AW: [Samba] Big problem with roaming profiles

2005-09-22 Thread Benjamin.Oeltze
I had the same problem.
We used samba 3.0.14 and upgraded to 3.0.20
After that profile were not loaded anymore. Th problen you are discribing looks 
like Windows is loading the local
copy of your profile and after you deleted it it tries to load the profile from 
samba and fails.
I found out that we had problems with "profile acls = Yes" wich was needed by 
the earlier samba releases.
Disable it (or #) and try again. Be sure to set the fitting access rights to 
the Profiles.
 
 
 



Von: [EMAIL PROTECTED] im Auftrag von [EMAIL PROTECTED]
Gesendet: Do 22.09.2005 16:22
An: samba@lists.samba.org
Betreff: [Samba] Big problem with roaming profiles



Hello everyone!

I'm facing a big problem with the samba server I just set up:

System: FreeBSD 5.4
Samba ver: 3.0.20 (previuosly 3.0.12)
Client(s): Windows XP Professional

I configured the server to make use of roaming profiles. I was able to copy 
local profiles to the server, to login and voila - got my desktop. Also after 
creating a new user, the new profile gets copied to the server, synchronized 
and reloaded after next login.
So far so good.
But when I delete the local copy of the profile (deleting the entire user.dom 
directory) it doesn't get copied back from the server. Instead Windows waits 
für about 10 minutes until I get a new desktop from some default profile, where 
I can't change most settings. No update to the server occurs after logout.
The same happens when I try to login from a different client. No profile gets 
loaded.
The log reveals no problems or errors.
I'm pretty clueless now, since I've read many, many documentations and sample 
configurations.

Below is my smb.conf:


[global]
display charset = ISO-8859-15
dos charset = 850
unix charset = ISO-8859-15
enable privileges = yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
map to guest = Bad User
#   smb passwd file = /etc/samba/smbpasswd
time server = Yes
encrypt passwords = yes
veto files = /*.eml/*.nws/riched20.dll/*.{*}
allow hosts = 128.176.52.0/255.255.255.128 192.168.0.0/24
unix extensions = Yes
netbios name = PDC
server string = Samba Domain Controller
printing = CUPS
path = /var/spool/samba
workgroup = IZKF4
os level = 65
domain master = yes
preferred master = yes
local master = yes
wins support = yes
printcap name = CUPS
cups options = "raw"
use client driver = no
security = user
domain logons = yes
logon script = STARTUP.CMD
logon path = \\%L\profiles\%U
logon drive = P:
hide unreadable = yes
hide dot files = yes

log level = 2
log file = /var/log/samba/log.%m

ldap passwd sync = Yes
passdb backend = ldapsam:ldap://127.0.0.1/

; SAMBA-LDAP declarations
  passdb backend = ldapsam:ldap://127.0.0.1/
  # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
  ldap admin dn = cn=Manager,dc=mydomain,dc=com
  ldap suffix = dc=mydomain,dc=com
  ldap group suffix = ou=Groups
  ldap user suffix = ou=Users
  ldap machine suffix = ou=Computers
# ldap ssl = start_tls

  add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
  add user script = /usr/local/sbin/smbldap-useradd -m "%u"
  ldap delete dn = Yes
  delete user script = /usr/local/sbin/smbldap-userdel "%u"
  add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
  delete group script = /usr/local/sbin/smbldap-groupdel "%g"
  add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" 
"%g"
  delete user from group script = /usr/local/sbin/smbldap-groupmod -x 
"%u" "%g"
  set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" 
"%u"

[W]
   comment = Data
   browsable = yes
   path = /data/drivew
   create mask = 0664
   directory mask = 0775
   public = no
   writable = yes
   printable = no
   write list = @users

[netlogon]
   path = /data/netlogon
   public = no
   writeable = no
   browseable = no

[profiles]
   path=/data/ntprofiles
   browseable = no
   writeable = yes
   guest ok = Yes
   profile acls = Yes
   csc policy = disable
   force user = %U
#   hide files = /desktop.ini/ntuser.ini/NTUSER.*/
#   write list = %U @"Domain Admins"
   valid users = %U @"Domain Admins"
   create mask = 0600
   directory mask = 0700
#   default case = lower
   preserve case = Yes
   case sensitive = no

[homes]
   comment = Home Directories
   valid users = %S
   browseable = No
   read only = No
   create mask = 0640
   directory mask = 0750

[printers]
   comment = All Printers
   path = /var/spool/samba
   printable = Yes
   create mask = 0600
   browseable = No
   public = yes
   writable = No

[print$]
comment = Printer Drivers
path =

Re: [Samba] Password History with Ldap

2005-09-22 Thread Michael Gasch

i have the same problem with "bad password count"
it won't count up, when i enter a invalid password.

i thought i understood something wrong with this parameter.

micha

Ljunghammar, Darryl K wrote:

I am trying to turn on password history using an ldap backend. I can see
the sambaPasswordHistory entry set to all "0"s in Ldap. 


I tried to turn on password history with pdbedit -P "password history"
-C 3 and get back that it was set:

[root]# pdbedit -P "password history" 
account policy value for password history is 3


However, when I try to reset a user password it doesn't store the
history in sambaPasswordHistory. What am I missing here?

I have tried to reset the password from the windows side and the unix
side via smbpasswd. The password reset works but no history.

Thanks,

Darryl



--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] net rpc vampire / Question or Problem?

2005-09-22 Thread Michael Gasch

[EMAIL PROTECTED] wrote:

how big is your domain?
here're over 4000 users and 2000 groups...

not that big :)
1500 ldap users, 300 of them with sambaaccounts
~50 groups

but that doesn't matter. does it?



--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] LDAP howto

2005-09-22 Thread John H Terpstra
On Thursday 22 September 2005 14:21, Gary Dale wrote:
> Not really. I've been to the various Samba-LDAP howtos and there is a
> lot of outdated or irrelevant information in them. Too many sites seem
> to think that you need to know how to compile the sources while others
> don't recognize that we're not running Redhat 9.x. I've yet to find one
> that says "these are the packages you need and here's how they interact
> with one another". Everyone I've found seems to assume that you're
> running the same system the same way they are.
>
> I've been through the Samba 3 book from cover to cover - try doing that
> without ample doses of caffeine! - but there seems to be important
> details missing. There is no howto that really takes you through the
> various steps of setting up Samba and LDAP together and get them
> talking, at least as far as I've found, and at least for Debian.
>
> My last attempt failed, as I recall, because LDAP seemed to asking for
> an encrypted connection.

Please let me know what fails for you in chapter 5 of the book "Samba-3 by 
Example" - I'd love to fix it with your assistance.

- John T.

>
> Nathan Vidican wrote:
> >The samba how-to's a good place to start, however... if you're just
> > looking to learn and understand things better, then I'd suggest a
> > read-through on the OpenLDAP.org site as well. Hate to puch you away with
> > a 'RTFM' reply... but it is kinda what you were asking for.
> >
> >On Thursday 22 September 2005 14:16, Gary Dale wrote:
> >>Does anyone know of a good Samba-LDAP howto for Debian (Sarge) systems?
> >>I probably don't need it for my home network, but I'd like to learn how
> >>to do it anyway. My previous attempts to get it working have failed. :(
> >
> >--
> >Nathan Vidican
> >[EMAIL PROTECTED]
> >Windsor Match Plate & Tool Ltd.
> >http://www.wmptl.com/

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] root login using /etc/shadow bypassing winbind / ADS security

2005-09-22 Thread Bruce Speidel
I'm wondering if anyone has tried use local Solaris NSS files for
root-only login VIA the console or ssh - effectively bypassing
domain security to the PDC using ADS - Windows 2003 AD?

I am not having a problem logging as the non-admin user.
I wish to login to the root account that would not be part
of the ADS domain security eventually over an ssh connection
or directly to /dev/console via a serial link.  SSH - next step
after this issue is solved!

My /opt/samba/smb.conf on Solaris 9 file looks like:

[global]
workgroup = ADTEST
realm = ADTEST.AD.LAB
server string = %h server (Samba %v)
security = ADS
update encrypted = Yes
username map = /etc/samba/smbusers
log level = 10
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
preferred master = No
local master = No
domain master = No
dns proxy = No
ldap ssl = no
idmap uid = 500-1
idmap gid = 500-1
template shell = /bin/bash
winbind cache time = 10
winbind use default domain = Yes
winbind trusted domains only = Yes
winbind nested groups = Yes

[homes]
valid users = %S
read only = No
browseable = No

/etc/nsswitch.conf:

passwd: files winbind
group:  files winbind
hosts:  files dns winbind
ipnodes:files
networks:   files
protocols:  files
rpc:files
ethers: files
netmasks:   files
bootparams: files
publickey:  files
# At present there isn't a 'files' backend for netgroup;  the system
will
#   figure it out pretty quickly, and won't use netgroups at all.
netgroup:   files
automount:  files
aliases:files
services:   files
sendmailvars:   files
printers:   user files

auth_attr:  files
prof_attr:  files
project:files

/etc/pam.conf:

#
#ident  "@(#)pam.conf   1.2002/01/23 SMI"
#
# Copyright 1996-2002 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# PAM configuration
#
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
#
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login   auth required   /usr/lib/security/pam_winbind.so
try_first_pass
login   auth requisite  pam_authtok_get.so.1
login   auth required   pam_dhkeys.so.1
login   auth required   pam_unix_auth.so.1 try_first_pass
login   auth required   pam_dial_auth.so.1 try_first_pass
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin  auth sufficient /usr/lib/security/pam_winbind.so
try_first_pass
rlogin  auth sufficient pam_rhosts_auth.so.1
rlogin  auth requisite  pam_authtok_get.so.1
rlogin  auth required   pam_dhkeys.so.1
rlogin  auth required   pam_unix_auth.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1
other   auth sufficient /usr/lib/security/pam_winbind.so
try_first_pass
rsh auth required   pam_unix_auth.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite  pam_authtok_get.so.1
ppp auth required   pam_dhkeys.so.1
ppp auth required   pam_unix_auth.so.1
ppp auth required   pam_dial_auth.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authenctication

#
other   auth sufficient /usr/lib/security/pam_winbind.so
try_first_pass
other   auth requisite  pam_authtok_get.so.1
other   auth required   pam_dhkeys.so.1
other   auth required   pam_unix_auth.so.1 try_first_pass
#
# passwd command (explicit because of a different authentication module)

#
passwd  auth required   pam_passwd_auth.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cronaccount requiredpam_projects.so.1
cronaccount requiredpam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account
management
#
other   account requisite   pam_roles.so.1
other   account requiredpam_projects.so.1
other   account requiredpam_unix_account.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session
management
#
other   session requiredpam_unix_session.so.1
#
# Default definition for  Password management
# Used when service name is not explicitly mentioned for password
management
#
other   password required   pam_dhkeys.so.1
other   password requisite  pam_authtok_get.so.1
other   pa

Re: [Samba] Windows Vista Setup

2005-09-22 Thread Andrew Bartlett
On Fri, 2005-09-23 at 09:07 +0800, Leon Brooks wrote:
> On Friday 23 September 2005 06:33, Andrew Bartlett wrote:
> > On Tue, 2005-09-20 at 10:49 +0200, [EMAIL PROTECTED] wrote:
> >> I am currently running a Gentoo with a 2.4 Kernel and Samba 3.0.20.
> >> More exactly I did emerge the net-fs/samba-3.0.20-rc1 package.
> >> Still I cant get Windows Vista to connect to the samba-server. I
> >> did some googling but didnt find anything usefull. Can anyone help?
> >> Do I have to setup a ADS with samba?
> 
> > Samba 3.0.21 will contain the fix, as does current SVN.  I didn't see
> > it in the list for 3.0.20a, sorry.

It looks like my fix made it in, I just missed the merge.  

> Ah, the ritual breaking of existing software with every major release. 
> Can't just dump an old tradition, y'know? Imagine what that would do to 
> revenues.

:-)

But in all seriousness, Samba3 just didn't implement this area correctly
and as such was more delicate than I would have preferred.  In Samba4 I
have reworked this area extensively, so hopefully we won't get caught on
the hop as much in future.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.http://suse.de
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows Vista Setup

2005-09-22 Thread Leon Brooks
On Friday 23 September 2005 06:33, Andrew Bartlett wrote:
> On Tue, 2005-09-20 at 10:49 +0200, [EMAIL PROTECTED] wrote:
>> I am currently running a Gentoo with a 2.4 Kernel and Samba 3.0.20.
>> More exactly I did emerge the net-fs/samba-3.0.20-rc1 package.
>> Still I cant get Windows Vista to connect to the samba-server. I
>> did some googling but didnt find anything usefull. Can anyone help?
>> Do I have to setup a ADS with samba?

> Samba 3.0.21 will contain the fix, as does current SVN.  I didn't see
> it in the list for 3.0.20a, sorry.

Ah, the ritual breaking of existing software with every major release. 
Can't just dump an old tradition, y'know? Imagine what that would do to 
revenues.

Cheers; Leon

--
http://cyberknights.com.au/ Modern tools; traditional dedication
http://plug.linux.org.au/   Member, Perth Linux User Group
http://slpwa.asn.au/Member, Linux Professionals WA
http://osia.net.au/ Member, Open Source Industry Australia
http://linux.org.au/Member, Linux Australia
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] 2 samba servers on different subnets

2005-09-22 Thread Andreas Schlager

Paul Littlefield schrieb:

Hi All
[...]
I have just set up Network #2 and would now like to give these clients access 
to the file share on Network #1 (via the Tinc VPN)... AND... still keep a 
local PDC with roaming profiles.


NETWORK #1
Range: 192.168.0.0/24
Tinc/Samba PDC Server: 192.168.0.200
Workgroup: ABCLTDGROUP

NETWORK #2
Range: 192.168.50.0/24
Tinc/Samba PDC Server: 192.168.50.200
Workgroup: ABCLTDGROUP
[...]


Hi Paully,

as I can see of your descr. you should do the following:
- change the workgroup on NETWORK #2 to something else (f.e. BBCLTDGROUP)
- Install Trust Relationship between the two PDC's as described in the 
samba HOWTO's.

- Use WINS so that the clients can see the remote side.

IMHO this should work.

-Andy.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] XP Pro password change problem

2005-09-22 Thread Gary Dale

Jeremy Allison wrote:


On Thu, Sep 22, 2005 at 11:35:49AM -0400, Gary Dale wrote:
 


Further to my e-mails below:

I am running Samba 3.0.14a-Debian.

My garydale account owns all the directories I am sharing. The group is 
set to "users" for all of them also. All of the user's linux accounts 
are members of the Linux "users" group.


However, I suspect the root of the problem is to be found in my 
inability to change passwords through XP Pro.
   



Ok, I'm confused. Are you having problems changing user passwords
(CTRL-ALT-DEL) which we had a reply bug that was fixed for 3.0.20
(the password was getting changed but we were not returning success)
or is this file permission related ?

Jeremy.

 

This cannot be the bug you are referring because my passwords are not 
being changed. It is not that passwords are being changed but not 
reported correctly. The next time I log in, I must use the old password 
still. The new one doesn't work. I eventually have to use SWAT to change it.


There is a problem with file permissions in that I am the only one who 
seems to have write access. However, I suspect that the root of both 
problems lies in whatever is preventing passwords from being changed 
from XP.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Password expires

2005-09-22 Thread Gary Dale

Michael Croy wrote:


I have RedHat 9.0 and am having the same problem with password
expiration.  I cannot find the file account_policy.tdb.  Into what file
does the NT_TIME_MAX setting get put?



Thanks,

Michael C



 


Try using pdbedit.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] winbind joins with domain name , not netbios name

2005-09-22 Thread Turki Al-Ibrahim
Hi,

I am having a problem with Winbind:

First, some information ..
Domain name :TESTDOM
PDC's Netbios name : ubuntu
Samba version : 3.0.20 (lateset patches installed) with LDAP backend.
Linux : Ubuntu 2.6.10

Samba is running smoothly, with no problems.

I want to use Winbin, so I followed Samba HowTo - chapter 23
http://us5.samba.org/samba/docs/man/Samba3-HOWTO/winbind.html#id2634776

I wanted to configure winbind to use the domain installed in the same
server, so I joined using this command :
net join -U administrator

It says Joined Domain TESTDOM , and a machine account is created in LDAP
with the following attributes :

 dn: uid=ubuntu$,ou=Computers,dc=testdom,dc=com
> objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount
> cn: ubuntu$
> sn: ubuntu$
> uid: ubuntu$
> uidNumber: 1006
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> sambaSID: S-1-5-21-649663798-2503265242-3544459435-3012
> sambaPrimaryGroupSID: S-1-5-21-649663798-2503265242-3544459435-2031
> displayName: Computer
> sambaPwdCanChange: 1127424362
> sambaPwdMustChange: 2147483647
> sambaLMPassword: F6612BB25EF49A45DBF571ADD3E3B73E
> sambaNTPassword: 3EFFA0C5FF16761A846B9B24192F5955
> sambaPwdLastSet: 1127424362
> sambaAcctFlags: [S ]
>

Then , I start Winbind.

