Daniel Müller
2010-Apr-14 14:27 UTC
[Samba] WG: Upgrading 3.2.15 to 3.3.12 sernet package on opensuse 10.2
My Configuration, On my PDC: Samba version 3.2.15 /LDAP-Master (slurpd)/SMBD4wins <-- version 3.3.12 not working. Downgrade again On my BDC: Samba version 3.3.12 /LDAP-Slave <-- version 3.3.12 working [global] on PDC [global] workgroup = tuepdc.local bind interfaces only = true interfaces = 192.168.135.143/24 127.0.0.0/8 socket address = 192.168.135.255 profile acls = no hosts allow = 127.0.0.1 192.168.129.0/24 192.168.133.0/24 192.168.134.0/24 192.168.132.0/24 192.168.135.0/24 10.0.77.0/24 hosts deny = 0.0.0.0/0 server string = tuepdc.local MasterServer %v admin users = root, administrator,marstaller ldap passwd sync = Yes passwd program = /usr/local/sbin/smbldap-passwd -u %u log level = 0 vfs:[01] log file = /system/log/%U.%m.log syslog = 0 max log size = 3000 time server = Yes read raw = yes defer sharing violations = no write raw = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE mangling method = hash2 dos charset = 850 unix charset = ISO8859-15 display charset = ISO8859-15 logon script = logon.bat logon drive = S: logon path security = user domain logons = Yes domain master = Yes browse list = true os level = 254 preferred master = Yes wins support = no wins server = 192.168.135.150 dns proxy = yes smb ports = 139 445 passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=admin,dc=tuepdc,dc=local ldap suffix = dc=tuepdc,dc=local ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users add user script = /usr/local/sbin/smbldap-useradd -A 1 -B 1 -m -k /dummy "%u" delete user script = /usr/local/sbin/smbldap-userdel -r "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' client lanman auth = no client ntlmv2 auth = yes load printers = Yes nt acl support = no printing = cups printcap name = cups deadtime = 10 map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd preserve case = yes case sensitive = no ---------------------------------------------------------------------------- ---- [global] on smbd4wins/pdc [globals] netbios name= tuepdc-wins workgroup=tuepdc.local bind interfaces only=yes interfaces=192.168.135.150 ntpd:disable_broadcast=yes wins server=192.168.135.150 log level=4 dns proxy=yes ---------------------------------------------------------------------------- --- [global] on BDC [global] workgroup = tuepdc.local netbios name = tuebdc enable privileges = yes interfaces = 192.168.135.144/24 127.0.0.0/8 bind interfaces only=true profile acls=no hosts allow=127.0.0.1 192.168.129.0/24 192.168.133.0/24 192.168.134.0/24 192.168.132.0/24 192.168.135.0/24 10.0.77.0/24 hosts deny=0.0.0.0/0 large readwrite=no max xmit=166644 server string = tuebdc.local BackupServer %v admin users=root, administrator, marstaller encrypt passwords = Yes ldap passwd sync = Yes passwd program = /usr/local/sbin/smbldap-passwd -u %u log level = 0 vfs:[01] log file=/system/log/%U.%m.log syslog = 0 max log size = 3000 defer sharing violations=no time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-15 display charset=ISO8859-15 logon script = logon.bat logon drive = S: logon path security=user domain logons = Yes domain master=NO os level = 100 preferred master =Yes local master =Yes wins support = no wins server=192.168.135.150 dns proxy=yes host msdfs=yes smb ports=139 445 passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=admin,dc=tuepdc,dc=local ldap suffix = dc=tuepdc,dc=local ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users add user script = /usr/local/sbin/smbldap-useradd -A 1 -B 1 -m -k /dummy "%u" delete user script = /usr/local/sbin/smbldap-userdel -r "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' idmap uid=15000-20000 idmap gid=15000-20000 ldap ssl=no #vista compatibility client lanman auth=no client ntlmv2 auth=yes load printers = Yes nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd preserve case = yes short preserve case = yes case sensitive = no ---------------------------------------------------------------------------- --------------- The error that occurred