Hey Rowland,
Below is a cutdown version of my DHCP. As you can see, I haven't really set
anything up for ddns-update. While using Samba4's internal DNS I had the
setting 'ddns-update-style interim;' and it seemed to have worked fine.
But with bind I'm not sure what else is needed.
Thanks for taking a look at it.
Philip
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
# see 'man 5 dhcpd.conf'
#
# option definitions common to all supported networks...
option domain-name "DOMAIN";
option domain-name-servers 172.17.0.170, 172.17.0.171;
filename "pxelinux.0";
next-server 172.17.0.50;
default-lease-time 600;
max-lease-time 7200;
# Use this to enble / disable dynamic dns updates globally.
#ddns-updates on; # not really necessary, ddns-update-style is good enough
ddns-update-style interim;
deny client-updates;
ignore-client-updates;
#allow client-updates;
#update-static-leases on;
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
#Paste in the generated key here. Should be in quotes
secret "SECRET";
};
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
class "Others" {
.....
}
subnet 172.17.0.0 netmask 255.255.255.0 {
option routers 172.17.0.1;
pool {
range 172.17.0.201 172.17.0.254;
option broadcast-address 172.17.0.255;
deny members of "Others";
}
.....The rest of vlans
log-facility local6;
________________________________________
From: samba [samba-bounces at lists.samba.org] on behalf of Rowland Penny
[rowlandpenny241155 at gmail.com]
Sent: Monday, November 09, 2015 4:15 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Samba_dlz: canceling trasaction on zone domain
On 09/11/15 20:48, Philip Banh wrote:> Hi there,
>
> I'm in the process of switching from using Samba4 internal DNS to using
BIND as my backend DNS. However, I'm currently running into some issues with
the transition.
>
> Here's an example of the messages I'm getting from
/var/log/messages logs:
>
> Nov 9 15:34:26 pho-dcpvl-01N named[27524]: samba_dlz: starting transaction
on zone DOMAIN
> Nov 9 15:34:26 pho-dcpvl-01N named[27524]: client 172.17.0.30#59051:
update 'DOMAIN/IN' denied
> Nov 9 15:34:26 pho-dcpvl-01N named[27524]: samba_dlz: cancelling
transaction on zone DOMAIN
> Nov 9 15:35:24 pho-dcpvl-01N named[27524]: samba_dlz: starting transaction
on zone DOMAIN
> Nov 9 15:35:24 pho-dcpvl-01N named[27524]: client 172.17.0.30#42206:
update 'DOMAIN/IN' denied
> Nov 9 15:35:24 pho-dcpvl-01N named[27524]: samba_dlz: cancelling
transaction on zone DOMAIN
> Nov 9 15:35:26 pho-dcpvl-01N named[27524]: samba_dlz: starting transaction
on zone DOMAIN
> Nov 9 15:35:26 pho-dcpvl-01N named[27524]: client 172.17.0.30#51563:
update 'DOMAIN/IN' denied
> Nov 9 15:35:26 pho-dcpvl-01N named[27524]: samba_dlz: cancelling
transaction on zone DOMAIN
> Nov 9 15:35:32 pho-dcpvl-01N named[27524]: samba_dlz: starting transaction
on zone DOMAIN
>
> * 172.17.0.30 being my DHCP server.
>
> Does anyone know what's causing the above messages? And how do you
proceed in a setup with Samba4 AD / BIND with DDNS.
>
> My guess here is I'm having troubles with setting up the DHCP properly
to communicate with BIND, so the DNS isn't being updated.
>
> Please let me know what other information I can provide.
>
> Thanks,
> Philip
>
>
>
>
Can you post your dhcpd.conf ?
