samba - Jul 2016 - Successes an failures with Samba 4.3.9 and FreeBSD-10.3

On Mon, Jul 11, 2016 at 4:10 AM, Rowland penny <rpenny at samba.org>
wrote:
>
> See inline comments
>
> On 11/07/16 06:32, Zaphod Beeblebrox wrote:
>
>> So... I've been running Samba 3.6 for too long and I upgraded.  I
did save
>> my packages for 3.6, but I don't _think_ I'm going back.
>>
>> Points for the group:
>>
>>     - Samba 4.4.x is broken on FreeBSD.  I forget exactly, but it seems
to
>>     be a known problem (tm), so I'll move on.
>>
>
> What is wrong with Samba 4.4.x on FreeBSD ?
>
Urm... I _think_ it was a build problem.  It hit very early on and mailing
list traffic from June 2016-ish seem to validate it was a known thing.  I
don't have an easy place to test as it will refuse to build with 4.3 loaded
up.  Maybe I'll make a jail after these problems are fixed.

>
>     - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL, samba_dnsupdate
>>     complains.  Strange thing, tho: all the domains seem to lookup
fine.
>> I
>>     can't exactly find the problem here.
>>
>
>
> I understand this is a known problem and can possibly be 'fixed' by
adding
> 'allow dns updates = nonsecure and secure' to smb.conf on the DC.
>
Not in my case.  Already have that line.

>
>
>> Now... this is pretty bupkis, because ldbsearch finds the SID for
>> administrator _and_ for my login just fine.  In addition, ldbedit lets
me
>> change my xidNumber.  I did so.  when I re-ldbedit... it's changed.
>>
>
> And this where lots of people make the same mistake, don't change the
> 'xidNumber' attribute in idmap.ldb, add a 'uidNumber'
attribute to the
> users object in sam.ldb.
>
>
uidNumber doesn't work.  I ldbedited'd my SID to add that attribute. 
Then
I restarted samba, then I created a file with my workstation.  Still has
3000016 rather than 101 as the uid.

On 11/07/16 17:57, Zaphod Beeblebrox wrote:
>
>
> On Mon, Jul 11, 2016 at 4:10 AM, Rowland penny <rpenny at samba.org 
> <mailto:rpenny at samba.org>> wrote:
>
>
>     See inline comments
>
>     On 11/07/16 06:32, Zaphod Beeblebrox wrote:
>
>         So... I've been running Samba 3.6 for too long and I
>         upgraded.  I did save
>         my packages for 3.6, but I don't _think_ I'm going back.
>
>         Points for the group:
>
>             - Samba 4.4.x is broken on FreeBSD.  I forget exactly, but
>         it seems to
>             be a known problem (tm), so I'll move on.
>
>
>     What is wrong with Samba 4.4.x on FreeBSD ?
>
>
> Urm... I _think_ it was a build problem.  It hit very early on and 
> mailing list traffic from June 2016-ish seem to validate it was a 
> known thing.  I don't have an easy place to test as it will refuse to 
> build with 4.3 loaded up.  Maybe I'll make a jail after these problems 
> are fixed.
Never used freebsd, but I would have thought you should be able to build 
Samba from a tarball.
>
>             - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL,
>         samba_dnsupdate
>             complains.  Strange thing, tho: all the domains seem to
>         lookup fine.  I
>             can't exactly find the problem here.
>
>
>
>     I understand this is a known problem and can possibly be
'fixed'
>     by adding 'allow dns updates = nonsecure and secure' to
smb.conf
>     on the DC.
>
>
> Not in my case.  Already have that line.
How are you using samba_dnsupdate ?
>
>
>         Now... this is pretty bupkis, because ldbsearch finds the SID for
>         administrator _and_ for my login just fine.  In addition,
>         ldbedit lets me
>         change my xidNumber.  I did so.  when I re-ldbedit... it's
>         changed.
>
>
>     And this where lots of people make the same mistake, don't change
>     the 'xidNumber' attribute in idmap.ldb, add a
'uidNumber'
>     attribute to the users object in sam.ldb.
>
>
> uidNumber doesn't work.  I ldbedited'd my SID to add that
attribute.
> Then I restarted samba, then I created a file with my workstation.  
> Still has 3000016 rather than 101 as the uid.
Straight after adding a uidNumber attribute, it probably will not be 
used, because the info will be pulled from a cache instead of AD, try 
running 'net cache flush', if that doesn't work, as a last result,
find
the users object in idmap.ldb and remove it.

Rowland

OK.  "net cache flush" worked (dunno why a restart isn't
equivalent, but
hey).  So let's start peeling back other issues!

On Mon, Jul 11, 2016 at 1:54 PM, Rowland penny <rpenny at samba.org>
wrote:
> On 11/07/16 17:57, Zaphod Beeblebrox wrote:
>
>>
>>
>>             - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL,
>>         samba_dnsupdate
>>             complains.  Strange thing, tho: all the domains seem to
>>         lookup fine.  I
>>             can't exactly find the problem here.
>>
>>
>>
>>     I understand this is a known problem and can possibly be
'fixed'
>>     by adding 'allow dns updates = nonsecure and secure' to
smb.conf
>>     on the DC.
>>
>>
>> Not in my case.  Already have that line.
>>
>
> How are you using samba_dnsupdate ?
>
An example would be "/usr/local/sbin/samba_dnsupdate --verbose --all-names
-d 15"

But even just samba_dnsupdate by itself squaks.  I put the output in
https://owncloud.eicat.ca/index.php/s/vAKUymZr3OD59i7