I recently ran into issues that seem to be related to this "Dfs" user (which is added automatically when you create a new namespace link.) I can't find this user in any local or domain user store, nor can I find any documentation on what it does...but apparently it needs full control of the DFS namespace links for thinks to work correctly. What is this user, and where can I find documentation on it's purpose?
I have a machine with three, fifteen drive mdraid RAID-6 arrays (md10, md20, md30.) These three arrays are then setup as physical volumes for LVM and combined into a single volume group.
I then have been creating logical volumes from the VG using the following command:
lvcreate -i 3 -I 4 -L 10T -n
These volumes are then being served out as block devices via FCoE.
My question is if I need to do anything with the chunk/stripe sizes to make this work as well as it should? If I have 15 drive, RAID-6 arrays, does the stripe size that LVM passes down to the RAID device need to be 13x the size of the RAID chunk size (since I have double parity) so that I can actually get the full speed of all 45 drives?
OS is RHEL 7, LVM version is 2.02.115(2)-RHEL7.
I work at an organization with 15 physical sites. The corporate headquarters has two DC's, which hold all the FSMO roles between them. Each remote site has one DC onsite.
When I started working here, AD sites were not configured. My question is, what is gained by configuring them if we have high speed WAN links between all sites (over 10 MB.) I am aware that login speed could improve. But, when the WAN link is down, clients should still be able to find the local DC, correct?
I have a Windows share (shared from a Windows Server 2003 box) that is mounted on our Ubuntu server using cifs. That mount is then shared out through Samba. The issue is that all of the folders in the share display as FILES. For example, imagine this folder structure:
>Share Level >> FolderOne >>> File >> FolderTwo >> FileOne
So, when I enter the root of the share from a Windows 7 machine, FolderOne, FolderTwo and FileOne all display as files. If I attempt to enter FolderOne by clicking on it's icon, it fails. If I go directly to the folder with a UNC path (\\server\share\FolderOne) I can enter the folder correctly.
Options on the CIFS mount: dirmode=0770, file_mode=0770, rw
Samba options on the share:
writeable = yes printable = no browseable = yes force user = <primary file owner> force group = <primary file group> valid users = <needed access>
This is an Ubuntu 12.04.2 server running Samba 3.6.3.
So, I have a GPO, which runs a quick start up script to delete locally installed IP printers from all machines on our AD domain during computer start up. This works great...the issue appears when we try to exempt a few machines from this (a few small offices without print servers.)
I have created a global security group, and put the computer accounts (since this is a startup, not a login script) into the group. I then set permissions on the GPO to deny access to that group. For some reason, this has no effect. It also has no effect if I set deny permissions for that group on the script itself.
Interestingly, though, if I cut out the group, and set deny permissions on the GPO or script for the computer account directly, permissions are denied properly.
These issues persist across multiple "gpupdate /force" commands, as well as reboots.
Am I missing something about how computer accounts group group sids? Why are the group based deny permissions not working?
I have an Ubuntu 10.04.4 LTS server running Samba, and joined to our Active Directory domain using PBIS (formerly likewise-open.) Samba is configured to do authentication using AD users/groups, and this is working correctly. Also, standard Linux permissions (user, group, others) world properly with Samba. BUT, Samba seems to totally ignore any permissions set with extended ACLs.
I have tried various smb.conf configurations I have seen recommended elsewhere, and none of them seem to have any effect.
Machine Setup:
- Files share is on it's own drive. Mount info from /etc/fstab for the drive is:
- UUID=372aa637-4b7b-45cc-8340-9d028893c196 /media/news-drive ext4 user_xattr,acl 0 2
- Machine is joined to domain using PBIS (formerly likewise-open)
- Samba config for the share is:
[shared] comment = , nt acl support = yes admin users = force user = force group = \domain^users create mask = 0770 directory mask = 0770
- Global Samba Config
workgroup = dns proxy = no server string = load printers = no cups options = raw guest account = pcguest log file = /var/log/samba/%m.log max log size = 50 security = ADS realm = socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = 172.16.0.20 10.4.1.20 127.0.0.1 bind interfaces only = yes idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 map to guest = Bad User
- I have also used some of these in the global config, without success
idmap backend = idmap_rid:=16777216-33554431 nt acl support = yes inherit acls = Yes map acl inherit = Yes map archive = no map hidden = no map read only = no map system = no store dos attributes = yes inherit permissions = Yes template shell = /bin/false winbind use default domain = no
What am I missing here, to get Samba to work with the extended ACLs?
An Example of What is Happening
I have a folder in a samba share. The share itself is wide open within our domain (the "valid users" setting is set to the "Domain Users" group for the AD domain.) Within that share, I have a folder with more restrictive permissions at the file system level (owned by one AD user, with the group set to an AD group with just a few people in it and permissions chmod-ed to 770)
The issue is, I need to give access to that folder to another AD group, so I run "setfacl -m u::rwx " to give them permission to access it. This works within Linux (if I ssh in which one of those users and navigate to the folder)...but if I connect to the SMB share with that same user, and try and navigate to that folder, access is denied.
We are in the process of upgrading our domain environment from Windows 200, to Windows 2008 R2 (sigh of relief). When the upgrade is completed, we would like to move to using GPO software deployment.
The question I has is regarding how to manage moving hundreds of machines that have all had software manually installed, into GPO deployment. Will the software try and re-install? Will the client extension detect that they software is installed, and not attempt to re-install?
I am trying to setup a Postfix server on a Linux box to relay all mail to our Office365 (Exchange, hosted by Microsoft) mail server, but, I keep getting an error regarding the sending address:
BB338140DC1: to= relay=pod51010.outlook.com[157.56.234.118]:587, delay=7.6, delays=0.01/0/2.5/5.1, dsn=5.7.1, status=bounced (host pod51010.outlook.com[157.56.234.118] said: 550 5.7.1 Client does not have permissions to send as this sender (in reply to end of DATA command))
Office 365 requires that the sending address in the MAIL FROM and From: header be the same as the address used to authenticate. I have tried everything I can think of in the config to get this working. My postconf -n:
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
debug_peer_list = 127.0.0.1
inet_interfaces = loopback-only
inet_protocols = all
mailbox_size_limit = 0
mydestination = xxxxx, localhost.localdomain, localhost
myhostname = localhost
mynetworks = 127.0.0.0/8
recipient_delimiter = +
relay_domains = our.doamin
relayhost = [pod51010.outlook.com]:587
sender_canonical_classes = envelope_sender
sender_canonical_maps = hash:/etc/postfix/sender_canonical
smtp_always_send_ehlo = yes
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
/etc/postfix/sender_canonical:
www-data [email protected]
root [email protected]
www-data@localhost [email protected]
root@localhost [email protected]
Also, sasl_passwd is set to the correct credentials (tested them using swaks multiple times.) Authentication works, and sends the message when the from headers are correct (also tested using swaks, which works)
The emails are coming from PHP, so I have also tried altering the sendmail path in php.ini to use pass the correct from address via -f
So, for some reason, mail coming from www-data and root are not having the from fields rewritten to Office 365's satisfaction, and it won't send the message.
Any postfix gurus out there that can help me setup this relay?
We have a network where, due to a SaaS piece that is used to manage the school, we cannot allow Firefox to update until the SaaS piece notifies us that they support the newest version.
This mean that, unfortunately, we have had to block Firefox updates until we get that notification, at which point we unblock them, update everyone, etc.
What I was wondering is if there is any way to have Firefox check an updates.xml file on out servers instead of Mozilla's, and only go get the updates that we have cleared.
I know that, obviously, this won't stop a user from downloading the latest version if they want to, but that isn't a concern here...it just that, every time the "Please Update Your Firefox" message pops up because Mozilla is wanting to push an update.;..we get a bunch of service requests, because people try to update and it fails. Any ideas?
I have a client who is using Windows Server 2008 (Small Business Server), and using Windows Backup.
What I need to do is configure the backup task so that, upon completion, it sends an email notifying the client of backup success or failure. I have been able to find that task in task scheduler, and even see where I can send an email...but I cannot find a way to make the content of the email different based on success or failure of the backup. How might I do this?