while samba talking to ldap on my PDC and only there not on my BDC: EXT oid=1.3.6.1.4.1.1466.20037 Apr 8 09:22:20 tuepdc slapd[7693]: do_extended: unsupported operation "1.3.6.1.4.1.1466.20037" Apr 8 09:22:20 tuepdc slapd[7693]: conn=441 op=0 RESULT tag=120 err=2 text=unsupported extended operation No user could logon to the PDC nor did the account of the workstations longer work. The chaos was, that the Samba BDC only served a few users all other users could not work any more. So my question again: How can I bring the PDC to version 3.3.12 safely and how can I guarantee the BDC is taking over right in time and all of my users can work on. Daniel ----------------------------------------------- EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de ----------------------------------------------- -----Urspr?ngliche Nachricht----- Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Stan Hoeppner Gesendet: Sonntag, 11. April 2010 00:20 An: samba at lists.samba.org Betreff: Re: [Samba] Upgrading 3.2.15 to 3.3.12 sernet package on opensuse 10.2 Daniel M?ller put forth on 4/10/2010 2:11 AM:> > > Dear all, I have samba 3.2.15 PDC running with an openldap backend and > smbd4wins on the same host. There is also a BDC the same as my PDC. AfterI> did an update to 3.3.12 on my BDC this worked on the fly without problems. > Then I went on doing the same update on my PDC with the result of chaos.No> user was able to logon anymore , when I did a smbclient -L mypdc -N it was > extremely slow, and my whole domain was down. After a few hours searching > for the reasons, I only saw an error with the samba talking to my openldap > on my PDC (this error was definitly not on my BDC with quiet the same > configuration) that searching the ldap database. At the end the only wayto> solve this was to downgrade again to 3.2.15. Is there a way to upgrade a > samba PDC to 3.3.12 without fail!? Greetings DanielIt might help if you share that error message with the list. Just telling us that you upgraded Samba and something broke doesn't give us much to go on. Error messages, relevant log entries, and config files are always helpful. -- Stan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Stan Hoeppner
2010-Apr-14 21:58 UTC
[Samba] WG: Upgrading 3.2.15 to 3.3.12 sernet package on opensuse 10.2
Daniel M?ller put forth on 4/14/2010 9:27 AM:> EXT oid=1.3.6.1.4.1.1466.20037 > Apr 8 09:22:20 tuepdc slapd[7693]: do_extended: unsupported operation > "1.3.6.1.4.1.1466.20037" > Apr 8 09:22:20 tuepdc slapd[7693]: conn=441 op=0 RESULT tag=120 err=2 > text=unsupported extended operationThis is an OpenLDAP problem, not a Samba problem. I have zero experience with LDAP but I know how to Google and read. Please paste all the relevant log entries from the PDC. There should be a few more than what you pasted, such as these posted back in July 2008 to another help forum: Jul 9 07:32:26 xdaolin slapd[2241]: conn=702 fd=23 ACCEPT from IP=127.0.0.1:15332 (IP=0.0.0.0:389) Jul 9 07:32:26 xdaolin slapd[2241]: conn=702 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jul 9 07:32:26 xdaolin slapd[2241]: conn=702 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037" Jul 9 07:32:26 xdaolin slapd[2241]: conn=702 op=0 RESULT tag=120 err=2 text=unsupported extended operation Jul 9 07:32:26 xdaolin slapd[2241]: conn=702 op=1 UNBIND Jul 9 07:32:26 xdaolin slapd[2241]: conn=702 fd=23 closed Jul 9 07:32:26 xdaolin slapd[2241]: conn=703 fd=23 ACCEPT from IP=127.0.0.1:15333 (IP=0.0.0.0:389) Jul 9 07:32:26 xdaolin slapd[2241]: conn=703 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jul 9 07:32:26 xdaolin slapd[2241]: conn=703 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037" Jul 9 07:32:26 xdaolin slapd[2241]: conn=703 op=0 RESULT tag=120 err=2 text=unsupported extended operation Jul 9 07:32:26 xdaolin slapd[2241]: conn=703 op=1 UNBIND Jul 9 07:32:27 xdaolin slapd[2241]: conn=703 fd=23 closed Jul 9 07:32:27 xdaolin getent: nss_ldap: could not search LDAP server - Server is unavailable Note that "1.3.6.1.4.1.1466.20037" exists in both help requests, and that