Re: [Samba] How Is Administrator Treated?
Les Bell [EMAIL PROTECTED] wrote: First: I created an Administrator account in Linux, and it wound up (here) with a UID/GID of 604. That's just an ordinary user ID, so what makes it special as far as the domain is concerned? Should the Administrator account have a UID/GID of 0? If I try to run USRMGR.EXE or SRVMGR.EXE I can see things, but can't change them (Access is denied). OK, let me answer my own question, here: I already had admin users = les,root, but I've tidied up and now have: domain admin group = $smbadmins admin users = @smbadmins with Administrator and myself (slack, I know) as members of the group smbadmins. Having root in there probably wasn't a bright idea. . . I still have trouble with USRMGR.EXE, though. Whenever I try to edit a user's information, when I click on OK, I get The group name could not be found. Now, I'm assuming that Domain Users is faked internally to Samba and all users are in it, but shouldn't Samba find any other groups, such as the user's primary group in the Red Hat user private group scheme? My other problem concerns an inability to add or edit registry entries (specifically IE proxy settings) on a workstation when logged in as domain administrator. I'm pretty sure that involves SID's somehow. . . . [Apologies in advance for the incorrect threading my MUA produces; I'm experimenting with multiple email accounts and some other tricks here]. Best, --- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA 3.0.4 + LDAP + usrmgr
Umberto Zanatta schrieb: I've upgrade to Samba 3.0.4 a System wich it's running SLES 8. The System is working with LDAP and smbldap-tools 0.8.4 for managing users and groups. I'd like to manage the user and group with usrmgr.exe running into a Windows 2000. When I tried adding new user the programs didn't work and it's reported an error. The log system running in the PDC [SLES 8], reporting: smbd[18795]: init_ldap_from_sam: Setting entry for user: ccc slapd[26365]: = bdb_dn2id_add: put failed: DB_KEYEXIST: Key/data pair already exists -30996 smbd[18795]: [2004/05/19 12:11:01, 1] passdb/pdb_ldap.c: ldapsam_modify_entry(1312) smbd[18795]: ldapsam_modify_entry: Failed add user dn= uid=xx, ou=People,o=PROVTV with: Already exists smbd[18795]: ldapsam_add_sam_account: failed to modify/add user with uid = ccc (dn = uid=ccc,ou=People,o=PROVTV) smbd[18795]: could not add user/computer ccc to passdb. Check permissions? The user has never been add before. Whent I've tried adding a new group the program did. The Administrator user is Administrator with uid=0 and gid=512; the user root isn't in ldap tree but in the passwd file. Samba's working with admin ldap user for managing ldap [ldap admin dn]. add machine script = /var/lib/samba/scripts/smbldap-useradd -w %u add user script = /var/lib/samba/scripts/smbldap-useradd -s /bin/ false -d /dev/null %u delete user script = /var/lib/samba/scripts/smbldap-userdel %u add user to group script = /var/lib/samba/scripts/smbldap-groupmod - m %u %g delete user from group script = /var/lib/samba/scripts/smbldap- groupmod -x %u %g add group script = /var/lib/samba/scripts/smbldap-groupadd -p %g delete group script = /var/lib/samba/scripts/smbldap-groupdel %g set primary group script = /var/lib/samba/scripts/smbldap-usermod -g %g %u Any idea? Hi, you have to copy the script in /usr/local/sbin/ cause this is hardcoded in them use this passdb backend = ldapsam:ldap://127.0.0.1/; ldap admin dn = cn=Manager,dc=example,dc=local ldap suffix = dc=example,dc=local ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users ldap ssl = no add user script = /usr/local/sbin/smbldap-useradd.pl -a -m -P %u ldap delete dn = Yes delete user script = /usr/local/sbin/smbldap-userdel.pl -r %u add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u add group script = /usr/local/sbin/smbldap-groupadd.pl -p %g delete group script = /usr/local/sbin/smbldap-groupdel.pl %g add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod.pl -g %g %u passwd program = /usr/local/sbin/smbldap-passwd.pl %u Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA 3.0.4 + LDAP + usrmgr
Le Thu, May 20, 2004 at 08:55:59AM +0200, RRuegner a ecrit: add machine script = /var/lib/samba/scripts/smbldap-useradd -w %u you have to copy the script in /usr/local/sbin/ cause this is hardcoded in them use this add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u Things that are hardcoded in the script are . in smbldap-passwd: the path to slappasswd . in smbldap-useradd, smbldap_tools.pm: the script to nscd init script . in smbldap_tools.pm: the path to configuration files (in /etc/smbldap-tools/) The one to take care is the last one, because if configuration's files are not in /etc/smbldap-tools/, all scripts will failed. -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA 3.0.4 + LDAP + usrmgr
Hi, all that's working fine if I'm using by command line; but If I try to run them by usermgr.exe only the script add user script doesn't work! The system does: bdb_dn2id_add: put failed: DB_KEYEXIST: Key/data pair already exists -30996 could not add user/computer prova154 to passdb. Check permissions? I've tried add -P, -a before %u in the smbldap-useradd but it does nothing, same result, same error. Of course, the script for add machine account's working! It sounds like a bug in samba 3.0.4... Thanx a lot. Regards, Il gio, 2004-05-20 alle 09:17, Jrme Tournier ha scritto: Le Thu, May 20, 2004 at 08:55:59AM +0200, RRuegner a ecrit: add machine script = /var/lib/samba/scripts/smbldap-useradd -w %u you have to copy the script in /usr/local/sbin/ cause this is hardcoded in them use this add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u Things that are hardcoded in the script are . in smbldap-passwd: the path to slappasswd . in smbldap-useradd, smbldap_tools.pm: the script to nscd init script . in smbldap_tools.pm: the path to configuration files (in /etc/smbldap-tools/) The one to take care is the last one, because if configuration's files are not in /etc/smbldap-tools/, all scripts will failed. -- Jrme ___ Umberto Zanatta linuxDidattica tel: +39 (335) 54 71 385 email: [EMAIL PROTECTED] web: http://linuxdidattica.org ___ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Invitation to Montenegro and Sweden vip/ka
Dear Dr. Samba, This is an invitation for you to attend two IPSI BgD multidisciplinary and interdisciplinary conferences, one in Montenegro, and one in Sweden, as follows: Sveti Stefan, MONTENEGRO (arrival: 2.10.2004. departure 9.10.2004.) Keynote: Dr. de Gennes, Nobel Laureate, France Deadlines: May 31 2004 (abstract) + June 30 2004 (full paper) Stockholm, SWEDEN (arrival: 24.9.2004. departure: 26.9.2004.) Deadlines: May 31 2004 (abstract) + June 30 2004 (full paper). Keynote: Dr. Dino Karabeg, University of Oslo, Norway If you like to obtain more information on both conferences, please reply to this email. All IPSI BgD conferences are non-profit! They take place in the leading hotels of the world, and are aimed at bringing together the elite of the world science. Topics of interest include, but are not limited to: Internet, Computer Science and Engineering, Management and Business Administration, Education, e-Medicine, Electrical Engineering, Bioengineering, Environment Protection, and e-Economy. Sincerely Yours, Prof. Veljko Milutinovic, Chairman PS - If you plan to submit an abstract/paper, let us know immediately. If you are not able to attend now, but you like to be informed about the future IPSI BgD conferences, please let us know. If you do not like to receive future invitations, let us know, as well! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Still struggling with clock skew
Hi, Porblem 1 ok this time i have checked every thing still it is giving me this same error. [EMAIL PROTECTED] root]# kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: kinit(v5): Clock skew too great while getting initial credentials can any one tell me how to enable NTP on a windows domain controller cause when i run the command ntpdate [EMAIL PROTECTED] root]# ntpdate 10.10.11.1 20 May 14:03:21 ntpdate[2579]: no server suitable for synchronization found where 10.10.11.1 is the IP of my AD domain controller. Problem 2 surprisingly the net ads join -U administrator%password command is working and the system is joined to the domain. i can see it in the active directory computers section. but now when i try to access it by giving its IP or name in the windows explorer it gives me this error \\niit125 Connect As junaid passwordpassword \\niit125 is not accessible Configuration information could not be reached from the domain controller , either because the machine is unavailable , or accees has been denied. now i know the machine is on cause the ping is replying. so why is the access being denied.? is it cause of some setting on the domain controller or because of the kerberos problem = Sahibzada Junaid Noor Ph # (+92) (051) 5950 940 Cell # (+92) (0333) 5223586 Qazi plaza,Third Floor,Commerical Market,Chaklala Scheme 3, Rawalpindi Islamic Republic of Pakistan __ Do you Yahoo!? Yahoo! Domains Claim yours for only $14.70/year http://smallbusiness.promotions.yahoo.com/offer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Clock skew and net ads join problem
Sahibzada Junaid Noor wrote: HI, when i try to execute the kinit command on my Red hat 9 system with samba 3 i get the following error [EMAIL PROTECTED] root]# kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: kinit(v5): Clock skew too great while getting initial credentials so how do i solve the clock skew problem cause i have checked the time on both of them it is the same. the net ads join command doesnt give any error but i still see nothing in the active directory computers list also should the smbd, nmbd and winbind be running when i am running the commands kinit and net ads join? here is the global section of my smb.conf workgroup = MYGROUP server string = Samba Server printcap name = /etc/printcap load printers = yes log file = /var/log/samba/smbd.log max log size = 50 realm = NIIT.EDU.PK security = ADS password server = 10.10.11.1(IP of the machine running Active directory) encrypt passwords = yes dns proxy = no And here is my krb5.conf. [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = NIIT.EDU.PK dns_lookup_realm = false dns_lookup_kdc = false forwardable = true default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc [realms] NIIT.EDU.PK = { kdc = mnsvr.niit.edu.pk:88 admin_server = mnsvr.niit.edu.pk:749 default_domain = niit.edu.pk } [domain_realm] .niit.edu.com = NIIT.EDU.PK niit.edu.pk = NIIT.EDU.PK [kdc] profile = /var/kerberos/krb5kdc/kdc.conf afs_salt = NIIT.EDU.PK [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } plz help me with the skew problem cause i have checked the time on both linux and domain controllers they are the same. also the net ads join command doesnt give any error but still i cannot see the machine in the AD computers list. and should the three samba daemons be running when i execute the kinit and net ads join commands? = Sahibzada Junaid Noor Ph # (+92) (051) 5950 940 Cell # (+92) (0333) 5223586 Qazi plaza,Third Floor,Commerical Market,Chaklala Scheme 3, Rawalpindi Islamic Republic of Pakistan Have you verified the timezones are identical and that one isn't set to PM while the other is AM? In my experience the only times I've received errors of this kind, either in Windows or from kerberos is when the timezones are set incorrectly or I had accidently set the clock to AM or PM when it should have been the other. Also, are you using some sort of time sychronization (NTP preferably)? Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.4 domain woes
G'day: Folks, I'm at my wits end trying to join a WIN XP Professional client to a samba 3.0.4 domain running on Slackware 9.1. I haven't used windows since Win 95 days and am not up to speed with it at all. Also, i've tried the O'Reilly Using Samba book (2nd edition), read the samba docs, and browsed the mailing lists but there is so much information I'm even more bamboozled than ever. I have some questions I hope someone might shed some light on for me: - Does pdbedit completely replace smbpasswd as an account creation tool? - Can I forget about mksmbpasswd.sh now? It doesn't appear to be included now anyway. - If i do away with WINS, lmhosts and broadcasts and go the DNS route, do I also need LDAP and Kerberos etc (the whole Active Directory show)? I get errors when trying to use DNS to resolve names, I know why (DNS SRV records), but I don't know if just adding those records will solve the problem without also doing LDAP and Kerberos. I have samba 3.0.4 set up and running. I can connect, authenticate and see shares locally from the server. I could also see the server name (NOT the domain name) from Win XP client using 'net view' for a while. I could never login in to the domain, and now Win XP is telling me the domain is unavailable. I've been at this for days (samba 3.0.3 on RedHat previously), with the samba server's availability, logging in and available shares all seemingly coming and going at random. I have valid user accounts, machine accounts, everything looks OK, but samba just won't do domains at all. Mick -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Renaming machine name
Jean-Rene Cormier wrote: Hi, I had to rename a machine name today because someone used the same name on two computers. I just added a random character to the machine name and I thought that since I have the idealx script setup to auto-create machines accounts it would add it automatically but it didn't so I had to get the computer out of the domain and rejoin it with it's new machine name so it would add it automatically. Is this a bug or is that how it's supposed to work? Jean-Rene Cormier This works the same way in Windows domains and is a feature/issue with the way Windows clients handle domain membership. You cannot rename a machine in Windows w/o breaking it's domain membership w/o first removing the machine from the domain, renaming the machine, rebooting, and then rejoining the machine to the domain under the new name. Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] xbox accessing samba shares
Hi, I was just reading your post: I've got a network running XP, 98SE, a Xbox and linux running Samba 2.2.8a (most of the time all together). in the windows neighbourhood, everything is fine, every one see each other and right shares. Here is my problem : I'm running XBMP on the Xbox, which is capable to access SBM shares to play video and music. But when I'm watching a video located on my linux box, the streaming stops (and the console crashes) after exactly 8 minutes. It's only the case with my linux box. My important samba settings are, IMO : security = share encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 and no passwd file (the line smb passwd file = /etc/samba/private/smbpasswd is commented) the log produces regularly this line (with loglevel 3): nmbd/nmbd_responserecordsdb.c:find_response_record(235) find_response_record: response packet id 23310 received with no matching record. what is the problem ? I was wondering if you have solved the problem yet, because I get the same thing. If so, please describe your solution. Thanks Jonathan Cerrone -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Contradiction in samba documentation
Sahibzada Junaid Noor wrote: Hi, I have found some contradictions in the samba documentation. i am writing them down here so if you can please verify them. in heading 4.3.3 of the documentation it says When samba is operating in security = domain mode , the samba server has a domain security trust account ( a machine account) and causes all authentication requests to be passed through to the domain controllers. ok this means the windows domain controller is going to do the authentication, authorizing stuff. now look here under heading 7.3 there is a note which says when samba is configured to use an LDAP , or other indentity management and or directory service , it is samba that continues to perform user and machine authentication. it should be noted that the LDAP server does not perform authentication handling in place of what samba is designed to do now what does this means? according to 4.3.3 samba sends all authentication requests to the windows AD. in 7.3 it says that it doesnt send requests at all. then why will it use an LDAP backend? plz comment on this. = Sahibzada Junaid Noor Ph # (+92) (051) 5950 940 Cell # (+92) (0333) 5223586 Qazi plaza,Third Floor,Commerical Market,Chaklala Scheme 3, Rawalpindi Islamic Republic of Pakistan I didn't lookup the documentation you're referring to, but to answer your question, LDAP authentication would not be performed in security = domain. Security = domain is designed to allow your Samba server to authenticate against a Windows NT4 controlled domain (for Active Directory see security = ads, and for all options, please see the smb.conf manpage). Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL Problems
Mike Sullivan wrote: Nathan I have configured with the following flags. ./configure --with-winbind --with-acl-support --with-pam --with-smbmount --w ith-ads and the OS definately supports ACLs as I can add domain users via the setfacl command. Even when I add an ACL entry via this method the security tab on the PDC will not display anything other than the owner/group/Everyone permissions. I get permission denied when I try to add an ACL entry via the PDC gui tool. Mike What OS / distribution are you running? You do have the headers (devel package) installed for ACL's right? Have you checked the output of configure to make sure it's picking up ACL support? You can send me the output of configure off-list if you like (although I don't guarantee a quick response :). Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP slow access to network places shortcut?
