Any body Can help me
?
?D. Rajan
--- On Thu, 26/11/09, D.Rajan <rajand_2000 at yahoo.com> wrote:
From: D.Rajan <rajand_2000 at yahoo.com>
Subject: Re: [Samba] Samba + LDAP error in windows xp while ACL
To: "vishesh kumar" <linuxtovishesh at gmail.com>
Cc: samba at lists.samba.org
Date: Thursday, 26 November, 2009, 1:42 AM
root at sangam:~# pdbedit -Lv
ldapsam_setsampwent: LDAP search failed: Size limit exceeded
root at sangam:~# testpartm -sv
?
Output
***********************************************************
[Global]
dos charset = 850
unix charset = ISO8859-1
display charset = LOCALE
workgroup = RAYALA
realm =
netbios name = SANGAM
netbios aliases =
netbios scope =
server string = Samba Server %v
interfaces =
bind interfaces only = No
security = USER
auth methods =
encrypt passwords = Yes
update encrypted = No
client schannel = Auto
server schannel = Auto
allow trusted domains = Yes
map to guest = Bad User
null passwords = No
obey pam restrictions = No
password server = *
smb passwd file = /etc/samba/smbpasswd
private dir = /etc/samba
passdb backend = ldapsam:ldap://127.0.0.1/
algorithmic rid base = 1000
root directory =
guest account = nobody
enable privileges = Yes
pam password change = No
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = "Changing UNIX*\nNew password*" %n\n "*Retype new
password*" %n\n"
passwd chat debug = No
passwd chat timeout = 2
check password script =
username map =
password level = 0
username level = 0
unix password sync = Yes
restrict anonymous = 0
lanman auth = No
ntlm auth = Yes
client NTLMv2 auth = No
client lanman auth = Yes
client plaintext auth = No
preload modules =
use kerberos keytab = No
log level = 0
syslog = 0
syslog only = No
log file = /var/log/samba/log.%m
max log size = 100000
debug timestamp = Yes
debug prefix timestamp = No
debug hires timestamp = No
debug pid = No
debug uid = No
enable core files = Yes
smb ports = 445 139
large readwrite = Yes
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
disable netbios = No
reset on zero vc = No
acl compatibility = auto
defer sharing violations = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 16644
name resolve order = lmhosts wins host bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = Yes
unix extensions = Yes
use spnego = Yes
client signing = auto
server signing = No
client use spnego = Yes
enable asu support = No
svcctl list =
deadtime = 10
getwd cache = Yes
keepalive = 300
lpq cache time = 30
max smbd processes = 0
paranoid server security = Yes
max disk size = 0
max open files = 10000
open files database hash size = 10007
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
use mmap = Yes
hostname lookups = No
name cache timeout = 660
load printers = Yes
printcap cache time = 750
printcap name = cups
cups server =
iprint server =
disable spoolss = No
addport command =
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
mangling method = hash2
mangle prefix = 1
max stat cache size = 1024
stat cache = Yes
machine password timeout = 604800
add user script = /usr/sbin/smbldap-useradd -m "%u"
rename user script =
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g'
'%u'
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
shutdown script =
abort shutdown script =
username map script =
logon script = logon.bat
logon path =
logon drive =
logon home =
domain logons = Yes
os level = 65
lm announce = Auto
lm interval = 60
preferred master = Yes
local master = Yes
domain master = Yes
browse list = Yes
enhanced browsing = Yes
dns proxy = Yes
wins proxy = No
wins server =
wins support = Yes
wins hook =
kernel oplocks = Yes
lock spin time = 200
oplock break wait time = 0
ldap admin dn = cn=admin,dc=camsonline,dc=com
ldap delete dn = No
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap replication sleep = 1000
ldap suffix = dc=camsonline,dc=com
ldap ssl =
ldap timeout = 15
ldap page size = 1024
ldap user suffix = ou=Users
ldap debug level = 0
ldap debug threshold = 10
add share command =
change share command =
delete share command =
eventlog list =
config file =
preload =
lock directory =
pid directory = /var/run/samba
utmp directory =
wtmp directory =
utmp = No
default service =
message command = /bin/sh -c '/usr/bin/linpopup
get quota command =
set quota command =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map = auto.home
afs username map =
afs token lifetime = 604800
log nt token command =
time offset = 0
NIS homedir = No
usershare allow guests = No
usershare max shares = 100
usershare owner only = Yes
usershare path = /var/lib/samba/usershares
usershare prefix allow list =
usershare prefix deny list =
usershare template share =
panic action = /usr/share/samba/panic-action %d
host msdfs = Yes
passdb expand explicit = No
idmap domains =
idmap backend =
idmap alloc backend =
idmap cache time = 900