Here is the output of Winbind -u , -g & -t

[EMAIL PROTECTED]:/var/www/samba-doc/htmldocs # wbinfo -u
Error looking up domain users

[EMAIL PROTECTED]:/var/www/samba-doc/htmldocs # wbinfo -g
 BUILTIN\Print Operators
BUILTIN\Backup Operators
BUILTIN\Replicators

[EMAIL PROTECTED]:/var/www/samba-doc/htmldocs # wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc022)
Could not check secret


When I run wbingo -t (to check secret), smbd logs :
 ldapsam_getsampwnam: Unable to locate user [TESTDOM$] count=0
[2005/09/23 00:34:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2005/09/23 00:34:56, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
get_md4pw: Workstation TESTDOM$: no account in domain


The machine account it is searching is TESTDOM$ , which is the domain name ,
not the netbios name.
Is this normal ? It should join with the netbios name of the PDC.

I tried to create a machine trust account (smbldap-useradd -w) , didn't
work.

Can any body help me with this one ?

Thanks & Regards.

Here's smb.conf :
[global]
workgroup = TESTDOM
netbios name = ubuntu
syslog = 0
log level = 4
name resolve order = wins bcast hosts
printcap name = CUPS
show add printer wizard = No

add user script = /usr/sbin/smbldap-useradd -a -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u'
'%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'

domain logons = Yes
domain master = yes
wins support = yes
printing = CUPS

ldap passwd sync = Yes
ldap admin dn = cn=Manager,dc=testdom,dc=com
passdb backend = ldapsam:"ldap://127.0.0.1/";
ldap delete dn = yes
ldap suffix = dc=testdom,dc=com
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://localhost

time server = yes
logon path =
logon home =
idmap uid = 15000-2
idmap gid = 15000-2
template shell = /bin/bash
security = user
winbind use default domain = yes

[homes]
comment = Home Directories
valid users = %S
writeable = yes
browseable = No
[netlogon]
comment = Network Logon Service
path = /samba/netlogon
browseable = no
guest ok = yes


--
Turki M. Al-Ibrahim
turkim (at) gmail.com 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] ntlm_auth multiple domain authentication

2005-09-22 Thread Andrew Bartlett
On Tue, 2005-09-20 at 09:22 -0500, Jamie Crawford wrote:
> Hi,
> I'm using ntlm_auth to authenticate users in freeradius.  My samba server 
> is joined to DOMAINA.  When I run ntlm_auth --username=domainauser everything 
> works great. When I run ntlm_auth --username=domainbuser it fails because the 
> user does not exist in domaina which the server is joined to.  

> If I run ntlm_auth --username=domainbuser --domain=domainb it works great.  
> I was wanting to do ntlm_auth --domain=domaina --domain=domainb 
> --username=domainbuser,  it works only because the second domain variable 
> is domainb. If I were to use a domainauser, it would fail.
> Any ideas???

It isn't the role of ntlm_auth to 'search' for users, it expects to be
told exactly what to return yes or no for.  What if you had the same
user in both domains?  (Administrator comes to mind).  

In the windows world, the domain is always specified, so this doesn't
come up as much.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.http://suse.de
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows Vista Setup

2005-09-22 Thread Andrew Bartlett
On Tue, 2005-09-20 at 10:49 +0200, [EMAIL PROTECTED] wrote:
> Hi,
> 
> I am currently running a Gentoo with a 2.4 Kernel and Samba 3.0.20. More
> exactly I did emerge the net-fs/samba-3.0.20-rc1 package. Still I cant get
> Windows Vista to connect to the samba-server. I did some googling but
> didnt find anything usefull. Can anyone help? Do I have to setup a ADS
> with samba?

Samba 3.0.21 will contain the fix, as does current SVN.  I didn't see it
in the list for 3.0.20a, sorry.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.http://suse.de
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] UTMP duplicated entries

2005-09-22 Thread Andrew Bartlett
On Wed, 2005-09-21 at 16:38 -0300, Fabiano Caixeta Duarte wrote:
> On Wed, 21 Sep 2005, Kaplan, Marc wrote:
> 
> > Windows does allow duplicate sessions actually. If you net use *
> > \\hostname\share and then net use \\ipaddress\share for the same server
> > you will get two connections to the same server on your client (you can
> > even use different users). Is it possible that this is what some users
> > are doing?
> 
> Yeah! Sorry! I am talking about login sessions. Does samba logs on utmp 
> all kind of sessions or just login sessions?

It logs file-share connections, as it doesn't really have the info for
client-side login sessions.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.http://suse.de
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Name mangling problem

2005-09-22 Thread Jeremy Allison
On Thu, Sep 22, 2005 at 02:51:20PM -0700, Shawn Wright wrote:
> We have a few applications which are still 16bit (running on 
> Win2k clients), and since moving some user data from NT4 to 
> Samba, users have encountered the unpredictable filename 
> mangling issue, where "New Folder" appears as " 
> NUJRHW~7". Users use 8.3 filenames when working in these 
> programs, but often have folders with long filenames that are 
> now unrecognizable.
> 
> Is there any workaround for this, aside from renaming all the 
> folders?

You can use the old name-mangling scheme by setting :

"mangling method = hash"

(the default is hash2). This uses more characters of
the original filename at the expense of greater name
collision problems.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Name mangling problem

2005-09-22 Thread Shawn Wright
We have a few applications which are still 16bit (running on 
Win2k clients), and since moving some user data from NT4 to 
Samba, users have encountered the unpredictable filename 
mangling issue, where "New Folder" appears as " 
NUJRHW~7". Users use 8.3 filenames when working in these 
programs, but often have folders with long filenames that are 
now unrecognizable.

Is there any workaround for this, aside from renaming all the 
folders?


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Shawn Wright, I.T. Manager
Shawnigan Lake School
http://www.sls.bc.ca
[EMAIL PROTECTED]


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Problem migrating printer and driver form one samba share to another

2005-09-22 Thread asadhnan
Hi,
 
I am using Samba 3.20 and trying out the following command to migrate
testPrinter form bd-s4 to bd-s1, but I am getting the following errors:
 
debugshell# net rpc printer MIGRATE PRINTERS testPrinter -U admin%pass
-p 50139 -S bd-s4 --destination=bd-s1
migrating printer queue for:[\\bd-s4\testPrinter] / [testPrinter]
cannot open printer \\bd-s1\testPrinter on server \\bd-s1:
WERR_INVALID_PRINTER_NAME
cannot get printer-info: WERR_GENERAL_FAILURE
could not get printer, creating printer.
creating printer: \\bd-s4\testPrinter
could not create printer
debugshell#
 
admin is a user that has access to both the samba shares \\bd-s1 and
\\bd-s4
 
Thanks in advance.
Any help will be appreciated!
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Password expires

2005-09-22 Thread Michael Croy
I have RedHat 9.0 and am having the same problem with password
expiration.  I cannot find the file account_policy.tdb.  Into what file
does the NT_TIME_MAX setting get put?

 

Thanks,

Michael C

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Error message when mapping drive

2005-09-22 Thread John Maher
When I try to map a Linux file system to a windows 2000 machine, I get the
following error message with one user ONLY.  The account is for a printer
which does scanning.

 

Samba server is Suse Linux Pro 9.0
Samba version 3.0

Smb.conf file
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2005-05-23
[global]
   workgroup = wrkgrp
   password server = xxx.xxx.xxx.xxx
   hosts allow = xxx.xxx.xxx.xxx
   printing = cups
   printcap name = cups
   log file = /var/log/samba.log.%m
   username map = /etc/samba/usermap.txt
   printcap cache time = 750
   cups options = raw
   printer admin = @ntadmin, root, administrator
   map to guest = Bad User
   include = /etc/samba/dhcp.conf
   logon path = \\%L\profiles\.msprofile
   logon home = \\%L\%U\.9xprofile
   logon drive = P:
   security = server   
   #security = domain
   encrypt passwords = yes
   ldap suffix = dc=example,dc=com
   domain logons = no
   ldap idmap suffix = ou=Idmap
   ldap machine suffix = ou=Computers
   local master = no
   #local master = yes  Chnaged 9/22/05 in AM
   #passdb backend = smbpasswd:/etc/passwd
   wins server = xxx.xxx.xxx.xx
   wins support = no
   add machine script = 
   preferred master = auto
   [homes]
   comment = Home Directories
   valid users = %S
   browseable = no
   read only = No
   inherit acls = Yes
   guest ok = no
   printable = no
;; [groups]
;;   comment = All groups
;;   path = /home/groups
;;   read only = No
;;   inherit acls = Yes
;;   browseable = yes
;;   guest ok = no
;;   printable = no
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/drivers
   write list = @ntadmin root
   force group = ntadmin
   create mask = 0664
   directory mask = 0775
   browseable = yes
   guest ok = no
   printable = no
[business]
   comment = Data Storage location
   path = /storage/Georgia
   writeable = yes
   browseable = yes
   guest ok = no
   printable = no
   directory mask = 777
   valid users = users
[scans]
   comment = scans
   path = /storage/scans/
   writeable = yes
   browseable = yes
   guest ok = no
   printable = no
   valid users = users
[mailbox]
   comment = Company Mail
   path = /storage/Mailbox/
   writeable = yes
   browseable = yes
   guest ok = no
   printable = no
[profiles]
   comment = profiles
   path = /var/tmp
   printable = yes
   browseable = yes
   guest ok = no

All OTHER users can map this file system and other file systems as well,
without a problem.  Any help appreciated.  More info suppled upon request.

Thanks





John J. Maher
Systems Administrator
Anabase International Corp.
154 Lambertville / HQ Rd.
Stockton, NJ 08559
(P) 609-397-4287, ext. 14
(F) 609-397-4178

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with starting smbd and nmbd

2005-09-22 Thread Victor Rauls
I need to change the server and master name on the node.  How is that done.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba PDC (3.0.14a) with LDAP cannot add machines

2005-09-22 Thread Jan Evert van Grootheest


Eduard Witteveen wrote:

Jan Evert van Grootheest wrote:


I am setting up a Samba PDC which uses LDAP for account information.
 
It is a debian installation with samba 3.0.14a and slapd 2.2.23 (I'm 
also using ldap-account-manager, but I don't think that has anything 
to do with this).
 


If've found it.
I came across this page at http://www.unav.es/cti/ldap-smb-howto.html 
where an administrator keeps his findings (I used the link for samba 
3/head/samba 4).
One of the things it mentions is that an administrator account is needed 
which has uidNumber 0 for unix.
That caused a smbd to be created with uid 0 which passed the test that 
was failing.


I also set the digital signing of the channel in w2k, but I'm not sure 
whether that's still required (my samba is somewhat newer than the one 
he used).


So... the bug can be closed.
Or can it???

Why is it necessary to have an administrator for samba that has uid 0? 
As long as the administrator has enough rights, according to the LDAP 
database, I don't think there's a reason to it.
There's probably another bug in the database that is about this, now I 
just need to find it and then it'll become a duplicate.


Thanks,
Jan EVert
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] STATUS_BUFFER_OVERFLOW

2005-09-22 Thread Bryant, Phillip -AES

FC4 with Samba 3.20
Win 2003 AD Domain, no SP1 yet

wbinfo --authenticate=dom+domtest%password yields the following

could not open handle to NETLOGON pipe (error: STATUS_BUFFER_OVERFLOW)
NTLM CRAP authentication for user [dom]\[domtest] returned 
STATUS_BUFFER_OVERFLOW (PAM: 4)
challenge/response password authentication failed
Could not authenticate user dom+domtest with challenge/response

from running winbindd -i -d3 logging

my smb.conf is as follows:

[global]
workgroup = DOM
realm = DOM.MYDOMAIN.COM
server string = Samba Server
security = ADS
allow trusted domains = No
password server = dc.dom.mydomain.com
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
os level = 30
preferred master = No
local master = No
domain master = No
browse list = No
dns proxy = No
wins server = 192.168.1.20
ldap ssl = no
idmap backend = idmap_rid:DOM=1-1
idmap uid = 1-1
idmap gid = 1-1
template shell = /bin/bash
winbind separator = +
winbind nested groups = Yes
cups options = raw

I've tried playing with the authentication options so that only NTLMv2 was sent 
as I'm pretty sure only NTLM and NTLMv2 are accepted by our DCs. But changing 
those from the defaults in smb.conf have never made a difference in how wbinfo 
sends password information out.

my system-auth file

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired  /lib/security/$ISA/pam_env.so
authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok
authsufficient/lib/security/$ISA/pam_winbind.so use_first_pass
authrequired  /lib/security/$ISA/pam_deny.so

account required  /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient/lib/security/$ISA/pam_localuser.so
account sufficient/lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore] 
/lib/security/$ISA/pam_winbind.so
account required  /lib/security/$ISA/pam_permit.so

passwordrequisite /lib/security/$ISA/pam_cracklib.so retry=3
passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
passwordsufficient/lib/security/$ISA/pam_winbind.so use_authtok
passwordrequired  /lib/security/$ISA/pam_deny.so

session required  /lib/security/$ISA/pam_limits.so
session required  /lib/security/$ISA/pam_unix.so

wbinfo -u/-g and getent passwd/group all spit out the information as intended, 
only the authentication right now is giving me fits.

The end goal is to unify my logons to AD alone vs. having some on NIS and the 
rest on AD.

A text logon yields the following:

[0]: getpwnam dom+domtest
[ 2371]: lookupname DOM+domtest
[ 2371]: lookupsid S-1-5-21-963995414-1895067062-1845911597-4472
[0]: getpwnam dom+domtest
[ 2371]: lookupname DOM+domtest
[ 2371]: lookupsid S-1-5-21-963995414-1895067062-1845911597-4472
[0]: request interface version
[0]: request location of privileged pipe
[0]: pam auth dom+domtest
[ 2371]: pam auth dom+domtest
could not open handle to NETLOGON pipe
Plain-text authentication for user dom+domtest returned STATUS_BUFFER_OVERFLOW 
(PAM: 4)

and /var/log/messages

Sep 22 14:55:59 abq-fc4workstation pam_winbind[4900]: request failed, but PAM 
error 0!
Sep 22 14:55:59 abq-fc4workstation pam_winbind[4900]: internal module error 
(retval = 3, user = `dom+domtest')
Sep 22 14:56:02 abq-fc4workstation login[4900]: FAILED LOGIN 1 FROM (null) FOR 
dom+domtest, Authentication failure

As far as a server the configuration works as it is supposed to, but I'm not 
able to get it to act as a full client due to this authentication problem.

Phil Bryant
Systems Administrator
ITT Industries, AES
RHCT
MCSE 2000
MCP+I


This e-mail and any files transmitted with it are proprietary and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this e-mail in error please notify the sender. Please note 
that any views or opinions presented in this e-mail are solely those of the 
author and do not necessarily represent those of ITT Industries, Inc. The 
recipient should check this e-mail and any attachments for the presence of 
viruses. ITT Industries accepts no liability for any damage caused by any virus 
transmitted by this e-mail.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] XP Pro password change problem

2005-09-22 Thread Jeremy Allison
On Thu, Sep 22, 2005 at 11:35:49AM -0400, Gary Dale wrote:
> Further to my e-mails below:
> 
> I am running Samba 3.0.14a-Debian.
> 
> My garydale account owns all the directories I am sharing. The group is 
> set to "users" for all of them also. All of the user's linux accounts 
> are members of the Linux "users" group.
> 
> However, I suspect the root of the problem is to be found in my 
> inability to change passwords through XP Pro.

Ok, I'm confused. Are you having problems changing user passwords
(CTRL-ALT-DEL) which we had a reply bug that was fixed for 3.0.20
(the password was getting changed but we were not returning success)
or is this file permission related ?

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba with Mysql, compilation problem.

2005-09-22 Thread MARTIN Pierre

Hello everybody,
For those who have followed the mysql plugin compilation problem, here 
are some new information:
I have tryed everything to make it work from the debian sources, not 
successfully.
So i have downloaded the TGZ sources from samba.org (version is 3.0.20). 
I have started the basic ./configure
script with params --with-expsam=xml,mysql 
--with-mysql-prefix=/usr/include/mysql/
It worked so i started to make the compilation. It also have compiled 
successfully. But as usual with the debian source version, it did not 
compile any pdb_mysql.so. The only thing i get is a mysql.so lib, but it 
cant be loaded as a plugin...


Any idea is really welcome, since i begin to lose the faith :)
Bye bye and thank you all!
Pierre

P.S.: Here is the end of the compilation process:
Compiling modules/vfs_recycle.c with -fPIC
Building plugin bin/recycle.so
Compiling modules/vfs_audit.c with -fPIC
Building plugin bin/audit.so
Compiling modules/vfs_extd_audit.c with -fPIC
Building plugin bin/extd_audit.so
Compiling modules/vfs_full_audit.c with -fPIC
Building plugin bin/full_audit.so
Compiling modules/vfs_netatalk.c with -fPIC
Building plugin bin/netatalk.so
Compiling modules/vfs_fake_perms.c with -fPIC
Building plugin bin/fake_perms.so
Compiling modules/vfs_default_quota.c with -fPIC
Building plugin bin/default_quota.so
Compiling modules/vfs_readonly.c with -fPIC
Compiling modules/getdate.c with -fPIC
Building plugin bin/readonly.so
Compiling modules/vfs_cap.c with -fPIC
Building plugin bin/cap.so
Compiling modules/vfs_expand_msdfs.c with -fPIC
Building plugin bin/expand_msdfs.so
Compiling modules/vfs_shadow_copy.c with -fPIC
Building plugin bin/shadow_copy.so
Compiling passdb/pdb_xml.c with -fPIC
Building plugin bin/xml.so
Compiling passdb/pdb_mysql.c with -fPIC
Building plugin bin/mysql.so
Compiling modules/CP850.c with -fPIC
Building plugin bin/CP850.so
Compiling modules/CP437.c with -fPIC
Building plugin bin/CP437.so


(C)ollen wrote:


hmm.. try

./configure --with-expsam=mysql --with-shared-modules=pdb_mysql

mysql lib's in the: /usr/lib/mysql (symlink will do)
mysql headers in the: /usr/include/mysql (symlink will do)

you can compile the mysql_backend into samba so there isn't an 
external module !


your problem is that samba can't find the header files from mysql (.h)
I think that the guy's from debian left the mysql backend out,
coz' it's somewhat experimental, and lackes support..
never the less, it works, and we have it up and running for almost 
2years now!!


have fun

Collen Blijenberg (MLHJ)

MARTIN Pierre wrote:

First i would like to say hello to everybody here, because i am new 
to this ML.


So here is the description of my problem:
I began with a clean samba installation from the stable branch few 
monthes ago, everything was just fine, i have a linux box which was 
sharing files for another linux workstation and two WinXP laptops. 
The sharing linux box is a debian stable branch O/S, which is my 
choice for a long time now.


Few weeks ago, i decided to make my sparkling samba installation 
virtual-users aware, and i began to crawl on various websites, all 
explaining the smb.conf parametters to give. I figured out that i was 
just not able to make it run because of a main problem, the apt-get 
samba gave me a non mysql-powered-samba version :(


So i removed the samba package from the computer, and dowloaded the 
debian source of it. Basic source, untared, and had a look to the 
debian/rule file. I saw there was any parametters given about mysql 
building, so i also had a look at the configure script's options. It 
always compiles the brand new warm .deb packages (after i fixed some 
lacky dependencies, i had to make a fake mysql-common package by 
myselve, because i already had mysql installed from sources and did 
not want to install the deb package, etc...). I'm now totally lost, i 
have try everything and i can't get this pdb_mysql.so "plugin" ready :(


So maybe i have miss something, maybe there is another way to make it 
as i wish to be, maybe there is a simple way to indirectly link samba 
to mysql with pam (I don't know PAM rules at all, i neither don't 
know how it works).


It has been 4 days i'm looking for a solution, mailing random people 
i find on websites, no answers from them.


Please if somebody has any clue, let me know a link, a sound, a 
color, anything to find a way to make it work...

Anything to make it work from the stable .deb packages appreciated too.

Thank you a lot!

Pierre.

P.S.: Here is the current configure parametters i use extracted from 
my rule file:
   --cache-file=./config.cache --with-fhs --enable-shared 
--enable-static --prefix=/usr --sysconfdir=/etc --libdir=/etc/samba 
--with-privatedir=/etc/samba --with-piddir=/var/run/samba 
--localstatedir=/var --with-netatalk --with-pam --with-syslog 
--with-utmp --with-readline --with-pam_smbpass --with-libsmbclient 
--with-winbind --with-msdfs --with-automount --with-tdbsam 
--with-ldap --w

Re: [Samba] auth problem

2005-09-22 Thread Ric Tibbetts




There is a terribly good howto:

http://www.idealx.org/prj/samba/smbldap-howto.en.html



Thank you!
That helped, I'm closer.
I left out one line from my smb.conf
I found it from digging through that how-to.

password server = 

With that in, it now picks up the users from LDAP, which is exactly 
what I was after!
Now I just need to work out a performance issue. getting the IDs from 
LDAP is SLOW

It works, just as I wanted it to. It's just slow.


-Ric


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] LDAP howto

2005-09-22 Thread Gary Dale

Not really. I've been to the various Samba-LDAP howtos and there is a
lot of outdated or irrelevant information in them. Too many sites seem
to think that you need to know how to compile the sources while others
don't recognize that we're not running Redhat 9.x. I've yet to find one
that says "these are the packages you need and here's how they interact
with one another". Everyone I've found seems to assume that you're
running the same system the same way they are.

I've been through the Samba 3 book from cover to cover - try doing that
without ample doses of caffeine! - but there seems to be important
details missing. There is no howto that really takes you through the
various steps of setting up Samba and LDAP together and get them
talking, at least as far as I've found, and at least for Debian.

My last attempt failed, as I recall, because LDAP seemed to asking for
an encrypted connection.


Nathan Vidican wrote:

The samba how-to's a good place to start, however... if you're just looking to 
learn and understand things better, then I'd suggest a read-through on the 
OpenLDAP.org site as well. Hate to puch you away with a 'RTFM' reply... but 
it is kinda what you were asking for.


On Thursday 22 September 2005 14:16, Gary Dale wrote:
 


Does anyone know of a good Samba-LDAP howto for Debian (Sarge) systems?
I probably don't need it for my home network, but I'd like to learn how
to do it anyway. My previous attempts to get it working have failed. :(
   



--
Nathan Vidican
[EMAIL PROTECTED]
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/

 




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] get quota command

2005-09-22 Thread rick

I found the answer to my own question in a round about sort of way..
My NFS server is Solaris w/UFS - thus no group quota support.   It
seems when samba queries for user quotas and group quotas, it gets
unhappy when no group quota is returned, so the quotas are thrown
out and the windows boxes see the entire volume's free, used and
capacity.   To fix this I set the two options in my conf file:
   vfs objects = default_quota:quotasettings
   quotasettings: gid = 65534

Rick Brown wrote:
> I've discovered that if I make a share from a local filesystem, 
> the PC's mounting the share see their quota (hard limit, not 
> soft which is another matter) as their capacity and their
> appropriate free space... this is good. 

I found in the source that the hard limit is used instead of the
soft limit if the user is over quota.

> When I share ouf the NFS mounted volume, the PC's see the entire
> volume size and free space.   Not so good.   Okay fine, so I 
> wrote a little cheesy script to run run quota and report back and
> defined it as "get quota command = myscript" in smb.conf. 
> This works great...   mostly.I wasn't seeing the values I 
> expected to see, so I started dumping the arguments samba was
> passing to my scipt.   I expected 3 fields: Path, type of query, and
> user/group ID.something like:
> "." 1 32849   (user quota)
> "." 3 1178(group quota) 
> 
> instead, I'm seeing samba pass:
> "." 2 32849   (default user quota)
> "." 4 1178(default group quota)
> 
> Why is samba asking for the default user and group quotas instead of 
> the actual user and group quotas?  From the documentation I would
> have expected that if field 2 was a 2 or 4, then the uid/gid would be
> -1.   How can I make samba request the actual user and group's quota
> instead of the defaults?

And since I didn't easily find any examples of a "get quota command"
I'll share my super-cheesy script which totally ignores the values
passed to it by samba.  It's not pretty, but it works. 

#!/bin/ksh
PATH=/usr/bin:/usr/sbin:/bin
IAM=`id -un`
# find the user's home file system.
DIR=`ypmatch $IAM passwd | awk -F: '{print $6}' | cut -f 2 -d "/"`
#check and see if they're over quota, as it will affect output
OVER=`quota -F rpc -v $IAM | grep $DIR | wc -w`
#OVER=`quota -f rpc -v $IAM | grep $DIR | egrep -i "expired|days"
#if [ $? -ne 0]; then

# over quota
if [ $OVER -gt 7 ]; then
RET=`quota -v $IAM | grep ${DIR} | awk -F" " '{print "2 "$2"
"$3" "$4" "$7" "$8" "$9}'`
else
# not over quota
RET=`quota -v $IAM | grep ${DIR} | awk -F" " '{print "2 "$2"
"$3" "$4" "$5" "$6" "$7}'`
fi
# linux "quota" puts a * after the used blocks if the user is over quota
STRIPPED=`echo $RET | sed 's/*/ /g'`
echo $STRIPPED


-- 
[ Rick Brown   ][  (404) 894-6175   ]
[ Office of Information Technology ][[EMAIL PROTECTED]  ]
[ Georgia Institute of Technology  ][  258 4th street. Atlanta, GA  ]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] auth problem

2005-09-22 Thread Greg Folkert
On Thu, 2005-09-22 at 09:43 -0600, Ric Tibbetts wrote:
> Okay, I'll keep asking questions, until I word one in a way that 
> someone will answer. :)
> 
> i'm trying to get Samba setup. I've done this before, and it has 
> never given me this much trouble.
> In short, it seems to be insisting that the user be in smbpasswd 
> (I've not experienced this before).
> 
> If the user is in smbpasswd, all seems well. If not, even though they 
> exist on the server (via ldap + kerberos), I get a user not found error.
> On the last set of servers I did this on, even ones who authenticate 
> via ldap, I never did anything special to samba to get it to work. 
> But I've not been so lucky this time.
> 
> The setup:
> 
> Server: IBM AIX 5.2
> Samba 3.0.14a
> 
> Authentication: LDAP
> Security:  Kerberos
> 
> The user entry in /etc/security/user:
>  
> SYSTEM = "KRB5files"
> 
> smb.conf (in a simple form)
> 
>[global]
>  workgroup = WIN
>  log level = 5 auth
>  log file = /var/log/samba/%m.log
>  username map = /usr/local/samba/lib/smbusers
> 
> [Homes]
>  comment = User home directories
>  guest ok = no
>  read only = No
> 
> I need the username map because the user names do not match between 
> the windows clients & the samba server. So I need to map the translation.
> 
> 
> When I try to access the system, I get an unknown user error.
> 
> The ONLY thing I need samba to do is provide shares (not shown above) 
> to windows users. Nothing else.
> If, I add a user to samba with smbpasswd . then the users can 
> access the shares. If not, they can't.
> I also, in the past have not had a server prompt me for passwords to 
> access shares.
> I'm missing something really obvious.
> I'd really appreciate some assistance on this one.

There is a terribly good howto:

http://www.idealx.org/prj/samba/smbldap-howto.en.html

-- 
greg, [EMAIL PROTECTED]

The technology that is 
Stronger, Better, Faster: Linux

Use Debian GNU/Linux, its a bazaar thing.



signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] vfs module problem with new samba version

2005-09-22 Thread xavier

Jeremy Allison a écrit :


On Thu, Sep 22, 2005 at 06:16:44PM +0200, Xavier wrote:
 


hi,

I was using vfs modules in my 3.0.4 samba version
I go to the new 3.0.20 today and now vfs modules doesn't work anymore:

is this ok ?
   



You need new modules to match your Samba version. The module interface
can change between Samba versions (and definately has between 3.0.4
and 3.0.20).

Jeremy.


 


The modules have been updated when i compiled the new samba version.
so," recycle.so" is 3.0.20 version ??
seems strange

Xavier
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] LDAP howto

2005-09-22 Thread Nathan Vidican
The samba how-to's a good place to start, however... if you're just looking to 
learn and understand things better, then I'd suggest a read-through on the 
OpenLDAP.org site as well. Hate to puch you away with a 'RTFM' reply... but 
it is kinda what you were asking for.

On Thursday 22 September 2005 14:16, Gary Dale wrote:
> Does anyone know of a good Samba-LDAP howto for Debian (Sarge) systems?
> I probably don't need it for my home network, but I'd like to learn how
> to do it anyway. My previous attempts to get it working have failed. :(

--
Nathan Vidican
[EMAIL PROTECTED]
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] LDAP howto

2005-09-22 Thread Gary Dale
Does anyone know of a good Samba-LDAP howto for Debian (Sarge) systems? 
I probably don't need it for my home network, but I'd like to learn how 
to do it anyway. My previous attempts to get it working have failed. :(



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] vfs module problem with new samba version

2005-09-22 Thread Jeremy Allison
On Thu, Sep 22, 2005 at 06:16:44PM +0200, Xavier wrote:
> hi,
> 
> I was using vfs modules in my 3.0.4 samba version
> I go to the new 3.0.20 today and now vfs modules doesn't work anymore:
> 
> is this ok ?

You need new modules to match your Samba version. The module interface
can change between Samba versions (and definately has between 3.0.4
and 3.0.20).

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Authentication for user FAILED with error NT_STATUS_NO_SUCH_USER

2005-09-22 Thread Eric A. Hall

On 9/21/2005 2:29 PM, Sérgio A P Ferreira wrote:

> Sep 21 14:59:15 zeus slapd[2123]: conn=18 op=2 SEARCH RESULT tag=101 err=0
> nentries=0 text=

check your LDAP ACLs ... most frequent problem for LDAP apps by far

-- 
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols  http://www.oreilly.com/catalog/coreprot/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Re: Samba with Mysql, compilation problem. (Additionnal information)

2005-09-22 Thread MARTIN Pierre

Hi,

Thank you for the help. I have managed to make the ./configure and 
compilation end with no errors, with the help of Collen who told me to 
make few symlinks of mysql and some little adds in the configure script. 
Now i am trying to get the mysql module to work with samba, and i still 
get the stupid message like "No builtin mysql plugin" or something.


I also have try to locate anything named pdb_mysql but there is nothing, 
so maybe it has been compiled with samba like Collen said! I'm not sure 
of what to do now, so any help will be greatly appreciated.


Thank you all,
Pierre

paul kölle wrote:


MARTIN Pierre wrote:
 


Hey people,

i just had a compilation error! I'm pretty happy because it means that i
am doing something wrong. It seems that the compiler doesn't find
mysql.h include header file. The point is that i have all these includes
files in this folder:
/usr/local/mysql/include/mysql/

   


try:
CFLAGS="$CFLAGS -I/usr/local/mysql/include/" LDFLAGS="$LDFLAGS
-L/usr/local/mysql/lib" ./configure --foo --bar

not sure if you have to add the last /mysql/ part also, just try it ;)

hth
Paul

 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] ACLs with Problem

2005-09-22 Thread Greg Folkert
On Thu, 2005-09-22 at 11:43 -0300, Luis Henrique de Faria Guimarães
wrote:
> Hi All,
> 
> I am with problem with the permissions of windows.
> The samba is not getting the ACLs permissions.  I compiled version
> 3.0.20, with the following options:
> 
[...]

Well the first thin we need to know, is the filesystem that you are
sharing via samba mounted with the acl option in the /etc/fstab?

Here is what mine looks like and I get the ACLs just fine:

/dev/datavg/examplelv   /lf/db  ext3
rw,suid,nodev,exec,auto,nouser,async,acl,errors=remount-ro  1 1

I guess, I could have done "defaults,acl,nodev" and be-equivalent... but
hey I guess I am a bit retentive.

> # file: teste.txt
> # owner: root
> # group: Domain Users
> user::rwx
> user:henrique:rw-
> group::r--
> mask::rw-
> other::r--
> 
> The user henrique appears in linux, but he does not appear in windows.
> When I try to add permissions through windows appears a message of
> "denied access".
> Somebody can help me

Well, as long as you have the filesystem mounted (assuming it is ext3
with acl support compiled in) with the ACLs turned on... then things
should work.
-- 
greg, [EMAIL PROTECTED]

The technology that is 
Stronger, Better, Faster: Linux

Use Debian GNU/Linux, its a bazaar thing.



signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] vfs module problem with new samba version

2005-09-22 Thread Xavier
hi,

I was using vfs modules in my 3.0.4 samba version
I go to the new 3.0.20 today and now vfs modules doesn't work anymore:

is this ok ?

