.0 rc1 successfully built for Debian experimental

The needed work for the recent security announcement delayed this a
bit, but it is my pleasure to announce that we successfully built and
uploaded Debian packages for 3.2.0-rc1 in Debian experimental.

We had some feedback about problems with talloc libraries. The built
package does use the standalone libraries (which are packaged
separately by Jelmer) and these do not use versioning as of now.

Jelmer acked this on IRC and said that, basically, the standalone
libraries should now use versioning..:-)

Apart from that, we've got no special problem to report...but please
understand that, as the package is in Debian experimental, the user
feedback os somewhat small.

Matthieu PATOU | 1 Jun 15:00 2008
Picon

point and click with Xerox 7232

Dear list,

I am the unfortunate owner of a Xerox 7232 multifunction printer without PS module.

Cups do not work with this printer: using supplied psd do not work.

So I tried to use native windows drivers, I seem to be able to upload all the driver on the server but when I
right 
click on printer to configure default settings on server I got an error message.
People at linuxprinting suppose that is a problem with bi-directional communication (
http://www.linuxprinting.org/show_printer.cgi?recnum=Xerox-WorkCentre_7232).

What can I do to verify that assumption ?
What can I give you to track down the problem ?

Regards

Matthieu

Matthieu PATOU | 1 Jun 15:33 2008
Picon

samba4 high availability

Dear all,

I was wondering if it was a correct solution to achieve domain controller high availability by duplicating
in real-time 
the samba directory   (and maybe bind zones also) via DRDB and heartbeat/carp.

Heartbeat will be responsible of transferring IP address and starting a samba controller on the heartbeat
slave in case 
of failure of the master.

I know that it is also possible to achieve HA mostly out of the box by using open ldap as ldap backend, but is it 
possible to upgrade from samba built-in ldap backend to another one without provisioning  ? and what about
sysvol and 
netlogon share in this case ?

Matthieu

Gerald (Jerry) Carter | 1 Jun 15:39 2008
Picon

Probably need a 3.0.31 bug fix release this coming week.


Just a heads up,

There have been three bug fixes which are pretty important:

* Guenther's NT4 domain fix
* The Winbind-on-a-PDC revert (fix)
* The winbind /tmp/ pipe removal by child process fix

cheers, jerry

--
=====================================================================
Samba                                    ------- http://www.samba.org
Likewise Software          ---------  http://www.likewisesoftware.com
"What man is a man who does not make the world better?"      --Balian
Store, Repository | 1 Jun 22:03 2008
Picon
Picon

Samba Issue

Hello,

We have a setup with Windows 2003 domain controller and file shares on Samba
3.0.28 hosted on Solaris. We use Windows group policy for folder redirection
and simple scripts to map drives based on group permission. To explain it
further, we redirect all contents of "My Documents" to users home directory
on Samba. So whenever user saves files to "My Documents" it is automatically
saved on that users home directory.  Also,  a simple script with "if" person
is a member of group A, map drives G and "if" person is member of group A
and B , map drives G and H.

We are in the process of decommissioning our old Samba Sever and we want to
do folder redirection to the new Samba server. It appears folder redirection
works well to the new samba location. But we noticed contents of that user's
home directory  on old Samba server gets deleted by some process. Have
anybody in the list witnessed such a behavior? Any suggestions to narrow it
down will be highly appreciated.

Thanks much

Mike Wilkinson | 2 Jun 02:17 2008

Re: [PATCH] Allow prefixMap to be edited by mortals

Andrew Bartlett wrote:
>> It appears the exchange attribute tabs of ADUC are dependant on some
>> RPC call(s), just the presence of the schema isn't enough. Just a
>> heads up to anyone else looking to do this, you'll need to use
>> alternate tools to manage the exchange attributes.
>>     
>
> Any idea which RPCs they are?  I would like to implement them if not too
> difficult. (OpenChange is going to need it anyway...)
>
>   
It's assumption on my part that it's RPC, given that the schema's there 
now and the tabs doesn't appear. I can wireshark an interaction between 
ADUC and the samba box if that's helpful?

Andrew Bartlett | 2 Jun 05:50 2008
Picon

Re: samba4 high availability

On Sun, 2008-06-01 at 17:33 +0400, Matthieu PATOU wrote:
> Dear all,
> 
> I was wondering if it was a correct solution to achieve domain controller high availability by
duplicating in real-time 
> the samba directory   (and maybe bind zones also) via DRDB and heartbeat/carp.
> 
> Heartbeat will be responsible of transferring IP address and starting a samba controller on the
heartbeat slave in case 
> of failure of the master.
> 
> I know that it is also possible to achieve HA mostly out of the box by using open ldap as ldap backend, but is it 
> possible to upgrade from samba built-in ldap backend to another one without provisioning  ? and what about
sysvol and 
> netlogon share in this case ?

I really thing a better approach is to use BIND master/slave
configuration for the zone, inotify+rsync for the netlogon share and
LDAP for the LDB data replication.

This should give you an active/active master/slave server arrangement,
which is far more robust than active/passive failover.

The weakest point is the need for OpenLDAP to better handle our linked
attributes, or for Fedora DS to handle subtree renames.  Both would need
to be manually secured from external access to the LDAP server (the only
access control is on the samba side, LDAP is configured for anonymous
access at this stage of it's technical demonstration). 

Andrew Bartlett
(Continue reading)


Gmane