idmap negative cache time = 120
idmap uid =
idmap gid =
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 300
winbind enum users = No
winbind enum groups = No
winbind use default domain = No
winbind trusted domains only = No
winbind nested groups = Yes
winbind nss info = template
winbind refresh tickets = No
winbind offline logon = No
winbind normalize names = No
comment =
path =
username =
invalid users = root
valid users =
admin users = sd_rajan
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
acl check permissions = Yes
acl group control = No
acl map full control = Yes
create mask = 0740
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
force unknown acl user = No
inherit permissions = No
inherit acls = No
inherit owner = No
guest only = No
administrative share = No
guest ok = No
only user = No
hosts allow =
hosts deny =
allocation roundup size = 1048576
aio read size = 0
aio write size = 0
aio write behind =
ea support = No
nt acl support = Yes
profile acls = No
map acl inherit = No
afs share = No
block size = 1024
change notify = Yes
directory name cache size = 100
kernel change notify = Yes
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
use sendfile = No
write cache size = 0
max reported print jobs = 0
max print jobs = 1000
printable = No
printing = cups
cups options =
print command =
lpq command = %p
lprm command =
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
use client driver = No
default devmode = Yes
force printername = No
printjob username = %U
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangling char = ~
hide dot files = Yes
hide special files = No
hide unreadable = No
hide unwriteable files = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map archive = Yes
map hidden = No
map system = No
map readonly = yes
mangled names = Yes
mangled map =
store dos attributes = No
dmapi support = No
browseable = Yes
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = Auto
share modes = Yes
dfree cache time = 0
dfree command =
copy =
include =
preexec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = Yes
dos filetime resolution = No
fake directory create times = No
vfs objects =
msdfs root = No
msdfs proxy =
***********************************************
For your information First we used LDAP & SAMBA after Long time some one
configured ACL in that server and left,and its worked fine. Now its?having
problem,
?
In /etc/fstab
/dev/sdc1?????? /home3????????? xfs???? relatime??????? 0?????? 2
/dev/sdd1?????? /home4????????? xfs???? relatime??????? 0?????? 2
when i add relatime, acl and mount -a its giving error.
1. XFS support ACL? . If yes How to configures ACL ? do u have any document
?
I am using
root at sangam:~# dpkg -l | grep samba
ii? libcrypt-smbhash-perl???????????????? 0.12-2????????????????????? generate
LM/NT hash of a password for samba
ii? samba???????????????????????????????? 3.0.28a-1ubuntu4.4????????? a
LanManager-like file and printer server fo
ii? samba-common????????????????????????? 3.0.28a-1ubuntu4.4????????? Samba
common files used by both the server a
ii? samba-doc???????????????????????????? 3.0.28a-1ubuntu4.4????????? Samba
documentation
root at sangam:~# dpkg -l | grep ldap
ii? ldap-account-manager????????????????? 2.1.0-1????????????????????
webfrontend for managing accounts in an LDAP
ii? ldap-auth-client????????????????????? 0.5????????????????????????
meta-package for LDAP authentication
ii? ldap-auth-config????????????????????? 0.5???????????????????????? Config
package for LDAP authentication
ii? ldap-utils??????????????????????????? 2.4.9-0ubuntu0.8.04.1?????? OpenLDAP
utilities
ii? libldap-2.4-2???????????????????????? 2.4.9-0ubuntu0.8.04.1?????? OpenLDAP
libraries
ii? libnet-ldap-perl????????????????????? 1:0.34-1??????????????????? A Client
interface to LDAP servers
ii? libnss-ldap?????????????????????????? 258-1ubuntu3??????????????? NSS module
for using LDAP as a naming servic
ii? libpam-ldap?????????????????????????? 184-2ubuntu2??????????????? Pluggable
Authentication Module allowing LDA
ii? php5-ldap???????????????????????????? 5.2.4-2ubuntu5.3??????????? LDAP
module for php5
ii? smbldap-tools???????????????????????? 0.9.4-1???????????????????? Scripts to
manage Unix and Samba accounts st
root at sangam:~# dpkg -l | grep acl
ii? acl?????????????????????????????????? 2.2.45-1??????????????????? Access
control list utilities
ii? libacl1?????????????????????????????? 2.2.45-1??????????????????? Access
control list shared library
sysadm at sangam:~$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=8.04
DISTRIB_CODENAME=hardy
DISTRIB_DESCRIPTION="Ubuntu 8.04.1"
?
root at vaigai:/etc# net getdomainsid
SID for domain VAIGAI is: S-1-5-21-4020846335-601350461-1468625926
SID for domain RAYALA is: S-1-5-21-4020846335-601350461-1468625926
?
any logs?you from me ?
?
?
?
?
C U Next Mail
Raj
Take Care
HAVE A NICE DAY
Mobile :?98418 78056?
Office No : 044- 28285571, 512 , 575 ??
Office No : 044- 30212881
--- On Tue, 17/11/09, vishesh kumar <linuxtovishesh at gmail.com> wrote:
From: vishesh kumar <linuxtovishesh at gmail.com>
Subject: Re: [Samba] Samba + LDAP error in windows xp while ACL
To: "D.Rajan" <rajand_2000 at yahoo.com>
Cc: samba at lists.samba.org
Date: Tuesday, 17 November, 2009, 3:09 PM
Dear rajan
?? Did you set ldap admin password for samba by using following command.
root#smbpasswd -w <ldap admin password>
By the way you can also use pdbedit -Lv command to ensure samba is communicating
to ldap properly.
Thanks
On Tue, Nov 17, 2009 at 10:55 AM, D.Rajan <rajand_2000 at yahoo.com>
wrote:
Dear All,
?
?????? What the files i need to be check to solve the problem.??i am having PDC
& BDC
?
root at sangam:/var/log/samba# net getlocalsid
SID for domain SANGAM is: S-1-5-21-4020846335-601350461-1468625926
root at vaigai:~# net getlocalsid
SID for domain VAIGAI is: S-1-5-21-4020846335-601350461-1468625926
?
Error while ACL from windows XP:
****************************************
ysadm at sangam:/var/log/samba$ tailf log.kh-sys-02635
[2009/11/16 19:12:43, 0] printing/print_cups.c:cups_connect(69)
Unable to connect to CUPS server localhost:631 - Connection refused
[2009/11/17 09:32:28, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2009/11/17 09:32:32, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2009/11/17 09:32:49, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2009/11/17 09:32:49, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2009/11/17 10:26:38, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2009/11/17 10:27:03, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2009/11/17 10:27:29, 0] smbd/posix_acls.c:create_canon_ace_lists(1438)
create_canon_ace_lists: unable to map SID
S-1-5-21-4020846335-601350461-1468625926-3174 to uid or gid.
As per your instruction i convert one systems from our domain to workgroup and
restart the system and once again i convert to my domain, eventhough i am not
able to give permission from my system.
?
1.?In My client Xp system what i want to check regarding SID infomation ?
2. How to solve the "unable to map SID"?error in server.
?
I am having more than 2500 client system.
?
C U Next Mail
Raj
Take Care
HAVE A NICE DAY
--- On Sun, 8/11/09, D.Rajan <rajand_2000 at yahoo.com> wrote:
From: D.Rajan <rajand_2000 at yahoo.com>
Subject: Samba + LDAP error in windows xp while ACL
To: samba at lists.samba.org
Date: Sunday, 8 November, 2009, 6:08 PM
Dear all,
?
?I am using Samba + PDC LDAP in a single server. From last month onward i am
facing problem
When I set manualy the acl (setfacl -m g:group:rwx the_file)
It's ok, the other domain member see the ACL
But when I set the acl with a Windows Workstation, that's don't work it
gives the furnished error :
?
sysadm at sangam:/var/log/samba$ tailf log.r-sys-03703
?
[2009/11/08 17:54:05, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2009/11/08 17:54:09, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4211)
sid S-1-5-21-3986255151-1643105893-2919334401-3002 does not belong to our domain
.
.
.
[2009/11/08 17:54:15, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2009/11/08 17:54:17, 0] smbd/posix_acls.c:create_canon_ace_lists(1438)
create_canon_ace_lists: unable to map SID
S-1-5-21-4020846335-601350461-1468625926-27594 to uid or gid.
?
?
?
?
C U Next Mail
Raj
Take Care
HAVE A NICE DAY
The INTERNET now has a personality. YOURS! See your Yahoo! Homepage.
? ? ?The INTERNET now has a personality. YOURS! See your Yahoo! Homepage.
http://in.yahoo.com/
--
To unsubscribe from this list go to the following URL and read the
instructions: ?https://lists.samba.org/mailman/options/samba
--
http://linuxinterviews.blogspot.com
The INTERNET now has a personality. YOURS! See your Yahoo! Homepage.
The INTERNET now has a personality. YOURS! See your Yahoo! Homepage.
http://in.yahoo.com/