samba wrote: No, I did not. According to this google search it may speed up network browsing: http://www.theeldergeek.com/webclient.htm Well, I just set it on my box here, and I am still having the slow network browsing. I still think it has something to do with the way I'm logging in. Since guest is the default in XP i have to put user name in the path: \\fileserver\share\passprotectedshare%user and then enter in password, even though login says guest, that method tricks XP into thinking that user is logging in and not guest. My thoughts are unbased, but I have a hunch. Opinions? Anyone have experience with disabling this or leaving it enabled and seeing a difference? Just curious. Actually, extremely curious! Just for giggles, open up this file share with the Folders toolbar disabled (i.e. My Computer instead of Windows Explorer, although they're identical in 2000 Up, just open up different toolbars by default) and tell me if opening the share still takes the same amount of time. Often times, enumerating the workgroup/domain computers in the Folders list at the left is what slows network performance down considerably. Also, try and map a drive to the share and see if performance there is slow as well. Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] problems with rpcclient, adddriver
I have a problem using rpcclient with adddriver command. I want to upload the printer drivers on my server and clients (win xp and 98) to download them from print$ share. I tried first with windows printer driver - installed the printer locally, samba server took the files and deposited them in print$ share but the problem was when I wanted to actually install the driver on the server. Adddriver command creats the 0 directory (for win 98) but the result is: ´result was DOS code 0x0013´ and the driver is not created. I tried then with ADOBE drivers -stored the files in print$/WIN40 on my samba server and addprinter command returned the same error, ´result was DOS code 0x0013´. Google-ing gave 3 results, all 3 only asking for help, no answer... Does anyone have a clue on this? Thank you, Adina __ Do you Yahoo!? Yahoo! Domains Claim yours for only $14.70/year http://smallbusiness.promotions.yahoo.com/offer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] MS Patch MS04-011 Samba upgrade
If I have a Samba server that is part of a Windows 2000 domain and is not a domain controller (all of our authentication goes against a Windows 2000 box), do I need to upgrade to 3.0.4/2.2.9? What is the interaction between a Samba server that is part of a domain and the Windows client if all of the authentication is being done against a Windows 2000 PDC? Mike Auleta Boeing IDS, Philadelphia 610-591-3916 Who's the more foolish, the fool or the fool who's following him? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] MS Patch MS04-011 Samba upgrade
You should run winbind which does the right authentication for you; Winbind maps the Windows Account to unix accounts, you have to add winbind in nsswitch.conf. Samba 3.0.4 can join with a ADS [Active directory]. All that's found in samba documentation: http://us1.samba.org/samba/docs/man/howto/ regards. Il gio, 2004-05-20 alle 13:40, EXT-Auleta, Michael ha scritto: If I have a Samba server that is part of a Windows 2000 domain and is not a domain controller (all of our authentication goes against a Windows 2000 box), do I need to upgrade to 3.0.4/2.2.9? What is the interaction between a Samba server that is part of a domain and the Windows client if all of the authentication is being done against a Windows 2000 PDC? Mike Auleta Boeing IDS, Philadelphia 610-591-3916 Who's the more foolish, the fool or the fool who's following him? ___ Umberto Zanatta linuxDidattica tel: +39 (335) 54 71 385 email: [EMAIL PROTECTED] web: http://linuxdidattica.org ___ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How Is Administrator Treated?
Les, On the UNIX system addition/change of user accounts requires UID=0. If you want your Administrator to be able to manage user accounts UID=0 is a must. Also, the RID for Administrator must be 500 for the account to have admin privileges in Windows. If you are using and LDAP backend it is imperative that all UIDs and RIDs must be unambiguous. So if you have a root account and an Administrator account - you have introduced ambiguity. It is best to use the 'root' account in place of the NT Administrator. Just make sure that the RID for the root account is 500. - John T. --- John H Terpstra Samba-Team email: [EMAIL PROTECTED] Original Message Subject: [Samba] How Is Administrator Treated? From: Les Bell [EMAIL PROTECTED] Date: Wed, May 19, 2004 9:34 pm To: [EMAIL PROTECTED] I have a couple of Samba 2.2 servers, in different locations, configured as NT Domain Controllers, but I'm experiencing some problems with logging on to the domains as Administrator in order to perform some administration tasks, such as configuring antivirus software on workstations. I won't go into the details here; I think the basic problem is my lack of understanding of how the Administrator account is treated. Ordinary user accounts work fine as far as I can see, but then, ordinary users shouldn't be able to do a bunch of things, anyway. First: I created an Administrator account in Linux, and it wound up (here) with a UID/GID of 604. That's just an ordinary user ID, so what makes it special as far as the domain is concerned? Should the Administrator account have a UID/GID of 0? If I try to run USRMGR.EXE or SRVMGR.EXE I can see things, but can't change them (Access is denied). Second, what about Windows SID's? Administrator should be S-1-5-domain-500; but if I log on as Administrator at an NT or Win2K workstation and look in the registry, I can't see that SID in HKEY_USERS. How is this set up in the Adminstrator account profile (roaming profiles are in use)? I'm pretty sure that once I grok this stuff all the other minor system management problems will fall into place. Thanks in advance for any responses. Best, --- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How Is Administrator Treated?
What do it mens? I've the same problem; smbldap-tools made sambaSid for Administrator like: S-1-5-21-x-2996 I have to change it to 500? I have root acccount in passwd file and Administrator account in ldap tree with uid=0; does it a misunderstand? regards; Il gio, 2004-05-20 alle 14:05, John H Terpstra ha scritto: Les, On the UNIX system addition/change of user accounts requires UID=0. If you want your Administrator to be able to manage user accounts UID=0 is a must. Also, the RID for Administrator must be 500 for the account to have admin privileges in Windows. If you are using and LDAP backend it is imperative that all UIDs and RIDs must be unambiguous. So if you have a root account and an Administrator account - you have introduced ambiguity. It is best to use the 'root' account in place of the NT Administrator. Just make sure that the RID for the root account is 500. - John T. --- John H Terpstra Samba-Team email: [EMAIL PROTECTED] Original Message Subject: [Samba] How Is Administrator Treated? From: Les Bell [EMAIL PROTECTED] Date: Wed, May 19, 2004 9:34 pm To: [EMAIL PROTECTED] I have a couple of Samba 2.2 servers, in different locations, configured as NT Domain Controllers, but I'm experiencing some problems with logging on to the domains as Administrator in order to perform some administration tasks, such as configuring antivirus software on workstations. I won't go into the details here; I think the basic problem is my lack of understanding of how the Administrator account is treated. Ordinary user accounts work fine as far as I can see, but then, ordinary users shouldn't be able to do a bunch of things, anyway. First: I created an Administrator account in Linux, and it wound up (here) with a UID/GID of 604. That's just an ordinary user ID, so what makes it special as far as the domain is concerned? Should the Administrator account have a UID/GID of 0? If I try to run USRMGR.EXE or SRVMGR.EXE I can see things, but can't change them (Access is denied). Second, what about Windows SID's? Administrator should be S-1-5-domain-500; but if I log on as Administrator at an NT or Win2K workstation and look in the registry, I can't see that SID in HKEY_USERS. How is this set up in the Adminstrator account profile (roaming profiles are in use)? I'm pretty sure that once I grok this stuff all the other minor system management problems will fall into place. Thanks in advance for any responses. Best, --- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ___ Umberto Zanatta linuxDidattica tel: +39 (335) 54 71 385 email: [EMAIL PROTECTED] web: http://linuxdidattica.org ___ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Connecting to Windows 2003
Hi All, My apologies if this is an inappropriate place to post my query. I am trying to connect to a Windows 2003 shared folder from a RH9 using samba2.2.9 and always get access denied errors. However, my RH9 with samba2.2.9 box does connect to shared folders on a Win2K box. Could you help? I have tried installing samba3.0.4 but get core dump errors while installing. Any advice you could offer would be gratefully received. Thanks, Mike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Compile errors 3.0.4 solaris 8
I had sent this email earlier and received no responses. Hopefully I am not being repetitive. This is the first time I have used the list. I will send it again. Since the message was sent I removed all the software I have installed and re-installed it to no avail. I don't know if the compile problems are the root cause or its just the Windows folks (within my org) are not playing nice, however the end result is that I cannot join/register my Samba server as a client to our windows AD server. I do have 3.0.1 running on a different host and joined to an NT4.0 domain (which is going away soon) I am trying to get a new compile of 3.0.4 running with AD. am getting a few compile errors when trying to compile Samba samba-3.0.4. LDFLAGS=-L/usr/local/lib/gcc/sparc-sun-solaris2.8/3.4.0 LD_LIBRARY_PATH=/usr/local/lib:/usr/local/include:/usr/local/BerkeleyDB.4.2/lib (I have tried gcc 3.3.2 and 3.4.0 also installed libnet-1.0.2, libpng-1.2.4, libtool-1.5, make-3.80, automake-1.5, autoconf-2.59, openldap-stable-20040421, krb5-1.3.3, db-4.2.52) ./configure --prefix=/apps_failover/samba \ --exec-prefix=/apps_failover/samba \ --with-readline=/usr/local/include \ --with-libiconv=/usr/local/include \ --with-smbwrapper \ --with-dce-dfs \ --with-krb5=/usr/local checking for gcc... gcc checking for C compiler default output... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking how to run the C preprocessor... gcc -E checking for a BSD-compatible install... ./install-sh -c checking for gawk... no checking for mawk... no checking for nawk... nawk checking for perl... /usr/bin/perl checking for ar... ar checking if the linker (ld) is GNU ld... no checking for library containing strerror... none required checking whether gcc and cc understand -c and -o together... yes checking that the C compiler understands -Werror... yes checking that the C compiler understands volatile... yes checking uname -s... SunOS checking uname -r... 5.8 checking uname -m... sun4u checking uname -p... sparc checking build system type... sparc-sun-solaris2.8 checking host system type... sparc-sun-solaris2.8 checking target system type... sparc-sun-solaris2.8 checking config.cache system type... same enabling large file support checking for gcc option to accept ANSI C... none needed checking for inline... inline ... checking for memory.h... (cached) yes checking net/if.h usability... no checking net/if.h presence... yes configure: WARNING: net/if.h: present but cannot be compiled configure: WARNING: net/if.h: check for missing prerequisite headers? configure: WARNING: net/if.h: proceeding with the preprocessor's result checking for net/if.h... yes checking rpc/rpc.h usability... yes ... (It seems that it repets itself) checking for limits.h... yes checking for memory.h... (cached) yes checking net/if.h usability... no checking net/if.h presence... yes configure: WARNING: net/if.h: present but cannot be compiled configure: WARNING: net/if.h: check for missing prerequisite headers? configure: WARNING: net/if.h: proceeding with the preprocessor's result checking for net/if.h... yes ... checking security/pam_modules.h usability... no checking security/pam_modules.h presence... yes configure: WARNING: security/pam_modules.h: present but cannot be compiled configure: WARNING: security/pam_modules.h: check for missing prerequisite headers? configure: WARNING: security/pam_modules.h: proceeding with the preprocessor's result checking for security/pam_modules.h... yes checking security/_pam_macros.h usability... no checking security/_pam_macros.h presence... no ... checking for shadow.h... yes checking netinet/ip.h usability... no checking netinet/ip.h presence... yes configure: WARNING: netinet/ip.h: present but cannot be compiled configure: WARNING: netinet/ip.h: check for missing prerequisite headers? configure: WARNING: netinet/ip.h: proceeding with the preprocessor's result checking for netinet/ip.h... yes checking netinet/tcp.h usability... yes ... the first listed failed program is as follows: configure:2247: gcc -c -g -O2 conftest.c 5 conftest.c:2: error: parse error before me configure:2250: $? = 1 configure: failed program was: #ifndef __cplusplus choke me #endif configure:2368: checking how to run the C preprocessor configure:2394: gcc -E conftest.c configure:2400: $? = 0 configure:2427: gcc -E conftest.c configure:2423:28: ac_nonexistent.h: No such file or directory configure:2433: $? = 1 configure: failed program was: #line 2422 configure #include confdefs.h #include ac_nonexistent.h configure:2470: result: gcc -E configure:2485: gcc -E conftest. Where I think the problem may be configure:4730: checking for stdint.h
