Zaphod Beeblebrox
2016-Jul-11 16:57 UTC
[Samba] Successes an failures with Samba 4.3.9 and FreeBSD-10.3
On Mon, Jul 11, 2016 at 4:10 AM, Rowland penny <rpenny at samba.org> wrote:> > See inline comments > > On 11/07/16 06:32, Zaphod Beeblebrox wrote: > >> So... I've been running Samba 3.6 for too long and I upgraded. I did save >> my packages for 3.6, but I don't _think_ I'm going back. >> >> Points for the group: >> >> - Samba 4.4.x is broken on FreeBSD. I forget exactly, but it seems to >> be a known problem (tm), so I'll move on. >> > > What is wrong with Samba 4.4.x on FreeBSD ? >Urm... I _think_ it was a build problem. It hit very early on and mailing list traffic from June 2016-ish seem to validate it was a known thing. I don't have an easy place to test as it will refuse to build with 4.3 loaded up. Maybe I'll make a jail after these problems are fixed.> > - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL, samba_dnsupdate >> complains. Strange thing, tho: all the domains seem to lookup fine. >> I >> can't exactly find the problem here. >> > > > I understand this is a known problem and can possibly be 'fixed' by adding > 'allow dns updates = nonsecure and secure' to smb.conf on the DC. >Not in my case. Already have that line.> > >> Now... this is pretty bupkis, because ldbsearch finds the SID for >> administrator _and_ for my login just fine. In addition, ldbedit lets me >> change my xidNumber. I did so. when I re-ldbedit... it's changed. >> > > And this where lots of people make the same mistake, don't change the > 'xidNumber' attribute in idmap.ldb, add a 'uidNumber' attribute to the > users object in sam.ldb. > >uidNumber doesn't work. I ldbedited'd my SID to add that attribute. Then I restarted samba, then I created a file with my workstation. Still has 3000016 rather than 101 as the uid.
Rowland penny
2016-Jul-11 17:54 UTC
[Samba] Successes an failures with Samba 4.3.9 and FreeBSD-10.3
On 11/07/16 17:57, Zaphod Beeblebrox wrote:> > > On Mon, Jul 11, 2016 at 4:10 AM, Rowland penny <rpenny at samba.org > <mailto:rpenny at samba.org>> wrote: > > > See inline comments > > On 11/07/16 06:32, Zaphod Beeblebrox wrote: > > So... I've been running Samba 3.6 for too long and I > upgraded. I did save > my packages for 3.6, but I don't _think_ I'm going back. > > Points for the group: > > - Samba 4.4.x is broken on FreeBSD. I forget exactly, but > it seems to > be a known problem (tm), so I'll move on. > > > What is wrong with Samba 4.4.x on FreeBSD ? > > > Urm... I _think_ it was a build problem. It hit very early on and > mailing list traffic from June 2016-ish seem to validate it was a > known thing. I don't have an easy place to test as it will refuse to > build with 4.3 loaded up. Maybe I'll make a jail after these problems > are fixed.Never used freebsd, but I would have thought you should be able to build Samba from a tarball.> > - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL, > samba_dnsupdate > complains. Strange thing, tho: all the domains seem to > lookup fine. I > can't exactly find the problem here. > > > > I understand this is a known problem and can possibly be 'fixed' > by adding 'allow dns updates = nonsecure and secure' to smb.conf > on the DC. > > > Not in my case. Already have that line.How are you using samba_dnsupdate ?> > > Now... this is pretty bupkis, because ldbsearch finds the SID for > administrator _and_ for my login just fine. In addition, > ldbedit lets me > change my xidNumber. I did so. when I re-ldbedit... it's > changed. > > > And this where lots of people make the same mistake, don't change > the 'xidNumber' attribute in idmap.ldb, add a 'uidNumber' > attribute to the users object in sam.ldb. > > > uidNumber doesn't work. I ldbedited'd my SID to add that attribute. > Then I restarted samba, then I created a file with my workstation. > Still has 3000016 rather than 101 as the uid.Straight after adding a uidNumber attribute, it probably will not be used, because the info will be pulled from a cache instead of AD, try running 'net cache flush', if that doesn't work, as a last result, find the users object in idmap.ldb and remove it. Rowland
Zaphod Beeblebrox
2016-Jul-11 22:18 UTC
[Samba] Successes an failures with Samba 4.3.9 and FreeBSD-10.3
OK. "net cache flush" worked (dunno why a restart isn't equivalent, but hey). So let's start peeling back other issues! On Mon, Jul 11, 2016 at 1:54 PM, Rowland penny <rpenny at samba.org> wrote:> On 11/07/16 17:57, Zaphod Beeblebrox wrote: > >> >> >> - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL, >> samba_dnsupdate >> complains. Strange thing, tho: all the domains seem to >> lookup fine. I >> can't exactly find the problem here. >> >> >> >> I understand this is a known problem and can possibly be 'fixed' >> by adding 'allow dns updates = nonsecure and secure' to smb.conf >> on the DC. >> >> >> Not in my case. Already have that line. >> > > How are you using samba_dnsupdate ? >An example would be "/usr/local/sbin/samba_dnsupdate --verbose --all-names -d 15" But even just samba_dnsupdate by itself squaks. I put the output in https://owncloud.eicat.ca/index.php/s/vAKUymZr3OD59i7