the other OP is not having problems with Samba but some other application, _two years ago_. I've found examples of the same error going back to 2006. I have yet to find via Google any document with this 1.3.6.1.4.1.1466.20037 error string having anything to do with Samba. Your problem is with your platform/OpenLDAP configuration. Have you upgraded OpenLDAP? Have you upgraded all your libraries to the latest versions? What operating system are you using? What version? Forget the fact that everything "works" on the BDC. That is not a factor here because the machines are NOT identical. One is a PDC, the other a BDC. Just because the BDC works after the Samba upgrade doesn't automatically mean the PDC should work, given that the problem isn't with Samba, but with OpenLDAP. Google for "EXT oid=1.3.6.1.4.1.1466.20037" and read every article in the first 3 pages. That should help you find your answer. Save yourself some time by upgrading all packages and libraries first to see if that fixes the problem, starting with OpenLDAP. -- Stan
Daniel Müller
2010-May-03 12:03 UTC
[Samba] WG: Upgrading 3.2.15 to 3.3.12 sernet package on opensuse 10.2
What happend to my question?! Is there someone who could help me getting on? Greetings Daniel ----------------------------------------------- EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de ----------------------------------------------- -----Urspr?ngliche Nachricht----- Von: Daniel M?ller [mailto:mueller at tropenklinik.de] Gesendet: Mittwoch, 14. April 2010 16:28 An: 'samba at lists.samba.org' Betreff: WG: [Samba] Upgrading 3.2.15 to 3.3.12 sernet package on opensuse 10.2 My Configuration, On my PDC: Samba version 3.2.15 /LDAP-Master (slurpd)/SMBD4wins <-- version 3.3.12 not working. Downgrade again On my BDC: Samba version 3.3.12 /LDAP-Slave <-- version 3.3.12 working [global] on PDC [global] workgroup = tuepdc.local bind interfaces only = true interfaces = 192.168.135.143/24 127.0.0.0/8 socket address = 192.168.135.255 profile acls = no hosts allow = 127.0.0.1 192.168.129.0/24 192.168.133.0/24 192.168.134.0/24 192.168.132.0/24 192.168.135.0/24 10.0.77.0/24 hosts deny = 0.0.0.0/0 server string = tuepdc.local MasterServer %v admin users = root, administrator,marstaller ldap passwd sync = Yes passwd program = /usr/local/sbin/smbldap-passwd -u %u log level = 0 vfs:[01] log file = /system/log/%U.%m.log syslog = 0 max log size = 3000 time server = Yes read raw = yes defer sharing violations = no write raw = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE mangling method = hash2 dos charset = 850 unix charset = ISO8859-15 display charset = ISO8859-15 logon script = logon.bat logon drive = S: logon path security = user domain logons = Yes domain master = Yes browse list = true os level = 254 preferred master = Yes wins support = no wins server = 192.168.135.150 dns proxy = yes smb ports = 139 445 passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=admin,dc=tuepdc,dc=local ldap suffix = dc=tuepdc,dc=local ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users add user script = /usr/local/sbin/smbldap-useradd -A 1 -B 1 -m -k /dummy "%u" delete user script = /usr/local/sbin/smbldap-userdel -r "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' client lanman auth = no client ntlmv2 auth = yes load printers = Yes nt acl support = no printing = cups printcap name = cups deadtime = 10 map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd preserve case = yes case sensitive = no ---------------------------------------------------------------------------- ---- [global] on smbd4wins/pdc [globals] netbios name= tuepdc-wins workgroup=tuepdc.local bind interfaces only=yes interfaces=192.168.135.150 ntpd:disable_broadcast=yes wins server=192.168.135.150 log level=4 dns proxy=yes ---------------------------------------------------------------------------- --- [global] on BDC [global] workgroup = tuepdc.local netbios name = tuebdc enable privileges = yes interfaces = 192.168.135.144/24 127.0.0.0/8 bind interfaces only=true profile acls=no hosts allow=127.0.0.1 192.168.129.0/24 192.168.133.0/24 192.168.134.0/24 192.168.132.0/24 192.168.135.0/24 10.0.77.0/24 hosts deny=0.0.0.0/0 large readwrite=no max xmit=166644 server string = tuebdc.local BackupServer %v admin users=root, administrator, marstaller encrypt passwords = Yes ldap passwd sync = Yes passwd program = /usr/local/sbin/smbldap-passwd -u %u log level = 0 vfs:[01] log file=/system/log/%U.