Re: [Samba] connecting to a win2003 share from a samba in a domain
On Wed, 2004-05-19 at 20:46, lorenzo wrote: hello everybody. I am trying to connect to a windows 2003 server in a domain environment (active directory) from a samba box. The samba server successfully joined the domain, but when I try even to list the shares it gives me a sad tree connect failed: NT_STATUS_ACCESS_DENIED problem solved. I upgraded to samba 3 and things work fine. They had to accept the upgrade, otherwise no backup would be done :) thanks to everybody who suggested me this behavior. Best regards, -- :lorenzo Mantova Unix User Group founder http://www.muug.it/k signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem Rebuilding 3.0.4 RPMS For Fedora ia64
When rebuilding from the source rpms on ia64 on Fedora Core 1 with all updates I am getting the following error. - Processing files: samba-client-3.0.4-2 error: File not found: /var/tmp/samba-3.0.4-root/usr/lib64/samba/lowcase.dat error: File not found: /var/tmp/samba-3.0.4-root/usr/lib64/samba/upcase.dat error: File not found: /var/tmp/samba-3.0.4-root/usr/lib64/samba/valid.dat Processing files: samba-common-3.0.4-2 error: File not found by glob: /var/tmp/samba-3.0.4-root/usr/lib64/samba/charset/CP*.so Processing files: samba-swat-3.0.4-2 error: File not found by glob: /var/tmp/samba-3.0.4-root/usr/lib64/samba/*.msg Processing files: samba-debuginfo-3.0.4-2 Provides: CP437.so.debug()(64bit) CP850.so.debug()(64bit) audit.so.debug()(64bit) cap.so.debug()(64bit) default_quota.so.debug()(64bit) expand_msdfs.so.debug()(64bit) extd_audit.so.debug()(64bit) fake_perms.so.debug()(64bit) libnss_winbind.so.debug()(64bit) libnss_wins.so.debug()(64bit) libsmbclient.so.debug()(64bit) netatalk.so.debug()(64bit) pam_smbpass.so.debug()(64bit) pam_winbind.so.debug()(64bit) readonly.so.debug()(64bit) recycle.so.debug()(64bit) shadow_copy.so.debug()(64bit) Requires(rpmlib): rpmlib(CompressedFileNames) = 3.0.4-1 rpmlib(PayloadFilesHavePrefix) = 4.0-1 RPM build errors: File not found: /var/tmp/samba-3.0.4-root/usr/lib64/samba/vfs File not found: /var/tmp/samba-3.0.4-root/usr/lib64/samba/lowcase.dat File not found: /var/tmp/samba-3.0.4-root/usr/lib64/samba/upcase.dat File not found: /var/tmp/samba-3.0.4-root/usr/lib64/samba/valid.dat File not found by glob: /var/tmp/samba-3.0.4-root/usr/lib64/samba/charset/CP*.so File not found by glob: /var/tmp/samba-3.0.4-root/usr/lib64/samba/*.msg -- This builds fine on my Fedora Core 1 i386 system so I am thinking it has something to do with the building just on ia64 platforms. Any help would be greatly appreciated. - Nick Edens Checker Distributors 400-B W. Dussel Maumee, OH 43537 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Can't reset password from windows 2000, or from the samba pdc. Error from samba pdc: machine127.0.0.1 rejected the password change: Error was : RAP86:The specified password is invalid.
Salim, Yes I do have permission to run the passwd command as a local user, I can change the unix password just fine. It is when I do the smbpasswd command that that error comes up. Thanks for looking at this! Tony --- Salim Zakharia [EMAIL PROTECTED] wrote: Try to check if users have permission to run: /usr/bin/passwd let user try to change his password locally on system and check if it works. Regards -- Salim Zakharia Sr. Systems Engineer, BE computer Engineer MDS Systems Integration Mobile : +971 50 4453631 Office : +971 2 6262900 Fax :+971 2 6262455 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of big toe Sent: Wednesday, May 19, 2004 11:34 PM To: [EMAIL PROTECTED] Subject: [Samba] Can't reset password from windows 2000,or from the samba pdc. Error from samba pdc: machine127.0.0.1 rejected the password change: Error was : RAP86:The specified password is invalid. I have a samba pdc running 3.0.4. I have users logging into the profile server and wanting to change there password. However when they try to change the password it asks them for the old and new password but says they do not have permission to change the password. I can change the password for them when I log into the pdc as root but when I try to do it as user it gives the error: machine 127.0.0.1 rejected the password change: Error was : RAP86: The specified password is invalid. Looking at the log file for that machine the error messages are as follows: [2004/05/19 08:46:36, 0] auth/pampass.c:smb_pam_chauthtok(692) PAM: UNKNOWN PAM ERROR (19) for User: tony [2004/05/19 08:46:36, 2] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: Password Change Failed : Conversation error [2004/05/19 08:46:36, 0] auth/pampass.c:smb_pam_passchange(848) smb_pam_passchange: PAM: Password Change Failed for user tony! My redhat 9.0 box is running samba 3.0.4 and the workstations are all windows 2000 pro boxes. I have looked in google and no one seems to know the cause or solution to this problem. Here is my smb.conf file: [global] ;basic server settings workgroup = workgroup netbios name = name server string = Samba PDC running %v socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 ;PDC and master browser settings os level = 64 preferred master = yes local master = yes domain master = yes wins support = yes domain logons = yes ;security and logging settings security = user encrypt passwords = yes log file = /var/log/samba/log.%m log level = 2 max log size = 50 hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0 add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u ;sync UNIX passwords smb passwd file = /etc/samba/smbpasswd # pam password change = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* passwd chat debug = yes Any help on this would be very appreciative!!! Thanks in advance. Regards, Tony __ Do you Yahoo!? SBC Yahoo! - Internet access at a great low price. http://promo.yahoo.com/sbc/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba # This e-mail message has been scanned for Viruses and Content and cleared by NetIQ MailMarshal # __ Do you Yahoo!? Yahoo! Domains Claim yours for only $14.70/year http://smallbusiness.promotions.yahoo.com/offer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows Explorer - Samba Listing beside each Mapped Drive
OS Redhat Enterprise 3.0 Samba 3.0.2-6.3E In explorer the comment 'Samba 3.0.2-6.3E' is listed beside each mapped drive. How do I eliminate this comment? Thanks Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Windows Explorer - Samba Listing beside each Mapped D rive
Edit you smb.conf file. In RedHat I believe this is located in /etc/samba/smb.conf Look for the line you want to get rid of and fill it in with what ever you want. Its just a description field. Jack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Terry L. Eleiott Sent: Thursday, May 20, 2004 10:09 AM To: [EMAIL PROTECTED] Subject: [Samba] Windows Explorer - Samba Listing beside each Mapped Drive OS Redhat Enterprise 3.0 Samba 3.0.2-6.3E In explorer the comment 'Samba 3.0.2-6.3E' is listed beside each mapped drive. How do I eliminate this comment? Thanks Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba does not respect winbind use default domain - winbind only mailling list
I wonder if this is the right forum but would like to make a suggestion. I use winbind on solaris to authenticate users for other services, like pop3. For this purpose I need to have winbind use default domain option in smb.conf and smb.conf.winbind (one for winbind only). But samba doesn't respect this in smb.conf, and insists on using default separator ('\'). In lib/username.c's user_in_list, the winbind use default domain case doesn't seem to be taken care of... Log shows checking user |mydomain\myuser| against |myuser|. I found that if I put winbind separator = + in smb.conf only, it is taken care of properly. But it would be more intuitive if samba also honored the winbind use default domain like other services. I wonder if it is be worth while to create a separate mailling list for winbind. I find many questions on the web, but no useful answers in general. Regards, Ben Kim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Problem upgrading to 3.0.4 and ArcServe
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas wrote: | On a related note, I'm surprised at the amount of people | being hit by this bug, since, to my understanting, it | only affects windows installations without strong cryptography | support, which means old service packs or none. I've looked into this some more and it could just be a different in the way that non-us windows servers operate. We only ask for AUTH_PIPE_SEAL in winbuindd' schannel code. All of my servers include the nonce for sealing in the verfier returned from the server as well. But apparently non-us servcers don't. The only way I could reproduce this was to use a unpatched 2k DC. But everyone of the people who reported this bug (that I can remember) where outside the US. Go figure cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFArMq/IR7qMdg1EfYRAoKkAKD0gd+5CnNMeED/1/YtxLUkxgI0vACghEFw aH3gViDVWhpp6r/0lfYP+lE= =qSFL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] nmbd - is it running or not...?
Hi, I've just started setting Samba up so I'm at quite an elementary stage! I'm using Samba 2.2.8a on a Solaris 7 server. I can connect to Samba ok when using localhost from the console. However when I try and use DOS from a Win95 test machine I get a message saying the computer name was not recognised. This points to the nameserver not running (I'm using nmbd provided with Samba suite for the nameserver). The SWAT console says that smbd is running and that nmbd is not. However if I use the ps -ef command to check the processes on the system I get several instances of nmbd running (maybe 30) and one instance of smbd. I've set both of them running as daemons using ./smbd -D start and ./nmbd -D start respectively Can anyone see what I'm doing wrong - like I said I'm basically a newbie on Samba. My config file is just at a basic test stage (I've tried different things for the workgroup variable): [global] # workgroup = home netbios name = marianet encrypt passwords = no [homes] path = /home guest ok = no read only = no [share] path = /share comment = Solaris share guest ok = yes read only = no browseable = yes Any ideas, thoughts, comments, suggestions and pointers will be much appreciated! Thanks, Adam. -- Adam Buglass, The Golden Freeway, Department of Child Health, University of Newcastle-upon-Tyne. Royal Victoria Infirmary. (0191) 2023062 Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote. ~Benjamin Franklin, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Building Samba with cups
Richard Harke wrote: I've downloaded samba-3.0.3 source and now am trying to build. I need cups support but I don't understand what to put on the command line when I run configure. I have --enable-cups put that is not enough. It seems to want CUPS_CONFIG to be the path to an executable. But what executable?? And is CUPS_CONFIG given on the command line or should it be an environment variable. (Note: cups is installed and running on the system. SuSE 8.1 with kernel 2.4.19) Richard Harke You need to have the libcups2-devel package installed. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Re: [Samba] Windows XP slow access to network places shortcut?
Clint, I did disable the folders view and it was still extremely slow. However, when I mapped it, the speed was amazing! It was as if I was browsing through my local c: drive. Arrrgggh. Now, my question is, What does mapping do that is so different from a shortcut in My Network Places? Any thoughts? Thanks to all for your time! Chris ---Original Message--- From: Clint Sharp [EMAIL PROTECTED] Subject: Re: [Samba] Windows XP slow access to network places shortcut? Sent: 20 May 2004 09:58:33 samba wrote: No, I did not. According to this google search it may speed up network browsing: http://www.theeldergeek.com/webclient.htm Well, I just set it on my box here, and I am still having the slow network browsing. I still think it has something to do with the way I'm logging in. Since guest is the default in XP i have to put user name in the path: \\fileserver\share\passprotectedshare%user and then enter in password, even though login says guest, that method tricks XP into thinking that user is logging in and not guest. My thoughts are unbased, but I have a hunch. Opinions? Anyone have experience with disabling this or leaving it enabled and seeing a difference? Just curious. Actually, extremely curious! Just for giggles, open up this file share with the Folders toolbar disabled (i.e. My Computer instead of Windows Explorer, although they're identical in 2000 Up, just open up different toolbars by default) and tell me if opening the share still takes the same amount of time. Often times, enumerating the workgroup/domain computers in the Folders list at the left is what slows network performance down considerably. Also, try and map a drive to the share and see if performance there is slow as well. Clint ---Original Message--- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] MS Patch MS04-011 Samba upgrade
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 EXT-Auleta, Michael wrote: | If I have a Samba server that is part of a Windows 2000 | domain and is not a domain controller (all of our | authentication goes against a Windows 2000 box), do | I need to upgrade to 3.0.4/2.2.9? What is the interaction | between a Samba server that is part of a domain and the | Windows client if all of the authentication is being | done against a Windows 2000 PDC? It is doubtful that this is an urgent upgrade for you. Unless you are supporting a loarge number of local user accounts on the Samba box. However, the patch for KN828741 apparently fixes a bug in the machine trust account password changing code as well. So its kind of up to you. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFArNZBIR7qMdg1EfYRAmM5AJ4uLu024SO/kEBSzakc0E8EHXxyGACgyB75 los/Nb07pfqEGf5K+VtsD5g= =Ei1m -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] use local users on domain member
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin Zielinski wrote: | Hello list. | | My samba 3.0.4 server is member of an NT domain. | Now I want to use local unix accounts (on this server) | as well as the domain accounts to authenticate users. | | It works, if I use smbclient -W netbios name of | the server but not when using win2k clients. The | client's name is mapped to the domain name and as a result the | sam backend doesn't even look at the password of the user. This will work: net use h: \\server\share /user:server\user or you could possibly use ~ auth methods = guest sam_ignoredomain winbind:ntdomain cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFArNbtIR7qMdg1EfYRAqpUAKCYl67MccfQgYLVPCi5DwbcqL6EwACdHBDS lWjHrLG5tPvLJNelDadMoLE= =XF3b -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sharing users home dirs for Win2003 and linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | | I've setup a linux box with winbind as a member in Win2003 AD and | everything works fine. | I want to share the Win2003 users home dirs with the linux box, i.e. | when a user logs into the linux box, after he's authenticated through | winbind, he should have his home dir from the Windows box, how can I do | that?? Using a CIFS share (especially CIFS without unix extensions) for a linux home directory is most likely not going to be the best option. It would be easier to use one Linux server to serve the home directories via NFS. | Obviously I have to use CIFS to mount the dirs, but how do I maintain | file and dirs ownerships and permissions?? If you are keeping the homes on the win2k3 box (which you should not assume will get you a working linux desktop - console logins work fine but most desktop environments made assumptions about the filesystems of the users home), this is no issue. You just ensure (ie via pam_mount) that the CIFS/smb share is mounted with the uid/gid of the user logging in (easy enough with a single configuration line for pam_mount). If you are using a unix server via NFS, you use the ldap idmap backend, and point all the winbind clients at the same LDAP server (with at least one having write access to it). Then, SID-uid/gui mappings will be consistent. Regards, Buchan - -- Buchan Milne Senior Support Technician Obsidian Systems http://www.obsidian.co.za B.EngRHCE (803004789010797) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFArNbkrJK6UGDSBKcRAnetAKCGijJNFYjk4MUQ0pI+Hs1rK+VqgQCfTLIy DdvT3Ri7waaSl3e6U7k8QLw= =9Im2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Re: [Samba] Windows XP slow access to network places shortcut?
Clint, I did disable the folders view and it was still extremely slow. However, when I mapped it, the speed was amazing! It was as if I was browsing through my local c: drive. Arrrgggh. Now, my question is, What does mapping do that is so different from a shortcut in My Network Places? Any thoughts? Thanks to all for your time! Hmmm. Do you remember how long the actual mapping process took? My guess is that it also took a while and then it was quick after that. This suggests to me that what you have is an authentication delay. Mapped drives authenticate once (when you map them). Other things (like browsing and using UNC paths) tend to re-authenticate every time you look at them. Note, that once you've authenticated to a server with a mapped drive, everything to do with that server will most likely get quicker too. Until you un-mapp the drive. So look over the autehntication (LDAP, smbpasswd, Domain Member etc, etc) in your setup. Just a hunch, Mac Assistant Systems Adminstrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP slow access to network places shortcut?
Mac wrote: Hmmm. Do you remember how long the actual mapping process took? My guess is that it also took a while and then it was quick after that. This suggests to me that what you have is an authentication delay. Mapped drives authenticate once (when you map them). Other things (like browsing and using UNC paths) tend to re-authenticate every time you look at them. Note, that once you've authenticated to a server with a mapped drive, everything to do with that server will most likely get quicker too. Until you un-mapp the drive. So look over the autehntication (LDAP, smbpasswd, Domain Member etc, etc) in your setup. Just a hunch, Mac Assistant Systems Adminstrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) I concur. Also, I've deleted the previous emails from this thread, but a copy of your smb.conf would help at this point. I still have a strong suspicious of a name resolution/browsing related problem as well which is slowing this down. Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows Explorer - Samba Listing beside each Mapped Drive
Terry L. Eleiott wrote: OS Redhat Enterprise 3.0 Samba 3.0.2-6.3E In explorer the comment 'Samba 3.0.2-6.3E' is listed beside each mapped drive. How do I eliminate this comment? Thanks Terry Set your server string to something different in your smb.conf. man smb.conf will help as well. Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] conflicting domain SIDS
I would like to migrate users into my Samba3 server. Problem is I have a sambaDomainSID that conflicts with my Windows domain SID. My backend is LDAP. I'm not sure what to delete so I can get my SambaDomainSid in sync with Windows domain SID and start migrating users. Thanks! TJ Cannot import users from LABOR at this time, as the current domain: DOL-ANC-SAMBA3: S-1-5-##--##- conflicts with the remote domain LABOR: S-1-5-21-##--# -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SID of samba domain?
How do I find out the SID of my samba domain? And how do I migrate this SID to another machine when I migrate my domain over. PLEASE HELP! Thanks Jose -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Problem upgrading to 3.0.4 and ArcServe
Jerry, I am having the problem and I am in Iowa. So I don't think it is a location specific problem. My Arc Serv Box is a Windows 2000 Server box w/sp 4. One special note is that my Arc Serv Box is also a backup Domain controller for my Domain. Other than that I have a pretty run of the mill network. I am in the progress of testing the patch(https://bugzilla.samba.org/show_bug.cgi?id=1315) with my test server. I should know if it works bye tonight Shane -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Thursday, May 20, 2004 10:12 AM To: Andreas Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Re: Problem upgrading to 3.0.4 and ArcServe -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas wrote: | On a related note, I'm surprised at the amount of people | being hit by this bug, since, to my understanting, it | only affects windows installations without strong cryptography | support, which means old service packs or none. I've looked into this some more and it could just be a different in the way that non-us windows servers operate. We only ask for AUTH_PIPE_SEAL in winbuindd' schannel code. All of my servers include the nonce for sealing in the verfier returned from the server as well. But apparently non-us servcers don't. The only way I could reproduce this was to use a unpatched 2k DC. But everyone of the people who reported this bug (that I can remember) where outside the US. Go figure cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFArMq/IR7qMdg1EfYRAoKkAKD0gd+5CnNMeED/1/YtxLUkxgI0vACghEFw aH3gViDVWhpp6r/0lfYP+lE= =qSFL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SID of samba domain?
Jose Martinez wrote: How do I find out the SID of my samba domain? And how do I migrate this SID to another machine when I migrate my domain over. PLEASE HELP! Thanks Jose If you're running Samba3, use net getlocalsid. If not, on Samba 2.2.8 you can use smbpasswd -X servername to obtain the Sid. On Samba3 net setlocalsid will set your server's sid and smbpasswd -W will do the equivalent on 2.2.8. I highly recommend using Samba3 over 2.2.8. Hope this helps. Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 + Win2k = Headache
I have a feeling I may have lost focus on the issue in some of my previous messages... so here's my dilemma. I have several Windows (2000 and XP) clients, and several Linux (Red Hat Enterprise 3, 2.4.21 kernel) clients. I've got a couple servers, one is currently Windows 2000 Server, and one is Linux (same as above, with the snapshot Samba running). I want to be able to have users log into the Linux clients, authenticated through the Windows server, and access their home directory from the Linux server. That's the goal in a nutshell... Here's a very brief summary of the problems I've run into with all of the solutions I've tried: 1. I tried having the clients use SMB to mount their home directory, but realized that SMB doesn't support hard or symbolic links, apparently despite the unix extensions = yes option being set. It may be that the unix extensions option only applies to cifs clients, which leads us to #2. 2. I tried to apply the cifs patch to a couple of my Linux client machines, but for one reason or another, the module never wants to either get compiled, or be inserted into the kernel. The kernel gives me hundreds of errors if I try to compile it, after having downloaded the source right from Red Hat, in RPM format... even when I copy the /boot/config-2.4.21-15EL to the source directory and try to compile. 3. Having lost faith in SMB and CIFS, I moved on to NFS. However, since my authentication is going through the Windows server via winbind, each client is getting different UID's and GID's for the same user. So, I tried idmap_ad, after installing the Services for Unix 3.5 on the Windows server, but can't get the clients to pull the UID and GID we set on the server. It keeps using its own local algorithm and coming up with its own UID/GID. I've tried removing the winbindd_idmap.tdb and winbindd_cache.tdb, and setting the idmap backend = ad:ldap://servername; in the smb.conf, but to no avail. 4. We're currently considering dropping the Samba server altogether, since nothing we do seems to work, but even that's causing problems. To get it to work, we have to use NIS for authentication, and access all the home directories via NFS. This all apparently requires much configuration on the Windows server, and is causing me headaches... besides, being an anti-Microsoft guy, I feel like I'm abandoning my brethren in Linuxland. I'm very open to suggestions... I've just about exhausted all the options I can think of... so if anybody has any advice, please let me know. Shannon Shannon Johnson Network Support Specialist / Systems Administrator Dept. of Mechanical and Nuclear Engineering 224 Reber Building University Park, PA 16802 Phone: (814) 865-8267 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net ads join hangs forever
I am trying to join my Linux workstation to my ADS domain. Unfortunately, I'm not having much success. net ads join hangs forever (or at least for more than 12 hours) when run. The computer account is created in the domain, but the process never completes. tdbdump secrets.tdb shows no results, and wbinfo shows users and groups from the trusted domains but not from the domain I am trying to join. getent has the same results as wbinfo. net ads info fails altogether, stating that the ldap server was not found. Watching Ethereal during the net ads join shows lots of Reverse DNS queries but not much else. I am using 'Samba-3 by Example' Chapter 9 as the source for my configurations, and I'm not sure where I've gone wrong. Platform: Fedora Core 2 Samba: 3.0.3 [EMAIL PROTECTED] root]# net ads join -d 10 [2004/05/20 10:08:46, 5] lib/debug.c:debug_dump_status(367) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 [2004/05/20 10:08:46, 3] param/loadparm.c:lp_load(3886) lp_load: refreshing parameters [2004/05/20 10:08:46, 3] param/loadparm.c:init_globals(1307) Initialising global parameters [2004/05/20 10:08:46, 3] param/params.c:pm_process(566) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2004/05/20 10:08:46, 3] param/loadparm.c:do_section(3384) Processing section [global] doing parameter workgroup = UWB doing parameter server string = Samba 3.0.3 doing parameter printcap name = CUPS doing parameter load printers = yes doing parameter printing = cups doing parameter log file = /var/log/samba/%m.log doing parameter max log size = 50 doing parameter security = ads doing parameter username map = /etc/samba/smbusers doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 doing parameter dns proxy = no doing parameter idmap uid = 16777216-33554431 doing parameter idmap gid = 16777216-33554431 doing parameter template shell = /bin/bash doing parameter template primary group = Domain Users doing parameter realm = UWB.EDU doing parameter log level = 1 doing parameter syslog = 1 doing parameter ldap ssl = no [2004/05/20 10:08:46, 4] param/loadparm.c:lp_load(3918) pm_process() returned Yes [2004/05/20 10:08:46, 7] param/loadparm.c:lp_servicenumber(4031) lp_servicenumber: couldn't find homes [2004/05/20 10:08:46, 10] param/loadparm.c:set_server_role(3827) set_server_role: role = ROLE_DOMAIN_MEMBER [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset UCS-2LE [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103) Registered charset UCS-2LE [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset UTF8 [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103) Registered charset UTF8 [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset ASCII [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103) Registered charset ASCII [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset 646 [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103) Registered charset 646 [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset ISO-8859-1 [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103) Registered charset ISO-8859-1 [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset UCS2-HEX [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103) Registered charset UCS2-HEX [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5]
Re: Re: [Samba] Windows XP slow access to network places shortcut?