"
 vfs object = vscan-clamav, default_quota, recycle
 recycle: config-file = /etc/samba/samba-recycle.conf
 vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
"

testparm says :

Processing section "[homes]"
Unknown parameter encountered: "recycle: config-file"
Ignoring unknown parameter "recycle: config-file"
Unknown parameter encountered: "vscan-clamav: config-file"
Ignoring unknown parameter "vscan-clamav: config-file"


thanks for help


--
Xavier
mailto: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Re: ACLs with Problem

2005-09-22 Thread paul kölle
Luis Henrique de Faria Guimarães wrote:
> With this configuration the users of the PDC (windows 2003) are 
> authenticantion way telnet 
> without problem.  However, the ACL do not function.  They see the exit with 
> command getfacl teste.txt:
> 
> [EMAIL PROTECTED] teste]# getfacl teste.txt
> # file: teste.txt
> # owner: root
> # group: Domain Users
> user::rwx
> user:henrique:rw-
> group::r--
> mask::rw-
> other::r--
Can you please describe what you expected to see here and why?

> 
> The user henrique appears in linux, but he does not appear in windows.
Then I'd say he's a linux user and not from AD via winbind right?

> When I try to add permissions through windows appears a message of "denied 
> access".
If that is a "correct" result largely depends which user is logged in to
the windows workstation. It would be helpful if you set samba to a
moderate debug level, and provide the relevant logs generated when the
desired operation(s) fail.


hth
 Paul

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Password History with Ldap

2005-09-22 Thread Ljunghammar, Darryl K
I am trying to turn on password history using an ldap backend. I can see
the sambaPasswordHistory entry set to all "0"s in Ldap. 

I tried to turn on password history with pdbedit -P "password history"
-C 3 and get back that it was set:

[root]# pdbedit -P "password history" 
account policy value for password history is 3

However, when I try to reset a user password it doesn't store the
history in sambaPasswordHistory. What am I missing here?

I have tried to reset the password from the windows side and the unix
side via smbpasswd. The password reset works but no history.

Thanks,

Darryl
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Samba with Mysql, compilation problem. (Additionnal information)

2005-09-22 Thread paul kölle
MARTIN Pierre wrote:
> Hey people,
> 
> i just had a compilation error! I'm pretty happy because it means that i
> am doing something wrong. It seems that the compiler doesn't find
> mysql.h include header file. The point is that i have all these includes
> files in this folder:
> /usr/local/mysql/include/mysql/
> 
try:
CFLAGS="$CFLAGS -I/usr/local/mysql/include/" LDFLAGS="$LDFLAGS
-L/usr/local/mysql/lib" ./configure --foo --bar

not sure if you have to add the last /mysql/ part also, just try it ;)

hth
 Paul

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] auth problem

2005-09-22 Thread Ric Tibbetts
Okay, I'll keep asking questions, until I word one in a way that 
someone will answer. :)


i'm trying to get Samba setup. I've done this before, and it has 
never given me this much trouble.
In short, it seems to be insisting that the user be in smbpasswd 
(I've not experienced this before).


If the user is in smbpasswd, all seems well. If not, even though they 
exist on the server (via ldap + kerberos), I get a user not found error.
On the last set of servers I did this on, even ones who authenticate 
via ldap, I never did anything special to samba to get it to work. 
But I've not been so lucky this time.


The setup:

Server: IBM AIX 5.2
Samba 3.0.14a

Authentication: LDAP
Security:  Kerberos

The user entry in /etc/security/user:

   SYSTEM = "KRB5files"

smb.conf (in a simple form)

  [global]
workgroup = WIN
log level = 5 auth
log file = /var/log/samba/%m.log
username map = /usr/local/samba/lib/smbusers

[Homes]
comment = User home directories
guest ok = no
read only = No

I need the username map because the user names do not match between 
the windows clients & the samba server. So I need to map the translation.



When I try to access the system, I get an unknown user error.

The ONLY thing I need samba to do is provide shares (not shown above) 
to windows users. Nothing else.
If, I add a user to samba with smbpasswd . then the users can 
access the shares. If not, they can't.
I also, in the past have not had a server prompt me for passwords to 
access shares.

I'm missing something really obvious.
I'd really appreciate some assistance on this one.

thanks in advance!


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Re: locking.tdb: expand_file ftruncate to 8192 failed (Permission denied)

2005-09-22 Thread Axel Thimm
On Thu, Sep 22, 2005 at 08:19:18AM -0700, Jeremy Allison wrote:
> On Thu, Sep 22, 2005 at 10:15:08AM +0200, Axel Thimm wrote:
> > On Wed, Sep 21, 2005 at 04:34:32PM -0700, Jeremy Allison wrote:
> > > Why are you putting the locking db on a GFS filesystem anyway. That's
> > > madness !
> > 
> > The reason is to have a poor-man's-clustered-samba by placing lock and
> > private dir on a common share and have the relocated smbd/nmbd pairs
> > access them. E.g. relocating within the cluster is effectively like
> > restarting smbd/nmbd on a node.
> 
> That's never going to work (at least with acceptable speed). Talk
> to Volker for details...

We found the speed is very acceptable, its is faster than NFS
relocation and counts a couple of seconds, no more than a simple
non-clustered samba restart.

But it also isn't as transparent as we would wish it to be, as a TCP
RST doesn't have the cifs client retry as NFS does, which fortunately
is sometimes masked away in higher application levels like Office
saving dialogs, but still breaks a simple copy operation.

Anyway it does serve its purpose quite well, if it were not for the
mentioned bug in GFS. We now have several instances of smdb/nmbd pairs
freely floating within the cluster.

> > > As I said, I bet GFS isn't POSIX complient. Don't put locking
> > > tdb's on anything but local filesystems.
> > 
> > Well, GFS claims to be POSIX and local-like in any way. Maybe it is
> > just a bug in GFS? Does POSIX ensure that you can open an fd under
> > some user and not lose access right to the fd when dropping
> > priviledges?
> 
> Yes. That's why we wrote it this way. It's a bug in GFS. Open it
> with RedHat.

Already done so, the bugzilla link was in my previous mail :)

Thanks for the test case, it helped cornering the GFS bug.
-- 
Axel.Thimm at ATrpms.net


pgpXJCVNZmodP.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] XP Pro password change problem

2005-09-22 Thread Gary Dale

Further to my e-mails below:

I am running Samba 3.0.14a-Debian.

My garydale account owns all the directories I am sharing. The group is 
set to "users" for all of them also. All of the user's linux accounts 
are members of the Linux "users" group.


However, I suspect the root of the problem is to be found in my 
inability to change passwords through XP Pro.



Further to my e-mail below:

I just tried to change some share permissions from an XP Pro workstation
by right-clicking on the share | properties | security. The security
window shows me the existing permissions which seem correct. Because it
takes a second to translate the SIDs into names, I can also see that the
  SID is the same as reported below from pdbedit.

However, even though I have write access to the share (yes, I can write
to it), the permissions all show empty (unchecked). Nor can I change
them. I can change the boxes when I click "apply", they revert to the
old values.

I note that when I click on the Add button then the advanced button I
can get a full listing of the groups from Samba. Clearly my XP Pro
workstation is talking to Samba, but I can't get it to change my
password or recognize my "right" to change file permissions.

Surely someone must have a clue as to how I can track down the cause of
this problem?


--

I've set up NT domains from scratch and things work. However, in this
case I vampired the old settings over to my new Samba PDC from a W2K
server which I then removed from the network. Everything almost works,
except ...

The main thing is that I can't seem to change the domain passwords from
the XP Pro workstations. Normally you do Ctrl-Alt-Del and select change
password, then fill in the blanks, hit enter and the password gets
changed. However, when I try, I get a long wait - about 5 minutes - then
"the system cannot change your password now because the domain
RAHIM-DALE is unavailable" (where RAHIM-DALE is my domain name).

This happens on whatever XP Pro workstation I try. I've even tried
removing a domain account and recreating it, but the same thing happens.
If I change the passwords through SWAT, XP sees the new passwords and
stops bugging me to change them.

I looked at the tdb entries using the pdbedit program and can't see
anything wrong. The home directories get mapped properly. However, only
my account, which is in the Domain Admins group, seems to be able to
write to the shares!

Another oddity is that I can't seem to copy a file larger than 2G to the
server.

Any ideas anyone?


BTW: the server is running plain vanilla Debian 3.1 (Sarge) with ReiserFS.

Here's a pdbedit -Lv of my account:

Unix username:garydale
NT username:
Account Flags:[U  ]
User SID: S-1-5-21-1715567821-789336058-854245398-3000
Primary Group SID:S-1-5-21-1715567821-789336058-854245398-3001
Full Name:Gary Dale
Home Directory:   \\semper\garydale
HomeDir Drive:M:
Logon Script: scripts\logon.bat
Profile Path: \\semper\Profiles\garydale
Domain:   RAHIM-DALE
Account desc:
Workstations:
Munged dial:
Logon time:   0
Logoff time:  Mon, 18 Jan 2038 22:14:07 GMT
Kickoff time: Mon, 18 Jan 2038 22:14:07 GMT
Password last set:Sun, 14 Aug 2005 22:44:09 GMT
Password can change:  Mon, 15 Aug 2005 22:44:09 GMT
Password must change: Mon, 26 Sep 2005 21:31:41 GMT
Last bad password   : 0
Bad password count  : 0
Logon hours : FF


Here's my smb.conf:

Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2005/09/14 21:34:51

# Global parameters
[global]
   workgroup = RAHIM-DALE
   server string = %h PDC (Samba %v)
   passdb backend = tdbsam, guest
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
   unix password sync = Yes
   syslog = 0
   log file = /var/log/samba/log.%m
   max log size = 1000
   printcap name = cups
   add user script = /usr/sbin/useradd -g samba -c %u
   delete user script = /usr/sbin/userdel -r %u
   add group script = /usr/sbin/groupadd
   delete group script = /usr/sbin/groupdel %g
   add user to group script = /usr/sbin/usermod -G `/usr/bin/id -G %g %u
   add machine script = /usr/sbin/useradd -g machines -c Machine -d
/dev/null -s /bin/false %u
   logon script = scripts\logon.bat
   logon path = \\%L\Profiles\%U
   logon drive = M:
   logon home = \\%L\%U
   domain logons = Yes
   os level = 35
   preferred master = Yes
   domain master = Yes
   wins support = Yes
   ldap ssl = no
   panic action = /usr/share/samba/panic-action %d
   idmap uid = 1-2
   idmap gid = 1-2
   invalid users = root
   admin users = garydale, root
   hosts allow = 192.168.2.
   printing = cups
   print command =
   lpq command = %p
   lprm command =

[netlogon]
   comment = Logon Server Share
   path = /home/sam

[Samba] getent

2005-09-22 Thread Jason Gerfen
I am able to view groups after joining the domain but not users using 
getent passwd and getent group.  Anyone else seen this?


--
Jason Gerfen

"My girlfriend threated to
leave me if I went boarding...
I will miss her."
~ DIATRIBE aka FBITKK

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Re: locking.tdb: expand_file ftruncate to 8192 failed (Permission denied)

2005-09-22 Thread Jeremy Allison
On Thu, Sep 22, 2005 at 10:15:08AM +0200, Axel Thimm wrote:
> On Wed, Sep 21, 2005 at 04:34:32PM -0700, Jeremy Allison wrote:
> > On Thu, Sep 22, 2005 at 01:01:45AM +0200, Axel Thimm wrote:
> > > Should I generate a more verbose debug log (what log level
> > > settings?) and place it somewhere on the net?
> > > 
> > > I wonder how I'm triggering that code path, it certainly isn't seen by
> > > the typical RHEL4 installs. The lock directory is set to reside on a
> > > GFS filesystem, could that make a difference (shouldn't as it is
> > > supposed to be POSIX compliant local-fs-like filesystem)?
> > 
> > Oh almost certainly that's the problem. Did you test my test program
> > on a GFS filesystem ? Doesn't GFS use crypto credentials to prevent
> > people hijacking root ? If that's the case I bet they break POSIX
> > semantics w.r.t. this.
> > 
> > Why are you putting the locking db on a GFS filesystem anyway. That's
> > madness !
> 
> The reason is to have a poor-man's-clustered-samba by placing lock and
> private dir on a common share and have the relocated smbd/nmbd pairs
> access them. E.g. relocating within the cluster is effectively like
> restarting smbd/nmbd on a node.

That's never going to work (at least with acceptable speed). Talk
to Volker for details...
> 
> (gdb) run testfile thimm
> Starting program: /srv/physik.fu-berlin.de/data/samba-test/a.out testfile 
> thimm
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x003e18a6fb00 in strlen () from /lib64/tls/libc.so.6
> (gdb) bt
> #0  0x003e18a6fb00 in strlen () from /lib64/tls/libc.so.6
> #1  0x003e18a428dc in vfprintf () from /lib64/tls/libc.so.6
> #2  0x003e18a3f299 in buffered_vfprintf () from /lib64/tls/libc.so.6
> #3  0x003e18a3f479 in vfprintf () from /lib64/tls/libc.so.6
> #4  0x003e18a47d96 in fprintf () from /lib64/tls/libc.so.6
> #5  0x00400b2b in main (argc=3, argv=0x7fb8a8) at test.c:55

Very strange - that's this line :

fprintf(stderr, "failed to extend file %s - error %s\n",
argv[1], strerror(errno) );

I wonder if strerror is returning NULL ?

> > As I said, I bet GFS isn't POSIX complient. Don't put locking
> > tdb's on anything but local filesystems.
> 
> Well, GFS claims to be POSIX and local-like in any way. Maybe it is
> just a bug in GFS? Does POSIX ensure that you can open an fd under
> some user and not lose access right to the fd when dropping
> priviledges?

Yes. That's why we wrote it this way. It's a bug in GFS. Open it
with RedHat.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] documentation for idmap backend = ad ?

2005-09-22 Thread birger
I have been searching all day for documentation on the new idmap backend 
= ad feature. Where is it documented? I want shell and home dir 
templates from SFU as well as uid/gid. I have seen some examples in 
mailing lists for shell and home dir templates, but none seem to have 
acceptable syntax. Has this been implemented, and if so... what is the 
correct syntax to get it?


I have installed samba from the fedora core 4 develop repository, but it 
doesn't seem to have the ad module. I guess that means I have to compile 
it myself.


--
birger

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


RE: [Samba] net rpc vampire / Question or Problem?

2005-09-22 Thread Dirk.Laurenz
how big is your domain?
here're over 4000 users and 2000 groups...

Mit freundlichem Gruß,



Dirk Laurenz
Systems Engineer

Fujitsu Siemens Computers
S CE DE SE PS N/O
Sales Central Europe Deutschland 
Professional Service Nord / Ost

Hildesheimer Strasse 25
30880 Laatzen
Germany

Telephone:  +49 (511) 84 89 - 18 08
Telefax:+49 (511) 84 89 - 25 18 08
Mobile: +49 (170) 22 10 781
Email:  mailto:[EMAIL PROTECTED]
Internet:   http://www.fujitsu-siemens.com
http://www.fujitsu-siemens.de/services/index.html
***
  

-|  -Original Message-
-|  From: 
-|  [EMAIL PROTECTED]
rg [mailto:samba-bounces+dirk.laurenz=fujitsu--|  [EMAIL PROTECTED] On Behalf 
Of Michael Gasch
-|  Sent: Thursday, September 22, 2005 5:04 PM
-|  Cc: samba@lists.samba.org
-|  Subject: Re: [Samba] net rpc vampire / Question or Problem?
-|  
-|  > There're Groups like 'Domänen Benutzer' or 'Domänen Admins'
-|  nope, no problem
-|  we migrated successfully from German NT PDC to samba
-|  
-|  
-|  -- 
-|  Michael Gasch
-|  Max Planck Institute for Evolutionary Anthropology
-|  Department of Human Evolution (IT)
-|  Deutscher Platz 6
-|  D-04103 Leipzig
-|  Germany
-|  
-|  Phone: 49 (0)341 - 3550 137
-|  
-|  -- 
-|  To unsubscribe from this list go to the following URL and read the
-|  instructions:  https://lists.samba.org/mailman/listinfo/samba
-|  
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] net rpc vampire / Question or Problem?

2005-09-22 Thread Michael Gasch

There're Groups like 'Domänen Benutzer' or 'Domänen Admins'

nope, no problem
we migrated successfully from German NT PDC to samba


--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Question on Samba Service

2005-09-22 Thread Gary Dale
Samba can either be started as a "service" in inetd or started by the 
run-level init process. On my debian system, you can manually start & 
stop Samba by typing /etc/init.d/samba [start | stop | restart]. On 
non-Debian systems the path to the samba command script may vary. The 
script should be used when manually doing things with samba as it gets 
the order for starting and stopping daemons correct. You can also use 
swat if you have it enabled.