%m.log syslog = 0 max log size = 3000 defer sharing violations=no time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-15 display charset=ISO8859-15 logon script = logon.bat logon drive = S: logon path security=user domain logons = Yes domain master=NO os level = 100 preferred master =Yes local master =Yes wins support = no wins server=192.168.135.150 dns proxy=yes host msdfs=yes smb ports=139 445 passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=admin,dc=tuepdc,dc=local ldap suffix = dc=tuepdc,dc=local ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users add user script = /usr/local/sbin/smbldap-useradd -A 1 -B 1 -m -k /dummy "%u" delete user script = /usr/local/sbin/smbldap-userdel -r "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' idmap uid=15000-20000 idmap gid=15000-20000 ldap ssl=no #vista compatibility client lanman auth=no client ntlmv2 auth=yes load printers = Yes nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd preserve case = yes short preserve case = yes case sensitive = no ---------------------------------------------------------------------------- --------------- The error that occurred while samba talking to ldap on my PDC and only there not on my BDC: EXT oid=1.3.6.1.4.1.1466.20037 Apr 8 09:22:20 tuepdc slapd[7693]: do_extended: unsupported operation "1.3.6.1.4.1.1466.20037" Apr 8 09:22:20 tuepdc slapd[7693]: conn=441 op=0 RESULT tag=120 err=2 text=unsupported extended operation No user could logon to the PDC nor did the account of the workstations longer work. The chaos was, that the Samba BDC only served a few users all other users could not work any more. So my question again: How can I bring the PDC to version 3.3.12 safely and how can I guarantee the BDC is taking over right in time and all of my users can work on. Daniel ----------------------------------------------- EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de ----------------------------------------------- -----Urspr?ngliche Nachricht----- Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Stan Hoeppner Gesendet: Sonntag, 11. April 2010 00:20 An: samba at lists.samba.org Betreff: Re: [Samba] Upgrading 3.2.15 to 3.3.12 sernet package on opensuse 10.2 Daniel M?ller put forth on 4/10/2010 2:11 AM:> > > Dear all, I have samba 3.2.15 PDC running with an openldap backend and > smbd4wins on the same host. There is also a BDC the same as my PDC. AfterI> did an update to 3.3.12 on my BDC this worked on the fly without problems. > Then I went on doing the same update on my PDC with the result of chaos.No> user was able to logon anymore , when I did a smbclient -L mypdc -N it was > extremely slow, and my whole domain was down. After a few hours searching > for the reasons, I only saw an error with the samba talking to my openldap > on my PDC (this error was definitly not on my BDC with quiet the same > configuration) that searching the ldap database. At the end the only wayto> solve this was to downgrade again to 3.2.15. Is there a way to upgrade a > samba PDC to 3.3.12 without fail!? Greetings DanielIt might help if you share that error message with the list. Just telling us that you upgraded Samba and something broke doesn't give us much to go on. Error messages, relevant log entries, and config files are always helpful. -- Stan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Maybe Matching Threads
- WG: WG: Strange!!! Clients only log on to samba bdc
- Glusterfs gives up with endpoint not connected
- Upgrading 3.2.15 to 3.3.12 sernet package on opensuse 10.2
- Error setting initial password for a user when using LDAP as backend and trying to set Samba and Unix password to the same value
- Join W2008 R2 64bit to samba 3.5.8