All, thanks for the help. Clint, here are my conf files as you suggested. I do think that your hunch is right due to the fact that browsing between the subnets became funky a couple of weeks ago for some unknown reason. Thanks for any suggestions or advice: Fileserver smb.conf [global] workgroup = WORKGROUP netbios name = FILESERVER server string = Main file server security = SHARE encrypt passwords = true enhanced browsing = no log file = /var/log/smb.log #max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 128 domain master = Yes remote browse sync = 192.168.12.10 192.168.62.10 preferred master = Yes local master = Yes dns proxy = yes wins support = yes wins proxy = yes name resolve order = wins lmhosts hosts bcast interfaces = 192.168.1.255/255.255.255.0 192.168.12.255/255.255.255.0 192.168.13.255/255.255.255.0 192.168.62.255/255.255.255.0 192.168.1.6/255.255.255.0 remote announce = 192.168.1.255/WORKGROUP 192.168.12.10/WORKGROUP 192.168.1.6/WORKGROUP 192.168.13.9/WORKGROUP 192.168.62.10/WORKGROUP debug level = 2 192.168.12.10 smb.conf [global] workgroup = WORKGROUP netbios name = BMASTER server string = %h server (Samba %v) security = DOMAIN encrypt passwords = Yes obey pam restrictions = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . max log size = 1000 socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 os level = 100 domain master = no local master = yes preferred master = yes dns proxy = no enhanced browsing = yes wins server = 192.168.1.6 wins support = no wins proxy = yes name resolve order = wins lmhosts hosts bcast invalid users = root debug level = 2 remote announce = 192.168.1.6/WORKGROUP 192.168.62.10/WORKGROUP 192.168.62.10 smb.conf [global] workgroup = WORKGROUP netbios name = MBROWSER2 server string = %h server (Samba %v) security = DOMAIN encrypt passwords = Yes obey pam restrictions = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . max log size = 1000 socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 os level = 100 preferred master = yes domain master = No local master = Yes wins server = 192.168.1.6 wins support = No wins proxy = yes dns proxy = yes name resolve order = wins lmhosts hosts bcast invalid users = root debug level = 2 remote announce = 192.168.1.6/WORKGROUP ---Original Message--- From: Clint Sharp [EMAIL PROTECTED] Subject: Re: [Samba] Windows XP slow access to network places shortcut? Sent: 20 May 2004 17:04:33 Mac wrote: Hmmm. Do you remember how long the actual mapping process took? My guess is that it also took a while and then it was quick after that. This suggests to me that what you have is an authentication delay. Mapped drives authenticate once (when you map them). Other things (like browsing and using UNC paths) tend to re-authenticate every time you look at them. Note, that once you've authenticated to a server with a mapped drive, everything to do with that server will most likely get quicker too. Until you un-mapp the drive. So look over the autehntication (LDAP, smbpasswd, Domain Member etc, etc) in your setup. Just a hunch, Mac Assistant Systems Adminstrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) I concur. Also, I've deleted the previous emails from this thread, but a copy of your smb.conf would help at this point. I still have a strong suspicious of a name resolution/browsing related problem as well which is slowing this down. Clint ---Original Message--- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind causes LLOONNGG delays
I have Samba 3.0.4 joined to a Windows 2000 Active Directory domain with about 16,000 users and 1,000 groups. I run FreeBSD 5.2.1 on a Dell PowerEdge 1750, dual proc P4 Xeon with HTT and 1 gig of RAM. Storage is RAID-5, three drives, 36G each. I use winbind to auth users when accessing shares on the server. This is going to be our new fileserver. Check this: # time ps auxwww | grep http root 7904 0.0 0.3 4484 3212 ?? Ss2:58PM 0:00.01 /usr/local/sbin/httpd -k start root 7905 0.0 0.3 4884 3380 ?? S 2:58PM 0:00.01 /usr/local/sbin/httpd -k start root 7906 0.0 0.3 4884 3380 ?? S 2:58PM 0:00.01 /usr/local/sbin/httpd -k start root 7907 0.0 0.3 4884 3380 ?? S 2:58PM 0:00.01 /usr/local/sbin/httpd -k start root 7908 0.0 0.3 4884 3380 ?? S 2:58PM 0:00.01 /usr/local/sbin/httpd -k start root 7909 0.0 0.3 4596 3396 ?? S 2:58PM 0:00.01 /usr/local/sbin/httpd -k start root 7913 0.0 0.1 1408 844 p1 S+2:58PM 0:00.00 grep http real1m42.312s user0m0.000s sys 0m0.010s That's just one example. It shouldn't take 1 minute 42 seconds to get a ps listing. Especially on a relatively idle server (soon to change, though). The delay is even longer if I stop winbind for a few minutes and then load it back up. Some delays for things like ls or ps or top, or even logging in at the console have been in excess of five minutes!! If I stop winbindd, I NEVER get a delay on ANYTHING that looks up usernames (ps, top, ls, etc.), even after a reboot (I ALWAYS get long delays right after a reboot if I have winbind enabled). Please help. What do I do to keep my system from haning up like this? This is unacceptable. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Trouble reading config file
I have a problem every time I add new shares/restarting samba I am running a Red Hat Enterprice with samba version: samba-3.0.2-6.3E Architecture: Samba main file only contains common aspects I am including all the shares in a different file, using this: config file = /users/%U/smb.conf This way every user can only see/access some particulare shares. This architecture worked perfectly under samba 2.2 but after upgrading I get the following problem: - When browsing All shares are gone (except printers Faxes) - When I double-click printers Faxes and use the back-button all the correct shares are shown - I am able to access each share by a direct link \\Server\private - and when I use the back-button all the correct shares are shown As you see my problem is that somehow when restarting or adding new shares the shares will not be shown (but they are still available). As youprobably can understand this is not satisfactory and I have tried reading all kinds of documentation and HOWTOs but I cannot seem to identify the problem. I would be very happy if someone could give me a hint so I can solve this n ightmare :) /Nikolaj, Denmark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Realtime Machine Account Management
We are looking at Ghost Enterprise to manage things like OS rollouts. Ghost wants to be able to instruct the PDC to add or remove machine accounts. I have the adding feature working fine, but is there a way to have a remove script so that a machine can be removed from the domain? Thanks, JMS -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] logon server conflicts with server-level
Hello, please guys, any help will be appreciated. I have two linux servers (samba-3.0.2-6.3E) with RHEL 3E: Server one: Configured as logon server (network inside) The other server: with the user's accounts. (network dmz) The error message in one: [EMAIL PROTECTED] root]# smbstatus -b Server's Role (logon server) conflicts with server-level security The other server has 3380 accounts in smbpasswd, and some accounts are not login correctly from the server one. The server configuration in both cases: One: workgroup = grupotrabajo security = server hosts allow = 192.168.5. 127. password server = 10.1.1.7 ; password level = 8 ; username level = 8 ; encrypt passwords = yes ; smb passwd file = /etc/samba/smbpasswd ; local master = yes os level = 33 ; domain master = yes ; preferred master = yes domain logons = yes The other: workgroup = grupotrabajo security = user ; password level = 8 ; username level = 8 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd local master = yes os level = 64 domain master = yes preferred master = yes ; domain logons = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems w/ MultipleUsersOnConnection registry entry for Windows 2000 Terminal servers
I'm sending this as an FYI since we don't have all the details worked out and this isn't a Samba problem. We have seen problems (on the one system we tried it on) with MultipleUsersOnConnection registry entry for Windows 2000 Terminal servers that was mentioned in http://lists.samba.org/archive/samba/2004-April/084427.html It may only happen with users who map through Microsoft DFS paths. A year+ ago we had a problem where some users (generally tied to the same RDP/ICA session into a terminal server) would not get this homedir profile drives at logon time. It appeared as if the network connection was half way stuck in the registry or such from the previous user. We eventually got a fix for this, but MS may have regressed something. Once we removed this patch the problem went away. Bill Marshall IBM Global Services SDC North Rochester Server Support, PC Server Team Dept. 77NA, Building 020-3, Rochester, MN -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 + Win2k = Headache
Without knowing the roles of the servers, I can't understand the desperation of the problem. User homes on W2k3, other stuff on samba--why is this a problem? Shannon Johnson wrote: I have a feeling I may have lost focus on the issue in some of my previous messages... so here's my dilemma. I have several Windows (2000 and XP) clients, and several Linux (Red Hat Enterprise 3, 2.4.21 kernel) clients. I've got a couple servers, one is currently Windows 2000 Server, and one is Linux (same as above, with the snapshot Samba running). I want to be able to have users log into the Linux clients, authenticated through the Windows server, and access their home directory from the Linux server. That's the goal in a nutshell... Here's a very brief summary of the problems I've run into with all of the solutions I've tried: 1. I tried having the clients use SMB to mount their home directory, but realized that SMB doesn't support hard or symbolic links, apparently despite the unix extensions = yes option being set. It may be that the unix extensions option only applies to cifs clients, which leads us to #2. 2. I tried to apply the cifs patch to a couple of my Linux client machines, but for one reason or another, the module never wants to either get compiled, or be inserted into the kernel. The kernel gives me hundreds of errors if I try to compile it, after having downloaded the source right from Red Hat, in RPM format... even when I copy the /boot/config-2.4.21-15EL to the source directory and try to compile. 3. Having lost faith in SMB and CIFS, I moved on to NFS. However, since my authentication is going through the Windows server via winbind, each client is getting different UID's and GID's for the same user. So, I tried idmap_ad, after installing the Services for Unix 3.5 on the Windows server, but can't get the clients to pull the UID and GID we set on the server. It keeps using its own local algorithm and coming up with its own UID/GID. I've tried removing the winbindd_idmap.tdb and winbindd_cache.tdb, and setting the idmap backend = ad:ldap://servername; in the smb.conf, but to no avail. 4. We're currently considering dropping the Samba server altogether, since nothing we do seems to work, but even that's causing problems. To get it to work, we have to use NIS for authentication, and access all the home directories via NFS. This all apparently requires much configuration on the Windows server, and is causing me headaches... besides, being an anti-Microsoft guy, I feel like I'm abandoning my brethren in Linuxland. I'm very open to suggestions... I've just about exhausted all the options I can think of... so if anybody has any advice, please let me know. Shannon Shannon Johnson Network Support Specialist / Systems Administrator Dept. of Mechanical and Nuclear Engineering 224 Reber Building University Park, PA 16802 Phone: (814) 865-8267 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] do I have to have Domain Name for LDAP
Do I have to have a domain name called EAGLES.com in order to have LDAP working with Samba 3.0 as my PDC? This is from my slapd.conf suffix dc=EAGLES,dc=com rootdn cn=Manager,dc=EAGLES,dc=com as I try to login from windows 95, I get the following message in the log file. [2004/05/20 01:11:44, 1] lib/smbldap.c:smbldap_retry_open(888) Connection to LDAP Server failed for the 1 try! [2004/05/20 01:11:44, 0] lib/smbldap.c:smbldap_search_suffix(1075) smbldap_search_suffix: Problem during the LDAP search: (unknown) (Time limit exceeded) [2004/05/20 01:12:09, 0] lib/smbldap.c:smbldap_open_connection(530) ldap_initialize: Time limit exceeded [2004/05/20 01:12:09, 1] lib/smbldap.c:smbldap_retry_open(888) Connection to LDAP Server failed for the 1 try! [2004/05/20 01:12:09, 0] lib/smbldap.c:smbldap_search_suffix(1075) smbldap_search_suffix: Problem during the LDAP search: (unknown) (Time limit exceeded) Anybody has any idea why? Thanks, Ambex - Do you Yahoo!? Yahoo! Domains - Claim yours for only $14.70/year -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3 + Win2k = Headache
The home directories are on the Samba server, not the Windows server. The Windows clients work fine, but there are all sorts of problems getting the Linux clients to communicate properly with the Linux server (go figure). Besides, even if I DID have the home directories on the Windows server, the SMB protocol doesn't support hard or symbolic links, or locking, which is required for X Windows to work properly... so the users can't log in and use a GUI. If I try to set up the NFS server on Windows, I run into username mapping problems, along with other issues. (begin rant) I've been planning and researching this project now for about 3 months... and never had any problems or issues with it, because in all the websites and books I read, in Samba 3, there's supposed to be a unix extensions option that magically fixes the shortcomings of the SMB protocol. Now I find out that it doesn't work in the current version, seemingly doesn't work in the snapshot version, and (possibly) the only reason it IS working for the developers is that they're mounting their test directories with CIFS, which supports those things anyway! In hindsight, maybe I should have scheduled 6 months to research this... but I figured that since a half-dozen books and websites verified the existence and purpose of the unix extensions option, I didn't think it necessary. I only have until the end of next week to get everything working, and I started on this exclusively on Monday... 4 days later, and I'm no closer to being done... and after this is done, I've got a LOT of other stuff that needs done before next Friday anyway. (end rant) Sorry, I just had to get that out. Now, back to my problem... I can't recompile the kernel to support CIFS as a module (don't know why... just won't work... I'll give you the IP and root's password if you'd like to have a go at it), and I can't upgrade to the 2.6 kernel because I'm using Red Hat Enterprise, which uses a modified version of the kernel. I've tried everything I can think of, and I'm completely stumped as to what to do for a solution. I'm sure most of you have had those situations where you researched everything you could think of, planned it as best as you could, but when the time came, all kinds of things went wrong that you couldn't have possibly foreseen... I'm in that situation now, except now, the boss is watching VERY closely... Shannon Johnson Network Support Specialist / Systems Administrator Dept. of Mechanical and Nuclear Engineering 224 Reber Building University Park, PA 16802 Phone: (814) 865-8267 -Original Message- From: tms3 [mailto:[EMAIL PROTECTED] Sent: Thursday, May 20, 2004 3:45 PM To: Shannon Johnson Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Samba 3 + Win2k = Headache Without knowing the roles of the servers, I can't understand the desperation of the problem. User homes on W2k3, other stuff on samba--why is this a problem? Shannon Johnson wrote: I have a feeling I may have lost focus on the issue in some of my previous messages... so here's my dilemma. I have several Windows (2000 and XP) clients, and several Linux (Red Hat Enterprise 3, 2.4.21 kernel) clients. I've got a couple servers, one is currently Windows 2000 Server, and one is Linux (same as above, with the snapshot Samba running). I want to be able to have users log into the Linux clients, authenticated through the Windows server, and access their home directory from the Linux server. That's the goal in a nutshell... Here's a very brief summary of the problems I've run into with all of the solutions I've tried: 1. I tried having the clients use SMB to mount their home directory, but realized that SMB doesn't support hard or symbolic links, apparently despite the unix extensions = yes option being set. It may be that the unix extensions option only applies to cifs clients, which leads us to #2. 2. I tried to apply the cifs patch to a couple of my Linux client machines, but for one reason or another, the module never wants to either get compiled, or be inserted into the kernel. The kernel gives me hundreds of errors if I try to compile it, after having downloaded the source right from Red Hat, in RPM format... even when I copy the /boot/config-2.4.21-15EL to the source directory and try to compile. 3. Having lost faith in SMB and CIFS, I moved on to NFS. However, since my authentication is going through the Windows server via winbind, each client is getting different UID's and GID's for the same user. So, I tried idmap_ad, after installing the Services for Unix 3.5 on the Windows server, but can't get the clients to pull the UID and GID we set on the server. It keeps using its own local algorithm and coming up with its own UID/GID. I've tried removing the winbindd_idmap.tdb and winbindd_cache.tdb, and setting the idmap backend = ad:ldap://servername; in the smb.conf, but to no avail.
