Daniel Müller
2010-Apr-14 14:27 UTC
[Samba] WG: Upgrading 3.2.15 to 3.3.12 sernet package on opensuse 10.2
My Configuration,
On my PDC:
Samba version 3.2.15 /LDAP-Master (slurpd)/SMBD4wins <-- version 3.3.12
not working. Downgrade again
On my BDC:
Samba version 3.3.12 /LDAP-Slave <-- version 3.3.12 working
[global] on PDC
[global]
workgroup = tuepdc.local
bind interfaces only = true
interfaces = 192.168.135.143/24 127.0.0.0/8
socket address = 192.168.135.255
profile acls = no
hosts allow = 127.0.0.1 192.168.129.0/24 192.168.133.0/24 192.168.134.0/24
192.168.132.0/24 192.168.135.0/24 10.0.77.0/24
hosts deny = 0.0.0.0/0
server string = tuepdc.local MasterServer %v
admin users = root, administrator,marstaller
ldap passwd sync = Yes
passwd program = /usr/local/sbin/smbldap-passwd -u %u
log level = 0 vfs:[01]
log file = /system/log/%U.%m.log
syslog = 0
max log size = 3000
time server = Yes
read raw = yes
defer sharing violations = no
write raw = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
mangling method = hash2
dos charset = 850
unix charset = ISO8859-15
display charset = ISO8859-15
logon script = logon.bat
logon drive = S:
logon path security = user
domain logons = Yes
domain master = Yes
browse list = true
os level = 254
preferred master = Yes
wins support = no
wins server = 192.168.135.150
dns proxy = yes
smb ports = 139 445
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=admin,dc=tuepdc,dc=local
ldap suffix = dc=tuepdc,dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
add user script = /usr/local/sbin/smbldap-useradd -A 1 -B 1 -m -k /dummy
"%u"
delete user script = /usr/local/sbin/smbldap-userdel -r "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u"
"%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g'
'%u'
client lanman auth = no
client ntlmv2 auth = yes
load printers = Yes
nt acl support = no
printing = cups
printcap name = cups
deadtime = 10
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
preserve case = yes
case sensitive = no
----------------------------------------------------------------------------
----
[global] on smbd4wins/pdc
[globals]
netbios name= tuepdc-wins
workgroup=tuepdc.local
bind interfaces only=yes
interfaces=192.168.135.150
ntpd:disable_broadcast=yes
wins server=192.168.135.150
log level=4
dns proxy=yes
----------------------------------------------------------------------------
---
[global] on BDC
[global]
workgroup = tuepdc.local
netbios name = tuebdc
enable privileges = yes
interfaces = 192.168.135.144/24 127.0.0.0/8
bind interfaces only=true
profile acls=no
hosts allow=127.0.0.1 192.168.129.0/24 192.168.133.0/24
192.168.134.0/24 192.168.132.0/24 192.168.135.0/24 10.0.77.0/24
hosts deny=0.0.0.0/0
large readwrite=no
max xmit=166644
server string = tuebdc.local BackupServer %v
admin users=root, administrator, marstaller
encrypt passwords = Yes
ldap passwd sync = Yes
passwd program = /usr/local/sbin/smbldap-passwd -u %u
log level = 0 vfs:[01]
log file=/system/log/%U.%m.log
syslog = 0
max log size = 3000
defer sharing violations=no
time server = Yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-15
display charset=ISO8859-15
logon script = logon.bat
logon drive = S:
logon path security=user
domain logons = Yes
domain master=NO
os level = 100
preferred master =Yes
local master =Yes
wins support = no
wins server=192.168.135.150
dns proxy=yes
host msdfs=yes
smb ports=139 445
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=admin,dc=tuepdc,dc=local
ldap suffix = dc=tuepdc,dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
add user script = /usr/local/sbin/smbldap-useradd -A 1 -B 1 -m -k
/dummy "%u"
delete user script = /usr/local/sbin/smbldap-userdel -r "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u"
"%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g
'%g'
'%u'
idmap uid=15000-20000
idmap gid=15000-20000
ldap ssl=no
#vista compatibility
client lanman auth=no
client ntlmv2 auth=yes
load printers = Yes
nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
preserve case = yes
short preserve case = yes
case sensitive = no
----------------------------------------------------------------------------
---------------
The error that occurred while samba talking to ldap on my PDC and only there
not on my BDC:
EXT oid=1.3.6.1.4.1.1466.20037
Apr 8 09:22:20 tuepdc slapd[7693]: do_extended: unsupported operation
"1.3.6.1.4.1.1466.20037"
Apr 8 09:22:20 tuepdc slapd[7693]: conn=441 op=0 RESULT tag=120 err=2
text=unsupported extended operation
No user could logon to the PDC nor did the account of the workstations
longer work.