If Samba is started in inetd, you need the lines you mentioned. 
Otherwise, run something like the KDE System V Init editor and add Samba 
to start and stop at the appropriate run levels.


The permission denied error is probably because you were not logged in 
as root. Try using the su command first!



Edouard Ades wrote:


Hi,

For no particular reason, my Samba service didn't start yesterday,
when I went to start it by going in the /usr/local/samba/sbin and then
typing SMBD I got an error 
"permission denied" and something about the port 139 (sorry I don't have

the whole error message)

No changes were made on the box.

I started looking over the web and I found an something out something to
help me out on this issue.

This is what I found 
Now, if you wish to use inetd to start the Samba daemons, enter suitable
lines in the file /etc/inetd.conf, such as the following: 
netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd 
netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd 
swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat 

After editing the files, type  refresh -s inetd. 


Now my question is : Why commenting that out made from the Indetd.conf
works.
In other case why did I had to go trough this to start the samba
service, 
is the samba sercie suppose to start automatically ?


Thanks for all your help

Eddy 




Notice: This transmission is for the sole use of the intended recipient(s) and 
may contain information that is confidential and/or privileged.  If you are not 
the intended recipient, please delete this transmission and any attachments and 
notify the sender by return email immediately.  Any unauthorized review, use, 
disclosure or distribution is prohibited.

 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] permissions problem

2005-09-22 Thread Marcos Osorio
Hi, i have a samba server with a share, in that share there is a folder called, 
for example 'users' and then sub folders with permissions 750 for each.
With this i can handle de access to the folder by group.
Let me put more clear:
x:\
 - - - - >users \
  - ->john
  --->paul
  --->production
 
The problem is this: even that user paul or anyone of his group can't access to 
john folder, he can delete de folder john.
Is there a way to prevent this?, i mean, to prohibit anyone exept john and his 
members group to delete that folder¿?
 
Thanks.-
  MMo-.-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] ACLs with Problem

2005-09-22 Thread Luis Henrique de Faria Guimarães
Hi All,

I am with problem with the permissions of windows.
The samba is not getting the ACLs permissions.  I compiled version 3.0.20, with 
the following options:

./configure \
--prefix=/usr/local/samba \
--localstatedir=/var \
--with-configdir=/etc/samba \
--with-privatedir=/etc/samba \
--with-fhs \
--with-quotas \
--with-smbmount \
--enable-cups \
--with-pam \
--with-pam_smbpass \
--with-syslog \
--with-utmp \
--with-sambabook=/usr/local/samba/share/swat/using_samba \
--with-swatdir=/usr/local/samba/share/swat \
--with-shared-modules=idmap_rid \
--with-libsmbclient \
--with-acl-support \
--with-winbind \
--with-ads \
--with-krb5=/usr/kerberos

Below mine smb.conf:

[global]
workgroup = ECPNET
netbios name = PINHEIROS_BETA
#   unix charset = iso8859-1
display charset = cp850
realm = ECP.ORG.BR
server string = Samba Server
security = ADS
auth methods = winbind
client schannel = No
password server = *
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *
passwd:*all*authentication*tokens*updated*successfully*
#username map = /usr/local/samba/etc/smbusers
password level = 8
username level = 8
log file = /var/log/samba/%m.log
log level = 3 auth:3 winbind:3
max log size = 50
nt acl support = Yes
domain admin group = admins
acl compatibility = win2k
acl map full control = yes
acl check permissions = no
acl group control = yes
inherit acls = Yes
profile acls = Yes
map acl inherit = Yes
name resolve order = host wins bcast
server signing = auto
client use spnego = Yes
socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
addprinter command = addprinter
deleteprinter command = delprinter
add machine script = /usr/sbin/useradd -d /dev/null -g 504 -c
local master = No
dns proxy = No
wins server = 10.0.0.5, 10.0.0.4
ldap ssl = no
add share command = /usr/local/samba/share/modify_samba_config.pl
change share command = /usr/local/samba/share/modify_samba_config.pl
delete share command = /usr/local/samba/share/modify_samba_config.pl
idmap uid = 1-2
idmap gid = 1-2
template homedir = /data/users/%U
template shell = /bin/ksh
winbind use default domain = Yes
admin users = corniani, administrator, henrique
read only = No
force unknown acl user = Yes
guest ok = Yes
[Teste1]
comment = Teste de ACL Linux
path = /data/teste
browseable = Yes
admin users = ECPNET\henrique
read only = No

With this configuration the users of the PDC (windows 2003) are authenticantion 
way telnet without problem.  However, the ACL do not function.  They see the 
exit with command getfacl teste.txt:

[EMAIL PROTECTED] teste]# getfacl teste.txt
# file: teste.txt
# owner: root
# group: Domain Users
user::rwx
user:henrique:rw-
group::r--
mask::rw-
other::r--

The user henrique appears in linux, but he does not appear in windows.  When I 
try to add permissions through windows appears a message of "denied access".
Somebody can help me

Luís Henrique
Departamento de Tecnologia
Esporte Clube Pinheiros
Tel: 55 11 3817 3071
[EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Big problem with roaming profiles

2005-09-22 Thread S.Schaefer
Hello everyone!

I'm facing a big problem with the samba server I just set up:

System: FreeBSD 5.4
Samba ver: 3.0.20 (previuosly 3.0.12)
Client(s): Windows XP Professional

I configured the server to make use of roaming profiles. I was able to copy 
local profiles to the server, to login and voila - got my desktop. Also after 
creating a new user, the new profile gets copied to the server, synchronized 
and reloaded after next login.
So far so good.
But when I delete the local copy of the profile (deleting the entire user.dom 
directory) it doesn't get copied back from the server. Instead Windows waits 
für about 10 minutes until I get a new desktop from some default profile, where 
I can't change most settings. No update to the server occurs after logout.
The same happens when I try to login from a different client. No profile gets 
loaded. 
The log reveals no problems or errors.
I'm pretty clueless now, since I've read many, many documentations and sample 
configurations.

Below is my smb.conf:


[global]
display charset = ISO-8859-15
dos charset = 850
unix charset = ISO-8859-15
enable privileges = yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
map to guest = Bad User
#   smb passwd file = /etc/samba/smbpasswd
time server = Yes
encrypt passwords = yes
veto files = /*.eml/*.nws/riched20.dll/*.{*}
allow hosts = 128.176.52.0/255.255.255.128 192.168.0.0/24
unix extensions = Yes
netbios name = PDC
server string = Samba Domain Controller 
printing = CUPS
path = /var/spool/samba
workgroup = IZKF4
os level = 65
domain master = yes
preferred master = yes
local master = yes
wins support = yes
printcap name = CUPS
cups options = "raw"
use client driver = no
security = user
domain logons = yes
logon script = STARTUP.CMD
logon path = \\%L\profiles\%U
logon drive = P:
hide unreadable = yes
hide dot files = yes

log level = 2
log file = /var/log/samba/log.%m

ldap passwd sync = Yes
passdb backend = ldapsam:ldap://127.0.0.1/

; SAMBA-LDAP declarations
  passdb backend = ldapsam:ldap://127.0.0.1/
  # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
  ldap admin dn = cn=Manager,dc=mydomain,dc=com
  ldap suffix = dc=mydomain,dc=com
  ldap group suffix = ou=Groups
  ldap user suffix = ou=Users
  ldap machine suffix = ou=Computers
# ldap ssl = start_tls

  add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
  add user script = /usr/local/sbin/smbldap-useradd -m "%u"
  ldap delete dn = Yes
  delete user script = /usr/local/sbin/smbldap-userdel "%u"
  add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
  delete group script = /usr/local/sbin/smbldap-groupdel "%g"
  add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" 
"%g"
  delete user from group script = /usr/local/sbin/smbldap-groupmod -x 
"%u" "%g"
  set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" 
"%u"

[W]
   comment = Data
   browsable = yes
   path = /data/drivew
   create mask = 0664
   directory mask = 0775
   public = no
   writable = yes
   printable = no
   write list = @users

[netlogon]
   path = /data/netlogon
   public = no
   writeable = no
   browseable = no

[profiles]
   path=/data/ntprofiles
   browseable = no
   writeable = yes
   guest ok = Yes
   profile acls = Yes
   csc policy = disable
   force user = %U
#   hide files = /desktop.ini/ntuser.ini/NTUSER.*/
#   write list = %U @"Domain Admins"
   valid users = %U @"Domain Admins"
   create mask = 0600
   directory mask = 0700
#   default case = lower
   preserve case = Yes
   case sensitive = no

[homes]
   comment = Home Directories
   valid users = %S
   browseable = No
   read only = No
   create mask = 0640
   directory mask = 0750

[printers]
   comment = All Printers
   path = /var/spool/samba
   printable = Yes
   create mask = 0600
   browseable = No
   public = yes
   writable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
write list = root,"@Domain Admins"
force group = "Domain Admins"
create mask = 0664
directory mask = 0775

[hplj1300]
comment = HP Laserjet 1300
printable = yes
path = /var/spool/hplaserjet1300
public = no
guest ok = no
printer admin = "Domain Admins"

Additionally I applied the following patch to the XP-Clients:

###
; Windows XP Professional
; enable windows logon to samba server as domain controller (pdc) with roaming 
profile

; disable secure channel
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:
"s

[Samba] Question on Samba Service

2005-09-22 Thread Edouard Ades
Hi,
 
For no particular reason, my Samba service didn't start yesterday,
when I went to start it by going in the /usr/local/samba/sbin and then
typing SMBD I got an error 
"permission denied" and something about the port 139 (sorry I don't have
the whole error message)
 
No changes were made on the box.
 
I started looking over the web and I found an something out something to
help me out on this issue.
 
This is what I found 
Now, if you wish to use inetd to start the Samba daemons, enter suitable
lines in the file /etc/inetd.conf, such as the following: 
netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd 
netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd 
swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat 
 
After editing the files, type  refresh -s inetd. 
 
Now my question is : Why commenting that out made from the Indetd.conf
works.
In other case why did I had to go trough this to start the samba
service, 
is the samba sercie suppose to start automatically ?
 
Thanks for all your help
 
Eddy 
 


Notice: This transmission is for the sole use of the intended recipient(s) and 
may contain information that is confidential and/or privileged.  If you are not 
the intended recipient, please delete this transmission and any attachments and 
notify the sender by return email immediately.  Any unauthorized review, use, 
disclosure or distribution is prohibited.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] GFS bug hits Samba (was: locking.tdb: expand_file ftruncate to 8192 failed (Permission denied))

2005-09-22 Thread Axel Thimm
On Thu, Sep 22, 2005 at 10:15:08AM +0200, Axel Thimm wrote:
> On Wed, Sep 21, 2005 at 04:34:32PM -0700, Jeremy Allison wrote:
> > Why are you putting the locking db on a GFS filesystem anyway. That's
> > madness !
> 
> The reason is to have a poor-man's-clustered-samba by placing lock and
> private dir on a common share and have the relocated smbd/nmbd pairs
> access them. E.g. relocating within the cluster is effectively like
> restarting smbd/nmbd on a node.
> 
> On Wed, Sep 21, 2005 at 04:37:32PM -0700, Jeremy Allison wrote:
> > As I said, I bet GFS isn't POSIX complient. Don't put locking
> > tdb's on anything but local filesystems.
> 
> Well, GFS claims to be POSIX and local-like in any way. Maybe it is
> just a bug in GFS?

It turns out that's exactly what it is:

 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169039

GFS is in fact a local fs. It is just local for several SAN nodes at
the same time using dlm for coordinating locking. GFS can even be used
as a non-clustered local fs, just like ext3, where the same bug hits
it.

I hope the bug gets fixed soon. Otherwise, does this hit more than
locking.tdb?

Thanks!
-- 
Axel.Thimm at ATrpms.net


pgp6EiyC7TYHu.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with Samba share

2005-09-22 Thread René Armbruster
Hi all,

I got a problem with my Samba 

I added a new (well, ok old but new in this server, NTFS ->) hdd to my
server. I made a new partition with /sbin/mkfs.ext3 -m 0 -j /dev/hde1 and
mounted it ( mount /dev/hde1 /mnt/hde1 ) Now I wanna share a folder on this
new hdd (public) which is located /mnt/hde1/public. When I try to connect
with the smb client (smbclient //jessica/public ) I get the following error:
*
Anonymous login successful
Domain=[ARMBRUSTER] OS=[Unix] Server=[Samba 3.0.14a-2]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME*

If I use another folder on the existing hdd (only changing the path in the
smb.conf) it works well ...

anyone got an idea?

Thanks.

br

René
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] High CPU Time an Load Avarage on our Samba Server

2005-09-22 Thread Dirk.Laurenz
Hello list,
 
how could this happen?
The Server doesn't respond from time to time with a high load avarage.
We found a suspicious smbd process:
 
top - 13:43:07 up 1 day,  2:27,  5 users,  load average: 32.49, 58.41, 37.95
Tasks: 1196 total,   5 running, 1190 sleeping,   0 stopped,   1 zombie
 Cpu0 : 14.7% us,  3.8% sy,  0.0% ni, 79.8% id,  1.3% wa,  0.0% hi,  0.3% si
 Cpu1 :  1.3% us, 84.6% sy,  0.0% ni, 14.1% id,  0.0% wa,  0.0% hi,  0.0% si
 Cpu2 : 15.0% us,  6.4% sy,  0.0% ni, 76.7% id,  0.6% wa,  0.0% hi,  1.3% si
 Cpu3 : 10.9% us, 16.0% sy,  0.0% ni, 72.8% id,  0.0% wa,  0.0% hi,  0.3% si
Mem:   6231672k total,  6105452k used,   126220k free,12944k buffers
Swap:  8418016k total,  232k used,  8417784k free,  1636920k cached
  PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  GROUPCOMMAND
19256 PREUSSAG  25   0 14804 8168 3520 R 99.9  0.1 116:00.06 PREUSSAG smbd

This is a really big file server:

agestt71:~ # ps -ef | grep smbd |wc -l
1014


here's an sar -A:

10:15:01  runq-sz  plist-sz   ldavg-1   ldavg-5  ldavg-15
10:18:012  1262  2.17  2.16  1.82
10:21:011  1264  2.08  2.16  1.87
10:24:011  1269  2.09  2.18  1.93
10:27:011  1262  2.20  2.14  1.95
10:30:011  1262  2.01  2.15  1.99
10:33:011  1265  2.37  2.20  2.02
10:36:011  1264  2.33  2.26  2.08
10:39:011  1268  2.32  2.29  2.11
10:42:20   31  1289340.91128.06 48.26
10:45:011  1276 37.48 92.10 48.24
10:48:011  1283  4.44 51.58 40.18
10:51:010  1275  1.69 29.00 33.40
10:54:010  1272  1.42 16.54 27.77
10:57:011  1271  1.35  9.67 23.11
11:00:010  1269  1.50  5.94 19.28
11:03:011  1272  1.38  3.87 16.12
11:06:012  1267  1.29  2.70 13.50
11:09:29   79  1297190.52 83.20 41.67
11:12:010  1269 18.08 52.06 36.16
11:15:010  1274  2.36 29.17 30.05
11:18:011  1270  1.53 16.63 25.00
11:22:25   50  1296191.30 89.21 49.85
11:24:012  1293 41.52 65.89 45.36

11:24:01  runq-sz  plist-sz   ldavg-1   ldavg-5  ldavg-15
11:28:02  141  1308129.16 68.58 48.71
11:30:011  1297115.12 98.49 63.00
11:33:010  1303  6.91 54.53 52.14
11:37:13   50  1302234.47136.50 83.73
11:39:011  1305 41.48 96.57 75.20
11:42:011  1307  5.10 54.24 62.47
11:45:013  1311  2.61 30.84 51.91
11:48:011  1309  2.31 17.92 43.16
11:51:012  1288  2.12 10.78 35.93
11:54:012  1273  2.35  7.01 30.02
11:57:011  1266  2.20  4.84 25.12
12:00:013  1272  2.46  3.72 21.10
12:03:011  1277  2.19  3.03 17.77
12:06:023  1279  2.45  2.72 15.04
12:09:021  1270  2.68  2.64 12.83
12:12:011  1256  2.12  2.40 10.94
12:15:014  1251  2.50  2.48  9.46
12:18:011  1251  2.09  2.28  8.15
12:21:011  1248  2.09  2.23  7.09
12:24:011  1253  2.48  2.31  6.26
12:27:011  1246  2.26  2.35  5.58
12:30:014  1249  2.49  2.36  5.00
12:33:11  173  1249190.71 79.53 33.47

12:33:11  runq-sz  plist-sz   ldavg-1   ldavg-5  ldavg-15
12:36:011  1253 16.15 51.05 30.60
12:39:011  1251  3.20 29.10 25.65
12:42:011  1254  2.36 16.97 21.53
12:45:011  1250  2.31 10.35 18.14
12:48:011  1253  2.41  6.84 15.40
12:51:011  1247  2.16  4.70 13.06
12:54:012  1250  2.28  3.63 11.16
12:57:011  1240  2.29  3.03  9.60
13:00:011  1238  2.34  2.70  8.31
13:03:011  1243  2.68  2.65  7.29
13:06:012  1240  2.23  2.47  6.40
13:09:011  1232  2.30  2.39  5.67
13:12:011  1237  2.63  2.50  5.13
13:15:012  1236  2.51  2.46  4.64
13:18:011  1244  2.35  2.47  4.26
13:21:011  1

Re: [Samba] Username Case Sensitivity vs. Lower Casing

2005-09-22 Thread Gerald (Jerry) Carter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Marcel Ziswiler wrote:
> Thanks! I applied the winbindd_v1.patch and it at least partially fixed the 
> problem:
> I can now log in again regardless of the casing of the entered username.
> I still get mixed casing on my home directory.
> 
> gerald-carter login: gcarter
> Password:
> Creating directory '/home/GCarter'.
> Creating directory '/home/GCarter/.kde'.
> Creating directory '/home/GCarter/.kde/Autostart'.
> Creating directory '/home/GCarter/.xemacs'.
> Last login: Tue Aug 30 10:18:02 on :0
> 
> Any suggestions?

Sorry Marcel,  I've been really tied up in otherthings for
the past several weeks.  Any chance you could test the
SAMBA_3_0_RELEASE branch

$ svn co \
svn://svnanon.samba.org/samba/branches/SAMBA_3_0_RELEASE \
samba-3.0.20a

I think we have the case issues fixed.  But I need confirmation.
Also be careful is the system is running nscd.







cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDMpfCIR7qMdg1EfYRAvyqAKDSr+x355+WxVBo1y29H1EDuChUKgCeOqGn
hLIl/PlCp0mG1uy2VY2zU94=
=OFG1
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Problem adding printer using MSRPC

2005-09-22 Thread Gerald (Jerry) Carter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Guruswamy Namasivayam (gnamasiv) wrote:
> Hi,
>  
> When I try to add a printer using APW, the printer gets added
> successfully. However, when I try to add a printer using the MS_RPC
> addprinter command, the script fails with access denied. Please let me
> know if I am doing anything wrong. 
>  
> Thanks,
> Guru.
>  
> The addprinter vbscript
>  
> dim oMaster, oPrinter
>  
>   set oMaster  = CreateObject("PrintMaster.PrintMaster.1")
>   set oPrinter = CreateObject("Printer.Printer.1")
>  
>   oPrinter.ServerName  = "\\abc.xyz.com"
>   oPrinter.PrinterName = "Apple"
>   oPrinter.DriverName  = "Apple LaserWriter 8500"
>   oPrinter.PortName= "Samba printer port"
>   oPrinter.shareName  = "Apple"
>   oPrinter.Location = "odi-lab"
>  
>   oMaster.PrinterAdd(oPrinter)

You're probably going to have to look at a level 10 smbd debug
log to see what is failing.  What error code is being returned?






cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDMpKgIR7qMdg1EfYRAmf4AJ9hvYThW+pDtiM3ozo69Hh9qWppYwCfd/cE
nXESiP7F/etHd90wTWSQp8o=
=54IP
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] share connection dropped after 10 minutes

2005-09-22 Thread Carsten John
Hello everybody,

I have to face a problem here with a samba share disconnecting after
about 10 minutes.

Situation:

- debian woody, samba 3.0.14a
- server configured as PDC
- typically 100-150 smbd processes running

everything runs smoothly but one client (W2K SP4) that obviously needs a
quasi static connection to the PDC.

The client runs a software that stores regularly data on a dedicated
share called aekta. The software logs a warning that it lost the
connection to the server every 12 minutes. A few seconds later, the
connection is reestablished and the software writes it's data as
planned. There is no loss of data, but the warning messages fills up the
logs of the software. As the scientists using the software need to read
the logs for other purposes, they are quite annoyed about these warnings.

I also already tried to set "deadtime = 60" to ensure a defines timeout,
without success.

Any suggestions?





smb.conf (some share definitions cut):

; /etc/samba/smb.conf
[global]
workgroup = MPI
log level = 5
security = user
map to guest = Bad Password
guest account = nobody
admin users = root,administrator
netbios name = tux
server string = Samba Fileserver
add machine script = /usr/sbin/useradd -c "Machine account for %u to use
tux's NT-services." -g machines -d /dev/null -s /bin/false %u
dos charset = CP850
unix charset = CP850
socket options = TCP_NODELAY
veto files = /quota.user/
encrypt passwords = true
obey pam restrictions = yes
passdb backend = tdbsam guest
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
null passwords = no
os level = 65
preferred master = yes
name resolve order = lmhosts hosts wins bcast
domain master = yes
domain logons = yes
local master= yes
wins support = yes
preserve case = yes
short preserve case = yes
logon script = logon.bat
logon path = \\%L\%U\.profiledata
logon home = \\%L\%U
logon drive = y:
log file = /var/log/samba/log.%m
max log size = 1000
syslog only = no

[homes]
comment = Home-directory
writeable = yes
create mask = 0600
directory mask = 2700
inherit permissions = yes
map archive = yes
browseable = yes

[netlogon]
comment = Windows-logon-scripts
path = /home/logon-script
writeable = no
create mask = 0604
directory mask = 0755
browseable = yes
invalid users = nobody

[aekta]
comment = aekta
path = /groups/aekta
create mask = 0664
directory mask = 2777
force directory mode = 0775
browseable = yes
valid users = @microbio
write list = ogrundma aekta ogunderm
read only = yes
posix locking = no
oplocks = no
strict locking = no


relevant log entries:

2005/09/22 12:28:49, 3] smbd/process.c:switch_message(886)
  switch message SMBtrans2 (pid 6739) conn 0x836fd38
[2005/09/22 12:28:49, 4] smbd/uid.c:change_to_user(194)
  change_to_user: Skipping user change - already user
[2005/09/22 12:28:49, 3] smbd/trans2.c:call_trans2qfilepathinfo(2418)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2005/09/22 12:28:49, 5] smbd/filename.c:unix_convert(108)
  unix_convert called on file "UNICORN/Server"
[2005/09/22 12:28:49, 3] smbd/trans2.c:call_trans2qfilepathinfo(2452)
  call_trans2qfilepathinfo UNICORN/Server (fnum = -1) level=1004 call=5
total_data=0
[2005/09/22 12:28:49, 5] smbd/trans2.c:call_trans2qfilepathinfo(2596)
  SMB_QFBI - create: Tue Aug 23 13:30:54 2005
   access: Thu Sep 22 09:11:16 2005
   write: Tue Aug 23 13:30:54 2005
   change: Tue Aug 23 13:30:54 2005
   mode: 10
[2005/09/22 12:28:53, 3] smbd/process.c:timeout_processing(1334)
  timeout_processing: End of file from client (client has disconnected).
[2005/09/22 12:28:53, 5] lib/gencache.c:gencache_shutdown(88)
  Closing cache file
[2005/09/22 12:28:53, 5] libsmb/namecache.c:namecache_shutdown(79)
  namecache_shutdown: netbios namecache closed successfully.
[2005/09/22 12:28:53, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/09/22 12:28:53, 5] auth/auth_util.c:debug_nt_user_token(485)
  NT user token: (NULL)
[2005/09/22 12:28:53, 5] auth/auth_util.c:debug_unix_user_token(506)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2005/09/22 12:28:53, 5] smbd/uid.c:change_to_root_user(296)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/09/22 12:28:53, 2] smbd/server.c:exit_server(609)
  Closing connections
[2005/09/22 12:28:53, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/09/22 12:28:53, 5] auth/auth_util.c:debug_nt_user_token(485)
  NT user token: (NULL)
[2005/09/22 12:28:53, 5] auth/auth_util.c:debug_unix_user_token(506)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2005/09/22 12:28:53, 5] smbd/uid.c:change_to_root_user(296)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/09/22 12:28:53, 1] smbd/service.c:close_cnum(830)
  gigas (194.95.7.119) closed connection to service aekta
[2005/09/22 12:28:53, 3] smbd/connection.c:yield_connection

Re: [Samba] Samba with Mysql, compilation problem.

2005-09-22 Thread MARTIN Pierre

Hello again, and sorry for the "spam" inconvenience!

Well have just added these args to the configure script (i also have 
symlinked some of the most important mysql bins in /usr/local/bin):
*--with-mysql-prefix=/usr/include/mysql/ 
--with-mysql-exec-prefix=/usr/local/bin/*
and it now goes ahead... I will have to go work soon, so i will see if 
it has been compiling the whole thing including the mysql stuff tonight...


Any idea are welcome :)

Pierre

(C)ollen wrote:


hmm.. try

./configure --with-expsam=mysql --with-shared-modules=pdb_mysql

mysql lib's in the: /usr/lib/mysql (symlink will do)
mysql headers in the: /usr/include/mysql (symlink will do)

you can compile the mysql_backend into samba so there isn't an 
external module !


your problem is that samba can't find the header files from mysql (.h)
I think that the guy's from debian left the mysql backend out,
coz' it's somewhat experimental, and lackes support..
never the less, it works, and we have it up and running for almost 
2years now!!


have fun

Collen Blijenberg (MLHJ)

MARTIN Pierre wrote:

First i would like to say hello to everybody here, because i am new 
to this ML.


So here is the description of my problem:
I began with a clean samba installation from the stable branch few 
monthes ago, everything was just fine, i have a linux box which was 
sharing files for another linux workstation and two WinXP laptops. 
The sharing linux box is a debian stable branch O/S, which is my 
choice for a long time now.


Few weeks ago, i decided to make my sparkling samba installation 
virtual-users aware, and i began to crawl on various websites, all 
explaining the smb.conf parametters to give. I figured out that i was 
just not able to make it run because of a main problem, the apt-get 
samba gave me a non mysql-powered-samba version :(


So i removed the samba package from the computer, and dowloaded the 
debian source of it. Basic source, untared, and had a look to the 
debian/rule file. I saw there was any parametters given about mysql 
building, so i also had a look at the configure script's options. It 
always compiles the brand new warm .deb packages (after i fixed some 
lacky dependencies, i had to make a fake mysql-common package by 
myselve, because i already had mysql installed from sources and did 
not want to install the deb package, etc...). I'm now totally lost, i 
have try everything and i can't get this pdb_mysql.so "plugin" ready :(


So maybe i have miss something, maybe there is another way to make it 
as i wish to be, maybe there is a simple way to indirectly link samba 
to mysql with pam (I don't know PAM rules at all, i neither don't 
know how it works).


It has been 4 days i'm looking for a solution, mailing random people 
i find on websites, no answers from them.


Please if somebody has any clue, let me know a link, a sound, a 
color, anything to find a way to make it work...

Anything to make it work from the stable .deb packages appreciated too.

Thank you a lot!

Pierre.

P.S.: Here is the current configure parametters i use extracted from 
my rule file:
   --cache-file=./config.cache --with-fhs --enable-shared 
--enable-static --prefix=/usr --sysconfdir=/etc --libdir=/etc/samba 
--with-privatedir=/etc/samba --with-piddir=/var/run/samba 
--localstatedir=/var --with-netatalk --with-pam --with-syslog 
--with-utmp --with-readline --with-pam_smbpass --with-libsmbclient 
--with-winbind --with-msdfs --with-automount --with-tdbsam 
--with-ldap --with-python=python2.3 --with-mysql --enable-mysql 
--with-mysql-prefix=/usr/local/mysql --with-expsam=mysql





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba with Mysql, compilation problem.

2005-09-22 Thread MARTIN Pierre

Hello Collen,

I've just try what you suggested. I have now a new error which is
"*Can't find MySQL libraries while MySQL support is requested.*"
But now, the configure script returns an error, not the compilation 
itselve (Since the make command is not started unless configure tells 
"i'm fine go ahead"  :-) )


The configure script was called with these args:
*--cache-file=./config.cache --with-fhs --enable-shared --enable-static 
--prefix=/usr --sysconfdir=/etc --libdir=/etc/samba 
--with-privatedir=/etc/samba --with-piddir=/var/run/samba 
--localstatedir=/var --with-netatalk --with-pam --with-syslog 
--with-utmp --with-readline --with-pam_smbpass --with-libsmbclient 
--with-winbind --with-msdfs --with-automount --with-tdbsam --with-ldap 
--with-python=python2.3 --with-expsam=mysql --with-shared-modules=pdb_mysql*


My actual filesystem configuration is as follows:

   * /usr/local/mysql/include/mysql is symlinked to /usr/include/mysql,
 so i virtualy have mysql.h and other header files in
 /usr/include/mysql/*
   * /usr/local/mysql/lib/mysql is symlinked to /usr/lib/mysql, so i
 also virtually have all mysql libraries in /usr/lib/mysql/*

look:
"*ls /usr/lib/mysql/*" gives
*libdbug.a  libmerge.a   libmyisammrg.alibmysqlclient.la  
libmysqlclient.so.14  libmystrings.a  libnisam.a  libheap.a  
libmyisam.a  libmysqlclient.a  libmysqlclient.so  
libmysqlclient.so.14.0.0  libmysys.a  libvio.a*


and "*ls /usr/include/mysql/*"
*errmsg.hmy_alloc.h   my_getopt.h  my_no_pthread.h  mysqld_error.h  
mysql_version.h  readline.h sslopt-longopts.h  keycache.h  
my_config.h  my_global.h  my_pthread.h mysql_embed.h   
my_sys.h sql_common.h   sslopt-vars.h   m_ctype.h   my_dbug.h
my_list.hmy_semaphore.h   mysql.h my_xml.h 
sql_state.htypelib.h  m_string.h  my_dir.h my_net.h 
mysql_com.h  mysql_time.hraid.h   sslopt-case.h*


But it seems that the configure script doesn't knows where to look in.

I'm going to make further tests with the "*--with-mysql-prefix*" and 
"*--with-mysql-exec-prefix*", giving them some additionnal paths, in 
fact i dont know what more i can do :'(


Anyway, thank you for the help!

Take care,
Pierre

(C)ollen wrote:


hmm.. try

./configure --with-expsam=mysql --with-shared-modules=pdb_mysql

mysql lib's in the: /usr/lib/mysql (symlink will do)
mysql headers in the: /usr/include/mysql (symlink will do)

you can compile the mysql_backend into samba so there isn't an 
external module !


your problem is that samba can't find the header files from mysql (.h)
I think that the guy's from debian left the mysql backend out,
coz' it's somewhat experimental, and lackes support..
never the less, it works, and we have it up and running for almost 
2years now!!


have fun

Collen Blijenberg (MLHJ)

MARTIN Pierre wrote:

First i would like to say hello to everybody here, because i am new 
to this ML.


So here is the description of my problem:
I began with a clean samba installation from the stable branch few 
monthes ago, everything was just fine, i have a linux box which was 
sharing files for another linux workstation and two WinXP laptops. 
The sharing linux box is a debian stable branch O/S, which is my 
choice for a long time now.


Few weeks ago, i decided to make my sparkling samba installation 
virtual-users aware, and i began to crawl on various websites, all 
explaining the smb.conf parametters to give. I figured out that i was 
just not able to make it run because of a main problem, the apt-get 
samba gave me a non mysql-powered-samba version :(


So i removed the samba package from the computer, and dowloaded the 
debian source of it. Basic source, untared, and had a look to the 
debian/rule file. I saw there was any parametters given about mysql 
building, so i also had a look at the configure script's options. It 
always compiles the brand new warm .deb packages (after i fixed some 
lacky dependencies, i had to make a fake mysql-common package by 
myselve, because i already had mysql installed from sources and did 
not want to install the deb package, etc...). I'm now totally lost, i 
have try everything and i can't get this pdb_mysql.so "plugin" ready :(


So maybe i have miss something, maybe there is another way to make it 
as i wish to be, maybe there is a simple way to indirectly link samba 
to mysql with pam (I don't know PAM rules at all, i neither don't 
know how it works).


It has been 4 days i'm looking for a solution, mailing random people 
i find on websites, no answers from them.


Please if somebody has any clue, let me know a link, a sound, a 
color, anything to find a way to make it work...

Anything to make it work from the stable .deb packages appreciated too.

Thank you a lot!

Pierre.

P.S.: Here is the current configure parametters i use extracted from 
my rule file:
   --cache-file=./config.cache --with-fhs --enable-shared 
--enable-static --prefix=/usr --sysconf

Re: [Samba] Samba with Mysql, compilation problem.

2005-09-22 Thread Pierre MARTIN
Hello Collen and thank you for this answer!

I am at work now, so i'll manage to test all this at home tonight.

Anyway, i'll keep everybody tunned of the progression, hope it will helps
people to get mysql pluggin running on debian.

See you and thank you again :)
Pierre

On 9/22/05, (C)ollen <[EMAIL PROTECTED]> wrote:
>
> hmm.. try
>
> ./configure --with-expsam=mysql --with-shared-modules=pdb_mysql
>
> mysql lib's in the: /usr/lib/mysql (symlink will do)
> mysql headers in the: /usr/include/mysql (symlink will do)
>
> you can compile the mysql_backend into samba so there isn't an external
> module !
>
> your problem is that samba can't find the header files from mysql (.h)
> I think that the guy's from debian left the mysql backend out,
> coz' it's somewhat experimental, and lackes support..
> never the less, it works, and we have it up and running for almost
> 2years now!!
>
> have fun
>
> Collen Blijenberg (MLHJ)
>
> MARTIN Pierre wrote:
> > First i would like to say hello to everybody here, because i am new to
> > this ML.
> >
> > So here is the description of my problem:
> > I began with a clean samba installation from the stable branch few
> > monthes ago, everything was just fine, i have a linux box which was
> > sharing files for another linux workstation and two WinXP laptops. The
> > sharing linux box is a debian stable branch O/S, which is my choice for
> > a long time now.
> >
> > Few weeks ago, i decided to make my sparkling samba installation
> > virtual-users aware, and i began to crawl on various websites, all
> > explaining the smb.conf parametters to give. I figured out that i was
> > just not able to make it run because of a main problem, the apt-get
> > samba gave me a non mysql-powered-samba version :(
> >
> > So i removed the samba package from the computer, and dowloaded the
> > debian source of it. Basic source, untared, and had a look to the
> > debian/rule file. I saw there was any parametters given about mysql
> > building, so i also had a look at the configure script's options. It
> > always compiles the brand new warm .deb packages (after i fixed some
> > lacky dependencies, i had to make a fake mysql-common package by
> > myselve, because i already had mysql installed from sources and did not
> > want to install the deb package, etc...). I'm now totally lost, i have
> > try everything and i can't get this pdb_mysql.so "plugin" ready :(
> >
> > So maybe i have miss something, maybe there is another way to make it as
> > i wish to be, maybe there is a simple way to indirectly link samba to
> > mysql with pam (I don't know PAM rules at all, i neither don't know how
> > it works).
> >
> > It has been 4 days i'm looking for a solution, mailing random people i
> > find on websites, no answers from them.
> >
> > Please if somebody has any clue, let me know a link, a sound, a color,
> > anything to find a way to make it work...
> > Anything to make it work from the stable .deb packages appreciated too.
> >
> > Thank you a lot!
> >
> > Pierre.
> >
> > P.S.: Here is the current configure parametters i use extracted from my
> > rule file:
> > --cache-file=./config.cache --with-fhs --enable-shared
> > --enable-static --prefix=/usr --sysconfdir=/etc --libdir=/etc/samba
> > --with-privatedir=/etc/samba --with-piddir=/var/run/samba
> > --localstatedir=/var --with-netatalk --with-pam --with-syslog
> > --with-utmp --with-readline --with-pam_smbpass --with-libsmbclient
> > --with-winbind --with-msdfs --with-automount --with-tdbsam --with-ldap
> > --with-python=python2.3 --with-mysql --enable-mysql
> > --with-mysql-prefix=/usr/local/mysql --with-expsam=mysql
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] winbindd default domain problem

2005-09-22 Thread Josselin Dulac (I.U.FM.)

Hello,
I got a problem using the Squid-winbind-samba-ldap services.
Squid 2.5, authenticating with Samba 3.1 through winbind.
Problem occurs with internet explorer on Windows XP clients when users
authenticate with Squid using NTLM protocol, with clients that are not
in the domain.
Acces is not allowed until I add the domain information to the user id.
When I look at winbind' logs, I can see that Internet Explorer sent the
local machine name as "domain" without asking me (My machine is called
"TEST", so I have "TEST\username" sent to squid.
I've the "winbind use default domain = yes" directive set (and parsed by
windbind when running), I've also tried to force the ntlm-auth Squid
helper with --domain=MYDOMAIN, but nothing worked.
Despite of that, it works well with firefox when out of the domain (auto
switching to basic auth), and well with both navigators when in a domain
(getting the Windows XP login as authentifier).

Did I forgot something ? All threads I found on the samba lists said
that the "winbind use default domain = yes" directive would be enough...
why isn't it ok for me ?

Note : I'm sorry for my english, I'm french ;)


Josselin Dulac
Technicien au CRI
IUFM de Lyon

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Samba printer server error

2005-09-22 Thread steven
With XP client printer, when choosing Printer Properties the following error
follows,
I use samba 3.0.9, 3.0.14a & 3.0.20. I can't print to samba printer server
with XP client.
but with win2000 and win98 no problems.
Thanks in advance.

[2005/09/22 00:01:19, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(785)
  spoolss_io_devmode: I've parsed all I know and there is still stuff left|
[2005/09/22 00:01:19, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(787)
  spoolss_io_devmode: available_space = [3052], devmode_size = [3272]!
[2005/09/22 00:01:19, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(788)
  spoolss_io_devmode: please report to [EMAIL PROTECTED]
[2005/09/22 00:01:19, 0]
rpc_server/srv_spoolss.c:api_spoolss_open_printer_ex(76)
  spoolss_io_q_open_printer_ex: unable to unmarshall
SPOOL_Q_OPEN_PRINTER_EX.
[2005/09/22 00:01:19, 0] rpc_server/srv_pipe.c:api_rpcTNP(1572)
  api_rpcTNP: spoolss: SPOOLSS_OPENPRINTEREX failed.
[2005/09/22 00:01:19, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(785)
  spoolss_io_devmode: I've parsed all I know and there is still stuff left|
[2005/09/22 00:01:19, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(787)
  spoolss_io_devmode: available_space = [3052], devmode_size = [3272]!
[2005/09/22 00:01:19, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(788)
  spoolss_io_devmode: please report to [EMAIL PROTECTED]
[2005/09/22 00:01:19, 0]
rpc_server/srv_spoolss.c:api_spoolss_open_printer_ex(76)
  spoolss_io_q_open_printer_ex: unable to unmarshall
SPOOL_Q_OPEN_PRINTER_EX.
[2005/09/22 00:01:19, 0] rpc_server/srv_pipe.c:api_rpcTNP(1572)
  api_rpcTNP: spoolss: SPOOLSS_OPENPRINTEREX failed.
[2005/09/22 00:01:47, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(785)
  spoolss_io_devmode: I've parsed all I know and there is still stuff left|
[2005/09/22 00:01:47, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(787)
  spoolss_io_devmode: available_space = [3052], devmode_size = [3272]!
[2005/09/22 00:01:47, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(788)
  spoolss_io_devmode: please report to [EMAIL PROTECTED]




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


RE: [Samba] net rpc vampire / Question or Problem?

2005-09-22 Thread Dirk.Laurenz
Hi,

maybe that it is a german domain is the problem?

There're Groups like 'Domänen Benutzer' or 'Domänen Admins'


Mit freundlichem Gruß,



Dirk Laurenz
Systems Engineer

Fujitsu Siemens Computers
S CE DE SE PS N/O
Sales Central Europe Deutschland 
Professional Service Nord / Ost

Hildesheimer Strasse 25
30880 Laatzen
Germany

Telephone:  +49 (511) 84 89 - 18 08
Telefax:+49 (511) 84 89 - 25 18 08
Mobile: +49 (170) 22 10 781
Email:  mailto:[EMAIL PROTECTED]
Internet:   http://www.fujitsu-siemens.com
http://www.fujitsu-siemens.de/services/index.html
***
  

-|  -Original Message-
-|  From: 
-|  [EMAIL PROTECTED]
-|  rg 
-|  [mailto:[EMAIL PROTECTED]
-|  .samba.org] On Behalf Of [EMAIL PROTECTED]
-|  Sent: Wednesday, September 21, 2005 3:57 PM
-|  To: [EMAIL PROTECTED]
-|  Cc: samba@lists.samba.org
-|  Subject: RE: [Samba] net rpc vampire / Question or Problem?
-|  
-|  Hi,
-|  
-|  some usernames have german characters, but we're repairing this.
-|  Groups have only a "_" inside thier names. But shouldn't 
-|  rpc vampire simply
-|  skip this usernames?
-|  
-|  Mit freundlichem Gruß,
-|  
-|  
-|  
-|  Dirk Laurenz
-|  Systems Engineer
-|  
-|  Fujitsu Siemens Computers
-|  S CE DE SE PS N/O
-|  Sales Central Europe Deutschland 
-|  Professional Service Nord / Ost
-|  
-|  Hildesheimer Strasse 25
-|  30880 Laatzen
-|  Germany
-|  
-|  Telephone:  +49 (511) 84 89 - 18 08
-|  Telefax:+49 (511) 84 89 - 25 18 08
-|  Mobile: +49 (170) 22 10 781
-|  Email:  mailto:[EMAIL PROTECTED]
-|  Internet:   http://www.fujitsu-siemens.com
-|  http://www.fujitsu-siemens.de/services/index.html
-|  
-|  ***
-|
-|  
-|  -|  -Original Message-
-|  -|  From: Michael Gasch [mailto:[EMAIL PROTECTED] 
-|  -|  Sent: Wednesday, September 21, 2005 8:09 AM
-|  -|  To: Laurenz, Dirk
-|  -|  Cc: samba@lists.samba.org
-|  -|  Subject: Re: [Samba] net rpc vampire / Question or Problem?
-|  -|  
-|  -|  > here's my groupmod script:
-|  -|  > 
-|  -|  >   add user to group script= 
-|  -|  /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
-|  -|  > 
-|  -|  > net rpc vampire stops with exit code 141.
-|  -|  > 
-|  -|  > Is there someting wrong?
-|  -|  > 
-|  -|  i guess you're using the latest versions of smbldap and samba
-|  -|  your line is fine, so i can't really explain this behaviour
-|  -|  may be your global groups have some weird characters, 
-|  usernames, or 
-|  -|  nested groups in it?
-|  -|  
-|  -|  -- 
-|  -|  Michael Gasch
-|  -|  Max Planck Institute for Evolutionary Anthropology
-|  -|  Department of Human Evolution (IT)
-|  -|  Deutscher Platz 6
-|  -|  D-04103 Leipzig
-|  -|  Germany
-|  -|  
-|  -|  Phone: 49 (0)341 - 3550 137
-|  -|  
-|  -- 
-|  To unsubscribe from this list go to the following URL and read the
-|  instructions:  https://lists.samba.org/mailman/listinfo/samba
-|  
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


RE: [Samba] FW: GESIS Samba config

2005-09-22 Thread Dirk.Laurenz
this was not for the list.sorry

Mit freundlichem Gruß,



Dirk Laurenz
Systems Engineer

Fujitsu Siemens Computers
S CE DE SE PS N/O
Sales Central Europe Deutschland 
Professional Service Nord / Ost

Hildesheimer Strasse 25
30880 Laatzen
Germany

Telephone:  +49 (511) 84 89 - 18 08
Telefax:+49 (511) 84 89 - 25 18 08
Mobile: +49 (170) 22 10 781
Email:  mailto:[EMAIL PROTECTED]
Internet:   http://www.fujitsu-siemens.com
http://www.fujitsu-siemens.de/services/index.html
***
  

-|  -Original Message-
-|  From: (C)ollen [mailto:[EMAIL PROTECTED] 
-|  Sent: Thursday, September 22, 2005 10:47 AM
-|  To: Laurenz, Dirk; samba@lists.samba.org
-|  Subject: Re: [Samba] FW: GESIS Samba config
-|  
-|  Try ENGLISH 
-|  
-|  [EMAIL PROTECTED] wrote:
-|  > Hallo zusammen,
-|  > 
-|  > Herr Lendecke bat mich, die Samba Konfiguration zu 
-|  mailen, die wir hier
-|  > im Einsatz haben. Ich habe das für eine Server oben 
-|  zusammengestellt.
-|  > 
-|  > Es gibt folgende Ziele, die erreicht werden sollen:
-|  > 
-|  >   1.) völlige Virutalisierung von Samba (Unabhänigkeit 
-|  von der Hardware)
-|  >   ähnlich SAP
-|  > 
-|  >   2.) Dedizierte Server für z.B.:
-|  >   profile
-|  >   homedirs
-|  >   kunden der gesis/sz ag
-|  > 
-|  >   3.) Hochverfügbarkeit der einzelnen Instanzen.
-|  > 
-|  > Ich bitte um Kommentar dazu. Ich bin heute vorort und per 
-|  Handy erreichbar. 
-|  > 
-|  > Mit freundlichem Gruß,
-|  > 
-|  > 
-|  > 
-|  > Dirk Laurenz
-|  > Systems Engineer  
-|  > 
-|  > Fujitsu Siemens Computers
-|  > S CE DE SE PS N/O
-|  > Sales Central Europe Deutschland 
-|  > Professional Service Nord / Ost
-|  > 
-|  > Hildesheimer Strasse 25
-|  > 30880 Laatzen
-|  > Germany
-|  > 
-|  > Telephone:+49 (511) 84 89 - 18 08
-|  > Telefax:  +49 (511) 84 89 - 25 18 08
-|  > Mobile:   +49 (170) 22 10 781
-|  > Email:mailto:[EMAIL PROTECTED]
-|  > Internet: http://www.fujitsu-siemens.com
-|  > http://www.fujitsu-siemens.de/services/index.html
-|  > 
-|  
-|  ***
-|  >   
-|  > 
-|  > -|  -Original Message-
-|  > -|  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
-|  > -|  Sent: Thursday, September 22, 2005 10:25 AM
-|  > -|  To: Laurenz, Dirk
-|  > -|  Subject: GESIS Samba config
-|  > -|  
-|  > -|  
-|  > -|  
-|  > -|  
-|  > 
-|  
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] FW: GESIS Samba config

2005-09-22 Thread (C)ollen

Try ENGLISH 

[EMAIL PROTECTED] wrote:

Hallo zusammen,

Herr Lendecke bat mich, die Samba Konfiguration zu mailen, die wir hier
im Einsatz haben. Ich habe das für eine Server oben zusammengestellt.

Es gibt folgende Ziele, die erreicht werden sollen:

1.) völlige Virutalisierung von Samba (Unabhänigkeit von der Hardware)
ähnlich SAP

2.) Dedizierte Server für z.B.:
profile
homedirs
kunden der gesis/sz ag

3.) Hochverfügbarkeit der einzelnen Instanzen.

Ich bitte um Kommentar dazu. Ich bin heute vorort und per Handy erreichbar. 


Mit freundlichem Gruß,



Dirk Laurenz
Systems Engineer

Fujitsu Siemens Computers
S CE DE SE PS N/O
Sales Central Europe Deutschland 
Professional Service Nord / Ost


Hildesheimer Strasse 25
30880 Laatzen
Germany

Telephone:  +49 (511) 84 89 - 18 08
Telefax:+49 (511) 84 89 - 25 18 08
Mobile: +49 (170) 22 10 781
Email:  mailto:[EMAIL PROTECTED]
Internet:   http://www.fujitsu-siemens.com
http://www.fujitsu-siemens.de/services/index.html
***
  


-|  -Original Message-
-|  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
-|  Sent: Thursday, September 22, 2005 10:25 AM

-|  To: Laurenz, Dirk
-|  Subject: GESIS Samba config
-|  
-|  
-|  
-|  



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] strange error 1937

2005-09-22 Thread Mario Gzuk
Hi,
After configuring and populating I try to add the accounts from a NT4
domain.
The "net rpc samdump -S SERVERNAME" works as expected.
I can see the Password hashes and all computers and users.
After that I try to NET VAMPIRE.
The groups were added fine but for each computer and user account I get
this error:

...passdb/pdb_ldap.c:ldapsam_add_sam_account(1937)
ldapsam_add_sam_account: failed to modify/add user with uid = .

the normal smbldap-useradd works also as expected. I try all findable
documentation and searched for this error but found nothing. I try it
with samba 3.0.13 and 3.0.14 / smbldap-tools 0.9.0 and 0.9.1 with the
same result


---SNIP-
The ldap log tell me:
 conn=2 op=94 SRCH base="dc=example,dc=com" scope=2 deref=0
filter="(&(objectClass=posixAccount)(uid=user2))"
 conn=2 op=94 SRCH attr=uid userPassword uidNumber gidNumber cn
homeDirectory loginShell gecos description objectClass
 conn=2 op=94 SEARCH RESULT tag=101 err=0 nentries=1 text=
 conn=1 op=186 SRCH base="dc=example,dc=com" scope=2 deref=0
filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(objectClass=sambaSamAccount))"
 conn=1 op=186 SRCH attr=uid uidNumber gidNumber homeDirectory
sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
 conn=1 op=186 SEARCH RESULT tag=101 err=0 nentries=0 text=
 conn=1 op=187 SRCH base="dc=example,dc=com" scope=2 deref=0
filter="(&(&(objectClass=sambaSamAccount)(uid=user2))(objectClass=sambaSamAccount))"
 conn=1 op=187 SRCH attr=uid uidNumber gidNumber homeDirectory
sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
sambaPasswordHistory modifyTimestamp sambaLogonHours
 conn=1 op=187 SEARCH RESULT tag=101 err=0 nentries=0 text=
 conn=1 op=188 SRCH base="dc=example,dc=com" scope=2 deref=0
filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(objectClass=sambaSamAccount))"
 conn=1 op=188 SRCH attr=uid uidNumber gidNumber homeDirectory
sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
 conn=1 op=188 SEARCH RESULT tag=101 err=0 nentries=0 text=
 conn=1 op=189 SRCH base="dc=example,dc=com" scope=2 deref=0
filter="(&(objectClass=sambaSamAccount)(uid=user2))"
 conn=1 op=189 SRCH attr=uid uidNumber gidNumber homeDirectory
sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
sambaPasswordHistory modifyTimestamp sambaLogonHours
 conn=1 op=189 SEARCH RESULT tag=101 err=0 nentries=0 text=
 conn=1 op=190 SRCH base="dc=example,dc=com" scope=2 deref=0
filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))"
 conn=1 op=190 SRCH attr=uid uidNumber gidNumber homeDirectory
sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
sambaPasswordHistory modifyTimestamp sambaLogonHours
 conn=1 op=190 SEARCH RESULT tag=101 err=0 nentries=0 text=
 conn=1 op=191 ADD dn="uid=user2,dc=example,dc=com"
 conn=1 op=191 RESULT tag=105 err=68 text=èV^W^H^X^V.A
\204î,@^P3^W^HDx,@[EMAIL PROTECTED]@[EMAIL PROTECTED]@^HY^W^H^C
--SNAP---

This is the add user script:
add user script = smb

RE: [Samba] FW: GESIS Samba config

2005-09-22 Thread Dirk.Laurenz
PLEASE IGNORE THIS MESSAGE

Mit freundlichem Gruß,



Dirk Laurenz
Systems Engineer

Fujitsu Siemens Computers
S CE DE SE PS N/O
Sales Central Europe Deutschland 
Professional Service Nord / Ost

Hildesheimer Strasse 25
30880 Laatzen
Germany

Telephone:  +49 (511) 84 89 - 18 08
Telefax:+49 (511) 84 89 - 25 18 08
Mobile: +49 (170) 22 10 781
Email:  mailto:[EMAIL PROTECTED]
Internet:   http://www.fujitsu-siemens.com
http://www.fujitsu-siemens.de/services/index.html
***
  

-|  -Original Message-
-|  From: 
-|  [EMAIL PROTECTED]
-|  rg 
-|  [mailto:[EMAIL PROTECTED]
-|  .samba.org] On Behalf Of [EMAIL PROTECTED]
-|  Sent: Thursday, September 22, 2005 10:34 AM
-|  To: samba@lists.samba.org
-|  Subject: [Samba] FW: GESIS Samba config
-|  
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Recall: GESIS Samba config

2005-09-22 Thread Dirk.Laurenz
Laurenz, Dirk would like to recall the message, "GESIS Samba config".
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] FW: GESIS Samba config

2005-09-22 Thread Dirk.Laurenz
Hallo zusammen,

Herr Lendecke bat mich, die Samba Konfiguration zu mailen, die wir hier
im Einsatz haben. Ich habe das für eine Server oben zusammengestellt.

Es gibt folgende Ziele, die erreicht werden sollen:

1.) völlige Virutalisierung von Samba (Unabhänigkeit von der Hardware)
ähnlich SAP

2.) Dedizierte Server für z.B.:
profile
homedirs
kunden der gesis/sz ag

3.) Hochverfügbarkeit der einzelnen Instanzen.

Ich bitte um Kommentar dazu. Ich bin heute vorort und per Handy erreichbar. 

Mit freundlichem Gruß,



Dirk Laurenz
Systems Engineer

Fujitsu Siemens Computers
S CE DE SE PS N/O
Sales Central Europe Deutschland 
Professional Service Nord / Ost

Hildesheimer Strasse 25
30880 Laatzen
Germany

Telephone:  +49 (511) 84 89 - 18 08
Telefax:+49 (511) 84 89 - 25 18 08
Mobile: +49 (170) 22 10 781
Email:  mailto:[EMAIL PROTECTED]
Internet:   http://www.fujitsu-siemens.com
http://www.fujitsu-siemens.de/services/index.html
***
  

-|  -Original Message-
-|  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
-|  Sent: Thursday, September 22, 2005 10:25 AM
-|  To: Laurenz, Dirk
-|  Subject: GESIS Samba config
-|  
-|  
-|  
-|  
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Authentication for user FAILED with error NT_STATUS_NO_SUCH_USER

2005-09-22 Thread paul kölle
Sérgio A P Ferreira wrote:
> Hi list,

> Sep 21 14:59:15 zeus slapd[2123]: conn=18 op=2 SRCH
> base="dc=cultura,dc=gov,dc=br" scope=2 deref=0
> filter="(&(uid=testuser)(objectClass=sambaSamAccount))"
> Sep 21 14:59:15 zeus slapd[2123]: conn=18 op=2 SRCH attr=uid uidNumber
> gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange
> sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName
> sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
> sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory
> modifyTimestamp sambaLogonHours modifyTimestamp
> Sep 21 14:59:15 zeus slapd[2123]: conn=18 op=2 SEARCH RESULT tag=101 err=0
> nentries=0 text=
See the nentries=0? This is telling you the object was not found in your
LDAP directory. Try to search from the commandline with ldapsearch like:

ldapsearch -D  -b "dc=gov,dc=br" -W (&(uid=testuser)(objectClass=sambaSamAccount)

if that doesn't work try modifying the search filter to read:

(&(uid=*)(objectClass=*)

if it works (you get the entries back), your entry most likely misses
the sambaSamAccount attributes, that is to say you missed a step in your
setup (smbpasswd?)

if it does not work it might be a problem with ACLs in your LDAP server.
 Try using your "rootdn" from slapd.conf for the -D switch in the above
search. If that works change your ACLs to allow your "ldap admin dn" to
read and write the necessary attributes.

Another thing to check is if your users are visible to the system via
NSS, a "getent passwd" should show your samba users along with the users
from /etc/passwd.

hth
 Paul

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Re: locking.tdb: expand_file ftruncate to 8192 failed (Permission denied)

2005-09-22 Thread Axel Thimm
On Wed, Sep 21, 2005 at 04:34:32PM -0700, Jeremy Allison wrote:
> On Thu, Sep 22, 2005 at 01:01:45AM +0200, Axel Thimm wrote:
> > Should I generate a more verbose debug log (what log level
> > settings?) and place it somewhere on the net?
> > 
> > I wonder how I'm triggering that code path, it certainly isn't seen by
> > the typical RHEL4 installs. The lock directory is set to reside on a
> > GFS filesystem, could that make a difference (shouldn't as it is
> > supposed to be POSIX compliant local-fs-like filesystem)?
> 
> Oh almost certainly that's the problem. Did you test my test program
> on a GFS filesystem ? Doesn't GFS use crypto credentials to prevent
> people hijacking root ? If that's the case I bet they break POSIX
> semantics w.r.t. this.
> 
> Why are you putting the locking db on a GFS filesystem anyway. That's
> madness !

The reason is to have a poor-man's-clustered-samba by placing lock and
private dir on a common share and have the relocated smbd/nmbd pairs
access them. E.g. relocating within the cluster is effectively like
restarting smbd/nmbd on a node.

On Wed, Sep 21, 2005 at 04:37:32PM -0700, Jeremy Allison wrote:
> On Thu, Sep 22, 2005 at 01:09:30AM +0200, Axel Thimm wrote:
> > # mount | grep gfs
> > /dev/mapper/physik-data on /srv/physik.fu-berlin.de/data type gfs
> > (rw,acl)
> > # pwd
> > /srv/physik.fu-berlin.de/data/samba-test
> > # ls -l
> > total 32
> > -rwxr-xr-x  1 root root 10080 Sep 22 00:38 a.out
> > -rw---  1 root root  1231 Sep 22 00:35 test.c
> > -rw-r--r--  1 root root 0 Sep 22 01:07 testfile
> > # ./a.out testfile thimm
> > Segmentation fault
> 
> What's the gdb backtrace. There's probably a bug in one of
> the error condition printing in the test code.

(gdb) run testfile thimm
Starting program: /srv/physik.fu-berlin.de/data/samba-test/a.out testfile thimm

Program received signal SIGSEGV, Segmentation fault.
0x003e18a6fb00 in strlen () from /lib64/tls/libc.so.6
(gdb) bt
#0  0x003e18a6fb00 in strlen () from /lib64/tls/libc.so.6
#1  0x003e18a428dc in vfprintf () from /lib64/tls/libc.so.6
#2  0x003e18a3f299 in buffered_vfprintf () from /lib64/tls/libc.so.6
#3  0x003e18a3f479 in vfprintf () from /lib64/tls/libc.so.6
#4  0x003e18a47d96 in fprintf () from /lib64/tls/libc.so.6
#5  0x00400b2b in main (argc=3, argv=0x7fb8a8) at test.c:55

> As I said, I bet GFS isn't POSIX complient. Don't put locking
> tdb's on anything but local filesystems.

Well, GFS claims to be POSIX and local-like in any way. Maybe it is
just a bug in GFS? Does POSIX ensure that you can open an fd under
some user and not lose access right to the fd when dropping
priviledges?

Thanks!
-- 
Axel.Thimm at ATrpms.net


pgp5kMboOMrTe.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba with Mysql, compilation problem.

2005-09-22 Thread (C)ollen

hmm.. try

./configure --with-expsam=mysql --with-shared-modules=pdb_mysql

mysql lib's in the: /usr/lib/mysql (symlink will do)
mysql headers in the: /usr/include/mysql (symlink will do)

you can compile the mysql_backend into samba so there isn't an external 
module !


your problem is that samba can't find the header files from mysql (.h)
I think that the guy's from debian left the mysql backend out,
coz' it's somewhat experimental, and lackes support..
never the less, it works, and we have it up and running for almost 
2years now!!


have fun

Collen Blijenberg (MLHJ)

MARTIN Pierre wrote:
First i would like to say hello to everybody here, because i am new to 
this ML.


So here is the description of my problem:
I began with a clean samba installation from the stable branch few 
monthes ago, everything was just fine, i have a linux box which was 
sharing files for another linux workstation and two WinXP laptops. The 
sharing linux box is a debian stable branch O/S, which is my choice for 
a long time now.


Few weeks ago, i decided to make my sparkling samba installation 
virtual-users aware, and i began to crawl on various websites, all 
explaining the smb.conf parametters to give. I figured out that i was 
just not able to make it run because of a main problem, the apt-get 
samba gave me a non mysql-powered-samba version :(


So i removed the samba package from the computer, and dowloaded the 
debian source of it. Basic source, untared, and had a look to the 
debian/rule file. I saw there was any parametters given about mysql 
building, so i also had a look at the configure script's options. It 
always compiles the brand new warm .deb packages (after i fixed some 
lacky dependencies, i had to make a fake mysql-common package by 
myselve, because i already had mysql installed from sources and did not 
want to install the deb package, etc...). I'm now totally lost, i have 
try everything and i can't get this pdb_mysql.so "plugin" ready :(


So maybe i have miss something, maybe there is another way to make it as 
i wish to be, maybe there is a simple way to indirectly link samba to 
mysql with pam (I don't know PAM rules at all, i neither don't know how 
it works).


It has been 4 days i'm looking for a solution, mailing random people i 
find on websites, no answers from them.


Please if somebody has any clue, let me know a link, a sound, a color, 
anything to find a way to make it work...

Anything to make it work from the stable .deb packages appreciated too.

Thank you a lot!

Pierre.

P.S.: Here is the current configure parametters i use extracted from my 
rule file:
   --cache-file=./config.cache --with-fhs --enable-shared 
--enable-static --prefix=/usr --sysconfdir=/etc --libdir=/etc/samba 
--with-privatedir=/etc/samba --with-piddir=/var/run/samba 
--localstatedir=/var --with-netatalk --with-pam --with-syslog 
--with-utmp --with-readline --with-pam_smbpass --with-libsmbclient 
--with-winbind --with-msdfs --with-automount --with-tdbsam --with-ldap 
--with-python=python2.3 --with-mysql --enable-mysql 
--with-mysql-prefix=/usr/local/mysql --with-expsam=mysql


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] we have domain logon authentication but profile loads SLOW

2005-09-22 Thread Modus Operandi
Hey samba friends,

We are getting really bad performance from the samba
server. Profiles are taking forever to d/l. This is in
an isolated environment: one client, one server,
attached to a 100 Mbps switch. Ping is
min/avg/max/mdev 0.174/0.190/0.309/0.036 ms. 

On irc.freenode.org #samba we have been met with some
derision for using ping to test throughput. We also
tested with rsync and the isolated test environment
seemed speedy, but the IRC guys won't talk to us
unless we test throughput with http or ftp. The
problem with that is, the sambatest server is offline
and for performance reasons we are < psyched about
installing apache2 on the box. Even trying to install
proftp on the samba server is problematic because we
have to set up a knoppix livecd next to the isolated
network, tunnel through the mailserver and firewall,
and get debs (mailserver and sambatest both Ubuntu
Breezy) which we d/l to knoppix, then unplug knoppix
from the network and plug into the test switch, and
then we still have to use dpkg instead of apt-get to
install proftpd, resolve conflicts, satisfy
dependencies, etc. Hopefully you can see why testing
the throughput of the switch is a PITA. Even if we
turn off samba to join the test server to the LAN
(we don't want the PDCs to get into a battle!) we
still have to set up apt to use our proxy server. We
can't even use apt-get install apt-proxy!

Meanwhile, we think the bandwidth benchmark is
irrelevant to the problem we're having -- IRC opinions
notwithstanding. It just seems like a lot of trouble
to test throughput on a switch we know is working fine
at 100Mbps. There must be another problem!

Default profile < 5 MB. We have domain logons. 

Also, I don't remember how to make a default profile 
on a windows box and move it to the samba PDC. I want 
to use the old profile from:
/etc/samba/netlogon/default user 
but change paths, proxy settings, etc.

-- 
/home/modus/.signature
Thu Sep 22 02:41:56 EDT 2005
The Moon is Waning Gibbous (79% of Full)

In the immortal words of Modus Operandi <[EMAIL PROTECTED]>:
> In the immortal words of Modus Operandi <[EMAIL PROTECTED]>:
> > 
> > we have been trying to move our samba box to a faster server, with better
> > NICs, faster processor and more memory.
> > 
> > both the old and new server are using samba 3.0.14A
> > both on debian based distributions (old was sarge, new is breezy)
> > 
> > here are the steps we followed:
> > install samba from the apt archives.
> > confirmed that they were the same version.
> > copied smb.conf from old server to new server.
> > changed domain name, or workgroup = domain2
> > as well as netbios name
> 
>   
> 
>   Well, that was the problem. I set the workgroup and
> the netbios to the same name, which was causing the
> "duplicate name" error.
> 
>   Not sure why the old install worked just fine with
> netbios and workgroup set to the same thing.
> 
>   Anyway, we can now log on to the domain without the
> error. There are still problems, though ... the
> authentication procedure is incredibly slow -- and the
> reason we got a new server was so it would be faster.
> 
>   Tomorrow, I will make sure all the users are created
> with the same uid on the new server, and then convert
> our old smbpasswd to tdb format.
> 
> -- 
> /home/modus/.signature
> Mon Sep 19 18:19:45 EDT 2005
> The Moon is Waning Gibbous (95% of Full)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba