Re: [Samba] Windows interacting with SAMBA share
On Fri, Oct 21, 2005 at 03:29:50PM -0600, Jeremy Hatter - BIA wrote: > Hi, > > My company has a Samba [3.0] share on a Debian Linux 3.0 [Kernel 2.6] > machine and we are trying to copy a large file [>2GB] from a Windows > machine to the Samba share. When we try to do this, it only copies 2GB > of the information. We were previously having a similar issue when > transfering a large file [>2GB] from Linux to a Windows share [mounted > as smbfs], but fixed that with the 'lfs' option in the mount command. > Does anyone know what settings need changed to allow the Samba share to > accept large files from Windows? I've searched the internet for a > couple days now and haven't found a solution. Thanks for your help. Are you using cifsfs ? It should work with this solution, not smbfs. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows interacting with SAMBA share
Hi, My company has a Samba [3.0] share on a Debian Linux 3.0 [Kernel 2.6] machine and we are trying to copy a large file [>2GB] from a Windows machine to the Samba share. When we try to do this, it only copies 2GB of the information. We were previously having a similar issue when transfering a large file [>2GB] from Linux to a Windows share [mounted as smbfs], but fixed that with the 'lfs' option in the mount command. Does anyone know what settings need changed to allow the Samba share to accept large files from Windows? I've searched the internet for a couple days now and haven't found a solution. Thanks for your help. Jeremy _ Jeremy Hatter Business Intelligence Associates, Inc. Voice: 212-240-2282 Fax: 212-240-2298 [EMAIL PROTECTED] http://www.biaprotect.com http://www.biaprotect.com/> Digital Discovery Services & Computer Forensics This message may contain confidential and/or legally privileged information intended only for the use of the individual(s) named on the To:, Cc: and Bcc: lines. If you are not one of the intended recipient(s), then you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this email transmission is strictly prohibited. If you have received this communication in error, please delete the email in its entirety and call or email us immediately so that we may take appropriate steps to correct the problem at no cost to you. Even if this message has reached you in error, sender does not in any way waive confidentiality or privilege. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] DFS not working w/ fully.qualified.sub.domain
Hi: I've got a samba/DFS server configured that works fine under it's original name, but I'm getting booted out of that DNS domain, into a subdomain. All my (WinXP) clients have drives mapped to names like \\server.domain.com\dfsroot. If I browse to the path, \\server.domain.com\dfsroot, everything works. I can access the shares pointed to via the dfs links But, now the network is being re-architected... The clients will be in multiple IP subnets, and the server needs to be moved to a subdomain of "domain.com". I configured a "sub.domain.com" on my DNS server. I can browse via the new name: \\server.sub.domain.com\dfsroot, and I can see all the links, but when I rt-click, and view properties on any of these links, the DFS tab is missing. If I rt-click/view-properties on a dfs-link using the old server name, I can see the DFS tab again. How do I get the DFS tab back? How do I make the DFS links work when the DFS server is in a subdomain? - Other info: clicking on a DFS link gives me the error message: \\server.sub.domain\dfsroot\remoteshare refers to a location that is unavailable. I don't know if this is a server-side issue, or a client side issue. I get the same results when trying to access the DFS links from a windows 2003 machine. An nt4 machine will refuse to talk to the samba server on the new name at ALL. It gives a message "The network path was not found" when trying to browse the path "\\server.sub.domain.com". Is this some "feature" of windows clients? Is this a known problem? Does anyone know if the same behavior exists when trying to browse a DFS share on a win'2000 server when it has its host-name in a sub-domain? -Bill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Upgrading from SAMBA 2.2.8 to 3.0.20?
On Friday 21 October 2005 12:42, Paul Apking wrote: > What files do I need to worry about backing up in order to do this > upgrade? Also will SAMBA automatically upgrade these older version files > automatically? > > If anyone have a website link for help in order to do this, it would be > greatly appreciated. > > Thank you, > > -Paul Paul, I wrote a whole chapter on this subject in my book "Samba-3 by Example". You can buy a hard copy from Amazon.Com (get the second edition) or download it from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf See chapter 8 (if I recall correctly). - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228 Samba-3 by Example, 2 Ed., ISBN: 0131882221X Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrading from SAMBA 2.2.8 to 3.0.20?
What files do I need to worry about backing up in order to do this upgrade? Also will SAMBA automatically upgrade these older version files automatically? If anyone have a website link for help in order to do this, it would be greatly appreciated. Thank you, -Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba creating multiple isntances of the deamon
(2005.10.21, 14:34) >> > Ok, if I understand you you're re-exporting an NFS mount from the >> > Linux box to the Windows clients via Samba. Looks to me like the >> > kernel share mode code isn't working over NFS properly. Can you try >> > removing the define "#define HAVE_KERNEL_SHARE_MODES 1" from >> > include/config.h and rebuilding - that should stop it making this >> > call. >> >> Jeremy, >> >> YES! This appears to have solved both problems (i.e., the >> multiplication of processes AND the issues with re-reading >> directories). >> >> Jeremy, thanks a million times for your responsiveness and accuracy. > No problem - looks like a kernel bug though. Can you let me know > exactly what Linux distro + kernel version (plus any patches) > you were testing on. Jeremy, Fedora 4, with the following uname output: Linux linux 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:55:56 EDT 2005 i686 athlon i386 GNU/Linux Benoît Benoît Gauthier, mailto:[EMAIL PROTECTED] Réseau Circum inc. / Circum Network Inc. Nouvelles/News http://circum.com 74, rue du Val-Perché, Gatineau, Québec (Canada) J8Z 2A6 +1 819.770.2423 télec. fax: +1 819.770.5196 http://c2005.evaluationcanada.ca/ http://evaluationcanada.ca/ http://simulation.evaluationcanada.ca/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba creating multiple isntances of the deamon
On Fri, Oct 21, 2005 at 01:40:16PM -0400, Benoit Gauthier wrote: > (2005.10.21, 13:39) > > > Ok, if I understand you you're re-exporting an NFS mount from the > > Linux box to the Windows clients via Samba. Looks to me like the > > kernel share mode code isn't working over NFS properly. Can you try > > removing the define "#define HAVE_KERNEL_SHARE_MODES 1" from > > include/config.h and rebuilding - that should stop it making this > > call. > > Jeremy, > > YES! This appears to have solved both problems (i.e., the > multiplication of processes AND the issues with re-reading > directories). > > Jeremy, thanks a million times for your responsiveness and accuracy. No problem - looks like a kernel bug though. Can you let me know exactly what Linux distro + kernel version (plus any patches) you were testing on. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba+winbind+Cups gives error machine account not found