The chaos was, that the Samba BDC only served a few users all other users
could not work any more.
So my question again: How can I bring the PDC to version 3.3.12 safely and
how can I guarantee the BDC
is taking over right in time and all of my users can work on.
Daniel
-----------------------------------------------
EDV Daniel M?ller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im
Auftrag von Stan Hoeppner
Gesendet: Sonntag, 11. April 2010 00:20
An: samba at lists.samba.org
Betreff: Re: [Samba] Upgrading 3.2.15 to 3.3.12 sernet package on opensuse
10.2
Daniel M?ller put forth on 4/10/2010 2:11 AM:>
>
> Dear all, I have samba 3.2.15 PDC running with an openldap backend and
> smbd4wins on the same host. There is also a BDC the same as my PDC. After
I> did an update to 3.3.12 on my BDC this worked on the fly without problems.
> Then I went on doing the same update on my PDC with the result of chaos.
No> user was able to logon anymore , when I did a smbclient -L mypdc -N it was
> extremely slow, and my whole domain was down. After a few hours searching
> for the reasons, I only saw an error with the samba talking to my openldap
> on my PDC (this error was definitly not on my BDC with quiet the same
> configuration) that searching the ldap database. At the end the only way
to> solve this was to downgrade again to 3.2.15. Is there a way to upgrade a
> samba PDC to 3.3.12 without fail!? Greetings Daniel
It might help if you share that error message with the list. Just telling
us that you upgraded Samba and something broke doesn't give us much to go
on. Error messages, relevant log entries, and config files are always
helpful.
--
Stan
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Stan Hoeppner
2010-Apr-14 21:58 UTC
[Samba] WG: Upgrading 3.2.15 to 3.3.12 sernet package on opensuse 10.2
Daniel M?ller put forth on 4/14/2010 9:27 AM:> EXT oid=1.3.6.1.4.1.1466.20037 > Apr 8 09:22:20 tuepdc slapd[7693]: do_extended: unsupported operation > "1.3.6.1.4.1.1466.20037" > Apr 8 09:22:20 tuepdc slapd[7693]: conn=441 op=0 RESULT tag=120 err=2 > text=unsupported extended operationThis is an OpenLDAP problem, not a Samba problem. I have zero experience with LDAP but I know how to Google and read. Please paste all the relevant log entries from the PDC. There should be a few more than what you pasted, such as these posted back in July 2008 to another help forum: Jul 9 07:32:26 xdaolin slapd[2241]: conn=702 fd=23 ACCEPT from IP=127.0.0.1:15332 (IP=0.0.0.0:389) Jul 9 07:32:26 xdaolin slapd[2241]: conn=702 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jul 9 07:32:26 xdaolin slapd[2241]: conn=702 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037" Jul 9 07:32:26 xdaolin slapd[2241]: conn=702 op=0 RESULT tag=120 err=2 text=unsupported extended operation Jul 9 07:32:26 xdaolin slapd[2241]: conn=702 op=1 UNBIND Jul 9 07:32:26 xdaolin slapd[2241]: conn=702 fd=23 closed Jul 9 07:32:26 xdaolin slapd[2241]: conn=703 fd=23 ACCEPT from IP=127.0.0.1:15333 (IP=0.0.0.0:389) Jul 9 07:32:26 xdaolin slapd[2241]: conn=703 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jul 9 07:32:26 xdaolin slapd[2241]: conn=703 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037" Jul 9 07:32:26 xdaolin slapd[2241]: conn=703 op=0 RESULT tag=120 err=2 text=unsupported extended operation Jul 9 07:32:26 xdaolin slapd[2241]: conn=703 op=1 UNBIND Jul 9 07:32:27 xdaolin slapd[2241]: conn=703 fd=23 closed Jul 9 07:32:27 xdaolin getent: nss_ldap: could not search LDAP server - Server is unavailable Note that "1.3.6.1.4.1.1466.20037" exists in both help requests, and that the other OP is not having problems with Samba but some other application, _two years ago_. I've found examples of the same error going back to 2006. I have yet to find via Google any document with this 1.3.6.1.4.1.1466.20037 error string having anything to do with Samba. Your problem is with your platform/OpenLDAP configuration. Have you upgraded OpenLDAP? Have you upgraded all your libraries to the latest versions? What operating system are you using? What version? Forget the fact that everything "works" on the BDC. That is not a factor here because the machines are NOT identical. One is a PDC, the other a BDC. Just because the BDC works after the Samba upgrade doesn't automatically mean the PDC should work, given that the problem isn't with Samba, but with OpenLDAP. Google for "EXT oid=1.3.6.1.4.1.1466.20037" and read every article in the first 3 pages. That should help you find your answer. Save yourself some time by upgrading all packages and libraries first to see if that fixes the problem, starting with OpenLDAP. -- Stan
Daniel Müller
2010-May-03 12:03 UTC
[Samba] WG: Upgrading 3.2.15 to 3.3.12 sernet package on opensuse 10.2
What happend to my question?!
Is there someone who could help me getting on?
Greetings
Daniel
-----------------------------------------------
EDV Daniel M?ller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Urspr?ngliche Nachricht-----
Von: Daniel M?ller [mailto:mueller at tropenklinik.de]
Gesendet: Mittwoch, 14. April 2010 16:28
An: 'samba at lists.samba.org'
Betreff: WG: [Samba] Upgrading 3.2.15 to 3.3.12 sernet package on opensuse
10.2
My Configuration,
On my PDC:
Samba version 3.2.15 /LDAP-Master (slurpd)/SMBD4wins <-- version 3.3.12
not working. Downgrade again
On my BDC:
Samba version 3.3.12 /LDAP-Slave <-- version 3.3.12 working
[global] on PDC
[global]
workgroup = tuepdc.local
bind interfaces only = true
interfaces = 192.168.135.143/24 127.0.0.0/8
socket address = 192.168.135.255
profile acls = no
hosts allow = 127.0.0.1 192.168.129.0/24 192.168.133.0/24 192.168.134.0/24
192.168.132.0/24 192.168.135.0/24 10.0.77.0/24
hosts deny = 0.0.0.0/0
server string = tuepdc.local MasterServer %v
admin users = root, administrator,marstaller
ldap passwd sync = Yes
passwd program = /usr/local/sbin/smbldap-passwd -u %u
log level = 0 vfs:[01]
log file = /system/log/%U.%m.log
syslog = 0
max log size = 3000
time server = Yes
read raw = yes
defer sharing violations = no
write raw = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
mangling method = hash2
dos charset = 850
unix charset = ISO8859-15
display charset = ISO8859-15
logon script = logon.bat
logon drive = S:
logon path security = user
domain logons = Yes
domain master = Yes
browse list = true
os level = 254
preferred master = Yes
wins support = no
wins server = 192.168.135.150
dns proxy = yes
smb ports = 139 445
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=admin,dc=tuepdc,dc=local
ldap suffix = dc=tuepdc,dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
add user script = /usr/local/sbin/smbldap-useradd -A 1 -B 1 -m -k /dummy
"%u"
delete user script = /usr/local/sbin/smbldap-userdel -r "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u"
"%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g'
'%u'
client lanman auth = no
client ntlmv2 auth = yes
load printers = Yes
nt acl support = no
printing = cups
printcap name = cups
deadtime = 10
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
preserve case = yes
case sensitive = no
----------------------------------------------------------------------------
----
[global] on smbd4wins/pdc
[globals]
netbios name= tuepdc-wins
workgroup=tuepdc.local
bind interfaces only=yes
interfaces=192.168.135.150
ntpd:disable_broadcast=yes
wins server=192.168.135.150
log level=4
dns proxy=yes
----------------------------------------------------------------------------
---
[global] on BDC
[global]
workgroup = tuepdc.local
netbios name = tuebdc
enable privileges = yes
interfaces = 192.168.135.144/24 127.0.0.0/8
bind interfaces only=true
profile acls=no
hosts allow=127.0.0.1 192.168.129.0/24 192.168.133.0/24
192.168.134.0/24 192.168.132.0/24 192.168.135.0/24 10.0.77.0/24
hosts deny=0.0.0.0/0
large readwrite=no
max xmit=166644
server string = tuebdc.local BackupServer %v
admin users=root, administrator, marstaller
encrypt passwords = Yes
ldap passwd sync = Yes
passwd program = /usr/local/sbin/smbldap-passwd -u %u
log level = 0 vfs:[01]
log file=/system/log/%U.%m.log
syslog = 0
max log size = 3000
defer sharing violations=no
time server = Yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-15
display charset=ISO8859-15
logon script = logon.bat
logon drive = S:
logon path security=user
domain logons = Yes
domain master=NO
os level = 100
preferred master =Yes
local master =Yes
wins support = no
wins server=192.168.135.150
dns proxy=yes
host msdfs=yes
smb ports=139 445
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=admin,dc=tuepdc,dc=local
ldap suffix = dc=tuepdc,dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
add user script = /usr/local/sbin/smbldap-useradd -A 1 -B 1 -m -k
/dummy "%u"
delete user script = /usr/local/sbin/smbldap-userdel -r "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u"
"%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g
'%g'
'%u'
idmap uid=15000-20000
idmap gid=15000-20000
ldap ssl=no
#vista compatibility
client lanman auth=no
client ntlmv2 auth=yes
load printers = Yes
nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
preserve case = yes
short preserve case = yes
case sensitive = no
----------------------------------------------------------------------------
---------------
The error that occurred while samba talking to ldap on my PDC and only there
not on my BDC:
EXT oid=1.3.6.1.4.1.1466.20037
Apr 8 09:22:20 tuepdc slapd[7693]: do_extended: unsupported operation
"1.3.6.1.4.1.1466.20037"
Apr 8 09:22:20 tuepdc slapd[7693]: conn=441 op=0 RESULT tag=120 err=2
text=unsupported extended operation
No user could logon to the PDC nor did the account of the workstations
longer work.
The chaos was, that the Samba BDC only served a few users all other users
could not work any more.
So my question again: How can I bring the PDC to version 3.3.12 safely and
how can I guarantee the BDC
is taking over right in time and all of my users can work on.
Daniel
-----------------------------------------------
EDV Daniel M?ller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im
Auftrag von Stan Hoeppner
Gesendet: Sonntag, 11. April 2010 00:20
An: samba at lists.samba.org
Betreff: Re: [Samba] Upgrading 3.2.15 to 3.3.12 sernet package on opensuse
10.2
Daniel M?ller put forth on 4/10/2010 2:11 AM:>
>
> Dear all, I have samba 3.2.15 PDC running with an openldap backend and
> smbd4wins on the same host. There is also a BDC the same as my PDC. After
I> did an update to 3.3.12 on my BDC this worked on the fly without problems.
> Then I went on doing the same update on my PDC with the result of chaos.
No> user was able to logon anymore , when I did a smbclient -L mypdc -N it was
> extremely slow, and my whole domain was down. After a few hours searching
> for the reasons, I only saw an error with the samba talking to my openldap
> on my PDC (this error was definitly not on my BDC with quiet the same
> configuration) that searching the ldap database. At the end the only way
to> solve this was to downgrade again to 3.2.15. Is there a way to upgrade a
> samba PDC to 3.3.12 without fail!? Greetings Daniel
It might help if you share that error message with the list. Just telling
us that you upgraded Samba and something broke doesn't give us much to go
on. Error messages, relevant log entries, and config files are always
helpful.
--
Stan
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Maybe Matching Threads
- WG: WG: Strange!!! Clients only log on to samba bdc
- Glusterfs gives up with endpoint not connected
- Upgrading 3.2.15 to 3.3.12 sernet package on opensuse 10.2
- Error setting initial password for a user when using LDAP as backend and trying to set Samba and Unix password to the same value
- Join W2008 R2 64bit to samba 3.5.8