RE: [Samba] Samba 3 + Win2k = Headache
SNIP I can't recompile the kernel to support CIFS as a module (don't know why... just won't work... I'll give you the IP and root's password if you'd like to have a go at it), and I can't upgrade to the 2.6 kernel because I'm using Red Hat Enterprise, which uses a modified version of the kernel. I've tried everything I can think of, and I'm completely stumped as to what to do for a solution. SNIP Actually, you can upgrade RHEL 3 to 2.6.x. There's a support issue with that, since RH isn't going to want to give you phone support once you've done it. The technical issues aren't earthshaking though. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 + Win2k = Headache
I'm very open to suggestions... I've just about exhausted all the options I can think of... so if anybody has any advice, please let me know. From what I can gather, you've got 2003 AD doing user management RHEL for a (home) fileserver Clients of all flavors Have you thoroughly investigated just using nfs and autofs to do home directory mounting and decided you can't use it for one reason or another? What are those reasons? You'd probably have less headache using nfs in a unix client - unix server environment, after all, that's what NFS is good for. There may be some ldap solutions you can use for that. Maybe you'd have to script something to generate an autofs map periodically from AD's LDAP, but it seems like less headache than what you've got going on now. I've done that for Solaris boxes that don't play nice with linux LDAP autofs trees, you can probably glean the data from AD if you put it in right. If I were you, I'd find a way to make NFS work, it's mature, and designed for exactly this. Use samba for user translation between OSs, but don't use smb until you need to traverse OS families for filesharing. I would suggest you keep to RH's kernel. That's why you paid money for RHEL, to get support. If you do something like jump to another unsupported kernel you may as well go to Fedora (or another free distro). RH backports some current kernel fixes and out-of-branch patches to their kernel to tune it for their purposes. You may even have a pile of 2.6 code in your RHEL 2.4 kernel. Shannon Shannon Johnson Network Support Specialist / Systems Administrator Dept. of Mechanical and Nuclear Engineering 224 Reber Building University Park, PA 16802 Phone: (814) 865-8267 -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] - The information contained in this message is privileged and intended only for the recipient names. If the reader is not a representative of the intended recipient, any review, dissemination or copying of this message or the information it contains is prohibited. If you have received this message in error, please immediately notify the sender, and delete the original message and attachments. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Any organizations running SAGE Mas90 with Samba 2.7 and up?
Are there any organizations running SAGE's current Mas90 database build on a SAMBA share without any corruption issues to the Mas90 database? When I say running, I mean with more than 3 users within the database concurrently. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 PDC and ADS member server
I've been reading some documentation and can't find an answer to my question... I work in an environment where we have a bunch of Solaris 2.8 servers and a bunch of developers using Windows 2000 and XP desktops. We support a client using a Windows 2000 Server ADS PDC, and they need to map some of the NFS drives on our Solaris 2.8 servers. Currently we run a PCNetLink PDC (don't worry much about that, it's basically the same as a Samba 2 NT4 PDC), and our PCNetLink PDC has a trust relationship to the Windows 2000 Server ADS PDC that our client has. Additionally our internal development staff uses the PCNetLink PDC for user authentication, netlogon services, file sharing, etc. Fairly soon the corporation that both our development group and our client belong to is going to disallow all NT4 domain services, including PCNetLink and legacy mode operations, so we are looking at switching to Samba 3, as we have heard that it can communicate with ADS servers. Here's my question: I would like to move to an OpenLDAP/Kerberos authentication scheme for our Solaris machines and have a Samba 3 PDC using this OpenLDAP/Kerb5 backend for authentication as the PDC for our Windows 2000 and XP workstations. Additionally, I would like to be able to have the same Samba 3 PDC interact with the Windows 2000 ADS Server that our client runs in either a trust relationship or as a member server to allow the customer clients to use the filesharing services on our Solaris servers. From my reading, it seems that the trust relationship is not possible (something about NT4 trusts vs. ADS trusts, and Samba 3 only supporting NT4 trusts). Is it possible to have one samba 3 PDC also be an ADS member server? Is there some better way to achieve what I've described? Thanks for any help. Greg -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 + Win2k = Headache
Shannon Johnson wrote: From what I can gather, you've got 2003 AD doing user management RHEL for a (home) fileserver Clients of all flavors Have you thoroughly investigated just using nfs and autofs to do home directory mounting and decided you can't use it for one reason or another? What are those reasons? You'd probably have less headache using nfs in a unix client - unix server environment, after all, that's what NFS is good for. Win2000 server, not 2k3... but essentially correct. NFS won't work because since we're doing authentication through winbind, all of the uid's are different on each linux client. We've tried loading the Services for Unix on the server, and assigning UID's, then using the idmap_ad as the idmap backend, but I'm actually not sure how it works, so I can't thoroughly explore it (the documentation apparently doesn't exist?). The only thing I can check is getent passwd which returns the UID winbind came up with on its own (through its own methods... not from AD). For that I would suggest using a central LDAP repository for your idmap backend on all machines. If that's all you need to do to get it going with nfs, that's a not-too-tough situation to solve. You don't have to go through the (somtimes painful) samba/ldap setup, you just need a basic ldap server with one idmap tree in it. What are you using for your unix auth now? since it sounds like you've got a few unix machines, ldap is a good fit there too, unless you've got something else that's tied in to your organization that you'd have to rebuild... Also, we are sharing files in a cross-platform environment... We needed to have the same file space, using the same quota for all of the users in the department. What is enforcing your quotas? 2K or unix machine? That's why Samba seemed like such a perfect fit. Windows maps the user's home directory from the Samba server via SMB, and the Linux users do the same. That's when the symbolic and hard link problems come into play... -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] - The information contained in this message is privileged and intended only for the recipient names. If the reader is not a representative of the intended recipient, any review, dissemination or copying of this message or the information it contains is prohibited. If you have received this message in error, please immediately notify the sender, and delete the original message and attachments. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Scripting smbclient
Ever figure out a good way to check for failure / success from a script using smbclient ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Problem upgrading to 3.0.4 and ArcServe
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Shane Drinkwater wrote: | Jerry, | I am having the problem and I am in Iowa. So I | don't think it is a location specific problem. My | Arc Serv Box is a Windows 2000 Server box w/sp 4. | One special note is that my Arc Serv Box is also a | backup Domain controller for my Domain. Other than | that I have a pretty run of the mill network. I am in | the progress of testing the | patch(https://bugzilla.samba.org/show_bug.cgi?id=1315) | with my test server. I should know if it works | bye tonight Strange then. I had originally thought that all service packs for Windows 2k enabled strong encryption (unlike the us and export versions we used to have for NT4). Maybe I'm wrong. What service pack is you windows 200 DC and where did you get the SP archive from ? cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFArRynIR7qMdg1EfYRArjwAKDhCsozLSuNtQe0GJwKyUOEHbCSjwCg7sUt MzqI8mmMunuWLlsePoqEGpU= =2DVF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] logon server conflicts with server-level
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alberto Grajeda Chacon wrote: | Hello, please guys, any help will be appreciated. | | I have two linux servers (samba-3.0.2-6.3E) with RHEL 3E: | Server one: Configured as logon server (network inside) | The other server: with the user's accounts. (network dmz) | | The error message in one: | [EMAIL PROTECTED] root]# smbstatus -b | Server's Role (logon server) conflicts with server-level security | |security = server ... |domain logons = yes Sorry but we won't support using these 2 parameters together. Security = server is just a bad idea anyway given the current support for security = [domain|ads] and using multiple Samba DCs. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFArR5RIR7qMdg1EfYRApSzAKC9h2qeKAYDH8OmfC6mu1z1CMDoYACgsPH0 5YAl1YRZpEpRdbu76xnOvHA= =Q2pk -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] do I have to have Domain Name for LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 abebe lsslp wrote: | Do I have to have a domain name called EAGLES.com | in order to have LDAP working with Samba 3.0 as my PDC? | | This is from my slapd.conf | suffix dc=EAGLES,dc=com | rootdn cn=Manager,dc=EAGLES,dc=com Nope. Any naming context is fine. | as I try to login from windows 95, I get the following | message in the log file. ... | smbldap_search_suffix: Problem during the LDAP | search: (unknown) (Time limit exceeded) Check for broken DNS setups or something else that would cause the LDAP server to hang. Doesn't appear to be a Samba issue. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFArR65IR7qMdg1EfYRAhPpAJ9Z7S5vHfTCY47RXbxwbkc5xM0teQCdHaHC djy1+w3yUia+eZbLe9Xu/Js= =0BKG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind causes LLOONNGG delays
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kevin A. Pieckiel wrote: | That's just one example. It shouldn't take 1 | minute 42 seconds to get a ps listing. Especially | on a relatively idle server (soon to change, though). Try setting 'winbind enum users = no' and 'winbind enum groups = no' in smb.conf. Other than that, you'll need to find out what winbindd is doing level 10 debug logs are the best here). cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFArR8rIR7qMdg1EfYRAvzrAKCtgn0uZ9trMdCQ+ZlaKCtU5YR83QCfQuR0 yazxj5ElvuihWE0ekDvLsT0= =ZQKJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] logon server conflicts with server-level
On Thu, May 20, 2004 at 04:08:33PM -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alberto Grajeda Chacon wrote: | Hello, please guys, any help will be appreciated. | | I have two linux servers (samba-3.0.2-6.3E) with RHEL 3E: | Server one: Configured as logon server (network inside) | The other server: with the user's accounts. (network dmz) | | The error message in one: | [EMAIL PROTECTED] root]# smbstatus -b | Server's Role (logon server) conflicts with server-level security | |security = server ... |domain logons = yes Sorry but we won't support using these 2 parameters together. Security = server is just a bad idea anyway given the current support for security = [domain|ads] and using multiple Samba DCs. In fact we should just refuse to run with those two parameters set I think. At least a testparm check for them. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net ads join hangs forever
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Aaron Grewell wrote: | I am trying to join my Linux workstation to my ADS domain. | Unfortunately, I'm not having much success. net ads | join hangs forever (or at least for more than 12 hours) | when run. ... | [2004/05/20 10:08:47, 0] libads/ldap.c:ads_add_machine_acct(1006) | Host account for cygnus already exists - modifying old account | [2004/05/20 10:08:47, 5] libads/ldap_utils.c:ads_do_search_retry(56) | Search for (objectclass=*) gave 1 replies | | * | After the LDAP search it hangs forever. :( | I would start by checking for any kerberos misconfigurations. Just a gut feeling though. Does kinit run ok ? cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFArR+zIR7qMdg1EfYRApA9AJ9eRPJY0epCgihSOXboJ+Ja6+6vcgCbBcvR BYuR207X5GEeLtZAp+BV7Pk= =mbOD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] logon server conflicts with server-level
