logo
IRC Archive / Freenode / #samba / 2010 / April / 27 / 2
freetown2
could the changes in samba...it's gone through a bit
so browsing is fine but once writes get involved...the XP clients all 'freeze' for a while at the same time?
or individually?
Markle
it affects more than one client if the other clients are trying to do something involving samba
I think that's where I was getting mixed up describing the behaviour.
freetown2
that's the part where I start running out of ideas if i/o is not going through the roof...
Markle
So if the timeout thing gets triggered you won't be able to browse the shares either.
freetown2
a triggers then b and c are affect
hopefully someone can dig that out for us...i'm still running 3.0.3x
heading home soon, hope you get an answer and a solution
Markle
freetown, thanks very much for your input :)
mbarper
Hi guys
I have some problems with my 2 samba domains to create a interdomain trust relationship
Somebody could help me?
[root@moi-server ~]# net rpc trustdom list Unable to find a suitable server [2010/04/27 10:36:29, 0] utils/net_rpc.c:rpc_trustdom_list(6083) Couldn't connect to domain controller
Irssi_
hi
pt
i am trying to connect to a samba-server from a xp-client and get the error: \\192.168.1.254\Volume1 is not accessible. You might not have permissions to use this network resource...
but the samba-server is an open share
and the permissions on the files of the samba-server are 777
if i look to Microsoft Windows Network(Entire Network), i couldn't see the Workgroup
has anyone an idea?
samba-logfile http://nopaste.info/991bd1e378.html
mbarper
my problem is solved :)
uwe
hello, i have samba printers on cups print server, im trying to set it up that it would be colored capable, in cups it is already set so, what should i do in order to make windows clients aware that its color capable ?
BluntObject
uwe: Use the correct driver on your Windows client.
uwe
BluntObject, im using cups-windows driver (unified for all printers)
BluntObject
uwe: Same advice still applies. Have you checked that the cups-windows driver supports color?
uwe
well, frankly no, i havent, i assumed that it sends stuff in postscript which should support colors
blingme
uwe: depends on the windows driver you are using
windows isn't like unix ....
if you're abusing some windows postscript driver ... it could be for a b&w printer ....
twb
So I just heard about this SMB2 thing that Microsoft rolled out in NT6.0.
What resource should I be reading for Samba's take on SMB2? http://wiki.samba.org/index.php/Linux_SMB2_client_design ?
uwe
ok, in my test pages (printed from windows) it says Color support: no , is this info from the driver or from the configuration/settings ? or can it be either one ?
RoyK
hi all. is smb2 in recent samba3?
twb
RoyK: stop following me!
RoyK
(Action) hands twb a beer
twb
Good idea.
blingme
3.5.x has some "experimental" support
RoyK
I guess I'll better wait for v4, then
blingme
1)that may be quite a wait, 2)4.0.0 may not have SMB2 support ....
samba3 is ahead on "file serving" features AFAIK
RoyK
what else do you use it for? making coffee?
twb
Wikipedia says that samba4 has experimental smb2 support.
And if Wikipedia says it, it MUST be true!!1!
RoyK
(Action) takes twb's beer
twb
RoyK: that's the Hypertext Coffee Pot Protocol. You need Emacs for that, not Samba.
RoyK
I know HTCPCP :)
twb
You'll also need an elec eng background, since sadly you cannot buy HTCPCP-compliant coffee machines yet.
(Action) rails at capitalism
idra
RoyK, master has almost complete smb2 support, we expect to have full smb2 support in s3 within the month
s/the/a/
twb
idra: is anybody working on a linux client side yet?
RoyK
twb: you mean smbfs? isn't that in kernel?
twb
RoyK: for SMB2, not smb/cifs
RoyK
yeah, but most smb mounts I've done uses smbfs, which is in kernel, not samba
idra
twb, there is some work for an smb2 driver, but it will take time, however smb is fine for linux, do you have servers that do only smb2 ?
RoyK, smbfs is ancient code, not maintained for ages, you want to use the cifs driver
twb
idra: no, I was just going "ooh, sexy, a new protocol that claims to be more performant"
RoyK
idra: it's not really a need, more of a "want" since smb1 isn't very well suited for slow WANs
twb
I don't actually give a sh*t about Windows hosts; it's a perk of my current gig :-)
RoyK
idra: I'll remember that
idra
RoyK, smb2 is not too different although it may have some minor improvements
RoyK
I thought they had cut down on the chatting there?
low-latency wan links aren't very good with smb/cifs
nfs4 is good, though, but not well supported in linux
and hardly in windoze
idra
RoyK, nfsv4 works just fine in linux
RoyK
I haven't tried with kerberos, but without it I got issues connecting to solaris
twb
Solaris isn't Linux
heterogeneity leads to Interesting Times
RoyK
twb: I know, but solaris has been using nfs4 for some time and afaik their implementation is quite good
twb: heh - yes - but interesting in terms of good (not Pratchett's version) :)
homogeneity be damned :)
uwe
BluntObject, blingme , thank you for your hints, you were perfectly right, i just could not see it, the ps5ui.dll that i used is from adobe and apparently was too old, using the file that comes with windows (i used one from 2003) fixed the color management tab issue !
the cups-windows driver seems to simply utilize that dll , and thus the problem is not related to it directly
BluntObject
Happy to see uwe's problem is now resolved.
mdjoker
Hello, I have a small question about the machine SID and the domain SID of my samba pdc (3.0 on SLES10). Back when I originally set up the PDC, I saved the machine SID of its netbios hostname (the domain SID should be the same as this, right?). About a year ago the hostname of the PDC had to change. Now I just took a look at my secrets.tdb and something seems to be very wrong.
In there I can see two SIDs: The SID of the old (!) hostname, which is the same as the one i originally saved and the domain SID which is different.
Also there is no SID for the new hostname, causing net getlocalsid to fail.
I guess I'm humbly asking for advice on how to proceed here. :)
neosimago
hello people; we're looking to transform our old ldap backend authentication on samba 2 to a new ldap 2.3 backend on samba 3 and the schemas are not playing nice during the add. Is there a scrip to convert our old ldap 1.9 datablase full of machine names from samba 2 to be compatible with samba 3?
hatseflats
evening everyone
power
hi,is it possible to create windows shares, per user, with one pub one priv directory ?
hatseflats
having some trouble with two samba servers on my network, a while ago one became inaccessible through it's hostname
http://paste.pocoo.org/show/206829/ this is the configuration for the working server, the malfunctioning box has almost the same config, just some more shares
I have third box on which I repeatedly call smbtree to check which box is discoverable
it's all local to my private home network, so I don't care about security at al
mdjoker
you've probably checked, but the nmbd process is still running on the inaccessible box?
hatseflats
mdjoker: yes, the problem has persisted over several weeks now
during which the box has been rebooted a few times
using it's IP to access the shares works just fine
but now I have a machine on the network which doesn't support hardcoded ip addresses, as such I need to fix this hostname crud
mdjoker
hm. do you know which of the systems is the local master browser? maybe you can try to query its database to find more info about what's wrong or something?
hatseflats
I don't know what a local master is, and wouldn't know which of the boxes is supposed to be the master on this network
but I suppose it's some administrative task bestowed on one box in particular?
mdjoker
well the local master browser is kind of the box that gathers the netbios names and serves them to clients. if you say the nmbd on the affected system is fine, i just guesses there could be a problem in the master browser's database. i'm not too fit in samba's netbios internals, so it's just a vague guess.
neosimago
slapadd is complaining with my machine accounts; '(65) object class 'posixAccount' requires attribute 'cn' ' -- any leads to how these entries may be accepted into the database?
mdjoker
only other thing i can suggest right now is you try to set up one of the boxes as a WINS server. that will speed up netbios name lookups in any case and may also make this problem go away
sorry...
hatseflats
no problem, I'll stick around if someone els gets an idea or something :)
mdjoker
good luck. i'm doing the same right now. :)
hatseflats
about wins, I've tried that once before a week or two ago I think, didn't work out either
mdjoker
also, if you don't get any ideas, i'd suggest you raise your log level in smb.conf to at least 2 on the affected system for the time being, this will also increase nmbd's log output. when you notice the system disappear next time, look though the logs. you might find something odd.
what exactly didn't work about WINS? i suppose you enabled "wins support = yes" on one system and "wins server = <ip_of_wins_box>" on all the others?
hatseflats
oh, it's not dissapearing, it's completely lost in the current way clients do the lookup
can't find it at all
not off and on
mdjoker: yeah, read through the howto from oreilly, but the lookup of that one server still failed
mdjoker
well that's strange. i've never seen this myself, sorry.
hatseflats
meh, it's probably some obscure flipswitch I left on somewhere somehow
always something so stupendously obvious that you miss it
mdjoker
still, do increase your log level on that machine a bit and restart nmbd. you might just spot an error message or something.
hatseflats
oh darn
found it
mdjoker
you did?
hatseflats
the working system was on netmask 255.240.0.0, like all the other boxes in the network
but the second server has a hardwired ip, without hte new subnet
so it was still set at 255.255.255.0
mdjoker
oh. :)
hatseflats
*palmface*
mdjoker
heh, i wouldn't have thought of that. nice.
hatseflats
makes complete sense tho
when I read the logs for the broken box I noticed that log.nmbd claimed it was the local master on the network
and I had just read that local masters work for subnets or something
mdjoker
well that certainly makes sense.
hatseflats
well, thanks for soundboarding mdjoker, you did help :)
mdjoker
well thanks, great you figured it out. :)
so what happened was maybe because it thought it was the local master on its subnet (which was correct in away), it probably didn't advertize itself to the real master. or something. :)
hatseflats
I think so too.
and the broadcast for the node's hostname lookup would fail as well
because the broadcast happened on 172.31.255.255
and not on the 172.16.0.255 subnet it was listening on
mdjoker
yes, that's true of course. well i've learned something today. :)
just have to think of the broader picture sometimes.
hatseflats
indeed
well, good night to you, I'm off to bed :)(
mdjoker
power: what did you mean earlier? every user should have each one private and one public share? or should the public share be global?
power
mdjoker~ well, yes,but for the private one, he should be able to add users that can access
without r00t privilages
mdjoker
well you *could* use POSIC ACLs on the samba filesystem for that.
*POSIX
power
ie, create a directory,and say user1 user2 can read,write, user3 can read, else have no access
any tutorial for that mdjoker ?
mdjoker
i don't know any that cover both ACLs in general and in connection with samba offhand, sorry.
power
ok thanks
mdjoker
but you might want to learn about POSIX ACLs in general first. they're essentially more flexible than normal unix permissions in that you can add access control entries like: user foo may read and write this file, user bar may only read, user bang may read and execute.
power
mdjoker~ after a quick google look,i can say that this one needs some patching and recompiling.
mdjoker
then you just need to make sure that the ACLs on the private directories are set sensibly and they map properly to (windows-)clients through samba.
power
(Action) crosses fingers
mdjoker
err no, not for POSIX ACLs, certainly not.
you will not get all functionality in windows-clients as on an NTFS file system but the basics work.
ie your users will be able to add ACEs onto their files like "now user foo may also read this file".
given a correct share configuration in smb.conf that is. :)
power
http://www.bluelightning.org/linux/samba_acl_howto/ this one says i need a patched kernel and samba
mdjoker
let me see..
well... > 18 July 2003
that was a time when 2.4 kernels still needed patches to even support file system ACLs. :)
power
lol
mdjoker
it seems
power
didnt notice the date
mdjoker
about ACL support itself, don't worry. probably all halfway relevant distributions ship their kernels with ACL support for ext2/3/4, xfs, reiser, you name it.
saulo
Hello all. I'm with a problem with Samba+LDAP: "smbldap-useradd -a myuser" returns "Can't call method "get_value" on an undefined value at /usr/sbin/smbldap-useradd line 231.". What can be?
mdjoker
power: maybe try this, it's from suse but POSIX ACLs are distribution independent. they also work the same way on other unixes. http://www.suse.de/~agruen/acl/linux-acls/online/
once you learn to work with getfacl and setfacl, try to read up on how to pair samba with ACLs. there are some options in smb.conf that affect how they are handled, how they are inherited and so on.
saulo
In reality, my problem is with smbldap-tools package. But no idea about what can be happening
mdjoker
power: Also, I just noticed, there is a chapter about ACLs and their limitations wrt samba here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id2614541
I guess you should be aware of these.
power
you helped a lot thanks
ill make a fresh centos installation and start testing
mdjoker
good luck! :)
power
the last problem on your last link, about MS WORD, is really funny :D
mdjoker
heh, yes actually sometimes we have this problem in our setup. it can be a pain.
power
have you ever used openfiler ? i was about to test it, but i always prefer a custom solution based on centos,then such customized OSes
neosimago1
hi people. using the local box with ldap 2.3/ samba 3; what are some test methods to verify that samba is using ldap for verification to local resources shared?
mdjoker
i've read about it and wanted to try it for some time but never got the chance unfortunately. i once tried freenas though. it supports ZFS which has extremely advanced ACLs but i couldn't get them to work as i wanted with windows clients.
power
ive a freenas running on an old pc,for some basic NFS support, but its extremely dangerous to play with it, the chance that it will survive a reboot is about %5
mdjoker
wow, that sounds adventurous. :)
saulo
neosimago1: using LDAP? smbldap-tools working?
power
zfs sounds OK to me :\
i can use solaris instead of centos
mdjoker
well... i've put a lot of time into exactly that
and to be honest, i failed.
power
oh, freebsd also supports it natively, that explains freenas supporting it
mdjoker
yes, however slightly older versions than solaris, obviously. :)
power
yeah
if you are around here always, i will share my experiences about this one tomorrow
ill try ZFS
mdjoker
be aware that you might have to put _a_lot_ f time into that
also, if at all possible, use the opensolaris CIFS server, not samba
power
oh
i hope that configuration files are similar
mdjoker
windows clients with samba and zfs acls will mess with the order of access control entries, causing major havoc.
power
i see
mdjoker
i've had test cases where for example trying to add read access to a user as the owner of a file caused the owner to lose complete access.
the main problem is this: zfs acls and ntfs acls are very similar in functionality. but the trouble is in the detail. ntfs ACEs are in a different order. so the windows clients sets them in an order it thinks is correct but in actuality that will have a completely different effect on ZFS itself, which samba then has to honor.
the solaris CIFS server seems to handle this better. however it seems you cannot join that into an NT4/samba domain, only ADS.
just so you know what you're getting into. :)
power
i dont have a domain , most of the clients are xp home edition :(
mdjoker
I see. well, maybe i was just completely incapable and actually it's not hard.