Hello All, I compiled Samba 3.0.14a with winbind and cups. I am able to join the domain and the wbinfo -g and wbinfo -u gives me all the users in my domain server, but still at the client end it prompts for a username and password. Ideally it should work as a single-sign by allowing me to access the samba server when I login to the domain. My error logs shows something like this: [2005/10/21 11:51:05, 0] passdb/smbpassfile.c:trust_get_passwd(294) domain_client_validate: unable to read the machine account password for machine WNJPRT in domain . [2005/10/21 11:51:05, 1] smbd/password.c:pass_check_smb(500) Couldn't find user 'salva' in smb_passwd file. [2005/10/21 11:51:05, 1] smbd/password.c:pass_check_smb(500) Couldn't find user 'salva' in smb_passwd file. [2005/10/21 11:51:05, 1] smbd/reply.c:reply_sesssetup_and_X(925) Rejecting user 'salva': authentication failed [2005/10/21 13:30:38, 0] passdb/smbpassfile.c:get_trust_account_password(202) get_trust_account_password: Malformed trust password file (wrong length - was 0, should be 45). Any ideas? Thanks in advance!! Sapna -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-EventLog-HOWTO
> -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > For those interested in some more detail of the EventLog > features in the upcoming Samba 3.0.21 release, see: > > http://www.samba.org/~jerry/Samba-EventLog-HOWTO.txt > > Thanks to Brian Mroan and Marcin Porwit at Centeris > for all their hard work. > Perfect. Thanks. -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 742001 E [EMAIL PROTECTED] Open Source. Open Solutions(tm). http://www.suretecsystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba creating multiple isntances of the deamon
(2005.10.21, 13:39) > Ok, if I understand you you're re-exporting an NFS mount from the > Linux box to the Windows clients via Samba. Looks to me like the > kernel share mode code isn't working over NFS properly. Can you try > removing the define "#define HAVE_KERNEL_SHARE_MODES 1" from > include/config.h and rebuilding - that should stop it making this > call. Jeremy, YES! This appears to have solved both problems (i.e., the multiplication of processes AND the issues with re-reading directories). Jeremy, thanks a million times for your responsiveness and accuracy. Bnoît -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting spnego error with 3.0.21pre11 with smbcacls
On Fri, Oct 21, 2005 at 07:26:46PM +0200, Henrik Zagerholm wrote: > Hi Jeremy! > > I'll do that. I guess it is only port 445 that si interesting for you > or? Yep. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting spnego error with 3.0.21pre11 with smbcacls
Hi Jeremy! I'll do that. I guess it is only port 445 that si interesting for you or? regards henrik 21 okt 2005 kl. 19.14 skrev Jeremy Allison: On Fri, Oct 21, 2005 at 06:07:18PM +0200, Henrik Zagerholm wrote: Hi all! Using smbcacls I can change OWNER of a remote file on a Win XP Pro Box but I can't delete or add ACL without getting SPNEGO errors. Error level 3 output attached: [EMAIL PROTECTED] henke]# smbcacls -D 'ACL:BBI-DEV\beakid:ALLOWED/ 0/0x00100116' -U Admin%secret //192.168.1.124/Data 'Niva 1.txt' -d 3 Connecting to host=192.168.1.124 Connecting to 192.168.1.124 at port 445 Doing spnego session setup (blob length=16) server didn't supply a full spnego negprot Got challenge flags: Got NTLMSSP neg_flags=0x628a0215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 Connecting to host=192.168.1.124 Connecting to 192.168.1.124 at port 445 Doing spnego session setup (blob length=16) server didn't supply a full spnego negprot Got challenge flags: Got NTLMSSP neg_flags=0x628a0215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 rpc_pipe_bind: Remote machine 192.168.1.124 pipe \lsarpc fnum 0x4000 bind request returned ok. lsa_io_sec_qos: length c does not match size 8 NT_TRANSACT_SET_SECURITY_DESC failed ERROR: secdesc set failed: NT_STATUS_ACCESS_DENIED Can you send me an ethereal capture trace of this please ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting spnego error with 3.0.21pre11 with smbcacls
On Fri, Oct 21, 2005 at 06:07:18PM +0200, Henrik Zagerholm wrote: > Hi all! > > Using smbcacls I can change OWNER of a remote file on a Win XP Pro > Box but I can't delete or add ACL without getting SPNEGO errors. > Error level 3 output attached: > [EMAIL PROTECTED] henke]# smbcacls -D 'ACL:BBI-DEV\beakid:ALLOWED/ > 0/0x00100116' -U Admin%secret //192.168.1.124/Data 'Niva 1.txt' -d 3 > > Connecting to host=192.168.1.124 > Connecting to 192.168.1.124 at port 445 > Doing spnego session setup (blob length=16) > server didn't supply a full spnego negprot > Got challenge flags: > Got NTLMSSP neg_flags=0x628a0215 > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x60080215 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x60080215 > Connecting to host=192.168.1.124 > Connecting to 192.168.1.124 at port 445 > Doing spnego session setup (blob length=16) > server didn't supply a full spnego negprot > Got challenge flags: > Got NTLMSSP neg_flags=0x628a0215 > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x60080215 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x60080215 > rpc_pipe_bind: Remote machine 192.168.1.124 pipe \lsarpc fnum 0x4000 > bind request returned ok. > lsa_io_sec_qos: length c does not match size 8 > NT_TRANSACT_SET_SECURITY_DESC failed > ERROR: secdesc set failed: NT_STATUS_ACCESS_DENIED Can you send me an ethereal capture trace of this please ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Openldap for PDC
On Fri, 2005-10-21 at 11:07 -0500, Philip Washington wrote: > Michael Gasch wrote: > > > Philip Washington wrote: > > > >> Do you me recover as in recover from a backup or going to the > >> /var/lib/ldap directory and running "db_recover". > > > > i mean db_recover > > any ideas? > > > > thx > > > I wish I did, Craig seems to have the magic touch. I have about 150 > computers + users and transfered that over to one of my Samba computers > in a test environment. I have 4 computers connected to it there, 2 > which came from the original NT Domain and 1 which I connected as BDC > and I have another which I'm going to connect as a domain member > server. So far I haven't gone 2 days without it locking up. I just > updated to openldap 2.2.13-4 last night and if that locks up I'll gather > all the configuration files and post them and hope somebody sees > something I did wrong. > I don't think it's a magic touch thing at all - when I first started playing with samba 3.0.0 and ldap, I knew I was in over my head and spent time learning ldap and getting to the point where I could populate it, use it, repair it and function with it before I went back to samba to integrate it. The problem is trying to get the whole enchilada in one bite leads to a lot of indigestion. I took smaller bites. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-3.0.14a binaries for HP-UX-11.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Proehl wrote: | Hi, | | im looking for a binary package of samba with a libnss_winbind.1 | for HP-UX-11.0 | | The depot files in | | http://de.samba.org/samba/ftp/Binary_Packages/hp/samba-3.0.14a | | look good, but there are these three requierements: | | OpenLdap 2.1.3 (http://hpux.cs.utah.edu) | OpenSSL 0.9.7d (http://hpux.cs.utah.edu) | LibIconv 1.9.2 (http://hpux.cs.utah.edu) | | I was unable to locate this Packages on the HP site. | | Can anybody point me to a location, where I can | find these required files? Eric, Hate to lean on you again, but do you know of a URL for these packages? If you don't know off the top of your head, I'll ping someone someone in the CIFS/9000 group in Cupertino. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "There's an anonymous coward in all of us." --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDWRfXIR7qMdg1EfYRAh2YAKDjZ77g34qwx50vtuuFY7getDgFgACeNRBZ GpOhi9AnUqK9MwCO42krjII= =Khue -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Idealx Add Machine