Thank you for answer. But, what can I do to solve the problem???. With Security=domain, the same problem: logon server conflicts with domain-level. Alberto. On Thu, 20 May 2004, Jeremy Allison wrote: On Thu, May 20, 2004 at 04:08:33PM -0500, Gerald (Jerry) Carter wrote: Alberto Grajeda Chacon wrote: | Hello, please guys, any help will be appreciated. | | I have two linux servers (samba-3.0.2-6.3E) with RHEL 3E: | Server one: Configured as logon server (network inside) | The other server: with the user's accounts. (network dmz) | | The error message in one: | [EMAIL PROTECTED] root]# smbstatus -b | Server's Role (logon server) conflicts with server-level security | |security = server ... |domain logons = yes Sorry but we won't support using these 2 parameters together. Security = server is just a bad idea anyway given the current support for security = [domain|ads] and using multiple Samba DCs. In fact we should just refuse to run with those two parameters set I think. At least a testparm check for them. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] logon server conflicts with server-level
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alberto Grajeda Chacon wrote: | Thank you for answer. | | But, what can I do to solve the problem???. | | With Security=domain, the same problem: logon | server conflicts with domain-level. synchronize the accounts between the boxes. Or make 2 domains and establish a trust between them. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFArSLZIR7qMdg1EfYRAoSXAKCfEfpPMPAT5149DseEUnEXeYeIiACdFVZl /eVzSWy4DO0sZbOcbkr2Ee0= =BizI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 + Win2k = Headache
Yep. And you can populate ADS with the ldap stuff, automatically, but only one way. From ldap to W2k. I've got an overview on this form the University of Michigain, but at the office. On vacation till tuesday. Paul Gienger wrote: Shannon Johnson wrote: From what I can gather, you've got 2003 AD doing user management RHEL for a (home) fileserver Clients of all flavors Have you thoroughly investigated just using nfs and autofs to do home directory mounting and decided you can't use it for one reason or another? What are those reasons? You'd probably have less headache using nfs in a unix client - unix server environment, after all, that's what NFS is good for. Win2000 server, not 2k3... but essentially correct. NFS won't work because since we're doing authentication through winbind, all of the uid's are different on each linux client. We've tried loading the Services for Unix on the server, and assigning UID's, then using the idmap_ad as the idmap backend, but I'm actually not sure how it works, so I can't thoroughly explore it (the documentation apparently doesn't exist?). The only thing I can check is getent passwd which returns the UID winbind came up with on its own (through its own methods... not from AD). For that I would suggest using a central LDAP repository for your idmap backend on all machines. If that's all you need to do to get it going with nfs, that's a not-too-tough situation to solve. You don't have to go through the (somtimes painful) samba/ldap setup, you just need a basic ldap server with one idmap tree in it. What are you using for your unix auth now? since it sounds like you've got a few unix machines, ldap is a good fit there too, unless you've got something else that's tied in to your organization that you'd have to rebuild... Also, we are sharing files in a cross-platform environment... We needed to have the same file space, using the same quota for all of the users in the department. What is enforcing your quotas? 2K or unix machine? That's why Samba seemed like such a perfect fit. Windows maps the user's home directory from the Samba server via SMB, and the Linux users do the same. That's when the symbolic and hard link problems come into play... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net ads join hangs forever
I would start by checking for any kerberos misconfigurations. Just a gut feeling though. Does kinit run ok ? Kinit runs fine. I started with a standard Kerb config that I've used a number of times with good success. I also tried removing /etc/krb5.conf altogether. Kinit ran fine in either case. Using kinit -V [EMAIL PROTECTED] returns Authenticated to Kerberos V5 once I've entered my password so I'm pretty sure it's working. The user I'm authenticating as is a Domain Admin, and so should have the rights to do what is needed. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Problem upgrading to 3.0.4 and ArcServe
Jerry, I downloaded the SP from Microsoft.com( Offline network install ) I am on SP4 on Windows?? Would ArcServ implement its own Security??? Shane -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Thursday, May 20, 2004 4:01 PM To: Shane Drinkwater Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Re: Problem upgrading to 3.0.4 and ArcServe -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Shane Drinkwater wrote: | Jerry, | I am having the problem and I am in Iowa. So I | don't think it is a location specific problem. My | Arc Serv Box is a Windows 2000 Server box w/sp 4. | One special note is that my Arc Serv Box is also a | backup Domain controller for my Domain. Other than | that I have a pretty run of the mill network. I am in | the progress of testing the | patch(https://bugzilla.samba.org/show_bug.cgi?id=1315) | with my test server. I should know if it works | bye tonight Strange then. I had originally thought that all service packs for Windows 2k enabled strong encryption (unlike the us and export versions we used to have for NT4). Maybe I'm wrong. What service pack is you windows 200 DC and where did you get the SP archive from ? cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFArRynIR7qMdg1EfYRArjwAKDhCsozLSuNtQe0GJwKyUOEHbCSjwCg7sUt MzqI8mmMunuWLlsePoqEGpU= =2DVF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] cupsaddsmb
HI! I've a problem with cupsaddsmb!! :-( At the console I type: cupsaddsmb -U root -v printername and after some operations complete correctly appear this error: [...] Running command: rpcclient localhost -N -U'root%' -c 'adddriver Windows NT x86 eps6100l:cupsdrv5.dll:eps6100l.ppd:cupsui5.dll:cups5.hlp:NULL:RAW:NULL' cmd = adddriver Windows NT x86 eps6100l:cupsdrv5.dll:eps6100l.ppd:cupsui5.dll:cups5.hlp:NULL:RAW:NULL Printer Driver eps6100l successfully installed. Running command: rpcclient localhost -N -U'root%' -c 'setdriver eps6100l eps6100l' cmd = setdriver eps6100l eps6100l result was NT_STATUS_UNSUCCESSFUL Why rpcclient can't associate my shared printer with the successfully installed printer driver? What is the matter? Any idea? Thanks! ilteo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind causes LLOONNGG delays
On Thu, May 20, 2004 at 04:12:11PM -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kevin A. Pieckiel wrote: | That's just one example. It shouldn't take 1 | minute 42 seconds to get a ps listing. Especially | on a relatively idle server (soon to change, though). Try setting 'winbind enum users = no' and 'winbind enum groups = no' in smb.conf. Other than that, you'll need to find out what winbindd is doing level 10 debug logs are the best here). I *THINK* that did it! I'll have to just use it some more and see. I'm not very clear on exactly what these parameters do. The man page seems kinda vague in how winbind interacts with the functions listed and how enumerating users and groups (or NOT enumerating them) affects the system, in particular winbind/samba. Can you or anyone else here help me understand this better? Thank you so much. Kevin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] can't map user to Windows Domain Admins
Hi Guys JUsta newbie question. I've been reading Cap 11 from Samba-HOWTO, and when I follow the example: group domadm=root,Administrador and make net groupmapp add ntgroup=Domain Admins uxingroup=domadm it ok, but I received the following answer: hercules:~# net groupmap list System Operators (S-1-5-32-549) - -1 Domain Users (S-1-5-21-3939155289-3141390475-2008170846-513) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Admins (S-1-5-21-3939155289-3141390475-2008170846-1001) - Administrador Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Domain Guests (S-1-5-21-3939155289-3141390475-2008170846-514) - -1 Administrators (S-1-5-32-544) - -1 Domain Admins (S-1-5-21-3939155289-3141390475-2008170846-512) - -1 Account Operators (S-1-5-32-548) - -1 Domain Admins (S-1-5-21-3939155289-3141390475-2008170846-3013) - Administrador Domain Admins (S-1-5-21-3939155289-3141390475-2008170846-3059) - domadm ^^^ Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Question: How can I make this?? ( as the Howto says..80)) Domain Admins (S-1-5-21-3939155289-3141390475-2008170846-512) - domadm ^ Thanks in advanced BTW Debian + Samba 3.0.2 -- Paulo Ricardo Bruck - consultor Contato Global Solutions tel 011 5031-4932 fone/fax 011 5034-1732 cel 011 9235-4327 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Valid users question
Hi, I've a question about the syntax of the valid users option. Any help is greatly appreciated! Here is the Background: samba 3.0.4 Linux as Domain Member Active Directory, not in Native Mode Compiler opions: --with-winbind --with-pam --with-smbmount The goal is to authenticate via the Windows Domain and allow access via Windows groups. The syntax in my smb.conf looks like this: valid users = DOMAIN\SOMEGROUP However, it doesn't work no matter what. I can authenticate individual users thusly: valid users = DOMAIN\SOMEUSER I've read about the @ + and syntax, but they only seem to represent Unix Nis groups. Is there another way to represent Windows groups? Or is my config the culprit? Here's the conf file: smb.conf: [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = DOMAIN # WINS service winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes wins server = XXX.XXX.XXX.XXX password server = * server string = SAMBA log file = /var/log/samba/%m.log max log size = 0 log level = 10 security = domain auth methods = guest sam ntdomain encrypt passwords = yes local master = no dns proxy = no [SOMESHARE] comment = Some Share path = /d1/articles public = no writable = yes printable = no valid users = DOMAIN\SOMEGROUP -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
John H Terpstra [EMAIL PROTECTED] wrote: On the UNIX system addition/change of user accounts requires UID=0. If you want your Administrator to be able to manage user accounts UID=0 is a must. Also, the RID for Administrator must be 500 for the account to have admin privileges in Windows. OK. The Linux box is at a school and administered by novices, so I've set up user account management via Webmin, with synchronization of the Samba accounts. This is working well. However, in order for Administrator to be able to log in on the domain, I had to create an Administrator account, hence the one with an ID of 604. Same on my office network, but here I've created a group, smbadmins, added Administrator and myself into it, and then added domain admin group = @smbadmins (following some online docs, but testparm doesn't like this, so I'll remove it) admin users = @smbadmins printer admin = @smbadmins I also upgraded from 2.2 to 3.04 and this seems to be a lot happier when running USRMGR.EXE, etc. If you are using and LDAP backend it is imperative that all UIDs and RIDs must be unambiguous. So if you have a root account and an Administrator account - you have introduced ambiguity. It is best to use the 'root' account in place of the NT Administrator. Just make sure that the RID for the root account is 500. No LDAP (yet). My big questions, then, are: 1. How do I set the RID for the Administrator or root account? Currently, the SID is User SID: S-1-5-21-754926933-3079649434-3472319497-2208. I've tried editing it with: pdbedit -r -u Administrator -U S-1-5-21-754926933-3079649434-3472319497-500 but it doesn't change (and -d4 doesn't produce any useful debugging info, AFAICS). And of course the other setup is on Samba 2.2, which doesn't have pdbedit. How can the RID be changed there? 2. If we don't need to use USEMGR.EXE for account management, is there any other reason why the Administrator account needs UID/GUD = 0? I'm nervous about using the root password for domain workstation administration tasks. Thanks, Best, --- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How Is Administrator Treated?
Andreas S. Haramasz [EMAIL PROTECTED] wrote: edit /etc/passwd and change UID 604 to 1 for Administrator (Windows uses 0 for super user on Unix it is 1). Uh-uh: now that I *am* sure about - root on Unix is 0, while on Windows the domain Administrator is SID -500 (and the Domain Administrators group is -512). Also, your life is easier if you don't have Administrator on Unix instead add root=Administrator in the smbusers file. Yes, I thought about this approach. But now, if you log in as Administrator,and smb.conf has logon drive = H:, will you get /root mapped to your H: drive? That scares me. What I'm looking for here is a *definitively* correct way to deal with the Administrator logon. If it's not just right, it seems to cause trouble with administering workstations, setting up policies, etc. but I've never seen it written up anywhere. Best, --- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with w2k machines.
We have motion capture machines trying to pull files from a server. The current system uses Irix running 2.x and I am trying with my Linux box and 3.0.2a. The loading of the files is quite slow, much slower then when loading the same scenes being shared from a Windows machine. When I use ethereal to watch the traffic, there's a lot of 512 byte packets, and that stuck out as odd. I turned some debug on the logging, and see: [2004/05/20 16:00:59, 3] smbd/process.c:process_smb(890) Transaction 1965 of length 63 [2004/05/20 16:00:59, 3] smbd/process.c:switch_message(685) switch message SMBreadX (pid 12400) [2004/05/20 16:00:59, 4] smbd/uid.c:change_to_user(122) change_to_user: Skipping user change - already user [2004/05/20 16:00:59, 3] smbd/reply.c:send_file_readX(1949) send_file_readX fnum=5936 max=512 nread=512 I am wondering if there's anything that stands out here as wrong, or at least somewhere to start digging for a solution? The SMB shares are all mounted via NFS, from a NAS device. We are not using AD on our w2k servers. my smb.conf: # Global parameters [global] workgroup = MAINFRAME netbios name = MANDARIN security = DOMAIN encrypt passwords = Yes password server = neptune, pluto passwd program = /usr/bin/passwd %u passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n max log size = 5000 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=32768 SO_RCVBUF=32768 load printers = No log level = 2 os level = 0 local master = No comment = Samba %v print command = /usr/samba/bin/sambalp %p %s %U %m lppause command = lpresume command = [MOCAP] path = /mocap writeable = Yes create mask = 0775 force create mode = 0775 directory mask = 0775 force directory mode = 0775 inherit permissions = Yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] DOS filename behavior?
On Wed, May 19, 2004 at 01:49:37PM -0700, Tom Dickson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is this standard? Q:\tempdir ~ Volume in drive Q is tomsshare ~ Volume Serial Number is 0B97-4CF6 05/19/2004 01:23p DIR Thomas Dickson Directory ~ 0 File(s) 0 bytes ~ 3 Dir(s) 719,507,685,376 bytes free Q:\tempdir /x ~ Volume in drive Q is tomsshare ~ Volume Serial Number is 0B97-4CF6 05/19/2004 01:23p DIR T8UKFI~1Thomas Dickson Directory ~ 0 File(s) 0 bytes ~ 3 Dir(s) 719,507,685,376 bytes free The T8UKFI~1 name seems weird to me, as windows would call it THOMAS~1. Is there a way to make Samba act like windows in this regard? The Samba HOWTO book seems to imply that I should see THOMA~01 or somesuch. Could unicode be confusing the algorithm? By design with mangling method = hash2. To get older (less correct) behaviour set mangling method = hash. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Win98 == Samba printing problem
Using SAmba 3.0.2 and Cups 1.1.17. How does one configure a W98 box to print to a samba shared printer? Per my previous postings I can't figure it out, and the methods I've used on older Sambas don't work. I've been thru the lengthy discussion in the samba with cups documentation, which tells how to do it for NT or later, but not 9x. I've posted the smb.conf before, won't put it here, for brevity. I'd appreciate a clue. Thanks. -- Fred Smith -- [EMAIL PROTECTED] - The eyes of the Lord are everywhere, keeping watch on the wicked and the good. - Proverbs 15:3 (niv) - pgpVZDhMiSorh.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] recovering files from .recyle
I have created a recylce bin following the how-to, but I cannot figure out how end users can restore items from the samba recycle bin. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba 3 password changes
Paul Taylor wrote: Thanks for the help, but in our case the password does not change. Maybe your PAM setting are a little different? /etc/pam.d/samba #%PAM-1.0 auth required pam_nologin.so auth required pam_stack.so service=system-auth accountrequired pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth #the following 2 lines get samba to bybass pam_cracklib -- especially the dictionary checks password required pam_pwdb.so shadow md5 password optionalpam_smbpass.so nullok use_authtok try_first_pass #password required pam_smbpass.so nodelay smbconf=/etc/samba/smb.conf debug /etc/pam.d/system-auth #%PAM-1.0 authrequired pam_env.so authsufficientpam_unix.so likeauth nullok #auth sufficient pam_ldap.so use_first_pass authrequired pam_deny.so account required pam_unix.so #accountsufficent pam_ldap.so #passwordrequired pam_cracklib.so retry=3 minlen=4 dcredit=0 ucredit=0 #passwordsufficientpam_unix.so nullok use_authtok md5 shadow password requisite pam_cracklib.so retry=3 minlen=4 password requisite pam_unix.so shadow md5 use_authtok try_first_pass password optionalpam_smbpass.so nullok use_authtok try_first_pass #password sufficient pam_ldap.so use_authtok #passwordrequired pam_deny.so session required pam_limits.so session required pam_unix.so #sessionoptionalpam_ldap.so -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
svn commit: samba r789 - branches/SAMBA_4_0/source/rpc_server/samr
Author: idra Date: 2004-05-20 07:49:34 + (Thu, 20 May 2004) New Revision: 789 Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c Log: we return wrong number of entries WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=789nolog=1
svn commit: samba r790 - in branches/SAMBA_4_0/source/lib/ldb: . man man/man3
Author: tridge Date: 2004-05-20 13:20:30 + (Thu, 20 May 2004) New Revision: 790 Added: branches/SAMBA_4_0/source/lib/ldb/man/ branches/SAMBA_4_0/source/lib/ldb/man/build_manpages.sh branches/SAMBA_4_0/source/lib/ldb/man/man1/ branches/SAMBA_4_0/source/lib/ldb/man/man3/ branches/SAMBA_4_0/source/lib/ldb/man/man3/ldb.3 branches/SAMBA_4_0/source/lib/ldb/man/man3/ldb.yo Log: started working on some documentation (manual pages) for ldb WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/lib/ldbrev=790nolog=1
svn commit: samba r791 - branches/SAMBA_4_0/source/lib/ldb
Author: tridge Date: 2004-05-20 13:21:30 + (Thu, 20 May 2004) New Revision: 791 Modified: branches/SAMBA_4_0/source/lib/ldb/Makefile.ldb Log: added ldb man page build to ldb makefile WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=791nolog=1
svn commit: samba r792 - in branches/SAMBA_4_0/source/lib/ldb: common include ldb_tdb tools
Author: tridge Date: 2004-05-20 13:25:06 + (Thu, 20 May 2004) New Revision: 792 Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_ldif.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_parse.c branches/SAMBA_4_0/source/lib/ldb/include/ldb.h branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_match.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_pack.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c branches/SAMBA_4_0/source/lib/ldb/tools/ldbadd.c branches/SAMBA_4_0/source/lib/ldb/tools/ldbdel.c branches/SAMBA_4_0/source/lib/ldb/tools/ldbedit.c branches/SAMBA_4_0/source/lib/ldb/tools/ldbmodify.c branches/SAMBA_4_0/source/lib/ldb/tools/ldbsearch.c Log: - changed the ldb ldif_* functions to be in the ldb_ namespace - added better error reporting in ldbdel - fixed a bug in handling packing of records which contain elements with no values (it caused db corruption) - allow search with dn as target attribute WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/lib/ldbrev=792nolog=1
svn commit: samba r793 - in branches/SAMBA_4_0/source: . librpc/rpc rpc_server/samr
Author: tridge Date: 2004-05-20 13:29:38 + (Thu, 20 May 2004) New Revision: 793 Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c branches/SAMBA_4_0/source/provision.ldif branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c branches/SAMBA_4_0/source/rpc_server/samr/samdb.c Log: - don't make templates members of any class that would make them show up in searches like objectclass=user - auto-add the computer objectclass for computer accounts on create - added two types of password change call in samr server - reset last_fault_code before each dcerpc call WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=793nolog=1
svn commit: samba r794 - trunk/source/rpc_server
Author: jerry Date: 2004-05-20 13:33:08 + (Thu, 20 May 2004) New Revision: 794 Modified: trunk/source/rpc_server/srv_lsa_nt.c Log: removing unused variables WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=794nolog=1
svn commit: samba r795 - branches/SAMBA_3_0/examples/printing
Author: jerry Date: 2004-05-20 13:40:16 + (Thu, 20 May 2004) New Revision: 795 Modified: branches/SAMBA_3_0/examples/printing/smbprint Log: paranoia checks WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=795nolog=1
svn commit: samba r796 - branches/SAMBA_4_0/source/rpc_server/samr
Author: tridge Date: 2004-05-20 13:44:46 + (Thu, 20 May 2004) New Revision: 796 Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c Log: fixed samr_OemChangePasswordUser2() to replace attributes, not add WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=796nolog=1
svn commit: samba r797 - branches/SAMBA_3_0/packaging
Author: jerry Date: 2004-05-20 14:09:30 + (Thu, 20 May 2004) New Revision: 797 Removed: branches/SAMBA_3_0/packaging/Caldera/ branches/SAMBA_3_0/packaging/PHT/ Log: removing empty directories WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=797nolog=1
svn commit: samba r798 - trunk/packaging
Author: jerry Date: 2004-05-20 14:10:16 + (Thu, 20 May 2004) New Revision: 798 Removed: trunk/packaging/Caldera/ trunk/packaging/PHT/ Log: removing empty directories WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=798nolog=1
svn commit: samba r799 - in branches/SAMBA_3_0/source: param smbd
Author: jerry Date: 2004-05-20 16:23:17 + (Thu, 20 May 2004) New Revision: 799 Modified: branches/SAMBA_3_0/source/param/loadparm.c branches/SAMBA_3_0/source/smbd/process.c branches/SAMBA_3_0/source/smbd/service.c Log: BUG 1259 -- add 'printcap cache time' patch from Lars WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/sourcerev=799nolog=1
svn commit: samba r800 - in trunk/source: param smbd
Author: jerry Date: 2004-05-20 16:27:18 + (Thu, 20 May 2004) New Revision: 800 Modified: trunk/source/param/loadparm.c trunk/source/smbd/process.c trunk/source/smbd/service.c Log: BUG 1259 -- add 'printcap cache time' (defaults to 750 seconds) patch from Lars WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/sourcerev=800nolog=1
svn commit: samba-docs r71 - trunk/smbdotconf/printing
Author: jerry Date: 2004-05-20 16:34:25 + (Thu, 20 May 2004) New Revision: 71 Added: trunk/smbdotconf/printing/printcapcachetime.xml Log: adding docs for 'printcap cache time' -- patch from Lars WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/rev=71nolog=1
svn commit: samba-docs r72 - trunk/smbdotconf/misc
Author: jerry Date: 2004-05-20 16:38:09 + (Thu, 20 May 2004) New Revision: 72 Modified: trunk/smbdotconf/misc/kernelchangenotify.xml Log: BUG 1367 -- fix typo WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/rev=72nolog=1
svn commit: samba-web r68 - trunk/docs
Author: jelmer Date: 2004-05-20 16:52:54 + (Thu, 20 May 2004) New Revision: 68 Modified: trunk/docs/index.html Log: Update link to French translation of the HOWTO Collection WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/rev=68nolog=1
svn commit: samba r801 - in branches/SAMBA_3_0/source: passdb rpc_server
Author: jra Date: 2004-05-20 18:28:21 + (Thu, 20 May 2004) New Revision: 801 Modified: branches/SAMBA_3_0/source/passdb/passdb.c branches/SAMBA_3_0/source/passdb/util_sam_sid.c branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c Log: Fix from Jianliang Lu [EMAIL PROTECTED] to return correct group types. Jeremy. WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/sourcerev=801nolog=1
svn commit: samba r802 - in trunk/source: passdb rpc_server
Author: jra Date: 2004-05-20 18:30:09 + (Thu, 20 May 2004) New Revision: 802 Modified: trunk/source/passdb/passdb.c trunk/source/passdb/util_sam_sid.c trunk/source/rpc_server/srv_lsa_nt.c Log: Fix from Jianliang Lu [EMAIL PROTECTED] to return correct group types. Jeremy. WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/sourcerev=802nolog=1
svn commit: samba r803 - branches/SAMBA_4_0/packaging/debian
Author: jelmer Date: 2004-05-20 20:44:53 + (Thu, 20 May 2004) New Revision: 803 Added: branches/SAMBA_4_0/packaging/debian/README.building Log: Add README file about building the debian package WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=803nolog=1
svn commit: samba-docs r74 - in trunk: . xslt
Author: jelmer Date: 2004-05-20 21:04:57 + (Thu, 20 May 2004) New Revision: 74 Modified: trunk/Makefile.in trunk/xslt/expand-sambadoc.xsl trunk/xslt/generate-attributions.xsl Log: Clean up XSL WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/trunkrev=74nolog=1
svn commit: samba r804 - trunk/source/rpc_server
Author: jra Date: 2004-05-21 00:13:08 + (Fri, 21 May 2004) New Revision: 804 Modified: trunk/source/rpc_server/srv_samr_nt.c Log: Fix to stop smbd hanging on missing group member from Jianliang Lu [EMAIL PROTECTED]. Jeremy. WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=804nolog=1
svn commit: samba r805 - branches/SAMBA_3_0/source/rpc_server
Author: jra Date: 2004-05-21 00:13:16 + (Fri, 21 May 2004) New Revision: 805 Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c Log: Fix to stop smbd hanging on missing group member from Jianliang Lu [EMAIL PROTECTED]. Jeremy. WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=805nolog=1