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2015-Nov-09 21:45 UTC
[Samba] Samba_dlz: canceling trasaction on zone domain
On 09/11/15 21:28, Philip Banh wrote:> Hey Rowland, > > Below is a cutdown version of my DHCP. As you can see, I haven't really set anything up for ddns-update. While using Samba4's internal DNS I had the setting 'ddns-update-style interim;' and it seemed to have worked fine. But with bind I'm not sure what else is needed. > > Thanks for taking a look at it. > Philip > > # > # DHCP Server Configuration file. > # see /usr/share/doc/dhcp*/dhcpd.conf.sample > # see 'man 5 dhcpd.conf' > # > # option definitions common to all supported networks... > option domain-name "DOMAIN"; > option domain-name-servers 172.17.0.170, 172.17.0.171; > > filename "pxelinux.0"; > next-server 172.17.0.50; > > default-lease-time 600; > max-lease-time 7200; > > # Use this to enble / disable dynamic dns updates globally. > #ddns-updates on; # not really necessary, ddns-update-style is good enough > ddns-update-style interim; > deny client-updates; > ignore-client-updates; > #allow client-updates; > > #update-static-leases on; > key DHCP_UPDATER { > algorithm HMAC-MD5.SIG-ALG.REG.INT; > > #Paste in the generated key here. Should be in quotes > secret "SECRET"; > }; > # If this DHCP server is the official DHCP server for the local > # network, the authoritative directive should be uncommented. > authoritative; > > class "Others" { > > ..... > > } > > subnet 172.17.0.0 netmask 255.255.255.0 { > option routers 172.17.0.1; > > pool { > range 172.17.0.201 172.17.0.254; > option broadcast-address 172.17.0.255; > deny members of "Others"; > } > > .....The rest of vlans > > log-facility local6; > > ________________________________________ > From: samba [samba-bounces at lists.samba.org] on behalf of Rowland Penny [rowlandpenny241155 at gmail.com] > Sent: Monday, November 09, 2015 4:15 PM > To: samba at lists.samba.org > Subject: Re: [Samba] Samba_dlz: canceling trasaction on zone domain > > On 09/11/15 20:48, Philip Banh wrote: >> Hi there, >> >> I'm in the process of switching from using Samba4 internal DNS to using BIND as my backend DNS. However, I'm currently running into some issues with the transition. >> >> Here's an example of the messages I'm getting from /var/log/messages logs: >> >> Nov 9 15:34:26 pho-dcpvl-01N named[27524]: samba_dlz: starting transaction on zone DOMAIN >> Nov 9 15:34:26 pho-dcpvl-01N named[27524]: client 172.17.0.30#59051: update 'DOMAIN/IN' denied >> Nov 9 15:34:26 pho-dcpvl-01N named[27524]: samba_dlz: cancelling transaction on zone DOMAIN >> Nov 9 15:35:24 pho-dcpvl-01N named[27524]: samba_dlz: starting transaction on zone DOMAIN >> Nov 9 15:35:24 pho-dcpvl-01N named[27524]: client 172.17.0.30#42206: update 'DOMAIN/IN' denied >> Nov 9 15:35:24 pho-dcpvl-01N named[27524]: samba_dlz: cancelling transaction on zone DOMAIN >> Nov 9 15:35:26 pho-dcpvl-01N named[27524]: samba_dlz: starting transaction on zone DOMAIN >> Nov 9 15:35:26 pho-dcpvl-01N named[27524]: client 172.17.0.30#51563: update 'DOMAIN/IN' denied >> Nov 9 15:35:26 pho-dcpvl-01N named[27524]: samba_dlz: cancelling transaction on zone DOMAIN >> Nov 9 15:35:32 pho-dcpvl-01N named[27524]: samba_dlz: starting transaction on zone DOMAIN >> >> * 172.17.0.30 being my DHCP server. >> >> Does anyone know what's causing the above messages? And how do you proceed in a setup with Samba4 AD / BIND with DDNS. >> >> My guess here is I'm having troubles with setting up the DHCP properly to communicate with BIND, so the DNS isn't being updated. >> >> Please let me know what other information I can provide. >> >> Thanks, >> Philip >> >> >> >>Hmm, That sort of fits in with what I was expecting, I have been using bind9 with dhcp for the last three years without any real problems, this is my dhcpd.conf: default-lease-time 14400; max-lease-time 14400; authoritative; subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.50 192.168.0.229; option subnet-mask 255.255.255.0; option broadcast-address 192.168.0.255; option time-offset 0; option routers 192.168.0.1; option domain-name "samdom.example.com"; option domain-name-servers 192.168.0.5; option netbios-name-servers 192.168.0.5; option ntp-servers 192.168.0.5; } on commit { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); set ClientDHCID = binary-to-ascii(16, 8, ":", hardware); set ClientName = pick-first-value(option host-name, config-option-host-name, client-name); log(concat("Commit: IP: ", ClientIP, " DHCID: ", ClientDHCID, " Name: ", ClientName)); execute("/etc/dhcp/bin/dhcp-dyndns.sh", "add", ClientIP, ClientDHCID, ClientName); } on release { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); set ClientDHCID = binary-to-ascii(16, 8, ":", hardware); log(concat("Release: IP: ", ClientIP)); execute("/etc/dhcp/bin/dhcp-dyndns.sh", "delete", ClientIP, ClientDHCID); } on expiry { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); # cannot get a ClientMac here, apparently this only works when actually receiving a packet log(concat("Expired: IP: ", ClientIP)); # cannot get a ClientName here, for some reason that always fails execute("/etc/dhcp/bin/dhcp-dyndns.sh", "delete", ClientIP, "", "0"); } And before you ask, this is /etc/dhcp/bin/dhcp-dyndns.sh: #!/bin/bash # /etc/bin/dhcp-dyndns.sh # This script is for secure DDNS updates on Samba 4 # Version: 0.8.7 # DNS domain domain=$(hostname -d) if [ -z ${domain} ]; then echo "Cannot obtain domain name, is DNS set up correctly?" echo "Cannot continue... Exiting." logger "Cannot obtain domain name, is DNS set up correctly?" logger "Cannot continue... Exiting." exit 1 fi # Samba 4 realm REALM=$(echo ${domain^^}) # Additional nsupdate flags (-g already applied), e.g. "-d" for debug #NSUPDFLAGS="-d" # Additional debug flag, if set will log to screen #DEBUG="YES" if [ -n "${DEBUG}" ]; then logwhere="echo" else logwhere="logger" fi ## Do not change anything below here # krbcc ticket cache export KRB5CCNAME="/tmp/dhcp-dyndns.cc" # Kerberos principal SETPRINCIPAL=dhcpduser@${REALM} # Kerberos keytab # /etc/dhcpduser.keytab # krbcc ticket cache # /tmp/dhcp-dyndns.cc TESTUSER=$(wbinfo -u | grep 'dhcpduser') if [ -z "${TESTUSER}" ]; then echo "No AD dhcp user exists, need to create it first.. exiting." echo "you can do this by typing the following commands" echo "kinit Administrator@${REALM}" echo "samba-tool user create dhcpduser --random-password --description=\"Unprivileged user for DNS updates via ISC DHCP server\"" echo "samba-tool user setexpiry dhcpduser --noexpiry" echo "samba-tool group addmembers DnsAdmins dhcpduser" exit 1 fi # Check for Kerberos keytab if [ ! -f /etc/dhcp/dhcpduser.keytab ]; then echo "Required keytab /etc/dhcpduser.keytab not found, it needs to be created." echo "Use the following commands as root" echo "samba-tool domain exportkeytab --principal=${SETPRINCIPAL} /etc/dhcpduser.keytab" echo "chown dhcpd:dhcpd /etc/dhcpduser.keytab" echo "chmod 400 /etc/dhcpduser.keytab" exit 1 fi # Variables supplied by dhcpd.conf action=$1 ip=$2 DHCID=$3 name=${4%%.