On Friday 21 October 2005 10:10, Thomas M. Skeren III wrote: > Really frustrated here. After some tweaking I was able to get the > smbldap-useradd script to work for adding samba users. This was > resolved editing sambaDomainName=and adding an Attribute > objectClass with value sambaUnixIdPool, and Attribute uidNumber and > Value equal to one greater than the highest uidNumber currently in use. Thomas, Have you followed the example in chapter 5 of the book "Samba-3 by Example"? http://www.samba.org/samba/docs/Samba3-ByExample.pdf If you can point me to any step that does not work I will gladly work with you to fix it. Adding a machine account on the fly by calling the "add machine script" should create only the POSIX system user account for the machine. Samba will create/add the SambaSAMAccount part. All domain member accounts must be capable of being resolved via NSS. In other words, executing "getent passwd" must list the machine accounts, and these must have a valid UID. Have you followed the diagnostic information in section 5.1.3.7 of the above documentation? If the documentation does not help to solve your problem then it must be rewritten so that it can be used by others who are having your problem. Please help me to fix any weaknesses in the documentation by giving us approapriate feedback. What version of Samba are you using? What is your OS platform? - John T. > > However smbldap-useradd -w continues to produce garbage,. > This is what is being created when the script is run: > > dn: uid=testor2$, ou=computers, dc=fsklaw,dc=com > sn: testor2$ > loginShell: /bin/false > uidNumber: 1110 > gidNumber: 553 > objectClass: top > objectClass: inetOrgPerson > objectClass: posixAccount > uid: testor2$ > gecos: Computer > cn: testor2$ > homeDirectory: /dev/null > description: Computer > > This is, clearly, not going to work as a working machine account > contains the following: > > dn: uid=debbie$, ou=computers, dc=fsklaw,dc=com > sambaPwdLastSet: 1 > sn: debbie$ > sambaAcctFlags: [W ] > loginShell: /bin/false > uidNumber: 1003 > gidNumber: 553 > displayName: Debbie LeBeau > sambaPwdMustChange: > uid: debbie$ > objectClass: top > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: sambaSamAccount > sambaSID: S-1-5- > cn: debbie$ > homeDirectory: /dev/null > sambaNTPassword: 537 > sambaPwdCanChange: 1 > description: Computer > sambaPrimaryGroupSID: S-1- > > Does anyone have any insight here? Adding new machines manually is just > painful. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File remains locked on samba server after client crashed
On Fri, Oct 21, 2005 at 10:23:24AM +0200, Christoph Peus wrote: > Hello experts, > > we have encountered this problem several times with different samba > versions (3.0.20b now) and need a solution now which works without > restarting the samba server: sometimes when a client crashes for > whatever reason while it has a file on the samba server opened, this > file cannot be opened for writing after the client has rebootet. The > locking entry is then associated with a nonexistent pid. > What's the cause of this problem? How can we make this file r/w > accessible again without restart of the samba server (and deletion of > the locking.tdb file)? Once the process holding the record lock has died, the next smbd trying to open this file should clean out the dead lock. You can test this be trying to open the file from another client - this should clean the lock. If it doesn't I'd like to see a debug level 10 log from the client doing the open to clean the lock. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT_STATUS_SHARING_VIOLATION - roaming profiles not working?
Recently I installed Windows 2000 on some amount of older PCs (200 MHz CPU etc.). After the installation is complete I always make a "test" login with one and the same user. Several times, when I login to a newly installed workstation (first or second login), Windows says that my profile is not accessible, and that I should contact my Administrator. Since I'm the administrator, I'm asking here :) In Samba logs I can see NT_STATUS_SHARING_VIOLATION. Next time I login with that user, I either have "NT_STATUS_SHARING_VIOLATION", or don't have it at all, or the problem exists until I reboot the workstation. Anyone know how to explain it? I use Samba 3.0.14a. -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Idealx Add Machine
Really frustrated here. After some tweaking I was able to get the smbldap-useradd script to work for adding samba users. This was resolved editing sambaDomainName=and adding an Attribute objectClass with value sambaUnixIdPool, and Attribute uidNumber and Value equal to one greater than the highest uidNumber currently in use. However smbldap-useradd -w continues to produce garbage,. This is what is being created when the script is run: dn: uid=testor2$, ou=computers, dc=fsklaw,dc=com sn: testor2$ loginShell: /bin/false uidNumber: 1110 gidNumber: 553 objectClass: top objectClass: inetOrgPerson objectClass: posixAccount uid: testor2$ gecos: Computer cn: testor2$ homeDirectory: /dev/null description: Computer This is, clearly, not going to work as a working machine account contains the following: dn: uid=debbie$, ou=computers, dc=fsklaw,dc=com sambaPwdLastSet: 1 sn: debbie$ sambaAcctFlags: [W ] loginShell: /bin/false uidNumber: 1003 gidNumber: 553 displayName: Debbie LeBeau sambaPwdMustChange: uid: debbie$ objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount sambaSID: S-1-5- cn: debbie$ homeDirectory: /dev/null sambaNTPassword: 537 sambaPwdCanChange: 1 description: Computer sambaPrimaryGroupSID: S-1- Does anyone have any insight here? Adding new machines manually is just painful. TMS III -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Openldap for PDC
Michael Gasch wrote: Philip Washington wrote: Do you me recover as in recover from a backup or going to the /var/lib/ldap directory and running "db_recover". i mean db_recover any ideas? thx I wish I did, Craig seems to have the magic touch. I have about 150 computers + users and transfered that over to one of my Samba computers in a test environment. I have 4 computers connected to it there, 2 which came from the original NT Domain and 1 which I connected as BDC and I have another which I'm going to connect as a domain member server. So far I haven't gone 2 days without it locking up. I just updated to openldap 2.2.13-4 last night and if that locks up I'll gather all the configuration files and post them and hope somebody sees something I did wrong. Michael Gasch wrote: hi, we had the same issues with openldap backend and bdb as backend. sometimes the backend broke and we had to recover the bdb db. it seems to be an issue between openldap v2 + bdb 4.2 + DB_CONFIG + filesystem (now /var/lib/ldap is on a seperate partition and ext3) - currently this works for us greez Philip Washington wrote: I have been testing with openldap_2.2.13-2 and have experience on 2 occasions lockups where the ldap server does not respond (slapcat will just hang). I have upgraded to openldap_2.2.13-4. Is there a recommended version of openldap for SambaPDC? Does anyone have a system in production using openldap_2.2.13-2 or openldap_2.2.13-4? I'm currently using samba3-20b any recommendations for a production system would be welcome. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Getting spnego error with 3.0.21pre11 with smbcacls
Hi all! Using smbcacls I can change OWNER of a remote file on a Win XP Pro Box but I can't delete or add ACL without getting SPNEGO errors. Error level 3 output attached: [EMAIL PROTECTED] henke]# smbcacls -D 'ACL:BBI-DEV\beakid:ALLOWED/ 0/0x00100116' -U Admin%secret //192.168.1.124/Data 'Niva 1.txt' -d 3 Connecting to host=192.168.1.124 Connecting to 192.168.1.124 at port 445 Doing spnego session setup (blob length=16) server didn't supply a full spnego negprot Got challenge flags: Got NTLMSSP neg_flags=0x628a0215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 Connecting to host=192.168.1.124 Connecting to 192.168.1.124 at port 445 Doing spnego session setup (blob length=16) server didn't supply a full spnego negprot Got challenge flags: Got NTLMSSP neg_flags=0x628a0215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 rpc_pipe_bind: Remote machine 192.168.1.124 pipe \lsarpc fnum 0x4000 bind request returned ok. lsa_io_sec_qos: length c does not match size 8 NT_TRANSACT_SET_SECURITY_DESC failed ERROR: secdesc set failed: NT_STATUS_ACCESS_DENIED Regards Henrik 21 okt 2005 kl. 17.38 skrev Gerald (Jerry) Carter: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For those interested in some more detail of the EventLog features in the upcoming Samba 3.0.21 release, see: http://www.samba.org/~jerry/Samba-EventLog-HOWTO.txt Thanks to Brian Mroan and Marcin Porwit at Centeris for all their hard work. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDWQt+IR7qMdg1EfYRAlFoAJ4oFVWT/Ao5vau4VVY8SFv5fFrF8ACgldds /CuxRB/5z7bJBQkQiCKcP4c= =r17L -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [Possible BUG] Samba v3.0.20b and permissions POSIX/Samba
On 10/20/05, Gerald (Jerry) Carter <[EMAIL PROTECTED]> wrote: > If you are using 'store dos attributes = yes' but have not specifically > set any attributes on that file, then the alternatives I mentioned > still apply. What do you have to do to specifically set attributes on the file? Do you have to do this yourself, or will the OS do it for you under certain circumstances? We have some files that need to never be read-only. We've been using fake_perms to work around this, but store dos attributes sounds like a better solution, if it will work. (Or I suppose I could just wait for 3.0.21.) Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-EventLog-HOWTO
On Fri, 2005-10-21 at 10:38 -0500, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > For those interested in some more detail of the EventLog > features in the upcoming Samba 3.0.21 release, see: > > http://www.samba.org/~jerry/Samba-EventLog-HOWTO.txt > > Thanks to Brian Mroan and Marcin Porwit at Centeris > for all their hard work. I think that in the meat packing industry, a common phrase is 'everything but the oink' - a reference to getting utilization out of every piece. Samba is integrating incredible stuff. Thanks Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] passdb backend = guest ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 julius Junghans wrote: | Hi, | | im reading the Samba 3 Howto / Chapter 7. Standalone Servers at the | moment, where can i get more infos about: | passdb backend = guest ? It's builtin. DOn't mess with it. There's a reason its not documented. And you cannot remove it. it simply provides a guarantee that the guest account has a valid account entry. Setting 'passdb backend = smbpasswd' and adding no entryies is the same thing as what you suggest. It does not give you a guest server however. For that you need the 'map to guest' parameter. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "There's an anonymous coward in all of us." --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDWQ5eIR7qMdg1EfYRAiYEAJwIaAbWh7CgUP6sqL5JkQcuNcCz9gCdFIwR HahTezOwbkEYQJeWwSs3Xts= =ufAw -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with MsOffice write processus and Acls
Hi, Perhaps some of you have some advice for dealing with this problem? I've done quite a bit of googling on this one, but I can't find anything useful. This is the situation: Basics: Debian sarge Kernel 2.6.11 Samba 3.0.20 Filesystem: reiserfs Mount options: acl,noatime Config: auth methods = winbind security = ADS passdb backend = tdbsam guest Everything works so far. Now the problem: We have a file "test.doc" which is a word 2000 file. in a test_dir directory The file is owned by "jp", group "word" # file: test.doc # owner: MYDOMAIN+jp # group: MYDOMAIN+word user::rwx user:MYDOMAIN+jp:rwx group::r-x mask::rwx other::r-x # file: test_dir # owner: MYDOMAIN+Administrateur # group: MYDOMAIN+word user::rwx group:MYDOMAIN+word:r-x group::r-x mask::rwx other::r-x I can read the file, but i can't modify it. .This is because MSword opens a temporary file (starting with ~) and then does a copy of this temporary file to the originally opened file. The probleme is : I can't create the temporary file due to the directory permissions. How do I fix this? Thanks in advance, JP -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] passdb backend = guest ?
On Friday 21 October 2005 11:24 am, julius Junghans wrote: > im reading the Samba 3 Howto / Chapter 7. Standalone Servers at the > moment, where can i get more infos about: > passdb backend = guest ? Interesting. I have seen that before and since it isn't documented in the smb.conf man page thought it was a bogus value. Turns out that it possibly is valid and potentially useful. Although the context I've seen it in is as a second value: "passdb backend = tdbsam guest", which use isn't quite clear. The Debian setups seem to add this value to the default smb.conf. This value should be documented and explained in the smb.conf man page. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-EventLog-HOWTO
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For those interested in some more detail of the EventLog features in the upcoming Samba 3.0.21 release, see: http://www.samba.org/~jerry/Samba-EventLog-HOWTO.txt Thanks to Brian Mroan and Marcin Porwit at Centeris for all their hard work. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDWQt+IR7qMdg1EfYRAlFoAJ4oFVWT/Ao5vau4VVY8SFv5fFrF8ACgldds /CuxRB/5z7bJBQkQiCKcP4c= =r17L -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] passdb backend = guest ?
Hi, im reading the Samba 3 Howto / Chapter 7. Standalone Servers at the moment, where can i get more infos about: passdb backend = guest ? Greets Julius -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migration to Samba using external LDAP server
Hello, we are in the process of implementing a samba server running 3.0.14 and an external LDAP server running Microsoft ADAM. We have it also running with Open LDAP for UNIX under Redhat. It works fine for every user account that accesses the samba instance. The user mapping is done and all works fine. Now we have the major problem of the migration and I would need some guidance here please. The external LDAP server does the mapping from the UID/GID to the SID from MS every time a new user accesses the samba instance. But now we want to consolidate multiple servers (from the same domain) to this samba instance. We have about ~2.000 users in our domain and we can not let all of them contact the samba server to create a user mapping. The current situation is that we have to copy about 1.2TB of data to this samba server maintaining the user permissions. We are used to tools like Robocopy or Xcopy to migrate data to windows servers but in this case we are not sure what will happen with the permissions of the files if we use such tools with our samba server. So my questions would be: - Are there any procedure/best practices how to migrate to samba using external LDAP server? - How can we create the appropriate mapping on the external LDAP server to maintain the permissions? Any help would be appreciated and please do not reply with emails like "don't use samba, use NetApp" what happened in the past. We are not interested in any other expensive NAS solution. Thanks in advance. Best regards, Pseudomizer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] MS SQL server and samba
Hans We have tried to do exactly the same thing this week. Did you manage to get a solution and if so please could you post it up. Thanks Jo This email has been independently scanned for viruses and any virus software has been removed using McAfee anti-virus software -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Could not get RealPath CORDAF/*
Hi, I have a strange problem : some users cannot acces to diretcory, the message is "access denied". The ACL is correct # file: rsrv/vol2/data1/groupes/CORDAF # owner: root # group: Utilisateurs user::rwx user:mro:r-x user:sad:r-x group::--- group:administrateurs:rwx group:daf:rwx mask::rwx other::--- default:user::rwx default:user:mro:r-x default:user:sad:r-x default:group::--- default:group:administrateurs:rwx default:group:daf:rwx default:mask::rwx default:other::--- The user lge is member of group daf, but cannot acces to to directory. In log I find Could not get RealPath CORDAF/* But if I add the user directly to the ACL, no problem Maybe is caused by the update to last service pack on the laptop, because a other people which is also member of group daf can acces correctly. can anyone have problem with last service pack ? Configuration : samba 3.0.20b ldap backend ldap:trusted=yes privileges enabled. file is on a XFS partition. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Advices for Samba and OpenLDAP
Michael Gasch schrieb: We are running almost 30 OpenLDAP (2.2.20 nd 2.2.24) servers (masters, slaves). No weird behaviour so far (we didn't torture it though). want to have my script :) ? sure, I could test it on a separate test server. publish it somewhere on the web, so that all human kind could kill their OpenLDAp servers :) We are running a ldbm backend (so it doesn't need a DB_CONFIG file). we had trouble with ldbm - it didn't crash but some entries simply were missing after some minutes of running slapd, samba couldn't find some users/groups although they were in the database, ldapsearch -x uid=someuser sometimes returns "dn: uid=someuser" and sometimes not and so on. may be it was a caching/indexing issue? weird. IMHO, the behaviour should be proper in each case and not depend on the backend used. In your case I'd upgrade to a newest 2.2.x version, and if the problem still happens, ask at OpenLDAP mailing lists, as it's a problem with OpenLDAP really, not with Samba. i know and already did that. but this list is good visited so i saw a chance to find someone with the same problems or more experience and still the same issues after an upgrade? maybe it's something with *bdb* libraries, headers etc., on which OpenLDAP depends? -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Advices for Samba and OpenLDAP
We are running almost 30 OpenLDAP (2.2.20 nd 2.2.24) servers (masters, slaves). No weird behaviour so far (we didn't torture it though). want to have my script :) ? We are running a ldbm backend (so it doesn't need a DB_CONFIG file). we had trouble with ldbm - it didn't crash but some entries simply were missing after some minutes of running slapd, samba couldn't find some users/groups although they were in the database, ldapsearch -x uid=someuser sometimes returns "dn: uid=someuser" and sometimes not and so on. may be it was a caching/indexing issue? In your case I'd upgrade to a newest 2.2.x version, and if the problem still happens, ask at OpenLDAP mailing lists, as it's a problem with OpenLDAP really, not with Samba. i know and already did that. but this list is good visited so i saw a chance to find someone with the same problems or more experience my old ldapservers run fine with ldbm. but there were only 30 users in the DIT - not comparable to our new ldapserver for >1000 users thx so far -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] high cpu load with 3.0.20b (not using ldap)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sebastian Held wrote: | Am Donnerstag, 20. Oktober 2005 16:49 schrieben Sie: |> Looks like and issue in the nscd client request. The getpwnam() lookup |> is happening because a client is trying to connect to |> \\server\colorlaser5quota and you have a [homes] section. |> |> Does this help you out? | | Thanks for your very fast response! For now I've shut down | nscd, lets have look if that helps... | I'm wondering why samba searches for a home dir, but | client requests a printer service? Is this intended? | May be I add the printer section again and disable it. It's by design. The order of searching for a matching share is (a) explicitly defined shares (b) if [homes] is defined, a matching username (c) if [printers] is defined, a matching printer name cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "There's an anonymous coward in all of us." --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDWOcqIR7qMdg1EfYRArUGAKCK/6WFvUBZonHwkFGzkZadfFWenACg8TqW /u7JbJbPZUdNiFqD34j2LPI= =5+qX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] usrmgr: group not found.
Hello Koenraad Lelong I am not sure if the command is correct. I did a fresh gentoo insallation and used the provided smb.conf.example file. This stuff is poorly documentated! Please let me know if you get it working. Best regards. Asbjørn Morell. On 10/21/05, Koenraad Lelong <[EMAIL PROTECTED]> wrote: > > Asbjørn Morell schreef: > > Hello. > > usrmgr gives me this error, if I try to create or modify a user: > > The group name could not be found. > > I can create and modify groups with no errors!. This is my smb.conf: > > > > [global] > ... > > addusertogroupscript = /usr/bin/gpasswd -a '%u' '%g' > ... > > deleteuserfromgroupscript = /usr/bin/gpasswd -d '%u' '%g' > ... > Are those commands OK ? man gpasswd say this command is to change the > group password (SuSE 9.3). I don't know (yet) what command has to be > used, but thanks to this post I can finally add users (with the same > error-message as you, but they are created !) and groups. > So, thanks for your smb.conf, that was a big step forward for me. > P.S. Shouldn't those commands (useradd, userdel, groupadd, groupdel > etc.) be mentioned in the By-Example book ? > Regards, > Koenraad Lelong > ACE electronics > -- Mvh Asbjørn Morell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.0.14a binaries for HP-UX-11.0
Hi, im looking for a binary package of samba with a libnss_winbind.1 for HP-UX-11.0 The depot files in http://de.samba.org/samba/ftp/Binary_Packages/hp/samba-3.0.14a look good, but there are these three requierements: OpenLdap 2.1.3 (http://hpux.cs.utah.edu) OpenSSL 0.9.7d (http://hpux.cs.utah.edu) LibIconv 1.9.2 (http://hpux.cs.utah.edu) I was unable to locate this Packages on the HP site. Can anybody point me to a location, where I can find these required files? Thanks, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] POLEDIT replacement?
On Fri, Oct 21, 2005 at 08:15:30AM +0200, [EMAIL PROTECTED] wrote: You can do everything you want with the poledit, but you must create the .pol file file by yourself. There is a tool named Policy Template Editor, which allows you to create any policy setting you want, if you know how to use the win registry. Can I create even some policies found only on local group policy editor in w2k pro? if You mean LGPO (running gpedit.msc from command line) - no, You can't, that's for AD only. they will work for You from gpedit.msc, but only locally if You mean several ADM files which can be found on Windows XP Pro for instance, look inside them, some of them will work only for AD (it's written inside ADMs) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: FW: [Samba] POLEDIT replacement?
On Fri, Oct 21, 2005 at 10:27:15AM +0200, Louis van Belle wrote: > get the latest custom samba template from here. > it's a must have.. ;-) > > its good to read this page. > http://www.pcc-services.com/custom_poledit.html > > direct link to the file. > http://www.pcc-services.com/files/winpoledit/custom.zip > > and your welkom, hope you like it. Thanks, I'm downloading it and checking it out. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Advices for Samba and OpenLDAP
Michael Gasch schrieb: hi list, we have some trouble with openldap (back-bdb) and samba. i think it's more a problem with openldap and bdb (http://www.openldap.org/lists/openldap-bugs/200510/msg00185.html) but i want to know something about your experiences with openldap in large enterprises. what are your settings for slapd and bdb? or is there a better backend for slapd than bdb? which software versions are you using? did you make changes to DB_CONFIG? we tortured slapd with a perl script (50 instances of it parallel) which reads ~1000 user passwords from slapd1 and writes it to another slapd (different host) with $ldap->modify. we can reproducable crash our ldap server or its backend with this script. but that should not happen - it's just a simple perl script :-/ We are running almost 30 OpenLDAP (2.2.20 nd 2.2.24) servers (masters, slaves). No weird behaviour so far (we didn't torture it though). The packages were taken either from the distribution, or from the "devel" tree of a distribution (if they were from a "devel", all we did was rpm --rebuild openldap...version.src.rpm). We are running a ldbm backend (so it doesn't need a DB_CONFIG file). In your case I'd upgrade to a newest 2.2.x version, and if the problem still happens, ask at OpenLDAP mailing lists, as it's a problem with OpenLDAP really, not with Samba. -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] POLEDIT replacement?
On Fri, Oct 21, 2005 at 08:15:30AM +0200, [EMAIL PROTECTED] wrote: > You can do everything you want with the poledit, but you must create the > .pol file file by yourself. There is a tool named Policy Template Editor, > which allows you to create any policy setting you want, if you know how > to use the win registry. Can I create even some policies found only on local group policy editor in w2k pro? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Advices for Samba and OpenLDAP
hi list, we have some trouble with openldap (back-bdb) and samba. i think it's more a problem with openldap and bdb (http://www.openldap.org/lists/openldap-bugs/200510/msg00185.html) but i want to know something about your experiences with openldap in large enterprises. what are your settings for slapd and bdb? or is there a better backend for slapd than bdb? which software versions are you using? did you make changes to DB_CONFIG? we tortured slapd with a perl script (50 instances of it parallel) which reads ~1000 user passwords from slapd1 and writes it to another slapd (different host) with $ldap->modify. we can reproducable crash our ldap server or its backend with this script. but that should not happen - it's just a simple perl script :-/ this happens when it crashes: Oct 21 10:39:06 ldapmaster2 slapd[17172]: bdb_modify: retrying... Oct 21 10:39:06 ldapmaster2 slapd[17172]: bdb(dc=eva,dc=mpg,dc=de): DB_TXN->abort: Log undo failed for LSN: 3 2173192: DB_NOTFOUND: No matching key/data pai r found Oct 21 10:39:06 ldapmaster2 slapd[17172]: bdb(dc=eva,dc=mpg,dc=de): PANIC: DB_NOTFOUND: No matching key/data pair found Oct 21 10:39:06 ldapmaster2 slapd[17172]: send_ldap_result: conn=16 op=10 p=3 Oct 21 10:39:06 ldapmaster2 slapd[17172]: send_ldap_response: msgid=13 tag=103 err=80 Oct 21 10:39:06 ldapmaster2 slapd[17172]: bdb(dc=eva,dc=mpg,dc=de): PANIC: fatal region error detected; run recovery Oct 21 10:39:06 ldapmaster2 slapd[17172]: bdb_cache_entry_db_relock: entry 552, rw 1, rc -30978 Oct 21 10:39:06 ldapmaster2 slapd[17172]: bdb(dc=eva,dc=mpg,dc=de): PANIC: fatal region error detected; run recovery Oct 21 10:39:06 ldapmaster2 slapd[17172]: bdb_modify: txn_commit failed: DB_RUNRECOVERY: Fatal error, run database recovery (-30978) Oct 21 10:39:06 ldapmaster2 slapd[17172]: send_ldap_result: conn=17 op=11 p=3 Oct 21 10:39:06 ldapmaster2 slapd[17172]: send_ldap_response: msgid=14 tag=103 err=80 after that we have to run db_recover to make it running again :( thx for your help in advance! i appreciate it! -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Fwd: Re: [Samba] usrmgr: group not found.]
I accidently sent this to Asbjorn instead of to the group. Apologies. Regards, Koenraad Lelong ACE electronics -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Chapter 10 "Active Directory, Kerberos, and Security" .
Hi all, I'm going on my tests and I've tried followings tasks: I have stop nmb smb winbind service. I have rm -f /etc/samba/secrets.tdb and /var/lib/samba*.tdb files. I have modified smb.conf file as I wanted to connect to NT4 server instead ADS so: netbios name = MILLX01 wins server = xxx socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE workgroup = GKNSMI #realm = SINTER.GKN.COM #security = ADS Security = DOMAIN #password server = xxx.sinter.gkn.com encrypt passwords = yes allow trusted domains = Yes winbind use default domain = Yes winbind separator = / winbind enum users = Yes winbind enum groups = yes ... I have joined samba box with: net rpc join -Uadm%***secret***. I have started nmbd smbd winbind again. Result: ACL works fine just as I expected! Anyway this is not the solution because I have an W3K ADS server that works like an NT4 server and it is possible only because W3K server works in mixed mode, but when It will works in native mode? I will have to change on security = ADS and Kerberos authentication. So I would ask you where is the problem? Is it in the Kerberos configuration? But kinit and others net ads tools seems works fine ... Please help me. Thanks. Marco. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Meli Marco Sent: giovedì 20 ottobre 2005 11.30 To: 'samba@lists.samba.org' Subject: [Samba] Chapter 10 "Active Directory, Kerberos, and Security". Hi all, Referred to Samba-3 by Example I don't have clear one point on Chapter 10 "Active Directory, Kerberos, and Security": How to set Windows 200x ACLs in 10.3.4.2 section you wrote at point 2: "Be very carefully. Many problems have been created by people who decided that Everyone should be rejected but one particular group should have full control. This is a catch-22 situation because members of that particular group also belong to the group Everyone, which therefore overrules any permissions set for the permitted group". So, about this matter I have some questions: I want to set ACL on my share as you said above not for a particular group but for a defined user. I have tried to set "Full Control" for this user to his personal folder and get off any permissions to "Everyone" group. The result is that the user cannot list his personal folder. Since it's clear what I should expect from my settings I would like to I ask you how can I set these ACLs to allow the user to list his folder, avoiding to others users to see them (Everyone). Also, why setting this rights on to samba box connected to an W3K ADS server in Chicago, ACL works as I expected, while when my samba box is replicated on my W3K ADS in Italy the behavior of ACL changes: In the first case each user can see personal's folder even if ACLs are "wrong" setted by me as I described above, while after replication the user login again to the same share and can't list his personal folder any more. I thougth the cause was probably due to some differences on both servers but they belong to the same realm and share the same policy, except that AD Chicago server is a normal pc while AD Italy server is a power edge 2500 with array controller (samba box with Suse9.2 is in Italy). Note: I've a mixed pc on my network but this problem persist only with W2K and XP workstation not with Win9X. Any help will be appreciated. I don't want to set a section share in smb.conf, for a particular user , I have only declared [data] share. Below my smb.conf file: [global] netbios name = MILLX01 os level = 16 wins server = xxx socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE workgroup = GKNSMI realm = SINTER.GKN.COM security = ADS password server = xxx.sinter.gkn.com encrypt passwords = yes allow trusted domains = Yes winbind use default domain = Yes winbind separator = / winbind enum users = Yes winbind enum groups = yes idmap uid = 1-10 idmap gid = 1-10 hide unreadable = Yes template homedir = /data/user/%U template shell = /bin/false use sendfile = No printer admin = xxx admin users = xxx log file = /var/log/samba/log.%m log level = 1 auth:5 sam:5 max log size = 50 printing = cups printcap name = cups load printers = Yes map acl inherit = Yes nt acl support = Yes client schannel = No [data] comment = %D Share path = /data read only = No create mask = 0775 security mask = 0777 force security mode = 0 directory mask = 0775 directory security mask = 0777 force directory security mode = 0 dos filetimes = Yes valid users = xxx Thanks a lot. Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from
Re: [Samba] Openldap for PDC
hi, [update] we couldn't fix it with my description (see last mail). i filed a bug report to the openldap list. btw: checkpointing didn't fix it for us greez [EMAIL PROTECTED] wrote: Hi all, I have the same problem, now I add in my slapd.conf a checkpoint directive and I'm waiting for the result. Do you have other suggest? Regards Michael Quoting Michael Gasch <[EMAIL PROTECTED]>: hi, we had the same issues with openldap backend and bdb as backend. sometimes the backend broke and we had to recover the bdb db. it seems to be an issue between openldap v2 + bdb 4.2 + DB_CONFIG + filesystem (now /var/lib/ldap is on a seperate partition and ext3) - currently this works for us greez Philip Washington wrote: I have been testing with openldap_2.2.13-2 and have experience on 2 occasions lockups where the ldap server does not respond (slapcat will just hang). I have upgraded to openldap_2.2.13-4. Is there a recommended version of openldap for SambaPDC? Does anyone have a system in production using openldap_2.2.13-2 or openldap_2.2.13-4? I'm currently using samba3-20b any recommendations for a production system would be welcome. -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba This message was sent using IMP, the Internet Messaging Program. -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Openldap for PDC
Hi all, I have the same problem, now I add in my slapd.conf a checkpoint directive and I'm waiting for the result. Do you have other suggest? Regards Michael Quoting Michael Gasch <[EMAIL PROTECTED]>: hi, we had the same issues with openldap backend and bdb as backend. sometimes the backend broke and we had to recover the bdb db. it seems to be an issue between openldap v2 + bdb 4.2 + DB_CONFIG + filesystem (now /var/lib/ldap is on a seperate partition and ext3) - currently this works for us greez Philip Washington wrote: I have been testing with openldap_2.2.13-2 and have experience on 2 occasions lockups where the ldap server does not respond (slapcat will just hang). I have upgraded to openldap_2.2.13-4. Is there a recommended version of openldap for SambaPDC? Does anyone have a system in production using openldap_2.2.13-2 or openldap_2.2.13-4? I'm currently using samba3-20b any recommendations for a production system would be welcome. -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Openldap for PDC
hi, we had the same issues with openldap backend and bdb as backend. sometimes the backend broke and we had to recover the bdb db. it seems to be an issue between openldap v2 + bdb 4.2 + DB_CONFIG + filesystem (now /var/lib/ldap is on a seperate partition and ext3) - currently this works for us greez Philip Washington wrote: I have been testing with openldap_2.2.13-2 and have experience on 2 occasions lockups where the ldap server does not respond (slapcat will just hang). I have upgraded to openldap_2.2.13-4. Is there a recommended version of openldap for SambaPDC? Does anyone have a system in production using openldap_2.2.13-2 or openldap_2.2.13-4? I'm currently using samba3-20b any recommendations for a production system would be welcome. -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
FW: [Samba] POLEDIT replacement?
only 1 thing, get the latest custom samba template from here. it's a must have.. ;-) its good to read this page. http://www.pcc-services.com/custom_poledit.html direct link to the file. http://www.pcc-services.com/files/winpoledit/custom.zip and your welkom, hope you like it. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 21 oktober 2005 10:19 Aan: Louis van Belle CC: samba@lists.samba.org; [EMAIL PROTECTED] Onderwerp: RE: [Samba] POLEDIT replacement? I agrre with that. I've downloaded izt my self. Very nice. :)) "Louis van Belle" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 21.10.2005 10:08 To cc Subject RE: [Samba] POLEDIT replacement? Yes, very sure, i checked it my self, it's hosted on a 100Mb server :D so if you can get is Fast ;-) Louis >-Oorspronkelijk bericht- >Van: Craig White [mailto:[EMAIL PROTECTED] >Verzonden: vrijdag 21 oktober 2005 9:50 >Aan: Louis van Belle >CC: samba@lists.samba.org >Onderwerp: RE: [Samba] POLEDIT replacement? > >On Fri, 2005-10-21 at 09:33 +0200, Louis van Belle wrote: >> and if you dont want to search here's a link >> with a complete packages of policies, tools, >> examples etc etc. >> >> http://www.ratio-benelux.nl/sambaldap.rar.gz >> >> Louis > >are you sure that you have put in the correct link? > >Craig > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File remains locked on samba server after client crashed
Hello experts, we have encountered this problem several times with different samba versions (3.0.20b now) and need a solution now which works without restarting the samba server: sometimes when a client crashes for whatever reason while it has a file on the samba server opened, this file cannot be opened for writing after the client has rebootet. The locking entry is then associated with a nonexistent pid. What's the cause of this problem? How can we make this file r/w accessible again without restart of the samba server (and deletion of the locking.tdb file)? Thanks in advance! Christoph -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [Possible BUG] Samba v3.0.20b and permissions POSIX/Samba
well, "map read only = no" did the trick in 3.0.21pre1 that's good to know :) thx Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Gasch wrote: hi&big thx jerry, two questions remain: 1) i'm using "store dos attributes" so (a)/(b) do not apply for me? If you are using 'store dos attributes = yes' but have not specifically set any attributes on that file, then the alternatives I mentioned still apply. 2) 'map read only = yes' should give you 3.0.14a behavior. -> according to the docs wouldn't "map read only = Permissions or No" give the <3.0.20 behaviour? oh yeah. I forgot that jeremy decided to make it an enumerated type rather than a boolean. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "There's an anonymous coward in all of us." --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDV7A1IR7qMdg1EfYRAmrsAKCI2+CieqrmjZ3xPGdaJWCDhaNV7QCdHP5/ Me8fc5JDzBf192BMiGJCLqU= =bn0X -END PGP SIGNATURE- -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Virtual directory on Win XP, IIS 5.1, Samba 3.0.7
I have a samba share mapped to a virtual directory on a Win Xp machine, which runs a Web Service. I want to make this directory browsable via the web service, without any user logged on the web server machine. The problem is that the directory is only browsable when a user is logged on to the machine running the web service. Also, the directory can only be browsed from the web server machine itself (using http://localhost/MyDir, http://123.123.123.123/MyDir won't work) Is there a way to get around this? -- ___ Play 100s of games for FREE! http://games.mail.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] POLEDIT replacement?
I agrre with that. I've downloaded izt my self. Very nice. :)) "Louis van Belle" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 21.10.2005 10:08 To cc Subject RE: [Samba] POLEDIT replacement? Yes, very sure, i checked it my self, it's hosted on a 100Mb server :D so if you can get is Fast ;-) Louis >-Oorspronkelijk bericht- >Van: Craig White [mailto:[EMAIL PROTECTED] >Verzonden: vrijdag 21 oktober 2005 9:50 >Aan: Louis van Belle >CC: samba@lists.samba.org >Onderwerp: RE: [Samba] POLEDIT replacement? > >On Fri, 2005-10-21 at 09:33 +0200, Louis van Belle wrote: >> and if you dont want to search here's a link >> with a complete packages of policies, tools, >> examples etc etc. >> >> http://www.ratio-benelux.nl/sambaldap.rar.gz >> >> Louis > >are you sure that you have put in the correct link? > >Craig > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] POLEDIT replacement?
Yes, very sure, i checked it my self, it's hosted on a 100Mb server :D so if you can get is Fast ;-) Louis >-Oorspronkelijk bericht- >Van: Craig White [mailto:[EMAIL PROTECTED] >Verzonden: vrijdag 21 oktober 2005 9:50 >Aan: Louis van Belle >CC: samba@lists.samba.org >Onderwerp: RE: [Samba] POLEDIT replacement? > >On Fri, 2005-10-21 at 09:33 +0200, Louis van Belle wrote: >> and if you dont want to search here's a link >> with a complete packages of policies, tools, >> examples etc etc. >> >> http://www.ratio-benelux.nl/sambaldap.rar.gz >> >> Louis > >are you sure that you have put in the correct link? > >Craig > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] POLEDIT replacement?
On Fri, 2005-10-21 at 09:33 +0200, Louis van Belle wrote: > and if you dont want to search here's a link > with a complete packages of policies, tools, > examples etc etc. > > http://www.ratio-benelux.nl/sambaldap.rar.gz > > Louis are you sure that you have put in the correct link? Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] POLEDIT replacement?
and if you dont want to search here's a link with a complete packages of policies, tools, examples etc etc. http://www.ratio-benelux.nl/sambaldap.rar.gz Louis >-Oorspronkelijk bericht- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] >Namens [EMAIL PROTECTED] >Verzonden: vrijdag 21 oktober 2005 8:16 >Aan: Andreas >CC: samba@lists.samba.org; >[EMAIL PROTECTED] >Onderwerp: Re: [Samba] POLEDIT replacement? > >You can do everything you want with the poledit, but you must >create the >.pol file file by yourself. There is a tool named Policy >Template Editor, >which allows you to create any policy setting you want, if >you know how >to use the win registry. > > > > > >Andreas <[EMAIL PROTECTED]> >Sent by: [EMAIL PROTECTED] >21.10.2005 02:08 > >To >samba@lists.samba.org >cc > >Subject >[Samba] POLEDIT replacement? > > > > > > >I've been reading about policies and the documentation says to grab >poledit.exe from the NT SP6a file. > >There are many policy settings that are not available via this tool. >Isn't there something newer that could be used to create the .pol file >needed by samba to implement policies? Or will this only be available >with samba4? > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migration from Windows 2003 server to samba 3
Hi all I have windows 2003 server with Active directory users , there are about 500 users. I have an Linux Server with Redhat Enterprise Linux Advanced server 3 With samba 3.0 installed in . I would like to migrate all active directory users to samba 3.0 making it a primary domain controller and shut down the Windows system. But I would like to know, how do I migrate users passwords from Active directory to samba 3.0. I would like to retain the same username and Passwords as in windows. So how do get the passwords from windows to samba 3.0 Regards Niranjan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