*} usage() { echo "USAGE:" echo " `basename $0` add ip-address dhcid|mac-address hostname" echo " `basename $0` delete ip-address dhcid|mac-address" } _KERBEROS () { # get current time as a number test=$(date +%d'-'%m'-'%y' '%H':'%M':'%S) # Note: there have been problems with this # check that 'date' returns something like # 04-09-15 09:38:14 # Check for valid kerberos ticket echo "${test} [dyndns] : Running check for valid kerberos ticket" klist -c /tmp/dhcp-dyndns.cc -s if [ "$?" != "0" ]; then echo "${test} [dyndns] : Getting new ticket, old one has expired" kinit -F -k -t /etc/dhcp/dhcpduser.keytab -c /tmp/dhcp-dyndns.cc "${SETPRINCIPAL}" if [ "$?" != "0" ]; then echo "${test} [dyndns] : dhcpd kinit for dynamic DNS failed" exit 1; fi else echo "${test} [dyndns] : New ticket not required, old one still valid" fi } # Exit if no ip address or mac-address if [ -z "${ip}" ] || [ -z "${DHCID}" ]; then usage exit 1 fi # Exit if no computer name supplied, unless the action is 'delete' if [ "${name}" = "" ]; then if [ "${action}" = "delete" ]; then name=$(host -t PTR "${ip}" | awk '{print $NF}' | awk -F '.' '{print $1}') else usage exit 1; fi fi # Set PTR address ptr=$(echo ${ip} | awk -F '.' '{print $4"."$3"."$2"."$1".in-addr.arpa"}') ## nsupdate ## case "${action}" in add) _KERBEROS nsupdate -g ${NSUPDFLAGS} << UPDATE server 127.0.0.1 realm ${REALM} update delete ${name}.${domain} 3600 A update add ${name}.${domain} 3600 A ${ip} send UPDATE result1=$? nsupdate -g ${NSUPDFLAGS} << UPDATE server 127.0.0.1 realm ${REALM} update delete ${ptr} 3600 PTR update add ${ptr} 3600 PTR ${name}.${domain} send UPDATE result2=$? ;; delete) _KERBEROS nsupdate -g ${NSUPDFLAGS} << UPDATE server 127.0.0.1 realm ${REALM} update delete ${name}.${domain} 3600 A send UPDATE result1=$? nsupdate -g ${NSUPDFLAGS} << UPDATE server 127.0.0.1 realm ${REALM} update delete ${ptr} 3600 PTR send UPDATE result2=$? ;; *) echo "Invalid action specified" exit 103 ;; esac result="${result1}${result2}" if [ "${result}" != "00" ]; then $logwhere "DHCP-DNS Update failed: ${result}" else $logwhere "DHCP-DNS Update succeeded" fi exit ${result} This is what you need to do to use the above (this is on debian, you may need to adapt it slightly for you distro): apt-get install isc-dhcp-server -y samba-tool user create dhcpduser --description="Unprivileged user for TSIG-GSSAPI DNS updates via ISC DHCP server" --random-password samba-tool group addmembers DnsAdmins dhcpduser samba-tool domain exportkeytab --principal=dhcpduser at SAMDOM.EXAMPLE.COM /etc/dhcp/dhcpduser.keytab chown root:root /etc/dhcp/dhcpduser.keytab chmod 400 /etc/dhcp/dhcpduser.keytab samba-tool user setexpiry dhcpduser --noexpiry mkdir -p /etc/dhcp/bin create /etc/dhcp/bin/dhcp-dyndns.sh chmod 755 /etc/dhcp/bin/dhcp-dyndns.sh cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.orig create the new /etc/dhcp/dhcpd.conf OK, this should now work after you restart bind and dhcp, any problems, let me know. Rowland
Rowland Penny
2015-Nov-09 22:02 UTC
[Samba] Samba_dlz: canceling trasaction on zone domain
On 09/11/15 21:28, Philip Banh wrote:> Hey Rowland, > > Below is a cutdown version of my DHCP. As you can see, I haven't really set anything up for ddns-update. While using Samba4's internal DNS I had the setting 'ddns-update-style interim;' and it seemed to have worked fine. But with bind I'm not sure what else is needed. > > Thanks for taking a look at it. > Philip > > # > # DHCP Server Configuration file. > # see /usr/share/doc/dhcp*/dhcpd.conf.sample > # see 'man 5 dhcpd.conf' > # > # option definitions common to all supported networks... > option domain-name "DOMAIN"; > option domain-name-servers 172.17.0.170, 172.17.0.171; > > filename "pxelinux.0"; > next-server 172.17.0.50; > > default-lease-time 600; > max-lease-time 7200; > > # Use this to enble / disable dynamic dns updates globally. > #ddns-updates on; # not really necessary, ddns-update-style is good enough > ddns-update-style interim; > deny client-updates; > ignore-client-updates; > #allow client-updates; > > #update-static-leases on; > key DHCP_UPDATER { > algorithm HMAC-MD5.SIG-ALG.REG.INT; > > #Paste in the generated key here. Should be in quotes > secret "SECRET"; > }; > # If this DHCP server is the official DHCP server for the local > # network, the authoritative directive should be uncommented. > authoritative; > > class "Others" { > > ..... > > } > > subnet 172.17.0.0 netmask 255.255.255.0 { > option routers 172.17.0.1; > > pool { > range 172.17.0.201 172.17.0.254; > option broadcast-address 172.17.0.255; > deny members of "Others"; > } > > .....The rest of vlans > > log-facility local6; > > ________________________________________ > From: samba [samba-bounces at lists.samba.org] on behalf of Rowland Penny [rowlandpenny241155 at gmail.com] > Sent: Monday, November 09, 2015 4:15 PM > To: samba at lists.samba.org > Subject: Re: [Samba] Samba_dlz: canceling trasaction on zone domain > > On 09/11/15 20:48, Philip Banh wrote: >> Hi there, >> >> I'm in the process of switching from using Samba4 internal DNS to using BIND as my backend DNS. However, I'm currently running into some issues with the transition. >> >> Here's an example of the messages I'm getting from /var/log/messages logs: >> >> Nov 9 15:34:26 pho-dcpvl-01N named[27524]: samba_dlz: starting transaction on zone DOMAIN >> Nov 9 15:34:26 pho-dcpvl-01N named[27524]: client 172.17.0.30#59051: update 'DOMAIN/IN' denied >> Nov 9 15:34:26 pho-dcpvl-01N named[27524]: samba_dlz: cancelling transaction on zone DOMAIN >> Nov 9 15:35:24 pho-dcpvl-01N named[27524]: samba_dlz: starting transaction on zone DOMAIN >> Nov 9 15:35:24 pho-dcpvl-01N named[27524]: client 172.17.0.30#42206: update 'DOMAIN/IN' denied >> Nov 9 15:35:24 pho-dcpvl-01N named[27524]: samba_dlz: cancelling transaction on zone DOMAIN >> Nov 9 15:35:26 pho-dcpvl-01N named[27524]: samba_dlz: starting transaction on zone DOMAIN >> Nov 9 15:35:26 pho-dcpvl-01N named[27524]: client 172.17.0.30#51563: update 'DOMAIN/IN' denied >> Nov 9 15:35:26 pho-dcpvl-01N named[27524]: samba_dlz: cancelling transaction on zone DOMAIN >> Nov 9 15:35:32 pho-dcpvl-01N named[27524]: samba_dlz: starting transaction on zone DOMAIN >> >> * 172.17.0.30 being my DHCP server. >> >> Does anyone know what's causing the above messages? And how do you proceed in a setup with Samba4 AD / BIND with DDNS. >> >> My guess here is I'm having troubles with setting up the DHCP properly to communicate with BIND, so the DNS isn't being updated. >> >> Please let me know what other information I can provide. >> >> Thanks, >> Philip >> >> >> >> > Can you post your dhcpd.conf ? > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaOne thing I forgot to say is that my setup is based on what I found here: http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/
Thanks a lot. I'll take a read through it and see if I can get it working. ________________________________________ From: samba [samba-bounces at lists.samba.org] on behalf of Rowland Penny [rowlandpenny241155 at gmail.com] Sent: Monday, November 09, 2015 5:02 PM To: samba at lists.samba.org Subject: Re: [Samba] Samba_dlz: canceling trasaction on zone domain On 09/11/15 21:28, Philip Banh wrote:> Hey Rowland, > > Below is a cutdown version of my DHCP. As you can see, I haven't really set anything up for ddns-update. While using Samba4's internal DNS I had the setting 'ddns-update-style interim;' and it seemed to have worked fine. But with bind I'm not sure what else is needed. > > Thanks for taking a look at it. > Philip > > # > # DHCP Server Configuration file. > # see /usr/share/doc/dhcp*/dhcpd.conf.sample > # see 'man 5 dhcpd.conf' > # > # option definitions common to all supported networks... > option domain-name "DOMAIN"; > option domain-name-servers 172.17.0.170, 172.17.0.171; > > filename "pxelinux.0"; > next-server 172.17.0.50; > > default-lease-time 600; > max-lease-time 7200; > > # Use this to enble / disable dynamic dns updates globally. > #ddns-updates on; # not really necessary, ddns-update-style is good enough > ddns-update-style interim; > deny client-updates; > ignore-client-updates; > #allow client-updates; > > #update-static-leases on; > key DHCP_UPDATER { > algorithm HMAC-MD5.SIG-ALG.REG.INT; > > #Paste in the generated key here. Should be in quotes > secret "SECRET"; > }; > # If this DHCP server is the official DHCP server for the local > # network, the authoritative directive should be uncommented. > authoritative; > > class "Others" { > > ..... > > } > > subnet 172.17.0.0 netmask 255.255.255.0 { > option routers 172.17.0.1; > > pool { > range 172.17.0.201 172.17.0.254; > option broadcast-address 172.17.0.255; > deny members of "Others"; > } > > .....The rest of vlans > > log-facility local6; > > ________________________________________ > From: samba [samba-bounces at lists.samba.org] on behalf of Rowland Penny [rowlandpenny241155 at gmail.com] > Sent: Monday, November 09, 2015 4:15 PM > To: samba at lists.samba.org > Subject: Re: [Samba] Samba_dlz: canceling trasaction on zone domain > > On 09/11/15 20:48, Philip Banh wrote: >> Hi there, >> >> I'm in the process of switching from using Samba4 internal DNS to using BIND as my backend DNS. However, I'm currently running into some issues with the transition. >> >> Here's an example of the messages I'm getting from /var/log/messages logs: >> >> Nov 9 15:34:26 pho-dcpvl-01N named[27524]: samba_dlz: starting transaction on zone DOMAIN >> Nov 9 15:34:26 pho-dcpvl-01N named[27524]: client 172.17.0.30#59051: update 'DOMAIN/IN' denied >> Nov 9 15:34:26 pho-dcpvl-01N named[27524]: samba_dlz: cancelling transaction on zone DOMAIN >> Nov 9 15:35:24 pho-dcpvl-01N named[27524]: samba_dlz: starting transaction on zone DOMAIN >> Nov 9 15:35:24 pho-dcpvl-01N named[27524]: client 172.17.0.30#42206: update 'DOMAIN/IN' denied >> Nov 9 15:35:24 pho-dcpvl-01N named[27524]: samba_dlz: cancelling transaction on zone DOMAIN >> Nov 9 15:35:26 pho-dcpvl-01N named[27524]: samba_dlz: starting transaction on zone DOMAIN >> Nov 9 15:35:26 pho-dcpvl-01N named[27524]: client 172.17.0.30#51563: update 'DOMAIN/IN' denied >> Nov 9 15:35:26 pho-dcpvl-01N named[27524]: samba_dlz: cancelling transaction on zone DOMAIN >> Nov 9 15:35:32 pho-dcpvl-01N named[27524]: samba_dlz: starting transaction on zone DOMAIN >> >> * 172.17.0.30 being my DHCP server. >> >> Does anyone know what's causing the above messages? And how do you proceed in a setup with Samba4 AD / BIND with DDNS. >> >> My guess here is I'm having troubles with setting up the DHCP properly to communicate with BIND, so the DNS isn't being updated. >> >> Please let me know what other information I can provide. >> >> Thanks, >> Philip >> >> >> >> > Can you post your dhcpd.conf ? > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaOne thing I forgot to say is that my setup is based on what I found here: http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba